sour-is/ev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: authreq header

Browse Source
This commit is contained in:
Jon Lundy 2023-01-22 11:11:01 -07:00
parent 2b9f0ffa12
commit f9a088269c
Signed by untrusted user who does not match committer: xuu
GPG Key ID: C63E6D61F3035024
1 changed files with 104 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
pkg/authreq/authreq_test.go Normal file
View File

@ -0,0 +1,104 @@
package authreq_test
import (
"crypto/ed25519"
"encoding/base64"
"io"
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/matryer/is"
"github.com/sour-is/ev/pkg/authreq"
)
func TestGETRequest(t *testing.T) {
is := is.New(t)
pub, priv, err := ed25519.GenerateKey(nil)
is.NoErr(err)
req, err := http.NewRequest(http.MethodGet, "http://example.com/"+enc(pub)+"/test?q=test", nil)
is.NoErr(err)
req, err = authreq.Sign(req, priv)
is.NoErr(err)
t.Log(enc(pub))
t.Log(req.Header.Get(authreq.AuthHeader))
var hdlr http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
c := authreq.FromContext(r.Context())
if c == nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
if !strings.Contains(req.URL.Path, c.Issuer) {
w.WriteHeader(http.StatusForbidden)
return
}
})
hdlr = authreq.Authorization(hdlr)
rw := httptest.NewRecorder()
hdlr.ServeHTTP(rw, req)
is.Equal(rw.Code, http.StatusOK)
}
func TestPOSTRequest(t *testing.T) {
is := is.New(t)
content := "this is post!"
pub, priv, err := ed25519.GenerateKey(nil)
is.NoErr(err)
req, err := http.NewRequest(http.MethodPost, "http://example.com/"+enc(pub)+"/test?q=test", strings.NewReader(content))
is.NoErr(err)
req, err = authreq.Sign(req, priv)
is.NoErr(err)
t.Log(enc(pub))
t.Log(req.Header.Get(authreq.AuthHeader))
var hdlr http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
c := authreq.FromContext(r.Context())
if c == nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
contentCheck, err := io.ReadAll(r.Body)
r.Body.Close()
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
t.Log(string(contentCheck))
if !strings.Contains(req.URL.Path, c.Issuer) {
w.WriteHeader(http.StatusForbidden)
return
}
})
hdlr = authreq.Authorization(hdlr)
rw := httptest.NewRecorder()
hdlr.ServeHTTP(rw, req)
is.Equal(rw.Code, http.StatusOK)
}
func enc(b []byte) string {
return base64.RawURLEncoding.EncodeToString(b)
}