introduce [Header|Query|Cookie]Auth helper functions to streamline token extraction (#47)

bir · web-flow · commit d5f43db7e699 · 2025-04-15T11:39:06.000-07:00
diff --git a/config/config_test.go b/config/config_test.go
@@ -118,6 +118,7 @@ func TestComplex(t *testing.T) {
 		{"Complex", func() { config.File = ".envCOMPLEX" }, &ComplexConfig{}, nil, `{"TestMap":{"one":"1","two":"2"},"Time":"2022-01-01T00:00:00Z","Patterns":["123","asdf","https://a.b/c","^http:*"]}`, false},
 		{"BadTime", func() { config.File = ".envBADTIME" }, &ComplexConfig{}, nil, `{"TestMap":null,"Time":"0001-01-01T00:00:00Z"}`, true},
 		{"BadMap", nil, &ComplexConfig{}, map[string]string{"TEST_MAP": "FOO"}, `{"TestMap":{},"Time":"2021-01-01T00:00:00Z"}`, false},
+		{"BadRegex", func() { config.File = ".envEMPTY" }, &ComplexConfig{}, map[string]string{"PATTERNS": "a(b"}, `{"TestMap":null,"Time":"0001-01-01T00:00:00Z","Patterns":[""]}`, true},
 	}
 
 	for _, tt := range tests {
@@ -160,7 +161,7 @@ type ExampleConfig struct {
 
 func ExampleLoad() {
 	cfg := ExampleConfig{}
-	config.Load(&cfg)
+	_ = config.Load(&cfg)
 	fmt.Printf("DebugMode=%v\n", cfg.DebugMode)
 	fmt.Printf("Port=%v\n", cfg.Port)
 	fmt.Printf("DB=%v\n", cfg.DB)
@@ -172,7 +173,7 @@ func TestFoo(t *testing.T) {
 
 	cfg := ExampleConfig{}
 
-	config.Load(&cfg)
+	_ = config.Load(&cfg)
 	test := viper.GetStringSlice("TEST_ARRAY")
 	fmt.Printf("TEST=%#v\n", cfg.Test)
 	fmt.Printf("test=%#v\n", test)
diff --git a/config/hooks.go b/config/hooks.go
@@ -81,6 +81,9 @@ func StringToURLHookFunc(f reflect.Type, t reflect.Type, data any) (any, error)
 // ErrInvalidTime is returned when a time tag fails to parse.
 var ErrInvalidTime = errors.New("failed parsing time")
 
+// ErrInvalidRegex is returned when a regex tag fails to parse.
+var ErrInvalidRegex = errors.New("failed parsing regex")
+
 // StringToTimeFunc converts strings to time.Time.
 func StringToTimeFunc(f reflect.Type, t reflect.Type, data any) (any, error) {
 	if f.Kind() != reflect.String {
@@ -121,7 +124,7 @@ func StringToRegexFunc(f reflect.Type, t reflect.Type, data any) (any, error) {
 
 	out, err := regexp.Compile(s)
 	if err != nil {
-		return nil, fmt.Errorf("%w: `%v`", ErrInvalidTime, data)
+		return nil, fmt.Errorf("%w: %q", ErrInvalidRegex, s)
 	}
 
 	return out, nil
diff --git a/currency/fixed_format_test.go b/currency/fixed_format_test.go
@@ -3,6 +3,8 @@ package currency_test
 import (
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/bir/iken/currency"
 )
 
@@ -37,3 +39,8 @@ func TestFixedFormatter_Format(t *testing.T) {
 		})
 	}
 }
+
+func TestPower10(t *testing.T) {
+	assert.Equal(t, currency.Power10(0), 1)
+	assert.Equal(t, currency.Power10(1), 10)
+}
diff --git a/httputil/auth.go b/httputil/auth.go
@@ -32,6 +32,11 @@ const (
 // request it returns an error.
 type AuthenticateFunc[T any] func(r *http.Request) (T, error)
 
+// TokenAuthenticatorFunc is the signature of a function used to authenticate a request given just the token.
+// Given a request, it returns the authenticated user.  If unable to authenticate the
+// request it returns an error.
+type TokenAuthenticatorFunc[T any] func(ctx context.Context, token string) (T, error)
+
 // AuthorizeFunc is the signature of a function used to authorize a request.  If unable
 // to authorize the user it returns an error.
 type AuthorizeFunc[T any] func(ctx context.Context, user T, scopes []string) error
@@ -44,6 +49,45 @@ type AuthCheck[T any] struct {
 	scopes       []string
 }
 
