summaryrefslogtreecommitdiff
path: root/contrib/tlsauth
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/tlsauth')
-rw-r--r--contrib/tlsauth/approver_test.go2
-rw-r--r--contrib/tlsauth/auth.go12
-rw-r--r--contrib/tlsauth/auth_test.go38
-rw-r--r--contrib/tlsauth/gemini.go20
-rw-r--r--contrib/tlsauth/gemini_test.go22
5 files changed, 47 insertions, 47 deletions
diff --git a/contrib/tlsauth/approver_test.go b/contrib/tlsauth/approver_test.go
index a2af838..d2f4f07 100644
--- a/contrib/tlsauth/approver_test.go
+++ b/contrib/tlsauth/approver_test.go
@@ -8,7 +8,7 @@ import (
"github.com/stretchr/testify/assert"
- "tildegit.org/tjp/gus/contrib/tlsauth"
+ "tildegit.org/tjp/sliderule/contrib/tlsauth"
)
func TestRequireSpecificIdentity(t *testing.T) {
diff --git a/contrib/tlsauth/auth.go b/contrib/tlsauth/auth.go
index 38ec3a3..439d297 100644
--- a/contrib/tlsauth/auth.go
+++ b/contrib/tlsauth/auth.go
@@ -4,11 +4,11 @@ import (
"context"
"crypto/x509"
- "tildegit.org/tjp/gus"
+ sr "tildegit.org/tjp/sliderule"
)
// Identity returns the client certificate for the request or nil if there is none.
-func Identity(request *gus.Request) *x509.Certificate {
+func Identity(request *sr.Request) *x509.Certificate {
if request.TLSState == nil || len(request.TLSState.PeerCertificates) == 0 {
return nil
}
@@ -19,8 +19,8 @@ func Identity(request *gus.Request) *x509.Certificate {
//
// The check requires both that there is a client certificate associated with the
// request and that it passes the provided approver.
-func RequiredAuth(approve Approver) func(context.Context, *gus.Request) bool {
- return func(_ context.Context, request *gus.Request) bool {
+func RequiredAuth(approve Approver) func(context.Context, *sr.Request) bool {
+ return func(_ context.Context, request *sr.Request) bool {
identity := Identity(request)
if identity == nil {
return false
@@ -34,8 +34,8 @@ func RequiredAuth(approve Approver) func(context.Context, *gus.Request) bool {
//
// The check allows through any request with no client certificate, but if
// there is one present then it requires that it pass the provided approver.
-func OptionalAuth(approve Approver) func(context.Context, *gus.Request) bool {
- return func(_ context.Context, request *gus.Request) bool {
+func OptionalAuth(approve Approver) func(context.Context, *sr.Request) bool {
+ return func(_ context.Context, request *sr.Request) bool {
identity := Identity(request)
if identity == nil {
return true
diff --git a/contrib/tlsauth/auth_test.go b/contrib/tlsauth/auth_test.go
index 3cbc106..2a95e1c 100644
--- a/contrib/tlsauth/auth_test.go
+++ b/contrib/tlsauth/auth_test.go
@@ -12,9 +12,9 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
- "tildegit.org/tjp/gus"
- "tildegit.org/tjp/gus/contrib/tlsauth"
- "tildegit.org/tjp/gus/gemini"
+ sr "tildegit.org/tjp/sliderule"
+ "tildegit.org/tjp/sliderule/contrib/tlsauth"
+ "tildegit.org/tjp/sliderule/gemini"
)
func TestIdentify(t *testing.T) {
@@ -24,7 +24,7 @@ func TestIdentify(t *testing.T) {
server, client, clientCert := setup(t,
"testdata/server.crt", "testdata/server.key",
"testdata/client1.crt", "testdata/client1.key",
- gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
invoked = true
ident := tlsauth.Identity(request)
@@ -51,20 +51,20 @@ func TestRequiredAuth(t *testing.T) {
invoked1 := false
invoked2 := false
- handler1 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
invoked1 = true
return gemini.Success("", &bytes.Buffer{})
})
- handler2 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
invoked2 = true
return gemini.Success("", &bytes.Buffer{})
})
- authMiddleware := gus.Filter(tlsauth.RequiredAuth(tlsauth.Allow), nil)
