storj/pkg/auth/grpcauth/apikey_test.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package grpcauth_test

import (
	"context"
	"net"
	"testing"

	"github.com/stretchr/testify/require"
	"google.golang.org/grpc"
	"google.golang.org/grpc/codes"
	pb "google.golang.org/grpc/examples/helloworld/helloworld"
	"google.golang.org/grpc/status"

	"storj.io/storj/internal/errs2"
	"storj.io/storj/internal/testcontext"
	"storj.io/storj/pkg/auth"
	"storj.io/storj/pkg/auth/grpcauth"
)

func TestAPIKey(t *testing.T) {
	ctx := testcontext.New(t)
	defer ctx.Cleanup()

	listener, err := net.Listen("tcp", "127.0.0.1:0")
	require.NoError(t, err)
	// listener is closed in server.Stop() internally

	server := grpc.NewServer(
		grpc.UnaryInterceptor(grpcauth.InterceptAPIKey),
	)
	defer server.Stop()

	pb.RegisterGreeterServer(server, &helloServer{})

	ctx.Go(func() error {
		err := errs2.IgnoreCanceled(server.Serve(listener))
		t.Log(err)
		return err
	})

	type testcase struct {
		apikey   string
		expected codes.Code
	}

	for _, test := range []testcase{
		{"", codes.Unauthenticated},
		{"wrong key", codes.Unauthenticated},
		{"good key", codes.OK},
	} {
		conn, err := grpc.DialContext(ctx, listener.Addr().String(),
			grpc.WithPerRPCCredentials(grpcauth.NewDeprecatedAPIKeyCredentials(test.apikey)),
			grpc.WithBlock(),
			grpc.WithInsecure(),
		)
		require.NoError(t, err)

		client := pb.NewGreeterClient(conn)
		response, err := client.SayHello(ctx, &pb.HelloRequest{Name: "Me"})

		if test.expected == codes.OK {
			require.NoError(t, err)
			require.Equal(t, response.Message, "Hello Me")
		} else {
			require.Error(t, err)
			require.Equal(t, status.Code(err), test.expected)
		}

		require.NoError(t, conn.Close())
	}
}

type helloServer struct{}

// SayHello implements helloworld.GreeterServer
func (s *helloServer) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
	key, ok := auth.GetAPIKey(ctx)
	if !ok {
		return nil, status.Errorf(codes.Unauthenticated, "Invalid API credentials")
	}
	if string(key) != "good key" {
		return nil, status.Errorf(codes.Unauthenticated, "Invalid API credentials")
	}

	return &pb.HelloReply{Message: "Hello " + in.Name}, nil
}
pkg/auth: use grpc.WithPerRPCCredentials (#2670) 2019-07-31 12:57:13 +01:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package grpcauth_test`

			`import (`
			`"context"`
			`"net"`
			`"testing"`

			`"github.com/stretchr/testify/require"`
			`"google.golang.org/grpc"`
			`"google.golang.org/grpc/codes"`
			`pb "google.golang.org/grpc/examples/helloworld/helloworld"`
			`"google.golang.org/grpc/status"`

			`"storj.io/storj/internal/errs2"`
			`"storj.io/storj/internal/testcontext"`
			`"storj.io/storj/pkg/auth"`
			`"storj.io/storj/pkg/auth/grpcauth"`
			`)`

			`func TestAPIKey(t *testing.T) {`
			`ctx := testcontext.New(t)`
			`defer ctx.Cleanup()`

			`listener, err := net.Listen("tcp", "127.0.0.1:0")`
			`require.NoError(t, err)`
			`// listener is closed in server.Stop() internally`

			`server := grpc.NewServer(`
			`grpc.UnaryInterceptor(grpcauth.InterceptAPIKey),`
			`)`
			`defer server.Stop()`

			`pb.RegisterGreeterServer(server, &helloServer{})`

			`ctx.Go(func() error {`
			`err := errs2.IgnoreCanceled(server.Serve(listener))`
			`t.Log(err)`
			`return err`
			`})`

			`type testcase struct {`
			`apikey string`
			`expected codes.Code`
			`}`

			`for _, test := range []testcase{`
			`{"", codes.Unauthenticated},`
			`{"wrong key", codes.Unauthenticated},`
			`{"good key", codes.OK},`
			`} {`
			`conn, err := grpc.DialContext(ctx, listener.Addr().String(),`
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none 2019-09-19 17:19:29 +01:00			`grpc.WithPerRPCCredentials(grpcauth.NewDeprecatedAPIKeyCredentials(test.apikey)),`
pkg/auth: use grpc.WithPerRPCCredentials (#2670) 2019-07-31 12:57:13 +01:00			`grpc.WithBlock(),`
			`grpc.WithInsecure(),`
			`)`
			`require.NoError(t, err)`

			`client := pb.NewGreeterClient(conn)`
			`response, err := client.SayHello(ctx, &pb.HelloRequest{Name: "Me"})`

			`if test.expected == codes.OK {`
			`require.NoError(t, err)`
			`require.Equal(t, response.Message, "Hello Me")`
			`} else {`
			`require.Error(t, err)`
			`require.Equal(t, status.Code(err), test.expected)`
			`}`

			`require.NoError(t, conn.Close())`
			`}`
			`}`

			`type helloServer struct{}`

			`// SayHello implements helloworld.GreeterServer`
			`func (s helloServer) SayHello(ctx context.Context, in pb.HelloRequest) (*pb.HelloReply, error) {`
			`key, ok := auth.GetAPIKey(ctx)`
			`if !ok {`
all: enable staticcheck (#2849) * by having megacheck in disable it also disabled staticcheck * fix closing body * keep interfacer disabled * hide bodies * don't use deprecated func * fix dead code * fix potential overrun * keep stylecheck disabled * don't pass nil as context * fix infinite recursion * remove extraneous return * fix data race * use correct func * ignore unused var * remove unused consts 2019-08-22 12:40:15 +01:00			`return nil, status.Errorf(codes.Unauthenticated, "Invalid API credentials")`
pkg/auth: use grpc.WithPerRPCCredentials (#2670) 2019-07-31 12:57:13 +01:00			`}`
			`if string(key) != "good key" {`
all: enable staticcheck (#2849) * by having megacheck in disable it also disabled staticcheck * fix closing body * keep interfacer disabled * hide bodies * don't use deprecated func * fix dead code * fix potential overrun * keep stylecheck disabled * don't pass nil as context * fix infinite recursion * remove extraneous return * fix data race * use correct func * ignore unused var * remove unused consts 2019-08-22 12:40:15 +01:00			`return nil, status.Errorf(codes.Unauthenticated, "Invalid API credentials")`
pkg/auth: use grpc.WithPerRPCCredentials (#2670) 2019-07-31 12:57:13 +01:00			`}`

			`return &pb.HelloReply{Message: "Hello " + in.Name}, nil`
			`}`