Merge branch 'auth' of https://github.com/gaocegege/wakapi into gaocegege-auth

2021-10-11 11:22:01 +02:00 · 2021-10-11 11:22:01 +02:00 · 52744dbcd0
parent cc11226eab d2f078443e
commit 52744dbcd0
2 changed files with 82 additions and 10 deletions
--- a/middlewares/authenticate.go
+++ b/middlewares/authenticate.go
@ -1,12 +1,23 @@
 package middlewares

 import (
+	"fmt"
+	"net/http"
+	"strings"
+
 	conf "github.com/muety/wakapi/config"
 	"github.com/muety/wakapi/models"
 	"github.com/muety/wakapi/services"
 	"github.com/muety/wakapi/utils"
-	"net/http"
-	"strings"
+)
+
+const (
+	// queryApiKey is the query parameter name for api key.
+	queryApiKey = "api_key"
+)
+
+var (
+	errEmptyKey = fmt.Errorf("the api_key is empty")
 )

 type AuthenticateMiddleware struct {
@ -45,7 +56,10 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
 	user, err := m.tryGetUserByCookie(r)

 	if err != nil {
-		user, err = m.tryGetUserByApiKey(r)
+		user, err = m.tryGetUserByApiKeyHeader(r)
+	}
+	if err != nil {
+		user, err = m.tryGetUserByApiKeyQuery(r)
 	}

 	if err != nil || user == nil {
@ -77,7 +91,7 @@ func (m *AuthenticateMiddleware) isOptional(requestPath string) bool {
 	return false
 }

-func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, error) {
+func (m *AuthenticateMiddleware) tryGetUserByApiKeyHeader(r *http.Request) (*models.User, error) {
 	key, err := utils.ExtractBearerAuth(r)
 	if err != nil {
 		return nil, err
@ -92,6 +106,20 @@ func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.Us
 	return user, nil
 }

+func (m *AuthenticateMiddleware) tryGetUserByApiKeyQuery(r *http.Request) (*models.User, error) {
+	key := r.URL.Query().Get(queryApiKey)
+	var user *models.User
+	userKey := strings.TrimSpace(key)
+	if userKey == "" {
+		return nil, errEmptyKey
+	}
+	user, err := m.userSrvc.GetUserByKey(userKey)
+	if err != nil {
+		return nil, err
+	}
+	return user, nil
+}
+
 func (m *AuthenticateMiddleware) tryGetUserByCookie(r *http.Request) (*models.User, error) {
 	username, err := utils.ExtractCookieAuth(r, m.config)
 	if err != nil {
--- a/middlewares/authenticate_test.go
+++ b/middlewares/authenticate_test.go
@ -3,14 +3,16 @@ package middlewares
 import (
 	"encoding/base64"
 	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
 	"github.com/muety/wakapi/mocks"
 	"github.com/muety/wakapi/models"
 	"github.com/stretchr/testify/assert"
-	"net/http"
-	"testing"
 )

-func TestAuthenticateMiddleware_tryGetUserByApiKey_Success(t *testing.T) {
+func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Success(t *testing.T) {
 	testApiKey := "z5uig69cn9ut93n"
 	testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
 	testUser := &models.User{ApiKey: testApiKey}
@ -26,13 +28,13 @@ func TestAuthenticateMiddleware_tryGetUserByApiKey_Success(t *testing.T) {

 	sut := NewAuthenticateMiddleware(userServiceMock)

-	result, err := sut.tryGetUserByApiKey(mockRequest)
+	result, err := sut.tryGetUserByApiKeyHeader(mockRequest)

 	assert.Nil(t, err)
 	assert.Equal(t, testUser, result)
 }

-func TestAuthenticateMiddleware_tryGetUserByApiKey_InvalidHeader(t *testing.T) {
+func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Invalid(t *testing.T) {
 	testApiKey := "z5uig69cn9ut93n"
 	testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))

@ -47,10 +49,52 @@ func TestAuthenticateMiddleware_tryGetUserByApiKey_InvalidHeader(t *testing.T) {

 	sut := NewAuthenticateMiddleware(userServiceMock)

-	result, err := sut.tryGetUserByApiKey(mockRequest)
+	result, err := sut.tryGetUserByApiKeyHeader(mockRequest)

 	assert.Error(t, err)
 	assert.Nil(t, result)
 }

+func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Success(t *testing.T) {
+	testApiKey := "z5uig69cn9ut93n"
+	testUser := &models.User{ApiKey: testApiKey}
+
+	mockRequest := &http.Request{
+		URL: &url.URL{
+			RawQuery: fmt.Sprintf("api_token=%s", testApiKey),
+		},
+	}
+
+	userServiceMock := new(mocks.UserServiceMock)
+	userServiceMock.On("GetUserByKey", testApiKey).Return(testUser, nil)
+
+	sut := NewAuthenticateMiddleware(userServiceMock)
+
+	result, err := sut.tryGetUserByApiKeyQuery(mockRequest)
+
+	assert.Nil(t, err)
+	assert.Equal(t, testUser, result)
+}
+
+func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Invalid(t *testing.T) {
+	testApiKey := "z5uig69cn9ut93n"
+
+	mockRequest := &http.Request{
+		URL: &url.URL{
+			// Use the wrong parameter name.
+			RawQuery: fmt.Sprintf("token=%s", testApiKey),
+		},
+	}
+
+	userServiceMock := new(mocks.UserServiceMock)
+
+	sut := NewAuthenticateMiddleware(userServiceMock)
+
+	result, actualErr := sut.tryGetUserByApiKeyQuery(mockRequest)
+
+	assert.Error(t, actualErr)
+	assert.Equal(t, errEmptyKey, actualErr)
+	assert.Nil(t, result)
+}
+
 // TODO: somehow test cookie auth function