feat: handle auth adapters

2021-05-18 09:59:49 +02:00 · 2021-05-18 09:59:49 +02:00 · 4a62df8029
parent 4f55302e8a
commit 4a62df8029
2 changed files with 165 additions and 0 deletions
--- a/handler.go
+++ b/handler.go
@ -50,6 +50,29 @@ func (s Handler) resolve(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	var auth = api.Auth{
+		Required: service.Scope,
+		Active:   []string{},
+	}
+
+	// 5. run auth-aware middlewares
+	var h = api.AuthHandlerFunc(func(a api.Auth, w http.ResponseWriter, r *http.Request) {
+		if !a.Granted() {
+			handleError(api.ErrPermission, w, r)
+			return
+		}
+
+		s.handle(input, handler, service, w, r)
+	})
+
+	for _, adapter := range s.authAdapters {
+		h = adapter(h)
+	}
+	h(auth, w, r)
+
+}
+
+func (s *Handler) handle(input *reqdata.T, handler *apiHandler, service *config.Service, w http.ResponseWriter, r *http.Request) {
 	// 5. pass execution to the handler
 	ctx := api.Ctx{Res: w, Req: r}
 	var outData, outErr = handler.dyn.Handle(ctx, input.Data)
--- a/handler_test.go
+++ b/handler_test.go
@ -97,3 +97,145 @@ func TestWith(t *testing.T) {
 	}

 }
+
+func TestWithAuth(t *testing.T) {
+
+	tt := []struct {
+		name        string
+		manifest    string
+		permissions []string
+		granted     bool
+	}{
+		{
+			name:        "provide only requirement A",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A"},
+			granted:     true,
+		},
+		{
+			name:        "missing requirement",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{},
+			granted:     false,
+		},
+		{
+			name:        "missing requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{},
+			granted:     false,
+		},
+		{
+			name:        "missing some requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A"},
+			granted:     false,
+		},
+		{
+			name:        "provide requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A", "B"},
+			granted:     true,
+		},
+		{
+			name:        "missing OR requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A"], ["B"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"C"},
+			granted:     false,
+		},
+		{
+			name:        "provide 1 OR requirement",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A"], ["B"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A"},
+			granted:     true,
+		},
+		{
+			name:        "provide both OR requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A"], ["B"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A", "B"},
+			granted:     true,
+		},
+		{
+			name:        "missing composite OR requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"], ["C", "D"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{},
+			granted:     false,
+		},
+		{
+			name:        "missing partial composite OR requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"], ["C", "D"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A", "C"},
+			granted:     false,
+		},
+		{
+			name:        "provide 1 composite OR requirement",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"], ["C", "D"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A", "B", "C"},
+			granted:     true,
+		},
+		{
+			name:        "provide both composite OR requirements",
+			manifest:    `[ { "method": "GET", "path": "/path", "scope": [["A", "B"], ["C", "D"]], "info": "info", "in": {}, "out": {} } ]`,
+			permissions: []string{"A", "B", "C", "D"},
+			granted:     true,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			builder := &Builder{}
+			if err := addBuiltinTypes(builder); err != nil {
+				t.Fatalf("unexpected error <%v>", err)
+			}
+
+			// tester middleware (last executed)
+			builder.WithAuth(func(next api.AuthHandlerFunc) api.AuthHandlerFunc {
+				return func(a api.Auth, w http.ResponseWriter, r *http.Request) {
+					if a.Granted() == tc.granted {
+						return
+					}
+					if a.Granted() {
+						t.Fatalf("unexpected granted auth")
+					} else {
+						t.Fatalf("expected granted auth")
+					}
+				}
+			})
+
+			builder.WithAuth(func(next api.AuthHandlerFunc) api.AuthHandlerFunc {
+				return func(a api.Auth, w http.ResponseWriter, r *http.Request) {
+					a.Active = tc.permissions
+					next(a, w, r)
+				}
+			})
+
+			err := builder.Setup(strings.NewReader(tc.manifest))
+			if err != nil {
+				t.Fatalf("setup: unexpected error <%v>", err)
+			}
+
+			pathHandler := func(ctx api.Ctx) (*struct{}, api.Err) {
+				return nil, api.ErrNotImplemented
+			}
+
+			if err := builder.Bind(http.MethodGet, "/path", pathHandler); err != nil {
+				t.Fatalf("bind: unexpected error <%v>", err)
+			}
+
+			handler, err := builder.Build()
+			if err != nil {
+				t.Fatalf("build: unexpected error <%v>", err)
+			}
+
+			response := httptest.NewRecorder()
+			request := httptest.NewRequest(http.MethodGet, "/path", &bytes.Buffer{})
+
+			// test request
+			handler.ServeHTTP(response, request)
+			if response.Body == nil {
+				t.Fatalf("response has no body")
+			}
+
+		})
+	}
+
+}