Add somewhat flakey example test

jbowes · jbowes · commit 7f687b873d8a · 2021-06-11T17:55:30.000-03:00
diff --git a/example_test.go b/example_test.go
@@ -0,0 +1,40 @@
+package httpsig_test
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/jbowes/httpsig"
+)
+
+const secret = "support-your-local-cat-bonnet-store"
+
+func Example_Round_Trip() {
+	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+		io.WriteString(w, "Your request has a valid signature!")
+	})
+
+	middleware := httpsig.NewVerifyMiddleware(httpsig.WithHmacSha256("key1", []byte(secret)))
+	http.Handle("/", middleware(h))
+	go func() { http.ListenAndServe("127.0.0.1:1234", http.DefaultServeMux) }()
+
+	client := http.Client{
+		// Wrap the transport:
+		Transport: httpsig.NewSignTransport(http.DefaultTransport,
+			httpsig.WithHmacSha256("key1", []byte(secret))),
+	}
+
+	resp, err := client.Get("http://127.0.0.1:1234/")
+	if err != nil {
+		fmt.Println("got err: ", err)
+		return
+	}
+	defer resp.Body.Close()
+
+	fmt.Println(resp.Status)
+
+	// Output:
+	// 200 OK
+}
diff --git a/httpsig.go b/httpsig.go
@@ -10,6 +10,7 @@ import (
 	"crypto/rsa"
 	"io/ioutil"
 	"net/http"
+	"time"
 )
 
 var defaultHeaders = []string{"content-type", "content-length", "host"} // also request path and digest
@@ -32,7 +33,10 @@ func sliceHas(haystack []string, needle string) bool {
 // included on each request. Multiple included signatures allow you to gracefully introduce stronger
 // algorithms, rotate keys, etc.
 func NewSignTransport(transport http.RoundTripper, opts ...signOption) http.RoundTripper {
-	s := signer{}
+	s := signer{
+		keys:    map[string]sigHolder{},
+		nowFunc: time.Now,
+	}
 
 	for _, o := range opts {
 		o.configureSign(&s)
@@ -45,8 +49,8 @@ func NewSignTransport(transport http.RoundTripper, opts ...signOption) http.Roun
 	// TODO: normalize headers? lowercase & de-dupe
 
 	// request path first, for aesthetics
-	if !sliceHas(s.headers, "@request-path") {
-		s.headers = append([]string{"@request-path"}, s.headers...)
+	if !sliceHas(s.headers, "@request-target") {
+		s.headers = append([]string{"@request-target"}, s.headers...)
 	}
 
 	if !sliceHas(s.headers, "digest") {
@@ -84,7 +88,7 @@ func NewSignTransport(transport http.RoundTripper, opts ...signOption) http.Roun
 			nr.Header[k] = v
 		}
 
-		return transport.RoundTrip(r)
+		return transport.RoundTrip(nr)
 	})
 }
 
@@ -104,7 +108,10 @@ func (r rt) RoundTrip(req *http.Request) (*http.Response, error) { return r(req)
 func NewVerifyMiddleware(opts ...verifyOption) func(http.Handler) http.Handler {
 
 	// TODO: form and multipart support
-	v := verifier{}
+	v := verifier{
+		keys:    make(map[string]verHolder),
+		nowFunc: time.Now,
+	}
 
 	for _, o := range opts {
 		o.configureVerify(&v)
diff --git a/sign.go b/sign.go
@@ -41,6 +41,8 @@ type signer struct {
 func (s *signer) Sign(msg *message) (http.Header, error) {
 	var b bytes.Buffer
 
+	var items []string
+
 	// canonicalize headers
 	for _, h := range s.headers {
 		// optionally canonicalize request path via magic string
@@ -49,13 +51,22 @@ func (s *signer) Sign(msg *message) (http.Header, error) {
 			if err != nil {
 				return nil, err
 			}
+
+			items = append(items, h)
+			continue
+		}
+
+		// Skip unset headers
+		if len(msg.Header.Values(h)) == 0 {
 			continue
 		}
 
 		err := canonicalizeHeader(&b, h, msg.Header)
 		if err != nil {
 			return nil, err
 		}
+
+		items = append(items, h)
 	}
 
 	now := s.nowFunc()
@@ -65,7 +76,7 @@ func (s *signer) Sign(msg *message) (http.Header, error) {
 	i := 1 // 1 indexed icky
 	for k, si := range s.keys {
 		sp := &signatureParams{
-			items:   s.headers,
+			items:   items,
 			keyID:   k,
 			created: now,
 			alg:     si.alg,
