refactor: rewrite auth handler code (!89)

* Rewrite the code handling basic auth to make it easier to extend for other types of auth. * The behaviour of the existing code is maintained. * No changes to how basic auth is configured from a user's perspective. https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/merge_requests/89
2023-06-21 10:31:33 +00:00
parent 3215fe5f4c
commit 3cff8ccd64
15 changed files with 233 additions and 190 deletions
--- a/cfg/basicAuth.go
+++ b/cfg/basicAuth.go
@ -1,25 +0,0 @@
-package cfg
-
-import "gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/auth"
-
-type hashedBasicAuth struct {
-	username string
-	password string
-}
-
-func newHashedBasicAuth(rawUsername, rawPassword string) *hashedBasicAuth {
-	return &hashedBasicAuth{
-		username: auth.HashString(rawUsername),
-		password: auth.HashString(rawPassword),
-	}
-}
-
-func (p *hashedBasicAuth) Enabled() bool {
-	return len(p.username) > 0 && len(p.password) > 0
-}
-
-func (p *hashedBasicAuth) DoesBasicAuthMatch(rawUsername, rawPassword string) bool {
-	username := auth.HashString(rawUsername)
-	password := auth.HashString(rawPassword)
-	return username == p.username && password == p.password
-}
--- a/cfg/basicAuth_test.go
+++ b/cfg/basicAuth_test.go
@ -1,60 +0,0 @@
-package cfg
-
-import "testing"
-
-func Test_hashedBasicAuth_DoesBasicAuthMatch(t *testing.T) {
-	type args struct {
-		username string
-		password string
-	}
-	type fields struct {
-		username string
-		password string
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		args   args
-		want   bool
-	}{
-		{"Happy test #1", fields{username: "1234", password: "1234"}, args{username: "1234", password: "1234"}, true},
-		{"Happy test #2", fields{username: "test", password: "1234"}, args{username: "test", password: "1234"}, true},
-		{"Happy test #3", fields{username: "TEST", password: "1234"}, args{username: "TEST", password: "1234"}, true},
-		{"Non match #1", fields{username: "test", password: "1234"}, args{username: "1234", password: "1234"}, false},
-		{"Non match #2", fields{username: "1234", password: "test"}, args{username: "1234", password: "1234"}, false},
-		{"Non match #3", fields{username: "1234", password: "test"}, args{username: "1234", password: "TEST"}, false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
-			if got := basicAuth.DoesBasicAuthMatch(tt.args.username, tt.args.password); got != tt.want {
-				t.Errorf("DoesBasicAuthMatch() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func Test_hashedBasicAuth_Enabled(t *testing.T) {
-	type fields struct {
-		username string
-		password string
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   bool
-	}{
-		{"Both blank", fields{username: "", password: ""}, false},
-		{"Single blank #1", fields{username: "test", password: ""}, false},
-		{"Single blank #1", fields{username: "", password: "test"}, false},
-		{"Both populated", fields{username: "test", password: "test"}, true},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
-			if got := basicAuth.Enabled(); got != tt.want {
-				t.Errorf("Enabled() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
--- a/cfg/cfg.go
+++ b/cfg/cfg.go
@ -2,9 +2,11 @@ package cfg

 import (
 	"fmt"
+	"log"
 	"os"

 	"github.com/alecthomas/kong"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/auth"
 )

 var cliStruct struct {
@ -36,11 +38,22 @@ func Parse() *AppSettings {
 		Fail2BanSocketPath:    cliStruct.F2bSocketPath,
 		FileCollectorPath:     cliStruct.TextFileExporterPath,
 		ExitOnSocketConnError: cliStruct.ExitOnSocketError,
-		BasicAuthProvider:     newHashedBasicAuth(cliStruct.BasicAuthUser, cliStruct.BasicAuthPass),
+		AuthProvider:          createAuthProvider(),
 	}
 	return settings
 }

+func createAuthProvider() auth.AuthProvider {
+	username := cliStruct.BasicAuthUser
+	password := cliStruct.BasicAuthPass
+
+	if len(username) == 0 && len(password) == 0 {
+		return auth.NewEmptyAuthProvider()
+	}
+	log.Print("basic auth enabled")
+	return auth.NewBasicAuthProvider(username, password)
+}
+
 func validateFlags(cliCtx *kong.Context) {
 	var flagsValid = true
 	var messages = []string{}
--- a/cfg/settings.go
+++ b/cfg/settings.go
@ -1,10 +1,12 @@
 package cfg

+import "gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/auth"
+
 type AppSettings struct {
 	VersionMode           bool
 	MetricsAddress        string
 	Fail2BanSocketPath    string
 	FileCollectorPath     string
-	BasicAuthProvider     *hashedBasicAuth
+	AuthProvider          auth.AuthProvider
 	ExitOnSocketConnError bool
 }