From f9a088269c90987f1b87d27c2960d8217c6466ce Mon Sep 17 00:00:00 2001 From: Jon Lundy Date: Sun, 22 Jan 2023 11:11:01 -0700 Subject: [PATCH] fix: authreq header --- pkg/authreq/authreq_test.go | 104 ++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 pkg/authreq/authreq_test.go diff --git a/pkg/authreq/authreq_test.go b/pkg/authreq/authreq_test.go new file mode 100644 index 0000000..18ea867 --- /dev/null +++ b/pkg/authreq/authreq_test.go @@ -0,0 +1,104 @@ +package authreq_test + +import ( + "crypto/ed25519" + "encoding/base64" + "io" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/matryer/is" + "github.com/sour-is/ev/pkg/authreq" +) + +func TestGETRequest(t *testing.T) { + is := is.New(t) + + pub, priv, err := ed25519.GenerateKey(nil) + is.NoErr(err) + + req, err := http.NewRequest(http.MethodGet, "http://example.com/"+enc(pub)+"/test?q=test", nil) + is.NoErr(err) + + req, err = authreq.Sign(req, priv) + is.NoErr(err) + + t.Log(enc(pub)) + t.Log(req.Header.Get(authreq.AuthHeader)) + + var hdlr http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c := authreq.FromContext(r.Context()) + if c == nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + + if !strings.Contains(req.URL.Path, c.Issuer) { + w.WriteHeader(http.StatusForbidden) + return + } + }) + + hdlr = authreq.Authorization(hdlr) + + rw := httptest.NewRecorder() + + hdlr.ServeHTTP(rw, req) + + is.Equal(rw.Code, http.StatusOK) +} + +func TestPOSTRequest(t *testing.T) { + is := is.New(t) + + content := "this is post!" + + pub, priv, err := ed25519.GenerateKey(nil) + is.NoErr(err) + + req, err := http.NewRequest(http.MethodPost, "http://example.com/"+enc(pub)+"/test?q=test", strings.NewReader(content)) + is.NoErr(err) + + req, err = authreq.Sign(req, priv) + is.NoErr(err) + + t.Log(enc(pub)) + t.Log(req.Header.Get(authreq.AuthHeader)) + + var hdlr http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c := authreq.FromContext(r.Context()) + if c == nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + + contentCheck, err := io.ReadAll(r.Body) + r.Body.Close() + + if err != nil { + w.WriteHeader(http.StatusBadRequest) + return + } + + t.Log(string(contentCheck)) + if !strings.Contains(req.URL.Path, c.Issuer) { + w.WriteHeader(http.StatusForbidden) + return + } + }) + + hdlr = authreq.Authorization(hdlr) + + rw := httptest.NewRecorder() + + hdlr.ServeHTTP(rw, req) + + is.Equal(rw.Code, http.StatusOK) + +} + +func enc(b []byte) string { + return base64.RawURLEncoding.EncodeToString(b) +}