-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add support OIDC client credential authorization
Closes #751 Signed-off-by: Andrii Holovko <[email protected]>
- Loading branch information
Showing
22 changed files
with
558 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package mw | ||
|
||
import ( | ||
"crypto/subtle" | ||
"net/http" | ||
|
||
"github.com/labstack/echo/v4" | ||
) | ||
|
||
const ( | ||
header = "X-API-Key" | ||
) | ||
|
||
// APIKeyAuth returns a middleware that authenticates requests using the API key from X-API-Key header. | ||
func APIKeyAuth(apiKey string) echo.MiddlewareFunc { | ||
return func(next echo.HandlerFunc) echo.HandlerFunc { | ||
return func(c echo.Context) error { | ||
apiKeyHeader := c.Request().Header.Get(header) | ||
if subtle.ConstantTimeCompare([]byte(apiKeyHeader), []byte(apiKey)) != 1 { | ||
return &echo.HTTPError{ | ||
Code: http.StatusUnauthorized, | ||
Message: "Unauthorized", | ||
} | ||
} | ||
|
||
return next(c) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package mw_test | ||
|
||
import ( | ||
"net/http" | ||
"net/http/httptest" | ||
"testing" | ||
|
||
"github.com/labstack/echo/v4" | ||
"github.com/stretchr/testify/require" | ||
|
||
"github.com/trustbloc/vcs/pkg/restapi/v1/mw" | ||
) | ||
|
||
func TestApiKeyAuth(t *testing.T) { | ||
t.Run("Success", func(t *testing.T) { | ||
handlerCalled := false | ||
handler := func(c echo.Context) error { | ||
handlerCalled = true | ||
return c.String(http.StatusOK, "test") | ||
} | ||
|
||
middlewareChain := mw.APIKeyAuth("test-api-key")(handler) | ||
|
||
e := echo.New() | ||
req := httptest.NewRequest(http.MethodGet, "/", nil) | ||
req.Header.Set("X-API-Key", "test-api-key") | ||
rec := httptest.NewRecorder() | ||
c := e.NewContext(req, rec) | ||
|
||
err := middlewareChain(c) | ||
|
||
require.NoError(t, err) | ||
require.True(t, handlerCalled) | ||
}) | ||
|
||
t.Run("401 Unauthorized", func(t *testing.T) { | ||
handlerCalled := false | ||
handler := func(c echo.Context) error { | ||
handlerCalled = true | ||
return c.String(http.StatusOK, "test") | ||
} | ||
|
||
middlewareChain := mw.APIKeyAuth("test-api-key")(handler) | ||
|
||
e := echo.New() | ||
req := httptest.NewRequest(http.MethodGet, "/", nil) | ||
req.Header.Set("X-API-Key", "invalid-api-key") | ||
rec := httptest.NewRecorder() | ||
c := e.NewContext(req, rec) | ||
|
||
err := middlewareChain(c) | ||
|
||
require.Error(t, err) | ||
require.Contains(t, err.Error(), "Unauthorized") | ||
require.False(t, handlerCalled) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.