authorizer/server/validators/url.go

package validators

import (
	"regexp"
	"strings"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/parsers"
)

// IsValidOrigin validates origin based on ALLOWED_ORIGINS
func IsValidOrigin(url string) bool {
	allowedOriginsString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAllowedOrigins)
	allowedOrigins := []string{}
	if err != nil {
		allowedOrigins = []string{"*"}
	} else {
		allowedOrigins = strings.Split(allowedOriginsString, ",")
	}
	if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" {
		return true
	}

	hasValidURL := false
	hostName, port := parsers.GetHostParts(url)
	currentOrigin := hostName + ":" + port

	for _, origin := range allowedOrigins {
		replacedString := origin
		// if has regex whitelisted domains
		if strings.Contains(origin, "*") {
			replacedString = strings.ReplaceAll(origin, ".", "\\.")
			replacedString = strings.ReplaceAll(replacedString, "*", ".*")

			if strings.HasPrefix(replacedString, ".*") {
				replacedString += "\\b"
			}

			if strings.HasSuffix(replacedString, ".*") {
				replacedString = "\\b" + replacedString
			}
		}

		if matched, _ := regexp.MatchString(replacedString, currentOrigin); matched {
			hasValidURL = true
			break
		}
	}

	return hasValidURL
}
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`package validators`

			`import (`
			`"regexp"`
			`"strings"`

			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/memorystore"`
			`"github.com/authorizerdev/authorizer/server/parsers"`
			`)`

			`// IsValidOrigin validates origin based on ALLOWED_ORIGINS`
			`func IsValidOrigin(url string) bool {`
fix: slice envs 2022-05-31 02:44:03 +00:00			`allowedOriginsString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAllowedOrigins)`
			`allowedOrigins := []string{}`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`if err != nil {`
			`allowedOrigins = []string{"*"}`
fix: slice envs 2022-05-31 02:44:03 +00:00			`} else {`
			`allowedOrigins = strings.Split(allowedOriginsString, ",")`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`}`
			`if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" {`
			`return true`
			`}`

			`hasValidURL := false`
			`hostName, port := parsers.GetHostParts(url)`
			`currentOrigin := hostName + ":" + port`

			`for _, origin := range allowedOrigins {`
			`replacedString := origin`
			`// if has regex whitelisted domains`
			`if strings.Contains(origin, "*") {`
fix: use replace all 2022-08-31 05:32:46 +00:00			`replacedString = strings.ReplaceAll(origin, ".", "\\.")`
			`replacedString = strings.ReplaceAll(replacedString, "", ".")`
fix: import cycle issues 2022-05-30 06:24:16 +00:00
			`if strings.HasPrefix(replacedString, ".*") {`
			`replacedString += "\\b"`
			`}`

			`if strings.HasSuffix(replacedString, ".*") {`
			`replacedString = "\\b" + replacedString`
			`}`
			`}`

			`if matched, _ := regexp.MatchString(replacedString, currentOrigin); matched {`
			`hasValidURL = true`
			`break`
			`}`
			`}`

			`return hasValidURL`
			`}`