mirror of
https://github.com/IS1DI/x0gp.git
synced 2026-07-19 05:47:02 +00:00
Add Supabase JWT authorization middleware, config parsing, and WebSocket token verification
This commit is contained in:
@@ -0,0 +1,125 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
const testSecret = "my-super-secret-supabase-jwt-key"
|
||||
|
||||
func generateTestToken(sub string, email string, expiresAt time.Time, secret string) (string, error) {
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"sub": sub,
|
||||
"email": email,
|
||||
"exp": expiresAt.Unix(),
|
||||
})
|
||||
return token.SignedString([]byte(secret))
|
||||
}
|
||||
|
||||
func TestValidateJWT(t *testing.T) {
|
||||
// 1. Valid token
|
||||
validToken, err := generateTestToken("driver-uuid-123", "driver@test.com", time.Now().Add(time.Hour), testSecret)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to generate valid token: %v", err)
|
||||
}
|
||||
|
||||
claims, err := ValidateJWT(validToken, testSecret)
|
||||
if err != nil {
|
||||
t.Errorf("expected no error, got: %v", err)
|
||||
}
|
||||
if claims.DriverID != "driver-uuid-123" || claims.Email != "driver@test.com" {
|
||||
t.Errorf("unexpected claims: %+v", claims)
|
||||
}
|
||||
|
||||
// 2. Expired token
|
||||
expiredToken, err := generateTestToken("driver-uuid-123", "driver@test.com", time.Now().Add(-time.Hour), testSecret)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to generate expired token: %v", err)
|
||||
}
|
||||
|
||||
_, err = ValidateJWT(expiredToken, testSecret)
|
||||
if err == nil {
|
||||
t.Error("expected error for expired token, got nil")
|
||||
}
|
||||
|
||||
// 3. Invalid signature
|
||||
_, err = ValidateJWT(validToken, "wrong-secret-key")
|
||||
if err == nil {
|
||||
t.Error("expected error for wrong signature, got nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthMiddleware(t *testing.T) {
|
||||
nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
driverID, ok := DriverIDFromContext(r.Context())
|
||||
if ok {
|
||||
w.Header().Set("X-Driver-ID", driverID)
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
})
|
||||
|
||||
// 1. DevMode = true: bypass authentication
|
||||
mwDev := Middleware(testSecret, true)(nextHandler)
|
||||
req := httptest.NewRequest(http.MethodGet, "/api/races", nil)
|
||||
w := httptest.NewRecorder()
|
||||
mwDev.ServeHTTP(w, req)
|
||||
|
||||
if w.Code != http.StatusOK {
|
||||
t.Errorf("expected 200 OK in DevMode, got %d", w.Code)
|
||||
}
|
||||
|
||||
// 2. DevMode = false: missing Authorization header
|
||||
mwProd := Middleware(testSecret, false)(nextHandler)
|
||||
w = httptest.NewRecorder()
|
||||
mwProd.ServeHTTP(w, req)
|
||||
|
||||
if w.Code != http.StatusUnauthorized {
|
||||
t.Errorf("expected 401 Unauthorized for missing auth header, got %d", w.Code)
|
||||
}
|
||||
|
||||
// 3. DevMode = false: invalid Authorization format
|
||||
reqFormat := httptest.NewRequest(http.MethodGet, "/api/races", nil)
|
||||
reqFormat.Header.Set("Authorization", "InvalidFormat token123")
|
||||
w = httptest.NewRecorder()
|
||||
mwProd.ServeHTTP(w, reqFormat)
|
||||
|
||||
if w.Code != http.StatusUnauthorized {
|
||||
t.Errorf("expected 401 Unauthorized for invalid format, got %d", w.Code)
|
||||
}
|
||||
|
||||
// 4. DevMode = false: valid token
|
||||
validToken, err := generateTestToken("driver-uuid-123", "driver@test.com", time.Now().Add(time.Hour), testSecret)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to generate valid token: %v", err)
|
||||
}
|
||||
|
||||
reqValid := httptest.NewRequest(http.MethodGet, "/api/races", nil)
|
||||
reqValid.Header.Set("Authorization", "Bearer "+validToken)
|
||||
w = httptest.NewRecorder()
|
||||
mwProd.ServeHTTP(w, reqValid)
|
||||
|
||||
if w.Code != http.StatusOK {
|
||||
t.Errorf("expected 200 OK for valid token, got %d", w.Code)
|
||||
}
|
||||
if w.Header().Get("X-Driver-ID") != "driver-uuid-123" {
|
||||
t.Errorf("expected X-Driver-ID header to be set in context, got %q", w.Header().Get("X-Driver-ID"))
|
||||
}
|
||||
}
|
||||
|
||||
func TestContextHelpers(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
if _, ok := DriverIDFromContext(ctx); ok {
|
||||
t.Error("expected ok=false for empty context")
|
||||
}
|
||||
|
||||
ctx = context.WithValue(ctx, driverIDKey, "test-driver")
|
||||
id, ok := DriverIDFromContext(ctx)
|
||||
if !ok || id != "test-driver" {
|
||||
t.Errorf("expected test-driver, got %s (ok=%t)", id, ok)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user