(t *testing.T)
| 14 | const rpcDeniedMsg = "Kubo RPC Access Denied: Please provide a valid authorization token as defined in the API.Authorizations configuration." |
| 15 | |
| 16 | func TestRPCAuth(t *testing.T) { |
| 17 | t.Parallel() |
| 18 | |
| 19 | makeAndStartProtectedNode := func(t *testing.T, authorizations map[string]*config.RPCAuthScope) *harness.Node { |
| 20 | authorizations["test-node-starter"] = &config.RPCAuthScope{ |
| 21 | AuthSecret: "bearer:test-node-starter", |
| 22 | AllowedPaths: []string{"/api/v0"}, |
| 23 | } |
| 24 | |
| 25 | node := harness.NewT(t).NewNode().Init() |
| 26 | node.UpdateConfig(func(cfg *config.Config) { |
| 27 | cfg.API.Authorizations = authorizations |
| 28 | }) |
| 29 | node.StartDaemonWithAuthorization("Bearer test-node-starter") |
| 30 | return node |
| 31 | } |
| 32 | |
| 33 | makeHTTPTest := func(authSecret, header string) func(t *testing.T) { |
| 34 | return func(t *testing.T) { |
| 35 | t.Parallel() |
| 36 | t.Log(authSecret, header) |
| 37 | |
| 38 | node := makeAndStartProtectedNode(t, map[string]*config.RPCAuthScope{ |
| 39 | "userA": { |
| 40 | AuthSecret: authSecret, |
| 41 | AllowedPaths: []string{"/api/v0/id"}, |
| 42 | }, |
| 43 | }) |
| 44 | |
| 45 | apiClient := node.APIClient() |
| 46 | apiClient.Client = &http.Client{ |
| 47 | Transport: auth.NewAuthorizedRoundTripper(header, http.DefaultTransport), |
| 48 | } |
| 49 | |
| 50 | // Can access /id with valid token |
| 51 | resp := apiClient.Post("/api/v0/id", nil) |
| 52 | assert.Equal(t, 200, resp.StatusCode) |
| 53 | |
| 54 | // But not /config/show |
| 55 | resp = apiClient.Post("/api/v0/config/show", nil) |
| 56 | assert.Equal(t, 403, resp.StatusCode) |
| 57 | |
| 58 | // create client which sends invalid access token |
| 59 | invalidApiClient := node.APIClient() |
| 60 | invalidApiClient.Client = &http.Client{ |
| 61 | Transport: auth.NewAuthorizedRoundTripper("Bearer invalid", http.DefaultTransport), |
| 62 | } |
| 63 | |
| 64 | // Can't access /id with invalid token |
| 65 | errResp := invalidApiClient.Post("/api/v0/id", nil) |
| 66 | assert.Equal(t, 403, errResp.StatusCode) |
| 67 | |
| 68 | node.StopDaemon() |
| 69 | } |
| 70 | } |
| 71 | |
| 72 | makeCLITest := func(authSecret string) func(t *testing.T) { |
| 73 | return func(t *testing.T) { |
nothing calls this directly
no test coverage detected