diff --git a/auth/service/api/v1/restricted_token.go b/auth/service/api/v1/restricted_token.go index 886b74913..912cac5c8 100644 --- a/auth/service/api/v1/restricted_token.go +++ b/auth/service/api/v1/restricted_token.go @@ -14,11 +14,11 @@ import ( func (r *Router) RestrictedTokensRoutes() []*rest.Route { return []*rest.Route{ rest.Get("/v1/users/:userId/restricted_tokens", api.RequireServer(r.ListUserRestrictedTokens)), - rest.Post("/v1/users/:userId/restricted_tokens", api.Require(r.CreateUserRestrictedToken)), + rest.Post("/v1/users/:userId/restricted_tokens", api.RequireAuth(r.CreateUserRestrictedToken)), rest.Delete("/v1/users/:userId/restricted_tokens", api.RequireServer(r.DeleteAllRestrictedTokens)), rest.Get("/v1/restricted_tokens/:id", api.RequireServer(r.GetRestrictedToken)), rest.Put("/v1/restricted_tokens/:id", api.RequireServer(r.UpdateRestrictedToken)), - rest.Delete("/v1/restricted_tokens/:id", api.Require(r.DeleteRestrictedToken)), + rest.Delete("/v1/restricted_tokens/:id", api.RequireAuth(r.DeleteRestrictedToken)), } } diff --git a/data/service/api/standard.go b/data/service/api/standard.go index c381e1ca2..0c27d4ad2 100644 --- a/data/service/api/standard.go +++ b/data/service/api/standard.go @@ -72,19 +72,15 @@ func NewStandard(svc service.Service, metricClient metric.Client, permissionClie func (s *Standard) DEPRECATEDInitializeRouter(routes []dataService.Route) error { baseRoutes := []dataService.Route{ - dataService.MakeRoute("GET", "/status", s.StatusGet), - dataService.MakeRoute("GET", "/version", s.VersionGet), + dataService.Get("/status", s.StatusGet), + dataService.Get("/version", s.VersionGet), } routes = append(baseRoutes, routes...) var contextRoutes []*rest.Route for _, route := range routes { - contextRoutes = append(contextRoutes, &rest.Route{ - HttpMethod: route.Method, - PathExp: route.Path, - Func: s.withContext(route.Handler), - }) + contextRoutes = append(contextRoutes, route.ToRestRoute(s.withContext)) } router, err := rest.MakeRouter(contextRoutes...) diff --git a/data/service/api/v1/alerts.go b/data/service/api/v1/alerts.go index 9d88387b7..64dde18e9 100644 --- a/data/service/api/v1/alerts.go +++ b/data/service/api/v1/alerts.go @@ -13,13 +13,14 @@ import ( "github.com/tidepool-org/platform/permission" "github.com/tidepool-org/platform/request" platform "github.com/tidepool-org/platform/service" + "github.com/tidepool-org/platform/service/api" ) func AlertsRoutes() []service.Route { return []service.Route{ - service.MakeRoute("GET", "/v1/alerts/:userID/:followedUserID", EnforceAuthentication(GetAlert)), - service.MakeRoute("POST", "/v1/alerts/:userID/:followedUserID", EnforceAuthentication(UpsertAlert)), - service.MakeRoute("DELETE", "/v1/alerts/:userID/:followedUserID", EnforceAuthentication(DeleteAlert)), + service.Get("/v1/alerts/:userID/:followedUserID", GetAlert, api.RequireAuth), + service.Post("/v1/alerts/:userID/:followedUserID", UpsertAlert, api.RequireAuth), + service.Delete("/v1/alerts/:userID/:followedUserID", DeleteAlert, api.RequireAuth), } } diff --git a/data/service/api/v1/authenticate_middleware.go b/data/service/api/v1/authenticate_middleware.go deleted file mode 100644 index 2fc7b493f..000000000 --- a/data/service/api/v1/authenticate_middleware.go +++ /dev/null @@ -1,33 +0,0 @@ -package v1 - -import ( - dataService "github.com/tidepool-org/platform/data/service" - "github.com/tidepool-org/platform/request" - "github.com/tidepool-org/platform/service" -) - -// EnforceAuthentication responds with an error if AuthDetails are absent. -// -// In