matchString refactor

itsjamie · Jul 5, 2020 · d68f82a · d68f82a
1 parent 6803b67
commit d68f82a
Show file tree

Hide file tree

Showing 3 changed files with 131 additions and 38 deletions.
diff --git a/cors.go b/cors.go
@@ -205,11 +205,7 @@ func handleRequest(context *gin.Context, config Config) bool {
 // Case-sensitive match of origin header
 func matchOrigin(origin string, config Config) bool {
 	for _, value := range config.origins {
-		if strings.Contains(value, "*") {
-			if matchString(value, origin) {
-				return true
-			}
-		} else if value == origin {
+		if matchString(value, origin) {
 			return true
 		}
 	}
@@ -218,44 +214,45 @@ func matchOrigin(origin string, config Config) bool {
 
 func matchString(pattern string, str string) bool {
 	EOF := len(str)
-	finalState := len(pattern) - 1
-
-	cursor := 0
-	nextState := 0
-	lastWild := -1
+	final := len(pattern)
+	skip := -1
+	for i := 0; i < final; i++ {
+		if pattern[i] == '*' {
+			skip = i
+		}
+	}
+	if skip == -1 && pattern != str {
+		return false
+	}
+	nstr := EOF - (final - skip) + 1
+	if skip != -1 && pattern[skip+1:final] != str[nstr:EOF] {
+		return false
+	}
 
-	for cursor != EOF && nextState <= finalState {
-		if str[cursor] == pattern[nextState] {
-			if nextState != finalState {
-				nextState++
-			}
-		} else {
-			if pattern[nextState] != '*' {
-				if lastWild == -1 {
-					break
-				}
-				nextState = lastWild
-			} else {
-				lastWild = nextState
-			}
-			if nextState+1 >= len(pattern) {
-				// no lookahead
-				break
-			}
-			lookahead := pattern[nextState+1]
-			if str[cursor] == lookahead {
+	loopback := -1
+	current := 0
+	for cursor := 0; cursor < EOF && current != final; cursor++ {
+		if str[cursor] == pattern[current] {
+			current++
+		} else if pattern[current] == '*' {
+			loopback = current
+			if current+1 < final && pattern[current+1] == str[cursor] ||
+				current+1 < final && pattern[current+1] == '*' {
+				current++
 				cursor--
-				nextState++
-			}
-			if lookahead == '*' {
-				nextState++
 			}
+		} else if loopback == -1 {
+			break
+		} else {
+			current = loopback
+			cursor--
 		}
-		cursor++
 	}
-	matched := nextState == finalState
 
-	return matched
+	if current == skip && skip+1 == final {
+		return pattern[current] == '*'
+	}
+	return current == final
 }
 
 // Case-sensitive match of request method

diff --git a/cors_test.go b/cors_test.go
@@ -102,6 +102,25 @@ func TestMismatchOrigin(t *testing.T) {
 	}
 }
 
+func TestWildMismatchOrigin(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/", nil)
+	w := httptest.NewRecorder()
+
+	req.Header.Set("Origin", "http://files.testing.com")
+
+	router := gin.New()
+
+	router.Use(Middleware(Config{
+		Origins: "http://*testing.io/*, http://sample.testing.com/*",
+	}))
+
+	router.ServeHTTP(w, req)
+
+	if w.Header().Get(AllowOriginKey) != "" {
+		t.Fatal("This should not match.")
+	}
+}
+
 func TestPreflightRequest(t *testing.T) {
 	req, _ := http.NewRequest("OPTIONS", "/", nil)
 	w := httptest.NewRecorder()
@@ -200,7 +219,7 @@ func TestWildMatchOrigin(t *testing.T) {
 
 	router := gin.New()
 	router.Use(Middleware(Config{
-		Origins: "*.testing.com",
+		Origins: "http://files.*testing, *://files.testing*",
 	}))
 	router.ServeHTTP(w, req)
 

diff --git a/coverage.out b/coverage.out
@@ -0,0 +1,77 @@
+mode: count
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:87.33,97.49 6 13
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:97.49,99.3 1 27
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:106.48,109.26 2 11
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:113.2,113.27 1 10
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:117.2,120.36 2 10
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:109.26,110.120 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:113.27,115.3 1 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:120.36,127.26 3 10
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:131.3,132.24 2 9
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:136.3,136.38 1 9
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:174.3,174.18 1 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:127.26,129.4 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:132.24,134.4 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:136.38,140.47 3 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:148.4,148.18 1 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:152.4,152.13 1 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:140.47,142.28 2 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:142.28,145.6 2 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:148.18,150.5 1 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:152.13,154.27 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:166.5,166.18 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:169.5,169.11 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:154.27,158.6 2 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:158.11,158.32 1 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:158.32,160.6 1 0
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:160.11,162.6 1 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:166.18,168.6 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:178.86,179.69 1 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:183.2,183.101 1 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:194.2,194.14 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:179.69,181.3 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:183.101,187.27 3 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:191.3,191.14 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:187.27,189.4 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:197.62,198.33 1 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:202.2,202.13 1 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:198.33,200.3 1 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:206.53,207.39 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:212.2,212.14 1 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:207.39,208.33 1 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:208.33,210.4 1 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:215.51,219.29 4 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:224.2,224.34 1 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:227.2,228.58 2 6
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:232.2,234.62 3 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:252.2,252.40 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:255.2,255.25 1 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:219.29,220.24 1 144
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:220.24,222.4 1 6
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:224.34,226.3 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:228.58,230.3 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:234.62,235.38 1 99
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:235.38,237.4 1 78
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:237.9,237.37 1 21
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:237.37,240.52 2 19
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:240.52,243.5 2 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:244.9,244.28 1 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:244.28,245.9 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:246.9,249.4 2 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:252.40,254.3 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:259.70,260.29 1 6
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:264.2,264.25 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:272.2,272.14 1 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:260.29,262.3 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:264.25,265.40 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:265.40,266.30 1 7
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:266.30,268.5 1 3
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:276.72,277.29 1 5
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:281.2,283.33 2 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:299.2,299.13 1 2
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:277.29,279.3 1 1
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:283.33,287.47 3 6
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:294.3,294.13 1 6
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:287.47,288.23 1 14
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:288.23,290.10 2 4
+/Users/christianahadigun/Documents/lobby/gin-cors/cors.go:294.13,296.4 1 2