Add support for domain-based authentication bypass using the
--skip-auth-route flag with domain=regex syntax. This allows users
to skip authentication for specific domains or domain patterns.
Changes:
- Extended allowedRoute struct to support domain regex matching
- Added domain=regex pattern parsing in buildRoutesAllowlist
- Implemented isAllowedDomain function for domain validation
- Updated validation logic to handle domain-based routes
- Domain matching uses Host header (or X-Forwarded-Host)
- Domain rules work alongside existing method and path rules
Example usage:
--skip-auth-route=domain=api\.example\.com
--skip-auth-route=domain=.*\.subdomain\.com
Testing:
- Added unit tests for domain pattern parsing
- Added integration tests with 7 test scenarios
- Verified exact domain matching and wildcard patterns
- Confirmed non-matching domains are properly denied
Signed-off-by: Sparsh <sparsh.raj30@gmail.com>
* Add API route config
In addition to requests with Accept header `application/json` return 401 instead of 302 to login page on requests matching API paths regex.
* Update changelog
* Refactor
* Remove unnecessary comment
* Reorder checks
* Lint Api -> API
Co-authored-by: Sebastian Halder <sebastian.halder@boehringer-ingelheim.com>
Sparsh
yudrywet
Segfault16
Nick Meves