Add token-based authorization middleware

2 years ago · 7aec1fb513
3 changed files with 75 additions and 0 deletions
--- a/auth/authorization.go
+++ b/auth/authorization.go
@ -0,0 +1,19 @@
+package auth
+
+import "net/http"
+
+type AuthenticationMiddleware struct {
+	Secret string
+}
+
+func (middleware AuthenticationMiddleware) Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		authToken := r.Header.Get("Authorization")
+
+		if authToken == "" || authToken != middleware.Secret {
+			http.Error(w, "Forbidden", http.StatusForbidden)
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}
--- a/auth/authorization_test.go
+++ b/auth/authorization_test.go
@ -0,0 +1,50 @@
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuthorizationMiddleware(t *testing.T) {
+	t.Run("AuthorizationMiddleware returns 403 response when authorization header is incorrect", func(t *testing.T) {
+		handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})
+
+		middleware := AuthenticationMiddleware{
+			Secret: "foo",
+		}
+
+		middlewareHandler := middleware.Middleware(handler)
+
+		request, _ := http.NewRequest("GET", "/", nil)
+		responseRecorder := httptest.NewRecorder()
+
+		middlewareHandler.ServeHTTP(responseRecorder, request)
+
+		assert.Equal(t, responseRecorder.Code, 403)
+	})
+
+	t.Run("AuthorizationMiddleware continues when authorization header is correct", func(t *testing.T) {
+		handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})
+
+		middleware := AuthenticationMiddleware{
+			Secret: "foo",
+		}
+
+		middlewareHandler := middleware.Middleware(handler)
+
+		request, _ := http.NewRequest("GET", "/", nil)
+		request.Header.Set("Authorization", "foo")
+		responseRecorder := httptest.NewRecorder()
+
+		middlewareHandler.ServeHTTP(responseRecorder, request)
+
+		assert.Equal(t, responseRecorder.Code, 200)
+	})
+}
--- a/main.go
+++ b/main.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"

+	"github.com/geplauder/lithium/auth"
 	"github.com/geplauder/lithium/pipelines"
 	"github.com/geplauder/lithium/settings"
 	"github.com/geplauder/lithium/storage"
@ -56,7 +57,12 @@ func main() {

 	pipes := pipelines.LoadPipelines()

+	authMiddleware := auth.AuthenticationMiddleware{
+		Secret: settings.Token,
+	}
+
 	r := mux.NewRouter()
+	r.Use(authMiddleware.Middleware)
 	r.HandleFunc("/", IndexHandler)

 	RegisterPipelineRoutes(r, pipes, storageProvider)