(t *testing.T)
| 11 | ) |
| 12 | |
| 13 | func TestAPIKey(t *testing.T) { |
| 14 | ctx := t.Context() |
| 15 | router, config := NewAPITest(t, ctx) |
| 16 | |
| 17 | apiKey, _ := CreateTestBouncer(t, ctx, config.API.Server.DbConfig) |
| 18 | |
| 19 | // Login with empty token |
| 20 | w := httptest.NewRecorder() |
| 21 | req, err := http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader("")) |
| 22 | require.NoError(t, err) |
| 23 | req.Header.Add("User-Agent", UserAgent) |
| 24 | req.RemoteAddr = "127.0.0.1:1234" |
| 25 | router.ServeHTTP(w, req) |
| 26 | |
| 27 | assert.Equal(t, http.StatusForbidden, w.Code) |
| 28 | assert.JSONEq(t, `{"message":"access forbidden"}`, w.Body.String()) |
| 29 | |
| 30 | // Login with invalid token |
| 31 | w = httptest.NewRecorder() |
| 32 | req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader("")) |
| 33 | require.NoError(t, err) |
| 34 | req.Header.Add("User-Agent", UserAgent) |
| 35 | req.Header.Add("X-Api-Key", "a1b2c3d4e5f6") |
| 36 | req.RemoteAddr = "127.0.0.1:1234" |
| 37 | router.ServeHTTP(w, req) |
| 38 | |
| 39 | assert.Equal(t, http.StatusForbidden, w.Code) |
| 40 | assert.JSONEq(t, `{"message":"access forbidden"}`, w.Body.String()) |
| 41 | |
| 42 | // Login with valid token |
| 43 | w = httptest.NewRecorder() |
| 44 | req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader("")) |
| 45 | require.NoError(t, err) |
| 46 | req.Header.Add("User-Agent", UserAgent) |
| 47 | req.Header.Add("X-Api-Key", apiKey) |
| 48 | req.RemoteAddr = "127.0.0.1:1234" |
| 49 | router.ServeHTTP(w, req) |
| 50 | |
| 51 | assert.Equal(t, http.StatusOK, w.Code) |
| 52 | assert.Equal(t, "null", w.Body.String()) |
| 53 | |
| 54 | // Login with valid token from another IP |
| 55 | w = httptest.NewRecorder() |
| 56 | req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader("")) |
| 57 | require.NoError(t, err) |
| 58 | req.Header.Add("User-Agent", UserAgent) |
| 59 | req.Header.Add("X-Api-Key", apiKey) |
| 60 | req.RemoteAddr = "4.3.2.1:1234" |
| 61 | router.ServeHTTP(w, req) |
| 62 | |
| 63 | assert.Equal(t, http.StatusOK, w.Code) |
| 64 | assert.Equal(t, "null", w.Body.String()) |
| 65 | |
| 66 | // Make the requests multiple times to make sure we only create one |
| 67 | w = httptest.NewRecorder() |
| 68 | req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader("")) |
| 69 | require.NoError(t, err) |
| 70 | req.Header.Add("User-Agent", UserAgent) |
nothing calls this directly
no test coverage detected
searching dependent graphs…