Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -0,0 +1,66 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http/httptest"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/prism/proxy/internal/auth"
|
||||
"github.com/prism/proxy/internal/service"
|
||||
"github.com/prism/proxy/internal/store"
|
||||
)
|
||||
|
||||
func TestAuthorizeRequestWithAPIKey(t *testing.T) {
|
||||
gin.SetMode(gin.TestMode)
|
||||
dir := t.TempDir()
|
||||
st, err := store.Open(filepath.Join(dir, "test.db"))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
t.Cleanup(func() { st.Close() })
|
||||
|
||||
ctx := context.Background()
|
||||
if err := st.SetSettings(ctx, map[string]string{
|
||||
"auth_enabled": "true",
|
||||
"admin_password": "secret",
|
||||
}); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
raw, err := auth.GenerateAPIKey()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if _, err := st.CreateAPIKey(ctx, "test", auth.APIKeyDisplayPrefix(raw), auth.HashAPIKey(raw)); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
s := &Server{app: &service.App{Store: st}}
|
||||
settings, _ := st.GetSettings(ctx)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(w)
|
||||
c.Request = httptest.NewRequest("GET", "/api/v1/dashboard", nil)
|
||||
c.Request.Header.Set("X-API-Key", raw)
|
||||
if !s.authorizeRequest(c, settings) {
|
||||
t.Fatal("expected api key to authorize")
|
||||
}
|
||||
|
||||
w2 := httptest.NewRecorder()
|
||||
c2, _ := gin.CreateTestContext(w2)
|
||||
c2.Request = httptest.NewRequest("GET", "/api/v1/dashboard", nil)
|
||||
c2.Request.Header.Set("Authorization", "Bearer "+raw)
|
||||
if !s.authorizeRequest(c2, settings) {
|
||||
t.Fatal("expected bearer api key to authorize")
|
||||
}
|
||||
|
||||
w3 := httptest.NewRecorder()
|
||||
c3, _ := gin.CreateTestContext(w3)
|
||||
c3.Request = httptest.NewRequest("GET", "/api/v1/dashboard", nil)
|
||||
c3.Request.Header.Set("Authorization", "Bearer prism_invalid")
|
||||
if s.authorizeRequest(c3, settings) {
|
||||
t.Fatal("expected invalid key to fail")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user