test: add csp headers

TomDoesTech · Apr 1, 2024 · 065fc3f · 065fc3f
1 parent f394b54
commit 065fc3f
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 3 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -61,7 +61,7 @@ func main() {
 			middleware.Logger,
 			m.TextHTMLMiddleware,
 			m.CSPMiddleware,
-			authMiddleware.ValidateUser,
+			authMiddleware.AddUserToContext,
 		)
 
 		r.NotFound(handlers.NewNotFoundHandler().ServeHTTP)

diff --git a/internal/middleware/middleare_test.go b/internal/middleware/middleare_test.go
@@ -0,0 +1,60 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCSPMiddleware(t *testing.T) {
+
+	testCases := []struct {
+		name string
+	}{
+		{
+			name: "success",
+		},
+	}
+
+	for _, tc := range testCases {
+
+		t.Run(tc.name, func(t *testing.T) {
+
+			assert := assert.New(t)
+
+			next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				ctx := r.Context()
+
+				nonces := GetNonces(ctx)
+				twNonce := GetTwNonce(ctx)
+				htmxNonce := GetHtmxNonce(ctx)
+				responseTargetsNonce := GetResponseTargetsNonce(ctx)
+
+				assert.Equal(nonces.Tw, twNonce)
+				assert.Len(twNonce, 32)
+
+				assert.Equal(nonces.Htmx, htmxNonce)
+				assert.Len(htmxNonce, 32)
+
+				assert.Equal(nonces.ResponseTargets, responseTargetsNonce)
+				assert.Len(responseTargetsNonce, 32)
+
+			})
+
+			middleware := CSPMiddleware(next)
+
+			recorder := httptest.NewRecorder()
+			request := httptest.NewRequest("GET", "/", nil)
+
+			middleware.ServeHTTP(recorder, request)
+
+			csp := recorder.Header().Get("Content-Security-Policy")
+
+			assert.NotEmpty(csp)
+
+		})
+	}
+
+}
diff --git a/internal/middleware/middleware.go b/internal/middleware/middleware.go
@@ -22,7 +22,6 @@ type Nonces struct {
 }
 
 func generateRandomString(length int) string {
-
 	bytes := make([]byte, length)
 	_, err := rand.Read(bytes)
 	if err != nil {
@@ -115,7 +114,7 @@ type UserContextKey string
 
 var UserKey UserContextKey = "user"
 
-func (m *AuthMiddleware) ValidateUser(next http.Handler) http.Handler {
+func (m *AuthMiddleware) AddUserToContext(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 
 		sessionCookie, err := r.Cookie(m.sessionCookieName)