fully implemented the authorization parsing; fixed middleware example

xmidt-org · Aug 5, 2024 · 93f541a · 93f541a
1 parent fa87382
commit 93f541a
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 7 deletions.
diff --git a/basculehttp/authorization.go b/basculehttp/authorization.go
@@ -72,7 +72,8 @@ func WithAuthorizationHeader(header string) AuthorizationParserOption {
 
 func WithScheme(scheme Scheme, parser bascule.TokenParser[string]) AuthorizationParserOption {
 	return authorizationParserOptionFunc(func(ap *AuthorizationParser) error {
-		ap.parsers[scheme] = parser
+		// we want case-insensitive matches, so lowercase everything
+		ap.parsers[scheme.lower()] = parser
 		return nil
 	})
 }
@@ -100,6 +101,28 @@ func NewAuthorizationParser(opts ...AuthorizationParserOption) (*AuthorizationPa
 	return ap, nil
 }
 
-func (ap *AuthorizationParser) Parse(_ context.Context, source *http.Request) (bascule.Token, error) {
-	return nil, nil // TODO
+// Parse extracts the appropriate header, Authorization by default, and parses the
+// scheme and value.  Schemes are case-insensitive, e.g. BASIC and Basic are the same scheme.
+//
+// If a token parser is registered for the given scheme, that token parser is invoked.
+// Otherwise, UnsupportedSchemeError is returned, indicating the scheme in question.
+func (ap *AuthorizationParser) Parse(ctx context.Context, source *http.Request) (bascule.Token, error) {
+	authValue := source.Header.Get(ap.header)
+	if len(authValue) == 0 {
+		return nil, bascule.ErrMissingCredentials
+	}
+
+	scheme, value, err := ParseAuthorization(authValue)
+	if err != nil {
+		return nil, err
+	}
+
+	p, registered := ap.parsers[scheme.lower()]
+	if !registered {
+		return nil, &UnsupportedSchemeError{
+			Scheme: scheme,
+		}
+	}
+
+	return p.Parse(ctx, value)
 }
diff --git a/basculehttp/middleware_examples_test.go b/basculehttp/middleware_examples_test.go
@@ -11,10 +11,21 @@ import (
 	"github.com/xmidt-org/bascule/v1"
 )
 
-// ExampleMiddleware_simple illustrates how to use a basculehttp Middleware with
-// just the defaults.
-func ExampleMiddleware_simple() {
-	m, err := NewMiddleware() // all defaults
+// ExampleMiddleware_basicauth illustrates how to use a basculehttp Middleware with
+// just basic auth.
+func ExampleMiddleware_basicauth() {
+	tp, err := NewAuthorizationParser(
+		WithScheme(SchemeBasic, BasicTokenParser{}),
+	)
+
+	if err != nil {
+		panic(err)
+	}
+
+	m, err := NewMiddleware(
+		WithTokenParsers(tp),
+	)
+
 	if err != nil {
 		panic(err)
 	}

diff --git a/basculehttp/scheme.go b/basculehttp/scheme.go
@@ -3,6 +3,11 @@
 
 package basculehttp
 
+import (
+	"net/http"
+	"strings"
+)
+
 // Scheme is the authorization header scheme, e.g. Basic, Bearer, etc.
 type Scheme string
 
@@ -13,3 +18,32 @@ const (
 	// SchemeBearer is the Bearer HTTP authorization scheme.
 	SchemeBearer Scheme = "Bearer"
 )
+
+// lower returns a lowercased version of this Scheme.  Useful
+// for ensuring case-insensitive matches.
+func (s Scheme) lower() Scheme {
+	return Scheme(
+		strings.ToLower(string(s)),
+	)
+}
+
+// UnsupportedSchemeError is used to indicate that a particular HTTP Authorization
+// scheme is not supported by the server.
+type UnsupportedSchemeError struct {
+	Scheme Scheme
+}
+
+// StatusCode marks this error as using the http.StatusUnauthorized code.
+// This is appropriate for almost all cases, as this error occurs because
+// the server does not accept or understand the scheme that the
+// HTTP client supplied.
+func (use *UnsupportedSchemeError) StatusCode() int {
+	return http.StatusUnauthorized
+}
+
+func (use *UnsupportedSchemeError) Error() string {
+	var o strings.Builder
+	o.WriteString("Unsupported authorization scheme: ")
+	o.WriteString(string(use.Scheme))
+	return o.String()
+}