github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/cmd/spicedb/restgateway_integration_test.go

github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/cmd/spicedb/restgateway_integration_test.go (about)

     1  //go:build docker && image
     2  // +build docker,image
     3  
     4  package main
     5  
     6  import (
     7  	"fmt"
     8  	"io/ioutil"
     9  	"net/http"
    10  	"testing"
    11  
    12  	"github.com/ory/dockertest/v3"
    13  	"github.com/stretchr/testify/require"
    14  )
    15  
    16  func TestRESTGateway(t *testing.T) {
    17  	require := require.New(t)
    18  
    19  	tester, err := newTester(t,
    20  		&dockertest.RunOptions{
    21  			Repository:   "authzed/spicedb",
    22  			Tag:          "ci",
    23  			Cmd:          []string{"serve", "--log-level", "debug", "--grpc-preshared-key", "somerandomkeyhere", "--http-enabled"},
    24  			ExposedPorts: []string{"50051/tcp", "8443/tcp"},
    25  		},
    26  		"somerandomkeyhere",
    27  		false,
    28  	)
    29  	require.NoError(err)
    30  	defer tester.cleanup()
    31  
    32  	resp, err := http.Get(fmt.Sprintf("http://localhost:%s", tester.httpPort))
    33  	require.NoError(err)
    34  
    35  	body, err := ioutil.ReadAll(resp.Body)
    36  	require.NoError(err)
    37  	require.JSONEq(`{"code":5,"message":"Not Found","details":[]}`, string(body))
    38  
    39  	// Attempt to read schema without a valid Auth header.
    40  	readUrl := fmt.Sprintf("http://localhost:%s/v1/schema/read", tester.httpPort)
    41  	resp, err = http.Post(readUrl, "", nil)
    42  	require.NoError(err)
    43  
    44  	body, err = ioutil.ReadAll(resp.Body)
    45  	require.NoError(err)
    46  
    47  	require.Equal(401, resp.StatusCode)
    48  	require.Contains(string(body), "Unauthenticated")
    49  
    50  	// Attempt to read schema with an invalid Auth header.
    51  	req, err := http.NewRequest("POST", readUrl, nil)
    52  	req.Header.Add("Authorization", "Bearer notcorrect")
    53  
    54  	resp, err = http.DefaultClient.Do(req)
    55  	require.NoError(err)
    56  
    57  	body, err = ioutil.ReadAll(resp.Body)
    58  	require.NoError(err)
    59  
    60  	require.Equal(403, resp.StatusCode)
    61  	require.Contains(string(body), "invalid preshared key: invalid token")
    62  
    63  	// Read with the correct token.
    64  	req, err = http.NewRequest("POST", readUrl, nil)
    65  	req.Header.Add("Authorization", "Bearer somerandomkeyhere")
    66  
    67  	resp, err = http.DefaultClient.Do(req)
    68  	require.NoError(err)
    69  
    70  	body, err = ioutil.ReadAll(resp.Body)
    71  	require.NoError(err)
    72  
    73  	require.Equal(200, resp.StatusCode)
    74  	require.Contains(string(body), "definition user {")
    75  
    76  	// Execute a watch call with an invalid auth header and ensure it 403s.
    77  	watchUrl := fmt.Sprintf("http://localhost:%s/v1/watch", tester.httpPort)
    78  	watchReq, err := http.NewRequest("POST", watchUrl, nil)
    79  	watchReq.Header.Add("Authorization", "Bearer notcorrect")
    80  
    81  	watchResp, err := http.DefaultClient.Do(watchReq)
    82  	require.NoError(err)
    83  	require.Equal(403, watchResp.StatusCode)
    84  }