internal/outpost: improve logging and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2393
This commit is contained in:
parent
fb60cefb72
commit
6fdf3ad3e5
|
@ -123,8 +123,9 @@ func (a *Application) IsAllowlisted(u *url.URL) bool {
|
|||
} else {
|
||||
testString = u.String()
|
||||
}
|
||||
a.log.WithField("regex", u.String()).WithField("url", testString).Trace("Matching URL against allow list")
|
||||
if ur.MatchString(testString) {
|
||||
match := ur.MatchString(testString)
|
||||
a.log.WithField("match", match).WithField("regex", ur.String()).WithField("url", testString).Trace("Matching URL against allow list")
|
||||
if match {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
package application
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"regexp"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"goauthentik.io/api"
|
||||
)
|
||||
|
||||
func urlMustParse(u string) *url.URL {
|
||||
ur, err := url.Parse(u)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return ur
|
||||
}
|
||||
|
||||
func TestIsAllowlisted_Proxy_Single(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr()
|
||||
|
||||
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
|
||||
a.UnauthenticatedRegex = []*regexp.Regexp{
|
||||
regexp.MustCompile("^/foo"),
|
||||
}
|
||||
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
||||
}
|
||||
|
||||
func TestIsAllowlisted_Proxy_Domain(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
|
||||
|
||||
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
|
||||
a.UnauthenticatedRegex = []*regexp.Regexp{
|
||||
regexp.MustCompile("^/foo"),
|
||||
}
|
||||
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
||||
a.UnauthenticatedRegex = []*regexp.Regexp{
|
||||
regexp.MustCompile("^http://some-host/foo"),
|
||||
}
|
||||
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
||||
a.UnauthenticatedRegex = []*regexp.Regexp{
|
||||
regexp.MustCompile("https://health.domain.tld/ping/*"),
|
||||
}
|
||||
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
||||
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("https://health.domain.tld/")))
|
||||
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("https://health.domain.tld/ping/qq")))
|
||||
}
|
Reference in New Issue