From b3c631dd3849521123aa1722f4f3841d28378e85 Mon Sep 17 00:00:00 2001
From: ben-toogood <bentoogood@gmail.com>
Date: Tue, 17 Mar 2020 16:03:49 +0000
Subject: [PATCH] Support Wildcard Auth Excludes (#1357)

Co-authored-by: Ben Toogood <ben@micro.mu>
---
 api/server/auth/auth.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/api/server/auth/auth.go b/api/server/auth/auth.go
index a7391c18..e7bd6e6b 100644
--- a/api/server/auth/auth.go
+++ b/api/server/auth/auth.go
@@ -7,6 +7,11 @@ import (
 	"github.com/micro/go-micro/v2/auth"
 )
 
+var (
+	// DefaultExcludes is the paths which are allowed by default
+	DefaultExcludes = []string{"/favicon.ico"}
+)
+
 // CombinedAuthHandler wraps a server and authenticates requests
 func CombinedAuthHandler(h http.Handler) http.Handler {
 	return authHandler{
@@ -30,14 +35,24 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 
 	// Return if the user disabled auth on this endpoint
 	excludes := h.auth.Options().Exclude
+	excludes = append(excludes, DefaultExcludes...)
 	if len(loginURL) > 0 {
 		excludes = append(excludes, loginURL)
 	}
+
 	for _, e := range excludes {
+		// is a standard exclude, e.g. /rpc
 		if e == req.URL.Path {
 			h.handler.ServeHTTP(w, req)
 			return
 		}
+
+		// is a wildcard exclude, e.g. /services/*
+		wildcard := strings.Replace(e, "*", "", 1)
+		if strings.HasSuffix(e, "*") && strings.HasPrefix(req.URL.Path, wildcard) {
+			h.handler.ServeHTTP(w, req)
+			return
+		}
 	}
 
 	var token string