-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor JWT authentication and add tests
- Loading branch information
1 parent
73387ef
commit 85c1045
Showing
4 changed files
with
186 additions
and
185 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,113 +1,113 @@ | ||
package rest | ||
|
||
import ( | ||
"fmt" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
"io" | ||
"net/http" | ||
"net/http/httptest" | ||
"testing" | ||
"io" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
"fmt" | ||
) | ||
|
||
func TestHeaderJwtTokenAuth(t *testing.T) { | ||
jwtToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.WKQfGgHiRhXdkdz6Qy90gMQhYf3uK-GMeyAQBEs1EbQ" | ||
jwtFail := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.1F5StBaWKNe53iB2919Agg3nMcCdwINDWlT0sNBaMbE" | ||
jwtToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.WKQfGgHiRhXdkdz6Qy90gMQhYf3uK-GMeyAQBEs1EbQ" | ||
jwtFail := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.1F5StBaWKNe53iB2919Agg3nMcCdwINDWlT0sNBaMbE" | ||
|
||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
_, err := w.Write([]byte("blabla blabla")) | ||
require.NoError(t, err) | ||
}) | ||
headerName := "Api-Token" | ||
ts := httptest.NewServer(AuthenticationJwt( | ||
headerName, | ||
"1234567890", | ||
func(claims map[string]interface{}) error {return nil})(handler)) | ||
defer ts.Close() | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtToken) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, 200, resp.StatusCode) | ||
defer resp.Body.Close() | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, "invalid") | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "Invalid token\n", string(b)) | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtFail) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusForbidden, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "Forbidden\n", string(b)) | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusForbidden, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "Can not find token in header\n", string(b)) | ||
} | ||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
_, err := w.Write([]byte("blabla blabla")) | ||
require.NoError(t, err) | ||
}) | ||
headerName := "Api-Token" | ||
ts := httptest.NewServer(AuthenticationJwt( | ||
headerName, | ||
"1234567890", | ||
func(claims map[string]interface{}) error { return nil })(handler)) | ||
defer ts.Close() | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtToken) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, 200, resp.StatusCode) | ||
defer resp.Body.Close() | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, "invalid") | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "Invalid token\n", string(b)) | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtFail) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusForbidden, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "Forbidden\n", string(b)) | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusForbidden, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "Can not find token in header\n", string(b)) | ||
} | ||
} | ||
|
||
func TestHeaderJwtTokenAuthCheckClaim(t *testing.T) { | ||
jwtToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiMTIzIn0.tsuWzcw0zCYzHoq0Kflun7cxVJWKMdQwWczNhU2h2IQ" | ||
jwtFail := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub3RfdXNlciI6IjEyMyJ9.wGj6rh93KK83eaehCoxwmMCyEvyEQXadeJykayMkEd8" | ||
jwtToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiMTIzIn0.tsuWzcw0zCYzHoq0Kflun7cxVJWKMdQwWczNhU2h2IQ" | ||
jwtFail := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub3RfdXNlciI6IjEyMyJ9.wGj6rh93KK83eaehCoxwmMCyEvyEQXadeJykayMkEd8" | ||
|
||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
_, err := w.Write([]byte("blabla blabla")) | ||
require.NoError(t, err) | ||
}) | ||
headerName := "Api-Token" | ||
ts := httptest.NewServer(AuthenticationJwt( | ||
headerName, | ||
"1234567890", | ||
func(claims map[string]interface{}) error { | ||
if claims["user_id"] == nil { | ||
return fmt.Errorf("user_id not found") | ||
} | ||
return nil | ||
})(handler)) | ||
defer ts.Close() | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtToken) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, 200, resp.StatusCode) | ||
defer resp.Body.Close() | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtFail) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "user_id not found\n", string(b)) | ||
} | ||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
_, err := w.Write([]byte("blabla blabla")) | ||
require.NoError(t, err) | ||
}) | ||
headerName := "Api-Token" | ||
ts := httptest.NewServer(AuthenticationJwt( | ||
headerName, | ||
"1234567890", | ||
func(claims map[string]interface{}) error { | ||
if claims["user_id"] == nil { | ||
return fmt.Errorf("user_id not found") | ||
} | ||
return nil | ||
})(handler)) | ||
defer ts.Close() | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtToken) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, 200, resp.StatusCode) | ||
defer resp.Body.Close() | ||
} | ||
{ | ||
req, err := http.NewRequest("GET", ts.URL+"/ping", nil) | ||
require.NoError(t, err) | ||
req.Header.Set(headerName, jwtFail) | ||
resp, err := http.DefaultClient.Do(req) | ||
require.NoError(t, err) | ||
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) | ||
defer resp.Body.Close() | ||
b, err := io.ReadAll(resp.Body) | ||
assert.NoError(t, err) | ||
assert.Equal(t, "user_id not found\n", string(b)) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,19 @@ | ||
package rest | ||
|
||
import ( | ||
"net/http" | ||
"net/http" | ||
) | ||
|
||
func Authentication(headerName, token string) func(http.Handler) http.Handler { | ||
return func(next http.Handler) http.Handler { | ||
fn := func(w http.ResponseWriter, r *http.Request) { | ||
apiToken := r.Header.Get(headerName) | ||
if apiToken != token { | ||
http.Error(w, "Unauthorized", http.StatusUnauthorized) | ||
return | ||
} | ||
} | ||
return http.HandlerFunc(fn) | ||
} | ||
return func(next http.Handler) http.Handler { | ||
fn := func(w http.ResponseWriter, r *http.Request) { | ||
apiToken := r.Header.Get(headerName) | ||
if apiToken != token { | ||
http.Error(w, "Unauthorized", http.StatusUnauthorized) | ||
return | ||
} | ||
next.ServeHTTP(w, r) | ||
} | ||
return http.HandlerFunc(fn) | ||
} | ||
} |
Oops, something went wrong.