Updated auth

Author: djthorpe

pkg/handler/auth/client/client.go

@@ -0,0 +1,80 @@
+/*
+Implements an API client for the Token auth API (https://github.com/mutablelogic/go-server/pkg/handler/auth)
+*/
+package client
+
+import (
+
+	// Packages
+	"time"
+
+	"github.com/mutablelogic/go-client"
+	"github.com/mutablelogic/go-server/pkg/handler/auth"
+)
+
+///////////////////////////////////////////////////////////////////////////////
+// TYPES
+
+type Client struct {
+	*client.Client
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// LIFECYCLE
+
+// Create a new API client, providing the endpoint (ie, http://example.com/api/auth)
+func New(endPoint string, opts ...client.ClientOpt) (*Client, error) {
+	// Create client
+	client, err := client.New(append(opts, client.OptEndpoint(endPoint))...)
+	if err != nil {
+		return nil, err
+	}
+
+	// Return the client
+	return &Client{client}, nil
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// METHODS
+
+// Return all tokens
+func (c *Client) List() ([]auth.Token, error) {
+	var response []auth.Token
+	if err := c.Do(nil, &response); err != nil {
+		return nil, err
+	}
+	return response, nil
+}
+
+// Get token details (apart from the value)
+func (c *Client) Get(name string) (auth.Token, error) {
+	var response auth.Token
+	if err := c.Do(nil, &response, client.OptPath(name)); err != nil {
+		return auth.Token{}, err
+	}
+	return response, nil
+}
+
+// Delete a token
+func (c *Client) Delete(name string) error {
+	if err := c.Do(client.MethodDelete, nil, client.OptPath(name)); err != nil {
+		return err
+	}
+	// Return success
+	return nil
+}
+
+// Create a token with name, duration and scopes, and return the token
+func (c *Client) Create(name string, expires_in time.Duration, scopes ...string) (auth.Token, error) {
+	var response auth.Token
+
+	// Request->Response
+	if payload, err := client.NewJSONRequest(auth.NewCreateToken(name, expires_in, scopes...)); err != nil {
+		return auth.Token{}, err
+	} else if err := c.Do(payload, &response); err != nil {
+		return auth.Token{}, err
+	}
+
+	// Return success
+	return response, nil
+}

