feat(jwtmw): WithScopes support for custom scope checker.

Author: asaf

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.3.0
+
+[All Changes](https://github.com/crossid/crossid-go/compare/v0.2.0...v0.3.0)
+
+### Major Changes
+
+- jwtmw - `WithScopes` middleware support for custom scope checker.
+
 ## 0.2.0
 
 [All Changes](https://github.com/crossid/crossid-go/compare/v0.1.0...v0.2.0)

pkg/jwtmw/helper.go

@@ -1,11 +1,12 @@
 package jwtmw
 
 import (
+	"context"
 	"fmt"
 	"github.com/crossid/crossid-go/pkg/x/stringslice"
 )
 
-func scopesCheckerOR(required, candidates []string) error {
+func ScopesCheckerOR(_ context.Context, required, candidates []string) error {
 	if len(required) == 0 {
 		return nil
 	}
@@ -18,7 +19,7 @@ func scopesCheckerOR(required, candidates []string) error {
 	return ErrMissingClaim
 }
 
-func scopesCheckerAND(required, candidates []string) error {
+func scopesCheckerAND(_ context.Context, required, candidates []string) error {
 	for _, r := range required {
 		f := false
 		if stringslice.IndexOf(candidates, r) > -1 {

pkg/jwtmw/helper_test.go

@@ -1,6 +1,9 @@
 package jwtmw
 
-import "testing"
+import (
+	"context"
+	"testing"
+)
 
 func TestScopesCheckerOR(t *testing.T) {
 	for k, tc := range []struct {
@@ -76,7 +79,7 @@ func TestScopesCheckerOR(t *testing.T) {
 			v:    false,
 		},
 	} {
-		err := scopesCheckerOR(tc.r, tc.c)
+		err := ScopesCheckerOR(context.Background(), tc.r, tc.c)
 		if tc.v {
 			if err != nil {
 				t.Errorf("case %d=%s expected to be valid but got: %s", k, tc.name, err)
@@ -170,7 +173,7 @@ func TestScopesCheckerAND(t *testing.T) {
 			c:    []string{"f", "e", "d", "c", "b", "Z"},
 		},
 	} {
-		err := scopesCheckerAND(tc.r, tc.c)
+		err := scopesCheckerAND(context.Background(), tc.r, tc.c)
 		if tc.v {
 			if err != nil {
 				t.Errorf("case %d='%s' expected to be valid but got: %s", k, tc.name, err)

pkg/jwtmw/with_scopes.go

@@ -55,7 +55,7 @@ func WithScopesCustom(required []string, opt ...WithScopesOpt) func(next http.Ha
 				return
 			}
 
-			if err := opts.scopesChecker(required, cl); err != nil {
+			if err := opts.ScopesChecker(r.Context(), required, cl); err != nil {
 				opts.Logger(Info, "scopes errors: %s", err)
 				opts.ErrorWriter(w, r, ErrMissingClaim)
 				return

pkg/jwtmw/with_scopes_opts.go

@@ -6,12 +6,7 @@ import (
 	"net/http"
 )
 
-type ConjunctionKind int
-
-const (
-	AND ConjunctionKind = iota
-	OR
-)
+type ScopesCheckerFunc func(ctx context.Context, required []string, candidates []string) error
 
 type withScopesOpts struct {
 	// TokenCtxKey is the context key of an authenticated token value, typically set by the JWT middleware.
@@ -21,24 +16,15 @@ type withScopesOpts struct {
 	// default implementation is naive as r.Context().Value(TokenCtxKey).(*jwt.Token)
 	TokenFromContext func(ctx context.Context) (*jwt.Token, error)
 	ClaimsFromToken  claimFromTokenFunc
-	// Conjunction defines whether all scopes (AND) are required or one (OR)
-	// of the provided scopes is sufficient for the request to be accepted.
-	Conjunction ConjunctionKind
 	// ErrorWriter writes an error into w
 	ErrorWriter errorWriter
 	// Logger logs various messages
 	Logger        logger
-	scopesChecker func(required []string, candidates []string) error
+	ScopesChecker ScopesCheckerFunc
 }
 
 type WithScopesOpt func(*withScopesOpts)
 
-func WithConjunction(c ConjunctionKind) WithScopesOpt {
-	return func(o *withScopesOpts) {
-		o.Conjunction = c
-	}
-}
-
 func WithErrorWriter(w errorWriter) WithScopesOpt {
 	return func(o *withScopesOpts) {
 		o.ErrorWriter = w
@@ -57,6 +43,12 @@ func WithClaimsFromToken(f claimFromTokenFunc) WithScopesOpt {
 	}
 }
 
+func WithScopesChecker(f ScopesCheckerFunc) WithScopesOpt {
+	return func(o *withScopesOpts) {
+		o.ScopesChecker = f
+	}
+}
+
 func newWithScopesOpts(opts []WithScopesOpt) *withScopesOpts {
 	o := new(withScopesOpts)
 	for _, oo := range opts {
@@ -89,10 +81,8 @@ func newWithScopesOpts(opts []WithScopesOpt) *withScopesOpts {
 		o.TokenCtxKey = TokenCtxKey
 	}
 
-	if o.Conjunction == OR {
-		o.scopesChecker = scopesCheckerOR
-	} else {
-		o.scopesChecker = scopesCheckerAND
+	if o.ScopesChecker == nil {
+		o.ScopesChecker = scopesCheckerAND
 	}
 
 	if o.ClaimsFromToken == nil {

pkg/jwtmw/with_scopes_test.go

@@ -18,11 +18,18 @@ func claimsFromTok(ctx context.Context, t *jwt.Token) ([]string, error) {
 	return t.Claims.(*claimsWithScopes).Scopes, nil
 }
 
+type conjunctionKind int
+
+const (
+	AND conjunctionKind = iota
+	OR
+)
+
 func TestWithScopesCustom(t *testing.T) {
 	for k, tc := range []struct {
 		name           string
 		jwtopts        *JwtMiddlewareOpts
-		c              ConjunctionKind
+		c              conjunctionKind
 		r              []string
 		jwt            string
 		shouldBlock    bool
@@ -106,7 +113,14 @@ func TestWithScopesCustom(t *testing.T) {
 			}
 
 			jmw := NewJWT(tc.jwtopts)
-			smw := WithScopesCustom(tc.r, WithClaimsFromToken(claimsFromTok), WithConjunction(tc.c))
+			var scf ScopesCheckerFunc
+			if tc.c == AND {
+				scf = scopesCheckerAND
+			} else {
+				scf = ScopesCheckerOR
+			}
+
+			smw := WithScopesCustom(tc.r, WithClaimsFromToken(claimsFromTok), WithScopesChecker(scf))
 			visited := false
 			h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				visited = true