package auth import ( "context" "fmt" "io/ioutil" "net/http" "testing" "time" "cdr.dev/slog" "forge.cadoles.com/arcad/edge/pkg/app" edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http" "forge.cadoles.com/arcad/edge/pkg/module" "github.com/golang-jwt/jwt" "github.com/pkg/errors" "gitlab.com/wpetit/goweb/logger" ) func TestAuthModule(t *testing.T) { t.Parallel() logger.SetLevel(slog.LevelDebug) keyFunc, secret := getKeyFunc() server := app.NewServer( module.ConsoleModuleFactory(), ModuleFactory( WithJWT(keyFunc), ), ) data, err := ioutil.ReadFile("testdata/auth.js") if err != nil { t.Fatal(err) } if err := server.Load("testdata/auth.js", string(data)); err != nil { t.Fatal(err) } if err := server.Start(); err != nil { t.Fatalf("%+v", errors.WithStack(err)) } defer server.Stop() req, err := http.NewRequest("GET", "/foo", nil) if err != nil { t.Fatalf("%+v", errors.WithStack(err)) } token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ "sub": "jdoe", "nbf": time.Now().UTC().Unix(), }) rawToken, err := token.SignedString(secret) if err != nil { t.Fatalf("%+v", errors.WithStack(err)) } req.Header.Add("Authorization", "Bearer "+rawToken) ctx := context.WithValue(context.Background(), edgeHTTP.ContextKeyOriginRequest, req) if _, err := server.ExecFuncByName(ctx, "testAuth", ctx); err != nil { t.Fatalf("%+v", errors.WithStack(err)) } } func TestAuthAnonymousModule(t *testing.T) { t.Parallel() logger.SetLevel(slog.LevelDebug) keyFunc, _ := getKeyFunc() server := app.NewServer( module.ConsoleModuleFactory(), ModuleFactory(WithJWT(keyFunc)), ) data, err := ioutil.ReadFile("testdata/auth_anonymous.js") if err != nil { t.Fatal(err) } if err := server.Load("testdata/auth_anonymous.js", string(data)); err != nil { t.Fatal(err) } if err := server.Start(); err != nil { t.Fatalf("%+v", errors.WithStack(err)) } defer server.Stop() req, err := http.NewRequest("GET", "/foo", nil) if err != nil { t.Fatalf("%+v", errors.WithStack(err)) } ctx := context.WithValue(context.Background(), edgeHTTP.ContextKeyOriginRequest, req) if _, err := server.ExecFuncByName(ctx, "testAuth", ctx); err != nil { t.Fatalf("%+v", errors.WithStack(err)) } } func getKeyFunc() (jwt.Keyfunc, []byte) { secret := []byte("not_so_secret") keyFunc := func(t *jwt.Token) (interface{}, error) { if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"]) } return secret, nil } return keyFunc, secret }