From 5aa121a42e3a1a447f028137e3a6c5d6e8487469 Mon Sep 17 00:00:00 2001 From: Bel LaPointe Date: Fri, 24 Jul 2020 15:09:12 -0600 Subject: [PATCH] Auth for files enabled --- view/auth_test.go | 19 ++++++++++++++++++- view/json.go | 5 ++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/view/auth_test.go b/view/auth_test.go index 7454bf3..1948f04 100644 --- a/view/auth_test.go +++ b/view/auth_test.go @@ -71,7 +71,7 @@ func TestAuth(t *testing.T) { } }) - t.Run("auth: none provided", func(t *testing.T) { + t.Run("auth: none provided: who", func(t *testing.T) { r := httptest.NewRequest(http.MethodGet, "/who?namespace=col", nil) w := httptest.NewRecorder() handler.ServeHTTP(w, r) @@ -80,6 +80,15 @@ func TestAuth(t *testing.T) { } }) + t.Run("auth: none provided: files", func(t *testing.T) { + r := httptest.NewRequest(http.MethodGet, "/__files__/myfile?namespace=col", nil) + w := httptest.NewRecorder() + handler.ServeHTTP(w, r) + if w.Code != http.StatusSeeOther { + t.Fatalf("%d: %s", w.Code, w.Body.Bytes()) + } + }) + t.Run("auth: provided", func(t *testing.T) { os.Setenv("AUTHLIFETIME", "1h") one := entity.One{Name: uuid.New().String(), Title: "title"} @@ -130,6 +139,14 @@ func TestAuth(t *testing.T) { if w.Code != http.StatusOK { t.Fatalf("%d: %s", w.Code, w.Body.Bytes()) } + + r = httptest.NewRequest(http.MethodTrace, "/__files__/myfile?namespace=col", nil) + w = httptest.NewRecorder() + r.Header.Set("Cookie", fmt.Sprintf("%s=%s", AuthKey, token)) + handler.ServeHTTP(w, r) + if w.Code != http.StatusNotFound { + t.Fatalf("%d: %s", w.Code, w.Body.Bytes()) + } }) } diff --git a/view/json.go b/view/json.go index 5c41a5d..b5f7c9e 100644 --- a/view/json.go +++ b/view/json.go @@ -37,9 +37,8 @@ func jsonHandler(g storage.Graph) http.Handler { noauth: true, }, { - path: config.New().FilePrefix + "/", - foo: files, - noauth: true, + path: config.New().FilePrefix + "/", + foo: files, }, }