diff --git a/controllers/networkHttpController.go b/controllers/networkHttpController.go index 431c2e86..d9f0e260 100644 --- a/controllers/networkHttpController.go +++ b/controllers/networkHttpController.go @@ -40,48 +40,54 @@ func networkHandlers(r *mux.Router) { func securityCheck(next http.Handler) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var errorResponse = models.ErrorResponse{ - Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.", + Code: http.StatusUnauthorized, Message: "W1R3: It's not you it's me.", } var params = mux.Vars(r) - hasnetwork := params["networkname"] != "" - networkexists, err := functions.NetworkExists(params["networkname"]) + bearerToken := r.Header.Get("Authorization") + err := SecurityCheck(params["networkname"], bearerToken) if err != nil { - returnErrorResponse(w, r, formatError(err, "internal")) - return - } else if hasnetwork && !networkexists { - errorResponse = models.ErrorResponse{ - Code: http.StatusNotFound, Message: "W1R3: This network does not exist.", - } + errorResponse.Message = err.Error() returnErrorResponse(w, r, errorResponse) return - } else { - - bearerToken := r.Header.Get("Authorization") - - var hasBearer = true - var tokenSplit = strings.Split(bearerToken, " ") - var authToken = "" - - if len(tokenSplit) < 2 { - hasBearer = false - } else { - authToken = tokenSplit[1] - } - //all endpoints here require master so not as complicated - //still might not be a good way of doing this - if !hasBearer || !authenticateMaster(authToken) { - errorResponse = models.ErrorResponse{ - Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.", - } - returnErrorResponse(w, r, errorResponse) - return - } else { - next.ServeHTTP(w, r) - } } + next.ServeHTTP(w, r) } } +func SecurityCheck(netname, token string) error { + hasnetwork := netname != "" + networkexists, err := functions.NetworkExists(netname) + if err != nil { + return err + } + if hasnetwork && !networkexists { + //errorResponse = models.ErrorResponse{ + // Code: http.StatusNotFound, Message: "W1R3: This network does not exist.", + //} + //returnErrorResponse(w, r, errorResponse) + return errors.New("This network does not exist") + } + + var hasBearer = true + var tokenSplit = strings.Split(token, " ") + var authToken = "" + + if len(tokenSplit) < 2 { + hasBearer = false + } else { + authToken = tokenSplit[1] + } + //all endpoints here require master so not as complicated + //still might not be a good way of doing this + if !hasBearer || !authenticateMaster(authToken) { + //errorResponse = models.ErrorResponse{ + // Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.", + // } + // returnErrorResponse(w, r, errorResponse) + return errors.New("You are unauthorized to access this endpoint") + } //else { + return nil +} //Consider a more secure way of setting master key func authenticateMaster(tokenString string) bool { diff --git a/controllers/networkHttpController_test.go b/controllers/networkHttpController_test.go index b5a1fc9a..ed4e9f8b 100644 --- a/controllers/networkHttpController_test.go +++ b/controllers/networkHttpController_test.go @@ -74,6 +74,18 @@ func TestGetDeleteNetwork(t *testing.T) { }) } func TestGetNetwork(t *testing.T) { + createNet() + t.Run("NoNetwork", func(t *testing.T) { + network, err := GetNetwork("badnet") + assert.NotNil(t, err) + assert.Equal(t, "mongo: no documents in result", err.Error()) + assert.Equal(t, models.Network{}, network) + }) + t.Run("Valid", func(t *testing.T) { + network, err := GetNetwork("skynet") + assert.Nil(t, err) + assert.Equal(t, "skynet", network.NetID) + }) } func TestUpdateNetwork(t *testing.T) { } diff --git a/test/network_test.go b/test/network_test.go index b6788626..8a7ae6c5 100644 --- a/test/network_test.go +++ b/test/network_test.go @@ -26,7 +26,7 @@ func TestCreateNetwork(t *testing.T) { err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) t.Run("CreateNetwork", func(t *testing.T) { response, err := api(t, network, http.MethodPost, baseURL+"/api/networks", "secretkey") @@ -73,7 +73,7 @@ func TestGetNetworks(t *testing.T) { assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, response.StatusCode) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) } @@ -99,7 +99,7 @@ func TestGetNetwork(t *testing.T) { assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, response.StatusCode) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) t.Run("InvalidNetwork", func(t *testing.T) { response, err := api(t, "", http.MethodGet, baseURL+"/api/networks/badnetwork", "secretkey") @@ -108,8 +108,8 @@ func TestGetNetwork(t *testing.T) { var message models.ErrorResponse err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) - assert.Equal(t, "W1R3: This network does not exist.", message.Message) - assert.Equal(t, http.StatusNotFound, response.StatusCode) + assert.Equal(t, "This network does not exist", message.Message) + assert.Equal(t, http.StatusUnauthorized, response.StatusCode) }) } @@ -125,7 +125,7 @@ func TestDeleteNetwork(t *testing.T) { assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, response.StatusCode) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) t.Run("Badnetwork", func(t *testing.T) { response, err := api(t, "", http.MethodDelete, baseURL+"/api/networks/badnetwork", "secretkey") @@ -134,8 +134,8 @@ func TestDeleteNetwork(t *testing.T) { var message models.ErrorResponse err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) - assert.Equal(t, "W1R3: This network does not exist.", message.Message) - assert.Equal(t, http.StatusNotFound, response.StatusCode) + assert.Equal(t, "This network does not exist", message.Message) + assert.Equal(t, http.StatusUnauthorized, response.StatusCode) }) t.Run("NodesExist", func(t *testing.T) { setup(t) @@ -222,7 +222,7 @@ func TestCreateKey(t *testing.T) { err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) t.Run("Badnetwork", func(t *testing.T) { response, err := api(t, key, http.MethodPost, baseURL+"/api/networks/badnetwork/keys", "secretkey") @@ -231,8 +231,8 @@ func TestCreateKey(t *testing.T) { var message models.ErrorResponse err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) - assert.Equal(t, "W1R3: This network does not exist.", message.Message) - assert.Equal(t, http.StatusNotFound, response.StatusCode) + assert.Equal(t, "This network does not exist", message.Message) + assert.Equal(t, http.StatusUnauthorized, response.StatusCode) }) } @@ -265,8 +265,8 @@ func TestDeleteKey(t *testing.T) { var message models.ErrorResponse err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) - assert.Equal(t, "W1R3: This network does not exist.", message.Message) - assert.Equal(t, http.StatusNotFound, response.StatusCode) + assert.Equal(t, "This network does not exist", message.Message) + assert.Equal(t, http.StatusUnauthorized, response.StatusCode) }) t.Run("InvalidCredentials", func(t *testing.T) { response, err := api(t, "", http.MethodDelete, baseURL+"/api/networks/skynet/keys/skynet", "badkey") @@ -277,7 +277,7 @@ func TestDeleteKey(t *testing.T) { err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) } @@ -302,8 +302,8 @@ func TestGetKeys(t *testing.T) { var message models.ErrorResponse err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) - assert.Equal(t, "W1R3: This network does not exist.", message.Message) - assert.Equal(t, http.StatusNotFound, response.StatusCode) + assert.Equal(t, "This network does not exist", message.Message) + assert.Equal(t, http.StatusUnauthorized, response.StatusCode) }) t.Run("InvalidCredentials", func(t *testing.T) { response, err := api(t, "", http.MethodGet, baseURL+"/api/networks/skynet/keys", "badkey") @@ -314,7 +314,7 @@ func TestGetKeys(t *testing.T) { err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) assert.Equal(t, http.StatusUnauthorized, message.Code) - assert.Equal(t, "W1R3: You are unauthorized to access this endpoint.", message.Message) + assert.Equal(t, "You are unauthorized to access this endpoint", message.Message) }) } @@ -351,9 +351,9 @@ func TestUpdateNetwork(t *testing.T) { var message models.ErrorResponse err = json.NewDecoder(response.Body).Decode(&message) assert.Nil(t, err, err) - assert.Equal(t, http.StatusNotFound, message.Code) - assert.Equal(t, "W1R3: This network does not exist.", message.Message) - assert.Equal(t, http.StatusNotFound, response.StatusCode) + assert.Equal(t, http.StatusUnauthorized, message.Code) + assert.Equal(t, "This network does not exist", message.Message) + assert.Equal(t, http.StatusUnauthorized, response.StatusCode) }) t.Run("UpdateAddress", func(t *testing.T) { type Network struct {