/
app_tld.go
71 lines (55 loc) · 2.08 KB
/
app_tld.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package cors
import (
"golang.org/x/net/publicsuffix"
"strings"
)
const (
//AppTopLevelDomainTemplate matches when host top level domain == origin top level domain (abc.com == abc.com)
AppTopLevelDomainTemplate = "{{APP_TLD}}"
//AppSecondLevelDomainTemplate matches any origin domain if host top level domain == origin top level domain (app.abc.com == noapp.abc.com)
AppSecondLevelDomainTemplate = "*.{{APP_TLD}}"
)
//AppDomainRule replaced AppTopLevelDomainTemplate with input HOST header and uses PrefixSuffixRule
type AppDomainRule struct {
expression string
}
//IsAllowed returns true if reqOrigin matches the rule
func (adr *AppDomainRule) IsAllowed(host, reqOrigin string) bool {
host = removePort(host)
reqOrigin = removePort(reqOrigin)
reqOrigin = removeSchema(reqOrigin)
hostTopLevelDomain, hostDomain := ExtractTopLevelAndDomain(host)
originTopLevelDomain, originDomain := ExtractTopLevelAndDomain(reqOrigin)
expressionTopLevelDomain, expressionDomain := ExtractTopLevelAndDomain(adr.expression)
//analyze only top level domain
if expressionDomain == "" {
expression := strings.ReplaceAll(expressionTopLevelDomain, AppTopLevelDomainTemplate, hostTopLevelDomain)
return NewPrefixSuffixRule(expression).IsAllowed("", originTopLevelDomain)
}
//analyze only domain
return hostTopLevelDomain == originTopLevelDomain && originDomain != "" && NewPrefixSuffixRule(expressionDomain).IsAllowed(hostDomain, originDomain)
}
//ExtractTopLevelAndDomain returns top level domain and domain
//e.g. abc.efg.com returns "efg.com", "abc"
func ExtractTopLevelAndDomain(adr string) (string, string) {
var icann, topLevelDomain, domain string
for i := 0; i < 3; i++ {
if adr == "" {
break
}
adr = strings.TrimSuffix(adr, ".")
publicSuffix, isIcann := publicsuffix.PublicSuffix(adr)
if isIcann && topLevelDomain == "" {
icann = publicSuffix
} else if topLevelDomain == "" {
topLevelDomain = publicSuffix
} else {
domain = publicSuffix
}
adr = strings.TrimSuffix(adr, publicSuffix)
}
if icann != "" {
topLevelDomain += "." + icann
}
return topLevelDomain, domain
}