search

pokt-foundation / portal-api

The Portal API Gateway is a single endpoint that offers access to the full range of supported blockchains through one URL.
https://pokt.network
MIT License
11 stars 8 forks source link

[Request] Allow subdomain wildcard matching for origin whitelisting #803

Open blockjoe opened 2 years ago

blockjoe commented 2 years ago

Currently origin whitelisting requires explicit string matching of the origin domain:

https://github.com/pokt-foundation/portal-api/blob/7db2227b4f6a237ac85d8569d2d5c5abf09d2dcc/src/services/pocket-relayer.ts#L584

Being able to whitelist a collection of subdomains like *.domain.com is an intuitive process.

The checkWhitelist enforcement function takes a type argument that could allow for a "wildcard" type which could check for a pattern match i.e.:

for (cost test of tests) {
  switch (type) {
    case 'wildcard':
      if (check.toLowerCase().match(test.toLowerCase()) != null ) {
        return true;
      }
      break;
    case 'explicit':
      if (test.toLowerCase() === check.toLowerCase()) {
        return true;
      }
      break;
    default:
      if (check.toLowerCase().includes(test.toLowerCase())) {
        return true;
      }
  }
}
return false;
crisog commented 2 years ago

I don't have any objections against this. It is a low hanging fruit that can certainly be helpful for some. cc: @rem1niscence @nymd