Method Exclusion (#282)

I introduced a bug and moving to the chi router; the method selection was not longer working and the auth middleware was being hit on methods no destined for auth.

- removed the MethodNotAllowed, the source of the issue

middleware_test.go

@@ -326,6 +326,30 @@ func TestOauthRequests(t *testing.T) {
 	newFakeProxy(cfg).RunTests(t, requests)
 }
 
+func TestMethodExclusions(t *testing.T) {
+	cfg := newFakeKeycloakConfig()
+	cfg.Resources = []*Resource{
+		{
+			URL:     "/post",
+			Methods: []string{http.MethodPost, http.MethodPut},
+		},
+	}
+	requests := []fakeRequest{
+		{ // we should get a 401
+			URI:          "/post",
+			Method:       http.MethodPost,
+			ExpectedCode: http.StatusUnauthorized,
+		},
+		{ // we should be permitted
+			URI:           "/post",
+			Method:        http.MethodGet,
+			ExpectedProxy: true,
+			ExpectedCode:  http.StatusOK,
+		},
+	}
+	newFakeProxy(cfg).RunTests(t, requests)
+}
+
 func TestStrangeRoutingError(t *testing.T) {
 	cfg := newFakeKeycloakConfig()
 	cfg.Resources = []*Resource{

server.go

@@ -226,18 +226,16 @@ func (r *oauthProxy) createReverseProxy() error {
 			r.authenticationMiddleware(x),
 			r.admissionMiddleware(x),
 			r.headersMiddleware(r.config.AddClaims))
-		e.MethodNotAllowed(emptyHandler)
-		switch x.WhiteListed {
-		case false:
+
 		for _, m := range x.Methods {
+			if !x.WhiteListed {
 				e.MethodFunc(m, x.URL, emptyHandler)
+				continue
 			}
-		default:
-			for _, m := range x.Methods {
 			engine.MethodFunc(m, x.URL, emptyHandler)
 		}
 	}
-	}
+
 	for name, value := range r.config.MatchClaims {
 		r.log.Info("token must contain", zap.String("claim", name), zap.String("value", value))
 	}