chore: refactor scopes from tuple to str

alukach · alukach · commit 2bbd3e0c0e27 · 2025-03-22T22:32:16.000-07:00
diff --git a/src/stac_auth_proxy/config.py b/src/stac_auth_proxy/config.py
@@ -9,9 +9,7 @@
 
 METHODS = Literal["GET", "POST", "PUT", "DELETE", "PATCH"]
 EndpointMethodsNoScope: TypeAlias = dict[str, Sequence[METHODS]]
-EndpointMethods: TypeAlias = dict[
-    str, Sequence[Union[METHODS, tuple[METHODS, Sequence[str]]]]
-]
+EndpointMethods: TypeAlias = dict[str, Sequence[Union[METHODS, tuple[METHODS, str]]]]
 
 _PREFIX_PATTERN = r"^/.*$"
 
diff --git a/src/stac_auth_proxy/utils/requests.py b/src/stac_auth_proxy/utils/requests.py
@@ -37,7 +37,9 @@ def _check_endpoint_match(
             for endpoint_method in endpoint_methods:
                 required_scopes: Sequence[str] = []
                 if isinstance(endpoint_method, tuple):
-                    endpoint_method, required_scopes = endpoint_method
+                    endpoint_method, _required_scopes = endpoint_method
+                    if _required_scopes:  # Ignore empty scopes, e.g. `["POST", ""]`
+                        required_scopes = _required_scopes.split(" ")
                 if method.casefold() == endpoint_method.casefold():
                     return True, required_scopes
     return False, []
diff --git a/tests/test_authn.py b/tests/test_authn.py
@@ -66,7 +66,7 @@ def test_default_public_false_with_scopes(
     test_app = app_factory(
         upstream_url=source_api_server,
         default_public=False,
-        private_endpoints={r"^/collections$": [("POST", ["collection:create"])]},
+        private_endpoints={r"^/collections$": [("POST", "collection:create")]},
     )
     valid_auth_token = token_builder(token)
 
@@ -84,31 +84,31 @@ def test_default_public_false_with_scopes(
     [
         pytest.param(
             "",
-            {r"^/*": [("POST", ["collection:create"])]},
+            {r"^/*": [("POST", "collection:create")]},
             "/collections",
             "POST",
             False,
             id="empty scopes + private endpoint",
         ),
         pytest.param(
             "openid profile collection:createbutnotcreate",
-            {r"^/*": [("POST", ["collection:create"])]},
+            {r"^/*": [("POST", "collection:create")]},
             "/collections",
             "POST",
             False,
             id="invalid scopes + private endpoint",
         ),
         pytest.param(
             "openid profile collection:create somethingelse",
-            {r"^/*": [("POST", [])]},
+            {r"^/*": [("POST", "")]},
             "/collections",
             "POST",
             True,
             id="valid scopes + private endpoint without required scopes",
         ),
         pytest.param(
             "openid",
-            {r"^/collections/.*/items$": [("POST", ["collection:create"])]},
+            {r"^/collections/.*/items$": [("POST", "collection:create")]},
             "/collections",
             "GET",
             True,