essence, this function indicates that a request must be authenticated to -// be processed. Any unauthenticated requests will trigger an error response. -// -// EnforceAuthentication works by checking for the existence of an AuthDetails -// sentinel value, which implies an important assumption: -// -// The existence of AuthDetails in the request's Context indicates that the -// request has already been properly authenticated. -// -// The function that performs the actual authentication is in the -// service/middleware package. As long as no other code adds an AuthDetails -// value to the request's Context (when the request isn't properly -// authenticated) then things should be good. -func EnforceAuthentication(handler dataService.HandlerFunc) dataService.HandlerFunc { - return func(context dataService.Context) { - if authDetails := request.GetAuthDetails(context.Request().Context()); authDetails == nil { - context.RespondWithError(service.ErrorUnauthenticated()) - return - } - - handler(context) - } -} diff --git a/data/service/api/v1/data_set.go b/data/service/api/v1/data_set.go index ced6de9d1..e8cfb10b4 100644 --- a/data/service/api/v1/data_set.go +++ b/data/service/api/v1/data_set.go @@ -8,20 +8,13 @@ import ( "github.com/tidepool-org/platform/page" "github.com/tidepool-org/platform/permission" "github.com/tidepool-org/platform/request" + "github.com/tidepool-org/platform/service/api" ) -// TODO: BEGIN: Update to new service paradigm -// func (r *Router) DataSetsRoutes() []*rest.Route { -// return []*rest.Route{ -// rest.Get("/v1/users/:userId/data_sets", api.Require(r.ListUserDataSets)), -// rest.Get("/v1/data_sets/:id", api.Require(r.GetDataSet)), -// } -// } - func DataSetsRoutes() []dataService.Route { return []dataService.Route{ - dataService.MakeRoute("GET", "/v1/users/:userId/data_sets", EnforceAuthentication(ListUserDataSets)), - dataService.MakeRoute("GET", "/v1/data_sets/:dataSetId", EnforceAuthentication(GetDataSet)), + dataService.Get("/v1/users/:userId/data_sets", ListUserDataSets, api.RequireAuth), + dataService.Get("/v1/data_sets/:dataSetId", GetDataSet, api.RequireAuth), } } diff --git a/data/service/api/v1/data_source.go b/data/service/api/v1/data_source.go index 3143f3397..2f71d9a0c 100644 --- a/data/service/api/v1/data_source.go +++ b/data/service/api/v1/data_source.go @@ -7,27 +7,17 @@ import ( dataSource "github.com/tidepool-org/platform/data/source" "github.com/tidepool-org/platform/page" "github.com/tidepool-org/platform/request" + "github.com/tidepool-org/platform/service/api" ) -// TODO: BEGIN: Update to new service paradigm -// func (r *Router) SourcesRoutes() []*rest.Route { -// return []*rest.Route{ -// rest.Get("/v1/users/:userId/data_sources", api.Require(r.ListSources)), -// rest.Post("/v1/users/:userId/data_sources", api.RequireServer(r.CreateSource)), -// rest.Get("/v1/data_sources/:id", api.Require(r.GetSource)), -// rest.Put("/v1/data_sources/:id", api.RequireServer(r.UpdateSource)), -// rest.Delete("/v1/data_sources/:id", api.RequireServer(r.DeleteSource)), -// } -// } - func SourcesRoutes() []dataService.Route { return []dataService.Route{ - dataService.MakeRoute("GET", "/v1/users/:userId/data_sources", EnforceAuthentication(ListSources)), - dataService.MakeRoute("POST", "/v1/users/:userId/data_sources", EnforceAuthentication(CreateSource)), - dataService.MakeRoute("DELETE", "/v1/users/:userId/data_sources", EnforceAuthentication(DeleteAllSources)), - dataService.MakeRoute("GET", "/v1/data_sources/:id", EnforceAuthentication(GetSource)), - dataService.MakeRoute("PUT", "/v1/data_sources/:id", EnforceAuthentication(UpdateSource)), - dataService.MakeRoute("DELETE", "/v1/data_sources/:id", EnforceAuthentication(DeleteSource)), + dataService.Get("/v1/users/:userId/data_sources", ListSources, api.RequireAuth), + dataService.Post("/v1/users/:userId/data_sources", CreateSource, api.RequireAuth), + dataService.Delete("/v1/users/:userId/data_sources", DeleteAllSources, api.RequireAuth), + dataService.Get("/v1/data_sources/:id", GetSource, api.RequireAuth), + dataService.Put("/v1/data_sources/:id", UpdateSource, api.RequireAuth), + dataService.Delete("/v1/data_sources/:id", DeleteSource, api.RequireAuth), } } diff --git a/data/service/api/v1/summary.go b/data/service/api/v1/summary.go index f2bfe8976..6f92efdcb 100644 --- a/data/service/api/v1/summary.go +++ b/data/service/api/v1/summary.go @@ -7,6 +7,7 @@ import ( dataService "github.com/tidepool-org/platform/data/service" "github.com/tidepool-org/platform/data/summary" "github.com/tidepool-org/platform/data/summary/types" + "github.com/tidepool-org/platform/service/api" "github.com/tidepool-org/platform/page" "github.com/tidepool-org/platform/permission" @@ -16,20 +17,20 @@ import ( func SummaryRoutes() []dataService.Route { return []dataService.Route{ - dataService.MakeRoute("GET", "/v1/summaries/cgm/:userId", EnforceAuthentication(GetSummary[types.CGMStats, *types.CGMStats])), - dataService.MakeRoute("GET", "/v1/summaries/bgm/:userId", EnforceAuthentication(GetSummary[types.BGMStats, *types.BGMStats])), + dataService.Get("/v1/summaries/cgm/:userId", GetSummary[types.CGMStats, *types.CGMStats], api.RequireAuth), + dataService.Get("/v1/summaries/bgm/:userId", GetSummary[types.BGMStats, *types.BGMStats], api.RequireAuth), - dataService.MakeRoute("POST", "/v1/summaries/cgm/:userId", EnforceAuthentication(UpdateSummary[types.CGMStats, *types.CGMStats])), - dataService.MakeRoute("POST", "/v1/summaries/bgm/:userId", EnforceAuthentication(UpdateSummary[types.BGMStats, *types.BGMStats])), + dataService.Post("/v1/summaries/cgm/:userId", UpdateSummary[types.CGMStats, *types.CGMStats], api.RequireAuth), + dataService.Post("/v1/summaries/bgm/:userId", UpdateSummary[types.BGMStats, *types.BGMStats], api.RequireAuth), - dataService.MakeRoute("POST", "/v1/summaries/backfill/cgm", EnforceAuthentication(BackfillSummaries[types.CGMStats, *types.CGMStats])), - dataService.MakeRoute("POST", "/v1/summaries/backfill/bgm", EnforceAuthentication(BackfillSummaries[types.BGMStats, *types.BGMStats])), + dataService.Post("/v1/summaries/backfill/cgm", BackfillSummaries[types.CGMStats, *types.CGMStats], api.RequireAuth), + dataService.Post("/v1/summaries/backfill/bgm", BackfillSummaries[types.BGMStats, *types.BGMStats], api.RequireAuth), - dataService.MakeRoute("GET", "/v1/summaries/outdated/cgm", EnforceAuthentication(GetOutdatedUserIDs[types.CGMStats, *types.CGMStats])), - dataService.MakeRoute("GET", "/v1/summaries/outdated/bgm", EnforceAuthentication(GetOutdatedUserIDs[types.BGMStats, *types.BGMStats])), + dataService.Get("/v1/summaries/outdated/cgm", GetOutdatedUserIDs[types.CGMStats, *types.CGMStats], api.RequireAuth), + dataService.Get("/v1/summaries/outdated/bgm", GetOutdatedUserIDs[types.BGMStats, *types.BGMStats], api.RequireAuth), - dataService.MakeRoute("GET", "/v1/summaries/migratable/cgm", EnforceAuthentication(GetMigratableUserIDs[types.CGMStats, *types.CGMStats])), - dataService.MakeRoute("GET", "/v1/summaries/migratable/bgm", EnforceAuthentication(GetMigratableUserIDs[types.BGMStats, *types.BGMStats])), + dataService.Get("/v1/summaries/migratable/cgm", GetMigratableUserIDs[types.CGMStats, *types.CGMStats], api.RequireAuth), + dataService.Get("/v1/summaries/migratable/bgm", GetMigratableUserIDs[types.BGMStats, *types.BGMStats], api.RequireAuth), } } diff --git a/data/service/api/v1/v1.go b/data/service/api/v1/v1.go index ad2ba51d5..9cf17c951 100644 --- a/data/service/api/v1/v1.go +++ b/data/service/api/v1/v1.go @@ -1,22 +1,25 @@ package v1 -import "github.com/tidepool-org/platform/data/service" +import ( + "github.com/tidepool-org/platform/data/service" + "github.com/tidepool-org/platform/service/api" +) func Routes() []service.Route { routes := []service.Route{ - service.MakeRoute("POST", "/v1/datasets/:dataSetId/data", EnforceAuthentication(DataSetsDataCreate)), - service.MakeRoute("DELETE", "/v1/datasets/:dataSetId", EnforceAuthentication(DataSetsDelete)), - service.MakeRoute("PUT", "/v1/datasets/:dataSetId", EnforceAuthentication(DataSetsUpdate)), - service.MakeRoute("DELETE", "/v1/users/:userId/data", EnforceAuthentication(UsersDataDelete)), - service.MakeRoute("POST", "/v1/users/:userId/datasets", EnforceAuthentication(UsersDataSetsCreate)), - service.MakeRoute("GET", "/v1/users/:userId/datasets", EnforceAuthentication(UsersDataSetsGet)), + service.Post("/v1/datasets/:dataSetId/data", DataSetsDataCreate, api.RequireAuth), + service.Delete("/v1/datasets/:dataSetId", DataSetsDelete, api.RequireAuth), + service.Put("/v1/datasets/:dataSetId", DataSetsUpdate, api.RequireAuth), + service.Delete("/v1/users/:userId/data", UsersDataDelete, api.RequireAuth), + service.Post("/v1/users/:userId/datasets", UsersDataSetsCreate, api.RequireAuth), + service.Get("/v1/users/:userId/datasets", UsersDataSetsGet, api.RequireAuth), - service.MakeRoute("POST", "/v1/data_sets/:dataSetId/data", EnforceAuthentication(DataSetsDataCreate)), - service.MakeRoute("DELETE", "/v1/data_sets/:dataSetId/data", EnforceAuthentication(DataSetsDataDelete)), - service.MakeRoute("DELETE", "/v1/data_sets/:dataSetId", EnforceAuthentication(DataSetsDelete)), - service.MakeRoute("PUT", "/v1/data_sets/:dataSetId", EnforceAuthentication(DataSetsUpdate)), - service.MakeRoute("GET", "/v1/time", TimeGet), - service.MakeRoute("POST", "/v1/users/:userId/data_sets", EnforceAuthentication(UsersDataSetsCreate)), + service.Post("/v1/data_sets/:dataSetId/data", DataSetsDataCreate, api.RequireAuth), + service.Delete("/v1/data_sets/:dataSetId/data", DataSetsDataDelete, api.RequireAuth), + service.Delete("/v1/data_sets/:dataSetId", DataSetsDelete, api.RequireAuth), + service.Put("/v1/data_sets/:dataSetId", DataSetsUpdate, api.RequireAuth), + service.Get("/v1/time", TimeGet), + service.Post("/v1/users/:userId/data_sets", UsersDataSetsCreate, api.RequireAuth), } routes = append(routes, DataSetsRoutes()...) diff --git a/data/service/route.go b/data/service/route.go index 5c0d6c6f8..50da09d46 100644 --- a/data/service/route.go +++ b/data/service/route.go @@ -1,15 +1,67 @@ package service +import ( + "net/http" + + "github.com/ant0ine/go-json-rest/rest" +) + type Route struct { - Method string - Path string - Handler HandlerFunc + Handler HandlerFunc + Method string + Path string + middleware []rest.MiddlewareSimple } -func MakeRoute(method string, path string, handler HandlerFunc) Route { +// MakeRoute builds a Route. +// +// Consider using the handy Get, Post, etc helpers. +func MakeRoute(method string, path string, handler HandlerFunc, middleware ...rest.MiddlewareSimple) Route { return Route{ - Method: method, - Path: path, - Handler: handler, + Method: