feat(authorization): domain regex match with named groups (#2789)

This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.

1 files changed, 35 insertions, 0 deletions

diff --git a/internal/configuration/decode_hooks.go b/internal/configuration/decode_hooks.go
index 2bba3f9be..4258513a4 100644
--- a/internal/configuration/decode_hooks.go
+++ b/internal/configuration/decode_hooks.go
@@ -5,6 +5,7 @@ import (
 	"net/mail"
 	"net/url"
 	"reflect"
+	"regexp"
 	"time"
 
 	"github.com/mitchellh/mapstructure"
@@ -137,3 +138,37 @@ func ToTimeDurationHookFunc() mapstructure.DecodeHookFuncType {
 		return duration, nil
 	}
 }
+
+// StringToRegexpFunc decodes a string into a *regexp.Regexp or regexp.Regexp.
+func StringToRegexpFunc() mapstructure.DecodeHookFuncType {
+	return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) {
+		var ptr bool
+
+		if f.Kind() != reflect.String {
+			return data, nil
+		}
+
+		ptr = t.Kind() == reflect.Ptr
+
+		typeRegexp := reflect.TypeOf(regexp.Regexp{})
+
+		if ptr && t.Elem() != typeRegexp {
+			return data, nil
+		} else if !ptr && t != typeRegexp {
+			return data, nil
+		}
+
+		regexStr := data.(string)
+
+		pattern, err := regexp.Compile(regexStr)
+		if err != nil {
+			return nil, fmt.Errorf("could not parse '%s' as regexp: %w", regexStr, err)
+		}
+
+		if ptr {
+			return pattern, nil
+		}
+
+		return *pattern, nil
+	}
+}