diff --git a/internal/middleware/auth/auth.middleware.go b/internal/middleware/auth/auth.middleware.go index 3858e97..4d5cb66 100644 --- a/internal/middleware/auth/auth.middleware.go +++ b/internal/middleware/auth/auth.middleware.go @@ -36,131 +36,3 @@ func (g *Guard) Validate(ctx rctx.Context) bool { return true } - -// import ( -// "net/http" -// "strings" - -// "github.com/isd-sgcu/rpkm66-gateway/internal/dto" -// "github.com/isd-sgcu/rpkm66-gateway/internal/handler/auth" -// "github.com/isd-sgcu/rpkm66-gateway/internal/utils" -// "github.com/isd-sgcu/rpkm66-gateway/config" -// phase "github.com/isd-sgcu/rpkm66-gateway/constant/auth" -// "github.com/isd-sgcu/rpkm66-gateway/pkg/rctx" -// ) - -// type Guard struct { -// service auth.IService -// excludes map[string]struct{} -// conf config.App -// isValidate bool -// } - -// func NewAuthGuard(s auth.IService, e map[string]struct{}, conf config.App) Guard { -// return Guard{ -// service: s, -// excludes: e, -// conf: conf, -// isValidate: true, -// } -// } - -// func (m *Guard) Use(ctx rctx.Context) { -// m.isValidate = true - -// m.Validate(ctx) - -// if !m.isValidate { -// return -// } - -// if !m.conf.Debug { -// m.CheckConfig(ctx) - -// if !m.isValidate { -// return -// } -// } - -// ctx.Next() - -// } - -// func (m *Guard) Validate(ctx rctx.Context) { -// method := ctx.Method() -// path := ctx.Path() - -// ids := utils.FindIDFromPath(path) - -// path = utils.FormatPath(method, path, ids) -// if utils.IsExisted(m.excludes, path) { -// ctx.Next() -// return -// } - -// token := ctx.Token() -// if token == "" { -// ctx.JSON(http.StatusUnauthorized, &dto.ResponseErr{ -// StatusCode: http.StatusUnauthorized, -// Message: "Invalid token", -// }) -// m.isValidate = false -// return -// } - -// payload, errRes := m.service.Validate(token) -// if errRes != nil { -// ctx.JSON(errRes.StatusCode, errRes) -// m.isValidate = false -// return -// } - -// ctx.StoreValue("UserId", payload.UserId) -// ctx.Next() -// } - -// func (m *Guard) CheckConfig(ctx rctx.Context) { -// method := ctx.Method() -// path := ctx.Path() - -// //check whether there is a token in path -// //if token exist, replace token with ":token" -// pathSlice := strings.Split(path, "/") -// //paths which can have a token is "/group/token" -// if pathSlice[1] == "group" { -// if len(pathSlice) > 2 && pathSlice[2] != "members" && pathSlice[2] != "leave" { -// token := pathSlice[2] -// path = strings.Replace(path, token, ":token", 1) -// } -// } - -// ids := utils.FindIDFromPath(path) - -// path = utils.FormatPath(method, path, ids) - -// if utils.IsExisted(m.excludes, path) { -// ctx.Next() -// return -// } - -// phses, ok := phase.MapPath2Phase[path] -// if !ok { -// ctx.Next() -// return -// } - -// currentPhase := m.conf.Phase -// for _, phs := range phses { -// if phs == currentPhase { -// ctx.Next() -// return -// } -// } - -// ctx.JSON(http.StatusForbidden, &dto.ResponseErr{ -// StatusCode: http.StatusForbidden, -// Message: "Forbidden Resource", -// Data: nil, -// }) -// m.isValidate = false -// } diff --git a/internal/middleware/auth/auth.middleware_test.go b/internal/middleware/auth/auth.middleware_test.go index f6c82a4..33cdf35 100644 --- a/internal/middleware/auth/auth.middleware_test.go +++ b/internal/middleware/auth/auth.middleware_test.go @@ -1,232 +1,81 @@ package auth -// import ( -// "net/http" -// "testing" - -// "github.com/bxcodec/faker/v3" -// "github.com/isd-sgcu/rpkm66-gateway/internal/dto" -// "github.com/isd-sgcu/rpkm66-gateway/config" -// role "github.com/isd-sgcu/rpkm66-gateway/constant/auth" -// "github.com/isd-sgcu/rpkm66-gateway/mocks/auth" -// "github.com/isd-sgcu/rpkm66-gateway/mocks/rctx" -// "github.com/stretchr/testify/assert" -// "github.com/stretchr/testify/suite" -// ) - -// type