FabianVowie
/
Lithium
2
0
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Add token-based authorization middleware

feature/add-authorization
Fabian Vowie 3 years ago
parent
d172b0edf5
commit
7aec1fb513
No known key found for this signature in database GPG Key ID: C27317C33B27C410
3 changed files with 75 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      auth/authorization.go
  2. 50
      auth/authorization_test.go
  3. 6
      main.go

19
auth/authorization.go
View File

@ -0,0 +1,19 @@
package auth
import "net/http"
type AuthenticationMiddleware struct {
Secret string
}
func (middleware AuthenticationMiddleware) Middleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authToken := r.Header.Get("Authorization")
if authToken == "" || authToken != middleware.Secret {
http.Error(w, "Forbidden", http.StatusForbidden)
} else {
next.ServeHTTP(w, r)
}
})
}

50
auth/authorization_test.go
View File

@ -0,0 +1,50 @@
package auth
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/stretchr/testify/assert"
)
func TestAuthorizationMiddleware(t *testing.T) {
t.Run("AuthorizationMiddleware returns 403 response when authorization header is incorrect", func(t *testing.T) {
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
middleware := AuthenticationMiddleware{
Secret: "foo",
}
middlewareHandler := middleware.Middleware(handler)
request, _ := http.NewRequest("GET", "/", nil)
responseRecorder := httptest.NewRecorder()
middlewareHandler.ServeHTTP(responseRecorder, request)
assert.Equal(t, responseRecorder.Code, 403)
})
t.Run("AuthorizationMiddleware continues when authorization header is correct", func(t *testing.T) {
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
middleware := AuthenticationMiddleware{
Secret: "foo",
}
middlewareHandler := middleware.Middleware(handler)
request, _ := http.NewRequest("GET", "/", nil)
request.Header.Set("Authorization", "foo")
responseRecorder := httptest.NewRecorder()
middlewareHandler.ServeHTTP(responseRecorder, request)
assert.Equal(t, responseRecorder.Code, 200)
})
}

6
main.go
View File

@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"
"github.com/geplauder/lithium/auth"
"github.com/geplauder/lithium/pipelines"
"github.com/geplauder/lithium/settings"
"github.com/geplauder/lithium/storage"
@ -56,7 +57,12 @@ func main() {
pipes := pipelines.LoadPipelines()
authMiddleware := auth.AuthenticationMiddleware{
Secret: settings.Token,
}
r := mux.NewRouter()
r.Use(authMiddleware.Middleware)
r.HandleFunc("/", IndexHandler)
RegisterPipelineRoutes(r, pipes, storageProvider)

Write Preview
Loading…
Cancel
Save