+3

Go/json/go.mod

··· 1 1 + module github.com/Tulkdan/Languages/Go/json 2 2 + 3 3 + go 1.23.2

+27

Go/json/server.go

··· 1 1 + package main 2 2 + 3 3 + import ( 4 4 + "crypto/subtle" 5 5 + "net/http" 6 6 + ) 7 7 + 8 8 + type BasicAuthCredentials struct { 9 9 + User string 10 10 + Password string 11 11 + } 12 12 + 13 13 + func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredentials) http.HandlerFunc { 14 14 + return func(w http.ResponseWriter, r *http.Request) { 15 15 + user, password, ok := r.BasicAuth() 16 16 + 17 17 + const noMatch = 0 18 18 + if !ok || user != credentials.User || subtle.ConstantTimeCompare([]byte(credentials.Password), []byte(password)) == noMatch { 19 19 + w.Header().Set("WWW-Authenticate", `Basic realm="Resctricted"`) 20 20 + w.WriteHeader(http.StatusUnauthorized) 21 21 + w.Write([]byte("invalid credentials")) 22 22 + return 23 23 + } 24 24 + 25 25 + next.ServeHTTP(w, r) 26 26 + } 27 27 + }

+72

Go/json/server_test.go

··· 1 1 + package main 2 2 + 3 3 + import ( 4 4 + "io" 5 5 + "net/http" 6 6 + "net/http/httptest" 7 7 + "testing" 8 8 + ) 9 9 + 10 10 + func Test_AuthWithValidPassword_Gives200(t *testing.T) { 11 11 + handler := func(w http.ResponseWriter, r *http.Request) { 12 12 + io.WriteString(w, "<html><body>Hello world!</body></html>") 13 13 + } 14 14 + w := httptest.NewRecorder() 15 15 + 16 16 + wantUser := "admin" 17 17 + wantPassword := "password" 18 18 + r := httptest.NewRequest(http.MethodGet, "http://localhost:8080", nil) 19 19 + r.SetBasicAuth(wantUser, wantPassword) 20 20 + 21 21 + wantCredentials := &BasicAuthCredentials{ 22 22 + User: wantUser, 23 23 + Password: wantPassword, 24 24 + } 25 25 + 26 26 + decorated := DecorateWithBasicAuth(handler, wantCredentials) 27 27 + decorated.ServeHTTP(w, r) 28 28 + 29 29 + wantCode := http.StatusOK 30 30 + 31 31 + if w.Code != wantCode { 32 32 + t.Fatalf("status code, want %d, got %d", wantCode, w.Code) 33 33 + } 34 34 + 35 35 + gotAuth := w.Header().Get("WWW-Authenticate") 36 36 + wantAuth := `` 37 37 + if gotAuth != wantAuth { 38 38 + t.Fatalf("WWW-Authenticate, want: %s, got: %s", wantAuth, gotAuth) 39 39 + } 40 40 + } 41 41 + 42 42 + func Test_AUthWithInvalidPassword_Gives403(t *testing.T) { 43 43 + handler := func(w http.ResponseWriter, r *http.Request) { 44 44 + io.WriteString(w, "<tml><body>Hello world!</body></html>") 45 45 + } 46 46 + w := httptest.NewRecorder() 47 47 + 48 48 + wantUser := "admin" 49 49 + wantPassword := "password" 50 50 + r := httptest.NewRequest(http.MethodGet, "http://localhost:8080", nil) 51 51 + r.SetBasicAuth(wantUser, wantPassword) 52 52 + 53 53 + wantCredentials := &BasicAuthCredentials{ 54 54 + User: wantUser, 55 55 + Password: "", 56 56 + } 57 57 + 58 58 + decorated := DecorateWithBasicAuth(handler, wantCredentials) 59 59 + decorated.ServeHTTP(w, r) 60 60 + 61 61 + wantCode := http.StatusUnauthorized 62 62 + 63 63 + if w.Code != wantCode { 64 64 + t.Fatalf("status code, want %d, got %d", wantCode, w.Code) 65 65 + } 66 66 + 67 67 + gotAuth := w.Header().Get("WWW-Authenticate") 68 68 + wantAuth := `Basic realm="Resctricted"` 69 69 + if gotAuth != wantAuth { 70 70 + t.Fatalf("WWW-Authenticate, want: %s, got: %s", wantAuth, gotAuth) 71 71 + } 72 72 + }