start working at authorizer

authorizer/src/asapo_authorizer/server/authorize_test.go

@@ -35,12 +35,12 @@ func containsMatcher(substr string) func(str string) bool {
 	return func(str string) bool { return strings.Contains(str, substr) }
 }
 
-func makeRequest(request authorizationRequest) string {
+func makeRequest(request interface{}) string {
 	buf, _ := utils.MapToJson(request)
 	return string(buf)
 }
 
-func doAuthorizeRequest(path string,buf string) *httptest.ResponseRecorder {
+func doPostRequest(path string,buf string) *httptest.ResponseRecorder {
 	mux := utils.NewRouter(listRoutes)
 	req, _ := http.NewRequest("POST", path, strings.NewReader(buf))
 	w := httptest.NewRecorder()
@@ -86,7 +86,7 @@ func TestSplitCreds(t *testing.T) {
 func TestAuthorizeDefaultOK(t *testing.T) {
 	allowBeamlines([]beamtimeMeta{{"asapo_test","beamline","","2019","tf"}})
 	request :=  makeRequest(authorizationRequest{"asapo_test%%%","host"})
-	w := doAuthorizeRequest("/authorize",request)
+	w := doPostRequest("/authorize",request)
 
 	body, _ := ioutil.ReadAll(w.Body)
 
@@ -135,7 +135,7 @@ func TestAuthorizeWithToken(t *testing.T) {
 
 	for _, test := range authTests {
 		request :=  makeRequest(authorizationRequest{test.beamtime_id+"%"+test.beamline+"%"+test.stream+"%"+test.token,"host"})
-		w := doAuthorizeRequest("/authorize",request)
+		w := doPostRequest("/authorize",request)
 
 		body, _ := ioutil.ReadAll(w.Body)
 		if test.status==http.StatusOK {
@@ -222,7 +222,7 @@ func TestAuthorizeBeamline(t *testing.T) {
 
 	for _, test := range authBeamlineTests {
 		request :=  makeRequest(authorizationRequest{"auto%"+test.beamline+"%stream%"+test.token,"host"})
-		w := doAuthorizeRequest("/authorize",request)
+		w := doPostRequest("/authorize",request)
 
 		body, _ := ioutil.ReadAll(w.Body)
 		body_str:=string(body)
@@ -243,19 +243,19 @@ func TestAuthorizeBeamline(t *testing.T) {
 
 func TestNotAuthorized(t *testing.T) {
 	request :=  makeRequest(authorizationRequest{"any_id%%%","host"})
-	w := doAuthorizeRequest("/authorize",request)
+	w := doPostRequest("/authorize",request)
 	assert.Equal(t, http.StatusUnauthorized, w.Code, "")
 }
 
 
 func TestAuthorizeWrongRequest(t *testing.T) {
-	w := doAuthorizeRequest("/authorize","babla")
+	w := doPostRequest("/authorize","babla")
 	assert.Equal(t, http.StatusBadRequest, w.Code, "")
 }
 
 
 func TestAuthorizeWrongPath(t *testing.T) {
-	w := doAuthorizeRequest("/authorized","")
+	w := doPostRequest("/authorized","")
 	assert.Equal(t, http.StatusNotFound, w.Code, "")
 }
 
@@ -296,7 +296,7 @@ func TestAuthorizeWithFile(t *testing.T) {
 
 
 	request := authorizationRequest{"11003924%%%","127.0.0.1"}
-	w := doAuthorizeRequest("/authorize",makeRequest(request))
+	w := doPostRequest("/authorize",makeRequest(request))
 
 	body, _ := ioutil.ReadAll(w.Body)
 	body_str:=string(body)
@@ -309,7 +309,7 @@ func TestAuthorizeWithFile(t *testing.T) {
 	assert.Equal(t, http.StatusOK, w.Code, "")
 
 	request = authorizationRequest{"wrong%%%","127.0.0.1"}
-	w = doAuthorizeRequest("/authorize",makeRequest(request))
+	w = doPostRequest("/authorize",makeRequest(request))
 	assert.Equal(t, http.StatusUnauthorized, w.Code, "")
 
 	os.Remove("127.0.0.1")

authorizer/src/asapo_authorizer/server/folder_token.go

+package server
+
+import (
+	"asapo_common/utils"
+	"encoding/json"
+	"net/http"
+	"time"
+)
+
+type folderTokenRequest struct {
+	Folder string
+	BeamtimeId string
+	Token      string
+}
+
+type folderToken struct {
+	Token      string
+}
+
+type TokenExtraClaim struct {
+	RootFolder string
+}
+
+/*func routeFolderToken(w http.ResponseWriter, r *http.Request) {
+	utils.ProcessJWTAuth(processFolderTokenRequest,settings.secret)(w,r)
+}*/
+
+func extractFolderTokenRequest(r *http.Request) (request folderTokenRequest, err error) {
+	decoder := json.NewDecoder(r.Body)
+	err = decoder.Decode(&request)
+	return
+}
+
+func routeFolderToken(w http.ResponseWriter, r *http.Request) {
+
+	request, err := extractFolderTokenRequest(r)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(err.Error()))
+		return
+	}
+
+	var claims utils.CustomClaims
+	var extraClaim TokenExtraClaim
+
+	extraClaim.RootFolder = request.Folder
+	claims.ExtraClaims = &extraClaim
+	claims.Duration = time.Duration(settings.TokenDurationMin) * time.Minute
+
+	auth := utils.NewJWTAuth(settings.secret)
+	token, err := auth.GenerateToken(&claims)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(err.Error()))
+		return
+	}
+
+	var response folderToken
+	response.Token = token
+	answer,_ := utils.MapToJson(response)
+	w.WriteHeader(http.StatusOK)
+	w.Write(answer)
+}

