Target default endpoint for Gen3 Workflow (localhost:8080/s3)

Author: lbeckman314

authorizer/authorizer.go

@@ -1,11 +1,10 @@
 package main
 
 import (
-	"bufio"
 	"context"
+	"encoding/json"
 	"fmt"
 	"net/http"
-	"os"
 	"strings"
 
 	"example.com/auth"
@@ -22,7 +21,7 @@ func (ExampleAuthorizer) Hooks() []string {
 	return []string{"contents"}
 }
 
-func (ExampleAuthorizer) Authorize(authHeader http.Header, task tes.TesTask) (auth.Auth, error) {
+func (ExampleAuthorizer) Authorize(authHeader http.Header, task tes.Task) (auth.Auth, error) {
 	// TOOD: Currently we're just using the first Authorization header in the request
 	// How might we support multiple Authorization headers?
 	if authHeader == nil {
@@ -52,41 +51,24 @@ func (ExampleAuthorizer) Authorize(authHeader http.Header, task tes.TesTask) (au
 }
 
 func (ExampleAuthorizer) getUser(user string) (auth.Auth, error) {
-	// Check if the user is authorized
-	// Read the "internal" User Database
-	// Here we're just using a CSV file to represent the list of authorized users
-	// A real-world example would use a database or an external service (e.g. OAuth)
-	userFile := os.Getenv("EXAMPLE_USERS")
-	if userFile == "" {
-		log.Info(context.Background(), "EXAMPLE_USERS not set, using default example-users.csv")
-		userFile = "authorizer/example-users.csv"
-	}
-
-	file, err := os.Open(userFile)
+	// Query the external service for user authorization
+	url := fmt.Sprintf("http://localhost:8080/s3?user=%s", user)
+	resp, err := http.Get(url)
 	if err != nil {
 		return auth.Auth{}, err
 	}
-	defer file.Close()
-
-	scanner := bufio.NewScanner(file)
-	lineNumber := 0
-	for scanner.Scan() {
-		lineNumber++
-		line := scanner.Text()
-
-		if strings.Contains(line, user) {
-			result := strings.Split(line, ",")
+	defer resp.Body.Close()
 
-			auth := auth.Auth{
-				User:  result[0],
-				Token: result[1],
-			}
+	if resp.StatusCode != http.StatusOK {
+		return auth.Auth{}, fmt.Errorf("User %s not found", user)
+	}
 
-			return auth, nil
-		}
+	var creds auth.Auth
+	if err := json.NewDecoder(resp.Body).Decode(&creds); err != nil {
+		return auth.Auth{}, err
 	}
 
-	return auth.Auth{}, fmt.Errorf("User %s not found", user)
+	return creds, nil
 }
 
 func main() {

authorizer/authorizer_test.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bytes"
 	"encoding/json"
 	"net/http"
 	"os"
@@ -10,16 +11,16 @@ import (
 	"example.com/tes"
 )
 
-func readExampleTask(filename string) tes.TesTask {
+func readExampleTask(filename string) tes.Task {
 	data, err := os.ReadFile(filename)
 	if err != nil {
 		panic(err)
 	}
 
-	var task tes.TesTask
+	var task tes.Task
 	err = json.Unmarshal(data, &task)
 	if err != nil {
-		return tes.TesTask{}
+		return tes.Task{}
 	}
 
 	return task
@@ -31,28 +32,35 @@ func TestValidUser(t *testing.T) {
 
 	// Read example task
 	task := readExampleTask("../example-tasks/hello-world.json")
+	taskData, _ := json.Marshal(task)
 
 	// Create an Authorization Header to pass to the authorizer
-	authHeader := http.Header{
-		"Authorization": []string{"Bearer Alyssa P. Hacker"},
-	}
-
-	authenticator := ExampleAuthorizer{}
-	resp, err := authenticator.Authorize(authHeader, task)
+	req, _ := http.NewRequest("POST", "http://localhost:8080/s3", bytes.NewBuffer(taskData))
+	req.Header.Set("Authorization", "Bearer Alyssa P. Hacker")
+	client := &http.Client{}
+	resp, err := client.Do(req)
 
 	if err != nil {
 		t.Fatalf("Expected no error, got %v", err)
 	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("Expected status code 200, got %v", resp.StatusCode)
+	}
+
+	var authResp auth.Auth
+	json.NewDecoder(resp.Body).Decode(&authResp)
 
 	expected := auth.Auth{
 		User:  "Alyssa P. Hacker",
 		Token: "<Alyssa's Secret>",
 	}
 
