generated from TBD54566975/tbd-project-template
-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ability to set a default bearer token (#556)
* ability to set a default bearer token * linting fixes * moving docs to service section --------- Co-authored-by: Gabe <[email protected]>
- Loading branch information
1 parent
ab19193
commit 02d6f8f
Showing
5 changed files
with
129 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Authentication | ||
|
||
Out of the box if you set the AUTH_TOKEN to a sha256 token value, then all api calls will require a bearer token that hashes to that. If AUTH_TOKEN is not set then no authentication is required. | ||
|
||
Generate a token by hashing the super secure token of `hunter2`: | ||
```sh | ||
export AUTH_TOKEN=$(echo -n "hunter2" | shasum -a 256) | ||
``` | ||
|
||
Then use `hunter2` as a Bearer token: | ||
|
||
```sh | ||
export TOKEN=hunter2 | ||
curl -H "Authorization: Bearer $TOKEN" .... | ||
``` | ||
|
||
# Extending Authentication and Authorization for production environments | ||
|
||
The ssi server uses the Gin framework from Golang, which allows various kinds of middleware. Look in `pkg/middleware/Authentication.go` and `pkg/middleware/Authorization.go` for details on how you can wire up authentication and authorization for your use case. One such option is the https://github.com/zalando/gin-oauth2 framework. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
package middleware | ||
|
||
import ( | ||
"net/http" | ||
"net/http/httptest" | ||
"testing" | ||
|
||
"github.com/gin-gonic/gin" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func TestAuthMiddleware(t *testing.T) { | ||
// Set the AUTH_TOKEN environment variable for testing | ||
t.Setenv("AUTH_TOKEN", "f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7") // sha256 hash of "hunter2" | ||
|
||
// Create a new gin engine | ||
r := gin.Default() | ||
|
||
// Add the AuthMiddleware to the gin engine | ||
r.Use(AuthMiddleware()) | ||
|
||
// Add a test route | ||
r.GET("/test", func(c *gin.Context) { | ||
c.String(http.StatusOK, "OK") | ||
}) | ||
|
||
// Create a request with the correct Authorization header | ||
req, _ := http.NewRequest(http.MethodGet, "/test", nil) | ||
req.Header.Add("Authorization", "Bearer hunter2") | ||
|
||
// Create a response recorder | ||
w := httptest.NewRecorder() | ||
|
||
// Serve the request | ||
r.ServeHTTP(w, req) | ||
|
||
// Assert that the status code is 200 OK | ||
assert.Equal(t, http.StatusOK, w.Code) | ||
|
||
// Create a request with an incorrect Authorization header | ||
req, _ = http.NewRequest(http.MethodGet, "/test", nil) | ||
req.Header.Add("Authorization", "Bearer nonsense") | ||
|
||
// Reset the response recorder | ||
w = httptest.NewRecorder() | ||
|
||
// Serve the request | ||
r.ServeHTTP(w, req) | ||
|
||
// Assert that the status code is 401 Unauthorized | ||
assert.Equal(t, http.StatusUnauthorized, w.Code) | ||
} | ||
|
||
func TestNoAuthMiddleware(t *testing.T) { | ||
|
||
t.Setenv("AUTH_TOKEN", "") // no auth token so things just work | ||
|
||
// Create a new gin engine | ||
r := gin.Default() | ||
|
||
// Add the AuthMiddleware to the gin engine | ||
r.Use(AuthMiddleware()) | ||
|
||
// Add a test route | ||
r.GET("/test", func(c *gin.Context) { | ||
c.String(http.StatusOK, "OK") | ||
}) | ||
|
||
// Create a request with the correct Authorization header | ||
req, _ := http.NewRequest(http.MethodGet, "/test", nil) | ||
|
||
// Create a response recorder | ||
w := httptest.NewRecorder() | ||
|
||
// Serve the request | ||
r.ServeHTTP(w, req) | ||
|
||
// Assert that the status code is 200 OK | ||
assert.Equal(t, http.StatusOK, w.Code) | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters