config: add support for wildcard from addresses (#4131)

* config: add support for wildcards * update policy matching, header generation * remove deprecated field * fix test
2025-06-03 19:32:48 +02:00 · 2023-04-25 13:34:38 -06:00 · 2023-04-25 13:34:38 -06:00 · 18bc86d632
commit 18bc86d632
parent 949454e886
12 changed files with 445 additions and 115 deletions
--- a/config/from.go
+++ b/config/from.go
@ -0,0 +1,47 @@
+package config
+
+import (
+	"net/url"
+	"regexp"
+	"strings"
+
+	"github.com/pomerium/pomerium/internal/urlutil"
+)
+
+// FromURLMatchesRequestURL returns true if the from URL matches the request URL.
+func FromURLMatchesRequestURL(fromURL, requestURL *url.URL) bool {
+	for _, domain := range urlutil.GetDomainsForURL(fromURL) {
+		if domain == requestURL.Host {
+			return true
+		}
+
+		if !strings.Contains(domain, "*") {
+			continue
+		}
+
+		reStr := WildcardToRegex(domain)
+		re := regexp.MustCompile(reStr)
+		if re.MatchString(requestURL.Host) {
+			return true
+		}
+	}
+	return false
+}
+
+// WildcardToRegex converts a wildcard string to a regular expression.
+func WildcardToRegex(wildcard string) string {
+	var b strings.Builder
+	b.WriteByte('^')
+	for {
+		idx := strings.IndexByte(wildcard, '*')
+		if idx < 0 {
+			break
+		}
+		b.WriteString(regexp.QuoteMeta(wildcard[:idx]))
+		b.WriteString("(.*)")
+		wildcard = wildcard[idx+1:]
+	}
+	b.WriteString(regexp.QuoteMeta(wildcard))
+	b.WriteByte('$')
+	return b.String()
+}