method, + Path: path, + Handler: handler, + middleware: middleware, + } +} + +// Delete wraps MakeRoute for easy DELETE route creation. +func Delete(path string, handler HandlerFunc, middleware ...rest.MiddlewareSimple) Route { + return MakeRoute(http.MethodDelete, path, handler, middleware...) +} + +// Get wraps MakeRoute for easy GET route creation. +func Get(path string, handler HandlerFunc, middleware ...rest.MiddlewareSimple) Route { + return MakeRoute(http.MethodGet, path, handler, middleware...) +} + +// Patch wraps MakeRoute for easy PATCH route creation. +func Patch(path string, handler HandlerFunc, middleware ...rest.MiddlewareSimple) Route { + return MakeRoute(http.MethodPatch, path, handler, middleware...) +} + +// Post wraps MakeRoute for easy POST route creation. +func Post(path string, handler HandlerFunc, middleware ...rest.MiddlewareSimple) Route { + return MakeRoute(http.MethodPost, path, handler, middleware...) +} + +// Put wraps MakeRoute for easy PUT route creation. +func Put(path string, handler HandlerFunc, middleware ...rest.MiddlewareSimple) Route { + return MakeRoute(http.MethodPut, path, handler, middleware...) +} + +// RestRouteAdapterFunc adapts a HandlerFunc to a rest.HandlerFunc. +type RestRouteAdapterFunc (func(HandlerFunc) rest.HandlerFunc) + +// ToRestRoute converts a Route to a rest.Route. +func (r *Route) ToRestRoute(f RestRouteAdapterFunc) *rest.Route { + var middlewares []rest.Middleware + for _, s := range r.middleware { + middlewares = append(middlewares, rest.MiddlewareSimple(s)) + } + return &rest.Route{ + HttpMethod: r.Method, + PathExp: r.Path, + Func: rest.WrapMiddlewares(middlewares, f(r.Handler)), } } diff --git a/prescription/api/router.go b/prescription/api/router.go index d664414e8..e227164c8 100644 --- a/prescription/api/router.go +++ b/prescription/api/router.go @@ -45,8 +45,8 @@ func (r *Router) Routes() []*rest.Route { rest.Delete("/v1/clinics/:clinicId/prescriptions/:prescriptionId", api.RequireUser(r.DeletePrescription)), rest.Post("/v1/patients/:userId/prescriptions", api.RequireUser(r.ClaimPrescription)), - rest.Get("/v1/patients/:userId/prescriptions", api.Require(r.ListUserPrescriptions)), - rest.Get("/v1/patients/:userId/prescriptions/:prescriptionId", api.Require(r.GetPatientPrescription)), + rest.Get("/v1/patients/:userId/prescriptions", api.RequireAuth(r.ListUserPrescriptions)), + rest.Get("/v1/patients/:userId/prescriptions/:prescriptionId", api.RequireAuth(r.GetPatientPrescription)), rest.Patch("/v1/patients/:userId/prescriptions/:prescriptionId", api.RequireUser(r.UpdateState)), } } diff --git a/service/api/api.go b/service/api/api.go index 961297857..39145bf25 100644 --- a/service/api/api.go +++ b/service/api/api.go @@ -63,7 +63,7 @@ func (a *API) InitializeMiddleware() error { if err != nil { return err } - authMiddleware, err := middleware.NewAuth(a.Secret(), a.AuthClient()) + authMiddleware, err := middleware.NewAuthenticator(a.Secret(), a.AuthClient()) if err != nil { return err } diff --git a/service/api/auth.go b/service/api/auth.go index 6c506f486..d7d3c9930 100644 --- a/service/api/auth.go +++ b/service/api/auth.go @@ -8,7 +8,21 @@ import ( "github.com/tidepool-org/platform/request" ) -func Require(handlerFunc rest.HandlerFunc) rest.HandlerFunc { +// RequireAuth aborts with an error if a request isn't authenticated. +// +// Requests with incorrect, invalid, or no credentials are rejected. +// +// RequireAuth works by checking for the existence of an AuthDetails sentinel +// value, which implies an important assumption: +// +// The existence of AuthDetails in the request's Context indicates that the +// request has already been properly authenticated. +// +// The function that performs the actual authentication is in the +// service/middleware package. As long as no other code adds an AuthDetails +// value to the request's Context (when the request isn't properly +// authenticated) then things should be good. +func RequireAuth(handlerFunc rest.HandlerFunc) rest.HandlerFunc { return func(res rest.ResponseWriter, req *rest.Request) { if handlerFunc != nil && res != nil && req != nil { if details := request.GetAuthDetails(req.Context()); details == nil { @@ -20,6 +34,7 @@ func Require(handlerFunc rest.HandlerFunc) rest.HandlerFunc { } } +// RequireServer aborts with an error if a request isn't authenticated as a server. func RequireServer(handlerFunc rest.HandlerFunc) rest.HandlerFunc { return func(res rest.ResponseWriter, req *rest.Request) { if handlerFunc != nil && res != nil && req != nil { @@ -34,6 +49,7 @@ func RequireServer(handlerFunc rest.HandlerFunc) rest.HandlerFunc { } } +// RequireUser aborts with an error if a request isn't authenticated as a user. func RequireUser(handlerFunc rest.HandlerFunc) rest.HandlerFunc { return func(res rest.ResponseWriter, req *rest.Request) { if handlerFunc != nil && res != nil && req != nil { diff --git a/service/api/auth_test.go b/service/api/auth_test.go index 4acd98cfd..1f0733426 100644 --- a/service/api/auth_test.go +++ b/service/api/auth_test.go @@ -17,7 +17,7 @@ import ( testRest "github.com/tidepool-org/platform/test/rest" ) -var _ = Describe("Auth", func() { +var _ = Describe("Authenticator", func() { var res *testRest.ResponseWriter var req *rest.Request var handlerFunc rest.HandlerFunc @@ -46,7 +46,7 @@ var _ = Describe("Auth", func() { Context("Require", func() { It("does nothing if handlerFunc is nil", func() { - requireFunc := api.Require(nil) + requireFunc := api.RequireAuth(nil) Expect(requireFunc).ToNot(BeNil()) requireFunc(res, req) Expect(res.WriteHeaderInputs).To(BeEmpty()) @@ -57,7 +57,7 @@ var _ = Describe("Auth", func() { var requireFunc rest.HandlerFunc BeforeEach(func() { - requireFunc = api.Require(handlerFunc) + requireFunc = api.RequireAuth(handlerFunc) Expect(requireFunc).ToNot(BeNil()) }) diff --git a/service/middleware/auth.go b/service/middleware/auth.go index 837a44bf6..76a629bf0 100644 --- a/service/middleware/auth.go +++ b/service/middleware/auth.go @@ -13,12 +13,15 @@ import ( "github.com/tidepool-org/platform/service" ) -type Auth struct { +// Authenticator provides a middleware to authenticate credentials. +// +// Requests without any credentials will pass. +type Authenticator struct { serviceSecret string authClient auth.Client } -func NewAuth(serviceSecret string, authClient auth.Client) (*Auth, error) { +func NewAuthenticator(serviceSecret string, authClient auth.Client) (*Authenticator, error) { if serviceSecret == "" { return nil, errors.New("service secret is missing") } @@ -26,13 +29,13 @@ func NewAuth(serviceSecret string, authClient auth.Client) (*Auth, error) { return nil, errors.New("auth client is missing") } - return &Auth{ + return &Authenticator{ serviceSecret: serviceSecret, authClient: authClient, }, nil } -func (a *Auth) MiddlewareFunc(handlerFunc rest.HandlerFunc) rest.HandlerFunc { +func (a *Authenticator) MiddlewareFunc(handlerFunc rest.HandlerFunc) rest.HandlerFunc { return func(res rest.ResponseWriter, req *rest.Request) { if handlerFunc != nil && res != nil && req != nil { oldRequest := req.Request @@ -75,7 +78,7 @@ func (a *Auth) MiddlewareFunc(handlerFunc rest.HandlerFunc) rest.HandlerFunc { } } -func (a *Auth) authenticate(req *rest.Request) (request.AuthDetails, error) { +func (a *Authenticator) authenticate(req *rest.Request) (request.AuthDetails, error) { details, err := a.authenticateServiceSecret(req) if err != nil || details != nil { return details, err @@ -94,7 +97,7 @@ func (a *Auth) authenticate(req *rest.Request) (request.AuthDetails, error) { return a.authenticateRestrictedToken(req) } -func (a *Auth) authenticateServiceSecret(req *rest.Request) (request.AuthDetails, error) { +func (a *Authenticator) authenticateServiceSecret(req *rest.Request) (request.AuthDetails, error) { values, found := req.Header[auth.TidepoolServiceSecretHeaderKey] if !found { return nil, nil @@ -109,7 +112,7 @@ func (a *Auth) authenticateServiceSecret(req *rest.Request) (request.AuthDetails return request.NewAuthDetails(request.MethodServiceSecret, "", ""), nil } -func (a *Auth) authenticateAccessToken(req *rest.Request) (request.AuthDetails, error) { +func (a *Authenticator) authenticateAccessToken(req *rest.Request) (request.AuthDetails, error) { values, found := req.Header[auth.TidepoolAuthorizationHeaderKey] if !found { return nil, nil @@ -130,7 +133,7 @@ func (a *Auth) authenticateAccessToken(req *rest.Request) (request.AuthDetails, return request.NewAuthDetails(request.MethodAccessToken, details.UserID(), details.Token()), nil } -func (a *Auth) authenticateSessionToken(req *rest.Request) (request.AuthDetails, error) { +func (a *Authenticator) authenticateSessionToken(req *rest.Request) (request.AuthDetails, error) { values, found := req.Header[auth.TidepoolSessionTokenHeaderKey] if !found { return nil, nil @@ -146,7 +149,7 @@ func (a *Auth) authenticateSessionToken(req *rest.Request) (request.AuthDetails, return details, nil } -func (a *Auth) authenticateRestrictedToken(req *rest.Request) (request.AuthDetails, error) { +func (a *Authenticator) authenticateRestrictedToken(req *rest.Request) (request.AuthDetails, error) { values, found := req.URL.Query()[auth.TidepoolRestrictedTokenParameterKey] if !found { return nil, nil diff --git a/service/middleware/auth_test.go b/service/middleware/auth_test.go index 782e80ed6..63d750024 100644 --- a/service/middleware/auth_test.go +++ b/service/middleware/auth_test.go @@ -36,28 +36,28 @@ var _ = Describe("Auth", func() { Context("NewAuth", func() { It("returns an error if service secret is missing", func() { - authMiddleware, err := middleware.NewAuth("", authClient) + authMiddleware, err := middleware.NewAuthenticator("", authClient) Expect(err).To(MatchError("service secret is missing")) Expect(authMiddleware).To(BeNil()) }) It("returns an error if auth client is missing", func() { - authMiddleware, err := middleware.NewAuth(serviceSecret, nil) + authMiddleware, err := middleware.NewAuthenticator(serviceSecret, nil) Expect(err).To(MatchError("auth client is missing")) Expect(authMiddleware).To(BeNil()) }) It("returns successfully", func() { - Expect(middleware.NewAuth(serviceSecret, authClient)).ToNot(BeNil()) + Expect(middleware.NewAuthenticator(serviceSecret, authClient)).ToNot(BeNil()) }) }) Context("with auth middleware", func() { - var authMiddleware *middleware.Auth + var authMiddleware *middleware.Authenticator BeforeEach(func() { var err error - authMiddleware, err = middleware.NewAuth(serviceSecret, authClient) + authMiddleware, err = middleware.NewAuthenticator(serviceSecret, authClient) Expect(err).ToNot(HaveOccurred()) Expect(authMiddleware).ToNot(BeNil()) })