Merge pull request #287 from linkernetworks/johnlin/namespace-auth

[Task] add auth for namespaces
linkernetworks · Aug 28, 2018 · 0da5f51 · 0da5f51
2 parents 95f2047 + 1bd884b
commit 0da5f51
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 15 deletions.
diff --git a/src/entity/namespace.go b/src/entity/namespace.go
@@ -13,9 +13,11 @@ const (
 
 // Namespace is the structure for namespace info
 type Namespace struct {
-	ID        bson.ObjectId     `bson:"_id,omitempty" json:"id" validate:"-"`
-	Name      string            `bson:"name" json:"name" validate:"required,k8sname"`
-	CreatedAt *time.Time        `bson:"createdAt,omitempty" json:"createdAt,omitempty" validate:"-"`
+	ID        bson.ObjectId `bson:"_id,omitempty" json:"id" validate:"-"`
+	OwnerID   bson.ObjectId `bson:"ownerID,omitempty" json:"ownerID" validate:"-"`
+	Name      string        `bson:"name" json:"name" validate:"required,k8sname"`
+	CreatedAt *time.Time    `bson:"createdAt,omitempty" json:"createdAt,omitempty" validate:"-"`
+	CreatedBy User          `json:"createdBy" validate:"-"`
 }
 
 // GetCollection - get model mongo collection name.

diff --git a/src/server/handler_namespace.go b/src/server/handler_namespace.go
@@ -11,6 +11,7 @@ import (
 	"github.com/linkernetworks/vortex/src/namespace"
 	response "github.com/linkernetworks/vortex/src/net/http"
 	"github.com/linkernetworks/vortex/src/net/http/query"
+	"github.com/linkernetworks/vortex/src/server/backend"
 	"github.com/linkernetworks/vortex/src/web"
 	"k8s.io/apimachinery/pkg/api/errors"
 
@@ -20,6 +21,11 @@ import (
 
 func createNamespaceHandler(ctx *web.Context) {
 	sp, req, resp := ctx.ServiceProvider, ctx.Request, ctx.Response
+	userID, ok := req.Attribute("UserID").(string)
+	if !ok {
+		response.Unauthorized(req.Request, resp.ResponseWriter, fmt.Errorf("Unauthorized: User ID is empty"))
+		return
+	}
 
 	n := entity.Namespace{}
 	if err := req.ReadEntity(&n); err != nil {
@@ -51,6 +57,8 @@ func createNamespaceHandler(ctx *web.Context) {
 		}
 		return
 	}
+
+	n.OwnerID = bson.ObjectIdHex(userID)
 	if err := session.Insert(entity.NamespaceCollectionName, &n); err != nil {
 		if mgo.IsDup(err) {
 			response.Conflict(req.Request, resp.ResponseWriter, fmt.Errorf("Namespace: %s already existed", n.Name))
@@ -59,6 +67,7 @@ func createNamespaceHandler(ctx *web.Context) {
 		}
 		return
 	}
+	n.CreatedBy, _ = backend.FindUserByID(session, n.OwnerID)
 	resp.WriteHeaderAndEntity(http.StatusCreated, n)
 }
 
@@ -140,6 +149,11 @@ func listNamespaceHandler(ctx *web.Context) {
 		}
 	}
 
+	// insert users entity
+	for _, namespace := range namespaces {
+		// find owner in user entity
+		namespace.CreatedBy, _ = backend.FindUserByID(session, namespace.OwnerID)
+	}
 	count, err := session.Count(entity.NamespaceCollectionName, bson.M{})
 	if err != nil {
 		response.InternalServerError(req.Request, resp.ResponseWriter, err)
@@ -171,5 +185,7 @@ func getNamespaceHandler(ctx *web.Context) {
 			return
 		}
 	}
+	// find owner in user entity
+	namespace.CreatedBy, _ = backend.FindUserByID(session, namespace.OwnerID)
 	resp.WriteEntity(namespace)
 }
diff --git a/src/server/handler_namespace_test.go b/src/server/handler_namespace_test.go
@@ -26,33 +26,40 @@ func init() {
 
 type NamespaceTestSuite struct {
 	suite.Suite
-	sp      *serviceprovider.Container
-	wc      *restful.Container
-	session *mongo.Session
+	sp        *serviceprovider.Container
+	wc        *restful.Container
+	session   *mongo.Session
+	JWTBearer string
 }
 
 func (suite *NamespaceTestSuite) SetupSuite() {
 	cf := config.MustRead("../../config/testing.json")
 	sp := serviceprovider.NewForTesting(cf)
 
 	suite.sp = sp
-	//init session
+	// init session
 	suite.session = sp.Mongo.NewSession()
-	//init restful container
+	// init restful container
 	suite.wc = restful.NewContainer()
-	service := newNamespaceService(suite.sp)
-	suite.wc.Add(service)
-}
 
