diff --git a/docs/reference/config.md b/docs/reference/config.md index 693d296b00..f803703407 100644 --- a/docs/reference/config.md +++ b/docs/reference/config.md @@ -487,6 +487,18 @@ nav_order: 2 |shutdownTimeout|The maximum amount of time to wait for any open HTTP requests to finish before shutting down the HTTP server|[`time.Duration`](https://pkg.go.dev/time#Duration)|`10s` |writeTimeout|The maximum time to wait when writing to an HTTP connection|[`time.Duration`](https://pkg.go.dev/time#Duration)|`15s` +## http.auth + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|type|The auth plugin to use for server side authentication of requests|`string`|`` + +## http.auth.basic + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|passwordfile|The path to a .htpasswd file to use for authenticating requests. Passwords should be hashed with bcrypt.|`string`|`` + ## http.tls |Key|Description|Type|Default Value| @@ -564,6 +576,18 @@ nav_order: 2 |shutdownTimeout|The maximum amount of time to wait for any open HTTP requests to finish before shutting down the HTTP server|[`time.Duration`](https://pkg.go.dev/time#Duration)|`10s` |writeTimeout|The maximum time to wait when writing to an HTTP connection|[`time.Duration`](https://pkg.go.dev/time#Duration)|`15s` +## metrics.auth + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|type|The auth plugin to use for server side authentication of requests|`string`|`` + +## metrics.auth.basic + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|passwordfile|The path to a .htpasswd file to use for authenticating requests. Passwords should be hashed with bcrypt.|`string`|`` + ## metrics.tls |Key|Description|Type|Default Value| @@ -654,6 +678,7 @@ nav_order: 2 |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|auth|Authorization plugin configuration|`map[string]string`|`` |blockchain|The list of configured Blockchain plugins|`string`|`` |database|The list of configured Database plugins|`string`|`` |dataexchange|The array of configured Data Exchange plugins |`string`|`` @@ -661,6 +686,19 @@ nav_order: 2 |sharedstorage|The list of configured Shared Storage plugins|`string`|`` |tokens|The tokens plugin configurations. This will be used to configure tokens connectors|`string`|`` +## plugins.auth[] + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|name|The name of the auth plugin to use|`string`|`` +|type|The type of the auth plugin to use|`string`|`` + +## plugins.auth[].basic + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|passwordfile|The path to a .htpasswd file to use for authenticating requests. Passwords should be hashed with bcrypt.|`string`|`` + ## plugins.blockchain[] |Key|Description|Type|Default Value| @@ -1191,6 +1229,18 @@ nav_order: 2 |shutdownTimeout|The maximum amount of time to wait for any open HTTP requests to finish before shutting down the HTTP server|[`time.Duration`](https://pkg.go.dev/time#Duration)|`10s` |writeTimeout|The maximum time to wait when writing to an HTTP connection|[`time.Duration`](https://pkg.go.dev/time#Duration)|`15s` +## spi.auth + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|type|The auth plugin to use for server side authentication of requests|`string`|`` + +## spi.auth.basic + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|passwordfile|The path to a .htpasswd file to use for authenticating requests. Passwords should be hashed with bcrypt.|`string`|`` + ## spi.tls |Key|Description|Type|Default Value| diff --git a/go.mod b/go.mod index e783af3b4b..63fa130b17 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/golang-migrate/migrate/v4 v4.15.2 github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 - github.com/hyperledger/firefly-common v0.1.13 + github.com/hyperledger/firefly-common v0.1.14 github.com/hyperledger/firefly-signer v0.9.12 github.com/jarcoal/httpmock v1.1.0 github.com/karlseguin/ccache v2.0.3+incompatible diff --git a/go.sum b/go.sum index 6058af9802..7f876936a2 100644 --- a/go.sum +++ b/go.sum @@ -726,8 +726,9 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/hyperledger/firefly-common v0.1.13 h1:eNK99U9FV43u1F46MM0mPuXT4Xn++orghpoTIIPsmwo= github.com/hyperledger/firefly-common v0.1.13/go.mod h1:2NqPi5Ud9H6rSlZXkLbotxW7z4EAD89p3/8oNOpm9Gs= +github.com/hyperledger/firefly-common v0.1.14 h1:BFobO96kGPCC4UUvzdwdH8X5oXo1NbtqPrASrd9N0kY= +github.com/hyperledger/firefly-common v0.1.14/go.mod h1:MNbaI2spBsdZYOub6Duj9xueE7Qyu9itOmJ4vE8tjYw= github.com/hyperledger/firefly-signer v0.9.12 h1:pCPiGHx1+MbTsIQuRkoQmfWxvpcvtGHVavls0NnH0po= github.com/hyperledger/firefly-signer v0.9.12/go.mod h1:GPQRUZOFOAjkLmg8GDjZUjEdUD0gcar+CSVhwltIwyw= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= diff --git a/internal/apiserver/route_delete_contract_listener_test.go b/internal/apiserver/route_delete_contract_listener_test.go index 4ed6362a24..ad455f175b 100644 --- a/internal/apiserver/route_delete_contract_listener_test.go +++ b/internal/apiserver/route_delete_contract_listener_test.go @@ -28,6 +28,7 @@ import ( func TestDeleteContractListenerByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) id := fftypes.NewUUID() diff --git a/internal/apiserver/route_delete_subscription_test.go b/internal/apiserver/route_delete_subscription_test.go index 7b1cb602d2..6d6bbd0fde 100644 --- a/internal/apiserver/route_delete_subscription_test.go +++ b/internal/apiserver/route_delete_subscription_test.go @@ -31,6 +31,7 @@ import ( func TestDeleteSubscription(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) input := core.Subscription{} var buf bytes.Buffer json.NewEncoder(&buf).Encode(&input) diff --git a/internal/apiserver/route_get_batch_by_id_test.go b/internal/apiserver/route_get_batch_by_id_test.go index 0ec457590b..9c100b8c0e 100644 --- a/internal/apiserver/route_get_batch_by_id_test.go +++ b/internal/apiserver/route_get_batch_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetBatchByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/batches/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_batches_test.go b/internal/apiserver/route_get_batches_test.go index 10a91cbe15..ede425331b 100644 --- a/internal/apiserver/route_get_batches_test.go +++ b/internal/apiserver/route_get_batches_test.go @@ -27,6 +27,7 @@ import ( func TestGetBatches(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/batches", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_blockchain_event_by_id_test.go b/internal/apiserver/route_get_blockchain_event_by_id_test.go index 4b8e0a4858..3febe51bb4 100644 --- a/internal/apiserver/route_get_blockchain_event_by_id_test.go +++ b/internal/apiserver/route_get_blockchain_event_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetBlockchainEventByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/blockchainevents/id12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_blockchain_events_test.go b/internal/apiserver/route_get_blockchain_events_test.go index d5833a1aec..5f7cf85f70 100644 --- a/internal/apiserver/route_get_blockchain_events_test.go +++ b/internal/apiserver/route_get_blockchain_events_test.go @@ -27,6 +27,7 @@ import ( func TestGetBlockchainEvents(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/blockchainevents", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_chart_histogram_test.go b/internal/apiserver/route_get_chart_histogram_test.go index d9c6575fad..84e098f38d 100644 --- a/internal/apiserver/route_get_chart_histogram_test.go +++ b/internal/apiserver/route_get_chart_histogram_test.go @@ -28,7 +28,8 @@ import ( ) func TestGetChartHistogramBadStartTime(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/charts/histogram/test?startTime=abc&endTime=456&buckets=30", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -39,7 +40,8 @@ func TestGetChartHistogramBadStartTime(t *testing.T) { } func TestGetChartHistogramBadEndTime(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/charts/histogram/test?startTime=123&endTime=abc&buckets=30", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -50,7 +52,8 @@ func TestGetChartHistogramBadEndTime(t *testing.T) { } func TestGetChartHistogramBadBuckets(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/charts/histogram/test?startTime=123&endTime=456&buckets=abc", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -62,6 +65,7 @@ func TestGetChartHistogramBadBuckets(t *testing.T) { func TestGetChartHistogramSuccess(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/charts/histogram/test?startTime=1234567890&endTime=1234567891&buckets=30", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_contract_api_by_name_test.go b/internal/apiserver/route_get_contract_api_by_name_test.go index 1dad43de8e..4c9cd6c72a 100644 --- a/internal/apiserver/route_get_contract_api_by_name_test.go +++ b/internal/apiserver/route_get_contract_api_by_name_test.go @@ -30,6 +30,7 @@ import ( func TestGetContractAPIByName(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_api_interface_test.go b/internal/apiserver/route_get_contract_api_interface_test.go index 59ef0e5ab9..2583a00f07 100644 --- a/internal/apiserver/route_get_contract_api_interface_test.go +++ b/internal/apiserver/route_get_contract_api_interface_test.go @@ -31,6 +31,7 @@ import ( func TestGetContractAPIInterface(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_api_listeners_test.go b/internal/apiserver/route_get_contract_api_listeners_test.go index 133cb0960a..cb08f59384 100644 --- a/internal/apiserver/route_get_contract_api_listeners_test.go +++ b/internal/apiserver/route_get_contract_api_listeners_test.go @@ -30,6 +30,7 @@ import ( func TestGetContractAPIListeners(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_apis_test.go b/internal/apiserver/route_get_contract_apis_test.go index 6405c0b064..c9105c3720 100644 --- a/internal/apiserver/route_get_contract_apis_test.go +++ b/internal/apiserver/route_get_contract_apis_test.go @@ -30,6 +30,7 @@ import ( func TestGetContractAPIs(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_interface_name_version_test.go b/internal/apiserver/route_get_contract_interface_name_version_test.go index 855279c8c8..b35de17730 100644 --- a/internal/apiserver/route_get_contract_interface_name_version_test.go +++ b/internal/apiserver/route_get_contract_interface_name_version_test.go @@ -31,6 +31,7 @@ import ( func TestGetContractInterfaceNameVersion(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} @@ -49,6 +50,7 @@ func TestGetContractInterfaceNameVersion(t *testing.T) { func TestGetContractInterfaceNameVersionWithChildren(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_interface_test.go b/internal/apiserver/route_get_contract_interface_test.go index b1bd18b5bd..7d4b60e6e2 100644 --- a/internal/apiserver/route_get_contract_interface_test.go +++ b/internal/apiserver/route_get_contract_interface_test.go @@ -30,7 +30,8 @@ import ( ) func TestGetContractInterfaceBadID(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) input := core.Datatype{} var buf bytes.Buffer json.NewEncoder(&buf).Encode(&input) @@ -45,6 +46,7 @@ func TestGetContractInterfaceBadID(t *testing.T) { func TestGetContractInterface(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} @@ -64,6 +66,7 @@ func TestGetContractInterface(t *testing.T) { func TestGetContractInterfaceWithChildren(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_interfaces_test.go b/internal/apiserver/route_get_contract_interfaces_test.go index 6be1caec0a..5c5dfa002a 100644 --- a/internal/apiserver/route_get_contract_interfaces_test.go +++ b/internal/apiserver/route_get_contract_interfaces_test.go @@ -31,6 +31,7 @@ import ( func TestGetContractInterfaces(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_get_contract_listener_by_name_or_id_test.go b/internal/apiserver/route_get_contract_listener_by_name_or_id_test.go index 360ab2bfd0..f7ba336dbe 100644 --- a/internal/apiserver/route_get_contract_listener_by_name_or_id_test.go +++ b/internal/apiserver/route_get_contract_listener_by_name_or_id_test.go @@ -29,6 +29,7 @@ import ( func TestGetContractListenerByNameOrID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) id := fftypes.NewUUID() diff --git a/internal/apiserver/route_get_contract_listener_test.go b/internal/apiserver/route_get_contract_listener_test.go index 23cf97b7b8..188c9ead9e 100644 --- a/internal/apiserver/route_get_contract_listener_test.go +++ b/internal/apiserver/route_get_contract_listener_test.go @@ -28,6 +28,7 @@ import ( func TestGetContractListener(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/contracts/listeners", nil) diff --git a/internal/apiserver/route_get_data_blob_test.go b/internal/apiserver/route_get_data_blob_test.go index 01086c9afc..4ad1c931d6 100644 --- a/internal/apiserver/route_get_data_blob_test.go +++ b/internal/apiserver/route_get_data_blob_test.go @@ -32,6 +32,7 @@ import ( func TestGetDataBlob(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("Data").Return(mdm) o.On("MultiParty").Return(&multipartymocks.Manager{}) diff --git a/internal/apiserver/route_get_data_by_id_test.go b/internal/apiserver/route_get_data_by_id_test.go index e2bdb3cc5f..a949c1918e 100644 --- a/internal/apiserver/route_get_data_by_id_test.go +++ b/internal/apiserver/route_get_data_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetDataByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/data/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_data_msgs_test.go b/internal/apiserver/route_get_data_msgs_test.go index f99d3797ec..4632fdc267 100644 --- a/internal/apiserver/route_get_data_msgs_test.go +++ b/internal/apiserver/route_get_data_msgs_test.go @@ -27,6 +27,7 @@ import ( func TestGetMessagesForData(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/data/abcd1234/messages", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_data_test.go b/internal/apiserver/route_get_data_test.go index 14ced83ae2..3436fe3194 100644 --- a/internal/apiserver/route_get_data_test.go +++ b/internal/apiserver/route_get_data_test.go @@ -27,6 +27,7 @@ import ( func TestGetData(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/data", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_datatype_by_name_test.go b/internal/apiserver/route_get_datatype_by_name_test.go index f0877c9e51..40e4a42fe3 100644 --- a/internal/apiserver/route_get_datatype_by_name_test.go +++ b/internal/apiserver/route_get_datatype_by_name_test.go @@ -27,6 +27,7 @@ import ( func TestGetDatatypeByName(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/datatypes/abcd/123", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_datatypes_test.go b/internal/apiserver/route_get_datatypes_test.go index eeb7296e83..718f03f3ba 100644 --- a/internal/apiserver/route_get_datatypes_test.go +++ b/internal/apiserver/route_get_datatypes_test.go @@ -27,6 +27,7 @@ import ( func TestGetDatatypes(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/datatypes", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_event_by_id_test.go b/internal/apiserver/route_get_event_by_id_test.go index 6c49f8161e..4a189bd7f3 100644 --- a/internal/apiserver/route_get_event_by_id_test.go +++ b/internal/apiserver/route_get_event_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetEventByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/events/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_events_test.go b/internal/apiserver/route_get_events_test.go index 31edf10f0a..fb605cc272 100644 --- a/internal/apiserver/route_get_events_test.go +++ b/internal/apiserver/route_get_events_test.go @@ -29,6 +29,7 @@ import ( func TestGetEvents(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/events", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -42,6 +43,7 @@ func TestGetEvents(t *testing.T) { func TestGetEventsWithReferences(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/events?fetchreferences", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_group_by_id_test.go b/internal/apiserver/route_get_group_by_id_test.go index 2565089956..093fdbf65a 100644 --- a/internal/apiserver/route_get_group_by_id_test.go +++ b/internal/apiserver/route_get_group_by_id_test.go @@ -28,6 +28,7 @@ import ( func TestGetGroupByHash(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/groups/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_groups_test.go b/internal/apiserver/route_get_groups_test.go index fde6a2072a..90468e1c87 100644 --- a/internal/apiserver/route_get_groups_test.go +++ b/internal/apiserver/route_get_groups_test.go @@ -28,6 +28,7 @@ import ( func TestGetGroups(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/groups", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_identities_test.go b/internal/apiserver/route_get_identities_test.go index be9be45948..905f8feefb 100644 --- a/internal/apiserver/route_get_identities_test.go +++ b/internal/apiserver/route_get_identities_test.go @@ -28,6 +28,7 @@ import ( func TestGetIdentities(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/identities", nil) @@ -42,6 +43,7 @@ func TestGetIdentities(t *testing.T) { func TestGetIdentitiesWithVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/identities?fetchverifiers", nil) diff --git a/internal/apiserver/route_get_identity_by_did_test.go b/internal/apiserver/route_get_identity_by_did_test.go index 99b4501b97..7052a2a70d 100644 --- a/internal/apiserver/route_get_identity_by_did_test.go +++ b/internal/apiserver/route_get_identity_by_did_test.go @@ -28,6 +28,7 @@ import ( func TestGetIdentityByDID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/identities/did:firefly:org/org_1", nil) @@ -43,6 +44,7 @@ func TestGetIdentityByDID(t *testing.T) { func TestGetIdentityByDIDWithVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/identities/did:firefly:org/org_1?fetchverifiers", nil) diff --git a/internal/apiserver/route_get_identity_by_id_test.go b/internal/apiserver/route_get_identity_by_id_test.go index ba1ce51441..b5c1b7828c 100644 --- a/internal/apiserver/route_get_identity_by_id_test.go +++ b/internal/apiserver/route_get_identity_by_id_test.go @@ -28,6 +28,7 @@ import ( func TestGetIdentityByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/identities/id1", nil) @@ -42,6 +43,7 @@ func TestGetIdentityByID(t *testing.T) { func TestGetIdentityByIDWithVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/identities/id1?fetchverifiers", nil) diff --git a/internal/apiserver/route_get_identity_did_test.go b/internal/apiserver/route_get_identity_did_test.go index 21c8558732..5797361838 100644 --- a/internal/apiserver/route_get_identity_did_test.go +++ b/internal/apiserver/route_get_identity_did_test.go @@ -28,6 +28,7 @@ import ( func TestGetIdentityDID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/identities/id1/did", nil) diff --git a/internal/apiserver/route_get_identity_verifiers_test.go b/internal/apiserver/route_get_identity_verifiers_test.go index 5b11aef3c8..30a45fc173 100644 --- a/internal/apiserver/route_get_identity_verifiers_test.go +++ b/internal/apiserver/route_get_identity_verifiers_test.go @@ -28,6 +28,7 @@ import ( func TestGetIdentityVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/identities/id1/verifiers", nil) diff --git a/internal/apiserver/route_get_msg_by_id_test.go b/internal/apiserver/route_get_msg_by_id_test.go index 1756a707b1..9e8a5cb26c 100644 --- a/internal/apiserver/route_get_msg_by_id_test.go +++ b/internal/apiserver/route_get_msg_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetMessageByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -40,6 +41,7 @@ func TestGetMessageByID(t *testing.T) { func TestGetMessageByIDWithData(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages/abcd12345?fetchdata", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_msg_data_test.go b/internal/apiserver/route_get_msg_data_test.go index c5bb19aef0..2ed67912ca 100644 --- a/internal/apiserver/route_get_msg_data_test.go +++ b/internal/apiserver/route_get_msg_data_test.go @@ -27,6 +27,7 @@ import ( func TestGetMessageData(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages/uuid1/data", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_msg_events_test.go b/internal/apiserver/route_get_msg_events_test.go index e133cbfaa3..b027ada2f6 100644 --- a/internal/apiserver/route_get_msg_events_test.go +++ b/internal/apiserver/route_get_msg_events_test.go @@ -27,6 +27,7 @@ import ( func TestGetMessageEvents(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages/uuid1/events", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_msg_txn_test.go b/internal/apiserver/route_get_msg_txn_test.go index e61c0086d3..720d602d8d 100644 --- a/internal/apiserver/route_get_msg_txn_test.go +++ b/internal/apiserver/route_get_msg_txn_test.go @@ -27,6 +27,7 @@ import ( func TestGetMessageTransaction(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages/uuid1/transaction", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_msgs_test.go b/internal/apiserver/route_get_msgs_test.go index 79b39ffd23..d0db93e147 100644 --- a/internal/apiserver/route_get_msgs_test.go +++ b/internal/apiserver/route_get_msgs_test.go @@ -29,6 +29,7 @@ import ( func TestGetMessages(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -42,6 +43,7 @@ func TestGetMessages(t *testing.T) { func TestGetMessagesWithCount(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages?count", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() @@ -64,6 +66,7 @@ func TestGetMessagesWithCount(t *testing.T) { func TestGetMessagesWithCountAndData(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/messages?count&fetchdata", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_namespace_test.go b/internal/apiserver/route_get_namespace_test.go index 56cd28b44b..2b2ca92419 100644 --- a/internal/apiserver/route_get_namespace_test.go +++ b/internal/apiserver/route_get_namespace_test.go @@ -27,6 +27,7 @@ import ( func TestGetNamespace(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_net_did_test.go b/internal/apiserver/route_get_net_did_test.go index 4eb25e0dff..cbf932ec19 100644 --- a/internal/apiserver/route_get_net_did_test.go +++ b/internal/apiserver/route_get_net_did_test.go @@ -28,6 +28,7 @@ import ( func TestGetNetIdentityByDID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/network/identities/did:firefly:org/org_1", nil) @@ -43,6 +44,7 @@ func TestGetNetIdentityByDID(t *testing.T) { func TestGetNetIdentityByDIDWithVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/network/identities/did:firefly:org/org_1?fetchverifiers", nil) diff --git a/internal/apiserver/route_get_net_diddoc_test.go b/internal/apiserver/route_get_net_diddoc_test.go index a836d9f341..55ccc040ef 100644 --- a/internal/apiserver/route_get_net_diddoc_test.go +++ b/internal/apiserver/route_get_net_diddoc_test.go @@ -28,6 +28,7 @@ import ( func TestGetDIDDocByDID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/network/diddocs/did:firefly:org/org_1", nil) diff --git a/internal/apiserver/route_get_net_identities_test.go b/internal/apiserver/route_get_net_identities_test.go index 91c0cc7509..3b70e8f95e 100644 --- a/internal/apiserver/route_get_net_identities_test.go +++ b/internal/apiserver/route_get_net_identities_test.go @@ -28,6 +28,7 @@ import ( func TestGetNetIdentities(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/network/identities", nil) @@ -42,6 +43,7 @@ func TestGetNetIdentities(t *testing.T) { func TestGetNetIdentitiesWithVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/network/identities?fetchverifiers", nil) diff --git a/internal/apiserver/route_get_net_node_test.go b/internal/apiserver/route_get_net_node_test.go index c3768dc019..4982e071ee 100644 --- a/internal/apiserver/route_get_net_node_test.go +++ b/internal/apiserver/route_get_net_node_test.go @@ -28,6 +28,7 @@ import ( func TestGetNode(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/network/nodes/node12345", nil) diff --git a/internal/apiserver/route_get_net_nodes_test.go b/internal/apiserver/route_get_net_nodes_test.go index 63ac9f5912..e13795e2bf 100644 --- a/internal/apiserver/route_get_net_nodes_test.go +++ b/internal/apiserver/route_get_net_nodes_test.go @@ -28,6 +28,7 @@ import ( func TestGetNodess(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/network/nodes", nil) diff --git a/internal/apiserver/route_get_net_org_test.go b/internal/apiserver/route_get_net_org_test.go index bea14bb6f6..f56b8dbac8 100644 --- a/internal/apiserver/route_get_net_org_test.go +++ b/internal/apiserver/route_get_net_org_test.go @@ -28,6 +28,7 @@ import ( func TestGetOrg(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) nmn := &networkmapmocks.Manager{} o.On("NetworkMap").Return(nmn) req := httptest.NewRequest("GET", "/api/v1/network/organizations/org12345", nil) diff --git a/internal/apiserver/route_get_net_orgs_test.go b/internal/apiserver/route_get_net_orgs_test.go index e995b30fb8..ec4d3eb24d 100644 --- a/internal/apiserver/route_get_net_orgs_test.go +++ b/internal/apiserver/route_get_net_orgs_test.go @@ -28,6 +28,7 @@ import ( func TestGetOrganizations(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/network/organizations", nil) diff --git a/internal/apiserver/route_get_op_by_id_test.go b/internal/apiserver/route_get_op_by_id_test.go index a7c19e5bc4..c4289f2d65 100644 --- a/internal/apiserver/route_get_op_by_id_test.go +++ b/internal/apiserver/route_get_op_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetOperationByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/operations/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_ops_test.go b/internal/apiserver/route_get_ops_test.go index da09326f16..8fa755dccb 100644 --- a/internal/apiserver/route_get_ops_test.go +++ b/internal/apiserver/route_get_ops_test.go @@ -27,6 +27,7 @@ import ( func TestGetOperations(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/operations", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_pins_test.go b/internal/apiserver/route_get_pins_test.go index 4bcf052288..780fff32b7 100644 --- a/internal/apiserver/route_get_pins_test.go +++ b/internal/apiserver/route_get_pins_test.go @@ -27,6 +27,7 @@ import ( func TestGetPins(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/pins", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_status_batchmanager_test.go b/internal/apiserver/route_get_status_batchmanager_test.go index 07380af68c..b47104dcf3 100644 --- a/internal/apiserver/route_get_status_batchmanager_test.go +++ b/internal/apiserver/route_get_status_batchmanager_test.go @@ -28,6 +28,7 @@ import ( func TestGetStatusBatching(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/status/batchmanager", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_status_test.go b/internal/apiserver/route_get_status_test.go index e64a1169da..7fc6f87e9b 100644 --- a/internal/apiserver/route_get_status_test.go +++ b/internal/apiserver/route_get_status_test.go @@ -27,6 +27,7 @@ import ( func TestGetStatus(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/status", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_subscription_by_id_test.go b/internal/apiserver/route_get_subscription_by_id_test.go index 0a84a35e63..d1a8d3337c 100644 --- a/internal/apiserver/route_get_subscription_by_id_test.go +++ b/internal/apiserver/route_get_subscription_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetSubscriptionByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/subscriptions/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_subscriptions_test.go b/internal/apiserver/route_get_subscriptions_test.go index 68801187b3..1ce50c1630 100644 --- a/internal/apiserver/route_get_subscriptions_test.go +++ b/internal/apiserver/route_get_subscriptions_test.go @@ -27,6 +27,7 @@ import ( func TestGetSubscriptions(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/subscriptions", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_token_account_pools_test.go b/internal/apiserver/route_get_token_account_pools_test.go index c5b961eae5..928d55eaed 100644 --- a/internal/apiserver/route_get_token_account_pools_test.go +++ b/internal/apiserver/route_get_token_account_pools_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenAccountPools(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/accounts/0x1/pools", nil) diff --git a/internal/apiserver/route_get_token_accounts_test.go b/internal/apiserver/route_get_token_accounts_test.go index f7991db909..f279eff661 100644 --- a/internal/apiserver/route_get_token_accounts_test.go +++ b/internal/apiserver/route_get_token_accounts_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenAccounts(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/accounts", nil) diff --git a/internal/apiserver/route_get_token_approvals_test.go b/internal/apiserver/route_get_token_approvals_test.go index d09d40185e..a8981e54eb 100644 --- a/internal/apiserver/route_get_token_approvals_test.go +++ b/internal/apiserver/route_get_token_approvals_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenApprovals(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/approvals", nil) diff --git a/internal/apiserver/route_get_token_balances_test.go b/internal/apiserver/route_get_token_balances_test.go index a8c878723e..905e853d70 100644 --- a/internal/apiserver/route_get_token_balances_test.go +++ b/internal/apiserver/route_get_token_balances_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenBalances(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/balances", nil) diff --git a/internal/apiserver/route_get_token_connectors_test.go b/internal/apiserver/route_get_token_connectors_test.go index 73c035e507..63f1490d4e 100644 --- a/internal/apiserver/route_get_token_connectors_test.go +++ b/internal/apiserver/route_get_token_connectors_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenConnectors(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/connectors", nil) diff --git a/internal/apiserver/route_get_token_pool_by_name_or_id_test.go b/internal/apiserver/route_get_token_pool_by_name_or_id_test.go index cc75939274..5a8740026a 100644 --- a/internal/apiserver/route_get_token_pool_by_name_or_id_test.go +++ b/internal/apiserver/route_get_token_pool_by_name_or_id_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenPoolByNameOrID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/pools/abc", nil) diff --git a/internal/apiserver/route_get_token_pools_test.go b/internal/apiserver/route_get_token_pools_test.go index 47699732dd..5bfa821fd0 100644 --- a/internal/apiserver/route_get_token_pools_test.go +++ b/internal/apiserver/route_get_token_pools_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenPools(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/pools", nil) diff --git a/internal/apiserver/route_get_token_transfer_by_id_test.go b/internal/apiserver/route_get_token_transfer_by_id_test.go index 69f027a9ff..104f1fff98 100644 --- a/internal/apiserver/route_get_token_transfer_by_id_test.go +++ b/internal/apiserver/route_get_token_transfer_by_id_test.go @@ -28,6 +28,7 @@ import ( func TestGetTokenTransferByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/transfers/id1", nil) diff --git a/internal/apiserver/route_get_token_transfers_test.go b/internal/apiserver/route_get_token_transfers_test.go index 827149efd9..2b21a8c243 100644 --- a/internal/apiserver/route_get_token_transfers_test.go +++ b/internal/apiserver/route_get_token_transfers_test.go @@ -29,6 +29,7 @@ import ( func TestGetTokenTransfers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/transfers", nil) @@ -44,6 +45,7 @@ func TestGetTokenTransfers(t *testing.T) { func TestGetTokenTransfersFromOrTo(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/tokens/transfers?fromOrTo=0x1", nil) diff --git a/internal/apiserver/route_get_txn_blockchainevents_test.go b/internal/apiserver/route_get_txn_blockchainevents_test.go index 3245224f55..86e8237abf 100644 --- a/internal/apiserver/route_get_txn_blockchainevents_test.go +++ b/internal/apiserver/route_get_txn_blockchainevents_test.go @@ -27,6 +27,7 @@ import ( func TestGetTxnBlockchainEvents(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/transactions/abcd12345/blockchainevents", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_txn_by_id_test.go b/internal/apiserver/route_get_txn_by_id_test.go index 9cec723289..5ccb93b335 100644 --- a/internal/apiserver/route_get_txn_by_id_test.go +++ b/internal/apiserver/route_get_txn_by_id_test.go @@ -27,6 +27,7 @@ import ( func TestGetTXByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/transactions/abcd12345", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_txn_ops_test.go b/internal/apiserver/route_get_txn_ops_test.go index d5c6ef3623..df807226c6 100644 --- a/internal/apiserver/route_get_txn_ops_test.go +++ b/internal/apiserver/route_get_txn_ops_test.go @@ -27,6 +27,7 @@ import ( func TestGetTxnOps(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/transactions/abcd12345/operations", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_txn_status_test.go b/internal/apiserver/route_get_txn_status_test.go index acdb08e759..7e4678b82b 100644 --- a/internal/apiserver/route_get_txn_status_test.go +++ b/internal/apiserver/route_get_txn_status_test.go @@ -27,6 +27,7 @@ import ( func TestGetTxnStatus(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/transactions/abcd12345/status", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_txns_test.go b/internal/apiserver/route_get_txns_test.go index 496c55a8a6..6685e47969 100644 --- a/internal/apiserver/route_get_txns_test.go +++ b/internal/apiserver/route_get_txns_test.go @@ -27,6 +27,7 @@ import ( func TestGetTxns(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/api/v1/namespaces/mynamespace/transactions", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/route_get_verifier_by_id_test.go b/internal/apiserver/route_get_verifier_by_id_test.go index 4401343698..f0172814b4 100644 --- a/internal/apiserver/route_get_verifier_by_id_test.go +++ b/internal/apiserver/route_get_verifier_by_id_test.go @@ -28,6 +28,7 @@ import ( func TestGetVerifierByID(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/verifiers/hashid1", nil) diff --git a/internal/apiserver/route_get_verifiers_test.go b/internal/apiserver/route_get_verifiers_test.go index f8cc7fa1ac..6066549101 100644 --- a/internal/apiserver/route_get_verifiers_test.go +++ b/internal/apiserver/route_get_verifiers_test.go @@ -28,6 +28,7 @@ import ( func TestGetVerifiers(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) req := httptest.NewRequest("GET", "/api/v1/namespaces/ns1/verifiers", nil) diff --git a/internal/apiserver/route_get_websockets_test.go b/internal/apiserver/route_get_websockets_test.go index 183f37416d..cd14e6be72 100644 --- a/internal/apiserver/route_get_websockets_test.go +++ b/internal/apiserver/route_get_websockets_test.go @@ -23,10 +23,12 @@ import ( "github.com/hyperledger/firefly/mocks/eventmocks" "github.com/hyperledger/firefly/pkg/core" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" ) func TestGetWebSockets(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mem := &eventmocks.EventManager{} o.On("Events").Return(mem) req := httptest.NewRequest("GET", "/api/v1/websockets", nil) diff --git a/internal/apiserver/route_patch_update_identity_test.go b/internal/apiserver/route_patch_update_identity_test.go index e017a4f2d6..9ab7cceae1 100644 --- a/internal/apiserver/route_patch_update_identity_test.go +++ b/internal/apiserver/route_patch_update_identity_test.go @@ -30,6 +30,7 @@ import ( func TestUpdateIdentity(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) input := core.Identity{} diff --git a/internal/apiserver/route_post_contract_api_invoke_test.go b/internal/apiserver/route_post_contract_api_invoke_test.go index e38d93c510..e60308fc4b 100644 --- a/internal/apiserver/route_post_contract_api_invoke_test.go +++ b/internal/apiserver/route_post_contract_api_invoke_test.go @@ -30,6 +30,7 @@ import ( func TestPostContractAPIInvoke(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_post_contract_api_listeners_test.go b/internal/apiserver/route_post_contract_api_listeners_test.go index ff70fcb539..30ad0ddfa6 100644 --- a/internal/apiserver/route_post_contract_api_listeners_test.go +++ b/internal/apiserver/route_post_contract_api_listeners_test.go @@ -30,6 +30,7 @@ import ( func TestPostContractAPIListen(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_post_contract_api_query_test.go b/internal/apiserver/route_post_contract_api_query_test.go index ee616da706..16fcbcba1d 100644 --- a/internal/apiserver/route_post_contract_api_query_test.go +++ b/internal/apiserver/route_post_contract_api_query_test.go @@ -30,6 +30,7 @@ import ( func TestPostContractAPIQuery(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_post_contract_interface_generate_test.go b/internal/apiserver/route_post_contract_interface_generate_test.go index 1a08ccc641..fe5a9e44f7 100644 --- a/internal/apiserver/route_post_contract_interface_generate_test.go +++ b/internal/apiserver/route_post_contract_interface_generate_test.go @@ -31,6 +31,7 @@ import ( func TestPostContractInterfaceGenerate(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_post_contract_invoke_test.go b/internal/apiserver/route_post_contract_invoke_test.go index be0a5e47b1..790f81af6b 100644 --- a/internal/apiserver/route_post_contract_invoke_test.go +++ b/internal/apiserver/route_post_contract_invoke_test.go @@ -30,6 +30,7 @@ import ( func TestPostContractInvoke(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_post_contract_query_test.go b/internal/apiserver/route_post_contract_query_test.go index fa3787b225..908adf6ef7 100644 --- a/internal/apiserver/route_post_contract_query_test.go +++ b/internal/apiserver/route_post_contract_query_test.go @@ -30,6 +30,7 @@ import ( func TestPostContractQuery(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.Datatype{} diff --git a/internal/apiserver/route_post_data_test.go b/internal/apiserver/route_post_data_test.go index b3b38333aa..43df021700 100644 --- a/internal/apiserver/route_post_data_test.go +++ b/internal/apiserver/route_post_data_test.go @@ -34,6 +34,7 @@ import ( func TestPostDataJSON(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -53,6 +54,7 @@ func TestPostDataJSON(t *testing.T) { func TestPostDataJSONDefaultNS(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -74,6 +76,7 @@ func TestPostDataBinary(t *testing.T) { log.SetLevel("debug") o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -100,6 +103,7 @@ func TestPostDataBinaryObjAutoMeta(t *testing.T) { log.SetLevel("debug") o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -147,6 +151,7 @@ func TestPostDataBinaryStringMetadata(t *testing.T) { log.SetLevel("debug") o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -181,6 +186,7 @@ func TestPostDataTrailingMetadata(t *testing.T) { log.SetLevel("debug") o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -213,6 +219,7 @@ func TestPostDataBinaryMissing(t *testing.T) { log.SetLevel("debug") o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) @@ -238,6 +245,7 @@ func TestPostDataBadForm(t *testing.T) { log.SetLevel("debug") o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mdm := &datamocks.Manager{} o.On("MultiParty").Return(&multipartymocks.Manager{}) o.On("Data").Return(mdm) diff --git a/internal/apiserver/route_post_network_action_test.go b/internal/apiserver/route_post_network_action_test.go index 0c56f813eb..c6b78b77c5 100644 --- a/internal/apiserver/route_post_network_action_test.go +++ b/internal/apiserver/route_post_network_action_test.go @@ -30,6 +30,7 @@ import ( func TestPostNetworkAction(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) o.On("MultiParty").Return(&multipartymocks.Manager{}) input := core.NetworkAction{} var buf bytes.Buffer diff --git a/internal/apiserver/route_post_new_contract_api_test.go b/internal/apiserver/route_post_new_contract_api_test.go index e287291740..ec8ba24f16 100644 --- a/internal/apiserver/route_post_new_contract_api_test.go +++ b/internal/apiserver/route_post_new_contract_api_test.go @@ -30,6 +30,7 @@ import ( func TestPostNewContractAPI(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) input := core.Datatype{} @@ -47,6 +48,7 @@ func TestPostNewContractAPI(t *testing.T) { func TestPostNewContractAPISync(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) input := core.Datatype{} diff --git a/internal/apiserver/route_post_new_contract_interface_test.go b/internal/apiserver/route_post_new_contract_interface_test.go index 8b7bba56d0..b46ceb57ea 100644 --- a/internal/apiserver/route_post_new_contract_interface_test.go +++ b/internal/apiserver/route_post_new_contract_interface_test.go @@ -30,6 +30,7 @@ import ( func TestPostNewContractInterface(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) input := core.Datatype{} @@ -47,6 +48,7 @@ func TestPostNewContractInterface(t *testing.T) { func TestPostNewContractInterfaceSync(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) input := core.Datatype{} diff --git a/internal/apiserver/route_post_new_contract_listener_test.go b/internal/apiserver/route_post_new_contract_listener_test.go index 25e39e69a5..048528de98 100644 --- a/internal/apiserver/route_post_new_contract_listener_test.go +++ b/internal/apiserver/route_post_new_contract_listener_test.go @@ -30,6 +30,7 @@ import ( func TestPostNewContractListener(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mcm := &contractmocks.Manager{} o.On("Contracts").Return(mcm) input := core.ContractListenerInput{} diff --git a/internal/apiserver/route_post_new_datatype_test.go b/internal/apiserver/route_post_new_datatype_test.go index c8753f2ffd..fd6b4ccba4 100644 --- a/internal/apiserver/route_post_new_datatype_test.go +++ b/internal/apiserver/route_post_new_datatype_test.go @@ -31,6 +31,7 @@ import ( func TestPostNewDatatypes(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) o.On("MultiParty").Return(&multipartymocks.Manager{}) @@ -49,6 +50,7 @@ func TestPostNewDatatypes(t *testing.T) { func TestPostNewDatatypesSync(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) o.On("MultiParty").Return(&multipartymocks.Manager{}) diff --git a/internal/apiserver/route_post_new_identity_test.go b/internal/apiserver/route_post_new_identity_test.go index c74bfadae2..98a7cca8f3 100644 --- a/internal/apiserver/route_post_new_identity_test.go +++ b/internal/apiserver/route_post_new_identity_test.go @@ -30,6 +30,7 @@ import ( func TestNewIdentity(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) input := core.Identity{} diff --git a/internal/apiserver/route_post_new_message_broadcast_test.go b/internal/apiserver/route_post_new_message_broadcast_test.go index cbebf75d65..8b3c0f81f0 100644 --- a/internal/apiserver/route_post_new_message_broadcast_test.go +++ b/internal/apiserver/route_post_new_message_broadcast_test.go @@ -30,6 +30,7 @@ import ( func TestPostNewMessageBroadcast(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mbm := &broadcastmocks.Manager{} o.On("Broadcast").Return(mbm) input := core.MessageInOut{} @@ -48,6 +49,7 @@ func TestPostNewMessageBroadcast(t *testing.T) { func TestPostNewMessageBroadcastSync(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mbm := &broadcastmocks.Manager{} o.On("Broadcast").Return(mbm) input := core.MessageInOut{} diff --git a/internal/apiserver/route_post_new_message_private_test.go b/internal/apiserver/route_post_new_message_private_test.go index aa0675393a..7b12dae1f1 100644 --- a/internal/apiserver/route_post_new_message_private_test.go +++ b/internal/apiserver/route_post_new_message_private_test.go @@ -30,6 +30,7 @@ import ( func TestPostNewMessagePrivate(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mpm := &privatemessagingmocks.Manager{} o.On("PrivateMessaging").Return(mpm) input := core.MessageInOut{} @@ -48,6 +49,7 @@ func TestPostNewMessagePrivate(t *testing.T) { func TestPostNewMessagePrivateSync(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mpm := &privatemessagingmocks.Manager{} o.On("PrivateMessaging").Return(mpm) input := core.MessageInOut{} diff --git a/internal/apiserver/route_post_new_message_requestreply_test.go b/internal/apiserver/route_post_new_message_requestreply_test.go index d8e43c7b13..e71587befa 