From 81036b078b114ff941f08b666e6bbdfa55e8ce82 Mon Sep 17 00:00:00 2001 From: Igor Zibarev Date: Fri, 12 Nov 2021 14:16:24 +0300 Subject: [PATCH] fix(api): return appropriate status for unauthorized requests (#1116) --- go.sum | 6 ----- pkg/api/api.go | 9 ++++--- pkg/api/api_test.go | 65 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 9 deletions(-) create mode 100644 pkg/api/api_test.go diff --git a/go.sum b/go.sum index 71ea26f..33e6c19 100644 --- a/go.sum +++ b/go.sum @@ -54,8 +54,6 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= -github.com/Microsoft/hcsshim v0.8.18 h1:cYnKADiM1869gvBpos3YCteeT6sZLB48lB5dmMMs8Tg= -github.com/Microsoft/hcsshim v0.8.18/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.21 h1:btRfUDThBE5IKcvI8O8jOiIkujUsAMBSRsYDYmEi6oM= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= @@ -148,8 +146,6 @@ github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= -github.com/containerd/containerd v1.5.5 h1:q1gxsZsGZ8ddVe98yO6pR21b5xQSMiR61lD0W96pgQo= -github.com/containerd/containerd v1.5.5/go.mod h1:oSTh0QpT1w6jYcGmbiSbxv9OSQYaa88mPyWIuU79zyo= github.com/containerd/containerd v1.5.7 h1:rQyoYtj4KddB3bxG6SAqd4+08gePNyJjRqvOIfV3rkM= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -553,8 +549,6 @@ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59P github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= -github.com/opencontainers/runc v1.0.1 h1:G18PGckGdAm3yVQRWDVQ1rLSLntiniKJ0cNRT2Tm5gs= -github.com/opencontainers/runc v1.0.1/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= github.com/opencontainers/runc v1.0.2 h1:opHZMaswlyxz1OuGpBE53Dwe4/xF7EZTY0A2L/FpCOg= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= diff --git a/pkg/api/api.go b/pkg/api/api.go index b2279e1..756db90 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -25,9 +25,12 @@ func New(token string) *API { // RequireToken is wrapper around http.HandleFunc that checks token validity func (api *API) RequireToken(fn http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - if r.Header.Get("Authorization") != fmt.Sprintf("Bearer %s", api.Token) { - log.Tracef("Invalid token \"%s\"", r.Header.Get("Authorization")) - log.Tracef("Expected token to be \"%s\"", api.Token) + auth := r.Header.Get("Authorization") + want := fmt.Sprintf("Bearer %s", api.Token) + if auth != want { + log.Tracef("Invalid Authorization header \"%s\"", auth) + log.Tracef("Expected Authorization header to be \"%s\"", want) + w.WriteHeader(http.StatusUnauthorized) return } log.Debug("Valid token found.") diff --git a/pkg/api/api_test.go b/pkg/api/api_test.go new file mode 100644 index 0000000..4e9110b --- /dev/null +++ b/pkg/api/api_test.go @@ -0,0 +1,65 @@ +package api + +import ( + "io" + "net/http" + "net/http/httptest" + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +const ( + token = "123123123" +) + +func TestAPI(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "API Suite") +} + +var _ = Describe("API", func() { + api := New(token) + + Describe("RequireToken middleware", func() { + It("should return 401 Unauthorized when token is not provided", func() { + handlerFunc := api.RequireToken(testHandler) + + rec := httptest.NewRecorder() + req := httptest.NewRequest("GET", "/hello", nil) + + handlerFunc(rec, req) + + Expect(rec.Code).To(Equal(http.StatusUnauthorized)) + }) + + It("should return 401 Unauthorized when token is invalid", func() { + handlerFunc := api.RequireToken(testHandler) + + rec := httptest.NewRecorder() + req := httptest.NewRequest("GET", "/hello", nil) + req.Header.Set("Authorization", "Bearer 123") + + handlerFunc(rec, req) + + Expect(rec.Code).To(Equal(http.StatusUnauthorized)) + }) + + It("should return 200 OK when token is valid", func() { + handlerFunc := api.RequireToken(testHandler) + + rec := httptest.NewRecorder() + req := httptest.NewRequest("GET", "/hello", nil) + req.Header.Set("Authorization", "Bearer " + token) + + handlerFunc(rec, req) + + Expect(rec.Code).To(Equal(http.StatusOK)) + }) + }) +}) + +func testHandler(w http.ResponseWriter, req *http.Request) { + _, _ = io.WriteString(w, "Hello!") +}