From 7529095e1ac4304d373a5f9774f8dea2d6bd9435 Mon Sep 17 00:00:00 2001
From: Marius Zander <marius@bam-bam-bam.com>
Date: Wed, 14 Jun 2023 17:49:08 +0200
Subject: [PATCH] fix: use X-Forwarded-Uri if it exists for pathRegex match

the functions `isApiPath` and `isAllowedPath` use the `req.URL.Path` property which leads to faulty behavior when behind a reverse proxy. The correct path can be inferred from the `X-Forwarded-Uri` header by making use of the already provided `requestutil.GetRequestURI` function.

Co-authored-by: Jan Wystub <jan@bam-bam-bam.com>
---
 oauthproxy.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index 7398fb8e..25b14e61 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -554,7 +554,7 @@ func isAllowedMethod(req *http.Request, route allowedRoute) bool {
 }
 
 func isAllowedPath(req *http.Request, route allowedRoute) bool {
-	matches := route.pathRegex.MatchString(req.URL.Path)
+	matches := route.pathRegex.MatchString(requestutil.GetRequestURI(req))
 
 	if route.negate {
 		return !matches
@@ -575,7 +575,7 @@ func (p *OAuthProxy) isAllowedRoute(req *http.Request) bool {
 
 func (p *OAuthProxy) isAPIPath(req *http.Request) bool {
 	for _, route := range p.apiRoutes {
-		if route.pathRegex.MatchString(req.URL.Path) {
+		if route.pathRegex.MatchString(requestutil.GetRequestURI(req)) {
 			return true
 		}
 	}