100644 --- a/internal/apiserver/route_post_new_message_requestreply_test.go +++ b/internal/apiserver/route_post_new_message_requestreply_test.go @@ -30,6 +30,7 @@ import ( func TestPostNewMessageRequestReply(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) o.On("PrivateMessaging").Return(&privatemessagingmocks.Manager{}) o.On("RequestReply", mock.Anything, mock.Anything).Return(&core.MessageInOut{}, nil) input := &core.MessageInOut{} diff --git a/internal/apiserver/route_post_new_node_self_test.go b/internal/apiserver/route_post_new_node_self_test.go index 66aa6f4c31..feea86e9eb 100644 --- a/internal/apiserver/route_post_new_node_self_test.go +++ b/internal/apiserver/route_post_new_node_self_test.go @@ -31,6 +31,7 @@ import ( func TestPostNewNodeSelf(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) o.On("MultiParty").Return(&multipartymocks.Manager{}) diff --git a/internal/apiserver/route_post_new_organization_self_test.go b/internal/apiserver/route_post_new_organization_self_test.go index e97962cb61..9472125d70 100644 --- a/internal/apiserver/route_post_new_organization_self_test.go +++ b/internal/apiserver/route_post_new_organization_self_test.go @@ -31,6 +31,7 @@ import ( func TestNewOrganizationSelf(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) o.On("MultiParty").Return(&multipartymocks.Manager{}) diff --git a/internal/apiserver/route_post_new_organization_test.go b/internal/apiserver/route_post_new_organization_test.go index bdcaaadd70..e30912d5c9 100644 --- a/internal/apiserver/route_post_new_organization_test.go +++ b/internal/apiserver/route_post_new_organization_test.go @@ -30,6 +30,7 @@ import ( func TestNewOrganization(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mnm := &networkmapmocks.Manager{} o.On("NetworkMap").Return(mnm) input := core.Identity{} diff --git a/internal/apiserver/route_post_new_subscription_test.go b/internal/apiserver/route_post_new_subscription_test.go index 00ce58e616..1355cd071b 100644 --- a/internal/apiserver/route_post_new_subscription_test.go +++ b/internal/apiserver/route_post_new_subscription_test.go @@ -29,6 +29,7 @@ import ( func TestPostNewSubscription(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) input := core.Subscription{} var buf bytes.Buffer json.NewEncoder(&buf).Encode(&input) diff --git a/internal/apiserver/route_post_op_retry_test.go b/internal/apiserver/route_post_op_retry_test.go index 308dc4d763..1b287e8370 100644 --- a/internal/apiserver/route_post_op_retry_test.go +++ b/internal/apiserver/route_post_op_retry_test.go @@ -31,6 +31,7 @@ import ( func TestPostOpRetry(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mom := &operationmocks.Manager{} o.On("Operations").Return(mom) input := core.EmptyInput{} @@ -49,7 +50,8 @@ func TestPostOpRetry(t *testing.T) { } func TestPostOpRetryBadID(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) input := core.EmptyInput{} var buf bytes.Buffer json.NewEncoder(&buf).Encode(&input) diff --git a/internal/apiserver/route_post_token_approval_test.go b/internal/apiserver/route_post_token_approval_test.go index 395ebc5a36..37b8b2f372 100644 --- a/internal/apiserver/route_post_token_approval_test.go +++ b/internal/apiserver/route_post_token_approval_test.go @@ -31,6 +31,7 @@ import ( func TestPostTokenApproval(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) input := fftypes.JSONObject{} @@ -50,6 +51,7 @@ func TestPostTokenApproval(t *testing.T) { func TestPostTokenApprovalUnapprove(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) input := fftypes.JSONObject{"approved": false} diff --git a/internal/apiserver/route_post_token_burn_test.go b/internal/apiserver/route_post_token_burn_test.go index f62b8c5214..faa07983b7 100644 --- a/internal/apiserver/route_post_token_burn_test.go +++ b/internal/apiserver/route_post_token_burn_test.go @@ -30,6 +30,7 @@ import ( func TestPostTokenBurn(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) input := core.TokenTransferInput{} diff --git a/internal/apiserver/route_post_token_mint_test.go b/internal/apiserver/route_post_token_mint_test.go index cf00925a47..b613c05a61 100644 --- a/internal/apiserver/route_post_token_mint_test.go +++ b/internal/apiserver/route_post_token_mint_test.go @@ -30,6 +30,7 @@ import ( func TestPostTokenMint(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) input := core.TokenTransferInput{} diff --git a/internal/apiserver/route_post_token_pool_test.go b/internal/apiserver/route_post_token_pool_test.go index 7fcb89a5d2..f669b3aa59 100644 --- a/internal/apiserver/route_post_token_pool_test.go +++ b/internal/apiserver/route_post_token_pool_test.go @@ -30,6 +30,7 @@ import ( func TestPostTokenPool(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) input := core.TokenPool{} diff --git a/internal/apiserver/route_post_token_transfer_test.go b/internal/apiserver/route_post_token_transfer_test.go index d65a3458c1..1c2593d77f 100644 --- a/internal/apiserver/route_post_token_transfer_test.go +++ b/internal/apiserver/route_post_token_transfer_test.go @@ -30,6 +30,7 @@ import ( func TestPostTokenTransfer(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mam := &assetmocks.Manager{} o.On("Assets").Return(mam) input := core.TokenTransferInput{} diff --git a/internal/apiserver/route_put_contract_api_test.go b/internal/apiserver/route_put_contract_api_test.go index 90754491d0..021a1738d6 100644 --- a/internal/apiserver/route_put_contract_api_test.go +++ b/internal/apiserver/route_put_contract_api_test.go @@ -30,6 +30,7 @@ import ( func TestPutContractAPI(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) input := core.Datatype{} @@ -47,6 +48,7 @@ func TestPutContractAPI(t *testing.T) { func TestPutContractAPISync(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) mds := &definitionsmocks.Sender{} o.On("DefinitionSender").Return(mds) input := core.Datatype{} diff --git a/internal/apiserver/route_put_subscription_test.go b/internal/apiserver/route_put_subscription_test.go index 0cb858b01f..8c473339e5 100644 --- a/internal/apiserver/route_put_subscription_test.go +++ b/internal/apiserver/route_put_subscription_test.go @@ -29,6 +29,7 @@ import ( func TestPutSubscription(t *testing.T) { o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) input := core.Subscription{} var buf bytes.Buffer json.NewEncoder(&buf).Encode(&input) diff --git a/internal/apiserver/route_spi_get_ops_test.go b/internal/apiserver/route_spi_get_ops_test.go index 49ef905495..44cba70136 100644 --- a/internal/apiserver/route_spi_get_ops_test.go +++ b/internal/apiserver/route_spi_get_ops_test.go @@ -27,6 +27,7 @@ import ( func TestSPIGetOperations(t *testing.T) { or, r := newTestSPIServer() + or.On("Authorize", mock.Anything, mock.Anything).Return(nil) req := httptest.NewRequest("GET", "/spi/v1/namespaces/ns1/operations", nil) req.Header.Set("Content-Type", "application/json; charset=utf-8") res := httptest.NewRecorder() diff --git a/internal/apiserver/server.go b/internal/apiserver/server.go index 58d4995aab..6152073702 100644 --- a/internal/apiserver/server.go +++ b/internal/apiserver/server.go @@ -31,6 +31,7 @@ import ( "github.com/gorilla/mux" "github.com/hyperledger/firefly-common/pkg/config" "github.com/hyperledger/firefly-common/pkg/ffapi" + "github.com/hyperledger/firefly-common/pkg/fftypes" "github.com/hyperledger/firefly-common/pkg/httpserver" "github.com/hyperledger/firefly-common/pkg/i18n" "github.com/hyperledger/firefly/internal/coreconfig" @@ -249,6 +250,19 @@ func (as *apiServer) routeHandler(hf *ffapi.HandlerFactory, mgr namespace.Manage if err != nil { return nil, err } + + // Authorize the request + authReq := &fftypes.AuthReq{ + Method: r.Req.Method, + URL: r.Req.URL, + Header: r.Req.Header, + } + if or != nil { + if err := or.Authorize(r.Req.Context(), authReq); err != nil { + return nil, err + } + } + if ce.EnabledIf != nil && !ce.EnabledIf(or) { return nil, i18n.NewError(r.Req.Context(), coremsgs.MsgActionNotSupported) } @@ -330,6 +344,7 @@ func (as *apiServer) createMuxRouter(ctx context.Context, mgr namespace.Manager) r.HandleFunc(`/favicon{any:.*}.png`, favIcons) ws, _ := eifactory.GetPlugin(ctx, "websockets") + ws.(*websockets.WebSockets).SetAuthorizer(mgr) r.HandleFunc(`/ws`, ws.(*websockets.WebSockets).ServeHTTP) uiPath := config.GetString(coreconfig.UIPath) diff --git a/internal/apiserver/server_test.go b/internal/apiserver/server_test.go index 0218b5ca86..ca46432dd7 100644 --- a/internal/apiserver/server_test.go +++ b/internal/apiserver/server_test.go @@ -33,6 +33,7 @@ import ( "github.com/hyperledger/firefly-common/pkg/config" "github.com/hyperledger/firefly-common/pkg/fftypes" "github.com/hyperledger/firefly-common/pkg/httpserver" + "github.com/hyperledger/firefly-common/pkg/i18n" "github.com/hyperledger/firefly/internal/coreconfig" "github.com/hyperledger/firefly/internal/metrics" "github.com/hyperledger/firefly/mocks/apiservermocks" @@ -175,7 +176,8 @@ func TestNotFound(t *testing.T) { } func TestFilterTooMany(t *testing.T) { - mgr, _, as := newTestServer() + mgr, o, as := newTestServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) handler := as.routeHandler(as.handlerFactory(), mgr, "", getBatches) req := httptest.NewRequest("GET", "http://localhost:12345/test?limit=99999999999", nil) @@ -187,6 +189,20 @@ func TestFilterTooMany(t *testing.T) { assert.Regexp(t, "FF10184", resJSON["error"]) } +func TestUnauthorized(t *testing.T) { + mgr, o, as := newTestServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(i18n.NewError(context.Background(), i18n.MsgUnauthorized)) + handler := as.routeHandler(as.handlerFactory(), mgr, "", getBatches) + + req := httptest.NewRequest("GET", "http://localhost:12345/test", nil) + res := httptest.NewRecorder() + handler.ServeHTTP(res, req) + assert.Equal(t, 401, res.Result().StatusCode) + var resJSON map[string]interface{} + json.NewDecoder(res.Body).Decode(&resJSON) + assert.Regexp(t, "FF00169", resJSON["error"]) +} + func TestSwaggerYAML(t *testing.T) { _, _, as := newTestServer() handler := as.handlerFactory().APIWrapper(as.swaggerHandler(as.swaggerGenerator(routes, "http://localhost:12345/api/v1"))) @@ -204,7 +220,8 @@ func TestSwaggerYAML(t *testing.T) { } func TestSwaggerJSON(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) s := httptest.NewServer(r) defer s.Close() @@ -342,7 +359,8 @@ func TestContractAPISwaggerJSONBadNamespace(t *testing.T) { } func TestContractAPISwaggerUI(t *testing.T) { - _, r := newTestAPIServer() + o, r := newTestAPIServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) s := httptest.NewServer(r) defer s.Close() @@ -396,6 +414,7 @@ func TestFormDataBadNamespace(t *testing.T) { func TestJSONDisabledRoute(t *testing.T) { mgr, o, as := newTestServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) r := as.createMuxRouter(context.Background(), mgr) s := httptest.NewServer(r) defer s.Close() @@ -414,6 +433,7 @@ func TestJSONDisabledRoute(t *testing.T) { func TestFormDataDisabledRoute(t *testing.T) { mgr, o, as := newTestServer() + o.On("Authorize", mock.Anything, mock.Anything).Return(nil) r := as.createMuxRouter(context.Background(), mgr) s := httptest.NewServer(r) defer s.Close() diff --git a/internal/coreconfig/coreconfig.go b/internal/coreconfig/coreconfig.go index 7b30281103..eb9a4f76cd 100644 --- a/internal/coreconfig/coreconfig.go +++ b/internal/coreconfig/coreconfig.go @@ -144,6 +144,8 @@ var ( TokensList = ffc("tokens") // PluginsTokensList is the key containing a list of supported tokens plugins PluginsTokensList = ffc("plugins.tokens") + // PluginsAuthList is the key containing a list of supported auth plugins + PluginsAuthList = ffc("plugins.auth") // PluginsBlockchainList is the key containing a list of configured blockchain plugins PluginsBlockchainList = ffc("plugins.blockchain") // PluginsSharedStorageList is the key containing a list of configured shared storage plugins diff --git a/internal/coremsgs/en_config_descriptions.go b/internal/coremsgs/en_config_descriptions.go index 49b7c04349..afba2432d3 100644 --- a/internal/coremsgs/en_config_descriptions.go +++ b/internal/coremsgs/en_config_descriptions.go @@ -318,4 +318,10 @@ var ( ConfigSPIWebSocketBlockedWarnInternal = ffc("config.spi.ws.blockedWarnInterval", "How often to log warnings in core, when an admin change event listener falls behind the stream they requested and misses events", i18n.TimeDurationType) ConfigSPIWebSocketEventQueueLength = ffc("config.spi.ws.eventQueueLength", "Server-side queue length for events waiting for delivery over an admin change event listener websocket", i18n.IntType) + + ConfigPluginsAuth = ffc("config.plugins.auth", "Authorization plugin configuration", i18n.MapStringStringType) + ConfigPluginsAuthName = ffc("config.plugins.auth[].name", "The name of the auth plugin to use", i18n.StringType) + ConfigPluginsAuthType = ffc("config.plugins.auth[].type", "The type of the auth plugin to use", i18n.StringType) + + ConfigGlobalAuthBasicPasswordFile = ffc("config.global.basic.passwordfile", "The path to a .htpasswd file to use for authenticating requests. Passwords should be hashed with bcrypt.", i18n.StringType) ) diff --git a/internal/events/websockets/websocket_connection.go b/internal/events/websockets/websocket_connection.go index ea8c60da2c..22378315f5 100644 --- a/internal/events/websockets/websocket_connection.go +++ b/internal/events/websockets/websocket_connection.go @@ -53,9 +53,11 @@ type websocketConnection struct { closed bool remoteAddr string userAgent string + header http.Header + auth core.Authorizer } -func newConnection(pCtx context.Context, ws *WebSockets, wsConn *websocket.Conn, req *http.Request) *websocketConnection { +func newConnection(pCtx context.Context, ws *WebSockets, wsConn *websocket.Conn, req *http.Request, auth core.Authorizer) *websocketConnection { connID := fftypes.NewUUID().String() ctx := log.WithLogField(pCtx, "websocket", connID) ctx, cancelCtx := context.WithCancel(ctx) @@ -70,6 +72,8 @@ func newConnection(pCtx context.Context, ws *WebSockets, wsConn *websocket.Conn, receiverDone: make(chan struct{}), remoteAddr: req.RemoteAddr, userAgent: req.UserAgent(), + header: req.Header, + auth: auth, } go wc.sendLoop() go wc.receiveLoop() @@ -153,12 +157,18 @@ func (wc *websocketConnection) receiveLoop() { var msg core.WSStart err = json.Unmarshal(msgData, &msg) if err == nil { - err = wc.handleStart(&msg) + err = wc.authorizeMessage(msg.Namespace) + if err == nil { + err = wc.handleStart(&msg) + } } case core.WSClientActionAck: var msg core.WSAck err = json.Unmarshal(msgData, &msg) if err == nil { + // acks are not authenticated because they will only be accepted for + // messages that were sent by FireFly on this connection, which would + // have previously checked authorization in the start message err = wc.handleAck(&msg) } default: @@ -335,3 +345,18 @@ func (wc *websocketConnection) waitClose() { <-wc.senderDone <-wc.receiverDone } + +func (wc *websocketConnection) authorizeMessage(ns string) error { + wc.mux.Lock() + defer wc.mux.Unlock() + authReq := &fftypes.AuthReq{ + Namespace: ns, + Header: wc.header, + } + if wc.auth != nil { + if err := wc.auth.Authorize(wc.ctx, authReq); err != nil { + return err + } + } + return nil +} diff --git a/internal/events/websockets/websockets.go b/internal/events/websockets/websockets.go index 25f8256453..ef0a3b53f4 100644 --- a/internal/events/websockets/websockets.go +++ b/internal/events/websockets/websockets.go @@ -37,6 +37,7 @@ type WebSockets struct { connections map[string]*websocketConnection connMux sync.Mutex upgrader websocket.Upgrader + auth core.Authorizer } func (ws *WebSockets) Name() string { return "websockets" } @@ -59,6 +60,10 @@ func (ws *WebSockets) Init(ctx context.Context, config config.Section) error { return nil } +func (ws *WebSockets) SetAuthorizer(auth core.Authorizer) { + ws.auth = auth +} + func (ws *WebSockets) SetHandler(namespace string, handler events.Callbacks) error { ws.callbacks[namespace] = handler return nil @@ -96,7 +101,7 @@ func (ws *WebSockets) ServeHTTP(res http.ResponseWriter, req *http.Request) { } ws.connMux.Lock() - wc := newConnection(ws.ctx, ws, wsConn, req) + wc := newConnection(ws.ctx, ws, wsConn, req, ws.auth) ws.connections[wc.connID] = wc ws.connMux.Unlock() diff --git a/internal/events/websockets/websockets_test.go b/internal/events/websockets/websockets_test.go index 5800357d6b..12f8fbfcfe 100644 --- a/internal/events/websockets/websockets_test.go +++ b/internal/events/websockets/websockets_test.go @@ -29,6 +29,7 @@ import ( "github.com/hyperledger/firefly-common/pkg/config" "github.com/hyperledger/firefly-common/pkg/ffresty" "github.com/hyperledger/firefly-common/pkg/fftypes" + "github.com/hyperledger/firefly-common/pkg/i18n" "github.com/hyperledger/firefly-common/pkg/log" "github.com/hyperledger/firefly-common/pkg/wsclient" "github.com/hyperledger/firefly/internal/coreconfig" @@ -39,7 +40,16 @@ import ( "github.com/stretchr/testify/mock" ) -func newTestWebsockets(t *testing.T, cbs *eventsmocks.Callbacks, queryParams ...string) (ws *WebSockets, wsc wsclient.WSClient, cancel func()) { +type testAuthorizer struct{} + +func (t *testAuthorizer) Authorize(ctx context.Context, authReq *fftypes.AuthReq) error { + if authReq.Namespace == "ns1" { + return nil + } + return i18n.NewError(ctx, i18n.MsgUnauthorized) +} + +func newTestWebsockets(t *testing.T, cbs *eventsmocks.Callbacks, authorizer core.Authorizer, queryParams ...string) (ws *WebSockets, wsc wsclient.WSClient, cancel func()) { coreconfig.Reset() ws = &WebSockets{} @@ -48,6 +58,7 @@ func newTestWebsockets(t *testing.T, cbs *eventsmocks.Callbacks, queryParams ... ws.InitConfig(svrConfig) ws.Init(ctx, svrConfig) ws.SetHandler("ns1", cbs) + ws.SetAuthorizer(authorizer) assert.Equal(t, "websockets", ws.Name()) assert.NotNil(t, ws.Capabilities()) cbs.On("ConnectionClosed", mock.Anything).Return(nil).Maybe() @@ -75,10 +86,9 @@ func newTestWebsockets(t *testing.T, cbs *eventsmocks.Callbacks, queryParams ... svr.Close() } } - func TestValidateOptionsFail(t *testing.T) { cbs := &eventsmocks.Callbacks{} - ws, _, cancel := newTestWebsockets(t, cbs) + ws, _, cancel := newTestWebsockets(t, cbs, nil) defer cancel() yes := true @@ -92,7 +102,7 @@ func TestValidateOptionsFail(t *testing.T) { func TestValidateOptionsOk(t *testing.T) { cbs := &eventsmocks.Callbacks{} - ws, _, cancel := newTestWebsockets(t, cbs) + ws, _, cancel := newTestWebsockets(t, cbs, nil) defer cancel() opts := &core.SubscriptionOptions{} @@ -103,7 +113,7 @@ func TestValidateOptionsOk(t *testing.T) { func TestSendBadData(t *testing.T) { cbs := &eventsmocks.Callbacks{} - _, wsc, cancel := newTestWebsockets(t, cbs) + _, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() cbs.On("ConnectionClosed", mock.Anything).Return(nil) @@ -120,7 +130,7 @@ func TestSendBadData(t *testing.T) { func TestSendBadAction(t *testing.T) { cbs := &eventsmocks.Callbacks{} - _, wsc, cancel := newTestWebsockets(t, cbs) + _, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() cbs.On("ConnectionClosed", mock.Anything).Return(nil) @@ -136,7 +146,7 @@ func TestSendBadAction(t *testing.T) { func TestSendEmptyStartAction(t *testing.T) { cbs := &eventsmocks.Callbacks{} - _, wsc, cancel := newTestWebsockets(t, cbs) + _, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() cbs.On("ConnectionClosed", mock.Anything).Return(nil) @@ -154,7 +164,7 @@ func TestStartReceiveAckEphemeral(t *testing.T) { log.SetLevel("trace") cbs := &eventsmocks.Callbacks{} - ws, wsc, cancel := newTestWebsockets(t, cbs) + ws, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() var connID string sub := cbs.On("EphemeralSubscription", @@ -202,7 +212,7 @@ func TestStartReceiveAckEphemeral(t *testing.T) { func TestStartReceiveDurable(t *testing.T) { cbs := &eventsmocks.Callbacks{} - ws, wsc, cancel := newTestWebsockets(t, cbs) + ws, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() var connID string sub := cbs.On("RegisterConnection", @@ -280,6 +290,122 @@ func TestStartReceiveDurable(t *testing.T) { cbs.AssertExpectations(t) } +func TestStartReceiveDurableWithAuth(t *testing.T) { + cbs := &eventsmocks.Callbacks{} + ws, wsc, cancel := newTestWebsockets(t, cbs, &testAuthorizer{}) + defer cancel() + var connID string + sub := cbs.On("RegisterConnection", + mock.MatchedBy(func(s string) bool { connID = s; return true }), + mock.MatchedBy(func(subMatch events.SubscriptionMatcher) bool { + return subMatch(core.SubscriptionRef{Namespace: "ns1", Name: "sub1"}) && + !subMatch(core.SubscriptionRef{Namespace: "ns2", Name: "sub1"}) && + !subMatch(core.SubscriptionRef{Namespace: "ns1", Name: "sub2"}) + }), + ).Return(nil) + ack := cbs.On("DeliveryResponse", + mock.MatchedBy(func(s string) bool { return s == connID }), + mock.Anything).Return(nil) + + waitSubscribed := make(chan struct{}) + sub.RunFn = func(a mock.Arguments) { + close(waitSubscribed) + } + + waitAcked := make(chan struct{}) + ack.RunFn = func(a mock.Arguments) { + close(waitAcked) + } + + err := wsc.Send(context.Background(), []byte(`{"type":"start","namespace":"ns1","name":"sub1"}`)) + assert.NoError(t, err) + + <-waitSubscribed + ws.DeliveryRequest(connID, nil, &core.EventDelivery{ + EnrichedEvent: core.EnrichedEvent{ + Event: core.Event{ID: fftypes.NewUUID()}, + }, + Subscription: core.SubscriptionRef{ + ID: fftypes.NewUUID(), + Namespace: "ns1", + Name: "sub1", + }, + }, nil) + // Put a second in flight + ws.DeliveryRequest(connID, nil, &core.EventDelivery{ + EnrichedEvent: core.EnrichedEvent{ + Event: core.Event{ID: fftypes.NewUUID()}, + }, + Subscription: core.SubscriptionRef{ + ID: fftypes.NewUUID(), + Namespace: "ns1", + Name: "sub2", + }, + }, nil) + + b := <-wsc.Receive() + var res core.EventDelivery + err = json.Unmarshal(b, &res) + assert.NoError(t, err) + + assert.Equal(t, "ns1", res.Subscription.Namespace) + assert.Equal(t, "sub1", res.Subscription.Name) + err = wsc.Send(context.Background(), []byte(fmt.Sprintf(`{ + "type":"ack", + "id": "%s", + "subscription": { + "namespace": "ns1", + "name": "sub1" + } + }`, res.ID))) + assert.NoError(t, err) + + <-waitAcked + + // Check we left the right one behind + conn := ws.connections[connID] + assert.Equal(t, 1, len(conn.inflight)) + assert.Equal(t, "sub2", conn.inflight[0].Subscription.Name) + + cbs.AssertExpectations(t) +} + +func TestStartReceiveDurableUnauthorized(t *testing.T) { + cbs := &eventsmocks.Callbacks{} + _, wsc, cancel := newTestWebsockets(t, cbs, &testAuthorizer{}) + defer cancel() + var connID string + sub := cbs.On("RegisterConnection", + mock.MatchedBy(func(s string) bool { connID = s; return true }), + mock.MatchedBy(func(subMatch events.SubscriptionMatcher) bool { + return subMatch(core.SubscriptionRef{Namespace: "ns2", Name: "sub1"}) && + !subMatch(core.SubscriptionRef{Namespace: "ns1", Name: "sub2"}) + }), + ).Return(nil) + ack := cbs.On("DeliveryResponse", + mock.MatchedBy(func(s string) bool { return s == connID }), + mock.Anything).Return(nil) + + waitSubscribed := make(chan struct{}) + sub.RunFn = func(a mock.Arguments) { + close(waitSubscribed) + } + + waitAcked := make(chan struct{}) + ack.RunFn = func(a mock.Arguments) { + close(waitAcked) + } + + err := wsc.Send(context.Background(), []byte(`{"type":"start","namespace":"ns2","name":"sub1"}`)) + assert.NoError(t, err) + + b := <-wsc.Receive() + var res fftypes.JSONObject + err = json.Unmarshal(b, &res) + assert.NoError(t, err) + assert.Regexp(t, "FF00169", res.GetString("error")) +} + func TestAutoStartReceiveAckEphemeral(t *testing.T) { var connID string cbs := &eventsmocks.Callbacks{} @@ -300,7 +426,7 @@ func TestAutoStartReceiveAckEphemeral(t *testing.T) { close(waitAcked) } - ws, wsc, cancel := newTestWebsockets(t, cbs, "ephemeral", "namespace=ns1") + ws, wsc, cancel := newTestWebsockets(t, cbs, nil, "ephemeral", "namespace=ns1") defer cancel() <-waitSubscribed @@ -328,7 +454,7 @@ func TestAutoStartReceiveAckEphemeral(t *testing.T) { func TestAutoStartBadOptions(t *testing.T) { cbs := &eventsmocks.Callbacks{} - _, wsc, cancel := newTestWebsockets(t, cbs, "name=missingnamespace") + _, wsc, cancel := newTestWebsockets(t, cbs, nil, "name=missingnamespace") defer cancel() b := <-wsc.Receive() @@ -341,7 +467,7 @@ func TestAutoStartBadOptions(t *testing.T) { func TestAutoStartBadNamespace(t *testing.T) { cbs := &eventsmocks.Callbacks{} - _, wsc, cancel := newTestWebsockets(t, cbs, "ephemeral", "namespace=ns2") + _, wsc, cancel := newTestWebsockets(t, cbs, nil, "ephemeral", "namespace=ns2") defer cancel() b := <-wsc.Receive() @@ -454,7 +580,7 @@ func TestProtocolErrorSwallowsSendError(t *testing.T) { func TestSendLoopBadData(t *testing.T) { cbs := &eventsmocks.Callbacks{} - ws, wsc, cancel := newTestWebsockets(t, cbs) + ws, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() subscribedConn := make(chan string, 1) @@ -479,7 +605,7 @@ func TestSendLoopBadData(t *testing.T) { func TestUpgradeFail(t *testing.T) { cbs := &eventsmocks.Callbacks{} - _, wsc, cancel := newTestWebsockets(t, cbs) + _, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() u, _ := url.Parse(wsc.URL()) @@ -536,7 +662,7 @@ func TestDispatchAutoAck(t *testing.T) { func TestWebsocketSendAfterClose(t *testing.T) { cbs := &eventsmocks.Callbacks{} - ws, wsc, cancel := newTestWebsockets(t, cbs) + ws, wsc, cancel := newTestWebsockets(t, cbs, nil) defer cancel() subscribedConn := make(chan string, 1) diff --git a/internal/namespace/manager.go b/internal/namespace/manager.go index 807efa8d00..d0a749dfc9 100644 --- a/internal/namespace/manager.go +++ b/internal/namespace/manager.go @@ -21,6 +21,8 @@ import ( "encoding/json" "fmt" + "github.com/hyperledger/firefly-common/pkg/auth" + "github.com/hyperledger/firefly-common/pkg/auth/authfactory" "github.com/hyperledger/firefly-common/pkg/config" "github.com/hyperledger/firefly-common/pkg/fftypes" "github.com/hyperledger/firefly-common/pkg/i18n" @@ -56,6 +58,7 @@ var ( sharedstorageConfig = config.RootArray("plugins.sharedstorage") dataexchangeConfig = config.RootArray("plugins.dataexchange") identityConfig = config.RootArray("plugins.identity") + authConfig = config.RootArray("plugins.auth") // Deprecated configs deprecatedTokensConfig = config.RootArray("tokens") @@ -75,6 +78,7 @@ type Manager interface { GetNamespaces(ctx context.Context) ([]*core.Namespace, error) GetOperationByNamespacedID(ctx context.Context, nsOpID string) (*core.Operation, error) ResolveOperationByNamespacedID(ctx context.Context, nsOpID string, op *core.OperationUpdateDTO) error + Authorize(ctx context.Context, authReq *fftypes.AuthReq) error } type namespace struct { @@ -97,6 +101,7 @@ type namespaceManager struct { dataexchange map[string]dataExchangePlugin tokens map[string]tokensPlugin events map[string]eventsPlugin + auth map[string]authPlugin } metricsEnabled bool metrics metrics.Manager @@ -139,6 +144,11 @@ type eventsPlugin struct { plugin events.Plugin } +type authPlugin struct { + config config.Section + plugin auth.Plugin +} + func NewNamespaceManager(withDefaults bool) Manager { nm := &namespaceManager{ namespaces: make(map[string]*namespace), @@ -159,6 +169,7 @@ func NewNamespaceManager(withDefaults bool) Manager { iifactory.InitConfig(identityConfig) tifactory.InitConfigDeprecated(deprecatedTokensConfig) tifactory.InitConfig(tokensConfig) + authfactory.InitConfigArray(authConfig) return nm } @@ -308,6 +319,13 @@ func (nm *namespaceManager) loadPlugins(ctx context.Context) (err error) { } } + if nm.plugins.auth == nil { + nm.plugins.auth, err = nm.getAuthPlugin(ctx) + if err != nil { + return err + } + } + return nil } @@ -606,6 +624,11 @@ func (nm *namespaceManager) initPlugins(ctx context.Context) (err error) { return err } } + for name, entry := range nm.plugins.auth { + if err = entry.plugin.Init(nm.ctx, name, entry.config); err != nil { + return err + } + } return nil } @@ -805,6 +828,13 @@ func (nm *namespaceManager) validateMultiPartyConfig(ctx context.Context, name s } continue } + if instance, ok := nm.plugins.auth[pluginName]; ok { + result.Auth = orchestrator.AuthPlugin{ + Name: pluginName, + Plugin: instance.plugin, + } + continue + } return nil, i18n.NewError(ctx, coremsgs.MsgNamespaceUnknownPlugin, name, pluginName) } @@ -855,6 +885,13 @@ func (nm *namespaceManager) validateNonMultipartyConfig(ctx context.Context, nam }) continue } + if instance, ok := nm.plugins.auth[pluginName]; ok { + result.Auth = orchestrator.AuthPlugin{ + Name: pluginName, + Plugin: instance.plugin, + } + continue + } return nil, i18n.NewError(ctx, coremsgs.MsgNamespaceUnknownPlugin, name, pluginName) } @@ -937,3 +974,31 @@ func (nm *namespaceManager) getEventPlugins(ctx context.Context) (plugins map[st } return plugins, err } + +func (nm *namespaceManager) getAuthPlugin(ctx context.Context) (plugins map[string]authPlugin, err error) { + plugins = make(map[string]authPlugin) + + authConfigArraySize := authConfig.ArraySize() + for i := 0; i < authConfigArraySize; i++ { + config := authConfig.ArrayEntry(i) + name, pluginType, err := nm.validatePluginConfig(ctx, config, "auth") + if err != nil { + return nil, err + } + + plugin, err := authfactory.GetPlugin(ctx, pluginType) + if err != nil { + return nil, err + } + + plugins[name] = authPlugin{ + config: config.SubSection(pluginType), + plugin: plugin, + } + } + return plugins, err +} + +func (nm *namespaceManager) Authorize(ctx context.Context, authReq *fftypes.AuthReq) error { + return nm.Orchestrator(authReq.Namespace).Authorize(ctx, authReq) +} diff --git a/internal/namespace/manager_test.go b/internal/namespace/manager_test.go index 037d540d7f..7c49f5b21f 100644 --- a/internal/namespace/manager_test.go +++ b/internal/namespace/manager_test.go @@ -22,6 +22,8 @@ import ( "strings" "testing" + "github.com/hyperledger/firefly-common/mocks/authmocks" + "github.com/hyperledger/firefly-common/pkg/auth/authfactory" "github.com/hyperledger/firefly-common/pkg/config" "github.com/hyperledger/firefly-common/pkg/fftypes" "github.com/hyperledger/firefly/internal/blockchain/bifactory" @@ -54,14 +56,15 @@ import ( type testNamespaceManager struct { namespaceManager - mmi *metricsmocks.Manager - mae *spieventsmocks.Manager - mbi *blockchainmocks.Plugin - mdi *databasemocks.Plugin - mdx *dataexchangemocks.Plugin - mps *sharedstoragemocks.Plugin - mti *tokenmocks.Plugin - mev *eventsmocks.Plugin + mmi *metricsmocks.Manager + mae *spieventsmocks.Manager + mbi *blockchainmocks.Plugin + mdi *databasemocks.Plugin + mdx *dataexchangemocks.Plugin + mps *sharedstoragemocks.Plugin + mti *tokenmocks.Plugin + mev *eventsmocks.Plugin + auth *authmocks.Plugin } func (nm *testNamespaceManager) cleanup(t *testing.T) { @@ -72,6 +75,7 @@ func (nm *testNamespaceManager) cleanup(t *testing.T) { nm.mdx.AssertExpectations(t) nm.mps.AssertExpectations(t) nm.mti.AssertExpectations(t) + nm.auth.AssertExpectations(t) } func newTestNamespaceManager(resetConfig bool) *testNamespaceManager { @@ -81,14 +85,15 @@ func newTestNamespaceManager(resetConfig bool) *testNamespaceManager { namespaceConfig.AddKnownKey("predefined.0.multiparty.enabled", true) } nm := &testNamespaceManager{ - mmi: &metricsmocks.Manager{}, - mae: &spieventsmocks.Manager{}, - mbi: &blockchainmocks.Plugin{}, - mdi: &databasemocks.Plugin{}, - mdx: &dataexchangemocks.Plugin{}, - mps: &sharedstoragemocks.Plugin{}, - mti: &tokenmocks.Plugin{}, - mev: &eventsmocks.Plugin{}, + mmi: &metricsmocks.Manager{}, + mae: &spieventsmocks.Manager{}, + mbi: &blockchainmocks.Plugin{}, + mdi: &databasemocks.Plugin{}, + mdx: &dataexchangemocks.Plugin{}, + mps: &sharedstoragemocks.Plugin{}, + mti: &tokenmocks.Plugin{}, + mev: &eventsmocks.Plugin{}, + auth: &authmocks.Plugin{}, namespaceManager: namespaceManager{ ctx: context.Background(), namespaces: make(map[string]*namespace), @@ -116,6 +121,9 @@ func newTestNamespaceManager(resetConfig bool) *testNamespaceManager { nm.plugins.events = map[string]eventsPlugin{ "websockets": {plugin: nm.mev}, } + nm.plugins.auth = map[string]authPlugin{ + "basicauth": {plugin: nm.auth}, + } nm.namespaceManager.metrics = nm.mmi nm.namespaceManager.adminEvents = nm.mae return nm @@ -144,6 +152,7 @@ func TestInit(t *testing.T) { nm.mps.On("Init", mock.Anything, mock.Anything).Return(nil) nm.mti.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) nm.mev.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.auth.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) ctx, cancelCtx := context.WithCancel(context.Background()) err := nm.Init(ctx, cancelCtx) @@ -253,6 +262,26 @@ func TestInitEventsFail(t *testing.T) { assert.EqualError(t, err, "pop") } +func TestInitAuthFail(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + + nm.utOrchestrator = &orchestratormocks.Orchestrator{} + + nm.mdi.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.mdi.On("SetHandler", database.GlobalHandler, mock.Anything).Return() + nm.mbi.On("Init", mock.Anything, mock.Anything, nm.mmi).Return(nil) + nm.mdx.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.mps.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.mti.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) + nm.mev.