+ authMiddleware := sr.Filter(tlsauth.RequiredAuth(tlsauth.Allow), nil)
- handler1 = gus.Filter(
- func(_ context.Context, req *gus.Request) bool {
+ handler1 = sr.Filter(
+ func(_ context.Context, req *sr.Request) bool {
return strings.HasPrefix(req.Path, "/one")
},
nil,
@@ -74,7 +74,7 @@ func TestRequiredAuth(t *testing.T) {
server, client, _ := setup(t,
"testdata/server.crt", "testdata/server.key",
"testdata/client1.crt", "testdata/client1.key",
- gus.FallthroughHandler(handler1, handler2),
+ sr.FallthroughHandler(handler1, handler2),
)
go func() {
@@ -94,7 +94,7 @@ func TestOptionalAuth(t *testing.T) {
invoked1 := false
invoked2 := false
- handler1 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
if !strings.HasPrefix(request.Path, "/one") {
return nil
}
@@ -103,13 +103,13 @@ func TestOptionalAuth(t *testing.T) {
return gemini.Success("", &bytes.Buffer{})
})
- handler2 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
invoked2 = true
return gemini.Success("", &bytes.Buffer{})
})
- mw := gus.Filter(tlsauth.OptionalAuth(tlsauth.Reject), nil)
- handler := gus.FallthroughHandler(mw(handler1), mw(handler2))
+ mw := sr.Filter(tlsauth.OptionalAuth(tlsauth.Reject), nil)
+ handler := sr.FallthroughHandler(mw(handler1), mw(handler2))
server, client, _ := setup(t,
"testdata/server.crt", "testdata/server.key",
@@ -136,8 +136,8 @@ func setup(
serverKeyPath string,
clientCertPath string,
clientKeyPath string,
- handler gus.Handler,
-) (gus.Server, gemini.Client, tls.Certificate) {
+ handler sr.Handler,
+) (sr.Server, gemini.Client, tls.Certificate) {
serverTLS, err := gemini.FileTLS(serverCertPath, serverKeyPath)
require.Nil(t, err)
@@ -159,7 +159,7 @@ func setup(
func clientFor(
t *testing.T,
- server gus.Server,
+ server sr.Server,
certPath string,
keyPath string,
) (gemini.Client, tls.Certificate) {
@@ -179,11 +179,11 @@ func clientFor(
}), clientCert
}
-func requestPath(t *testing.T, client gemini.Client, server gus.Server, path string) *gus.Response {
+func requestPath(t *testing.T, client gemini.Client, server sr.Server, path string) *sr.Response {
u, err := url.Parse("gemini://" + server.Address() + path)
require.Nil(t, err)
- response, err := client.RoundTrip(&gus.Request{URL: u})
+ response, err := client.RoundTrip(&sr.Request{URL: u})
require.Nil(t, err)
return response
diff --git a/contrib/tlsauth/gemini.go b/contrib/tlsauth/gemini.go
index 40bee9e..9996595 100644
--- a/contrib/tlsauth/gemini.go
+++ b/contrib/tlsauth/gemini.go
@@ -3,8 +3,8 @@ package tlsauth
import (
"context"
- "tildegit.org/tjp/gus"
- "tildegit.org/tjp/gus/gemini"
+ sr "tildegit.org/tjp/sliderule"
+ "tildegit.org/tjp/sliderule/gemini"
)
// GeminiAuth builds an authentication middleware from approval criteria.
@@ -12,9 +12,9 @@ import (
// If a request does not contain a client certificate it will be rejected
// with a "60 certificate required" response. If the client identity does
// not pass the approver it will be rejected with "62 certificate invalid".
-func GeminiAuth(approver Approver) gus.Middleware {
- return func(inner gus.Handler) gus.Handler {
- return gus.HandlerFunc(func(ctx context.Context, request *gus.Request) *gus.Response {
+func GeminiAuth(approver Approver) sr.Middleware {
+ return func(inner sr.Handler) sr.Handler {
+ return sr.HandlerFunc(func(ctx context.Context, request *sr.Request) *sr.Response {
identity := Identity(request)
if identity == nil {
return geminiMissingCert(ctx, request)
@@ -33,9 +33,9 @@ func GeminiAuth(approver Approver) gus.Middleware {
// If there is no client certificate the request will pass through the middleware.
