From 22aa63e9b5c9cbaa446fe7b1292d51379879cfb6 Mon Sep 17 00:00:00 2001 From: Philipp Schleier Date: Mon, 12 Aug 2019 14:36:37 +0200 Subject: [PATCH 1/2] Fix resourcePath pattern matching --- apikeys/index.js | 8 ++++---- lib/basicAuth.js | 8 ++++---- oauth/index.js | 29 +++++++++++++---------------- oauthv2/index.js | 8 ++++---- 4 files changed, 25 insertions(+), 28 deletions(-) diff --git a/apikeys/index.js b/apikeys/index.js index aefc3a5..a586be0 100644 --- a/apikeys/index.js +++ b/apikeys/index.js @@ -12,8 +12,8 @@ var requestLib = require("request"); var _ = require("lodash"); const PRIVATE_JWT_VALUES = ["application_name", "client_id", "api_product_list", "iat", "exp"]; -const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**"; -const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*"; +const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**"; +const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*"; // const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/"; // ?? this has yet to be used in any module. const acceptAlg = ["RS256"]; @@ -259,11 +259,11 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut urlPath = urlPath + "/"; } - if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN)) { + if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) { const regex = apiproxy.replace(/\*\*/gi, ".*") matchesProxyRules = urlPath.match(regex) } else { - if (apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN)) { + if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { const regex = apiproxy.replace(/\*/gi, "[^/]+"); matchesProxyRules = urlPath.match(regex) } else { diff --git a/lib/basicAuth.js b/lib/basicAuth.js index 05cf5ec..83df01f 100644 --- a/lib/basicAuth.js +++ b/lib/basicAuth.js @@ -25,8 +25,8 @@ map.setup({ // const acceptAlg = ['RS256']; -const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**"; -const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*"; +const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**"; +const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*"; //const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/"; const AUTH_HEADER_REGEX = /Bearer (.+)/; @@ -412,11 +412,11 @@ class BasicAuthorizerPlugin { urlPath = urlPath + "/"; } - if ( apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN) ) { + if ( apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN) ) { const regex = apiproxy.replace(/\*\*/gi, ".*") return(urlPath.match(regex) !== null ) } else { - if ( apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN) ) { + if ( apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN) ) { const regex = apiproxy.replace(/\*/gi, "[^/]+"); return(urlPath.match(regex) !== null ) } else { diff --git a/oauth/index.js b/oauth/index.js index 96c489a..e028fb6 100644 --- a/oauth/index.js +++ b/oauth/index.js @@ -14,8 +14,8 @@ var _ = require('lodash'); const authHeaderRegex = /Bearer (.+)/; const PRIVATE_JWT_VALUES = ['application_name', 'client_id', 'api_product_list', 'iat', 'exp']; -const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**"; -const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*"; +const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**"; +const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*"; // const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/"; const acceptAlg = ['RS256']; @@ -384,23 +384,20 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut if (apiproxy.endsWith("/") && !urlPath.endsWith("/")) { urlPath = urlPath + "/"; } - - if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN)) { - const regex = apiproxy.replace(/\*\*/gi, ".*") - matchesProxyRules = urlPath.match(regex) + let regex = apiproxy; + if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) { + regex = regex.replace(/\*\*/gi, ".+"); + } + if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { + regex = regex.replace(/\*/gi, "[^/]+"); + } + if (regex !== apiproxy) { + regex = "^" + regex + "$"; + matchesProxyRules = urlPath.match(regex) !== null; } else { - if (apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN)) { - const regex = apiproxy.replace(/\*/gi, "[^/]+"); - matchesProxyRules = urlPath.match(regex) - } else { - // if(apiproxy.includes(SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN)){ - // } - matchesProxyRules = urlPath === apiproxy; - - } + matchesProxyRules = urlPath === apiproxy; } }) - } else { matchesProxyRules = true } diff --git a/oauthv2/index.js b/oauthv2/index.js index d33382b..495cebc 100644 --- a/oauthv2/index.js +++ b/oauthv2/index.js @@ -11,8 +11,8 @@ var _ = require('lodash'); const authHeaderRegex = /Bearer (.+)/; const PRIVATE_JWT_VALUES = ['application_name', 'client_id', 'api_product_list', 'iat', 'exp']; -const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**"; -const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*"; +const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**"; +const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*"; //const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/"; const acceptAlg = ['RS256']; @@ -250,11 +250,11 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut urlPath = urlPath + "/"; } - if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN)) { + if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) { const regex = apiproxy.replace(/\*\*/gi, ".*") matchesProxyRules = urlPath.match(regex) } else { - if (apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN)) { + if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { const regex = apiproxy.replace(/\*/gi, "[^/]+"); matchesProxyRules = urlPath.match(regex) } else { From 4eef772cde5d7df5962f3093e3907ac610599207 Mon Sep 17 00:00:00 2001 From: Philipp Schleier Date: Mon, 12 Aug 2019 14:45:21 +0200 Subject: [PATCH 2/2] Add proper path handling to apikeys/oauthv2 --- apikeys/index.js | 23 ++++++++++------------- oauthv2/index.js | 23 ++++++++++------------- 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/apikeys/index.js b/apikeys/index.js index a586be0..8bb359f 100644 --- a/apikeys/index.js +++ b/apikeys/index.js @@ -258,23 +258,20 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut if (apiproxy.endsWith("/") && !urlPath.endsWith("/")) { urlPath = urlPath + "/"; } - + let regex = apiproxy; if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) { - const regex = apiproxy.replace(/\*\*/gi, ".*") - matchesProxyRules = urlPath.match(regex) + regex = regex.replace(/\*\*/gi, ".+"); + } + if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { + regex = regex.replace(/\*/gi, "[^/]+"); + } + if (regex !== apiproxy) { + regex = "^" + regex + "$"; + matchesProxyRules = urlPath.match(regex) !== null; } else { - if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { - const regex = apiproxy.replace(/\*/gi, "[^/]+"); - matchesProxyRules = urlPath.match(regex) - } else { - // if(apiproxy.includes(SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN)){ - // } - matchesProxyRules = urlPath === apiproxy; - - } + matchesProxyRules = urlPath === apiproxy; } }) - } else { matchesProxyRules = true } diff --git a/oauthv2/index.js b/oauthv2/index.js index 495cebc..bd739fe 100644 --- a/oauthv2/index.js +++ b/oauthv2/index.js @@ -249,23 +249,20 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut if (apiproxy.endsWith("/") && !urlPath.endsWith("/")) { urlPath = urlPath + "/"; } - + let regex = apiproxy; if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) { - const regex = apiproxy.replace(/\*\*/gi, ".*") - matchesProxyRules = urlPath.match(regex) + regex = regex.replace(/\*\*/gi, ".+"); + } + if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { + regex = regex.replace(/\*/gi, "[^/]+"); + } + if (regex !== apiproxy) { + regex = "^" + regex + "$"; + matchesProxyRules = urlPath.match(regex) !== null; } else { - if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) { - const regex = apiproxy.replace(/\*/gi, "[^/]+"); - matchesProxyRules = urlPath.match(regex) - } else { - // if(apiproxy.includes(SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN)){ - // } - matchesProxyRules = urlPath === apiproxy; - - } + matchesProxyRules = urlPath === apiproxy; } }) - } else { matchesProxyRules = true }