217 lines
5.5 KiB
Go
217 lines
5.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"encoding/json"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/golang-jwt/jwt/v5"
|
|
"github.com/stretchr/testify/assert"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func createTestToken(secret string, claims jwt.MapClaims) string {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
signedToken, _ := token.SignedString([]byte(secret))
|
|
return signedToken
|
|
}
|
|
|
|
func TestAuthMiddleware(t *testing.T) {
|
|
jwtSecret := "test-secret"
|
|
|
|
testCases := []struct {
|
|
name string
|
|
setupAuth func(*http.Request)
|
|
expectedStatus int
|
|
expectedBody map[string]string
|
|
checkUserData bool
|
|
expectedUserID string
|
|
expectedRole string
|
|
}{
|
|
{
|
|
name: "No Authorization header",
|
|
setupAuth: func(req *http.Request) {},
|
|
expectedStatus: http.StatusUnauthorized,
|
|
expectedBody: map[string]string{"error": "Authorization header is required"},
|
|
},
|
|
{
|
|
name: "Invalid Authorization format",
|
|
setupAuth: func(req *http.Request) {
|
|
req.Header.Set("Authorization", "InvalidFormat")
|
|
},
|
|
expectedStatus: http.StatusUnauthorized,
|
|
expectedBody: map[string]string{"error": "Authorization header format must be Bearer {token}"},
|
|
},
|
|
{
|
|
name: "Invalid token",
|
|
setupAuth: func(req *http.Request) {
|
|
req.Header.Set("Authorization", "Bearer invalid.token.here")
|
|
},
|
|
expectedStatus: http.StatusUnauthorized,
|
|
expectedBody: map[string]string{"error": "Invalid token"},
|
|
},
|
|
{
|
|
name: "Valid token",
|
|
setupAuth: func(req *http.Request) {
|
|
claims := jwt.MapClaims{
|
|
"sub": "user123",
|
|
"role": "user",
|
|
"exp": time.Now().Add(time.Hour).Unix(),
|
|
}
|
|
token := createTestToken(jwtSecret, claims)
|
|
req.Header.Set("Authorization", "Bearer "+token)
|
|
},
|
|
expectedStatus: http.StatusOK,
|
|
checkUserData: true,
|
|
expectedUserID: "user123",
|
|
expectedRole: "user",
|
|
},
|
|
{
|
|
name: "Expired token",
|
|
setupAuth: func(req *http.Request) {
|
|
claims := jwt.MapClaims{
|
|
"sub": "user123",
|
|
"role": "user",
|
|
"exp": time.Now().Add(-time.Hour).Unix(),
|
|
}
|
|
token := createTestToken(jwtSecret, claims)
|
|
req.Header.Set("Authorization", "Bearer "+token)
|
|
},
|
|
expectedStatus: http.StatusUnauthorized,
|
|
expectedBody: map[string]string{"error": "Invalid token"},
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
router := gin.New()
|
|
|
|
// 添加认证中间件
|
|
router.Use(AuthMiddleware(jwtSecret))
|
|
|
|
// 测试路由
|
|
router.GET("/test", func(c *gin.Context) {
|
|
if tc.checkUserData {
|
|
userID, exists := c.Get("user_id")
|
|
assert.True(t, exists)
|
|
assert.Equal(t, tc.expectedUserID, userID)
|
|
|
|
role, exists := c.Get("user_role")
|
|
assert.True(t, exists)
|
|
assert.Equal(t, tc.expectedRole, role)
|
|
}
|
|
c.Status(http.StatusOK)
|
|
})
|
|
|
|
// 创建请求
|
|
req := httptest.NewRequest("GET", "/test", nil)
|
|
tc.setupAuth(req)
|
|
rec := httptest.NewRecorder()
|
|
|
|
// 执行请求
|
|
router.ServeHTTP(rec, req)
|
|
|
|
// 验证响应
|
|
assert.Equal(t, tc.expectedStatus, rec.Code)
|
|
|
|
if tc.expectedBody != nil {
|
|
var response map[string]string
|
|
err := json.NewDecoder(rec.Body).Decode(&response)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, tc.expectedBody, response)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestRoleMiddleware(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
setupContext func(*gin.Context)
|
|
allowedRoles []string
|
|
expectedStatus int
|
|
expectedBody map[string]string
|
|
}{
|
|
{
|
|
name: "No user role",
|
|
setupContext: func(c *gin.Context) {
|
|
// 不设置用户角色
|
|
},
|
|
allowedRoles: []string{"admin"},
|
|
expectedStatus: http.StatusUnauthorized,
|
|
expectedBody: map[string]string{"error": "User role not found"},
|
|
},
|
|
{
|
|
name: "Invalid role type",
|
|
setupContext: func(c *gin.Context) {
|
|
c.Set("user_role", 123) // 设置错误类型的角色
|
|
},
|
|
allowedRoles: []string{"admin"},
|
|
expectedStatus: http.StatusInternalServerError,
|
|
expectedBody: map[string]string{"error": "Invalid user role type"},
|
|
},
|
|
{
|
|
name: "Insufficient permissions",
|
|
setupContext: func(c *gin.Context) {
|
|
c.Set("user_role", "user")
|
|
},
|
|
allowedRoles: []string{"admin"},
|
|
expectedStatus: http.StatusForbidden,
|
|
expectedBody: map[string]string{"error": "Insufficient permissions"},
|
|
},
|
|
{
|
|
name: "Allowed role",
|
|
setupContext: func(c *gin.Context) {
|
|
c.Set("user_role", "admin")
|
|
},
|
|
allowedRoles: []string{"admin"},
|
|
expectedStatus: http.StatusOK,
|
|
},
|
|
{
|
|
name: "One of multiple allowed roles",
|
|
setupContext: func(c *gin.Context) {
|
|
c.Set("user_role", "editor")
|
|
},
|
|
allowedRoles: []string{"admin", "editor", "moderator"},
|
|
expectedStatus: http.StatusOK,
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
router := gin.New()
|
|
|
|
// 添加角色中间件
|
|
router.Use(func(c *gin.Context) {
|
|
tc.setupContext(c)
|
|
c.Next()
|
|
})
|
|
router.Use(RoleMiddleware(tc.allowedRoles...))
|
|
|
|
// 测试路由
|
|
router.GET("/test", func(c *gin.Context) {
|
|
c.Status(http.StatusOK)
|
|
})
|
|
|
|
// 创建请求
|
|
req := httptest.NewRequest("GET", "/test", nil)
|
|
rec := httptest.NewRecorder()
|
|
|
|
// 执行请求
|
|
router.ServeHTTP(rec, req)
|
|
|
|
// 验证响应
|
|
assert.Equal(t, tc.expectedStatus, rec.Code)
|
|
|
|
if tc.expectedBody != nil {
|
|
var response map[string]string
|
|
err := json.NewDecoder(rec.Body).Decode(&response)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, tc.expectedBody, response)
|
|
}
|
|
})
|
|
}
|
|
}
|