From 1057ef6acb545f88813c109a223e9e38b064ee51 Mon Sep 17 00:00:00 2001
From: ben-toogood <bentoogood@gmail.com>
Date: Wed, 25 Mar 2020 11:20:53 +0000
Subject: [PATCH] Add ContextWithToken (#1407)

* Add ContextWithToken

* Tidying up BearerScheme

Co-authored-by: Ben Toogood <ben@micro.mu>
---
 api/server/auth/auth.go | 16 +++-------------
 auth/auth.go            |  8 ++++++++
 client/grpc/grpc.go     |  7 ++-----
 util/wrapper/wrapper.go |  7 +++----
 4 files changed, 16 insertions(+), 22 deletions(-)

diff --git a/api/server/auth/auth.go b/api/server/auth/auth.go
index d7018f4c..1bd60508 100644
--- a/api/server/auth/auth.go
+++ b/api/server/auth/auth.go
@@ -9,11 +9,6 @@ import (
 	"github.com/micro/go-micro/v2/auth"
 )
 
-var (
-	// DefaultExcludes is the paths which are allowed by default
-	DefaultExcludes = []string{"/favicon.ico"}
-)
-
 // CombinedAuthHandler wraps a server and authenticates requests
 func CombinedAuthHandler(h http.Handler) http.Handler {
 	return authHandler{
@@ -27,24 +22,19 @@ type authHandler struct {
 	auth    auth.Auth
 }
 
-const (
-	// BearerScheme is the prefix in the auth header
-	BearerScheme = "Bearer "
-)
-
 func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	// Extract the token from the request
 	var token string
 	if header := req.Header.Get("Authorization"); len(header) > 0 {
 		// Extract the auth token from the request
-		if strings.HasPrefix(header, BearerScheme) {
-			token = header[len(BearerScheme):]
+		if strings.HasPrefix(header, auth.BearerScheme) {
+			token = header[len(auth.BearerScheme):]
 		}
 	} else {
 		// Get the token out the cookies if not provided in headers
 		if c, err := req.Cookie("micro-token"); err == nil && c != nil {
 			token = strings.TrimPrefix(c.Value, auth.TokenCookieName+"=")
-			req.Header.Set("Authorization", BearerScheme+token)
+			req.Header.Set("Authorization", auth.BearerScheme+token)
 		}
 	}
 
diff --git a/auth/auth.go b/auth/auth.go
index 5c5d7ba1..268f29ba 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/micro/go-micro/v2/metadata"
@@ -21,6 +22,8 @@ var (
 	ErrInvalidRole = errors.New("invalid role")
 	// ErrForbidden is returned when a user does not have the necessary roles to access a resource
 	ErrForbidden = errors.New("resource forbidden")
+	// BearerScheme used for Authorization header
+	BearerScheme = "Bearer "
 )
 
 // Auth providers authentication and authorization
@@ -125,3 +128,8 @@ func ContextWithAccount(ctx context.Context, account *Account) (context.Context,
 	// generate a new context with the MetadataKey set
 	return metadata.Set(ctx, MetadataKey, string(bytes)), nil
 }
+
+// ContextWithToken sets the auth token in the context
+func ContextWithToken(ctx context.Context, token string) (context.Context, error) {
+	return metadata.Set(ctx, "Authorization", fmt.Sprintf("%v%v", BearerScheme, token)), nil
+}
diff --git a/client/grpc/grpc.go b/client/grpc/grpc.go
index 432ef539..0357abc3 100644
--- a/client/grpc/grpc.go
+++ b/client/grpc/grpc.go
@@ -11,6 +11,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/broker"
 	"github.com/micro/go-micro/v2/client"
 	"github.com/micro/go-micro/v2/client/selector"
@@ -26,10 +27,6 @@ import (
 	gmetadata "google.golang.org/grpc/metadata"
 )
 
-var (
-	BearerScheme = "Bearer "
-)
-
 type grpcClient struct {
 	opts client.Options
 	pool *pool
@@ -137,7 +134,7 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
 	// set the authorization token if one is saved locally
 	if len(header["authorization"]) == 0 {
 		if token, err := config.Get("token"); err == nil && len(token) > 0 {
-			header["authorization"] = BearerScheme + token
+			header["authorization"] = auth.BearerScheme + token
 		}
 	}
 
diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go
index cab93d5c..99897178 100644
--- a/util/wrapper/wrapper.go
+++ b/util/wrapper/wrapper.go
@@ -31,7 +31,6 @@ type traceWrapper struct {
 
 var (
 	HeaderPrefix = "Micro-"
-	BearerScheme = "Bearer "
 )
 
 func (c *clientWrapper) setHeaders(ctx context.Context) context.Context {
@@ -44,7 +43,7 @@ func (c *clientWrapper) setHeaders(ctx context.Context) context.Context {
 		tk := a.Options().Token
 		// if the token if exists and auth header isn't set then set it
 		if len(tk) > 0 && len(md["Authorization"]) == 0 {
-			md["Authorization"] = BearerScheme + tk
+			md["Authorization"] = auth.BearerScheme + tk
 		}
 	}
 
@@ -174,11 +173,11 @@ func AuthHandler(fn func() auth.Auth, srvName string) server.HandlerWrapper {
 			var token string
 			if header, ok := metadata.Get(ctx, "Authorization"); ok {
 				// Ensure the correct scheme is being used
-				if !strings.HasPrefix(header, BearerScheme) {
+				if !strings.HasPrefix(header, auth.BearerScheme) {
 					return errors.Unauthorized("go.micro.auth", "invalid authorization header. expected Bearer schema")
 				}
 
-				token = header[len(BearerScheme):]
+				token = header[len(auth.BearerScheme):]
 			}
 
 			// Inspect the token and get the account