-	if resp.User != expected.User || resp.Token != expected.Token {
+	if authResp.User != expected.User || authResp.Token != expected.Token {
 		t.Errorf("Expected (%s, %s), got (%s, %s)",
 			expected.User, expected.Token,
-			resp.User, resp.Token)
+			authResp.User, authResp.Token)
 	}
 }
 
@@ -62,17 +70,21 @@ func TestInvalidUser(t *testing.T) {
 
 	// Read example task
 	task := readExampleTask("../example-tasks/hello-world.json")
+	taskData, _ := json.Marshal(task)
 
 	// Create an Authorization Header to pass to the authorizer
-	authHeader := http.Header{
-		"Authorization": []string{"Bearer Foo"},
-	}
+	req, _ := http.NewRequest("POST", "http://localhost:8080/s3", bytes.NewBuffer(taskData))
+	req.Header.Set("Authorization", "Bearer Foo")
+	client := &http.Client{}
+	resp, err := client.Do(req)
 
-	authenticator := ExampleAuthorizer{}
-	_, err := authenticator.Authorize(authHeader, task)
+	if err != nil {
+		t.Fatalf("Expected no error, got %v", err)
+	}
+	defer resp.Body.Close()
 
-	if err == nil {
-		t.Fatalf("Expected 401 Unauthorized error, got %v", err)
+	if resp.StatusCode != http.StatusUnauthorized {
+		t.Errorf("Expected status code 401, got %v", resp.StatusCode)
 	}
 }
 
@@ -82,17 +94,21 @@ func TestInvalidAuthHeader(t *testing.T) {
 
 	// Read example task
 	task := readExampleTask("../example-tasks/hello-world.json")
+	taskData, _ := json.Marshal(task)
 
 	// Create an Authorization Header to pass to the authorizer
-	authHeader := http.Header{
-		"Authorization": []string{"Basic Alyssa P. Hacker"},
-	}
+	req, _ := http.NewRequest("POST", "http://localhost:8080/s3", bytes.NewBuffer(taskData))
+	req.Header.Set("Authorization", "Basic Alyssa P. Hacker")
+	client := &http.Client{}
+	resp, err := client.Do(req)
 
-	authenticator := ExampleAuthorizer{}
-	_, err := authenticator.Authorize(authHeader, task)
+	if err != nil {
+		t.Fatalf("Expected no error, got %v", err)
+	}
+	defer resp.Body.Close()
 
-	if err == nil {
-		t.Fatalf("Expected 401 Unauthorized error, got %v", err)
+	if resp.StatusCode != http.StatusUnauthorized {
+		t.Errorf("Expected status code 401, got %v", resp.StatusCode)
 	}
 }
 
@@ -102,14 +118,19 @@ func TestMissingAuthHeader(t *testing.T) {
 
 	// Read example task
 	task := readExampleTask("../example-tasks/hello-world.json")
+	taskData, _ := json.Marshal(task)
 
 	// Create an Authorization Header to pass to the authorizer
-	authHeader := http.Header{}
+	req, _ := http.NewRequest("POST", "http://localhost:8080/s3", bytes.NewBuffer(taskData))
+	client := &http.Client{}
+	resp, err := client.Do(req)
 
-	authenticator := ExampleAuthorizer{}
-	_, err := authenticator.Authorize(authHeader, task)
+	if err != nil {
+		t.Fatalf("Expected no error, got %v", err)
+	}
+	defer resp.Body.Close()
 
-	if err == nil {
-		t.Fatalf("Expected 401 Unauthorized error, got %v", err)
+	if resp.StatusCode != http.StatusUnauthorized {
+		t.Errorf("Expected status code 401, got %v", resp.StatusCode)
 	}
 }