mirror of
https://github.com/muety/wakapi.git
synced 2023-08-10 21:12:56 +03:00
Merge branch 'auth' of https://github.com/gaocegege/wakapi into gaocegege-auth
This commit is contained in:
Ferdinand Mütsch
commit
52744dbcd0
@ -1,12 +1,23 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
conf "github.com/muety/wakapi/config"
|
||||
"github.com/muety/wakapi/models"
|
||||
"github.com/muety/wakapi/services"
|
||||
"github.com/muety/wakapi/utils"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
// queryApiKey is the query parameter name for api key.
|
||||
queryApiKey = "api_key"
|
||||
)
|
||||
|
||||
var (
|
||||
errEmptyKey = fmt.Errorf("the api_key is empty")
|
||||
)
|
||||
|
||||
type AuthenticateMiddleware struct {
|
||||
@ -45,7 +56,10 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
|
||||
user, err := m.tryGetUserByCookie(r)
|
||||
|
||||
if err != nil {
|
||||
user, err = m.tryGetUserByApiKey(r)
|
||||
user, err = m.tryGetUserByApiKeyHeader(r)
|
||||
}
|
||||
if err != nil {
|
||||
user, err = m.tryGetUserByApiKeyQuery(r)
|
||||
}
|
||||
|
||||
if err != nil || user == nil {
|
||||
@ -77,7 +91,7 @@ func (m *AuthenticateMiddleware) isOptional(requestPath string) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, error) {
|
||||
func (m *AuthenticateMiddleware) tryGetUserByApiKeyHeader(r *http.Request) (*models.User, error) {
|
||||
key, err := utils.ExtractBearerAuth(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -92,6 +106,20 @@ func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.Us
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func (m *AuthenticateMiddleware) tryGetUserByApiKeyQuery(r *http.Request) (*models.User, error) {
|
||||
key := r.URL.Query().Get(queryApiKey)
|
||||
var user *models.User
|
||||
userKey := strings.TrimSpace(key)
|
||||
if userKey == "" {
|
||||
return nil, errEmptyKey
|
||||
}
|
||||
user, err := m.userSrvc.GetUserByKey(userKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func (m *AuthenticateMiddleware) tryGetUserByCookie(r *http.Request) (*models.User, error) {
|
||||
username, err := utils.ExtractCookieAuth(r, m.config)
|
||||
if err != nil {
|
||||
|
||||
@ -3,14 +3,16 @@ package middlewares
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"testing"
|
||||
|
||||
"github.com/muety/wakapi/mocks"
|
||||
"github.com/muety/wakapi/models"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"net/http"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestAuthenticateMiddleware_tryGetUserByApiKey_Success(t *testing.T) {
|
||||
func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Success(t *testing.T) {
|
||||
testApiKey := "z5uig69cn9ut93n"
|
||||
testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
|
||||
testUser := &models.User{ApiKey: testApiKey}
|
||||
@ -26,13 +28,13 @@ func TestAuthenticateMiddleware_tryGetUserByApiKey_Success(t *testing.T) {
|
||||
|
||||
sut := NewAuthenticateMiddleware(userServiceMock)
|
||||
|
||||
result, err := sut.tryGetUserByApiKey(mockRequest)
|
||||
result, err := sut.tryGetUserByApiKeyHeader(mockRequest)
|
||||
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, testUser, result)
|
||||
}
|
||||
|
||||
func TestAuthenticateMiddleware_tryGetUserByApiKey_InvalidHeader(t *testing.T) {
|
||||
func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Invalid(t *testing.T) {
|
||||
testApiKey := "z5uig69cn9ut93n"
|
||||
testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
|
||||
|
||||
@ -47,10 +49,52 @@ func TestAuthenticateMiddleware_tryGetUserByApiKey_InvalidHeader(t *testing.T) {
|
||||
|
||||
sut := NewAuthenticateMiddleware(userServiceMock)
|
||||
|
||||
result, err := sut.tryGetUserByApiKey(mockRequest)
|
||||
result, err := sut.tryGetUserByApiKeyHeader(mockRequest)
|
||||
|
||||
assert.Error(t, err)
|
||||
assert.Nil(t, result)
|
||||
}
|
||||
|
||||
func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Success(t *testing.T) {
|
||||
testApiKey := "z5uig69cn9ut93n"
|
||||
testUser := &models.User{ApiKey: testApiKey}
|
||||
|
||||
mockRequest := &http.Request{
|
||||
URL: &url.URL{
|
||||
RawQuery: fmt.Sprintf("api_token=%s", testApiKey),
|
||||
},
|
||||
}
|
||||
|
||||
userServiceMock := new(mocks.UserServiceMock)
|
||||
userServiceMock.On("GetUserByKey", testApiKey).Return(testUser, nil)
|
||||
|
||||
sut := NewAuthenticateMiddleware(userServiceMock)
|
||||
|
||||
result, err := sut.tryGetUserByApiKeyQuery(mockRequest)
|
||||
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, testUser, result)
|
||||
}
|
||||
|
||||
func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Invalid(t *testing.T) {
|
||||
testApiKey := "z5uig69cn9ut93n"
|
||||
|
||||
mockRequest := &http.Request{
|
||||
URL: &url.URL{
|
||||
// Use the wrong parameter name.
|
||||
RawQuery: fmt.Sprintf("token=%s", testApiKey),
|
||||
},
|
||||
}
|
||||
|
||||
userServiceMock := new(mocks.UserServiceMock)
|
||||
|
||||
sut := NewAuthenticateMiddleware(userServiceMock)
|
||||
|
||||
result, actualErr := sut.tryGetUserByApiKeyQuery(mockRequest)
|
||||
|
||||
assert.Error(t, actualErr)
|
||||
assert.Equal(t, errEmptyKey, actualErr)
|
||||
assert.Nil(t, result)
|
||||
}
|
||||
|
||||
// TODO: somehow test cookie auth function
|
||||
|
||||
Loading…
Reference in New Issue
Block a user