forked from FabianVowie/Lithium
Fabian Vowie
3 years ago
No known key found for this signature in database
GPG Key ID: C27317C33B27C410
3 changed files with 85 additions and 2 deletions
@ -0,0 +1,19 @@ |
|||
package auth |
|||
|
|||
import "net/http" |
|||
|
|||
type AuthenticationMiddleware struct { |
|||
Secret string |
|||
} |
|||
|
|||
func (middleware AuthenticationMiddleware) Middleware(next http.Handler) http.Handler { |
|||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
|||
authToken := r.Header.Get("Authorization") |
|||
|
|||
if authToken == "" || authToken != middleware.Secret { |
|||
http.Error(w, "Forbidden", http.StatusForbidden) |
|||
} else { |
|||
next.ServeHTTP(w, r) |
|||
} |
|||
}) |
|||
} |
@ -0,0 +1,50 @@ |
|||
package auth |
|||
|
|||
import ( |
|||
"net/http" |
|||
"net/http/httptest" |
|||
"testing" |
|||
|
|||
"github.com/stretchr/testify/assert" |
|||
) |
|||
|
|||
func TestAuthorizationMiddleware(t *testing.T) { |
|||
t.Run("AuthorizationMiddleware returns 403 response when authorization header is incorrect", func(t *testing.T) { |
|||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
|||
w.WriteHeader(http.StatusOK) |
|||
}) |
|||
|
|||
middleware := AuthenticationMiddleware{ |
|||
Secret: "foo", |
|||
} |
|||
|
|||
middlewareHandler := middleware.Middleware(handler) |
|||
|
|||
request, _ := http.NewRequest("GET", "/", nil) |
|||
responseRecorder := httptest.NewRecorder() |
|||
|
|||
middlewareHandler.ServeHTTP(responseRecorder, request) |
|||
|
|||
assert.Equal(t, responseRecorder.Code, 403) |
|||
}) |
|||
|
|||
t.Run("AuthorizationMiddleware continues when authorization header is correct", func(t *testing.T) { |
|||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
|||
w.WriteHeader(http.StatusOK) |
|||
}) |
|||
|
|||
middleware := AuthenticationMiddleware{ |
|||
Secret: "foo", |
|||
} |
|||
|
|||
middlewareHandler := middleware.Middleware(handler) |
|||
|
|||
request, _ := http.NewRequest("GET", "/", nil) |
|||
request.Header.Set("Authorization", "foo") |
|||
responseRecorder := httptest.NewRecorder() |
|||
|
|||
middlewareHandler.ServeHTTP(responseRecorder, request) |
|||
|
|||
assert.Equal(t, responseRecorder.Code, 200) |
|||
}) |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue