1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
use super::authorizer::Authorizer;
use envoy_types::ext_authz::v3::pb::CheckRequest;
pub struct CedarAuthorizer {}
impl CedarAuthorizer {
pub fn new() -> CedarAuthorizer {
CedarAuthorizer {}
}
}
impl Default for CedarAuthorizer {
fn default() -> Self {
Self::new()
}
}
impl Authorizer for CedarAuthorizer {
fn authorize(&self, request: CheckRequest) -> bool {
let headers = request
.attributes
.as_ref()
.and_then(|attr| attr.request.as_ref())
.and_then(|req| req.http.as_ref())
.map(|http| &http.headers)
.unwrap();
if let Some(authorization) = headers.get("authorization") {
if authorization == "Bearer valid-token" {
return true;
}
}
false
}
}
mod x {
pub fn build<T: Default>() -> T {
T::default()
}
pub fn build_with<T, F>(initializer: F) -> T
where
T: Default,
F: std::ops::FnOnce(&mut T),
{
let mut item = build::<T>();
initializer(&mut item);
item
}
}
#[cfg(test)]
mod tests {
use super::*;
use envoy_types::pb::envoy::service::auth::v3::{AttributeContext, attribute_context};
use std::collections::HashMap;
fn create_test_request_with_headers(headers: HashMap<String, String>) -> CheckRequest {
x::build_with(|item: &mut CheckRequest| {
item.attributes = Some(x::build_with(|item: &mut AttributeContext| {
item.request = Some(x::build_with(|item: &mut attribute_context::Request| {
item.http = Some(x::build_with(
|item: &mut attribute_context::HttpRequest| {
item.headers = headers;
},
));
}));
}));
})
}
#[test]
fn test_cedar_authorizer_allows_valid_token() {
let authorizer = CedarAuthorizer::new();
let mut headers = HashMap::new();
headers.insert(
"authorization".to_string(),
"Bearer valid-token".to_string(),
);
let request = create_test_request_with_headers(headers);
let result = authorizer.authorize(request);
assert!(result);
}
#[test]
fn test_cedar_authorizer_denies_invalid_token() {
let authorizer = CedarAuthorizer::new();
let mut headers = HashMap::new();
headers.insert(
"authorization".to_string(),
"Bearer invalid-token".to_string(),
);
let request = create_test_request_with_headers(headers);
let result = authorizer.authorize(request);
assert!(!result);
}
#[test]
fn test_cedar_authorizer_denies_missing_header() {
let authorizer = CedarAuthorizer::new();
let headers = HashMap::new();
let request = create_test_request_with_headers(headers);
let result = authorizer.authorize(request);
assert!(!result);
}
// test css passthrough
// test javascript passthrough
// test ico passthrough
// test png,jpg,bmp passthrough
// test html passthrough
// #[test]
// fn authorize_test_css_passthrough() {
// let authorizer = CedarAuthorizer::new();
// let request = CheckRequest {
// attributes: Some(AttributeContext {
// ..Default::default()
// }),
// };
// let result = authorizer.authorize(request);
// assert!(result)
// }
}
|
