Merge pull request #213 Better explain whitelist config

rekby · web-flow · commit a6951c927d83 · 2024-03-06T11:17:16.000+03:00
diff --git a/cmd/static/default-config.toml b/cmd/static/default-config.toml
@@ -161,8 +161,9 @@ IPWhiteList = ""
 BlackList = ""
 
 # Regexp in golang syntax of whitelist domains for issue certificate.
-# Whitelist need for allow part of domains, which excluded by blacklist.
-#
+# # Whitelist need only for allow part of domains, which excluded by blacklist.
+# If you want work by whitelist domains only - you have to add BlackList rule: ".*" (deny all)
+# Then allow what you want.
 WhiteList = ""
 
 # Comma separated dns server, used for resolve ip:port address of domains while check it.
diff --git a/internal/domain_checker/config_test.go b/internal/domain_checker/config_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/gojuno/minimock/v3"
 
 	"github.com/maxatome/go-testdeep"
+
 	"github.com/rekby/lets-proxy2/internal/th"
 )
 
@@ -93,6 +94,35 @@ func TestConfig_CreateDomainCheckerWhiteListOnly(t *testing.T) {
 	td.CmpNoError(err)
 }
 
+func TestConfig_CreateDomainCheckerBlackAndWhiteLists(t *testing.T) {
+	ctx, cancel := th.TestContext(t)
+	defer cancel()
+
+	td := testdeep.NewT(t)
+	cfg := Config{
+		BlackList: `.*\.com$`,
+		WhiteList: `^(www\.)?test\.com$`,
+	}
+	checker, err := cfg.CreateDomainChecker(ctx)
+	td.CmpNoError(err)
+
+	res, err := checker.IsDomainAllowed(ctx, "denied.com")
+	td.False(res)
+	td.CmpNoError(err)
+
+	res, err = checker.IsDomainAllowed(ctx, "test.com")
+	td.True(res)
+	td.CmpNoError(err)
+
+	res, err = checker.IsDomainAllowed(ctx, "www.test.com")
+	td.True(res)
+	td.CmpNoError(err)
+
+	res, err = checker.IsDomainAllowed(ctx, "bad.test.com")
+	td.False(res)
+	td.CmpNoError(err)
+}
+
 func TestConfig_CreateDomainCheckerSelfIPOnly(t *testing.T) {
 	ctx, cancel := th.TestContext(t)
 	defer cancel()