authorizer/src/asapo_authorizer/server/folder_token_test.go

+package server
+
+import (
+	"asapo_common/utils"
+	"encoding/json"
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"net/http"
+	"testing"
+)
+
+
+
+func TestFolderTokenOK(t *testing.T) {
+	root_folder  := "/abc/def"
+	settings.secret = "secret"
+	request :=  makeRequest(folderTokenRequest{root_folder,"11111111",prepareToken("11111111")})
+	w := doPostRequest("/folder",request)
+
+	body, _ := ioutil.ReadAll(w.Body)
+	var jwt_token  folderToken
+	json.Unmarshal(body, &jwt_token)
+
+
+	claims,ok := utils.CheckJWTToken(jwt_token.Token,"secret")
+	fmt.Println(claims,ok)
+	var extra_claim TokenExtraClaim
+	utils.MapToStruct(claims.(*utils.CustomClaims).ExtraClaims.(map[string]interface{}), &extra_claim)
+
+	assert.Equal(t, root_folder, extra_claim.RootFolder, "")
+	assert.Equal(t, http.StatusOK, w.Code, "")
+}
+

authorizer/src/asapo_authorizer/server/listroutes.go

@@ -17,5 +17,10 @@ var listRoutes = utils.Routes{
 		"/health-check",
 		routeGetHealth,
 	},
-
+	utils.Route{
+		"Folder Token",
+		"POST",
+		"/folder",
+		routeFolderToken,
+	},
 }

authorizer/src/asapo_authorizer/server/server.go

@@ -18,8 +18,11 @@ type serverSettings struct {
 	CurrentBeamlinesFolder string
 	AlwaysAllowedBeamtimes  []beamtimeMeta
 	SecretFile              string
+	TokenDurationMin    	int
+	secret 					string
 }
 
 var settings serverSettings
 var auth utils.Auth
 
+

authorizer/src/asapo_authorizer/server/server_nottested.go

@@ -23,6 +23,7 @@ func createAuth() (utils.Auth, error) {
 	if err != nil {
 		return nil, err
 	}
+	settings.secret = secret
 	return utils.NewHMACAuth(secret), nil
 }
 

common/go/src/asapo_common/utils/authorization.go

 package utils
 
 import (
-	"errors"
-	"net/http"
-	"net/url"
-	"strings"
 	"context"
-	"github.com/dgrijalva/jwt-go"
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/base64"
+	"errors"
+	"github.com/dgrijalva/jwt-go"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
 )
 
 type AuthorizationRequest struct {
@@ -78,13 +79,10 @@ func ExtractAuthInfo(r *http.Request) (authType, token string, err error) {
 
 type CustomClaims struct {
 	jwt.StandardClaims
+	Duration    time.Duration
 	ExtraClaims interface{}
 }
 
-type JobClaim struct {
-	BeamtimeId string
-}
-
 type JWTAuth struct {
 	Key string
 }
@@ -103,9 +101,9 @@ func (t JWTAuth) GenerateToken(val ...interface{}) (string, error) {
 		return "", errors.New("Wrong claims")
 	}
 
-//	if claims.Duration > 0 {
-//		claims.ExpiresAt = time.Now().Add(claims.Duration).Unix()
-//	}
+	if claims.Duration > 0 {
+		claims.ExpiresAt = time.Now().Add(claims.Duration).Unix()
+	}
 
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	tokenString, err := token.SignedString([]byte(t.Key))
@@ -134,7 +132,7 @@ func ProcessJWTAuth(fn http.HandlerFunc, key string) http.HandlerFunc {
 				http.Error(w, "Internal authorization error - tocken does not match", http.StatusUnauthorized)
 				return
 			} else {
-				ctx = context.WithValue(ctx, "JobClaim", claims)
+				ctx = context.WithValue(ctx, "TokenClaims", claims)
 			}
 		} else {
 			http.Error(w, "Internal authorization error - wrong auth type", http.StatusUnauthorized)
@@ -162,7 +160,7 @@ func CheckJWTToken(token, key string) (jwt.Claims, bool) {
 }
 
 func JobClaimFromContext(r *http.Request, val interface{}) error {
-	c := r.Context().Value("JobClaim")
+	c := r.Context().Value("TokenClaims")
 
 	if c == nil {
 		return errors.New("Empty context")