feat(authorization): acl resource regex named groups (#3597)

This adds the named group functionality from domain_regex to the resource criteria.

1 files changed, 53 insertions, 0 deletions

diff --git a/internal/authorization/regexp.go b/internal/authorization/regexp.go
new file mode 100644
index 000000000..7983d842f
--- /dev/null
+++ b/internal/authorization/regexp.go
@@ -0,0 +1,53 @@
+package authorization
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/authelia/authelia/v4/internal/utils"
+)
+
+// RegexpGroupStringSubjectMatcher matches the input string against the pattern taking into account Subexp groups.
+type RegexpGroupStringSubjectMatcher struct {
+	Pattern         regexp.Regexp
+	SubexpNameUser  int
+	SubexpNameGroup int
+}
+
+// IsMatch returns true if the underlying pattern matches the input given the subject.
+func (r RegexpGroupStringSubjectMatcher) IsMatch(input string, subject Subject) (match bool) {
+	matches := r.Pattern.FindAllStringSubmatch(input, -1)
+	if matches == nil {
+		return false
+	}
+
+	if r.SubexpNameUser != -1 && !strings.EqualFold(subject.Username, matches[0][r.SubexpNameUser]) {
+		return false
+	}
+
+	if r.SubexpNameGroup != -1 && !utils.IsStringInSliceFold(matches[0][r.SubexpNameGroup], subject.Groups) {
+		return false
+	}
+
+	return true
+}
+
+// String returns the pattern string.
+func (r RegexpGroupStringSubjectMatcher) String() string {
+	return r.Pattern.String()
+}
+
+// RegexpStringSubjectMatcher just matches the input string against the pattern.
+type RegexpStringSubjectMatcher struct {
+	Pattern regexp.Regexp
+}
+
+// IsMatch returns true if the underlying pattern matches the input.
+func (r RegexpStringSubjectMatcher) IsMatch(input string, _ Subject) (match bool) {
+	return r.Pattern.MatchString(input)
+}
+
+// String returns the pattern string.
+func (r RegexpStringSubjectMatcher) String() string {
+	return r.Pattern.String()
+}