pkg/handler/auth/client/client_test.go

@@ -0,0 +1,132 @@
+package client_test
+
+import (
+	"os"
+	"testing"
+	"time"
+
+	// Packages
+	client "github.com/mutablelogic/go-client"
+	auth "github.com/mutablelogic/go-server/pkg/handler/auth/client"
+	assert "github.com/stretchr/testify/assert"
+)
+
+func Test_client_001(t *testing.T) {
+	assert := assert.New(t)
+	opts := []client.ClientOpt{
+		client.OptTrace(os.Stderr, true),
+	}
+	client, err := auth.New(GetEndpoint(t), opts...)
+	assert.NoError(err)
+	assert.NotNil(client)
+}
+
+func Test_client_002(t *testing.T) {
+	assert := assert.New(t)
+	opts := []client.ClientOpt{
+		client.OptTrace(os.Stderr, true),
+	}
+	if token := GetToken(t); token != "" {
+		opts = append(opts, client.OptReqToken(client.Token{
+			Scheme: "Bearer",
+			Value:  token,
+		}))
+	}
+
+	client, err := auth.New(GetEndpoint(t), opts...)
+	assert.NoError(err)
+
+	tokens, err := client.List()
+	assert.NoError(err)
+	assert.NotEmpty(tokens)
+}
+
+func Test_client_003(t *testing.T) {
+	assert := assert.New(t)
+	opts := []client.ClientOpt{
+		client.OptTrace(os.Stderr, true),
+	}
+	if token := GetToken(t); token != "" {
+		opts = append(opts, client.OptReqToken(client.Token{
+			Scheme: "Bearer",
+			Value:  token,
+		}))
+	}
+	client, err := auth.New(GetEndpoint(t), opts...)
+	assert.NoError(err)
+
+	// Create a new token which doesn't expire
+	token, err := client.Create(t.Name(), 0)
+	if !assert.NoError(err) {
+		t.SkipNow()
+	}
+
+	// Get the token
+	token2, err := client.Get(t.Name())
+	if !assert.NoError(err) {
+		t.SkipNow()
+	}
+
+	// Delete the token
+	err = client.Delete(t.Name())
+	assert.NoError(err)
+
+	// Check tokens
+	assert.Equal(token.Name, token2.Name)
+}
+
+func Test_client_004(t *testing.T) {
+	assert := assert.New(t)
+	opts := []client.ClientOpt{
+		client.OptTrace(os.Stderr, true),
+	}
+	if token := GetToken(t); token != "" {
+		opts = append(opts, client.OptReqToken(client.Token{
+			Scheme: "Bearer",
+			Value:  token,
+		}))
+	}
+	client, err := auth.New(GetEndpoint(t), opts...)
+	assert.NoError(err)
+
+	// Create a new token with scopes "a", "b" and "c" which expires in 1 minute
+	token, err := client.Create(t.Name(), time.Minute, "a", "b", "c")
+	if !assert.NoError(err) {
+		t.SkipNow()
+	}
+
+	// Get the token
+	token2, err := client.Get(t.Name())
+	if !assert.NoError(err) {
+		t.SkipNow()
+	}
+
+	// Check the scopes
+	assert.ElementsMatch(token.Scope, token2.Scope)
+	assert.Equal(token.Expire, token2.Expire)
+
+	// Delete the token
+	err = client.Delete(t.Name())
+	assert.NoError(err)
+
+	t.Log(token, token2)
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// ENVIRONMENT
+
+func GetEndpoint(t *testing.T) string {
+	key := os.Getenv("AUTH_ENDPOINT")
+	if key == "" {
+		t.Skip("AUTH_ENDPOINT not set")
+		t.SkipNow()
+	}
+	if key[len(key)-1] != '/' {
+		key += "/"
+	}
+	return key
+}
+
+func GetToken(t *testing.T) string {
+	return os.Getenv("AUTH_TOKEN")
+}

pkg/handler/auth/context.go

@@ -2,8 +2,6 @@ package auth
 
 import (
 	"context"
-
-	"github.com/mutablelogic/go-server/pkg/version"
 )
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -14,11 +12,6 @@ type authContextKey int
 ////////////////////////////////////////////////////////////////////////////////
 // GLOBALS
 
-var (
-	// Root scope allows ANY operation
-	ScopeRoot = version.GitSource + "/scope/root"
-)
-
 const (
 	_ authContextKey = iota
 	contextName

pkg/handler/auth/endpoints.go

@@ -37,30 +37,37 @@ var (
 // PUBLIC METHODS - ENDPOINTS
 
 // Add endpoints to the router
-func (service *auth) AddEndpoints(ctx context.Context, router server.Router) {
+func (service *auth) AddEndpoints(ctx context.Context, r server.Router) {
 	// Path: /
 	// Methods: GET
 	// Scopes: read // TODO: Add scopes
 	// Description: Get current set of tokens and groups
-	router.AddHandlerFuncRe(ctx, reRoot, service.ListTokens, http.MethodGet)
+	r.AddHandlerFuncRe(ctx, reRoot, service.ListTokens, http.MethodGet).(router.Route).
+		SetScope(service.ScopeRead()...)
 
 	// Path: /
 	// Methods: POST
 	// Scopes: write // TODO: Add scopes
 	// Description: Create a new token
-	router.AddHandlerFuncRe(ctx, reRoot, service.CreateToken, http.MethodPost)
+	r.AddHandlerFuncRe(ctx, reRoot, service.CreateToken, http.MethodPost).(router.Route).
+		SetScope(service.ScopeRead()...).
+		SetScope(service.ScopeWrite()...)
 