+func HeaderAuth[T any](key string, fn TokenAuthenticatorFunc[T]) AuthenticateFunc[T] {
+	return func(r *http.Request) (T, error) {
+		var empty T
+
+		token := r.Header.Get(key)
+		if token == "" {
+			return empty, ErrUnauthorized
+		}
+
+		return fn(r.Context(), token)
+	}
+}
+
+func QueryAuth[T any](key string, fn TokenAuthenticatorFunc[T]) AuthenticateFunc[T] {
+	return func(r *http.Request) (T, error) {
+		var empty T
+
+		token := r.URL.Query().Get(key)
+		if token == "" {
+			return empty, ErrUnauthorized
+		}
+
+		return fn(r.Context(), token)
+	}
+}
+
+func CookieAuth[T any](key string, fn TokenAuthenticatorFunc[T]) AuthenticateFunc[T] {
+	return func(r *http.Request) (T, error) {
+		var empty T
+
+		cookie, err := r.Cookie(key)
+		if err != nil || cookie == nil || len(cookie.Value) == 0 {
+			return empty, ErrUnauthorized
+		}
+
+		return fn(r.Context(), cookie.Value)
+	}
+}
+
 func NewAuthCheck[T any](authenticate AuthenticateFunc[T], authorize AuthorizeFunc[T], scopes ...string) AuthCheck[T] {
 	return AuthCheck[T]{
 		authenticate: authenticate,
diff --git a/httputil/auth_test.go b/httputil/auth_test.go
@@ -3,6 +3,7 @@ package httputil_test
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"slices"
@@ -32,7 +33,7 @@ func authenticate(r *http.Request) (string, error) {
 	return "", errors.New("missing")
 }
 
-func authorize(ctx context.Context, user string, scopes []string) error {
+func authorize(_ context.Context, user string, scopes []string) error {
 	if slices.Contains(scopes, user) {
 		return nil
 	}
@@ -140,3 +141,111 @@ func TestSecurityGroups_Auth(t *testing.T) {
 		})
 	}
 }
+
+func strAuth(_ context.Context, token string) (string, error) {
+	if token == "" {
+		return "", errors.New("unreachable")
+	}
+
+	if token == "good" {
+		return "good", nil
+	}
+
+	if token == "bad" {
+		return "", errors.New("bad")
+	}
+
+	return "", errors.New("badder")
+}
+
+func TestHeaderAuth(t *testing.T) {
+	type testCase[T any] struct {
+		name string
+		key  string
+		val  string
+		fn   httputil.TokenAuthenticatorFunc[T]
+		want string
+		err  error
+	}
+	tests := []testCase[string]{
+		{"Empty", "Missing", "", strAuth, "", httputil.ErrUnauthorized},
+		{"Good", "Authorization", "good", strAuth, "good", nil},
+		{"Bad", "Authorization", "bad", strAuth, "", errors.New("bad")},
+		{"other", "Authorization", "other", strAuth, "", errors.New("badder")},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := httptest.NewRequest("FOO", "/asdf", nil)
+			r.Header.Set(tt.key, tt.val)
+
+			got, err := httputil.HeaderAuth(tt.key, tt.fn)(r)
+			if tt.err != nil {
+				assert.Equal(t, tt.err, err)
+			}
+
+			assert.Equalf(t, tt.want, got, "HeaderAuth(%v, %v)", tt.key, tt.fn)
+		})
+	}
+}
+
+func TestQueryAuth(t *testing.T) {
+	type testCase[T any] struct {
+		name string
+		key  string
+		val  string
+		fn   httputil.TokenAuthenticatorFunc[T]
+		want string
+		err  error
+	}
+	tests := []testCase[string]{
+		{"Empty", "Missing", "", strAuth, "", httputil.ErrUnauthorized},
+		{"Good", "Authorization", "good", strAuth, "good", nil},
+		{"Bad", "Authorization", "bad", strAuth, "", errors.New("bad")},
+		{"other", "Authorization", "other", strAuth, "", errors.New("badder")},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := httptest.NewRequest("FOO", fmt.Sprintf("/asdf?%s=%s", tt.key, tt.val), nil)
+
+			got, err := httputil.QueryAuth(tt.key, tt.fn)(r)
+			if tt.err != nil {
+				assert.Equal(t, tt.err, err)
+			}
+
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestCookieAuth(t *testing.T) {
+	type testCase[T any] struct {
+		name string
+		key  string
+		val  string
+		fn   httputil.TokenAuthenticatorFunc[T]
+		want string
+		err  error
+	}
+	tests := []testCase[string]{
+		{"Empty", "Missing", "", strAuth, "", httputil.ErrUnauthorized},
+		{"Good", "Authorization", "good", strAuth, "good", nil},
+		{"Bad", "Authorization", "bad", strAuth, "", errors.New("bad")},
+		{"other", "Authorization", "other", strAuth, "", errors.New("badder")},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := httptest.NewRequest("FOO", "/asdf", nil)
+			r.AddCookie(&http.Cookie{
+				Name:  tt.key,
+				Value: tt.val,
+			})
+
+			got, err := httputil.CookieAuth(tt.key, tt.fn)(r)
+			if tt.err != nil {
+				assert.Equal(t, tt.err, err)
+			}
+
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/httputil/wrap_writer.go b/httputil/wrap_writer.go
@@ -82,12 +82,6 @@ func (b *basicWriter) Write(buf []byte) (int, error) {
 	return n, err
 }
 
