Skip to content

Commit

Permalink
Adjustment to allow 2 wildcards in the endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@austinwbest
austinwbest committed Nov 1, 2024
1 parent ee2ee1e commit d05da4d
Showing 1 changed file with 29 additions and 9 deletions.
38 changes: 29 additions & 9 deletions root/app/www/public/api/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,21 +145,41 @@
$app = $proxiedApp['starr'];
$appId = $proxiedApp['appId'];

// CHECK IF THE ENDPOINT HAS WILDCARDS: /{...}/{...} OR /{...}
if (!$proxiedApp['access'][$endpoint]) {
$parameter = false;
preg_match('/^(.*)\/(.*)$/', $endpoint, $matches);
$cleanEndpoint = $matches[1] . '/{';
$endpointRegexes = ['/(.*)\/(.*)\/(.*)/', '/(.*)\/(.*)/'];
$wildcardRegexes = ['/(.*)({.*})\/({.*})/', '/(.*)({.*})/'];
$wildcard = false;

foreach ($wildcardRegexes as $index => $wildcardRegex) {
preg_match($endpointRegexes[$index], $endpoint, $requestMatches);

if (!$requestMatches) {
continue;
}

foreach ($proxiedApp['access'] as $accessEndpoint => $accessMethods) {
preg_match($wildcardRegex, $accessEndpoint, $accessMatches);

// CHECK IF THE ENDPOINT HAS /{...}
foreach ($proxiedApp['access'] as $accessEndpoint => $accessMethods) {
if (str_contains($accessEndpoint, $cleanEndpoint)) {
$parameter = true;
$endpoint = $accessEndpoint; //-- ALLOW LATER CHECKS TO PASS
if (!$accessMatches) {
continue;
}

if ($accessMatches[1] == $requestMatches[1] . '/') {
if (count($accessMatches) == count($requestMatches)) {
$wildcard = true;
$endpoint = $accessEndpoint; //-- ALLOW LATER CHECKS TO PASS
break;
}
}
}

if ($wildcard) {
break;
}
}

if (!$parameter) {
if (!$wildcard) {
logger($logfile, $apikey, $endpoint, 401);
logger(str_replace('access.log', 'access_' . $settingsFile['access'][$app][$appId]['name'] . '.log', $logfile), $apikey, $endpoint, 401);
accessCounter($app, $appId, 401);
Expand Down

0 comments on commit d05da4d

Please sign in to comment.