From a11d8f0d87c2b8d1cd0cee31a43f98a5e339373d Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Sun, 20 Sep 2020 17:57:23 +0200
Subject: [PATCH] Move identification of relevant permission from helpers.lua
 to access.lua

---
 access.lua  | 35 ++++++++++++++++++++++++++++++++++-
 config.lua  |  3 ++-
 helpers.lua | 28 ----------------------------
 3 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/access.lua b/access.lua
index 825e678..9688b25 100644
--- a/access.lua
+++ b/access.lua
@@ -265,12 +265,46 @@ if conf["redirected_regex"] then
 end
 
 --
+-- 4. IDENTIFY THE RELEVANT PERMISSION
+--
+-- In particular, the conf is filled with permissions such as:
+--
+--        "foobar": {
+--            "auth_header": false,
+--            "label": "Foobar permission",
+--            "public": false,
+--            "show_tile": true,
+--            "uris": [
+--                "yolo.test/foobar",
+--                "re:^[^/]*/%.well%-known/foobar/.*$",
+--            ],
+--            "users": ["alice", "bob"]
+--        }
 --
 --
+-- And we find the best matching permission by trying to match the request uri
+-- against all the uris rules/regexes from the conf and keep the longest matching one.
 --
 
+permission = nil
+longest_url_match = ""
 
+for permission_name, permission_infos in pairs(conf["permissions"]) do
+    if next(permission_infos['uris']) ~= nil then
+        for _, url in pairs(permission_infos['uris']) do
+            if string.starts(url, "re:") then
+                url = string.sub(url, 4, string.len(url))
+            end
 
+            local m = hlp.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
+            if m ~= nil and string.len(m) > string.len(longest_url_match) then
+                longest_url_match = m
+                permission = permission_infos
+                permission["id"] = permission_name
+            end
+        end
+    end
+end
 
 --
 --
@@ -278,7 +312,6 @@ end
 --
 
 
-local permission = hlp.get_best_permission()
 
 if permission then
     if is_logged_in then
diff --git a/config.lua b/config.lua
index 9d2395d..029ffe7 100644
--- a/config.lua
+++ b/config.lua
@@ -60,7 +60,8 @@ function get_config()
         allow_mail_authentication = true,
         default_language          = "en",
         theme                     = "default",
-        logging                   = "fatal" -- Only log fatal messages by default (so apriori nothing)
+        logging                   = "fatal", -- Only log fatal messages by default (so apriori nothing)
+        permissions               = {}
     }
 
 
diff --git a/helpers.lua b/helpers.lua
index 6aca31d..74e06d6 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -296,34 +296,6 @@ function log_access(user, uri)
   end
 end
 
-function get_best_permission()
-    if not conf["permissions"] then
-        conf["permissions"] = {}
-    end
-
-    local permission_match = nil
-    local longest_url_match = ""
-    
-    for permission_name, permission in pairs(conf["permissions"]) do
-        if next(permission['uris']) ~= nil then
-            for _, url in pairs(permission['uris']) do
-                if string.starts(url, "re:") then
-                    url = string.sub(url, 4, string.len(url))
-                end
-
-                local m = match(ngx.var.host..ngx.var.uri..uri_args_string(), url)
-                if m ~= nil and string.len(m) > string.len(longest_url_match) then
-                    longest_url_match = m
-                    permission_match = permission
-                    logger.debug("Match "..m)
-                end
-            end
-        end
-    end
-
-    return permission_match
-end
-
 -- Check whether a user is allowed to access a URL using the `permissions` directive
 -- of the configuration file
 function has_access(permission, user)