diff --git a/auth/main.go b/auth/main.go index b56a6f67..a163d42a 100644 --- a/auth/main.go +++ b/auth/main.go @@ -19,10 +19,10 @@ import ( _ "github.com/golang-migrate/migrate/v4/source/file" "github.com/jackc/pgx/v5/pgxpool" "github.com/jackc/pgx/v5/stdlib" - "github.com/labstack/echo-jwt/v4" + echojwt "github.com/labstack/echo-jwt/v4" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" - "github.com/swaggo/echo-swagger" + echoSwagger "github.com/swaggo/echo-swagger" ) func ErrorHandler(err error, c echo.Context) { @@ -248,6 +248,7 @@ func main() { r.DELETE("/keys/:id", h.DeleteApiKey) g.GET("/jwt", h.CreateJwt) + g.Any("/jwt/*", h.CreateJwt) e.GET("/.well-known/jwks.json", h.GetJwks) e.GET("/.well-known/openid-configuration", h.GetOidcConfig) diff --git a/auth/tests/externalauth-apikey.hurl b/auth/tests/externalauth-apikey.hurl new file mode 100644 index 00000000..fd80bb30 --- /dev/null +++ b/auth/tests/externalauth-apikey.hurl @@ -0,0 +1,36 @@ +POST {{host}}/keys +# this is created from the gh workflow file's env var +X-API-KEY: hurl-1234apikey +{ + "name": "dryflower", + "claims": { + "isAdmin": true, + "permissions": ["apikeys.read"] + } +} +HTTP 201 +[Captures] +id: jsonpath "$.id" +token: jsonpath "$.token" + +# Check external auth with api key +GET {{host}}/jwt +X-API-KEY: {{token}} +HTTP 200 +[Captures] +auth_header_apikey: header "Authorization" + +# Check if the auth header is working +GET {{host}}/keys +Authorization: {{auth_header_apikey}} +HTTP 200 +[Asserts] +jsonpath "$.items[0].id" == {{id}} +jsonpath "$.items[0].name" == "dryflower" +jsonpath "$.items[0].claims.permissions" contains "apikeys.read" + +# Clean api key + +DELETE {{host}}/keys/{{id}} +X-API-KEY: hurl-1234apikey +HTTP 200 diff --git a/auth/tests/externalauth-user.hurl b/auth/tests/externalauth-user.hurl new file mode 100644 index 00000000..eb38c250 --- /dev/null +++ b/auth/tests/externalauth-user.hurl @@ -0,0 +1,41 @@ +POST {{host}}/users +{ + "username": "user-1", + "password": "password-user-1", + "email": "user-1@zoriya.dev" +} +HTTP 201 +[Captures] +token: jsonpath "$.token" + +# Check external auth with token + +POST {{host}}/jwt/api/movies +Authorization: Bearer {{token}} +HTTP 200 +[Captures] +auth_header_token: header "Authorization" + +# Check if the auth header is working +GET {{host}}/users/me +Authorization: {{auth_header_token}} +HTTP 200 + +# Check external auth with cookie + +DELETE {{host}}/jwt/toto +Cookie: X-Bearer={{token}} +HTTP 200 +[Captures] +auth_header_cookie: header "Authorization" + +# Check if the auth header is working +GET {{host}}/users/me +Authorization: {{auth_header_cookie}} +HTTP 200 + +# Clean user + +DELETE {{host}}/users/me +Authorization: Bearer {{token}} +HTTP 200