Client code, streamlined handler examples

Author: yaronf

client.go

@@ -0,0 +1,107 @@
+package httpsign
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+)
+
+// Client represents an HTTP client that optionally signs requests and optionally verifies responses.
+// The signer may be nil to avoid signing, and so forth.
+// The fetchVerifier callback allows to generate a verifier based on the particular response.
+// Either verifier or fetchVerifier may be specified, but not both.
+// The client embeds an http.Client, which may be http.DefaultClient or any other.
+type Client struct {
+	sigName       string
+	signer        *Signer
+	verifier      *Verifier
+	fetchVerifier func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier)
+	http.Client
+}
+
+// NewClient constructs a new client, with the flexibility of including a custom http.Client.
+func NewClient(sigName string, signer *Signer, verifier *Verifier, fetchVerifier func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier), client http.Client) *Client {
+	return &Client{sigName: sigName, signer: signer, verifier: verifier, fetchVerifier: fetchVerifier, Client: client}
+}
+
+// NewDefaultClient constructs a new client, based on the http.DefaultClient.
+func NewDefaultClient(sigName string, signer *Signer, verifier *Verifier, fetchVerifier func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier)) *Client {
+	return NewClient(sigName, signer, verifier, fetchVerifier, *http.DefaultClient)
+}
+
+func validateClient(c *Client) error {
+	if c == nil {
+		return fmt.Errorf("nil client")
+	}
+	if c.verifier != nil && c.fetchVerifier != nil {
+		return fmt.Errorf("at most one of \"verifier\" and \"fetchVerifier\" must be set")
+	}
+	return nil
+}
+
+// Do sends an http.Request, with optional signing and/or verification. Errors may be produced by any of
+// these operations.
+func (c *Client) Do(req *http.Request) (*http.Response, error) {
+	if err := validateClient(c); err != nil {
+		return nil, err
+	}
+	if c.signer != nil {
+		sigInput, sig, err := SignRequest(c.sigName, *c.signer, req)
+		if err != nil {
+			return nil, fmt.Errorf("failed to sign request: %v", err)
+		}
+		req.Header.Add("Signature", sig)
+		req.Header.Add("Signature-Input", sigInput)
+	}
+
+	// Send the request, receive response
+	res, err := c.Client.Do(req)
+	if err != nil {
+		return res, err
+	}
+
+	if c.verifier != nil {
+		_, err := VerifyResponse(c.sigName, *c.verifier, res)
+		if err != nil {
+			return nil, err
+		}
+	} else if c.fetchVerifier != nil {
+		sigName, verifier := c.fetchVerifier(res, req)
+		if err != nil {
+			return nil, err
+		}
+		_, err := VerifyResponse(sigName, *verifier, res)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return res, nil
+}
+
+// Get sends an HTTP GET, a wrapper for Do.
+func (c *Client) Get(url string) (res *http.Response, err error) {
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	return c.Do(req)
+}
+
+// Head sends an HTTP HEAD, a wrapper for Do.
+func (c *Client) Head(url string) (res *http.Response, err error) {
+	req, err := http.NewRequest("HEAD", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	return c.Do(req)
+}
+
+// Post sends an HTTP POST, a wrapper for Do.
+func (c *Client) Post(url, contentType string, body io.Reader) (res *http.Response, err error) {
+	req, err := http.NewRequest("POST", url, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", contentType)
+	return c.Do(req)
+}

client_test.go

@@ -0,0 +1,182 @@
+package httpsign
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"reflect"
+	"testing"
+)
+
+func TestClient_Get(t *testing.T) {
+	type fields struct {
+		sigName       string
+		signer        *Signer
+		verifier      *Verifier
+		fetchVerifier func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier)
+		Client        http.Client
+	}
+	type args struct {
+		url string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantRes string
+		wantErr bool
+	}{
+		{
+			name: "from Google",
+			fields: fields{
+				sigName: "sig1",
+				signer: func() *Signer {
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					return signer
+				}(),
+				verifier:      nil,
+				fetchVerifier: nil,
+				Client:        *http.DefaultClient,
+			},
+			args: args{
+				url: "",
+			},
+			wantRes: "200 OK",
+			wantErr: false,
+		},
+		{
+			name: "not found",
+			fields: fields{
+				sigName: "sig1",
+				signer: func() *Signer {
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					return signer
+				}(),
+				verifier:      nil,
+				fetchVerifier: nil,
+				Client:        *http.DefaultClient,
+			},
+			args: args{
+				url: "/thisaintaurl",
+			},
+			wantRes: "404 Not Found",
+			wantErr: false,
+		},
+		{
+			name: "bad signature name",
+			fields: fields{
+				sigName: "",
+				signer: func() *Signer {
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					return signer
+				}(),
+				verifier:      nil,
+				fetchVerifier: nil,
+				Client:        *http.DefaultClient,
+			},
+			args: args{
+				url: "",
+			},
+			wantRes: "",
+			wantErr: true,
+		},
+	}
+
+	simpleHandler := func(w http.ResponseWriter, r *http.Request) {
+		if r.RequestURI == "/" {
+			w.WriteHeader(200)
+		} else {
+			w.WriteHeader(404)
+		}
+		fmt.Fprintln(w, "Hey client, good to see ya")
+	}
+	ts := httptest.NewServer(http.HandlerFunc(simpleHandler))
+	defer ts.Close()
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Client{
+				sigName:       tt.fields.sigName,
+				signer:        tt.fields.signer,
+				verifier:      tt.fields.verifier,
+				fetchVerifier: tt.fields.fetchVerifier,
+				Client:        tt.fields.Client,
+			}
+			res, err := c.Get(ts.URL + tt.args.url)
+			var gotRes string
+			if res != nil {
+				gotRes = res.Status
+			}
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(gotRes, tt.wantRes) {
+				t.Errorf("Get() gotRes = %v, want %v", gotRes, tt.wantRes)
+			}
+		})
+	}
+}
+
+func TestClient_Head(t *testing.T) {
+	type fields struct {
+		sigName       string
+		signer        *Signer
+		verifier      *Verifier
+		fetchVerifier func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier)
+		Client        http.Client
+	}
+	type args struct {
+		url string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantRes string
+		wantErr bool
+	}{
+		{
+			name: "TLS",
+			fields: fields{
+				sigName: "sig1",
+				signer: func() *Signer {
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					return signer
+				}(),
+				verifier:      nil,
+				fetchVerifier: nil,
+				Client:        *http.DefaultClient,
+			},
+			args: args{
+				url: "https://www.google.com/",
+			},
+			wantRes: "200 OK",
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Client{
+				sigName:       tt.fields.sigName,
+				signer:        tt.fields.signer,
+				verifier:      tt.fields.verifier,
+				fetchVerifier: tt.fields.fetchVerifier,
+				Client:        tt.fields.Client,
+			}
+			res, err := c.Head(tt.args.url)
+			var gotRes string
+			if res != nil {
+				gotRes = res.Status
+			}
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Head() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(gotRes, tt.wantRes) {
+				t.Errorf("Head() gotRes = %v, want %v", gotRes, tt.wantRes)
+			}
+		})
+	}
+}