// It will only be rejected with "62 certificate invalid" if there *is* a client
// certificate, but it fails the approval.
-func GeminiOptionalAuth(approver Approver) gus.Middleware {
- return func(inner gus.Handler) gus.Handler {
- return gus.HandlerFunc(func(ctx context.Context, request *gus.Request) *gus.Response {
+func GeminiOptionalAuth(approver Approver) sr.Middleware {
+ return func(inner sr.Handler) sr.Handler {
+ return sr.HandlerFunc(func(ctx context.Context, request *sr.Request) *sr.Response {
identity := Identity(request)
if identity != nil && !approver(identity) {
return geminiCertNotAuthorized(ctx, request)
@@ -49,10 +49,10 @@ func GeminiOptionalAuth(approver Approver) gus.Middleware {
// GeminiRequireCertificate is a middleware that only requires a client certificate.
var GeminiRequireCertificate = GeminiAuth(Allow)
-func geminiMissingCert(_ context.Context, _ *gus.Request) *gus.Response {
+func geminiMissingCert(_ context.Context, _ *sr.Request) *sr.Response {
return gemini.RequireCert("A client certificate is required.")
}
-func geminiCertNotAuthorized(_ context.Context, _ *gus.Request) *gus.Response {
+func geminiCertNotAuthorized(_ context.Context, _ *sr.Request) *sr.Response {
return gemini.CertAuthFailure("Client certificate not authorized.")
}
diff --git a/contrib/tlsauth/gemini_test.go b/contrib/tlsauth/gemini_test.go
index 7823de6..655307a 100644
--- a/contrib/tlsauth/gemini_test.go
+++ b/contrib/tlsauth/gemini_test.go
@@ -8,38 +8,38 @@ import (
"github.com/stretchr/testify/assert"
- "tildegit.org/tjp/gus"
- "tildegit.org/tjp/gus/contrib/tlsauth"
- "tildegit.org/tjp/gus/gemini"
+ sr "tildegit.org/tjp/sliderule"
+ "tildegit.org/tjp/sliderule/contrib/tlsauth"
+ "tildegit.org/tjp/sliderule/gemini"
)
func TestGeminiAuth(t *testing.T) {
- handler1 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
if !strings.HasPrefix(request.Path, "/one") {
return nil
}
return gemini.Success("", &bytes.Buffer{})
})
- handler2 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
if !strings.HasPrefix(request.Path, "/two") {
return nil
}
return gemini.Success("", &bytes.Buffer{})
})
- handler3 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler3 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
if !strings.HasPrefix(request.Path, "/three") {
return nil
}
return gemini.Success("", &bytes.Buffer{})
})
- handler4 := gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ handler4 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
return gemini.Success("", &bytes.Buffer{})
})
- handler := gus.FallthroughHandler(
+ handler := sr.FallthroughHandler(
tlsauth.GeminiAuth(tlsauth.Allow)(handler1),
tlsauth.GeminiAuth(tlsauth.Allow)(handler2),
tlsauth.GeminiAuth(tlsauth.Reject)(handler3),
@@ -73,8 +73,8 @@ func TestGeminiAuth(t *testing.T) {
}
func TestGeminiOptionalAuth(t *testing.T) {
- pathHandler := func(path string) gus.Handler {
- return gus.HandlerFunc(func(_ context.Context, request *gus.Request) *gus.Response {
+ pathHandler := func(path string) sr.Handler {
+ return sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
if !strings.HasPrefix(request.Path, path) {
return nil
}
@@ -82,7 +82,7 @@ func TestGeminiOptionalAuth(t *testing.T) {
})
}
- handler := gus.FallthroughHandler(
+ handler := sr.FallthroughHandler(
tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/one")),
tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/two")),
tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/three")),
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 13:43:30 +0000