[#163] Support JSON bearer token
All checks were successful
/ DCO (pull_request) Successful in 5m13s
/ Vulncheck (pull_request) Successful in 6m9s
/ Builds (pull_request) Successful in 4m36s
/ Lint (pull_request) Successful in 5m3s
/ Tests (pull_request) Successful in 4m4s

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
This commit is contained in:
Roman Loginov 2024-11-29 09:48:44 +03:00
parent b9e44c603d
commit 71fc6c85d5
3 changed files with 66 additions and 22 deletions

View file

@ -75,11 +75,13 @@ func TestIntegration(t *testing.T) {
CID, err := createContainer(ctx, t, clientPool, ownerID, version) CID, err := createContainer(ctx, t, clientPool, ownerID, version)
require.NoError(t, err, version) require.NoError(t, err, version)
token := makeBearerToken(t, key, ownerID, version) jsonToken, binaryToken := makeBearerTokens(t, key, ownerID, version)
t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) }) t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) }) t.Run("put with json bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, jsonToken) })
t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) }) t.Run("put with json bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, jsonToken) })
t.Run("put with binary bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, binaryToken) })
t.Run("put with binary bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, binaryToken) })
t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) }) t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) }) t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) }) t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
@ -526,7 +528,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
return id.ObjectID return id.ObjectID
} }
func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string { func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) (jsonTokenBase64, binaryTokenBase64 string) {
tkn := new(bearer.Token) tkn := new(bearer.Token)
tkn.ForUser(ownerID) tkn.ForUser(ownerID)
tkn.SetExp(10000) tkn.SetExp(10000)
@ -540,10 +542,16 @@ func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, versio
err := tkn.Sign(key.PrivateKey) err := tkn.Sign(key.PrivateKey)
require.NoError(t, err) require.NoError(t, err)
t64 := base64.StdEncoding.EncodeToString(tkn.Marshal()) jsonToken, err := tkn.MarshalJSON()
require.NotEmpty(t, t64) require.NoError(t, err)
return t64 jsonTokenBase64 = base64.StdEncoding.EncodeToString(jsonToken)
binaryTokenBase64 = base64.StdEncoding.EncodeToString(tkn.Marshal())
require.NotEmpty(t, jsonTokenBase64)
require.NotEmpty(t, binaryTokenBase64)
return
} }
func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) { func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {

View file

@ -82,15 +82,23 @@ func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
tkn = new(bearer.Token) tkn = new(bearer.Token)
) )
for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} { for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
if buf = parse(&ctx.Request.Header); buf == nil { buf = parse(&ctx.Request.Header)
if buf == nil {
continue continue
} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil { }
data, err := base64.StdEncoding.DecodeString(string(buf))
if err != nil {
lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err) lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
continue continue
} else if err = tkn.Unmarshal(data); err != nil { }
if err = tkn.Unmarshal(data); err != nil {
if err = tkn.UnmarshalJSON(data); err != nil {
lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err) lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
continue continue
} }
}
return tkn, nil return tkn, nil
} }

View file

@ -98,8 +98,14 @@ func TestFetchBearerToken(t *testing.T) {
tkn := new(bearer.Token) tkn := new(bearer.Token)
tkn.ForUser(uid) tkn.ForUser(uid)
t64 := base64.StdEncoding.EncodeToString(tkn.Marshal()) jsonToken, err := tkn.MarshalJSON()
require.NotEmpty(t, t64) require.NoError(t, err)
jsonTokenBase64 := base64.StdEncoding.EncodeToString(jsonToken)
binaryTokenBase64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
require.NotEmpty(t, jsonTokenBase64)
require.NotEmpty(t, binaryTokenBase64)
cases := []struct { cases := []struct {
name string name string
@ -143,25 +149,47 @@ func TestFetchBearerToken(t *testing.T) {
error: "can't unmarshal bearer token", error: "can't unmarshal bearer token",
}, },
{ {
name: "bad header, but good cookie", name: "bad header, but good cookie with binary token",
header: "dGVzdAo=", header: "dGVzdAo=",
cookie: t64, cookie: binaryTokenBase64,
expect: tkn, expect: tkn,
}, },
{ {
name: "bad cookie, but good header", name: "bad cookie, but good header with binary token",
header: t64, header: binaryTokenBase64,
cookie: "dGVzdAo=", cookie: "dGVzdAo=",
expect: tkn, expect: tkn,
}, },
{ {
name: "ok for header", name: "bad header, but good cookie with json token",
header: t64, header: "dGVzdAo=",
cookie: jsonTokenBase64,
expect: tkn, expect: tkn,
}, },
{ {
name: "ok for cookie", name: "bad cookie, but good header with json token",
cookie: t64, header: jsonTokenBase64,
cookie: "dGVzdAo=",
expect: tkn,
},
{
name: "ok for header with binary token",
header: binaryTokenBase64,
expect: tkn,
},
{
name: "ok for cookie with binary token",
cookie: binaryTokenBase64,
expect: tkn,
},
{
name: "ok for header with json token",
header: jsonTokenBase64,
expect: tkn,
},
{
name: "ok for cookie with json token",
cookie: jsonTokenBase64,
expect: tkn, expect: tkn,
}, },
} }