Auth for files enabled

2020-07-24 15:09:12 -06:00 · 2020-07-24 15:09:12 -06:00 · 5aa121a42e
parent 3a69fad9f7
commit 5aa121a42e
2 changed files with 20 additions and 4 deletions
--- a/view/auth_test.go
+++ b/view/auth_test.go
@ -71,7 +71,7 @@ func TestAuth(t *testing.T) {
 		}
 	})

-	t.Run("auth: none provided", func(t *testing.T) {
+	t.Run("auth: none provided: who", func(t *testing.T) {
 		r := httptest.NewRequest(http.MethodGet, "/who?namespace=col", nil)
 		w := httptest.NewRecorder()
 		handler.ServeHTTP(w, r)
@ -80,6 +80,15 @@ func TestAuth(t *testing.T) {
 		}
 	})

+	t.Run("auth: none provided: files", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/__files__/myfile?namespace=col", nil)
+		w := httptest.NewRecorder()
+		handler.ServeHTTP(w, r)
+		if w.Code != http.StatusSeeOther {
+			t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
+		}
+	})
+
 	t.Run("auth: provided", func(t *testing.T) {
 		os.Setenv("AUTHLIFETIME", "1h")
 		one := entity.One{Name: uuid.New().String(), Title: "title"}
@ -130,6 +139,14 @@ func TestAuth(t *testing.T) {
 		if w.Code != http.StatusOK {
 			t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
 		}
+
+		r = httptest.NewRequest(http.MethodTrace, "/__files__/myfile?namespace=col", nil)
+		w = httptest.NewRecorder()
+		r.Header.Set("Cookie", fmt.Sprintf("%s=%s", AuthKey, token))
+		handler.ServeHTTP(w, r)
+		if w.Code != http.StatusNotFound {
+			t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
+		}
 	})
 }

--- a/view/json.go
+++ b/view/json.go
@ -37,9 +37,8 @@ func jsonHandler(g storage.Graph) http.Handler {
 			noauth: true,
 		},
 		{
-			path:   config.New().FilePrefix + "/",
-			foo:    files,
-			noauth: true,
+			path: config.New().FilePrefix + "/",
+			foo:  files,
 		},
 	}