Add token-based authorization middleware

2 years ago · c20ef13839
3 changed files with 85 additions and 2 deletions
--- a/auth/authorization.go
+++ b/auth/authorization.go
@ -0,0 +1,19 @@
+package auth
+
+import "net/http"
+
+type AuthenticationMiddleware struct {
+	Secret string
+}
+
+func (middleware AuthenticationMiddleware) Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		authToken := r.Header.Get("Authorization")
+
+		if authToken == "" || authToken != middleware.Secret {
+			http.Error(w, "Forbidden", http.StatusForbidden)
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}
--- a/auth/authorization_test.go
+++ b/auth/authorization_test.go
@ -0,0 +1,50 @@
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuthorizationMiddleware(t *testing.T) {
+	t.Run("AuthorizationMiddleware returns 403 response when authorization header is incorrect", func(t *testing.T) {
+		handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})
+
+		middleware := AuthenticationMiddleware{
+			Secret: "foo",
+		}
+
+		middlewareHandler := middleware.Middleware(handler)
+
+		request, _ := http.NewRequest("GET", "/", nil)
+		responseRecorder := httptest.NewRecorder()
+
+		middlewareHandler.ServeHTTP(responseRecorder, request)
+
+		assert.Equal(t, responseRecorder.Code, 403)
+	})
+
+	t.Run("AuthorizationMiddleware continues when authorization header is correct", func(t *testing.T) {
+		handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})
+
+		middleware := AuthenticationMiddleware{
+			Secret: "foo",
+		}
+
+		middlewareHandler := middleware.Middleware(handler)
+
+		request, _ := http.NewRequest("GET", "/", nil)
+		request.Header.Set("Authorization", "foo")
+		responseRecorder := httptest.NewRecorder()
+
+		middlewareHandler.ServeHTTP(responseRecorder, request)
+
+		assert.Equal(t, responseRecorder.Code, 200)
+	})
+}
--- a/main.go
+++ b/main.go
@ -4,9 +4,12 @@ import (
 	"encoding/json"
 	"net/http"

+	"github.com/geplauder/lithium/auth"
 	"github.com/geplauder/lithium/pipelines"
+	"github.com/geplauder/lithium/settings"
 	"github.com/geplauder/lithium/storage"
 	"github.com/gorilla/mux"
+	"github.com/spf13/afero"
 )

 const Name string = "Lithium"
@ -42,13 +45,24 @@ func RegisterPipelineRoutes(r *mux.Router, pipelines []pipelines.IPipeline, stor
 }

 func main() {
-	storageProvider := storage.GetFileSystemStorageProvider("test", "")
+	settings := settings.LoadSettings(afero.NewOsFs())

-	storageProvider.StoreRaw("abc", "def.test", []byte{0x12, 0x10})
+	var storageProvider storage.IStorageProvider
+
+	if settings.StorageProvider.Type == 0 {
+		storageProvider = storage.GetFileSystemStorageProvider(settings.StorageProvider.BasePath, "")
+	} else {
+		panic("Invalid file system provided!")
+	}

 	pipes := pipelines.LoadPipelines()

+	authMiddleware := auth.AuthenticationMiddleware{
+		Secret: settings.Token,
+	}
+
 	r := mux.NewRouter()
+	r.Use(authMiddleware.Middleware)
 	r.HandleFunc("/", IndexHandler)

 	RegisterPipelineRoutes(r, pipes, storageProvider)