Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support negating for skip auth routes #1762

Merged
merged 1 commit into from
Sep 3, 2022
Merged

Support negating for skip auth routes #1762

merged 1 commit into from
Sep 3, 2022

Conversation

ianldgs
Copy link

@ianldgs ianldgs commented Aug 19, 2022
edited

Description

Allow negating a route on skip-auth-routes, using syntax !=.
It works for specific methods: GET!=path_regex and for all methods: !=path_regex.

Motivation and Context

In the project I work, we have a backend API in which only one entity should be authenticated. All the rest should not.
Instead of keeping an updated list of every API route that we have, it's much easier to allow anything but the specific entity.

E.g.:

skip_auth_routes = [
  "!=^/api/my-private-entity", # my-private-entity needs authentication, anything else will skip auth
]

How Has This Been Tested?

Wrote some unit tests, and I have a postman collection with tests for my project with oauth2-proxy in front.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@ianldgs ianldgs marked this pull request as ready for review August 19, 2022 10:58
@ianldgs ianldgs requested a review from a team as a code owner August 19, 2022 10:58
JoelSpeed
JoelSpeed reviewed Aug 31, 2022
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Golang sadly doesn't support negative lookaheads so I think what you're doing here is probably the best solution

oauthproxy.go Show resolved Hide resolved
@ianldgs
Copy link
Author

ianldgs commented Sep 1, 2022
edited

Golang sadly doesn't support negative lookaheads so I think what you're doing here is probably the best solution

Yeah, I tried to use a package regexp2, which supports negative lookaheads, but then it could break patterns from existing projects.

@ianldgs ianldgs force-pushed the negate-route branch 2 times, most recently from aa3b7ef to 32ccae9 Compare September 2, 2022 07:44
JoelSpeed
JoelSpeed previously approved these changes Sep 2, 2022
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks!

@ianldgs
Copy link
Author

ianldgs commented Sep 2, 2022

Awesome! I believe I have fixed CI.

@JoelSpeed JoelSpeed merged commit fbe7e6f into oauth2-proxy:master Sep 3, 2022
@ianldgs ianldgs deleted the negate-route branch September 5, 2022 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ianldgs @JoelSpeed