AuthGuardTest struct { -// suite.Suite -// conf config.App -// ExcludePath map[string]struct{} -// UserId string -// Token string -// UnauthorizedErr *dto.ResponseErr -// ServiceDownErr *dto.ResponseErr -// ForbiddenErr *dto.ResponseErr -// } - -// func TestAuthGuard(t *testing.T) { -// suite.Run(t, new(AuthGuardTest)) -// } - -// func (u *AuthGuardTest) SetupTest() { -// u.ServiceDownErr = &dto.ResponseErr{ -// StatusCode: http.StatusServiceUnavailable, -// Message: "Service is down", -// Data: nil, -// } - -// u.UnauthorizedErr = &dto.ResponseErr{ -// StatusCode: http.StatusUnauthorized, -// Message: "Invalid token", -// Data: nil, -// } - -// u.ForbiddenErr = &dto.ResponseErr{ -// StatusCode: http.StatusForbidden, -// Message: "Forbidden Resource", -// Data: nil, -// } - -// u.Token = faker.Word() -// u.UserId = faker.UUIDDigit() - -// u.ExcludePath = map[string]struct{}{ -// "POST /exclude": {}, -// "POST /exclude/:id": {}, -// } - -// u.conf = config.App{ -// Port: 3000, -// Debug: true, -// Phase: "register", -// MaxFileSize: 10000000, -// } -// } - -// func (u *AuthGuardTest) TestValidateSuccess() { -// want := u.UserId - -// srv := new(auth.ServiceMock) -// c := &rctx.ContextMock{ -// Header: map[string]string{}, -// } - -// c.On("Method").Return("POST") -// c.On("Path").Return("/auth") -// c.On("Token").Return(u.Token) -// srv.On("Validate", u.Token).Return(&dto.TokenPayloadAuth{ -// UserId: u.UserId, -// }, nil) -// c.On("StoreValue", "UserId", u.UserId) -// c.On("StoreValue", "Role", role.USER) -// c.On("Next") - -// h := NewAuthGuard(srv, u.ExcludePath, u.conf) -// h.Validate(c) - -// actual := c.Header["UserId"] - -// assert.Equal(u.T(), want, actual) -// c.AssertNumberOfCalls(u.T(), "Next", 1) -// } - -// func (u *AuthGuardTest) TestValidateSkippedFromExcludePath() { -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return("POST") -// c.On("Path").Return("/exclude") -// c.On("Token").Return("") -// c.On("Next") - -// h := NewAuthGuard(srv, u.ExcludePath, u.conf) -// h.Validate(c) - -// c.AssertNumberOfCalls(u.T(), "Next", 1) -// c.AssertNumberOfCalls(u.T(), "Token", 0) -// } - -// func (u *AuthGuardTest) TestValidateSkippedFromExcludePathWithID() { -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return("POST") -// c.On("Path").Return("/exclude/1") -// c.On("Token").Return("") -// c.On("Next") - -// h := NewAuthGuard(srv, u.ExcludePath, u.conf) -// h.Validate(c) - -// c.AssertNumberOfCalls(u.T(), "Next", 1) -// c.AssertNumberOfCalls(u.T(), "Token", 0) -// } - -// func (u *AuthGuardTest) TestValidateFailed() { -// want := u.UnauthorizedErr - -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return("POST") -// c.On("Path").Return("/auth") -// c.On("Token").Return(u.Token) -// srv.On("Validate", u.Token).Return(nil, u.UnauthorizedErr) - -// h := NewAuthGuard(srv, u.ExcludePath, u.conf) -// h.Validate(c) - -// assert.Equal(u.T(), want, c.V) -// } - -// func (u *AuthGuardTest) TestValidateTokenNotIncluded() { -// want := u.UnauthorizedErr - -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return("POST") -// c.On("Path").Return("/auth") -// c.On("Token").Return("") -// srv.On("Validate") - -// h := NewAuthGuard(srv, u.ExcludePath, u.conf) -// h.Validate(c) - -// assert.Equal(u.T(), want, c.V) -// srv.AssertNumberOfCalls(u.T(), "Validate", 0) -// } - -// func (u *AuthGuardTest) TestValidateTokenGrpcErr() { -// want := u.ServiceDownErr - -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return("POST") -// c.On("Path").Return("/auth") -// c.On("Token").Return(u.Token) -// srv.On("Validate", u.Token).Return(nil, u.ServiceDownErr) - -// h := NewAuthGuard(srv, u.ExcludePath, u.conf) -// h.Validate(c) - -// assert.Equal(u.T(), want, c.V) -// } - -// func testConfigSuccess(t *testing.T, u *AuthGuardTest, conf config.App, mth string, pth string) { -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return(mth) -// c.On("Path").Return(pth) -// c.On("Next") - -// h := NewAuthGuard(srv, u.ExcludePath, conf) -// h.CheckConfig(c) - -// c.AssertNumberOfCalls(t, "Next", 1) -// } - -// func (u *AuthGuardTest) TestConfigSuccess() { -// u.conf.Phase = "register" -// testConfigSuccess(u.T(), u, u.conf, "GET", "/user") -// testConfigSuccess(u.T(), u, u.conf, "PUT", "/user") -// u.conf.Phase = "select" -// testConfigSuccess(u.T(), u, u.conf, "GET", "/group/1") -// testConfigSuccess(u.T(), u, u.conf, "DELETE", "/group/members/2") -// testConfigSuccess(u.T(), u, u.conf, "DELETE", "/group/leave") -// u.conf.Phase = "eventDay" -// testConfigSuccess(u.T(), u, u.conf, "POST", "/qr/checkin/verify") -// u.conf.Phase = "eStamp" -// testConfigSuccess(u.T(), u, u.conf, "POST", "/qr/estamp/confirm") -// } - -// func testConfigFail(t *testing.T, u *AuthGuardTest, conf config.App, mth string, pth string) { -// want := u.ForbiddenErr - -// srv := new(auth.ServiceMock) -// c := new(rctx.ContextMock) - -// c.On("Method").Return(mth) -// c.On("Path").Return(pth) -// c.On("Next") - -// h := NewAuthGuard(srv, u.ExcludePath, conf) -// h.CheckConfig(c) - -// assert.Equal(t, want, c.V) -// } - -// func (u *AuthGuardTest) TestConfigFail() { -// u.conf.Phase = "register" -// testConfigFail(u.T(), u, u.conf, "PUT", "/group") -// u.conf.Phase = "select" -// testConfigFail(u.T(), u, u.conf, "PUT", "/file/upload") -// testConfigFail(u.T(), u, u.conf, "GET", "/estamp/1") -// u.conf.Phase = "eventDay" -// testConfigFail(u.T(), u, u.conf, "PUT", "/group") -// u.conf.Phase = "emStamp" -// testConfigFail(u.T(), u, u.conf, "PUT", "/group") -// } +import ( + "net/http" + "testing" + + "github.com/bxcodec/faker/v3" + "github.com/isd-sgcu/rpkm66-gateway/internal/dto" + "github.com/isd-sgcu/rpkm66-gateway/mocks/auth" + "github.com/isd-sgcu/rpkm66-gateway/mocks/rctx" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" +) + +type AuthGuardTest struct { + suite.Suite + UserId string + Role string + Token string + UnauthorizedErr *dto.ResponseErr + ServiceDownErr *dto.ResponseErr + ForbiddenErr *dto.ResponseErr +} + +func TestAuthGuard(t *testing.T) { + suite.Run(t, new(AuthGuardTest)) +} + +func (u *AuthGuardTest) SetupTest() { + u.ServiceDownErr = &dto.ResponseErr{ + StatusCode: http.StatusServiceUnavailable, + Message: "Service is down", + Data: nil, + } + + u.UnauthorizedErr = &dto.ResponseErr{ + StatusCode: http.StatusUnauthorized, + Message: "Invalid token", + Data: nil, + } + + u.ForbiddenErr = &dto.ResponseErr{ + StatusCode: http.StatusForbidden, + Message: "Forbidden Resource", + Data: nil, + } + + u.Token = faker.Word() + u.UserId = faker.UUIDDigit() + u.Role = "ADMIN" +} + +func (u *AuthGuardTest) TestValidateSuccess() { + wantId := u.UserId + wantRole := u.Role + + srv := new(auth.ServiceMock) + c := &rctx.ContextMock{ + Header: map[string]string{}, + } + + c.On("Token").Return(u.Token) + srv.On("Validate", u.Token).Return(&dto.TokenPayloadAuth{ + UserId: u.UserId, + Role: u.Role, + }, nil) + c.On("StoreValue", "UserId", u.UserId) + c.On("StoreValue", "Role", u.Role) + c.On("Next") + + h := NewAuthGuard(srv) + h.Validate(c) + + actualId := c.Header["UserId"] + actualRole := c.Header["Role"] + + assert.Equal(u.T(), wantId, actualId) + assert.Equal(u.T(), wantRole, actualRole) +} + +// other case is TBD