-func (b *basicWriter) maybeWriteHeader() {
-	if !b.wroteHeader {
-		b.WriteHeader(http.StatusOK)
-	}
-}
-
 func (b *basicWriter) Status() int {
 	return b.code
 }
@@ -110,6 +104,12 @@ func (b *basicWriter) Flush() {
 	}
 }
 
+func (b *basicWriter) maybeWriteHeader() {
+	if !b.wroteHeader {
+		b.WriteHeader(http.StatusOK)
+	}
+}
+
 // fancyWriter is a writer that additionally satisfies http.CloseNotifier,
 // http.Flusher, http.Hijacker, and io.ReaderFrom. It exists for the common case
 // of wrapping the http.ResponseWriter that package http gives you, in order to
diff --git a/pgxutil/scan.go b/pgxutil/scan.go

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,8 @@ package currency_test`
`3`	`3`	`import (`
`4`	`4`	`"testing"`
`5`	`5`
	`6`	`+ "github.com/stretchr/testify/assert"`
	`7`	`+`
`6`	`8`	`"github.com/bir/iken/currency"`
`7`	`9`	`)`
`8`	`10`
`@@ -37,3 +39,8 @@ func TestFixedFormatter_Format(t *testing.T) {`
`37`	`39`	`})`
`38`	`40`	`}`
`39`	`41`	`}`
	`42`	`+`
	`43`	`+func TestPower10(t *testing.T) {`
	`44`	`+ assert.Equal(t, currency.Power10(0), 1)`
	`45`	`+ assert.Equal(t, currency.Power10(1), 10)`
	`46`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -82,12 +82,6 @@ func (b *basicWriter) Write(buf []byte) (int, error) {`
`82`	`82`	`return n, err`
`83`	`83`	`}`
`84`	`84`
`85`		`-func (b *basicWriter) maybeWriteHeader() {`
`86`		`- if !b.wroteHeader {`
`87`		`- b.WriteHeader(http.StatusOK)`
`88`		`- }`
`89`		`-}`
`90`		`-`
`91`	`85`	`func (b *basicWriter) Status() int {`
`92`	`86`	`return b.code`
`93`	`87`	`}`
`@@ -110,6 +104,12 @@ func (b *basicWriter) Flush() {`
`110`	`104`	`}`
`111`	`105`	`}`
`112`	`106`
	`107`	`+func (b *basicWriter) maybeWriteHeader() {`
	`108`	`+ if !b.wroteHeader {`
	`109`	`+ b.WriteHeader(http.StatusOK)`
	`110`	`+ }`
	`111`	`+}`
	`112`	`+`
`113`	`113`	`// fancyWriter is a writer that additionally satisfies http.CloseNotifier,`
`114`	`114`	`// http.Flusher, http.Hijacker, and io.ReaderFrom. It exists for the common case`
`115`	`115`	`// of wrapping the http.ResponseWriter that package http gives you, in order to`