apigee · philschleier · Aug 12, 2019 · Aug 12, 2019
diff --git a/apikeys/index.js b/apikeys/index.js
@@ -12,8 +12,8 @@ var requestLib = require("request");
 var _ = require("lodash");
 
 const PRIVATE_JWT_VALUES = ["application_name", "client_id", "api_product_list", "iat", "exp"];
-const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**";
-const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*";
+const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**";
+const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*";
 // const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/";    // ?? this has yet to be used in any module.
 
 const acceptAlg = ["RS256"];
@@ -258,23 +258,20 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut
                 if (apiproxy.endsWith("/") && !urlPath.endsWith("/")) {
                     urlPath = urlPath + "/";
                 }
-
-                if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN)) {
-                    const regex = apiproxy.replace(/\*\*/gi, ".*")
-                    matchesProxyRules = urlPath.match(regex)
+                let regex = apiproxy;
+                if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) {
+                    regex = regex.replace(/\*\*/gi, ".+");
+                }
+                if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) {
+                    regex = regex.replace(/\*/gi, "[^/]+");
+                }
+                if (regex !== apiproxy) {
+                    regex = "^" + regex + "$";
+                    matchesProxyRules = urlPath.match(regex) !== null;
                 } else {
-                    if (apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN)) {
-                        const regex = apiproxy.replace(/\*/gi, "[^/]+");
-                        matchesProxyRules = urlPath.match(regex)
-                    } else {
-                        // if(apiproxy.includes(SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN)){
-                        // }
-                        matchesProxyRules = urlPath === apiproxy;
-
-                    }
+                    matchesProxyRules = urlPath === apiproxy;
                 }
             })
-
         } else {
             matchesProxyRules = true
         }

diff --git a/lib/basicAuth.js b/lib/basicAuth.js
@@ -25,8 +25,8 @@ map.setup({
 //
 const acceptAlg = ['RS256'];
 
-const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**";
-const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*";
+const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**";
+const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*";
 //const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/";
 
 const AUTH_HEADER_REGEX = /Bearer (.+)/;
@@ -412,11 +412,11 @@ class BasicAuthorizerPlugin {
                         urlPath = urlPath + "/";
                     }
 
-                    if ( apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN) ) {
+                    if ( apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN) ) {
                         const regex = apiproxy.replace(/\*\*/gi, ".*")
                         return(urlPath.match(regex) !== null )
                     } else {
-                        if ( apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN) ) {
+                        if ( apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN) ) {
                             const regex = apiproxy.replace(/\*/gi, "[^/]+");
                             return(urlPath.match(regex) !== null )
                         } else {

diff --git a/oauth/index.js b/oauth/index.js
@@ -14,8 +14,8 @@ var _ = require('lodash');
 
 const authHeaderRegex = /Bearer (.+)/;
 const PRIVATE_JWT_VALUES = ['application_name', 'client_id', 'api_product_list', 'iat', 'exp'];
-const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**";
-const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*";
+const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**";
+const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*";
 // const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/";
 
 const acceptAlg = ['RS256'];
@@ -384,23 +384,20 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut
                 if (apiproxy.endsWith("/") && !urlPath.endsWith("/")) {
                     urlPath = urlPath + "/";
                 }
-
-                if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN)) {
-                    const regex = apiproxy.replace(/\*\*/gi, ".*")
-                    matchesProxyRules = urlPath.match(regex)
+                let regex = apiproxy;
+                if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) {
+                    regex = regex.replace(/\*\*/gi, ".+");
+                }
+                if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) {
+                    regex = regex.replace(/\*/gi, "[^/]+");
+                }
+                if (regex !== apiproxy) {
+                    regex = "^" + regex + "$";
+                    matchesProxyRules = urlPath.match(regex) !== null;
                 } else {
-                    if (apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN)) {
-                        const regex = apiproxy.replace(/\*/gi, "[^/]+");
-                        matchesProxyRules = urlPath.match(regex)
-                    } else {
-                        // if(apiproxy.includes(SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN)){
-                        // }
-                        matchesProxyRules = urlPath === apiproxy;
-
-                    }
+                    matchesProxyRules = urlPath === apiproxy;
                 }
             })
-
         } else {
             matchesProxyRules = true
         }

diff --git a/oauthv2/index.js b/oauthv2/index.js
@@ -11,8 +11,8 @@ var _ = require('lodash');
 
 const authHeaderRegex = /Bearer (.+)/;
 const PRIVATE_JWT_VALUES = ['application_name', 'client_id', 'api_product_list', 'iat', 'exp'];
-const SUPPORTED_DOUBLE_ASTERIK_PATTERN = "**";
-const SUPPORTED_SINGLE_ASTERIK_PATTERN = "*";
+const SUPPORTED_DOUBLE_ASTERISK_PATTERN = "**";
+const SUPPORTED_SINGLE_ASTERISK_PATTERN = "*";
 //const SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN = "/";
 
 const acceptAlg = ['RS256'];
@@ -249,23 +249,20 @@ const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAut
                 if (apiproxy.endsWith("/") && !urlPath.endsWith("/")) {
                     urlPath = urlPath + "/";
                 }
-
-                if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERIK_PATTERN)) {
-                    const regex = apiproxy.replace(/\*\*/gi, ".*")
-                    matchesProxyRules = urlPath.match(regex)
+                let regex = apiproxy;
+                if (apiproxy.includes(SUPPORTED_DOUBLE_ASTERISK_PATTERN)) {
+                    regex = regex.replace(/\*\*/gi, ".+");
+                }
+                if (apiproxy.includes(SUPPORTED_SINGLE_ASTERISK_PATTERN)) {
+                    regex = regex.replace(/\*/gi, "[^/]+");
+                }
+                if (regex !== apiproxy) {
+                    regex = "^" + regex + "$";
+                    matchesProxyRules = urlPath.match(regex) !== null;
                 } else {
-                    if (apiproxy.includes(SUPPORTED_SINGLE_ASTERIK_PATTERN)) {
-                        const regex = apiproxy.replace(/\*/gi, "[^/]+");
-                        matchesProxyRules = urlPath.match(regex)
-                    } else {
-                        // if(apiproxy.includes(SUPPORTED_SINGLE_FORWARD_SLASH_PATTERN)){
-                        // }
-                        matchesProxyRules = urlPath === apiproxy;
-
-                    }
+                    matchesProxyRules = urlPath === apiproxy;
                 }
             })
-
         } else {
             matchesProxyRules = true
         }