Merge c5f9517 into 12d50ab

TreeGateway · May 26, 2018 · ba571e7 · ba571e7
2 parents 12d50ab + c5f9517
commit ba571e7
Show file tree

Hide file tree

Showing 8 changed files with 230 additions and 303 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tree-gateway",
-  "version": "3.0.2",
+  "version": "3.1.0",
   "homepage": "http://treegateway.org",
   "description": "The Tree Gateway API Gateway",
   "author": "Thiago da Rosa de Bustamante <trbustamante@gmail.com>",
@@ -79,7 +79,7 @@
     "jsonwebtoken": "^8.2.0",
     "lodash": "^4.17.5",
     "lodash-deep": "^2.0.0",
-    "micromatch": "^3.1.9",
+    "micromatch": "^3.1.10",
     "mustache": "^2.3.0",
     "on-headers": "^1.0.1",
     "os": "^0.1.1",

diff --git a/src/config/group.ts b/src/config/group.ts
@@ -27,7 +27,7 @@ export interface Member {
 }
 
 const methodValidator = Joi.string().valid('GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS', 'HEAD');
-const pathString = Joi.string().regex(/^!?[A-Za-z\-\/0-9_\.\*]+$/i);
+const pathString = Joi.string().regex(/(!?[A-Za-z\-\/0-9_\.\*]+(\s*&\s*)?)+/i);
 const memberValidatorSchema = Joi.object().keys({
     method: Joi.alternatives([Joi.array().items(methodValidator), methodValidator]),
     path: Joi.alternatives([Joi.array().items(pathString),pathString]),

diff --git a/src/pipeline/group.ts b/src/pipeline/group.ts
@@ -68,7 +68,17 @@ export function buildGroupAllowTest(request: string, groups: Array<Group>, group
                     if (i > 0) {
                         func.push(`||`);
                     }
-                    func.push(`(mm.isMatch(${request}.path, '${normalizePath(path)}'))`);
+                    if (path && path.indexOf('&') > 0) {
+                        const expressions = path.split('&')
+                                            .map(p => normalizePath(p))
+                                            .filter(p => p.trim().length > 0)
+                                            .map(p => `'${p}'`)
+                                            .join(',');
+                        func.push(`(mm.all(${request}.path, [${expressions}]))`);
+                        console.info(expressions);
+                    } else {
+                        func.push(`(mm.isMatch(${request}.path, '${normalizePath(path)}'))`);
+                    }
                 });
                 func.push(`)`);
             }

diff --git a/src/utils/path.ts b/src/utils/path.ts
@@ -5,6 +5,7 @@ export function normalizePath(path: string) {
     if (!path) {
         return path;
     }
+    path = path.trim();
     const negate = _.startsWith(path, '!');
     if (negate) {
         path = path.substring(1);

diff --git a/test/data/apis/basicAuthenticationByGroupMultiPath.json b/test/data/apis/basicAuthenticationByGroupMultiPath.json
@@ -0,0 +1,36 @@
+{
+    "name": "TestAuthdByGroupAPIMultiPath",
+    "version": "1.0.0",
+    "path": "secureBasic-by-group-multi/",
+    "group": [
+        {
+            "id": "Group1",
+            "description": "Endpoints Group One",
+            "member": [
+                {
+                    "path": ["!**/headers & !**/useragent"],
+                    "method": ["GET"],
+                    "protocol": ["http"]
+                }
+            ] 
+        }
+    ],
+    "proxy": {
+        "target": {
+            "host": "http://httpbin.org"
+        },
+        "timeout": 5000
+    },
+    "authentication": {
+        "use": "my-basic-validator",
+        "group": ["Group1"]        
+    },
+    "errorHandler": {
+        "middleware": {
+            "name": "json",
+            "options": {
+                "expression": "{'Err': error.message}"
+            }
+        }
+    }
+}
diff --git a/test/mocha.opts b/test/mocha.opts
@@ -1,4 +1,4 @@
---compilers ts-node/register
+--require ts-node/register
 --require source-map-support/register
 --full-trace
 --bail

diff --git a/test/unit/authenticator.spec.ts b/test/unit/authenticator.spec.ts
@@ -113,6 +113,26 @@ describe('The Gateway Authenticator', () => {
         });
     });
 
+    it('should be able to verify authentication only to restricted groups in API with multiple paths', (done) => {
+        gatewayRequest.get({
+            url:'/secureBasic-by-group-multi/get?arg=1'
+        }, (error: any, response: any, body: any) => {
+            expect(response.statusCode).to.equal(401);
+            const result = JSON.parse(body);
+            expect(result.Err).to.equal('Unauthorized');
+            done();
+        });
+    });
+
+    it('should be able to verify authentication only to restricted groups in API with multiple paths', (done) => {
+        gatewayRequest.get({
+            url:'/secureBasic-by-group-multi/headers'
+        }, (error: any, response: any, body: any) => {
+            expect(response.statusCode).to.equal(200);
+            done();
+        });
+    });
+
     it('should be able to verify Local authentication on requests to API', (done) => {
         gatewayRequest.get({
             url:'/secureLocal/get?userid=test&passwd=test123'