Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

Commit

Permalink
Add quick test routines
Browse files Browse the repository at this point in the history 
TODO: back out this commit later
  • Loading branch information
@jooskim
jooskim committed Aug 6, 2021
1 parent 2bf6b03 commit 9cdcb68
Showing 1 changed file with 95 additions and 1 deletion.
96 changes: 95 additions & 1 deletion plank/cmd/main.go
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
package main

import (
"github.com/go-stomp/stomp/frame"
"github.com/urfave/cli"
"github.com/vmware/transport-go/plank/pkg/server"
"github.com/vmware/transport-go/plank/pkg/server/auth_provider_manager"
"github.com/vmware/transport-go/plank/services"
"github.com/vmware/transport-go/plank/utils"
"github.com/urfave/cli"
"net/http"
"os"
"regexp"
)

var version string
Expand Down Expand Up @@ -41,6 +45,9 @@ func main() {
platformServer = server.NewPlatformServer(serverConfig)
}

AddSampleSTOMPAuthFilters()
AddSampleRESTAuthFilters()

// register services
if err := platformServer.RegisterService(services.NewPingPongService(), services.PingPongServiceChan); err != nil {
panic(err)
Expand All @@ -63,3 +70,90 @@ func main() {
panic(err)
}
}

// TODO: demo purpose only. delete before merging

func AddSampleRESTAuthFilters() {
// instantiate auth provider manager
apm := auth_provider_manager.GetAuthProviderManager()

// create a new auth provider and add a new filter rule for REST authentication based on presence of a certain header
restAuthProvider := auth_provider_manager.NewRESTAuthProvider()
restAuthProvider.AddRule("csp-auth-header", 1, func(req *http.Request) *auth_provider_manager.AuthError {
token := req.Header.Get("csp-auth-token")
if len(token) == 0 {
return &auth_provider_manager.AuthError{
Code: 401,
Message: "Unauthorized",
}
}
return nil
})

restAuthProvider.AddRule("csp-auth-token-match", 2, func(req *http.Request) *auth_provider_manager.AuthError {
token := req.Header.Get("csp-auth-token")
if token != "42" {
return &auth_provider_manager.AuthError{
Code: 403,
Message: "Forbidden",
}
}
return nil
})

// register the provider with auth provider manager
exp, err := regexp.Compile(`\/rest\/ping-pong2`)
if err != nil {
panic(err)
}
apm.SetRESTAuthProvider(exp, restAuthProvider)
}

// TODO: demo purpose only. delete before merging

func AddSampleSTOMPAuthFilters() {
// instantiate auth provider manager
apm := auth_provider_manager.GetAuthProviderManager()

// create a new auth provider for STOMP
stompAuthProvider := auth_provider_manager.NewSTOMPAuthProvider()

// first rule on CONNECT: require the value of header access-token to match "something"
stompAuthProvider.AddRule([]string{frame.CONNECT}, 0, func(fr *frame.Frame) *auth_provider_manager.AuthError {
token := fr.Header.Get("access-token")
utils.Log.Warnln("ACCESS TOKEN FROM CLIENT", token)
if token != "something" {
return &auth_provider_manager.AuthError{
Code: 403,
Message: "Cannot connect to Fabric: Forbidden",
}
}
return nil
})

// first rule on SEND: require the presence of header csp-auth-token
stompAuthProvider.AddRule([]string{frame.SEND}, 1, func(fr *frame.Frame) *auth_provider_manager.AuthError {
token := fr.Header.Get("csp-auth-token")
if len(token) == 0 {
return &auth_provider_manager.AuthError{
Code: 401,
Message: "Unauthorized",
}
}
return nil
})

// second rule on SEND: require the exact match of value of csp-auth-token to be "42"
stompAuthProvider.AddRule([]string{frame.SEND}, 2, func(fr *frame.Frame) *auth_provider_manager.AuthError {
token := fr.Header.Get("csp-auth-token-match")
if token != "42" {
return &auth_provider_manager.AuthError{
Code: 403,
Message: "Forbidden",
}
}
return nil
})

apm.SetSTOMPAuthProvider(stompAuthProvider)
}

0 comments on commit 9cdcb68

Please sign in to comment.