Authentication: Implements authentication

web/request_types.go

@@ -0,0 +1,6 @@
+package web
+
+type AuthenticationRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}

web/server.go

@@ -9,9 +9,47 @@ import (
 	"code.severnaya.net/kordophone-mock/v2/server"
 )
 
+type MockHTTPServerConfiguration struct {
+	AuthEnabled bool
+}
+
 type MockHTTPServer struct {
-	Server server.Server
-	mux    http.ServeMux
+	Server      server.Server
+	mux         http.ServeMux
+	authEnabled bool
+}
+
+type AuthError struct {
+	message string
+}
+
+func (e *AuthError) Error() string {
+	return e.message
+}
+
+func (m *MockHTTPServer) checkAuthentication(r *http.Request) error {
+	if !m.authEnabled {
+		return nil
+	}
+
+	// Check for Authorization header
+	authHeader := r.Header.Get("Authorization")
+	if authHeader == "" {
+		return &AuthError{"Missing Authorization header"}
+	}
+
+	// Check for "Bearer" prefix
+	if authHeader[:7] != "Bearer " {
+		return &AuthError{"Invalid Authorization header"}
+	}
+
+	// Check for valid token
+	token := authHeader[7:]
+	if !m.Server.CheckBearerToken(token) {
+		return &AuthError{"Invalid token"}
+	}
+
+	return nil
 }
 
 func (m *MockHTTPServer) handleVersion(w http.ResponseWriter, r *http.Request) {
@@ -19,6 +57,12 @@ func (m *MockHTTPServer) handleVersion(w http.ResponseWriter, r *http.Request) {
 }
 
 func (m *MockHTTPServer) handleStatus(w http.ResponseWriter, r *http.Request) {
+	if err := m.checkAuthentication(r); err != nil {
+		log.Printf("Status: Error checking authentication: %s", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
+
 	fmt.Fprintf(w, "OK")
 }
 
@@ -38,19 +82,54 @@ func (m *MockHTTPServer) handleConversations(w http.ResponseWriter, r *http.Requ
 	w.Write(jsonData)
 }
 
+func (m *MockHTTPServer) handleAuthenticate(w http.ResponseWriter, r *http.Request) {
+	// Decode request body as AuthenticationRequest
+	var authReq AuthenticationRequest
+	err := json.NewDecoder(r.Body).Decode(&authReq)
+	if err != nil {
+		log.Printf("Authenticate: Error decoding request body: %s", err)
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	// Authenticate
+	token, err := m.Server.Authenticate(authReq.Username, authReq.Password)
+	if err != nil {
+		log.Printf("Authenticate: Error authenticating: %s", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
+
+	// Write response
+	w.Header().Set("Content-Type", "application/json")
+
+	// Encode token as JSON
+	jsonData, err := json.Marshal(token)
+	if err != nil {
+		log.Printf("Error marshalling token: %s", err)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// Write JSON to response
+	w.Write(jsonData)
+}
+
 func (m *MockHTTPServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	m.mux.ServeHTTP(w, r)
 }
 
-func NewMockHTTPServer() *MockHTTPServer {
+func NewMockHTTPServer(config MockHTTPServerConfiguration) *MockHTTPServer {
 	this := MockHTTPServer{
-		Server: *server.NewServer(),
-		mux:    *http.NewServeMux(),
+		Server:      *server.NewServer(),
+		mux:         *http.NewServeMux(),
+		authEnabled: config.AuthEnabled,
 	}
 
 	this.mux.Handle("/version", http.HandlerFunc(this.handleVersion))
 	this.mux.Handle("/conversations", http.HandlerFunc(this.handleConversations))
 	this.mux.Handle("/status", http.HandlerFunc(this.handleStatus))
+	this.mux.Handle("/authenticate", http.HandlerFunc(this.handleAuthenticate))
 
 	return &this
 }

web/server_test.go

@@ -1,6 +1,7 @@
 package web_test
 
 import (
+	"bytes"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -14,7 +15,7 @@ import (
 )
 
 func TestVersion(t *testing.T) {
-	s := httptest.NewServer(web.NewMockHTTPServer())
+	s := httptest.NewServer(web.NewMockHTTPServer(web.MockHTTPServerConfiguration{}))
 
