Refactoring and add tests

- rename `header.go` to `bearer.go`
- simplify header / cookie fetching of bearer token value
- simplify `BearerToken` method
- increase tests

Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru>
This commit is contained in:
Evgeniy Kulikov 2021-01-25 17:26:08 +03:00 committed by pkorotkov
parent b8d10122a9
commit e45e5ed6f9
3 changed files with 218 additions and 76 deletions

79
bearer.go Normal file
View file

@ -0,0 +1,79 @@
package main
import (
"bytes"
"encoding/base64"
"github.com/pkg/errors"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/valyala/fasthttp"
)
type fromHandler = func(h *fasthttp.RequestHeader) []byte
const bearerToken = "Bearer"
// BearerToken usage:
//
// if tkn, err = BearerToken(c); err != nil && tkn == nil {
// log.Error("could not fetch bearer token", zap.Error(err))
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
// return
// }
var _ = BearerToken
func fromHeader(h *fasthttp.RequestHeader) []byte {
auth := h.Peek(fasthttp.HeaderAuthorization)
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerToken)) {
return nil
}
if auth = bytes.TrimPrefix(auth, []byte(bearerToken+" ")); len(auth) == 0 {
return nil
}
return auth
}
func fromCookie(h *fasthttp.RequestHeader) []byte {
auth := h.Cookie(bearerToken)
if len(auth) == 0 {
return nil
}
return auth
}
func BearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
// ignore empty value
if ctx == nil {
panic(nil)
return nil, nil
}
var (
lastErr error
buf []byte
tkn = new(token.BearerToken)
)
for _, parse := range []fromHandler{fromHeader, fromCookie} {
if buf = parse(&ctx.Request.Header); buf == nil {
continue
} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
lastErr = errors.Wrap(err, "could not fetch marshaled from base64")
continue
} else if err = tkn.Unmarshal(data); err != nil {
lastErr = errors.Wrap(err, "could not unmarshal bearer token")
continue
} else if tkn == nil {
continue
}
return tkn, nil
}
return nil, lastErr
}

139
bearer_test.go Normal file
View file

@ -0,0 +1,139 @@
package main
import (
"encoding/base64"
"testing"
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/stretchr/testify/require"
"github.com/valyala/fasthttp"
)
func makeTestCookie(value []byte) *fasthttp.RequestHeader {
header := new(fasthttp.RequestHeader)
header.SetCookie(bearerToken, string(value))
return header
}
func makeTestHeader(value []byte) *fasthttp.RequestHeader {
header := new(fasthttp.RequestHeader)
if value != nil {
header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+string(value))
}
return header
}
func Test_fromCookie(t *testing.T) {
cases := []struct {
name string
actual []byte
expect []byte
}{
{name: "empty"},
{name: "normal", actual: []byte("TOKEN"), expect: []byte("TOKEN")},
}
for _, tt := range cases {
t.Run(tt.name, func(t *testing.T) {
require.Equal(t, tt.expect, fromCookie(makeTestCookie(tt.actual)))
})
}
}
func Test_fromHeader(t *testing.T) {
cases := []struct {
name string
actual []byte
expect []byte
}{
{name: "empty"},
{name: "normal", actual: []byte("TOKEN"), expect: []byte("TOKEN")},
}
for _, tt := range cases {
t.Run(tt.name, func(t *testing.T) {
require.Equal(t, tt.expect, fromHeader(makeTestHeader(tt.actual)))
})
}
}
func TestBearerToken(t *testing.T) {
uid := owner.NewID()
tkn := new(token.BearerToken)
tkn.SetOwner(uid)
data, err := tkn.Marshal()
require.NoError(t, err)
t64 := base64.StdEncoding.EncodeToString(data)
require.NotEmpty(t, t64)
cases := []struct {
name string
cookie string
header string
error string
expect *token.BearerToken
}{
{name: "empty"},
{name: "bad base64 header", header: "WRONG BASE64", error: "could not fetch marshaled from base64"},
{name: "bad base64 cookie", cookie: "WRONG BASE64", error: "could not fetch marshaled from base64"},
{name: "header token unmarshal error", header: "dGVzdAo=", error: "could not unmarshal bearer token"},
{name: "cookie token unmarshal error", cookie: "dGVzdAo=", error: "could not unmarshal bearer token"},
{
name: "bad header and cookie",
header: "WRONG BASE64",
cookie: "dGVzdAo=",
error: "could not unmarshal bearer token",
},
{
name: "bad header, but good cookie",
header: "dGVzdAo=",
cookie: t64,
expect: tkn,
},
{name: "ok for header", header: t64, expect: tkn},
{name: "ok for cookie", cookie: t64, expect: tkn},
}
for _, tt := range cases {
t.Run(tt.name, func(t *testing.T) {
ctx := makeTestRequest(tt.cookie, tt.header)
actual, err := BearerToken(ctx)
if tt.error == "" {
require.NoError(t, err)
require.Equal(t, tt.expect, actual)
return
}
require.Contains(t, err.Error(), tt.error)
})
}
}
func makeTestRequest(cookie, header string) *fasthttp.RequestCtx {
ctx := new(fasthttp.RequestCtx)
if cookie != "" {
ctx.Request.Header.SetCookie(bearerToken, cookie)
}
if header != "" {
ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+header)
}
return ctx
}

View file

@ -1,76 +0,0 @@
package main
import (
"bytes"
"encoding/base64"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/pkg/errors"
"github.com/valyala/fasthttp"
)
const bearerToken = "Bearer"
// BearerToken usage:
//
// if tkn, err = BearerToken(c); err != nil && tkn == nil {
// log.Error("could not fetch bearer token", zap.Error(err))
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
// return
// }
var _ = BearerToken
func headerAuth(h *fasthttp.RequestHeader) (*token.BearerToken, error) {
auth := h.Peek(fasthttp.HeaderAuthorization)
if auth == nil || !bytes.Contains(auth, []byte(bearerToken)) {
return nil, nil
}
auth = bytes.ReplaceAll(auth, []byte(bearerToken+" "), nil)
data, err := base64.StdEncoding.DecodeString(string(auth))
if err != nil {
return nil, errors.Wrap(err, "could not fetch marshaled from base64")
}
tkn := new(token.BearerToken)
if err = tkn.Unmarshal(data); err != nil {
return nil, errors.Wrap(err, "could unmarshal bearer token")
}
return tkn, nil
}
func cookieAuth(h *fasthttp.RequestHeader) (*token.BearerToken, error) {
auth := h.Cookie(bearerToken)
if auth == nil {
return nil, nil
}
data, err := base64.StdEncoding.DecodeString(string(auth))
if err != nil {
return nil, errors.Wrap(err, "could not fetch marshaled from base64")
}
tkn := new(token.BearerToken)
if err = tkn.Unmarshal(data); err != nil {
return nil, errors.Wrap(err, "could unmarshal bearer token")
}
return tkn, nil
}
func BearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
// ignore empty value
if ctx == nil {
return nil, nil
}
if tkn, err := headerAuth(&ctx.Request.Header); err != nil {
return nil, err
} else if tkn != nil {
return tkn, nil
}
return cookieAuth(&ctx.Request.Header)
}