Merge pull request #1 from azuki774/add-workflows-test

add workflows
azuki774 · Aug 28, 2024 · 98ee961 · 98ee961
2 parents 8a021b1 + 0a66774
commit 98ee961
Show file tree

Hide file tree

Showing 8 changed files with 165 additions and 6 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,19 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - "**"
+  workflow_call:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: Build Docker Image
+        run: make build
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -0,0 +1,45 @@
+name: Build and Publish
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  build_and_push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+
+      - name: Set meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ghcr.io/azuki774/go-authenticator
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=semver,pattern=latest
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GH_ACCESS_TOKEN }}
+
+      - name: Docker Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: linux/amd64 #,linux/arm64
+          file: ./build/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,85 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - "**"
+  workflow_call:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.22.5
+      - uses: dominikh/[email protected]
+        with:
+          version: "2024.1"
+          install-go: false
+      - name: Test
+        run: make test
+
+  scenario-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+            go-version: 1.22.5
+
+      - name: Build
+        run: make bin
+
+      - name: Running Server
+        run: |
+          nohup build/bin/go-authenticator serve &> server.log &
+          sleep 5s
+        env:
+          HMAC_SECRET: mokomoko
+
+      - name: Scenario 1 (ping)
+        run: |
+          curl -i ${url} | grep "${want}"
+        env:
+          url: "http://localhost:8888/"
+          want: "HTTP/1.1 200 OK"
+
+      - name: Scenario 2 (/basic_login no password)
+        run: |
+          curl -i ${url} | grep "${want}"
+        env:
+          url: "http://localhost:8888/basic_login"
+          want: "HTTP/1.1 401 Unauthorized"
+
+      - name: Scenario 3 (/basic_login OK, save cookie)
+        run: |
+          curl -c cookie.txt -u user:pass -i ${url} | grep "${want}"
+        env:
+          url: "http://localhost:8888/basic_login"
+          want: "HTTP/1.1 200 OK"
+
+      - name: Scenario 4 (/auth_jwt_request NG)
+        run: |
+          curl -i ${url} | grep "${want}"
+        env:
+          url: "http://localhost:8888/auth_jwt_request"
+          want: "HTTP/1.1 401 Unauthorized"
+
+      - name: Scenario 5 (/auth_jwt_request OK, use cookie)
+        run: |
+          curl -b cookie.txt -i ${url} | grep "${want}"
+        env:
+          url: "http://localhost:8888/auth_jwt_request"
+          want: "HTTP/1.1 200 OK"
+
+      - name: Show Server log
+        run: cat server.log
+        if: ${{ ! cancelled() }}
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -19,5 +19,10 @@ RUN --mount=type=bind,target=. \
 
 FROM gcr.io/distroless/base-debian12 AS runner
 ENV TZ=Tokyo/Asia
+ARG CONF_FILE_SRC=deployment/default.toml
+
 COPY --from=builder /bin/go-authenticator /bin/go-authenticator
+COPY ${CONF_FILE_SRC} /opt/config.toml
+
+CMD ["-c", "/opt/config.toml"]
 ENTRYPOINT ["/bin/go-authenticator", "serve"]
diff --git a/cmd/go-authenticator/serve.go b/cmd/go-authenticator/serve.go
@@ -106,5 +106,5 @@ func init() {
 	// Cobra supports local flags which will only run when this command
 	// is called directly, e.g.:
 	// serveCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
-	serveCmd.Flags().StringVarP(&serveConfigPath, "config", "c", "deployment/config.toml", "config directory")
+	serveCmd.Flags().StringVarP(&serveConfigPath, "config", "c", "deployment/default.toml", "config directory")
 }
diff --git a/deployment/config.toml → deployment/default.toml b/deployment/config.toml → deployment/default.toml
@@ -1,10 +1,10 @@
 conf-version = 1
 
 # For CI Sample
-isser_name = "ci" # your isser name
+isser_name = "test" # your isser name
 
 # .htpasswd format
 basicauth = ["user:$2a$10$etIpH1oxl4Ky5koV2AzyYe42caqi/tvtme/UTwxA7lHlB2loLDOte"] # for Test -- user:pass
 
 server_port = 8888 # proxy server listen port
-token_lifetime = 60 # sec
+token_lifetime = 300 # sec
diff --git a/internal/authenticator/auth.go b/internal/authenticator/auth.go
@@ -54,6 +54,7 @@ func (a *Authenticator) CheckCookieJWT(r *http.Request) (ok bool, err error) {
 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
 		// Don't forget to validate the alg is what you expect:
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			zap.L().Error("unexpected signing method")
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
 
@@ -78,6 +79,7 @@ func (a *Authenticator) CheckCookieJWT(r *http.Request) (ok bool, err error) {
 		return false, err
 	}
 
+	zap.L().Info("check JWT ok")
 	return true, nil
 }
 
@@ -98,6 +100,7 @@ func (a *Authenticator) GenerateCookie(life int) (*http.Cookie, error) {
 		MaxAge: int(life), // life 秒後まで Cookie を保つ
 	}
 
+	zap.L().Info("generate JWT cookie")
 	return cookie, nil
 }
 

diff --git a/internal/server/server.go b/internal/server/server.go
@@ -36,6 +36,10 @@ type Authenticator interface {
 
 func (s Server) addHandler(r *chi.Mux) {
 	r.Use(middleware.Logger)
+	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("OK"))
+	})
+
 	r.Get("/auth_jwt_request", func(w http.ResponseWriter, r *http.Request) {
 		ok, err := s.Authenticator.CheckCookieJWT(r)
 		if err != nil {
@@ -48,7 +52,6 @@ func (s Server) addHandler(r *chi.Mux) {
 		}
 
 		// auth ok
-		return
 	})
 
 	r.Get("/basic_login", func(w http.ResponseWriter, r *http.Request) {
@@ -67,8 +70,7 @@ func (s Server) addHandler(r *chi.Mux) {
 		}
 
 		http.SetCookie(w, cookie)
-		zap.L().Info("generate JWT cookie")
-		return
+		zap.L().Info("set Cookie")
 	})
 }