Auth for files enabled

view/auth_test.go

@@ -71,7 +71,7 @@ func TestAuth(t *testing.T) {
 		}
 	})
 
-	t.Run("auth: none provided", func(t *testing.T) {
+	t.Run("auth: none provided: who", func(t *testing.T) {
 		r := httptest.NewRequest(http.MethodGet, "/who?namespace=col", nil)
 		w := httptest.NewRecorder()
 		handler.ServeHTTP(w, r)
@@ -80,6 +80,15 @@ func TestAuth(t *testing.T) {
 		}
 	})
 
+	t.Run("auth: none provided: files", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/__files__/myfile?namespace=col", nil)
+		w := httptest.NewRecorder()
+		handler.ServeHTTP(w, r)
+		if w.Code != http.StatusSeeOther {
+			t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
+		}
+	})
+
 	t.Run("auth: provided", func(t *testing.T) {
 		os.Setenv("AUTHLIFETIME", "1h")
 		one := entity.One{Name: uuid.New().String(), Title: "title"}
@@ -130,6 +139,14 @@ func TestAuth(t *testing.T) {
 		if w.Code != http.StatusOK {
 			t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
 		}
+
+		r = httptest.NewRequest(http.MethodTrace, "/__files__/myfile?namespace=col", nil)
+		w = httptest.NewRecorder()
+		r.Header.Set("Cookie", fmt.Sprintf("%s=%s", AuthKey, token))
+		handler.ServeHTTP(w, r)
+		if w.Code != http.StatusNotFound {
+			t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
+		}
 	})
 }
 

view/json.go

@@ -37,9 +37,8 @@ func jsonHandler(g storage.Graph) http.Handler {
 			noauth: true,
 		},
 		{
-			path:   config.New().FilePrefix + "/",
+			path: config.New().FilePrefix + "/",
-			foo:    files,
+			foo:  files,
-			noauth: true,
 		},
 	}