Skip to content

Commit

Permalink
Merge pull request #27 from cerberauth/better-param-regex-matching
Browse files Browse the repository at this point in the history 
fix: match more params chars
  • Loading branch information
@emmanuelgautier
emmanuelgautier authored May 13, 2023
2 parents 0b74967 + 23c7d0c commit bc6ca82
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 28 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ Here is a Ory Oathkeeper rules output
"methods": [
"GET"
],
"url": "<^(https://api\\.example\\.com)(/users/(.+)/?)$>"
"url": "<^(https://api\\.example\\.com)(/users/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
},
"authenticators": [
{
Expand Down
18 changes: 9 additions & 9 deletions contrib/quickstart/access-rules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@
"methods": [
"DELETE"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -257,7 +257,7 @@
"methods": [
"GET"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -307,7 +307,7 @@
"methods": [
"POST"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -433,7 +433,7 @@
"methods": [
"DELETE"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -471,7 +471,7 @@
"methods": [
"GET"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -509,7 +509,7 @@
"methods": [
"PUT"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -547,7 +547,7 @@
"methods": [
"POST"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(.+)/uploadImage/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]|\\x2D|=|\\?|&)+/uploadImage/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -635,7 +635,7 @@
"methods": [
"DELETE"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down Expand Up @@ -673,7 +673,7 @@
"methods": [
"GET"
],
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/(.+)/?)$>"
"url": "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/([[:alnum:]]|\\x2D|=|\\?|&)+/?)$>"
},
"authenticators": [
{
Expand Down
18 changes: 9 additions & 9 deletions generator/.snapshots/TestGenerateFromPetstoreWithOpenIdConnect
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@
Methods: ([]string) (len=1) {
(string) (len=6) "DELETE"
},
URL: (string) (len=93) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/([[:alnum:]]+)/?)$>"
URL: (string) (len=103) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -177,7 +177,7 @@
Methods: ([]string) (len=1) {
(string) (len=6) "DELETE"
},
URL: (string) (len=85) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]+)/?)$>"
URL: (string) (len=95) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -230,7 +230,7 @@
Methods: ([]string) (len=1) {
(string) (len=6) "DELETE"
},
URL: (string) (len=86) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/([[:alnum:]]+)/?)$>"
URL: (string) (len=96) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -414,7 +414,7 @@
Methods: ([]string) (len=1) {
(string) (len=3) "GET"
},
URL: (string) (len=93) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/([[:alnum:]]+)/?)$>"
URL: (string) (len=103) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/store/order/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -453,7 +453,7 @@
Methods: ([]string) (len=1) {
(string) (len=3) "GET"
},
URL: (string) (len=85) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]+)/?)$>"
URL: (string) (len=95) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -506,7 +506,7 @@
Methods: ([]string) (len=1) {
(string) (len=3) "GET"
},
URL: (string) (len=86) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/([[:alnum:]]+)/?)$>"
URL: (string) (len=96) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -715,7 +715,7 @@
Methods: ([]string) (len=1) {
(string) (len=4) "POST"
},
URL: (string) (len=92) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]+)/?(\\?.+)?)$>"
URL: (string) (len=102) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(?:[[:alnum:]]\\x2D=\\?&)+/?(\\?.+)?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -768,7 +768,7 @@
Methods: ([]string) (len=1) {
(string) (len=3) "PUT"
},
URL: (string) (len=86) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/([[:alnum:]]+)/?)$>"
URL: (string) (len=96) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/user/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down Expand Up @@ -807,7 +807,7 @@
Methods: ([]string) (len=1) {
(string) (len=4) "POST"
},
URL: (string) (len=104) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/([[:alnum:]]+)/uploadImage/?(\\?.+)?)$>"
URL: (string) (len=114) "<^(https://cerberauth\\.com/api/v3|http://swagger\\.io/api/v3)(/pet/(?:[[:alnum:]]\\x2D=\\?&)+/uploadImage/?(\\?.+)?)$>"
}),
Authenticators: ([]rule.Handler) (len=1) {
(rule.Handler) {
Expand Down
23 changes: 16 additions & 7 deletions generator/match_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,18 @@ import (
"github.com/ory/oathkeeper/rule"
)

var argre = regexp.MustCompile(`(?m)({(.*)})`)
var (
argre = regexp.MustCompile(`(?m)({(.*)})`)

separatorToken = rex.Chars.Single('/')
stringToken = rex.Group.NonCaptured(
rex.Chars.Alphanumeric(),
rex.Chars.Single('-'),
rex.Chars.Single('='),
rex.Chars.Single('?'),
rex.Chars.Single('&'),
)
)

func _hasQueryParam(p *openapi3.Parameters) bool {
if p == nil {
Expand All @@ -38,25 +49,23 @@ func createMatchRule(serverUrls []string, v string, p string, params *openapi3.P
}

var pathTokens []dialect.Token
pathTokens = append(pathTokens, rex.Chars.Single('/'))
pathTokens = append(pathTokens, separatorToken)
for _, dir := range strings.Split(p, "/") {
if dir == "" {
continue
}

dirToken := rex.Common.Text(dir)
if argre.Match([]byte(dir)) {
dirToken = rex.Group.Define(
rex.Chars.Alphanumeric().Repeat().OneOrMore(),
)
dirToken = stringToken.Repeat().OneOrMore()
}

pathTokens = append(pathTokens, dirToken)
pathTokens = append(pathTokens, rex.Chars.Single('/'))
pathTokens = append(pathTokens, separatorToken)
}

if len(pathTokens) > 1 {
pathTokens[len(pathTokens)-1] = rex.Chars.Single('/').Repeat().ZeroOrOne()
pathTokens[len(pathTokens)-1] = separatorToken.Repeat().ZeroOrOne()
}

if _hasQueryParam(params) {
Expand Down
4 changes: 2 additions & 2 deletions generator/match_rule_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func TestGenerateMatchRuleWithMultipleServerUrls(t *testing.T) {

func TestGenerateMatchRuleWithPathParams(t *testing.T) {
expectedMatchingRule := rule.Match{
URL: "<^(https://cerberauth\\.com/api/v3)(/([[:alnum:]]+)/resource/([[:alnum:]]+)/?)$>",
URL: "<^(https://cerberauth\\.com/api/v3)(/(?:[[:alnum:]]\\x2D=\\?&)+/resource/(?:[[:alnum:]]\\x2D=\\?&)+/?)$>",
Methods: []string{"GET"},
}
matchRule, err := createMatchRule([]string{"https://cerberauth.com/api/v3"}, "GET", "/{param}/resource/{otherParam}", nil)
Expand All @@ -50,7 +50,7 @@ func TestGenerateMatchRuleWithPathParams(t *testing.T) {

func TestGenerateMatchRuleWithQueryParams(t *testing.T) {
expectedMatchingRule := rule.Match{
URL: "<^(https://cerberauth\\.com/api/v3)(/([[:alnum:]]+)/resource/([[:alnum:]]+)/?(\\?.+)?)$>",
URL: "<^(https://cerberauth\\.com/api/v3)(/(?:[[:alnum:]]\\x2D=\\?&)+/resource/(?:[[:alnum:]]\\x2D=\\?&)+/?(\\?.+)?)$>",
Methods: []string{"GET"},
}
params := openapi3.NewParameters()
Expand Down

0 comments on commit bc6ca82

Please sign in to comment.