From 3e3661b0fe02f170b2c261c4b4d464b81146e5d3 Mon Sep 17 00:00:00 2001 From: joel Date: Mon, 21 Oct 2024 19:18:47 +0200 Subject: [PATCH] fix: update to use config --- internal/conf/configuration.go | 18 ++++++++++++++---- internal/conf/configuration_test.go | 13 +++++++++++-- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go index 806930724..6e4517647 100644 --- a/internal/conf/configuration.go +++ b/internal/conf/configuration.go @@ -569,6 +569,7 @@ func loadEnvironment(filename string) error { // Moving away from the existing HookConfig so we can get a fresh start. type HookConfiguration struct { + AllowedLocalHostNames []string `json:"allowed_local_names" split_words:"true"` MFAVerificationAttempt ExtensibilityPointConfiguration `json:"mfa_verification_attempt" split_words:"true"` PasswordVerificationAttempt ExtensibilityPointConfiguration `json:"password_verification_attempt" split_words:"true"` CustomAccessToken ExtensibilityPointConfiguration `json:"custom_access_token" split_words:"true"` @@ -607,14 +608,23 @@ func (h *HookConfiguration) Validate() error { h.SendEmail, } for _, point := range points { - if err := point.ValidateExtensibilityPoint(); err != nil { + if err := point.ValidateExtensibilityPoint(h.AllowedLocalHostNames); err != nil { return err } } return nil } -func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint() error { +func isStringInSlice(checkValue string, list []string) bool { + for _, val := range list { + if val == checkValue { + return true + } + } + return false +} + +func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint(allowedHTTPHostNames []string) error { if e.URI == "" { return nil } @@ -627,10 +637,10 @@ func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint() error { return validatePostgresPath(u) case "http": hostname := u.Hostname() - if hostname == "localhost" || hostname == "127.0.0.1" || hostname == "::1" || hostname == "host.docker.internal" || hostname == "kong" || hostname == "edge_runtime" { + if isStringInSlice(hostname, allowedHTTPHostNames) { return validateHTTPHookSecrets(e.HTTPHookSecrets) } - return fmt.Errorf("only localhost, 127.0.0.1, and ::1 are supported with http") + return fmt.Errorf("Hostname is %q: only %s are supported with http", hostname, strings.Join(allowedHTTPHostNames, ", ")) case "https": return validateHTTPHookSecrets(e.HTTPHookSecrets) default: diff --git a/internal/conf/configuration_test.go b/internal/conf/configuration_test.go index 7bc0b645b..7f5418881 100644 --- a/internal/conf/configuration_test.go +++ b/internal/conf/configuration_test.go @@ -155,6 +155,14 @@ func TestHTTPHookSecretsDecode(t *testing.T) { } func TestValidateExtensibilityPointURI(t *testing.T) { + allowedLocalHostNames := []string{ + "localhost", + "127.0.0.1", + "::1", + "host.docker.internal", + "kong", + "edge_runtime", + } cases := []struct { desc string uri string @@ -180,7 +188,7 @@ func TestValidateExtensibilityPointURI(t *testing.T) { for _, tc := range cases { ep := ExtensibilityPointConfiguration{URI: tc.uri} - err := ep.ValidateExtensibilityPoint() + err := ep.ValidateExtensibilityPoint(allowedLocalHostNames) if tc.expectError { require.Error(t, err) } else { @@ -206,8 +214,9 @@ func TestValidateExtensibilityPointSecrets(t *testing.T) { {desc: "Invalid Symmetric Secret", secret: []string{"tommy"}, expectError: true}, } for _, tc := range cases { + allowedLocalHostNames := []string{} ep := ExtensibilityPointConfiguration{URI: validHTTPSURI, HTTPHookSecrets: tc.secret} - err := ep.ValidateExtensibilityPoint() + err := ep.ValidateExtensibilityPoint(allowedLocalHostNames) if tc.expectError { require.Error(t, err) } else {