implement the Iris Crypto Library for Request Authentication and Verification. With Examples and Tests.

Relative to this one as well: https://github.com/kataras/iris/issues/1200 Former-commit-id: 3a29e7398b7fdeb9b48a118b742d419d5681d56b
2026-01-05 19:27:05 +00:00 · 2019-07-02 19:19:43 +03:00
parent 35389c6ef8
commit 9dbb300d9b
12 changed files with 992 additions and 2 deletions
--- a/crypto/json_test.go
+++ b/crypto/json_test.go
@@ -0,0 +1,114 @@
+package crypto
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestJSONSignAndVerify(t *testing.T) {
+	type testJSON struct {
+		Key   string `json:"key"`
+		Value string `json:"value"`
+	}
+
+	signHandler := func(w http.ResponseWriter, r *http.Request) {
+		ticket, err := SignJSON(testPrivateKey, r.Body)
+		if err != nil {
+			// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422
+			w.WriteHeader(http.StatusUnprocessableEntity)
+			return
+		}
+
+		b, err := json.Marshal(ticket)
+		if err != nil {
+			t.Fatal(err)
+		}
+		w.Write(b)
+		// or
+		// fmt.Fprintf(w, "%s", ticket.Signature)
+		// to send just the signature.
+	}
+
+	verifyHandler := func(w http.ResponseWriter, r *http.Request) {
+		publicKey := testPublicKey
+		if r.URL.Path == "/verify/otherkey" {
+			// test with other, generated, public key.
+			publicKey = &MustGenerateKey().PublicKey
+		}
+
+		var payload testJSON
+		ok, err := VerifyJSON(publicKey, r.Body, &payload)
+		if err != nil {
+			t.Fatal(err)
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+
+		if !ok {
+			w.WriteHeader(http.StatusUnprocessableEntity) // or forbidden or unauthorized.
+			return
+		}
+
+		// re-send the payload.
+		b, err := json.Marshal(payload)
+		if err != nil {
+			t.Fatal(err)
+		}
+		w.Write(b)
+	}
+
+	// Looks like this:
+	// {"key":"mykey","value":"myvalue"}
+	testPayload := testJSON{"mykey", "myvalue"}
+	payload, _ := json.Marshal(testPayload)
+	t.Logf("signing: sending payload: %s", payload)
+
+	signRequest := httptest.NewRequest("POST", "/sign", bytes.NewBuffer(payload))
+	signRec := httptest.NewRecorder()
+	signHandler(signRec, signRequest)
+
+	gotTicketPayload, _ := ioutil.ReadAll(signRec.Body)
+
+	// Looks like this:
+	// {
+	//	"signature": "D4PF6Hc0CrsO6MXAPxsLdhrVLKdmUOsN3Qm/Dr1y8yS80FQSgpU8Frr81fAJSKNwwW3dHhpoYvRi0t04MrukOQ==",
+	//	"payload": {"key":"mykey","value":"myvalue"}
+	// }
+	t.Logf("verification: sending ticket: %s", gotTicketPayload)
+	verifyRequest := httptest.NewRequest("POST", "/verify", bytes.NewBuffer(gotTicketPayload))
+	verifyRec := httptest.NewRecorder()
+	verifyHandler(verifyRec, verifyRequest)
+	verifyRequest.Body.Close()
+
+	if expected, got := http.StatusOK, verifyRec.Code; expected != got {
+		t.Fatalf("verification: expected status code: %d but got: %d", expected, got)
+	}
+
+	gotPayload, err := ioutil.ReadAll(verifyRec.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(payload, gotPayload) {
+		t.Fatalf("verification: expected payload: '%s' but got: '%s'", payload, gotTicketPayload)
+	}
+
+	// test the same payload, with the same signature but with other public key (see handler checks the path for that).
+	t.Logf("verification: sending the same ticket which should not be verified due to a different key pair...")
+	verifyRequest = httptest.NewRequest("POST", "/verify/otherkey", bytes.NewBuffer(gotTicketPayload))
+	verifyRec = httptest.NewRecorder()
+	verifyHandler(verifyRec, verifyRequest)
+	verifyRequest.Body.Close()
+
+	if expected, got := http.StatusUnprocessableEntity, verifyRec.Code; expected != got {
+		t.Fatalf("verification: expected status code: %d but got: %d", expected, got)
+	}
+
+	gotPayload, _ = ioutil.ReadAll(verifyRec.Body)
+	if len(gotPayload) > 0 {
+		t.Fatalf("verification should fail and no payload should return but got: '%s'", gotPayload)
+	}
+}