Allow injection of a logger into tenantmiddleware #29

mtestrot · 2020-12-03T07:31:29Z

Please use logError instead of logger for the name of the log func param to use a naming similar to the idp middleware.

mtestrot · 2020-12-03T07:32:29Z

Consider using the local ctx var because it is shorter.

-Original file line number
+Diff line change
@@ Expand Up / @@ -37,7 +37,7 @@ import ( @@
     	"crypto/sha256"
     	"encoding/base64"
     	"errors"
-    	"log"
+    	"fmt"
     	"net/http"
     	"strings"
     )
@@ Expand All / @@ -61,7 +61,7 @@ const ( @@
     // Adds systemBaseUri and tenantId to request context.
     // If the headers are not present the given defaultSystemBaseUri and tenant "0" are used.
     // The signatureSecretKey is specific for each App and is provided by the registration process for d.velop cloud.
-    func AddToCtx(defaultSystemBaseUri string, signatureSecretKey []byte) func(http.Handler) http.Handler {
+    func AddToCtx(defaultSystemBaseUri string, signatureSecretKey []byte, logger func(ctx context.Context, message string)) func(http.Handler) http.Handler {
     	return func(next http.Handler) http.Handler {
     		return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
     			ctx := req.Context()
@@ Expand All @@
     			if systemBaseUri != "" || tenantId != "" {
     				if signatureSecretKey == nil {
-    					log.Printf("error validating signature for headers '%v' and '%v' because secret signature key has not been configured", systemBaseUriHeader, tenantIdHeader)
+    					logger(req.Context(), fmt.Sprintf("validating signature for headers '%v' and '%v' because secret signature key has not been configured", systemBaseUriHeader, tenantIdHeader))
     					http.Error(rw, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
     					return
     				}
     				base64Signature := req.Header.Get("x-dv-sig-1")
     				signature, err := base64.StdEncoding.DecodeString(base64Signature)
     				if err != nil {
-    					log.Printf("error decoding signature '%v' as base 64 data because: %v", base64Signature, err)
+    					logger(req.Context(), fmt.Sprintf("decoding signature '%v' as base 64 data because: %v", base64Signature, err))
     					http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
     					return
     				}
     				if !signatureIsValid([]byte(systemBaseUri+tenantId), []byte(signature), signatureSecretKey) {
-    					log.Printf("error signature '%v' is not valid for SystemBaseUri '%v' and TenantId '%v'", signature, systemBaseUri, tenantId)
+    					logger(req.Context(), fmt.Sprintf("signature '%v' is not valid for SystemBaseUri '%v' and TenantId '%v'", signature, systemBaseUri, tenantId))
     					http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
     					return
     				}
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow injection of a logger into tenantmiddleware #29

Uh oh!

Diff view

Diff view

There are no files selected for viewing

mtestrot Dec 3, 2020

Uh oh!

mtestrot Dec 3, 2020

Uh oh!

