feature: supports regex for origin

[cv65kr]

Reason for This PR

closes: roadrunner-server/roadrunner#1709

Description of Changes

Added new configuration property allowed_origin_wildcard which allows to use regex in terms of CORS origin. If allowed_origin_wildcard is set up then allowed_origin is ignored.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the MIT license.

PR Checklist

[Author TODO: Meet these criteria.]
[Reviewer TODO: Verify that these criteria are met. Request changes if not]

• All commits in this PR are signed (git commit -s).
• The reason for this PR is clearly provided (issue no. or explanation).
• The description of changes is clear and encompassing.
• Any required documentation changes (code and docs) are included in this PR.
• Any user-facing changes are mentioned in CHANGELOG.md.
• All added/changed functionality is tested.

Summary by CodeRabbit

• New Features
  • Added support for wildcard allowed origins in CORS configuration, providing more flexibility in specifying allowed origins.

[coderabbitai]

Walkthrough

The changes introduced in this update primarily focus on enhancing the CORS configuration by adding support for wildcard allowed origins. This is achieved by introducing a new field AllowedOriginWildcard in the CORSConfig struct and modifying the AllowOriginFunc to match the origin against the provided regular expression.

Changes

File	Summary
config.go	Introduced a new field AllowedOriginWildcard to the CORSConfig struct. This field is a string and is tagged with mapstructure:"allowed_origin_wildcard".
plugin.go	Added support for wildcard allowed origins in CORS configuration. The AllowOriginFunc now matches the origin against the regular expression provided in AllowedOriginWildcard.

🐇🍂

In the season of fall, when leaves take their flight,
Our code takes a leap, gaining new height.
With wildcards in CORS, flexibility we gain,
Like the wind through the trees, free of its chain.

As the day turns to dusk, and the moon takes the stage,
We celebrate our code, the star of this age.
So here's to the changes, may they bring delight,
In the world of code, where we ignite the light. 🌟

---

Tips

Chat with CodeRabbit Bot (@coderabbitai)

• If you reply to a review comment from CodeRabbit, the bot will automatically respond.
• To engage with CodeRabbit bot directly around the specific lines of code in the PR, mention @coderabbitai in your review comment
• Note: Review comments are made on code diffs or files, not on the PR overview.
• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai help to get help.
• @coderabbitai resolve to resolve all the CodeRabbit review comments.

Note: For conversation with the bot, please use the review comments on code diffs or files.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between e22a7c2 and dbef1f6.

Files selected for processing (2)

• config.go (1 hunks)
• plugin.go (2 hunks)

Additional comments: 2

config.go (1)

• 13-20: The addition of the AllowedOriginWildcard field in the CORSConfig struct is a good way to provide flexibility in specifying allowed origins using regular expressions. However, it's important to note that regular expressions can be complex and prone to errors if not used carefully. It would be beneficial to add a comment explaining what this field does and perhaps providing an example of how to use it. Also, consider adding validation to ensure that the provided regular expression is valid.

+ // AllowedOriginWildcard: A regular expression to match allowed origins. If set, AllowedOrigin is ignored.
+ // Example: "^https?://(?:.+\.)?mydomain\.com$"
AllowedOriginWildcard string `mapstructure:"allowed_origin_wildcard"`

plugin.go (1)

• 3-9: The import section looks fine. The new import "regexp" is used for regular expression matching.

[rustatian]

@cv65kr Hey hey 👋
Could you please also update the docs: https://github.com/roadrunner-server/roadrunner-docs ?

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between dbef1f6 and e2d7167.

Files selected for processing (1)

• plugin.go (3 hunks)

Additional comments: 6

plugin.go (6)

• 3-9: The import of the "regexp" package is added to support the new feature. This is a standard package in Go and is safe to use.

• 32-39: A new field allowedOriginRegex of type *regexp.Regexp is added to the Plugin struct. This is a good practice as it allows pre-compilation of the regex, improving performance.

• 72-85: The Init function is updated to compile the regular expression from the AllowedOriginWildcard field if it is set. The AllowOriginFunc option of the cors.Options struct is set to use this regular expression for matching the origin. This is a good practice as it allows the use of a function to determine whether an origin is allowed, providing more flexibility. However, it's important to handle the error that regexp.Compile might throw. If the regular expression is invalid, the function will return an error, which should be handled appropriately to prevent a panic at runtime.

* 76-81: + if p.cfg.CORS.AllowedOriginWildcard != "" {
+     var err error
+     p.allowedOriginRegex, err = regexp.Compile(p.cfg.CORS.AllowedOriginWildcard)
+     if err != nil {
+         return errors.E(op, err)
+     }
+ }

• 82-84: The AllowOriginFunc is set to a function that uses the compiled regular expression to match the origin. This is a good practice as it allows the use of a function to determine whether an origin is allowed, providing more flexibility.

* 82-84: + opts.AllowOriginFunc = func(origin string) bool {
+     return p.allowedOriginRegex.MatchString(origin)
+ }

[cv65kr]

#64 (comment)
@rustatian correct, applied.

@cv65kr Hey hey 👋 Could you please also update the docs: https://github.com/roadrunner-server/roadrunner-docs ?

Will do, I was wait for your initial review to ensure that solution could be merged.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between e2d7167 and 2323e5c.

Files selected for processing (2)

• config.go (1 hunks)
• plugin.go (3 hunks)

Files skipped from review due to trivial changes (1)

• config.go

Additional comments: 3

plugin.go (3)

• 3-9: The import of the "regexp" package is added correctly.

• 32-39: The addition of the allowedOriginRegex field to the Plugin struct is correct. It will hold the compiled regular expression for matching allowed origins.

• 72-85: The logic for compiling the regular expression and setting the AllowOriginFunc is correct. However, it's important to handle the error that regexp.Compile might throw if the regular expression is invalid. This is done correctly here. If the regular expression is invalid, the function will return an error, preventing the application from starting with an invalid configuration.

Please ensure that the changes are reflected in the documentation and that users are aware of the new configuration option and its implications.

[cv65kr]

@rustatian PR updated, documentation added - roadrunner-server/roadrunner-docs#156 😄

[rustatian]

@rustatian PR updated, documentation added - roadrunner-server/roadrunner-docs#156 😄

Cool, thank you very much @cv65kr 👍