From 6fec0b2fb7f273d686c97a5d5a96ece0beb7c1fa Mon Sep 17 00:00:00 2001
From: Owen Cabalceta <denopink@gmail.com>
Date: Thu, 19 Jan 2023 12:36:39 -0500
Subject: [PATCH] patch for issue #170

---
 basculechecks/endpointchecks.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/basculechecks/endpointchecks.go b/basculechecks/endpointchecks.go
index 6eeed75..abf005c 100644
--- a/basculechecks/endpointchecks.go
+++ b/basculechecks/endpointchecks.go
@@ -69,6 +69,8 @@ type RegexEndpointCheck struct {
 // there to be an endpoint regular expression and an http method - separated by
 // a colon. The expected format of a capability is: <prefix><endpoint
 // regex>:<method>
+// Note, the endpoint url path and the capabilities substring (used for authorization)
+// will be normalized to have a leading `/` if missing.
 func NewRegexEndpointCheck(prefix string, acceptAllMethod string) (RegexEndpointCheck, error) {
 	matchPrefix, err := regexp.Compile("^" + prefix + "(.+):(.+?)$")
 	if err != nil {
@@ -97,12 +99,12 @@ func (r RegexEndpointCheck) Authorized(capability string, urlToMatch string, met
 		return false
 	}
 
-	re, err := regexp.Compile(matches[1]) //url regex that capability grants access to
+	re, err := regexp.Compile(urlPathNormalization(matches[1])) //url regex that capability grants access to
 	if err != nil {
 		return false
 	}
 
-	matchIdxs := re.FindStringIndex(urlToMatch)
+	matchIdxs := re.FindStringIndex(urlPathNormalization(urlToMatch))
 	if matchIdxs == nil || matchIdxs[0] != 0 {
 		return false
 	}
@@ -114,3 +116,13 @@ func (r RegexEndpointCheck) Authorized(capability string, urlToMatch string, met
 func (e RegexEndpointCheck) Name() string {
 	return "regex"
 }
+
+// urlPathNormalization returns an url path with a leading `/` if missing,
+// otherwise the same unmodified url path is returned.
+func urlPathNormalization(url string) string {
+	if url[0] == '/' {
+		return url
+	}
+
+	return "/" + url
+}