-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,7 @@ import ( @@
     	"fmt"
     	"net/http"
     	"net/http/httptest"
+    	"strings"
     	"testing"
     	"github.com/d-velop/dvelop-sdk-go/tenant"
@@ Expand All @@
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	logSpy := loggerSpy{}
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	}
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(systemBaseUriFromHeader, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     		t.Fatal(err)
     	}
     	handlerSpy := handlerSpy{}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(httptest.NewRecorder(), req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(httptest.NewRecorder(), req)
     	if err := handlerSpy.assertErrorReadingSystemBaseUri(); err != nil {
     		t.Error(err)
@@ Expand All / @@ -107,8 +112,9 @@ func TestTenantIdHeader_UsesHeader(t *testing.T) { @@
     	req.Header.Set(signatureHeader, base64Signature(tenantIdFromHeader, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All / @@ -125,8 +131,9 @@ func TestNoTenantIdHeader_UsesTenantIdZero(t *testing.T) { @@
     	}
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(forwardedHeaderValue, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(forwardedHeaderValue, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(xForwardedHostValue, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(xForwardedHostMultiValue, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature("", signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(systemBaseUri, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(systemBaseUriFromHeader+tenantIdFromHeader, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(tenantIdFromHeader, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	}
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand All @@
     	}
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx(defaultSystemBaseUri, nil)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx(defaultSystemBaseUri, nil, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusOK); err != nil {
     		t.Error(err)
@@ Expand Down Expand Up @@
     	req.Header.Set(signatureHeader, base64Signature("wrong data", signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusForbidden); err != nil {
     		t.Error(err)
     	}
     	if handlerSpy.hasBeenCalled {
     		t.Error("inner handler should not have been called")
     	}
+    	if err := logSpy.assertLogContains("signature"); err != nil {
+    		t.Error(err)
+    	}
     }
     func TestNoneBase64Signature_Returns403(t *testing.T) {
@@ Expand All / @@ -423,15 +446,20 @@ func TestNoneBase64Signature_Returns403(t *testing.T) { @@
     	req.Header.Set(signatureHeader, "abc+(9-!")
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusForbidden); err != nil {
     		t.Error(err)
     	}
     	if handlerSpy.hasBeenCalled {
     		t.Error("inner handler should not have been called")
     	}
+    	if err := logSpy.assertLogContains("illegal base64"); err != nil {
+    		t.Error(err)
+    	}
     }
     func TestWrongSignatureKey_Returns403(t *testing.T) {
@@ Expand All / @@ -447,15 +475,20 @@ func TestWrongSignatureKey_Returns403(t *testing.T) { @@
     	req.Header.Set(signatureHeader, base64Signature(systemBaseUriFromHeader+tenantIdFromHeader, wrongSignatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusForbidden); err != nil {
     		t.Error(err)
     	}
     	if handlerSpy.hasBeenCalled {
     		t.Error("inner handler should not have been called")
     	}
+    	if err := logSpy.assertLogContains("signature"); err != nil {
+    		t.Error(err)
+    	}
     }
     func TestHeadersWithoutSignature_Returns403(t *testing.T) {
@@ Expand All @@
     	req.Header.Set(tenantIdHeader, tenantIdFromHeader)
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", signatureKey)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", signatureKey, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusForbidden); err != nil {
     		t.Error(err)
     	}
     	if handlerSpy.hasBeenCalled {
     		t.Error("inner handler should not have been called")
     	}
+    	if err := logSpy.assertLogContains("signature"); err != nil {
+    		t.Error(err)
+    	}
     }
     func TestHeadersAndNoSignatureSecretKey_Returns500(t *testing.T) {
@@ Expand All @@
     	req.Header.Set(signatureHeader, base64Signature(systemBaseUriFromHeader+tenantIdFromHeader, signatureKey))
     	handlerSpy := handlerSpy{}
     	responseSpy := responseSpy{httptest.NewRecorder()}
+    	logSpy := loggerSpy{}
-    	tenant.AddToCtx("", nil)(&handlerSpy).ServeHTTP(responseSpy, req)
+    	tenant.AddToCtx("", nil, logSpy.logError)(&handlerSpy).ServeHTTP(responseSpy, req)
     	if err := responseSpy.assertStatusCodeIs(http.StatusInternalServerError); err != nil {
     		t.Error(err)
     	}
     	if handlerSpy.hasBeenCalled {
     		t.Error("inner handler should not have been called")
     	}
+    	if err := logSpy.assertLogContains("secret"); err != nil {
+    		t.Error(err)
+    	}
     }
     func TestNoIdOnContext_SetId_ReturnsContextWithId(t *testing.T) {
@@ Expand Down Expand Up @@
     	}
     	return nil
     }
+    type loggerSpy struct {
+    	hasBeenCalled bool
+    	lastMessage   string
+    }
+    func (spy *loggerSpy) logError(ctx context.Context, message string) {
+    	spy.hasBeenCalled = true
+    	spy.lastMessage = message
+    	fmt.Println(message)
+    }
+    func (spy *loggerSpy) assertLogContains(term string) error {
+    	if !spy.hasBeenCalled {
+    		return fmt.Errorf("log should have been written")
+    	}
+    	if !strings.Contains(spy.lastMessage, term) {
+    		return fmt.Errorf("expected log to contain the term '%v'", term)
+    	}
+    	return nil
+    }

Allow injection of a logger into tenantmiddleware #29

Are you sure you want to change the base?

Uh oh!

Allow injection of a logger into tenantmiddleware #29

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

mtestrot Dec 3, 2020

Choose a reason for hiding this comment

Uh oh!

mtestrot Dec 3, 2020

Choose a reason for hiding this comment

Uh oh!