package exectx import ( "io" "net/http" "net/http/httptest" "testing" "code.sonr.org/go/did-it/didtest" "github.com/ipfs/go-cid" "github.com/stretchr/testify/require" "code.sonr.org/go/ucan/pkg/container" "code.sonr.org/go/ucan/token/delegation" "code.sonr.org/go/ucan/token/invocation" ) func TestExtractMW(t *testing.T) { const service = didtest.PersonaAlice const client = didtest.PersonaBob const cmd = "/foo/bar" for _, tc := range []struct { name string addHeaderFn func(func(key string, value string)) expectedStatusCode int successful bool }{ { name: "no auth", addHeaderFn: func(f func(key string, value string)) {}, expectedStatusCode: http.StatusUnauthorized, successful: false, }, { name: "wrong kind of auth", addHeaderFn: func(f func(key string, value string)) { f("Authorization", "Basic foobar") }, expectedStatusCode: http.StatusUnauthorized, successful: false, }, { name: "invalid container", addHeaderFn: func(f func(key string, value string)) { f("Authorization", "Bearer foobar") }, expectedStatusCode: http.StatusBadRequest, successful: false, }, { name: "valid containter, for incorrect service", addHeaderFn: func(f func(key string, value string)) { cont := container.NewWriter() const service2 = didtest.PersonaCarol dlg, _ := delegation.Root(service2.DID(), client.DID(), cmd, nil) dlgByte, dlgCid, _ := dlg.ToSealed(service2.PrivKey()) cont.AddSealed(dlgByte) inv, _ := invocation.New(client.DID(), cmd, service2.DID(), []cid.Cid{dlgCid}) invBytes, _, _ := inv.ToSealed(client.PrivKey()) cont.AddSealed(invBytes) contB64, _ := cont.ToBase64StdPadding() f("Authorization", "Bearer "+contB64) }, expectedStatusCode: http.StatusUnauthorized, successful: false, }, { name: "valid containter, missing invocation", addHeaderFn: func(f func(key string, value string)) { cont := container.NewWriter() dlg, _ := delegation.Root(service.DID(), client.DID(), cmd, nil) dlgByte, _, _ := dlg.ToSealed(service.PrivKey()) cont.AddSealed(dlgByte) contB64, _ := cont.ToBase64StdPadding() f("Authorization", "Bearer "+contB64) }, expectedStatusCode: http.StatusUnauthorized, successful: false, }, { name: "valid containter, valid tokens", addHeaderFn: func(f func(key string, value string)) { cont := container.NewWriter() dlg, _ := delegation.Root(service.DID(), client.DID(), cmd, nil) dlgByte, dlgCid, _ := dlg.ToSealed(service.PrivKey()) cont.AddSealed(dlgByte) inv, _ := invocation.New(client.DID(), cmd, service.DID(), []cid.Cid{dlgCid}) invBytes, _, _ := inv.ToSealed(client.PrivKey()) cont.AddSealed(invBytes) contB64, _ := cont.ToBase64StdPadding() f("Authorization", "Bearer "+contB64) }, expectedStatusCode: http.StatusOK, successful: true, }, } { t.Run(tc.name, func(t *testing.T) { var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { _, has := FromContext(r.Context()) require.Equal(t, tc.successful, has) _, _ = io.WriteString(w, "OK") }) handler = ExtractMW(handler, service.DID()) req := httptest.NewRequest("GET", "https://example.com/foo", nil) tc.addHeaderFn(req.Header.Set) w := httptest.NewRecorder() handler.ServeHTTP(w, req) require.Equal(t, tc.expectedStatusCode, w.Code) }) } }