liveh2o · liveh2o · Dec 14, 2024 · Dec 1, 2024
diff --git a/lib/strong_routes.rb b/lib/strong_routes.rb
@@ -2,7 +2,7 @@
 
 require "strong_routes/allow"
 require "strong_routes/config"
-require "strong_routes/route_matcher"
+require "strong_routes/matcher"
 require "strong_routes/route_mapper"
 require "strong_routes/version"
 

diff --git a/lib/strong_routes/config.rb b/lib/strong_routes/config.rb
@@ -20,7 +20,7 @@ def initialize
     def allowed_routes=(value)
       raise TypeError, "allowed routes must be an Enumerable" unless value.is_a?(Enumerable)
       @allowed_routes = value.to_set
-      @route_matchers = allowed_routes.map { |route| StrongRoutes::RouteMatcher.new(route) }
+      @route_matchers = allowed_routes.map { |route| StrongRoutes::Matcher.new(route) }
     end
 
     def enabled?

diff --git a/lib/strong_routes/matcher.rb b/lib/strong_routes/matcher.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module StrongRoutes
+  class Matcher < Regexp
+    def initialize(route)
+      if route.is_a?(Regexp)
+        super
+      else
+        escaped_route = Regexp.escape(route)
+        # Replace dynamic segments in the route with wildcards (e.g. /:foo/users/:id becomes /.*/users/.*)
+        escaped_route.gsub!(/:\w+/, ".*")
+        super(/\A#{escaped_route}/i)
+      end
+    end
+  end
+end
diff --git a/lib/strong_routes/route_matcher.rb b/lib/strong_routes/route_matcher.rb
diff --git a/test/strong_routes/allow_test.rb b/test/strong_routes/allow_test.rb
@@ -47,6 +47,11 @@
       _(last_response).must_be :ok?
     end
 
+    it "allows access to /users?stuff=12" do
+      get "/users/?stuff=12"
+      _(last_response).must_be :ok?
+    end
+
     it "does not allow access to /user" do
       get "/user"
       _(last_response).wont_be :ok?

diff --git a/test/strong_routes/config_test.rb b/test/strong_routes/config_test.rb
@@ -44,7 +44,7 @@
   describe "#allowed_routes=" do
     it "maps allowed routes to matchers" do
       subject.allowed_routes = ["/users"]
-      _(subject.route_matchers).must_equal [StrongRoutes::RouteMatcher.new("/users")]
+      _(subject.route_matchers).must_equal [StrongRoutes::Matcher.new("/users")]
     end
   end
 

diff --git a/test/strong_routes/route_matcher_test.rb → test/strong_routes/matcher_test.rb b/test/strong_routes/route_matcher_test.rb → test/strong_routes/matcher_test.rb
@@ -1,31 +1,21 @@
 require "test_helper"
 
-describe StrongRoutes::RouteMatcher do
+describe StrongRoutes::Matcher do
   describe "initialize" do
     context "when given a regex" do
       let(:matcher) { /foo/ }
 
-      subject { StrongRoutes::RouteMatcher.new(matcher) }
+      subject { StrongRoutes::Matcher.new(matcher) }
 
       it "uses the regex as the matcher" do
         _(subject).must_equal matcher
       end
     end
 
-    context "when given a symbol" do
-      let(:matcher) { /\A\/foo/i }
-
-      subject { StrongRoutes::RouteMatcher.new(:foo) }
-
-      it "creates a new matcher" do
-        _(subject).must_equal matcher
-      end
-    end
-
     context "when given a string" do
       let(:matcher) { /\A\/foo/i }
 
-      subject { StrongRoutes::RouteMatcher.new("foo") }
+      subject { StrongRoutes::Matcher.new("/foo") }
 
       it "creates a new matcher" do
         _(subject).must_equal matcher
@@ -35,7 +25,7 @@
     context "when given a string with dynamic segments" do
       let(:matcher) { /\A\/.*\/foo\/.*\/bar/i }
 
-      subject { StrongRoutes::RouteMatcher.new(":id/foo/:foo_id/bar") }
+      subject { StrongRoutes::Matcher.new("/:id/foo/:foo_id/bar") }
 
       it "creates a new matcher" do
         _(subject).must_equal matcher