mirror of
https://github.com/OffchainLabs/prysm.git
synced 2026-01-06 20:13:59 -05:00
2fd6bd8150
* Ran gopls modernize to fix everything go run golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest -fix -test ./... * Override rules_go provided dependency for golang.org/x/tools to v0.38.0. To update this, checked out rules_go, then ran `bazel run //go/tools/releaser -- upgrade-dep -mirror=false org_golang_x_tools` and copied the patches. * Fix buildtag violations and ignore buildtag violations in external * Introduce modernize analyzer package. * Add modernize "any" analyzer. * Fix violations of any analyzer * Add modernize "appendclipped" analyzer. * Fix violations of appendclipped * Add modernize "bloop" analyzer. * Add modernize "fmtappendf" analyzer. * Add modernize "forvar" analyzer. * Add modernize "mapsloop" analyzer. * Add modernize "minmax" analyzer. * Fix violations of minmax analyzer * Add modernize "omitzero" analyzer. * Add modernize "rangeint" analyzer. * Fix violations of rangeint. * Add modernize "reflecttypefor" analyzer. * Fix violations of reflecttypefor analyzer. * Add modernize "slicescontains" analyzer. * Add modernize "slicessort" analyzer. * Add modernize "slicesdelete" analyzer. This is disabled by default for now. See https://go.dev/issue/73686. * Add modernize "stringscutprefix" analyzer. * Add modernize "stringsbuilder" analyzer. * Fix violations of stringsbuilder analyzer. * Add modernize "stringsseq" analyzer. * Add modernize "testingcontext" analyzer. * Add modernize "waitgroup" analyzer. * Changelog fragment * gofmt * gazelle * Add modernize "newexpr" analyzer. * Disable newexpr until go1.26 * Add more details in WORKSPACE on how to update the override * @nalepae feedback on min() * gofmt * Fix violations of forvar
142 lines
4.4 KiB
Go
142 lines
4.4 KiB
Go
package network
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
|
|
"github.com/OffchainLabs/prysm/v7/testing/require"
|
|
"github.com/golang-jwt/jwt/v4"
|
|
)
|
|
|
|
func TestJWTAuthTransport(t *testing.T) {
|
|
secret := bytesutil.PadTo([]byte("foo"), 32)
|
|
authTransport := &jwtTransport{
|
|
underlyingTransport: http.DefaultTransport,
|
|
jwtSecret: secret,
|
|
}
|
|
client := &http.Client{
|
|
Timeout: DefaultRPCHTTPTimeout,
|
|
Transport: authTransport,
|
|
}
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
reqToken := r.Header.Get("Authorization")
|
|
splitToken := strings.Split(reqToken, "Bearer")
|
|
// The format should be `Bearer ${token}`.
|
|
require.Equal(t, 2, len(splitToken))
|
|
reqToken = strings.TrimSpace(splitToken[1])
|
|
token, err := jwt.Parse(reqToken, func(token *jwt.Token) (any, error) {
|
|
// We should be doing HMAC signing.
|
|
_, ok := token.Method.(*jwt.SigningMethodHMAC)
|
|
require.Equal(t, true, ok)
|
|
return secret, nil
|
|
})
|
|
require.NoError(t, err)
|
|
require.Equal(t, true, token.Valid)
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
require.Equal(t, true, ok)
|
|
item, ok := claims["iat"]
|
|
require.Equal(t, true, ok)
|
|
iat, ok := item.(float64)
|
|
require.Equal(t, true, ok)
|
|
issuedAt := time.Unix(int64(iat), 0)
|
|
// The claims should have an "iat" field (issued at) that is at most, 5 seconds ago.
|
|
since := time.Since(issuedAt)
|
|
require.Equal(t, true, since <= time.Second*5)
|
|
}))
|
|
defer srv.Close()
|
|
_, err := client.Get(srv.URL)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestJWTWithId(t *testing.T) {
|
|
secret := bytesutil.PadTo([]byte("foo"), 32)
|
|
jwtId := "abc"
|
|
authTransport := &jwtTransport{
|
|
underlyingTransport: http.DefaultTransport,
|
|
jwtSecret: secret,
|
|
jwtId: jwtId,
|
|
}
|
|
client := &http.Client{
|
|
Timeout: DefaultRPCHTTPTimeout,
|
|
Transport: authTransport,
|
|
}
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
reqToken := r.Header.Get("Authorization")
|
|
splitToken := strings.Split(reqToken, "Bearer")
|
|
// The format should be `Bearer ${token}`.
|
|
require.Equal(t, 2, len(splitToken))
|
|
reqToken = strings.TrimSpace(splitToken[1])
|
|
token, err := jwt.Parse(reqToken, func(token *jwt.Token) (any, error) {
|
|
// We should be doing HMAC signing.
|
|
_, ok := token.Method.(*jwt.SigningMethodHMAC)
|
|
require.Equal(t, true, ok)
|
|
return secret, nil
|
|
})
|
|
require.NoError(t, err)
|
|
require.Equal(t, true, token.Valid)
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
require.Equal(t, true, ok)
|
|
item, ok := claims["iat"]
|
|
require.Equal(t, true, ok)
|
|
iat, ok := item.(float64)
|
|
require.Equal(t, true, ok)
|
|
issuedAt := time.Unix(int64(iat), 0)
|
|
// The claims should have an "iat" field (issued at) that is at most, 5 seconds ago.
|
|
since := time.Since(issuedAt)
|
|
require.Equal(t, true, since <= time.Second*5)
|
|
// check jwt claims id
|
|
id, ok := claims["id"]
|
|
require.Equal(t, true, ok)
|
|
require.Equal(t, id, jwtId)
|
|
}))
|
|
defer srv.Close()
|
|
_, err := client.Get(srv.URL)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestJWTWithoutId(t *testing.T) {
|
|
secret := bytesutil.PadTo([]byte("foo"), 32)
|
|
authTransport := &jwtTransport{
|
|
underlyingTransport: http.DefaultTransport,
|
|
jwtSecret: secret,
|
|
}
|
|
client := &http.Client{
|
|
Timeout: DefaultRPCHTTPTimeout,
|
|
Transport: authTransport,
|
|
}
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
reqToken := r.Header.Get("Authorization")
|
|
splitToken := strings.Split(reqToken, "Bearer")
|
|
// The format should be `Bearer ${token}`.
|
|
require.Equal(t, 2, len(splitToken))
|
|
reqToken = strings.TrimSpace(splitToken[1])
|
|
token, err := jwt.Parse(reqToken, func(token *jwt.Token) (any, error) {
|
|
// We should be doing HMAC signing.
|
|
_, ok := token.Method.(*jwt.SigningMethodHMAC)
|
|
require.Equal(t, true, ok)
|
|
return secret, nil
|
|
})
|
|
require.NoError(t, err)
|
|
require.Equal(t, true, token.Valid)
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
require.Equal(t, true, ok)
|
|
item, ok := claims["iat"]
|
|
require.Equal(t, true, ok)
|
|
iat, ok := item.(float64)
|
|
require.Equal(t, true, ok)
|
|
issuedAt := time.Unix(int64(iat), 0)
|
|
// The claims should have an "iat" field (issued at) that is at most, 5 seconds ago.
|
|
since := time.Since(issuedAt)
|
|
require.Equal(t, true, since <= time.Second*5)
|
|
_, ok = claims["id"]
|
|
require.Equal(t, false, ok)
|
|
}))
|
|
defer srv.Close()
|
|
_, err := client.Get(srv.URL)
|
|
require.NoError(t, err)
|
|
}
|