package wrapper import ( "context" "net/http" "reflect" "testing" "time" "github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/client" "github.com/micro/go-micro/v2/errors" "github.com/micro/go-micro/v2/metadata" "github.com/micro/go-micro/v2/server" ) func TestWrapper(t *testing.T) { testData := []struct { existing metadata.Metadata headers metadata.Metadata overwrite bool }{ { existing: metadata.Metadata{}, headers: metadata.Metadata{ "Foo": "bar", }, overwrite: true, }, { existing: metadata.Metadata{ "Foo": "bar", }, headers: metadata.Metadata{ "Foo": "baz", }, overwrite: false, }, } for _, d := range testData { c := &fromServiceWrapper{ headers: d.headers, } ctx := metadata.NewContext(context.Background(), d.existing) ctx = c.setHeaders(ctx) md, _ := metadata.FromContext(ctx) for k, v := range d.headers { if d.overwrite && md[k] != v { t.Fatalf("Expected %s=%s got %s=%s", k, v, k, md[k]) } if !d.overwrite && md[k] != d.existing[k] { t.Fatalf("Expected %s=%s got %s=%s", k, d.existing[k], k, md[k]) } } } } type testAuth struct { verifyCount int inspectCount int namespace string inspectAccount *auth.Account verifyError error auth.Auth } func (a *testAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { a.verifyCount = a.verifyCount + 1 return a.verifyError } func (a *testAuth) Inspect(token string) (*auth.Account, error) { a.inspectCount = a.inspectCount + 1 return a.inspectAccount, nil } func (a *testAuth) Options() auth.Options { return auth.Options{Namespace: a.namespace} } type testRequest struct { service string endpoint string server.Request } func (r testRequest) Service() string { return r.service } func (r testRequest) Endpoint() string { return r.endpoint } func TestAuthHandler(t *testing.T) { h := func(ctx context.Context, req server.Request, rsp interface{}) error { return nil } debugReq := testRequest{service: "go.micro.service.foo", endpoint: "Debug.Foo"} serviceReq := testRequest{service: "go.micro.service.foo", endpoint: "Foo.Bar"} // Debug endpoints should be excluded from auth so auth.Verify should never get called t.Run("DebugEndpoint", func(t *testing.T) { a := testAuth{} handler := AuthHandler(func() auth.Auth { return &a }) err := handler(h)(context.TODO(), debugReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if a.verifyCount != 0 { t.Errorf("Did not expect verify to be called") } }) // If the Authorization header is blank, no error should be returned and verify not called t.Run("BlankAuthorizationHeader", func(t *testing.T) { a := testAuth{} handler := AuthHandler(func() auth.Auth { return &a }) err := handler(h)(context.TODO(), serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if a.inspectCount != 0 { t.Errorf("Did not expect inspect to be called") } }) // If the Authorization header is invalid, an error should be returned and verify not called t.Run("InvalidAuthorizationHeader", func(t *testing.T) { a := testAuth{} handler := AuthHandler(func() auth.Auth { return &a }) ctx := metadata.Set(context.TODO(), "Authorization", "Invalid") err := handler(h)(ctx, serviceReq, nil) if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusUnauthorized { t.Errorf("Expected unauthorized error but got %v", err) } if a.inspectCount != 0 { t.Errorf("Did not expect inspect to be called") } }) // If the Authorization header is valid, no error should be returned and verify should called t.Run("ValidAuthorizationHeader", func(t *testing.T) { a := testAuth{} handler := AuthHandler(func() auth.Auth { return &a }) ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if a.inspectCount != 1 { t.Errorf("Expected inspect to be called") } }) // If the namespace header was not set on the request, the wrapper should set it to the auths // own namespace t.Run("BlankNamespaceHeader", func(t *testing.T) { a := testAuth{namespace: "mynamespace"} handler := AuthHandler(func() auth.Auth { return &a }) inCtx := context.TODO() h := func(ctx context.Context, req server.Request, rsp interface{}) error { inCtx = ctx return nil } err := handler(h)(inCtx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if ns, _ := metadata.Get(inCtx, "Micro-Namespace"); ns != a.namespace { t.Errorf("Expected namespace to be set to %v but was %v", a.namespace, ns) } }) t.Run("ValidNamespaceHeader", func(t *testing.T) { a := testAuth{namespace: "mynamespace"} handler := AuthHandler(func() auth.Auth { return &a }) inNs := "reqnamespace" inCtx := metadata.Set(context.TODO(), "Micro-Namespace", inNs) h := func(ctx context.Context, req server.Request, rsp interface{}) error { inCtx = ctx return nil } err := handler(h)(inCtx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if ns, _ := metadata.Get(inCtx, "Micro-Namespace"); ns != inNs { t.Errorf("Expected namespace to remain as %v but was set to %v", inNs, ns) } }) // If the callers account was set but the issuer didn't match that of the request, the request // should be forbidden t.Run("InvalidAccountIssuer", func(t *testing.T) { a := testAuth{ namespace: "validnamespace", inspectAccount: &auth.Account{Issuer: "invalidnamespace"}, } handler := AuthHandler(func() auth.Auth { return &a }) ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusForbidden { t.Errorf("Expected forbidden error but got %v", err) } }) t.Run("ValidAccountIssuer", func(t *testing.T) { a := testAuth{ namespace: "validnamespace", inspectAccount: &auth.Account{Issuer: "validnamespace"}, } handler := AuthHandler(func() auth.Auth { return &a }) ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } }) // If the caller had a nil account and verify returns an error, the request should be unauthorised t.Run("NilAccountUnauthorized", func(t *testing.T) { a := testAuth{verifyError: auth.ErrForbidden} handler := AuthHandler(func() auth.Auth { return &a }) err := handler(h)(context.TODO(), serviceReq, nil) if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusUnauthorized { t.Errorf("Expected unauthorizard error but got %v", err) } }) t.Run("AccountForbidden", func(t *testing.T) { a := testAuth{verifyError: auth.ErrForbidden, inspectAccount: &auth.Account{}} handler := AuthHandler(func() auth.Auth { return &a }) ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusForbidden { t.Errorf("Expected forbidden error but got %v", err) } }) t.Run("AccountValid", func(t *testing.T) { a := testAuth{inspectAccount: &auth.Account{}} handler := AuthHandler(func() auth.Auth { return &a }) ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } }) // If an account is returned from inspecting the token, it should be set in the context t.Run("ContextWithAccount", func(t *testing.T) { accID := "myaccountid" a := testAuth{inspectAccount: &auth.Account{ID: accID}} handler := AuthHandler(func() auth.Auth { return &a }) inCtx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") h := func(ctx context.Context, req server.Request, rsp interface{}) error { inCtx = ctx return nil } err := handler(h)(inCtx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if acc, ok := auth.AccountFromContext(inCtx); !ok { t.Errorf("Expected an account to be set in the context") } else if acc.ID != accID { t.Errorf("Expected the account in the context to have the ID %v but it actually had %v", accID, acc.ID) } }) // If verify returns an error the handler should not be called t.Run("HandlerNotCalled", func(t *testing.T) { a := testAuth{verifyError: auth.ErrForbidden} handler := AuthHandler(func() auth.Auth { return &a }) var handlerCalled bool h := func(ctx context.Context, req server.Request, rsp interface{}) error { handlerCalled = true return nil } ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusUnauthorized { t.Errorf("Expected unauthorizard error but got %v", err) } if handlerCalled { t.Errorf("Expected the handler to not be called") } }) // If verify does not return an error the handler should be called t.Run("HandlerNotCalled", func(t *testing.T) { a := testAuth{} handler := AuthHandler(func() auth.Auth { return &a }) var handlerCalled bool h := func(ctx context.Context, req server.Request, rsp interface{}) error { handlerCalled = true return nil } ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") err := handler(h)(ctx, serviceReq, nil) if err != nil { t.Errorf("Expected nil error but got %v", err) } if !handlerCalled { t.Errorf("Expected the handler be called") } }) } type testClient struct { callCount int callRsp interface{} client.Client } func (c *testClient) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error { c.callCount++ if c.callRsp != nil { val := reflect.ValueOf(rsp).Elem() val.Set(reflect.ValueOf(c.callRsp).Elem()) } return nil } type testRsp struct { value string } func TestCacheWrapper(t *testing.T) { req := client.NewRequest("go.micro.service.foo", "Foo.Bar", nil) t.Run("NilCache", func(t *testing.T) { cli := new(testClient) w := CacheClient(func() *client.Cache { return nil }, cli) // perfroming two requests should increment the call count by two indicating the cache wasn't // used even though the WithCache option was passed. w.Call(context.TODO(), req, nil, client.WithCache(time.Minute)) w.Call(context.TODO(), req, nil, client.WithCache(time.Minute)) if cli.callCount != 2 { t.Errorf("Expected the client to have been called twice") } }) t.Run("OptionNotSet", func(t *testing.T) { cli := new(testClient) cache := client.NewCache() w := CacheClient(func() *client.Cache { return cache }, cli) // perfroming two requests should increment the call count by two since we didn't pass the WithCache // option to Call. w.Call(context.TODO(), req, nil) w.Call(context.TODO(), req, nil) if cli.callCount != 2 { t.Errorf("Expected the client to have been called twice") } }) t.Run("OptionSet", func(t *testing.T) { val := "foo" cli := &testClient{callRsp: &testRsp{value: val}} cache := client.NewCache() w := CacheClient(func() *client.Cache { return cache }, cli) // perfroming two requests should increment the call count by once since the second request should // have used the cache. The correct value should be set on both responses and no errors should // be returned. rsp1 := &testRsp{} rsp2 := &testRsp{} err1 := w.Call(context.TODO(), req, rsp1, client.WithCache(time.Minute)) err2 := w.Call(context.TODO(), req, rsp2, client.WithCache(time.Minute)) if err1 != nil { t.Errorf("Expected nil error, got %v", err1) } if err2 != nil { t.Errorf("Expected nil error, got %v", err2) } if rsp1.value != val { t.Errorf("Expected %v to be assigned to the value, got %v", val, rsp1.value) } if rsp2.value != val { t.Errorf("Expected %v to be assigned to the value, got %v", val, rsp2.value) } if cli.callCount != 1 { t.Errorf("Expected the client to be called 1 time, was actually called %v time(s)", cli.callCount) } }) }