feat(httpapi): env-based login and session auth middleware
This commit is contained in:
@@ -0,0 +1,57 @@
|
||||
package httpapi
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/vasyansk/imap-copier/internal/config"
|
||||
)
|
||||
|
||||
func testServer() *Server {
|
||||
return &Server{cfg: config.Config{
|
||||
AuthUser: "admin", AuthPass: "pw", SessionSecret: []byte("sekret"),
|
||||
}}
|
||||
}
|
||||
|
||||
func TestLoginSetsCookie(t *testing.T) {
|
||||
s := testServer()
|
||||
req := httptest.NewRequest("POST", "/api/login", strings.NewReader(`{"user":"admin","pass":"pw"}`))
|
||||
rw := httptest.NewRecorder()
|
||||
s.handleLogin(rw, req)
|
||||
if rw.Code != http.StatusOK {
|
||||
t.Fatalf("code=%d", rw.Code)
|
||||
}
|
||||
if len(rw.Result().Cookies()) == 0 {
|
||||
t.Fatal("no session cookie set")
|
||||
}
|
||||
}
|
||||
|
||||
func TestRequireAuthBlocksNoCookie(t *testing.T) {
|
||||
s := testServer()
|
||||
h := s.requireAuth(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) }))
|
||||
rw := httptest.NewRecorder()
|
||||
h.ServeHTTP(rw, httptest.NewRequest("GET", "/api/tasks", nil))
|
||||
if rw.Code != http.StatusUnauthorized {
|
||||
t.Fatalf("want 401, got %d", rw.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRequireAuthAllowsValidCookie(t *testing.T) {
|
||||
s := testServer()
|
||||
// логинимся, забираем cookie, повторяем запрос
|
||||
lr := httptest.NewRequest("POST", "/api/login", strings.NewReader(`{"user":"admin","pass":"pw"}`))
|
||||
lrw := httptest.NewRecorder()
|
||||
s.handleLogin(lrw, lr)
|
||||
cookie := lrw.Result().Cookies()[0]
|
||||
|
||||
h := s.requireAuth(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) }))
|
||||
req := httptest.NewRequest("GET", "/api/tasks", nil)
|
||||
req.AddCookie(cookie)
|
||||
rw := httptest.NewRecorder()
|
||||
h.ServeHTTP(rw, req)
|
||||
if rw.Code != 200 {
|
||||
t.Fatalf("want 200, got %d", rw.Code)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user