github.com/whoyao/protocol@v0.0.0-20230519045905-2d8ace718ca5/auth/verifier_test.go

github.com/whoyao/protocol@v0.0.0-20230519045905-2d8ace718ca5/auth/verifier_test.go (about)

     1  package auth_test
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	"github.com/go-jose/go-jose/v3/json"
     8  	"github.com/stretchr/testify/require"
     9  
    10  	"github.com/whoyao/protocol/auth"
    11  )
    12  
    13  func TestVerifier(t *testing.T) {
    14  	apiKey := "APID3B67uxk4Nj2GKiRPibAZ9"
    15  	secret := "YHC-CUhbQhGeVCaYgn1BNA++"
    16  	accessToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDg5MzAzMDgsImlzcyI6IkFQSUQzQjY3dXhrNE5qMkdLaVJQaWJBWjkiLCJuYmYiOjE2MDg5MjY3MDgsInJvb21fam9pbiI6dHJ1ZSwicm9vbV9zaWQiOiJteWlkIiwic3ViIjoiQVBJRDNCNjd1eGs0TmoyR0tpUlBpYkFaOSJ9.cmHEBq0MLyRqphmVLM2cLXg5ao5Sro7am8yXhcYKcwE"
    17  	t.Run("cannot decode with incorrect key", func(t *testing.T) {
    18  		v, err := auth.ParseAPIToken(accessToken)
    19  		require.NoError(t, err)
    20  
    21  		require.Equal(t, apiKey, v.APIKey())
    22  		_, err = v.Verify("")
    23  		require.Error(t, err)
    24  
    25  		_, err = v.Verify("anothersecret")
    26  		require.Error(t, err)
    27  	})
    28  
    29  	t.Run("key has expired", func(t *testing.T) {
    30  		v, err := auth.ParseAPIToken(accessToken)
    31  		require.NoError(t, err)
    32  
    33  		_, err = v.Verify(secret)
    34  		require.Error(t, err)
    35  	})
    36  
    37  	t.Run("unexpired token is verified", func(t *testing.T) {
    38  		claim := auth.VideoGrant{RoomCreate: true}
    39  		at := auth.NewAccessToken(apiKey, secret).
    40  			AddGrant(&claim).
    41  			SetValidFor(time.Minute).
    42  			SetIdentity("me")
    43  		authToken, err := at.ToJWT()
    44  		require.NoError(t, err)
    45  
    46  		v, err := auth.ParseAPIToken(authToken)
    47  		require.NoError(t, err)
    48  		require.Equal(t, apiKey, v.APIKey())
    49  		require.Equal(t, "me", v.Identity())
    50  
    51  		decoded, err := v.Verify(secret)
    52  		require.NoError(t, err)
    53  		require.Equal(t, &claim, decoded.Video)
    54  	})
    55  
    56  	t.Run("ensure metadata can be passed through", func(t *testing.T) {
    57  		metadata := map[string]interface{}{
    58  			"user":   "value",
    59  			"number": float64(3),
    60  		}
    61  		md, _ := json.Marshal(metadata)
    62  		at := auth.NewAccessToken(apiKey, secret).
    63  			AddGrant(&auth.VideoGrant{
    64  				RoomAdmin: true,
    65  				Room:      "myroom",
    66  			}).
    67  			SetMetadata(string(md))
    68  
    69  		authToken, err := at.ToJWT()
    70  		require.NoError(t, err)
    71  
    72  		v, err := auth.ParseAPIToken(authToken)
    73  		require.NoError(t, err)
    74  
    75  		decoded, err := v.Verify(secret)
    76  		require.NoError(t, err)
    77  
    78  		require.EqualValues(t, string(md), decoded.Metadata)
    79  	})
    80  
    81  	t.Run("nil permissions are handled", func(t *testing.T) {
    82  		grant := &auth.VideoGrant{
    83  			Room:     "myroom",
    84  			RoomJoin: true,
    85  		}
    86  		grant.SetCanPublishData(false)
    87  		at := auth.NewAccessToken(apiKey, secret).
    88  			AddGrant(grant)
    89  		token, err := at.ToJWT()
    90  		require.NoError(t, err)
    91  
    92  		v, err := auth.ParseAPIToken(token)
    93  		require.NoError(t, err)
    94  		decoded, err := v.Verify(secret)
    95  		require.NoError(t, err)
    96  
    97  		require.Nil(t, decoded.Video.CanSubscribe)
    98  		require.Nil(t, decoded.Video.CanPublish)
    99  		require.False(t, *decoded.Video.CanPublishData)
   100  	})
   101  }