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.auth.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(fmt.Errorf("pop")) + + ctx, cancelCtx := context.WithCancel(context.Background()) + err := nm.Init(ctx, cancelCtx) + assert.EqualError(t, err, "pop") +} + func TestInitOrchestratorFail(t *testing.T) { nm := newTestNamespaceManager(true) defer nm.cleanup(t) @@ -268,6 +297,7 @@ func TestInitOrchestratorFail(t *testing.T) { nm.mps.On("SetHandler", "default", mock.Anything).Return() nm.mti.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) nm.mev.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.auth.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) ctx, cancelCtx := context.WithCancel(context.Background()) err := nm.Init(ctx, cancelCtx) @@ -295,6 +325,7 @@ func TestInitVersion1(t *testing.T) { nm.mps.On("Init", mock.Anything, mock.Anything).Return(nil) nm.mti.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) nm.mev.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.auth.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) ctx, cancelCtx := context.WithCancel(context.Background()) err := nm.Init(ctx, cancelCtx) @@ -328,6 +359,7 @@ func TestInitVersion1Fail(t *testing.T) { nm.mps.On("Init", mock.Anything, mock.Anything).Return(nil) nm.mti.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) nm.mev.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.auth.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) ctx, cancelCtx := context.WithCancel(context.Background()) err := nm.Init(ctx, cancelCtx) @@ -699,6 +731,43 @@ func TestEventsPluginDefaults(t *testing.T) { assert.NoError(t, err) } +func TestAuthPlugin(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + authfactory.InitConfigArray(authConfig) + config.Set("plugins.auth", []fftypes.JSONObject{{}}) + authConfig.AddKnownKey(coreconfig.PluginConfigName, "basicauth") + authConfig.AddKnownKey(coreconfig.PluginConfigType, "basic") + plugins, err := nm.getAuthPlugin(context.Background()) + assert.Equal(t, 1, len(plugins)) + assert.NoError(t, err) +} + +func TestAuthPluginBadType(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + nm.plugins.auth = nil + authfactory.InitConfigArray(authConfig) + config.Set("plugins.auth", []fftypes.JSONObject{{}}) + authConfig.AddKnownKey(coreconfig.PluginConfigName, "basicauth") + authConfig.AddKnownKey(coreconfig.PluginConfigType, "wrong") + ctx, cancelCtx := context.WithCancel(context.Background()) + err := nm.Init(ctx, cancelCtx) + assert.Error(t, err) +} + +func TestAuthPluginInvalid(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + authfactory.InitConfigArray(authConfig) + config.Set("plugins.auth", []fftypes.JSONObject{{}}) + authConfig.AddKnownKey(coreconfig.PluginConfigName, "bad name not allowed") + authConfig.AddKnownKey(coreconfig.PluginConfigType, "basic") + plugins, err := nm.getAuthPlugin(context.Background()) + assert.Equal(t, 0, len(plugins)) + assert.Error(t, err) +} + func TestEventsPluginBadType(t *testing.T) { nm := newTestNamespaceManager(true) defer nm.cleanup(t) @@ -722,6 +791,7 @@ func TestInitBadNamespace(t *testing.T) { nm.mps.On("Init", mock.Anything, mock.Anything).Return(nil) nm.mti.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) nm.mev.On("Init", mock.Anything, mock.Anything).Return(nil) + nm.auth.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil) viper.SetConfigType("yaml") err := viper.ReadConfig(strings.NewReader(` @@ -947,6 +1017,46 @@ func TestLoadNamespacesMultipartyMultipleDB(t *testing.T) { assert.Regexp(t, "FF10394.*database", err) } +func TestLoadNamespacesMultipartyWithAuth(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + + viper.SetConfigType("yaml") + err := viper.ReadConfig(strings.NewReader(` + namespaces: + default: ns1 + predefined: + - name: ns1 + plugins: [ethereum, postgres, ipfs, ffdx, basicauth] + multiparty: + enabled: true + `)) + assert.NoError(t, err) + + err = nm.loadNamespaces(context.Background()) + assert.NoError(t, err) +} + +func TestLoadNamespacesNonMultipartyWithAuth(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + + viper.SetConfigType("yaml") + err := viper.ReadConfig(strings.NewReader(` + namespaces: + default: ns1 + predefined: + - name: ns1 + plugins: [ethereum, postgres, basicauth] + multiparty: + enabled: false + `)) + assert.NoError(t, err) + + err = nm.loadNamespaces(context.Background()) + assert.NoError(t, err) +} + func TestLoadNamespacesMultipartyContract(t *testing.T) { nm := newTestNamespaceManager(true) defer nm.cleanup(t) @@ -1363,3 +1473,18 @@ func TestResolveOperationByNamespacedIDNoOrchestrator(t *testing.T) { mo.AssertExpectations(t) } + +func TestAuthorize(t *testing.T) { + nm := newTestNamespaceManager(true) + defer nm.cleanup(t) + or := &orchestratormocks.Orchestrator{} + or.On("Authorize", mock.Anything, mock.Anything).Return(nil) + nm.namespaces["ns1"] = &namespace{ + orchestrator: or, + } + nm.utOrchestrator = or + err := nm.Authorize(context.Background(), &fftypes.AuthReq{ + Namespace: "ns1", + }) + assert.NoError(t, err) +} diff --git a/internal/orchestrator/orchestrator.go b/internal/orchestrator/orchestrator.go index dc556a3b69..57de36fffc 100644 --- a/internal/orchestrator/orchestrator.go +++ b/internal/orchestrator/orchestrator.go @@ -19,6 +19,7 @@ package orchestrator import ( "context" + "github.com/hyperledger/firefly-common/pkg/auth" "github.com/hyperledger/firefly-common/pkg/fftypes" "github.com/hyperledger/firefly-common/pkg/i18n" "github.com/hyperledger/firefly-common/pkg/log" @@ -116,6 +117,9 @@ type Orchestrator interface { // Network Operations SubmitNetworkAction(ctx context.Context, action *core.NetworkAction) error + + // Authorizer + Authorize(ctx context.Context, authReq *fftypes.AuthReq) error } type BlockchainPlugin struct { @@ -148,6 +152,11 @@ type IdentityPlugin struct { Plugin idplugin.Plugin } +type AuthPlugin struct { + Name string + Plugin auth.Plugin +} + type Plugins struct { Blockchain BlockchainPlugin Identity IdentityPlugin @@ -156,6 +165,7 @@ type Plugins struct { Database DatabasePlugin Tokens []TokensPlugin Events map[string]eventsplugin.Plugin + Auth AuthPlugin } type Config struct { @@ -506,3 +516,11 @@ func (or *orchestrator) SubmitNetworkAction(ctx context.Context, action *core.Ne } return or.multiparty.SubmitNetworkAction(ctx, key, action) } + +func (or *orchestrator) Authorize(ctx context.Context, authReq *fftypes.AuthReq) error { + authReq.Namespace = or.namespace + if or.plugins.Auth.Plugin != nil { + return or.plugins.Auth.Plugin.Authorize(ctx, authReq) + } + return nil +} diff --git a/internal/orchestrator/orchestrator_test.go b/internal/orchestrator/orchestrator_test.go index 2663698277..aa48d5e66e 100644 --- a/internal/orchestrator/orchestrator_test.go +++ b/internal/orchestrator/orchestrator_test.go @@ -21,6 +21,8 @@ import ( "fmt" "testing" + "github.com/hyperledger/firefly-common/mocks/authmocks" + "github.com/hyperledger/firefly-common/pkg/fftypes" "github.com/hyperledger/firefly/internal/coreconfig" "github.com/hyperledger/firefly/internal/identity" "github.com/hyperledger/firefly/mocks/assetmocks" @@ -428,3 +430,18 @@ func TestNetworkActionNonMultiparty(t *testing.T) { err := or.SubmitNetworkAction(context.Background(), &core.NetworkAction{Type: core.NetworkActionTerminate}) assert.Regexp(t, "FF10414", err) } + +func TestAuthorize(t *testing.T) { + or := newTestOrchestrator() + auth := &authmocks.Plugin{} + auth.On("Authorize", mock.Anything, mock.Anything).Return(nil) + or.plugins.Auth.Plugin = auth + err := or.Authorize(context.Background(), &fftypes.AuthReq{}) + assert.NoError(t, err) +} + +func TestAuthorizeNoPlugin(t *testing.T) { + or := newTestOrchestrator() + err := or.Authorize(context.Background(), &fftypes.AuthReq{}) + assert.NoError(t, err) +} diff --git a/mocks/namespacemocks/manager.go b/mocks/namespacemocks/manager.go index 32dfaaf288..5105fcdc20 100644 --- a/mocks/namespacemocks/manager.go +++ b/mocks/namespacemocks/manager.go @@ -5,7 +5,9 @@ package namespacemocks import ( context "context" + fftypes "github.com/hyperledger/firefly-common/pkg/fftypes" core "github.com/hyperledger/firefly/pkg/core" + mock "github.com/stretchr/testify/mock" orchestrator "github.com/hyperledger/firefly/internal/orchestrator" @@ -18,6 +20,20 @@ type Manager struct { mock.Mock } +// Authorize provides a mock function with given fields: ctx, authReq +func (_m *Manager) Authorize(ctx context.Context, authReq *fftypes.AuthReq) error { + ret := _m.Called(ctx, authReq) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *fftypes.AuthReq) error); ok { + r0 = rf(ctx, authReq) + } else { + r0 = ret.Error(0) + } + + return r0 +} + // GetNamespaces provides a mock function with given fields: ctx func (_m *Manager) GetNamespaces(ctx context.Context) ([]*core.Namespace, error) { ret := _m.Called(ctx) diff --git a/mocks/orchestratormocks/orchestrator.go b/mocks/orchestratormocks/orchestrator.go index cfb6babdee..38c5afe8f2 100644 --- a/mocks/orchestratormocks/orchestrator.go +++ b/mocks/orchestratormocks/orchestrator.go @@ -22,6 +22,8 @@ import ( events "github.com/hyperledger/firefly/internal/events" + fftypes "github.com/hyperledger/firefly-common/pkg/fftypes" + mock "github.com/stretchr/testify/mock" multiparty "github.com/hyperledger/firefly/internal/multiparty" @@ -54,6 +56,20 @@ func (_m *Orchestrator) Assets() assets.Manager { return r0 } +// Authorize provides a mock function with given fields: ctx, authReq +func (_m *Orchestrator) Authorize(ctx context.Context, authReq *fftypes.AuthReq) error { + ret := _m.Called(ctx, authReq) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *fftypes.AuthReq) error); ok { + r0 = rf(ctx, authReq) + } else { + r0 = ret.Error(0) + } + + return r0 +} + // BatchManager provides a mock function with given fields: func (_m *Orchestrator) BatchManager() batch.Manager { ret := _m.Called() diff --git a/pkg/core/authorizer.go b/pkg/core/authorizer.go new file mode 100644 index 0000000000..76b7586cfc --- /dev/null +++ b/pkg/core/authorizer.go @@ -0,0 +1,27 @@ +// Copyright © 2022 Kaleido, Inc. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package core + +import ( + "context" + + "github.com/hyperledger/firefly-common/pkg/fftypes" +) + +type Authorizer interface { + Authorize(ctx context.Context, authReq *fftypes.AuthReq) error +} diff --git a/pkg/events/plugin.go b/pkg/events/plugin.go index 8697f4d47d..29a1badbe2 100644 --- a/pkg/events/plugin.go +++ b/pkg/events/plugin.go @@ -55,7 +55,7 @@ type SubscriptionMatcher func(core.SubscriptionRef) bool type Callbacks interface { - // RegisterConnection can be fired as often as requied. + // RegisterConnection can be fired as often as required. // Dispatchers will be started against this connection for all persisted subscriptions that match via the supplied function. // It can be fired multiple times for the same connection ID, to update the subscription list // For a "connect-out" style plugin (MQTT/AMQP/JMS broker), you might fire it at startup (from Init) for each target queue, with a subscription match