From 5e907e84aa2b9cfeb0442327e7c6f1880abe5c81 Mon Sep 17 00:00:00 2001
From: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
Date: Thu, 22 Aug 2024 15:51:15 +0300
Subject: [PATCH] Proxy: check all routes until we find allowing route (#366)

Yes, it changes the algorithm, but otherwise it does not work in PGSQL
in production.

And so it is a little simpler, since the order of routes in `info.xml`
is not important

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
---
 lib/Controller/ExAppProxyController.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/Controller/ExAppProxyController.php b/lib/Controller/ExAppProxyController.php
index 23646f4d..1b48cd93 100644
--- a/lib/Controller/ExAppProxyController.php
+++ b/lib/Controller/ExAppProxyController.php
@@ -252,10 +252,11 @@ private function buildMultipartFormData(array $bodyParams, array $files): array
 
 	private function passesExAppProxyRoutesChecks(ExApp $exApp, string $exAppRoute): bool {
 		foreach ($exApp->getRoutes() as $route) {
-			$matchesUrlPattern = preg_match('/' . $route['url'] . '/i', $exAppRoute) === 1;
-			$matchesVerb = str_contains(strtolower($route['verb']), strtolower($this->request->getMethod()));
-			if ($matchesUrlPattern && $matchesVerb) {
-				return $this->passesExAppProxyRouteAccessLevelCheck($route['access_level']);
+			if (preg_match('/' . $route['url'] . '/i', $exAppRoute) === 1 &&
+				str_contains(strtolower($route['verb']), strtolower($this->request->getMethod())) &&
+				$this->passesExAppProxyRouteAccessLevelCheck($route['access_level'])
+			) {
+				return true;
 			}
 		}
 		return false;