From 8229f31f70ecdbe03d03c96cba17d6ee85397bca Mon Sep 17 00:00:00 2001 From: tjpcc Date: Fri, 20 Jan 2023 10:58:35 -0700 Subject: "tlsauth" contrib package This package adds authentication middlewares via TLS client certificates. --- contrib/tlsauth/gemini_test.go | 111 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 contrib/tlsauth/gemini_test.go (limited to 'contrib/tlsauth/gemini_test.go') diff --git a/contrib/tlsauth/gemini_test.go b/contrib/tlsauth/gemini_test.go new file mode 100644 index 0000000..bc87958 --- /dev/null +++ b/contrib/tlsauth/gemini_test.go @@ -0,0 +1,111 @@ +package tlsauth_test + +import ( + "bytes" + "context" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + + "tildegit.org/tjp/gus" + "tildegit.org/tjp/gus/contrib/tlsauth" + "tildegit.org/tjp/gus/gemini" +) + +func TestGeminiAuth(t *testing.T) { + handler1 := func(_ context.Context, request *gus.Request) *gus.Response { + if !strings.HasPrefix(request.Path, "/one") { + return nil + } + + return gemini.Success("", &bytes.Buffer{}) + } + handler2 := func(_ context.Context, request *gus.Request) *gus.Response { + if !strings.HasPrefix(request.Path, "/two") { + return nil + } + + return gemini.Success("", &bytes.Buffer{}) + } + handler3 := func(_ context.Context, request *gus.Request) *gus.Response { + if !strings.HasPrefix(request.Path, "/three") { + return nil + } + + return gemini.Success("", &bytes.Buffer{}) + } + handler4 := func(_ context.Context, request *gus.Request) *gus.Response { + return gemini.Success("", &bytes.Buffer{}) + } + + handler := gus.FallthroughHandler( + tlsauth.GeminiAuth(tlsauth.Allow)(handler1), + tlsauth.GeminiAuth(tlsauth.Allow)(handler2), + tlsauth.GeminiAuth(tlsauth.Reject)(handler3), + tlsauth.GeminiAuth(tlsauth.Reject)(handler4), + ) + + server, authClient, _ := setup(t, + "testdata/server.crt", "testdata/server.key", + "testdata/client1.crt", "testdata/client1.key", + handler, + ) + + authlessClient, _ := clientFor(t, server, "", "") + + go server.Serve() + defer server.Close() + + resp := requestPath(t, authClient, server, "/one") + assert.Equal(t, gemini.StatusSuccess, resp.Status) + + resp = requestPath(t, authlessClient, server, "/two") + assert.Equal(t, gemini.StatusClientCertificateRequired, resp.Status) + + resp = requestPath(t, authClient, server, "/three") + assert.Equal(t, gemini.StatusCertificateNotAuthorized, resp.Status) + + resp = requestPath(t, authlessClient, server, "/four") + assert.Equal(t, gemini.StatusClientCertificateRequired, resp.Status) +} + +func TestGeminiOptionalAuth(t *testing.T) { + pathHandler := func(path string) gus.Handler { + return func(_ context.Context, request *gus.Request) *gus.Response { + if !strings.HasPrefix(request.Path, path) { + return nil + } + return gemini.Success("", &bytes.Buffer{}) + } + } + + handler := gus.FallthroughHandler( + tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/one")), + tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/two")), + tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/three")), + tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/four")), + ) + + server, authClient, _ := setup(t, + "testdata/server.crt", "testdata/server.key", + "testdata/client1.crt", "testdata/client1.key", + handler, + ) + authlessClient, _ := clientFor(t, server, "", "") + + go server.Serve() + defer server.Close() + + resp := requestPath(t, authClient, server, "/one") + assert.Equal(t, gemini.StatusSuccess, resp.Status) + + resp = requestPath(t, authlessClient, server, "/two") + assert.Equal(t, gemini.StatusSuccess, resp.Status) + + resp = requestPath(t, authClient, server, "/three") + assert.Equal(t, gemini.StatusCertificateNotAuthorized, resp.Status) + + resp = requestPath(t, authlessClient, server, "/four") + assert.Equal(t, gemini.StatusSuccess, resp.Status) +} -- cgit v1.2.3