From 6fdf3ad3e5c9b494b93960a87ed4108271b644d8 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 26 Feb 2022 22:29:56 +0100
Subject: [PATCH] internal/outpost: improve logging and add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2393
---
 .../proxyv2/application/mode_common.go        |  5 +-
 .../proxyv2/application/mode_common_test.go   | 50 +++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100644 internal/outpost/proxyv2/application/mode_common_test.go

diff --git a/internal/outpost/proxyv2/application/mode_common.go b/internal/outpost/proxyv2/application/mode_common.go
index c683a0e15..1af549bda 100644
--- a/internal/outpost/proxyv2/application/mode_common.go
+++ b/internal/outpost/proxyv2/application/mode_common.go
@@ -123,8 +123,9 @@ func (a *Application) IsAllowlisted(u *url.URL) bool {
 		} else {
 			testString = u.String()
 		}
-		a.log.WithField("regex", u.String()).WithField("url", testString).Trace("Matching URL against allow list")
-		if ur.MatchString(testString) {
+		match := ur.MatchString(testString)
+		a.log.WithField("match", match).WithField("regex", ur.String()).WithField("url", testString).Trace("Matching URL against allow list")
+		if match {
 			return true
 		}
 	}
diff --git a/internal/outpost/proxyv2/application/mode_common_test.go b/internal/outpost/proxyv2/application/mode_common_test.go
new file mode 100644
index 000000000..360a2a042
--- /dev/null
+++ b/internal/outpost/proxyv2/application/mode_common_test.go
@@ -0,0 +1,50 @@
+package application
+
+import (
+	"net/url"
+	"regexp"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"goauthentik.io/api"
+)
+
+func urlMustParse(u string) *url.URL {
+	ur, err := url.Parse(u)
+	if err != nil {
+		panic(err)
+	}
+	return ur
+}
+
+func TestIsAllowlisted_Proxy_Single(t *testing.T) {
+	a := newTestApplication()
+	a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr()
+
+	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
+	a.UnauthenticatedRegex = []*regexp.Regexp{
+		regexp.MustCompile("^/foo"),
+	}
+	assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
+}
+
+func TestIsAllowlisted_Proxy_Domain(t *testing.T) {
+	a := newTestApplication()
+	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+
+	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
+	a.UnauthenticatedRegex = []*regexp.Regexp{
+		regexp.MustCompile("^/foo"),
+	}
+	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
+	a.UnauthenticatedRegex = []*regexp.Regexp{
+		regexp.MustCompile("^http://some-host/foo"),
+	}
+	assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
+	a.UnauthenticatedRegex = []*regexp.Regexp{
+		regexp.MustCompile("https://health.domain.tld/ping/*"),
+	}
+	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
+	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("https://health.domain.tld/")))
+	assert.Equal(t, true, a.IsAllowlisted(urlMustParse("https://health.domain.tld/ping/qq")))
+}