Merge branch 'backstage/gb/separate-domain-source-storage' into 'master'

Separate domain config source See merge request gitlab-org/gitlab-pages!188
author: Nick Thomas <nick@gitlab.com> 2019-10-02 15:56:37 +0300
committer: Nick Thomas <nick@gitlab.com> 2019-10-02 15:56:37 +0300
commit: 9943255d61c5646f6cf9e1a8a03e4a2dc19831f5 (patch)
tree: 70632128b0eb0b7decaca56604cc5e46fb6e8183 /internal/auth
parent: 77c1fd80fe2e7e6e25b038b720a47df7d7c7f374 (diff)
parent: f56d97f90b9bb67a242a1811bc6efa3592ac9f8a (diff)
2 files changed, 17 insertions, 18 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 5b85a44e..2e8473b4 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -11,7 +11,6 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
-	"sync"
 	"time"
 
 	"github.com/gorilla/securecookie"
@@ -19,10 +18,10 @@ import (
 	log "github.com/sirupsen/logrus"
 	"gitlab.com/gitlab-org/labkit/errortracking"
 
-	"gitlab.com/gitlab-org/gitlab-pages/internal/domain"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httperrors"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httptransport"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/request"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/source"
 
 	"golang.org/x/crypto/hkdf"
 )
@@ -108,7 +107,7 @@ func (a *Auth) checkSession(w http.ResponseWriter, r *http.Request) (*sessions.S
 }
 
 // TryAuthenticate tries to authenticate user and fetch access token if request is a callback to auth
-func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request, dm domain.Map, lock *sync.RWMutex) bool {
+func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request, domains *source.Domains) bool {
 
 	if a == nil {
 		return false
@@ -126,7 +125,7 @@ func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request, dm domain
 
 	logRequest(r).Info("Receive OAuth authentication callback")
 
-	if a.handleProxyingAuth(session, w, r, dm, lock) {
+	if a.handleProxyingAuth(session, w, r, domains) {
 		return true
 	}
 
@@ -200,16 +199,17 @@ func (a *Auth) checkAuthenticationResponse(session *sessions.Session, w http.Res
 	http.Redirect(w, r, redirectURI, 302)
 }
 
-func (a *Auth) domainAllowed(domain string, dm domain.Map, lock *sync.RWMutex) bool {
-	lock.RLock()
-	defer lock.RUnlock()
+func (a *Auth) domainAllowed(domain string, domains *source.Domains) bool {
+	domainConfigured := (domain == a.pagesDomain) || strings.HasSuffix("."+domain, a.pagesDomain)
 
-	domain = strings.ToLower(domain)
-	_, present := dm[domain]
-	return domain == a.pagesDomain || strings.HasSuffix("."+domain, a.pagesDomain) || present
+	if domainConfigured {
+		return true
+	}
+
+	return domains.HasDomain(domain)
 }
 
-func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWriter, r *http.Request, dm domain.Map, lock *sync.RWMutex) bool {
+func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWriter, r *http.Request, domains *source.Domains) bool {
 	// If request is for authenticating via custom domain
 	if shouldProxyAuth(r) {
 		domain := r.URL.Query().Get("domain")
@@ -228,7 +228,7 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit
 			host = proxyurl.Host
 		}
 
-		if !a.domainAllowed(host, dm, lock) {
+		if !a.domainAllowed(host, domains) {
 			logRequest(r).WithField("domain", host).Warn("Domain is not configured")
 			httperrors.Serve401(w)
 			return true
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index 6ab5739f..c082cfdf 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -7,14 +7,13 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
-	"sync"
 	"testing"
 
 	"github.com/gorilla/sessions"
 	"github.com/stretchr/testify/require"
 
-	"gitlab.com/gitlab-org/gitlab-pages/internal/domain"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/request"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/source"
 )
 
 func createAuth(t *testing.T) *Auth {
@@ -57,7 +56,7 @@ func TestTryAuthenticate(t *testing.T) {
 	require.NoError(t, err)
 	r := request.WithHTTPSFlag(&http.Request{URL: reqURL}, true)
 
-	require.Equal(t, false, auth.TryAuthenticate(result, r, make(domain.Map), &sync.RWMutex{}))
+	require.Equal(t, false, auth.TryAuthenticate(result, r, source.NewDomains()))
 }
 
 func TestTryAuthenticateWithError(t *testing.T) {
@@ -68,7 +67,7 @@ func TestTryAuthenticateWithError(t *testing.T) {
 	require.NoError(t, err)
 	r := request.WithHTTPSFlag(&http.Request{URL: reqURL}, true)
 
-	require.Equal(t, true, auth.TryAuthenticate(result, r, make(domain.Map), &sync.RWMutex{}))
+	require.Equal(t, true, auth.TryAuthenticate(result, r, source.NewDomains()))
 	require.Equal(t, 401, result.Code)
 }
 
@@ -85,7 +84,7 @@ func TestTryAuthenticateWithCodeButInvalidState(t *testing.T) {
 	session.Values["state"] = "state"
 	session.Save(r, result)
 
-	require.Equal(t, true, auth.TryAuthenticate(result, r, make(domain.Map), &sync.RWMutex{}))
+	require.Equal(t, true, auth.TryAuthenticate(result, r, source.NewDomains()))
 	require.Equal(t, 401, result.Code)
 }
 
@@ -125,7 +124,7 @@ func testTryAuthenticateWithCodeAndState(t *testing.T, https bool) {
 	})
 
 	result := httptest.NewRecorder()
-	require.Equal(t, true, auth.TryAuthenticate(result, r, make(domain.Map), &sync.RWMutex{}))
+	require.Equal(t, true, auth.TryAuthenticate(result, r, source.NewDomains()))
 	require.Equal(t, 302, result.Code)
 	require.Equal(t, "https://pages.gitlab-example.com/project/", result.Header().Get("Location"))
 	require.Equal(t, 600, result.Result().Cookies()[0].MaxAge)
author	Nick Thomas <nick@gitlab.com>	2019-10-02 15:56:37 +0300
committer	Nick Thomas <nick@gitlab.com>	2019-10-02 15:56:37 +0300
commit	9943255d61c5646f6cf9e1a8a03e4a2dc19831f5 (patch)
tree	70632128b0eb0b7decaca56604cc5e46fb6e8183 /internal/auth
parent	77c1fd80fe2e7e6e25b038b720a47df7d7c7f374 (diff)
parent	f56d97f90b9bb67a242a1811bc6efa3592ac9f8a (diff)