From cfe6e13aa00b28c0693e8f43f0268527c9cec503 Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Thu, 2 Jan 2025 12:43:30 +0100
Subject: [PATCH] feat(ocm): allow wildcard domains

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 changelog/unreleased/allow-wildcard-ocm.md | 5 +++++
 pkg/ocm/provider/authorizer/json/json.go   | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/allow-wildcard-ocm.md

diff --git a/changelog/unreleased/allow-wildcard-ocm.md b/changelog/unreleased/allow-wildcard-ocm.md
new file mode 100644
index 0000000000..08a7601a00
--- /dev/null
+++ b/changelog/unreleased/allow-wildcard-ocm.md
@@ -0,0 +1,5 @@
+Enhancement: Allow wildcards in OCM domains
+
+When verifiying domains, allow wildcards in the domain name. This will not work when using `verify-request-hostname`
+
+https://github.com/cs3org/reva/pull/5025
diff --git a/pkg/ocm/provider/authorizer/json/json.go b/pkg/ocm/provider/authorizer/json/json.go
index fc3eb0c891..c56b951c0e 100644
--- a/pkg/ocm/provider/authorizer/json/json.go
+++ b/pkg/ocm/provider/authorizer/json/json.go
@@ -24,6 +24,7 @@ import (
 	"net"
 	"net/url"
 	"os"
+	"regexp"
 	"strings"
 	"sync"
 
@@ -130,7 +131,7 @@ func (a *authorizer) IsProviderAllowed(ctx context.Context, pi *ocmprovider.Prov
 	var providerAuthorized bool
 	if normalizedDomain != "" {
 		for _, p := range a.providers {
-			if p.Domain == normalizedDomain {
+			if ok, err := regexp.MatchString(p.Domain, normalizedDomain); ok && err == nil {
 				providerAuthorized = true
 				break
 			}