Encapsulate groups config in the source package

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2019-09-24 13:12:11 +0300
committer: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2019-09-24 13:17:46 +0300
commit: 83376dd5016d918e579342d935c18ad2002c1dca (patch)
tree: 004ab0eb1579570618bf8721a183e5e3001a5038 /internal/auth
parent: 602eb300822f23e65c8e961111d8b16096158285 (diff)
2 files changed, 17 insertions, 18 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 154d86da..95a26250 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -11,7 +11,6 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
-	"sync"
 	"time"
 
 	"github.com/gorilla/securecookie"
@@ -22,7 +21,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httperrors"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httptransport"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/request"
-	"gitlab.com/gitlab-org/gitlab-pages/internal/source/dirs"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/source"
 
 	"golang.org/x/crypto/hkdf"
 )
@@ -108,7 +107,7 @@ func (a *Auth) checkSession(w http.ResponseWriter, r *http.Request) (*sessions.S
 }
 
 // TryAuthenticate tries to authenticate user and fetch access token if request is a callback to auth
-func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request, dm dirs.Map, lock *sync.RWMutex) bool {
+func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request, domains *source.Domains) bool {
 
 	if a == nil {
 		return false
@@ -126,7 +125,7 @@ func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request, dm dirs.M
 
 	logRequest(r).Info("Receive OAuth authentication callback")
 
-	if a.handleProxyingAuth(session, w, r, dm, lock) {
+	if a.handleProxyingAuth(session, w, r, domains) {
 		return true
 	}
 
@@ -200,16 +199,17 @@ func (a *Auth) checkAuthenticationResponse(session *sessions.Session, w http.Res
 	http.Redirect(w, r, redirectURI, 302)
 }
 
-func (a *Auth) domainAllowed(domain string, dm dirs.Map, lock *sync.RWMutex) bool {
-	lock.RLock()
-	defer lock.RUnlock()
+func (a *Auth) domainAllowed(domain string, domains *source.Domains) bool {
+	domainConfigured := (domain == a.pagesDomain) || strings.HasSuffix("."+domain, a.pagesDomain)
 
-	domain = strings.ToLower(domain)
-	_, present := dm[domain]
-	return domain == a.pagesDomain || strings.HasSuffix("."+domain, a.pagesDomain) || present
+	if domainConfigured {
+		return true
+	}
+
+	return domains.HasDomain(domain)
 }
 
-func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWriter, r *http.Request, dm dirs.Map, lock *sync.RWMutex) bool {
+func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWriter, r *http.Request, domains *source.Domains) bool {
 	// If request is for authenticating via custom domain
 	if shouldProxyAuth(r) {
 		domain := r.URL.Query().Get("domain")
@@ -228,7 +228,7 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit
 			host = proxyurl.Host
 		}
 
-		if !a.domainAllowed(host, dm, lock) {
+		if !a.domainAllowed(host, domains) {
 			logRequest(r).WithField("domain", host).Warn("Domain is not configured")
 			httperrors.Serve401(w)
 			return true
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index 8102a5d1..e8ff5e94 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -5,14 +5,13 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
-	"sync"
 	"testing"
 
 	"github.com/gorilla/sessions"
 	"github.com/stretchr/testify/require"
 
 	"gitlab.com/gitlab-org/gitlab-pages/internal/request"
-	"gitlab.com/gitlab-org/gitlab-pages/internal/source/dirs"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/source"
 )
 
 func createAuth(t *testing.T) *Auth {
@@ -55,7 +54,7 @@ func TestTryAuthenticate(t *testing.T) {
 	require.NoError(t, err)
 	r := request.WithHTTPSFlag(&http.Request{URL: reqURL}, true)
 
-	require.Equal(t, false, auth.TryAuthenticate(result, r, make(dirs.Map), &sync.RWMutex{}))
+	require.Equal(t, false, auth.TryAuthenticate(result, r, new(source.Domains)))
 }
 
 func TestTryAuthenticateWithError(t *testing.T) {
@@ -66,7 +65,7 @@ func TestTryAuthenticateWithError(t *testing.T) {
 	require.NoError(t, err)
 	r := request.WithHTTPSFlag(&http.Request{URL: reqURL}, true)
 
-	require.Equal(t, true, auth.TryAuthenticate(result, r, make(dirs.Map), &sync.RWMutex{}))
+	require.Equal(t, true, auth.TryAuthenticate(result, r, new(source.Domains)))
 	require.Equal(t, 401, result.Code)
 }
 
@@ -83,7 +82,7 @@ func TestTryAuthenticateWithCodeButInvalidState(t *testing.T) {
 	session.Values["state"] = "state"
 	session.Save(r, result)
 
-	require.Equal(t, true, auth.TryAuthenticate(result, r, make(dirs.Map), &sync.RWMutex{}))
+	require.Equal(t, true, auth.TryAuthenticate(result, r, new(source.Domains)))
 	require.Equal(t, 401, result.Code)
 }
 
@@ -123,7 +122,7 @@ func testTryAuthenticateWithCodeAndState(t *testing.T, https bool) {
 	})
 
 	result := httptest.NewRecorder()
-	require.Equal(t, true, auth.TryAuthenticate(result, r, make(dirs.Map), &sync.RWMutex{}))
+	require.Equal(t, true, auth.TryAuthenticate(result, r, new(source.Domains)))
 	require.Equal(t, 302, result.Code)
 	require.Equal(t, "https://pages.gitlab-example.com/project/", result.Header().Get("Location"))
 	require.Equal(t, 600, result.Result().Cookies()[0].MaxAge)
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2019-09-24 13:12:11 +0300
committer	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2019-09-24 13:17:46 +0300
commit	83376dd5016d918e579342d935c18ad2002c1dca (patch)
tree	004ab0eb1579570618bf8721a183e5e3001a5038 /internal/auth
parent	602eb300822f23e65c8e961111d8b16096158285 (diff)