You've already forked prometheus-fail2ban-exporter
This commit is contained in:
29
auth/basic.go
Normal file
29
auth/basic.go
Normal file
@ -0,0 +1,29 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func NewBasicAuthProvider(username, password string) AuthProvider {
|
||||
return &basicAuthProvider{
|
||||
hashedAuth: encodeBasicAuth(username, password),
|
||||
}
|
||||
}
|
||||
|
||||
type basicAuthProvider struct {
|
||||
hashedAuth string
|
||||
}
|
||||
|
||||
func (p *basicAuthProvider) IsAllowed(request *http.Request) bool {
|
||||
username, password, ok := request.BasicAuth()
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
requestAuth := encodeBasicAuth(username, password)
|
||||
return p.hashedAuth == requestAuth
|
||||
}
|
||||
|
||||
func encodeBasicAuth(username, password string) string {
|
||||
return HashString(fmt.Sprintf("%s:%s", username, password))
|
||||
}
|
53
auth/basic_test.go
Normal file
53
auth/basic_test.go
Normal file
@ -0,0 +1,53 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func Test_GIVEN_BasicAuthSet_WHEN_CallingIsAllowedWithCorrectCreds_THEN_TrueReturned(t *testing.T) {
|
||||
// assemble
|
||||
username := "u1"
|
||||
password := HashString("abc")
|
||||
request := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||
request.SetBasicAuth(username, password)
|
||||
provider := NewBasicAuthProvider(username, password)
|
||||
|
||||
// act
|
||||
result := provider.IsAllowed(request)
|
||||
|
||||
// assert
|
||||
if !result {
|
||||
t.Errorf("expected request to be allowed, but failed")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GIVEN_BasicAuthSet_WHEN_CallingIsAllowedWithoutCreds_THEN_FalseReturned(t *testing.T) {
|
||||
// assemble
|
||||
request := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||
provider := NewBasicAuthProvider("u1", "p1")
|
||||
|
||||
// act
|
||||
result := provider.IsAllowed(request)
|
||||
|
||||
// assert
|
||||
if result {
|
||||
t.Errorf("expected request to be denied, but was allowed")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GIVEN_BasicAuthSet_WHEN_CallingIsAllowedWithWrongCreds_THEN_FalseReturned(t *testing.T) {
|
||||
// assemble
|
||||
request := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||
request.SetBasicAuth("wrong", "pw")
|
||||
provider := NewBasicAuthProvider("u1", "p1")
|
||||
|
||||
// act
|
||||
result := provider.IsAllowed(request)
|
||||
|
||||
// assert
|
||||
if result {
|
||||
t.Errorf("expected request to be denied, but was allowed")
|
||||
}
|
||||
}
|
14
auth/empty.go
Normal file
14
auth/empty.go
Normal file
@ -0,0 +1,14 @@
|
||||
package auth
|
||||
|
||||
import "net/http"
|
||||
|
||||
func NewEmptyAuthProvider() AuthProvider {
|
||||
return &emptyAuthProvider{}
|
||||
}
|
||||
|
||||
type emptyAuthProvider struct {
|
||||
}
|
||||
|
||||
func (p *emptyAuthProvider) IsAllowed(request *http.Request) bool {
|
||||
return true
|
||||
}
|
36
auth/empty_test.go
Normal file
36
auth/empty_test.go
Normal file
@ -0,0 +1,36 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func Test_GIVEN_EmptyAuth_WHEN_CallingIsAllowedWithoutAuth_THEN_TrueReturned(t *testing.T) {
|
||||
// assemble
|
||||
request := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||
provider := NewEmptyAuthProvider()
|
||||
|
||||
// act
|
||||
response := provider.IsAllowed(request)
|
||||
|
||||
// assert
|
||||
if !response {
|
||||
t.Errorf("expected request to be allowed, but failed")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GIVEN_EmptyAuth_WHEN_CallingIsAllowedWithAuth_THEN_TrueReturned(t *testing.T) {
|
||||
// assemble
|
||||
request := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||
request.SetBasicAuth("user", "pass")
|
||||
provider := NewEmptyAuthProvider()
|
||||
|
||||
// act
|
||||
response := provider.IsAllowed(request)
|
||||
|
||||
// assert
|
||||
if !response {
|
||||
t.Errorf("expected request to be allowed, but failed")
|
||||
}
|
||||
}
|
18
auth/hash.go
Normal file
18
auth/hash.go
Normal file
@ -0,0 +1,18 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
)
|
||||
|
||||
func hash(data []byte) []byte {
|
||||
if len(data) == 0 {
|
||||
return []byte{}
|
||||
}
|
||||
b := sha256.Sum256(data)
|
||||
return b[:]
|
||||
}
|
||||
|
||||
func HashString(data string) string {
|
||||
return hex.EncodeToString(hash([]byte(data)))
|
||||
}
|
26
auth/hash_test.go
Normal file
26
auth/hash_test.go
Normal file
@ -0,0 +1,26 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestHashString(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
args string
|
||||
want string
|
||||
}{
|
||||
{"Happy path #1", "123", "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"},
|
||||
{"Happy path #2", "hello world", "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9"},
|
||||
{"Happy path #3", "H3Ll0_W0RLD", "d58a27fe9a6e73a1d8a67189fb8acace047e7a1a795276a0056d3717ad61bd0e"},
|
||||
{"Blank string", "", ""},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if got := HashString(tt.args); !reflect.DeepEqual(got, tt.want) {
|
||||
t.Errorf("HashString() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
9
auth/provider.go
Normal file
9
auth/provider.go
Normal file
@ -0,0 +1,9 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type AuthProvider interface {
|
||||
IsAllowed(*http.Request) bool
|
||||
}
|
Reference in New Issue
Block a user