|
|
|
package serverinterceptors
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/tal-tech/go-zero/core/stores/redistest"
|
|
|
|
"github.com/tal-tech/go-zero/zrpc/internal/auth"
|
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/metadata"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestStreamAuthorizeInterceptor(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
app string
|
|
|
|
token string
|
|
|
|
strict bool
|
|
|
|
hasError bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "strict=false",
|
|
|
|
strict: false,
|
|
|
|
hasError: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "strict=true",
|
|
|
|
strict: true,
|
|
|
|
hasError: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "strict=true,with token",
|
|
|
|
app: "foo",
|
|
|
|
token: "bar",
|
|
|
|
strict: true,
|
|
|
|
hasError: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "strict=true,with error token",
|
|
|
|
app: "foo",
|
|
|
|
token: "error",
|
|
|
|
strict: true,
|
|
|
|
hasError: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
store, clean, err := redistest.CreateRedis()
|
|
|
|
assert.Nil(t, err)
|
|
|
|
defer clean()
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
if len(test.app) > 0 {
|
|
|
|
assert.Nil(t, store.Hset("apps", test.app, test.token))
|
|
|
|
defer store.Hdel("apps", test.app)
|
|
|
|
}
|
|
|
|
|
|
|
|
authenticator, err := auth.NewAuthenticator(store, "apps", test.strict)
|
|
|
|
assert.Nil(t, err)
|
|
|
|
interceptor := StreamAuthorizeInterceptor(authenticator)
|
|
|
|
md := metadata.New(map[string]string{
|
|
|
|
"app": "foo",
|
|
|
|
"token": "bar",
|
|
|
|
})
|
|
|
|
ctx := metadata.NewIncomingContext(context.Background(), md)
|
|
|
|
stream := mockedStream{ctx: ctx}
|
|
|
|
err = interceptor(nil, stream, nil, func(srv interface{}, stream grpc.ServerStream) error {
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
if test.hasError {
|
|
|
|
assert.NotNil(t, err)
|
|
|
|
} else {
|
|
|
|
assert.Nil(t, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUnaryAuthorizeInterceptor(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
app string
|
|
|
|
token string
|
|
|
|
strict bool
|
|
|
|
hasError bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "strict=false",
|
|
|
|
strict: false,
|
|
|
|
hasError: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "strict=true",
|
|
|
|
strict: true,
|
|
|
|
hasError: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "strict=true,with token",
|
|
|
|
app: "foo",
|
|
|
|
token: "bar",
|
|
|
|
strict: true,
|
|
|
|
hasError: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "strict=true,with error token",
|
|
|
|
app: "foo",
|
|
|
|
token: "error",
|
|
|
|
strict: true,
|
|
|
|
hasError: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
store, clean, err := redistest.CreateRedis()
|
|
|
|
assert.Nil(t, err)
|
|
|
|
defer clean()
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
if len(test.app) > 0 {
|
|
|
|
assert.Nil(t, store.Hset("apps", test.app, test.token))
|
|
|
|
defer store.Hdel("apps", test.app)
|
|
|
|
}
|
|
|
|
|
|
|
|
authenticator, err := auth.NewAuthenticator(store, "apps", test.strict)
|
|
|
|
assert.Nil(t, err)
|
|
|
|
interceptor := UnaryAuthorizeInterceptor(authenticator)
|
|
|
|
md := metadata.New(map[string]string{
|
|
|
|
"app": "foo",
|
|
|
|
"token": "bar",
|
|
|
|
})
|
|
|
|
ctx := metadata.NewIncomingContext(context.Background(), md)
|
|
|
|
_, err = interceptor(ctx, nil, nil,
|
|
|
|
func(ctx context.Context, req interface{}) (interface{}, error) {
|
|
|
|
return nil, nil
|
|
|
|
})
|
|
|
|
if test.hasError {
|
|
|
|
assert.NotNil(t, err)
|
|
|
|
} else {
|
|
|
|
assert.Nil(t, err)
|
|
|
|
}
|
|
|
|
if test.strict {
|
|
|
|
_, err = interceptor(context.Background(), nil, nil,
|
|
|
|
func(ctx context.Context, req interface{}) (interface{}, error) {
|
|
|
|
return nil, nil
|
|
|
|
})
|
|
|
|
assert.NotNil(t, err)
|
|
|
|
|
|
|
|
var md metadata.MD
|
|
|
|
ctx := metadata.NewIncomingContext(context.Background(), md)
|
|
|
|
_, err = interceptor(ctx, nil, nil,
|
|
|
|
func(ctx context.Context, req interface{}) (interface{}, error) {
|
|
|
|
return nil, nil
|
|
|
|
})
|
|
|
|
assert.NotNil(t, err)
|
|
|
|
|
|
|
|
md = metadata.New(map[string]string{
|
|
|
|
"app": "",
|
|
|
|
"token": "",
|
|
|
|
})
|
|
|
|
ctx = metadata.NewIncomingContext(context.Background(), md)
|
|
|
|
_, err = interceptor(ctx, nil, nil,
|
|
|
|
func(ctx context.Context, req interface{}) (interface{}, error) {
|
|
|
|
return nil, nil
|
|
|
|
})
|
|
|
|
assert.NotNil(t, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type mockedStream struct {
|
|
|
|
ctx context.Context
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockedStream) SetHeader(md metadata.MD) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockedStream) SendHeader(md metadata.MD) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockedStream) SetTrailer(md metadata.MD) {
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockedStream) Context() context.Context {
|
|
|
|
return m.ctx
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockedStream) SendMsg(v interface{}) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockedStream) RecvMsg(v interface{}) error {
|
|
|
|
return nil
|
|
|
|
}
|