diff --git a/director/director_test.go b/director/director_test.go index 31b62c3382..35d29aeafe 100644 --- a/director/director_test.go +++ b/director/director_test.go @@ -40,14 +40,14 @@ func TestProxy(t *testing.T) { proxy := httptest.NewServer(&httputil.ReverseProxy{Director: d.Director, Transport: d}) defer proxy.Close() - publicRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPath: mustCompileRegex(t, "/users/[0-9]+"), AllowAnonymous: true} - disabledRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPath: mustCompileRegex(t, "/users/[0-9]+"), BypassAuthorization: true} + publicRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPathCompiled: mustCompileRegex(t, "/users/[0-9]+"), AllowAnonymous: true} + disabledRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPathCompiled: mustCompileRegex(t, "/users/[0-9]+"), BypassAuthorization: true} privateRule := rule.Rule{ - MatchesMethods: []string{"GET"}, - MatchesPath: mustCompileRegex(t, "/users/([0-9]+)"), - RequiredResource: "users:$1", - RequiredAction: "get:$1", - RequiredScopes: []string{"users.create"}, + MatchesMethods: []string{"GET"}, + MatchesPathCompiled: mustCompileRegex(t, "/users/([0-9]+)"), + RequiredResource: "users:$1", + RequiredAction: "get:$1", + RequiredScopes: []string{"users.create"}, } for k, tc := range []struct { diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 6f60b96ca5..07d93c02de 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -273,7 +273,7 @@ "x-go-name": "MatchesMethods" }, "matchesPath": { - "description": "MatchesPath is a regular expression of paths this rule matches.", + "description": "MatchesPathCompiled is a regular expression of paths this rule matches.", "type": "string", "x-go-name": "MatchesPath" }, diff --git a/evaluator/evaluator_test.go b/evaluator/evaluator_test.go index 819aa92106..4a62e679d3 100644 --- a/evaluator/evaluator_test.go +++ b/evaluator/evaluator_test.go @@ -31,28 +31,28 @@ func mustGenerateURL(t *testing.T, u string) *url.URL { func TestEvaluator(t *testing.T) { we := NewWardenEvaluator(nil, nil, nil) - publicRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPath: mustCompileRegex(t, "/users/<[0-9]+>"), AllowAnonymous: true} - bypassACPRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPath: mustCompileRegex(t, "/users/<[0-9]+>"), BypassAccessControlPolicies: true} + publicRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPathCompiled: mustCompileRegex(t, "/users/<[0-9]+>"), AllowAnonymous: true} + bypassACPRule := rule.Rule{MatchesMethods: []string{"GET"}, MatchesPathCompiled: mustCompileRegex(t, "/users/<[0-9]+>"), BypassAccessControlPolicies: true} privateRuleWithSubstitution := rule.Rule{ - MatchesMethods: []string{"POST"}, - MatchesPath: mustCompileRegex(t, "/users/<[0-9]+>"), - RequiredResource: "users:$1", - RequiredAction: "get:$1", - RequiredScopes: []string{"users.create"}, + MatchesMethods: []string{"POST"}, + MatchesPathCompiled: mustCompileRegex(t, "/users/<[0-9]+>"), + RequiredResource: "users:$1", + RequiredAction: "get:$1", + RequiredScopes: []string{"users.create"}, } privateRuleWithoutSubstitution := rule.Rule{ - MatchesMethods: []string{"POST"}, - MatchesPath: mustCompileRegex(t, "/users<$|/([0-9]+)>"), - RequiredResource: "users", - RequiredAction: "get", - RequiredScopes: []string{"users.create"}, + MatchesMethods: []string{"POST"}, + MatchesPathCompiled: mustCompileRegex(t, "/users<$|/([0-9]+)>"), + RequiredResource: "users", + RequiredAction: "get", + RequiredScopes: []string{"users.create"}, } privateRuleWithPartialSubstitution := rule.Rule{ - MatchesMethods: []string{"POST"}, - MatchesPath: mustCompileRegex(t, "/users<$|/([0-9]+)>"), - RequiredResource: "users:$2", - RequiredAction: "get", - RequiredScopes: []string{"users.create"}, + MatchesMethods: []string{"POST"}, + MatchesPathCompiled: mustCompileRegex(t, "/users<$|/([0-9]+)>"), + RequiredResource: "users:$2", + RequiredAction: "get", + RequiredScopes: []string{"users.create"}, } for k, tc := range []struct { diff --git a/evaluator/evaluator_warden.go b/evaluator/evaluator_warden.go index e7569ad872..4df25b95c3 100644 --- a/evaluator/evaluator_warden.go +++ b/evaluator/evaluator_warden.go @@ -132,8 +132,8 @@ func (d *WardenEvaluator) EvaluateAccessRequest(r *http.Request) (*Session, erro func (d *WardenEvaluator) prepareAccessRequests(r *http.Request, token string, rl *rule.Rule) swagger.WardenTokenAccessRequest { return swagger.WardenTokenAccessRequest{ Scopes: rl.RequiredScopes, - Action: rl.MatchesPath.ReplaceAllString(r.URL.Path, rl.RequiredAction), - Resource: rl.MatchesPath.ReplaceAllString(r.URL.Path, rl.RequiredResource), + Action: rl.MatchesPathCompiled.ReplaceAllString(r.URL.Path, rl.RequiredAction), + Resource: rl.MatchesPathCompiled.ReplaceAllString(r.URL.Path, rl.RequiredResource), Token: token, Context: map[string]interface{}{ "remoteIpAddress": realip.RealIP(r), diff --git a/rule/doc.go b/rule/doc.go index 110d9da089..214b356f72 100644 --- a/rule/doc.go +++ b/rule/doc.go @@ -50,7 +50,7 @@ type jsonRule struct { // MatchesMethods is a list of HTTP methods that this rule matches. MatchesMethods []string `json:"matchesMethods"` - // MatchesPath is a regular expression of paths this rule matches. + // MatchesPathCompiled is a regular expression of paths this rule matches. MatchesPath string `json:"matchesPath"` // RequiredScopes is a list of scopes that are required by this rule. diff --git a/rule/handler.go b/rule/handler.go index 85d51ebcc8..823391e4d1 100644 --- a/rule/handler.go +++ b/rule/handler.go @@ -205,7 +205,8 @@ func toRule(rule *jsonRule) (*Rule, error) { return &Rule{ ID: rule.ID, - MatchesPath: exp, + MatchesPathCompiled: exp, + MatchesPath: rule.MatchesPath, MatchesMethods: rule.MatchesMethods, RequiredScopes: rule.RequiredScopes, RequiredAction: rule.RequiredAction, @@ -220,7 +221,7 @@ func toRule(rule *jsonRule) (*Rule, error) { func encodeRule(r *Rule) *jsonRule { return &jsonRule{ ID: r.ID, - MatchesPath: r.MatchesPath.String(), + MatchesPath: r.MatchesPath, MatchesMethods: r.MatchesMethods, RequiredScopes: r.RequiredScopes, RequiredAction: r.RequiredAction, diff --git a/rule/manager_sql.go b/rule/manager_sql.go index abbdede008..ccb4ad4b7e 100644 --- a/rule/manager_sql.go +++ b/rule/manager_sql.go @@ -44,7 +44,8 @@ func (r *sqlRule) toRule() (*Rule, error) { return &Rule{ ID: r.ID, MatchesMethods: methods, - MatchesPath: exp, + MatchesPathCompiled: exp, + MatchesPath: r.MatchesPath, RequiredScopes: scopes, RequiredAction: r.RequiredAction, RequiredResource: r.RequiredResource, @@ -59,7 +60,7 @@ func toSqlRule(r *Rule) *sqlRule { return &sqlRule{ ID: r.ID, MatchesMethods: strings.Join(r.MatchesMethods, " "), - MatchesPath: r.MatchesPath.String(), + MatchesPath: r.MatchesPath, RequiredScopes: strings.Join(r.RequiredScopes, " "), RequiredAction: r.RequiredAction, RequiredResource: r.RequiredResource, diff --git a/rule/manager_test.go b/rule/manager_test.go index d5e77dc16e..a702817dfc 100644 --- a/rule/manager_test.go +++ b/rule/manager_test.go @@ -50,18 +50,20 @@ func TestManagers(t *testing.T) { for k, manager := range managers { r1 := Rule{ - ID: "foo1", - Description: "Create users rule", - MatchesPath: mustCompileRegex(t, "/users/([0-9]+)"), - MatchesMethods: []string{"POST"}, - RequiredResource: "users:$1", - RequiredAction: "create:$1", - RequiredScopes: []string{"users.create"}, + ID: "foo1", + Description: "Create users rule", + MatchesPathCompiled: mustCompileRegex(t, "/users/([0-9]+)"), + MatchesPath: "/users/([0-9]+)", + MatchesMethods: []string{"POST"}, + RequiredResource: "users:$1", + RequiredAction: "create:$1", + RequiredScopes: []string{"users.create"}, } r2 := Rule{ ID: "foo2", Description: "Get users rule", - MatchesPath: mustCompileRegex(t, "/users/([0-9]+)"), + MatchesPathCompiled: mustCompileRegex(t, "/users/([0-9]+)"), + MatchesPath: "/users/([0-9]+)", MatchesMethods: []string{"GET"}, AllowAnonymous: true, RequiredScopes: []string{}, diff --git a/rule/matcher_test.go b/rule/matcher_test.go index 5d0a1f548d..2a5ddca64f 100644 --- a/rule/matcher_test.go +++ b/rule/matcher_test.go @@ -21,12 +21,12 @@ func generateDummyRules(amount int) []Rule { for i := 0; i < amount; i++ { exp, _ := compiler.CompileRegex(expressions[(i%(len(expressions)))]+"([0-"+strconv.Itoa(i)+"]+)", '<', '>') rules[i] = Rule{ - ID: strconv.Itoa(i), - MatchesMethods: methods[:i%(len(methods))], - RequiredScopes: scopes[:i%(len(scopes))], - RequiredAction: actions[i%(len(actions))], - RequiredResource: resources[i%(len(resources))], - MatchesPath: exp, + ID: strconv.Itoa(i), + MatchesMethods: methods[:i%(len(methods))], + RequiredScopes: scopes[:i%(len(scopes))], + RequiredAction: actions[i%(len(actions))], + RequiredResource: resources[i%(len(resources))], + MatchesPathCompiled: exp, } } return rules diff --git a/rule/rule.go b/rule/rule.go index 5716f9f801..fce02afad1 100644 --- a/rule/rule.go +++ b/rule/rule.go @@ -16,8 +16,11 @@ type Rule struct { // MatchesMethods is a list of HTTP methods that this rule matches. MatchesMethods []string + // MatchesPathCompiled is a regular expression of paths this rule matches. + MatchesPathCompiled *regexp.Regexp + // MatchesPath is a regular expression of paths this rule matches. - MatchesPath *regexp.Regexp + MatchesPath string // RequiredScopes is a list of scopes that are required by this rule. RequiredScopes []string @@ -46,8 +49,8 @@ func (r *Rule) MatchesURL(method string, u *url.URL) error { return errors.Errorf("Method %s does not match any of %v", method, r.MatchesMethods) } - if !r.MatchesPath.MatchString(u.Path) { - return errors.Errorf("Path %s does not match %s", u.Path, r.MatchesPath.String()) + if !r.MatchesPathCompiled.MatchString(u.Path) { + return errors.Errorf("Path %s does not match %s", u.Path, r.MatchesPath) } return nil diff --git a/sdk/swagger/docs/Rule.md b/sdk/swagger/docs/Rule.md index e4c2961a8c..75e3c30dc2 100644 --- a/sdk/swagger/docs/Rule.md +++ b/sdk/swagger/docs/Rule.md @@ -9,7 +9,7 @@ Name | Type | Description | Notes **Description** | **string** | Description describes the rule. | [optional] [default to null] **Id** | **string** | ID the a unique id of a rule. | [optional] [default to null] **MatchesMethods** | **[]string** | MatchesMethods is a list of HTTP methods that this rule matches. | [optional] [default to null] -**MatchesPath** | **string** | MatchesPath is a regular expression of paths this rule matches. | [optional] [default to null] +**MatchesPath** | **string** | MatchesPathCompiled is a regular expression of paths this rule matches. | [optional] [default to null] **RequiredAction** | **string** | RequiredScopes is the action this rule requires. | [optional] [default to null] **RequiredResource** | **string** | RequiredScopes is the resource this rule requires. | [optional] [default to null] **RequiredScopes** | **[]string** | RequiredScopes is a list of scopes that are required by this rule. | [optional] [default to null] diff --git a/sdk/swagger/rule.go b/sdk/swagger/rule.go index d4bf9f6204..eeb00811ca 100644 --- a/sdk/swagger/rule.go +++ b/sdk/swagger/rule.go @@ -31,7 +31,7 @@ type Rule struct { // MatchesMethods is a list of HTTP methods that this rule matches. MatchesMethods []string `json:"matchesMethods,omitempty"` - // MatchesPath is a regular expression of paths this rule matches. + // MatchesPathCompiled is a regular expression of paths this rule matches. MatchesPath string `json:"matchesPath,omitempty"` // RequiredScopes is the action this rule requires.