[#163] Support JSON bearer token

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-11-29 09:48:44 +03:00 · 2024-11-29 09:48:44 +03:00 · 58e7f3d583
commit 58e7f3d583
parent a2f8cb6735
3 changed files with 66 additions and 22 deletions
--- a/cmd/http-gw/integration_test.go
+++ b/cmd/http-gw/integration_test.go
@ -76,11 +76,13 @@ func TestIntegration(t *testing.T) {
 		CID, err := createContainer(ctx, t, clientPool, ownerID, version)
 		require.NoError(t, err, version)
-		token := makeBearerToken(t, key, ownerID, version)
+		jsonToken, binaryToken := makeBearerTokens(t, key, ownerID, version)
 		t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
-		t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) })
+		t.Run("put with json bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, jsonToken) })
-		t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) })
+		t.Run("put with json bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, jsonToken) })
 		t.Run("put with binary bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, binaryToken) })
 		t.Run("put with binary bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, binaryToken) })
 		t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
 		t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
 		t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
@ -528,7 +530,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 	return id.ObjectID
 }
-func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {
+func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) (jsonTokenBase64, binaryTokenBase64 string) {
 	tkn := new(bearer.Token)
 	tkn.ForUser(ownerID)
 	tkn.SetExp(10000)
@ -542,10 +544,16 @@ func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, versio
 	err := tkn.Sign(key.PrivateKey)
 	require.NoError(t, err)
-	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
+	jsonToken, err := tkn.MarshalJSON()
-	require.NotEmpty(t, t64)
+	require.NoError(t, err)
-	return t64
+	jsonTokenBase64 = base64.StdEncoding.EncodeToString(jsonToken)
 	binaryTokenBase64 = base64.StdEncoding.EncodeToString(tkn.Marshal())
 	require.NotEmpty(t, jsonTokenBase64)
 	require.NotEmpty(t, binaryTokenBase64)
 	return
 }
 func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {
--- a/tokens/bearer-token.go
+++ b/tokens/bearer-token.go
@ -82,15 +82,23 @@ func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
 		tkn = new(bearer.Token)
 	)
 	for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
-		if buf = parse(&ctx.Request.Header); buf == nil {
+		buf = parse(&ctx.Request.Header)
 		if buf == nil {
 			continue
-		} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
+		}
 		data, err := base64.StdEncoding.DecodeString(string(buf))
 		if err != nil {
 			lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
 			continue
-		} else if err = tkn.Unmarshal(data); err != nil {
+		}
 		if err = tkn.Unmarshal(data); err != nil {
 			if err = tkn.UnmarshalJSON(data); err != nil {
 				lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
 				continue
 			}
 		}
 		return tkn, nil
 	}
--- a/tokens/bearer-token_test.go
+++ b/tokens/bearer-token_test.go
@ -98,8 +98,14 @@ func TestFetchBearerToken(t *testing.T) {
 	tkn := new(bearer.Token)
 	tkn.ForUser(uid)
-	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
+	jsonToken, err := tkn.MarshalJSON()
-	require.NotEmpty(t, t64)
+	require.NoError(t, err)
 	jsonTokenBase64 := base64.StdEncoding.EncodeToString(jsonToken)
 	binaryTokenBase64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
 	require.NotEmpty(t, jsonTokenBase64)
 	require.NotEmpty(t, binaryTokenBase64)
 	cases := []struct {
 		name   string
@ -143,25 +149,47 @@ func TestFetchBearerToken(t *testing.T) {
 			error:  "can't unmarshal bearer token",
 		},
 		{
-			name:   "bad header, but good cookie",
+			name:   "bad header, but good cookie with binary token",
 			header: "dGVzdAo=",
-			cookie: t64,
+			cookie: binaryTokenBase64,
 			expect: tkn,
 		},
 		{
-			name:   "bad cookie, but good header",
+			name:   "bad cookie, but good header with binary token",
-			header: t64,
+			header: binaryTokenBase64,
 			cookie: "dGVzdAo=",
 			expect: tkn,
 		},
 		{
-			name:   "ok for header",
+			name:   "bad header, but good cookie with json token",
-			header: t64,
+			header: "dGVzdAo=",
 			cookie: jsonTokenBase64,
 			expect: tkn,
 		},
 		{
-			name:   "ok for cookie",
+			name:   "bad cookie, but good header with json token",
-			cookie: t64,
+			header: jsonTokenBase64,
 			cookie: "dGVzdAo=",
 			expect: tkn,
 		},
 		{
 			name:   "ok for header with binary token",
 			header: binaryTokenBase64,
 			expect: tkn,
 		},
 		{
 			name:   "ok for cookie with binary token",
 			cookie: binaryTokenBase64,
 			expect: tkn,
 		},
 		{
 			name:   "ok for header with json token",
 			header: jsonTokenBase64,
 			expect: tkn,
 		},
 		{
 			name:   "ok for cookie with json token",
 			cookie: jsonTokenBase64,
 			expect: tkn,
 		},
 	}