-func (suite *NamespaceTestSuite) TearDownSuite() {
+	namespaceService := newNamespaceService(suite.sp)
+	userService := newUserService(suite.sp)
+
+	suite.wc.Add(namespaceService)
+	suite.wc.Add(userService)
+
+	token, _ := loginGetToken(suite.wc)
+	suite.NotEmpty(token)
+	suite.JWTBearer = "Bearer " + token
 }
 
+func (suite *NamespaceTestSuite) TearDownSuite() {}
+
 func TestNamespaceSuite(t *testing.T) {
 	suite.Run(t, new(NamespaceTestSuite))
 }
 
 func (suite *NamespaceTestSuite) TestCreateNamespace() {
-
 	nsName := namesgenerator.GetRandomName(0)
 	namespace := entity.Namespace{
 		ID:   bson.NewObjectId(),
@@ -67,6 +74,7 @@ func (suite *NamespaceTestSuite) TestCreateNamespace() {
 	suite.NoError(err)
 
 	httpRequest.Header.Add("Content-Type", "application/json")
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter := httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusCreated, httpWriter)
@@ -89,6 +97,7 @@ func (suite *NamespaceTestSuite) TestCreateNamespace() {
 	httpRequest, err = http.NewRequest("POST", "http://localhost:7890/v1/namespaces", bodyReader)
 	suite.NoError(err)
 	httpRequest.Header.Add("Content-Type", "application/json")
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter = httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusConflict, httpWriter)
@@ -119,6 +128,7 @@ func (suite *NamespaceTestSuite) TestDeleteNamespace() {
 	suite.NoError(err)
 
 	httpRequest.Header.Add("Content-Type", "application/json")
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter := httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusOK, httpWriter)
@@ -133,6 +143,7 @@ func (suite *NamespaceTestSuite) TestDeleteNamespaceWithInvalidID() {
 	suite.NoError(err)
 
 	httpRequest.Header.Add("Content-Type", "application/json")
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter := httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusBadRequest, httpWriter)
@@ -146,13 +157,14 @@ func (suite *NamespaceTestSuite) TestGetNamespace() {
 		Name: nsName,
 	}
 
-	//Create data into mongo manually
+	// Create data into mongo manually
 	suite.session.C(entity.NamespaceCollectionName).Insert(namespace)
 	defer suite.session.Remove(entity.NamespaceCollectionName, "name", nsName)
 
 	httpRequest, err := http.NewRequest("GET", "http://localhost:7890/v1/namespaces/"+namespace.ID.Hex(), nil)
 	suite.NoError(err)
 
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter := httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusOK, httpWriter)
@@ -164,10 +176,11 @@ func (suite *NamespaceTestSuite) TestGetNamespace() {
 }
 
 func (suite *NamespaceTestSuite) TestGetNamespaceWithInvalidID() {
-	//Get data with non-exits ID
+	// Get data with non-exits ID
 	httpRequest, err := http.NewRequest("GET", "http://localhost:7890/v1/namespaces/"+bson.NewObjectId().Hex(), nil)
 	suite.NoError(err)
 
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter := httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusNotFound, httpWriter)
@@ -210,6 +223,7 @@ func (suite *NamespaceTestSuite) TestListNamespace() {
 			httpRequest, err := http.NewRequest("GET", url, nil)
 			suite.NoError(err)
 
+			httpRequest.Header.Add("Authorization", suite.JWTBearer)
 			httpWriter := httptest.NewRecorder()
 			suite.wc.Dispatch(httpWriter, httpRequest)
 			assertResponseCode(suite.T(), http.StatusOK, httpWriter)
@@ -230,20 +244,23 @@ func (suite *NamespaceTestSuite) TestListNamespaceWithInvalidPage() {
 	httpRequest, err := http.NewRequest("GET", "http://localhost:7890/v1/namespaces?page=asdd", nil)
 	suite.NoError(err)
 
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter := httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusBadRequest, httpWriter)
 
 	httpRequest, err = http.NewRequest("GET", "http://localhost:7890/v1/namespaces?page_size=asdd", nil)
 	suite.NoError(err)
 
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter = httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusBadRequest, httpWriter)
 
 	httpRequest, err = http.NewRequest("GET", "http://localhost:7890/v1/namespaces?page=-1", nil)
 	suite.NoError(err)
 
+	httpRequest.Header.Add("Authorization", suite.JWTBearer)
 	httpWriter = httptest.NewRecorder()
 	suite.wc.Dispatch(httpWriter, httpRequest)
 	assertResponseCode(suite.T(), http.StatusInternalServerError, httpWriter)

diff --git a/src/server/route.go b/src/server/route.go
@@ -147,6 +147,7 @@ func newServiceService(sp *serviceprovider.Container) *restful.WebService {
 func newNamespaceService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
 	webService.Path("/v1/namespaces").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Filter(validateTokenMiddleware)
 	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createNamespaceHandler)))
 	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteNamespaceHandler)))
 	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listNamespaceHandler)))