diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/app.go | 18 | ||||
| -rw-r--r-- | app/init.go | 2 | ||||
| -rw-r--r-- | app/middleware/id_token.go | 2 | ||||
| -rw-r--r-- | app/middleware/user.go | 24 | ||||
| -rw-r--r-- | app/middleware/user_test.go | 33 |
5 files changed, 55 insertions, 24 deletions
@@ -8,6 +8,7 @@ import ( "github.com/rs/zerolog" "github.com/xlgmokha/x/pkg/ioc" "github.com/xlgmokha/x/pkg/log" + "github.com/xlgmokha/x/pkg/x" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/dashboard" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" @@ -35,10 +36,15 @@ func New(rootDir string) http.Handler { logger := ioc.MustResolve[*zerolog.Logger](ioc.Default) users := ioc.MustResolve[domain.Repository[*domain.User]](ioc.Default) - chain := middleware.IDToken( - ioc.MustResolve[*oidc.Provider](ioc.Default), - ioc.MustResolve[*oidc.Config](ioc.Default), - middleware.FromCookie(cfg.IDTokenCookie), - )(middleware.User(users)(mux)) - return log.HTTP(logger)(chain) + + return x.Middleware[http.Handler]( + mux, + log.HTTP(logger), + middleware.IDToken( + ioc.MustResolve[*oidc.Provider](ioc.Default), + ioc.MustResolve[*oidc.Config](ioc.Default), + middleware.FromCookie(cfg.IDTokenCookie), + ), + middleware.User(users), + ) } diff --git a/app/init.go b/app/init.go index 868c2f7..d9ca3de 100644 --- a/app/init.go +++ b/app/init.go @@ -20,7 +20,7 @@ import ( func init() { ioc.RegisterSingleton[*zerolog.Logger](ioc.Default, func() *zerolog.Logger { - return log.New(os.Stdout, log.Fields{}) + return log.New(os.Stdout, log.Fields{"app": "sparkled"}) }) ioc.RegisterSingleton[domain.Repository[*domain.Sparkle]](ioc.Default, func() domain.Repository[*domain.Sparkle] { return db.NewRepository[*domain.Sparkle]() diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go index 8084af0..bc6a05e 100644 --- a/app/middleware/id_token.go +++ b/app/middleware/id_token.go @@ -14,6 +14,8 @@ import ( func IDToken(provider *oidc.Provider, config *oidc.Config, parsers ...TokenParser) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + log.WithFields(r.Context(), log.Fields{"jwt": r.Header.Get("x-jwt-payload")}) + for _, parser := range parsers { rawIDToken := parser(r) if x.IsPresent(rawIDToken) { diff --git a/app/middleware/user.go b/app/middleware/user.go index 9a88f8e..6c018f4 100644 --- a/app/middleware/user.go +++ b/app/middleware/user.go @@ -14,20 +14,26 @@ import ( func User(db domain.Repository[*domain.User]) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - idToken := cfg.IDToken.From(r.Context()) - if x.IsZero(idToken) { - next.ServeHTTP(w, r) - return - } + subject := r.Header.Get("x-jwt-claim-sub") + user := db.Find(r.Context(), domain.ID(subject)) - user := db.Find(r.Context(), domain.ID(idToken.Subject)) if !x.IsPresent(user) { - user = mapper.MapFrom[*oidc.IDToken, *domain.User](idToken) - if err := db.Save(r.Context(), user); err != nil { - pls.LogError(r.Context(), err) + idToken := cfg.IDToken.From(r.Context()) + + if x.IsZero(idToken) { next.ServeHTTP(w, r) return } + + user = db.Find(r.Context(), domain.ID(idToken.Subject)) + if !x.IsPresent(user) { + user = mapper.MapFrom[*oidc.IDToken, *domain.User](idToken) + if err := db.Save(r.Context(), user); err != nil { + pls.LogError(r.Context(), err) + next.ServeHTTP(w, r) + return + } + } } next.ServeHTTP(w, r.WithContext(cfg.CurrentUser.With(r.Context(), user))) diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go index aed3582..7653684 100644 --- a/app/middleware/user_test.go +++ b/app/middleware/user_test.go @@ -61,16 +61,33 @@ func TestUser(t *testing.T) { }) t.Run("when ID Token is not provided", func(t *testing.T) { - server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - user := cfg.CurrentUser.From(r.Context()) - require.Nil(t, user) + t.Run("without custom headers", func(t *testing.T) { + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user := cfg.CurrentUser.From(r.Context()) + require.Nil(t, user) + + w.WriteHeader(http.StatusTeapot) + })) - w.WriteHeader(http.StatusTeapot) - })) + r, w := test.RequestResponse("GET", "/example") + server.ServeHTTP(w, r) - r, w := test.RequestResponse("GET", "/example") - server.ServeHTTP(w, r) + assert.Equal(t, http.StatusTeapot, w.Code) + }) - assert.Equal(t, http.StatusTeapot, w.Code) + t.Run("with x-jwt-claim-sub header", func(t *testing.T) { + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user := cfg.CurrentUser.From(r.Context()) + require.NotNil(t, user) + require.Equal(t, knownUser.ID, user.ID) + + w.WriteHeader(http.StatusTeapot) + })) + + r, w := test.RequestResponse("GET", "/example", test.WithRequestHeader("x-jwt-claim-sub", knownUser.ID.String())) + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + }) }) } |