fix: fix docker label matching logic

steveiliop56 · steveiliop56 · commit 476ed6964d13 · 2025-07-10T00:34:04.000+03:00
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -234,7 +234,7 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) {
 }
 
 func (auth *Auth) EmailWhitelisted(email string) bool {
-	return utils.CheckFilter(auth.Config.OauthWhitelist, email, true)
+	return utils.CheckFilter(auth.Config.OauthWhitelist, email)
 }
 
 func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error {
@@ -368,13 +368,13 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, lab
 	// Check if oauth is allowed
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
-		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email, true)
+		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
 	}
 
 	// Check users
 	log.Debug().Msg("Checking users")
 
-	return utils.CheckFilter(labels.Users, context.Username, true)
+	return utils.CheckFilter(labels.Users, context.Username)
 }
 
 func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels types.Labels) bool {
@@ -394,7 +394,7 @@ func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels t
 
 	// For every group check if it is in the required groups
 	for _, group := range oauthGroups {
-		if utils.CheckFilter(labels.OAuth.Groups, group, true) {
+		if utils.CheckFilter(labels.OAuth.Groups, group) {
 			log.Debug().Str("group", group).Msg("Group is in required groups")
 			return true
 		}
diff --git a/internal/docker/docker.go b/internal/docker/docker.go
@@ -69,7 +69,7 @@ func (docker *Docker) DockerConnected() bool {
 	return err == nil
 }
 
-func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) {
+func (docker *Docker) GetLabels(app string, domain string) (types.Labels, error) {
 	// Check if we have access to the Docker API
 	isConnected := docker.DockerConnected()
 
@@ -112,9 +112,16 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error)
 			continue
 		}
 
-		// Check if the labels match the id or the domain
-		if strings.TrimPrefix(inspect.Name, "/") == id || utils.CheckFilter(labels.Domain, domain, false) { // Disable regex for now
-			log.Debug().Str("id", inspect.ID).Msg("Found matching container")
+		// Check if the container matches the ID or domain
+		for _, lDomain := range labels.Domain {
+			if lDomain == domain {
+				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
+				return labels, nil
+			}
+		}
+
+		if strings.TrimPrefix(inspect.Name, "/") == app {
+			log.Debug().Str("id", inspect.ID).Msg("Found matching container by name")
 			return labels, nil
 		}
 	}
diff --git a/internal/types/config.go b/internal/types/config.go
@@ -129,7 +129,7 @@ type Labels struct {
 	Users   string
 	Allowed string
 	Headers []string
-	Domain  string
+	Domain  []string
 	Basic   BasicLabels
 	OAuth   OAuthLabels
 	IP      IPLabels
diff --git a/internal/utils/utils.go b/internal/utils/utils.go
@@ -293,14 +293,14 @@ func ParseSecretFile(contents string) string {
 }
 
 // Check if a string matches a regex or if it is included in a comma separated list
-func CheckFilter(filter string, str string, regex bool) bool {
+func CheckFilter(filter string, str string) bool {
 	// Check if the filter is empty
 	if len(strings.TrimSpace(filter)) == 0 {
 		return true
 	}
 
 	// Check if the filter is a regex
-	if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") && regex {
+	if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") {
 		// Create regex
 		re, err := regexp.Compile(filter[1 : len(filter)-1])
 
diff --git a/internal/utils/utils_test.go b/internal/utils/utils_test.go
@@ -387,7 +387,7 @@ func TestCheckFilter(t *testing.T) {
 	expected := true
 
 	// Test the check filter function
-	result := utils.CheckFilter(filter, str, false)
+	result := utils.CheckFilter(filter, str)
 
 	// Check if the result is equal to the expected
 	if result != expected {
@@ -402,7 +402,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = true
 
 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, true)
+	result = utils.CheckFilter(filter, str)
 
 	// Check if the result is equal to the expected
 	if result != expected {
@@ -417,7 +417,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = true
 
 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, false)
+	result = utils.CheckFilter(filter, str)
 
 	// Check if the result is equal to the expected
 	if result != expected {
@@ -432,7 +432,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = false
 
 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, true)
+	result = utils.CheckFilter(filter, str)
 
 	// Check if the result is equal to the expected
 	if result != expected {
@@ -447,7 +447,7 @@ func TestCheckFilter(t *testing.T) {
 	expected = false
 
 	// Test the check filter function
-	result = utils.CheckFilter(filter, str, false)
+	result = utils.CheckFilter(filter, str)
 
 	// Check if the result is equal to the expected
 	if result != expected {

Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ func (auth *Auth) RecordLoginAttempt(identifier string, success bool) {`
`234`	`234`	`}`
`235`	`235`
`236`	`236`	`func (auth *Auth) EmailWhitelisted(email string) bool {`
`237`		`- return utils.CheckFilter(auth.Config.OauthWhitelist, email, true)`
	`237`	`+ return utils.CheckFilter(auth.Config.OauthWhitelist, email)`
`238`	`238`	`}`
`239`	`239`
`240`	`240`	`func (auth Auth) CreateSessionCookie(c gin.Context, data *types.SessionCookie) error {`
`@@ -368,13 +368,13 @@ func (auth Auth) ResourceAllowed(c gin.Context, context types.UserContext, lab`
`368`	`368`	`// Check if oauth is allowed`
`369`	`369`	`if context.OAuth {`
`370`	`370`	`log.Debug().Msg("Checking OAuth whitelist")`
`371`		`- return utils.CheckFilter(labels.OAuth.Whitelist, context.Email, true)`
	`371`	`+ return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)`
`372`	`372`	`}`
`373`	`373`
`374`	`374`	`// Check users`
`375`	`375`	`log.Debug().Msg("Checking users")`
`376`	`376`
`377`		`- return utils.CheckFilter(labels.Users, context.Username, true)`
	`377`	`+ return utils.CheckFilter(labels.Users, context.Username)`
`378`	`378`	`}`
`379`	`379`
`380`	`380`	`func (auth Auth) OAuthGroup(c gin.Context, context types.UserContext, labels types.Labels) bool {`
`@@ -394,7 +394,7 @@ func (auth Auth) OAuthGroup(c gin.Context, context types.UserContext, labels t`
`394`	`394`
`395`	`395`	`// For every group check if it is in the required groups`
`396`	`396`	`for _, group := range oauthGroups {`
`397`		`- if utils.CheckFilter(labels.OAuth.Groups, group, true) {`
	`397`	`+ if utils.CheckFilter(labels.OAuth.Groups, group) {`
`398`	`398`	`log.Debug().Str("group", group).Msg("Group is in required groups")`
`399`	`399`	`return true`
`400`	`400`	`}`
Original file line number	Diff line number	Diff line change
`@@ -293,14 +293,14 @@ func ParseSecretFile(contents string) string {`
`293`	`293`	`}`
`294`	`294`
`295`	`295`	`// Check if a string matches a regex or if it is included in a comma separated list`
`296`		`-func CheckFilter(filter string, str string, regex bool) bool {`
	`296`	`+func CheckFilter(filter string, str string) bool {`
`297`	`297`	`// Check if the filter is empty`
`298`	`298`	`if len(strings.TrimSpace(filter)) == 0 {`
`299`	`299`	`return true`
`300`	`300`	`}`
`301`	`301`
`302`	`302`	`// Check if the filter is a regex`
`303`		`- if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") && regex {`
	`303`	`+ if strings.HasPrefix(filter, "/") && strings.HasSuffix(filter, "/") {`
`304`	`304`	`// Create regex`
`305`	`305`	`re, err := regexp.Compile(filter[1 : len(filter)-1])`
`306`	`306`