 	resp, err := http.Get(s.URL + "/version")
 	if err != nil {
@@ -32,7 +33,7 @@ func TestVersion(t *testing.T) {
 }
 
 func TestStatus(t *testing.T) {
-	s := httptest.NewServer(web.NewMockHTTPServer())
+	s := httptest.NewServer(web.NewMockHTTPServer(web.MockHTTPServerConfiguration{}))
 
 	resp, err := http.Get(s.URL + "/status")
 	if err != nil {
@@ -50,7 +51,7 @@ func TestStatus(t *testing.T) {
 }
 
 func TestConversations(t *testing.T) {
-	server := web.NewMockHTTPServer()
+	server := web.NewMockHTTPServer(web.MockHTTPServerConfiguration{})
 	httpServer := httptest.NewServer(server)
 
 	conversation := model.Conversation{
@@ -105,3 +106,91 @@ func TestConversations(t *testing.T) {
 		t.Fatalf("Unexpected conversation Date: %s (expected %s)", convos[0].Date, conversation.Date)
 	}
 }
+
+func TestAuthentication(t *testing.T) {
+	s := web.NewMockHTTPServer(web.MockHTTPServerConfiguration{AuthEnabled: true})
+	httpServer := httptest.NewServer(s)
+
+	// First, try authenticated request and make sure it fails
+	resp, err := http.Get(httpServer.URL + "/status")
+	if err != nil {
+		t.Fatalf("TestAuthentication status error: %s", err)
+	}
+
+	if resp.StatusCode != http.StatusUnauthorized {
+		t.Fatalf("Unexpected status code: %d (expected %d)", resp.StatusCode, http.StatusUnauthorized)
+	}
+
+	tryAuthenticate := func(username string, password string) *http.Response {
+		authRequest := web.AuthenticationRequest{
+			Username: username,
+			Password: password,
+		}
+
+		authRequestJSON, err := json.Marshal(authRequest)
+		if err != nil {
+			t.Fatalf("Error marshalling JSON: %s", err)
+		}
+
+		resp, err := http.Post(httpServer.URL+"/authenticate", "application/json", io.NopCloser(bytes.NewReader(authRequestJSON)))
+		if err != nil {
+			t.Fatalf("TestAuthentication error: %s", err)
+		}
+
+		return resp
+	}
+
+	// Send authentication request with bad credentials
+	resp = tryAuthenticate("bad", "credentials")
+	if resp.StatusCode == http.StatusOK {
+		t.Fatalf("Unexpected status code: %d (expected %d)", resp.StatusCode, http.StatusUnauthorized)
+	}
+
+	// Now try good credentials
+	resp = tryAuthenticate(server.AUTH_USERNAME, server.AUTH_PASSWORD)
+	if resp.StatusCode != http.StatusOK {
+		t.Fatalf("Unexpected status code: %d (expected %d)", resp.StatusCode, http.StatusOK)
+	}
+
+	// Decode the token from the body.
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatalf("Error decoding body: %s", body)
+	}
+
+	var authToken model.AuthToken
+	err = json.Unmarshal(body, &authToken)
+	if err != nil {
+		t.Fatalf("Error unmarshalling JSON: %s, body: %s", err, body)
+	}
+
+	if authToken.SignedToken == "" {
+		t.Fatalf("Unexpected empty signed token")
+	}
+
+	// Send a request with the signed token
+	req, err := http.NewRequest(http.MethodGet, httpServer.URL+"/status", nil)
+	if err != nil {
+		t.Fatalf("Error creating request: %s", err)
+	}
+
+	req.Header.Set("Authorization", "Bearer "+authToken.SignedToken)
+
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("Error sending request: %s", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		t.Fatalf("Unexpected status code: %d (expected %d)", resp.StatusCode, http.StatusUnauthorized)
+	}
+
+	body, err = io.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatalf("Error decoding body: %s", body)
+	}
+
+	if string(body) != "OK" {
+		t.Fatalf("Unexpected body: %s (expected %s)", body, "OK")
+	}
+}