.traefik.yml

@@ -13,3 +13,4 @@ testData:
   paths:
     - base: /v1/users
       path: /testValue
+    - base: /v1/organizations

main.go

@@ -8,13 +8,9 @@ import (
 	"strings"
 )
 
-type Rule struct {
-	AllowedSubPaths []string `json:"allowedSubPaths,omitempty"`
-}
-
 type Path struct {
-	Path string `json:"base,omitempty"`
-	Rule Rule   `json:"rule,omitempty"`
+	Base string `json:"base,omitempty"`
+	Path string `json:"path,omitempty"`
 }
 
 type Config struct {
@@ -42,8 +38,8 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
 	}
 
 	for _, path := range config.Paths {
-		if path.Path == "" {
-			return nil, fmt.Errorf("Paths.Path cannot be empty")
+		if path.Base == "" {
+			return nil, fmt.Errorf("Paths.Base cannot be empty")
 		}
 	}
 
@@ -75,29 +71,15 @@ func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	}
 
 	for _, path := range a.paths {
-		isPathMatched := strings.HasPrefix(req.URL.Path, path.Path)
+		blockedPath := path.Base + path.Path
+		isPathBlocked := strings.HasPrefix(req.URL.Path, blockedPath)
 
-		if !isPathMatched {
-			a.next.ServeHTTP(rw, req)
-			return
-		}
-
-		if len(path.Rule.AllowedSubPaths) == 0 {
-			message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, path.Path, userId)
+		if isPathBlocked {
+			message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, blockedPath, userId)
 			os.Stdout.WriteString(message)
 			http.Error(rw, message, http.StatusForbidden)
 			return
 		}
-
-		for _, allowedSubPath := range path.Rule.AllowedSubPaths {
-			isAllowedSubPathMatched := strings.HasPrefix(req.URL.Path, path.Path+allowedSubPath)
-			if !isAllowedSubPathMatched {
-				message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, path.Path+path.Path+allowedSubPath, userId)
-				os.Stdout.WriteString(message)
-				http.Error(rw, message, http.StatusForbidden)
-				return
-			}
-		}
 	}
 
 	a.next.ServeHTTP(rw, req)