mirror/wakapi
1
0
Fork 0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00
Code Issues Projects Releases Wiki Activity

Merge branch 'auth' of https://github.com/gaocegege/wakapi into gaocegege-auth

Browse Source
This commit is contained in:
Ferdinand Mütsch 2021-10-11 11:22:01 +02:00
commit 52744dbcd0
2 changed files with 82 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
middlewares/authenticate.go
View File

@ -1,12 +1,23 @@
package middlewares package middlewares
import ( import (
"fmt"
"net/http"
"strings"
conf "github.com/muety/wakapi/config" conf "github.com/muety/wakapi/config"
"github.com/muety/wakapi/models" "github.com/muety/wakapi/models"
"github.com/muety/wakapi/services" "github.com/muety/wakapi/services"
"github.com/muety/wakapi/utils" "github.com/muety/wakapi/utils"
"net/http" )
"strings"
const (
// queryApiKey is the query parameter name for api key.
queryApiKey = "api_key"
)
var (
errEmptyKey = fmt.Errorf("the api_key is empty")
) )
type AuthenticateMiddleware struct { type AuthenticateMiddleware struct {
@ -45,7 +56,10 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
user, err := m.tryGetUserByCookie(r) user, err := m.tryGetUserByCookie(r)
if err != nil { if err != nil {
user, err = m.tryGetUserByApiKey(r) user, err = m.tryGetUserByApiKeyHeader(r)
}
if err != nil {
user, err = m.tryGetUserByApiKeyQuery(r)
} }
if err != nil || user == nil { if err != nil || user == nil {
@ -77,7 +91,7 @@ func (m *AuthenticateMiddleware) isOptional(requestPath string) bool {
return false return false
} }
func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, error) { func (m *AuthenticateMiddleware) tryGetUserByApiKeyHeader(r *http.Request) (*models.User, error) {
key, err := utils.ExtractBearerAuth(r) key, err := utils.ExtractBearerAuth(r)
if err != nil { if err != nil {
return nil, err return nil, err
@ -92,6 +106,20 @@ func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.Us
return user, nil return user, nil
} }
func (m *AuthenticateMiddleware) tryGetUserByApiKeyQuery(r *http.Request) (*models.User, error) {
key := r.URL.Query().Get(queryApiKey)
var user *models.User
userKey := strings.TrimSpace(key)
if userKey == "" {
return nil, errEmptyKey
}
user, err := m.userSrvc.GetUserByKey(userKey)
if err != nil {
return nil, err
}
return user, nil
}
func (m *AuthenticateMiddleware) tryGetUserByCookie(r *http.Request) (*models.User, error) { func (m *AuthenticateMiddleware) tryGetUserByCookie(r *http.Request) (*models.User, error) {
username, err := utils.ExtractCookieAuth(r, m.config) username, err := utils.ExtractCookieAuth(r, m.config)
if err != nil { if err != nil {

56
middlewares/authenticate_test.go
View File

@ -3,14 +3,16 @@ package middlewares
import ( import (
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"net/http"
"net/url"
"testing"
"github.com/muety/wakapi/mocks" "github.com/muety/wakapi/mocks"
"github.com/muety/wakapi/models" "github.com/muety/wakapi/models"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"net/http"
"testing"
) )
func TestAuthenticateMiddleware_tryGetUserByApiKey_Success(t *testing.T) { func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Success(t *testing.T) {
testApiKey := "z5uig69cn9ut93n" testApiKey := "z5uig69cn9ut93n"
testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey)) testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
testUser := &models.User{ApiKey: testApiKey} testUser := &models.User{ApiKey: testApiKey}
@ -26,13 +28,13 @@ func TestAuthenticateMiddleware_tryGetUserByApiKey_Success(t *testing.T) {
sut := NewAuthenticateMiddleware(userServiceMock) sut := NewAuthenticateMiddleware(userServiceMock)
result, err := sut.tryGetUserByApiKey(mockRequest) result, err := sut.tryGetUserByApiKeyHeader(mockRequest)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, testUser, result) assert.Equal(t, testUser, result)
} }
func TestAuthenticateMiddleware_tryGetUserByApiKey_InvalidHeader(t *testing.T) { func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Invalid(t *testing.T) {
testApiKey := "z5uig69cn9ut93n" testApiKey := "z5uig69cn9ut93n"
testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey)) testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
@ -47,10 +49,52 @@ func TestAuthenticateMiddleware_tryGetUserByApiKey_InvalidHeader(t *testing.T) {
sut := NewAuthenticateMiddleware(userServiceMock) sut := NewAuthenticateMiddleware(userServiceMock)
result, err := sut.tryGetUserByApiKey(mockRequest) result, err := sut.tryGetUserByApiKeyHeader(mockRequest)
assert.Error(t, err) assert.Error(t, err)
assert.Nil(t, result) assert.Nil(t, result)
} }
func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Success(t *testing.T) {
testApiKey := "z5uig69cn9ut93n"
testUser := &models.User{ApiKey: testApiKey}
mockRequest := &http.Request{
URL: &url.URL{
RawQuery: fmt.Sprintf("api_token=%s", testApiKey),
},
}
userServiceMock := new(mocks.UserServiceMock)
userServiceMock.On("GetUserByKey", testApiKey).Return(testUser, nil)
sut := NewAuthenticateMiddleware(userServiceMock)
result, err := sut.tryGetUserByApiKeyQuery(mockRequest)
assert.Nil(t, err)
assert.Equal(t, testUser, result)
}
func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Invalid(t *testing.T) {
testApiKey := "z5uig69cn9ut93n"
mockRequest := &http.Request{
URL: &url.URL{
// Use the wrong parameter name.
RawQuery: fmt.Sprintf("token=%s", testApiKey),
},
}
userServiceMock := new(mocks.UserServiceMock)
sut := NewAuthenticateMiddleware(userServiceMock)
result, actualErr := sut.tryGetUserByApiKeyQuery(mockRequest)
assert.Error(t, actualErr)
assert.Equal(t, errEmptyKey, actualErr)
assert.Nil(t, result)
}
// TODO: somehow test cookie auth function // TODO: somehow test cookie auth function