a06f331eb8
CI / benchmark (push) Has been skipped
install-script / posix-syntax (push) Successful in 6m1s
CI / build-onnx (push) Failing after 6m43s
init-smoke / dry-run (push) Failing after 15m57s
security / govulncheck (push) Has been cancelled
security / trivy-fs (push) Has been cancelled
CI / test (1.26, ubuntu-latest) (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
CI / test (1.26, macos-latest) (push) Has been cancelled
CI / build-windows (push) Has been cancelled
CI / lint (push) Has been cancelled
install-script / powershell-syntax (push) Has been cancelled
install-script / install (macos-14) (push) Has been cancelled
install-script / install (ubuntu-latest) (push) Has been cancelled
85 lines
2.7 KiB
Go
85 lines
2.7 KiB
Go
package server
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func okHandler() http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write([]byte(`ok`))
|
|
})
|
|
}
|
|
|
|
func TestWithAuth_EmptyTokenIsPassthrough(t *testing.T) {
|
|
h := WithAuth(okHandler(), "")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/health", nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
}
|
|
|
|
func TestWithAuth_AcceptsValidBearer(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/health", nil)
|
|
req.Header.Set("Authorization", "Bearer secret-token")
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
}
|
|
|
|
func TestWithAuth_RejectsMissingHeader(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/health", nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rec.Code)
|
|
assert.Equal(t, `Bearer realm="gortex"`, rec.Header().Get("WWW-Authenticate"))
|
|
}
|
|
|
|
func TestWithAuth_RejectsWrongToken(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/health", nil)
|
|
req.Header.Set("Authorization", "Bearer wrong")
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rec.Code)
|
|
}
|
|
|
|
func TestWithAuth_RejectsNonBearerScheme(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/health", nil)
|
|
req.Header.Set("Authorization", "Basic c2VjcmV0LXRva2Vu")
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rec.Code)
|
|
}
|
|
|
|
func TestWithAuth_BypassesOptionsForCORSPreflight(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodOptions, "/v1/tools/search_symbols", nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
}
|
|
|
|
func TestWithAuth_AcceptsQueryStringToken(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/events?token=secret-token", nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
}
|
|
|
|
func TestWithAuth_RejectsWrongQueryStringToken(t *testing.T) {
|
|
h := WithAuth(okHandler(), "secret-token")
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/events?token=wrong", nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rec.Code)
|
|
}
|