feat: auth test service for testing sdk auth

Author: TristanSpeakEasy

.github/workflows/build-docker.yaml

@@ -0,0 +1,42 @@
+name: Create and publish a Docker image
+
+on:
+  push:
+    tags:
+      - "*"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/[email protected]
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/[email protected]
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.vscode/launch.json

@@ -0,0 +1,15 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Launch Package",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}/cmd/server/main.go"
+    }
+  ]
+}

Dockerfile

@@ -0,0 +1,26 @@
+## Build
+FROM golang as builder
+
+WORKDIR /app
+
+COPY go.mod ./
+COPY go.sum ./
+
+RUN go mod download
+
+COPY internal/ ./internal/
+COPY cmd/ ./cmd/
+COPY pkg/ ./pkg/
+
+RUN go build -o /server cmd/server/main.go
+
+## Deploy
+FROM gcr.io/distroless/base-debian11
+
+WORKDIR /
+
+COPY --from=builder /server /server
+
+EXPOSE 8080
+
+ENTRYPOINT ["/server"]

cmd/server/main.go

@@ -0,0 +1,19 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/speakeasy-api/speakeasy-auth-test-service/internal/auth"
+)
+
+func main() {
+	r := mux.NewRouter()
+	r.HandleFunc("/auth", auth.HandleAuth).Methods(http.MethodPost)
+
+	log.Println("Listening on :8080")
+	if err := http.ListenAndServe(":8080", r); err != nil {
+		log.Fatal(err)
+	}
+}

go.mod

@@ -0,0 +1,5 @@
+module github.com/speakeasy-api/speakeasy-auth-test-service
+
+go 1.19
+
+require github.com/gorilla/mux v1.8.0 // indirect

go.sum

@@ -0,0 +1,2 @@
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=

internal/auth/auth.go

@@ -0,0 +1,62 @@
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/speakeasy-api/speakeasy-auth-test-service/pkg/models"
+)
+
+var authError = errors.New("invalid auth")
+
+func checkAuth(req models.AuthRequest, r *http.Request) error {
+	if req.BasicAuth != nil {
+		if err := checkBasicAuth(*req.BasicAuth, r); err != nil {
+			return err
+		}
+	}
+
+	for _, headerAuth := range req.HeaderAuth {
+		if err := checkHeaderAuth(headerAuth, r); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func checkBasicAuth(basicAuth models.BasicAuth, r *http.Request) error {
+	basicAuthHeader := r.Header.Get("Authorization")
+	if basicAuthHeader == "" {
+		return fmt.Errorf("missing Authorization header for Basic Auth: %w", authError)
+	}
+
+	username, password, ok := r.BasicAuth()
+	if !ok {
+		return fmt.Errorf("invalid Authorization header for Basic Auth: %w", authError)
+	}
+
+	if username != basicAuth.Username {
+		return fmt.Errorf("invalid username for Basic Auth: %w", authError)
+	}
+
+	if password != basicAuth.Password {
+		return fmt.Errorf("invalid password for Basic Auth: %w", authError)
+	}
+
+	return nil
+}
+
+func checkHeaderAuth(headerAuth models.HeaderAuth, r *http.Request) error {
+	headerValue := r.Header.Get(headerAuth.HeaderName)
+	if headerValue == "" {
+		return fmt.Errorf("missing %s header: %w", headerAuth.HeaderName, authError)
+	}
+
+	if headerValue != headerAuth.ExpectedValue {
+		return fmt.Errorf("invalid %s header: %w", headerAuth.HeaderName, authError)
+	}
+
+	return nil
+}

internal/auth/service.go

@@ -0,0 +1,51 @@
+package auth
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"log"
+	"net/http"
+
+	"github.com/speakeasy-api/speakeasy-auth-test-service/pkg/models"
+)
+
+func HandleAuth(w http.ResponseWriter, r *http.Request) {
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		handleError(w, err)
+		return
+	}
+
+	var req models.AuthRequest
+	if err := json.Unmarshal(body, &req); err != nil {
+		handleError(w, err)
+		return
+	}
+
+	if err := checkAuth(req, r); err != nil {
+		handleError(w, err)
+		return
+	}
+}
+
+func handleError(w http.ResponseWriter, err error) {
+	log.Println(err)
+
+	data, marshalErr := json.Marshal(models.ErrorResponse{
+		Error: models.ErrorMessage{
+			Message: err.Error(),
+		},
+	})
+	if marshalErr != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	if errors.Is(err, authError) {
+		w.WriteHeader(http.StatusUnauthorized)
+	} else {
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+	_, _ = w.Write(data)
+}

pkg/models/models.go

@@ -0,0 +1,24 @@
+package models
+
+type ErrorMessage struct {
+	Message string `json:"message"`
+}
+
+type ErrorResponse struct {
+	Error ErrorMessage `json:"error"`
+}
+
+type HeaderAuth struct {
+	HeaderName    string `json:"headerName"`
+	ExpectedValue string `json:"expectedValue"`
+}
+
+type BasicAuth struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type AuthRequest struct {
+	HeaderAuth []HeaderAuth `json:"headerAuth,omitempty"`
+	BasicAuth  *BasicAuth   `json:"basicAuth,omitempty"`
+}