update example

update logic
remove path
2026-01-23 03:56:58 +00:00 · 2024-05-04 09:43:20 +03:00 · 2023-10-30 17:31:06 +03:00 · 2023-10-30 17:03:25 +03:00 · 2023-10-30 16:53:34 +03:00 · 2023-10-30 14:59:30 +03:00
3 changed files with 48 additions and 12 deletions
--- a/.traefik.yml
+++ b/.traefik.yml
@ -11,6 +11,5 @@ testData:
    - userId1
    - userId2
  paths:
-    - prefix: /v1/users
+    - base: /v1/users
-      value: testValue
+      path: /testValue
    - prefix: /v1/organizations
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,16 @@
 version: '3'
 services:
  reverse-proxy:
    image: traefik:v3.0
    command:
      - --api.insecure=true
      - --providers.docker
      - "--experimental.localPlugins.usersblocker.moduleName=github.com/ditkrg/traefik-users-blocker-plugin"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./:/plugins-local/src/github.com/ditkrg/traefik-users-blocker-plugin
--- a/main.go
+++ b/main.go
@ -4,12 +4,17 @@ import (
 	"context"
 	"fmt"
 	"net/http"
 	"os"
 	"strings"
 )
 type Rule struct {
 	AllowedSubPaths []string `json:"allowedSubPaths,omitempty"`
 }
 type Path struct {
-	Prefix      string `json:"prefix,omitempty"`
+	Path string `json:"base,omitempty"`
-	MustContain string `json:"mustContain,omitempty"`
+	Rule Rule   `json:"rule,omitempty"`
 }
 type Config struct {
@ -37,8 +42,8 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
 	}
 	for _, path := range config.Paths {
-		if path.Prefix == "" {
+		if path.Path == "" {
-			return nil, fmt.Errorf("Paths.Prefix cannot be empty")
+			return nil, fmt.Errorf("Paths.Path cannot be empty")
 		}
 	}
@ -53,6 +58,9 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
 func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	userId := req.Header["X-Auth-User-Id"][0]
 	message := fmt.Sprintf("{requestPath: %s, userId: %s}\n", req.URL.Path, userId)
 	os.Stdout.WriteString(message)
 	var isUserBlocked bool
 	for _, id := range a.userId {
@ -67,16 +75,29 @@ func (a *UsersBlocker) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	}
 	for _, path := range a.paths {
-		isPathBlocked := strings.HasPrefix(req.URL.Path, path.Prefix)
+		isPathMatched := strings.HasPrefix(req.URL.Path, path.Path)
-		if isPathBlocked && path.MustContain != "" {
+		if !isPathMatched {
-			isPathBlocked = !strings.Contains(req.URL.Path, path.MustContain)
+			a.next.ServeHTTP(rw, req)
 			return
 		}
-		if isPathBlocked {
+		if len(path.Rule.AllowedSubPaths) == 0 {
-			http.Error(rw, "Forbidden", http.StatusForbidden)
+			message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, path.Path, userId)
 			os.Stdout.WriteString(message)
 			http.Error(rw, message, http.StatusForbidden)
 			return
 		}
 		for _, allowedSubPath := range path.Rule.AllowedSubPaths {
 			isAllowedSubPathMatched := strings.HasPrefix(req.URL.Path, path.Path+allowedSubPath)
 			if !isAllowedSubPathMatched {
 				message := fmt.Sprintf("blocked path %s (matched with %s) for user %s", req.URL.Path, path.Path+path.Path+allowedSubPath, userId)
 				os.Stdout.WriteString(message)
 				http.Error(rw, message, http.StatusForbidden)
 				return
 			}
 		}
 	}
 	a.next.ServeHTTP(rw, req)
Author	SHA1	Message	Date
MohamadTahir	8d3b1b71e5	update example	2024-05-04 09:43:20 +03:00
MohamadTahir	e9cbcb04c4	update logic	2023-10-30 17:31:06 +03:00
MohamadTahir	7a03599d16	remove path	2023-10-30 17:03:25 +03:00
MohamadTahir	cabcbbb166	update logic and logging	2023-10-30 16:53:34 +03:00
MohamadTahir	4f258ba7f3	update .traefik.yml	2023-10-30 14:59:30 +03:00
MohamadTahir	57968638d2	add new lines to logs	2023-10-30 14:57:39 +03:00
MohamadTahir	fb7dce9887	add simple logs	2023-10-30 14:52:36 +03:00
MohamadTahir	149616a5ad	add docker compose for local development	2023-10-30 13:51:48 +03:00