 	// Path: /<token-name>
 	// Methods: GET
 	// Scopes: read // TODO: Add scopes
 	// Description: Get a token
-	router.AddHandlerFuncRe(ctx, reToken, service.GetToken, http.MethodGet)
+	r.AddHandlerFuncRe(ctx, reToken, service.GetToken, http.MethodGet).(router.Route).
+		SetScope(service.ScopeRead()...)
 
 	// Path: /<token-name>
 	// Methods: DELETE, PATCH
 	// Scopes: write // TODO: Add scopes
 	// Description: Delete or update a token
-	router.AddHandlerFuncRe(ctx, reToken, service.UpdateToken, http.MethodDelete, http.MethodPatch)
+	r.AddHandlerFuncRe(ctx, reToken, service.UpdateToken, http.MethodDelete, http.MethodPatch).(router.Route).
+		SetScope(service.ScopeRead()...).
+		SetScope(service.ScopeWrite()...)
+
 }
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -81,7 +88,7 @@ func (service *auth) ListTokens(w http.ResponseWriter, r *http.Request) {
 // Get a token
 func (service *auth) GetToken(w http.ResponseWriter, r *http.Request) {
 	urlParameters := router.Params(r.Context())
-	token := service.jar.GetWithName(strings.ToLower(urlParameters[0]))
+	token := service.jar.GetWithName(urlParameters[0])
 	if token.IsZero() {
 		httpresponse.Error(w, http.StatusNotFound)
 		return
@@ -149,7 +156,7 @@ func (service *auth) CreateToken(w http.ResponseWriter, r *http.Request) {
 // Update (patch, delete) an existing token
 func (service *auth) UpdateToken(w http.ResponseWriter, r *http.Request) {
 	urlParameters := router.Params(r.Context())
-	token := service.jar.GetWithName(strings.ToLower(urlParameters[0]))
+	token := service.jar.GetWithName(urlParameters[0])
 	if token.IsZero() {
 		httpresponse.Error(w, http.StatusNotFound)
 		return

pkg/handler/auth/interface.go

@@ -1,7 +1,8 @@
 package auth
 
 import (
-	"context"
+	// Packages
+	server "github.com/mutablelogic/go-server"
 )
 
 type TokenJar interface {

pkg/handler/auth/scope.go

@@ -0,0 +1,36 @@
+package auth
+
+import (
+	// Packages
+	"github.com/mutablelogic/go-server/pkg/version"
+)
+
+////////////////////////////////////////////////////////////////////////////////
+// GLOBALS
+
+var (
+	// Prefix
+	scopePrefix = version.GitSource + "/scope/"
+
+	// Root scope allows ANY operation
+	ScopeRoot = scopePrefix + "root"
+)
+
+////////////////////////////////////////////////////////////////////////////////
+// PUBLIC METHODS
+
+func (auth *auth) ScopeRead() []string {
+	// Return read (list, get) scopes
+	return []string{
+		scopePrefix + auth.Label() + "/read",
+		scopePrefix + defaultName + "/read",
+	}
+}
+
+func (auth *auth) ScopeWrite() []string {
+	// Return write (create, delete, update) scopes
+	return []string{
+		scopePrefix + auth.Label() + "/write",
+		scopePrefix + defaultName + "/write",
+	}
+}

pkg/handler/auth/token.go

@@ -51,6 +51,26 @@ func NewToken(name string, length int, duration time.Duration, scope ...string)
 	}
 }
 
+// Create a new create token request
+func NewCreateToken(name string, expires_in time.Duration, scope ...string) TokenCreate {
+	// Truncase the duration to the nearest minute
+	if expires_in > 0 {
+		expires_in = expires_in.Truncate(time.Minute)
+		if expires_in < time.Minute {
+			expires_in = time.Minute
+		}
+	} else {
+		expires_in = 0
+	}
+
+	// Return the token
+	return TokenCreate{
+		Name:     name,
+		Duration: duration{expires_in},
+		Scope:    scope,
+	}
+}
+
 /////////////////////////////////////////////////////////////////////
 // STRINGIFY