diff --git a/infrastructure/ioc/providers/blog.go b/infrastructure/ioc/providers/blog.go index 30b7b819..a8f30a7d 100644 --- a/infrastructure/ioc/providers/blog.go +++ b/infrastructure/ioc/providers/blog.go @@ -73,6 +73,7 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" "github.com/khanzadimahdi/testproject/domain/password" + "github.com/khanzadimahdi/testproject/domain/permission" taskEvents "github.com/khanzadimahdi/testproject/domain/runner/task/events" translatorContract "github.com/khanzadimahdi/testproject/domain/translator" "github.com/khanzadimahdi/testproject/infrastructure/cache" @@ -345,12 +346,12 @@ func blog( mux.Handle("GET /api/articles/{uuid}", middleware.NewCacheMiddleware(articleAPI.NewShowHandler(getArticleUsecase), httpCache)) // comments - mux.Handle("POST /api/comments", middleware.NewAuthoriseMiddleware(commentAPI.NewCreateHandler(createCommentUseCase), jwt, userRepository)) + mux.Handle("POST /api/comments", middleware.NewAuthenticateMiddleware(commentAPI.NewCreateHandler(createCommentUseCase), jwt, userRepository)) mux.Handle("GET /api/comments", commentAPI.NewIndexHandler(getCommentsUseCase)) // bookmark - mux.Handle("POST /api/bookmarks/exists", middleware.NewAuthoriseMiddleware(bookmarkAPI.NewExistsHandler(bookmarkExistsUseCase), jwt, userRepository)) - mux.Handle("PUT /api/bookmarks", middleware.NewAuthoriseMiddleware(bookmarkAPI.NewUpdateHandler(updateABookmark), jwt, userRepository)) + mux.Handle("POST /api/bookmarks/exists", middleware.NewAuthenticateMiddleware(bookmarkAPI.NewExistsHandler(bookmarkExistsUseCase), jwt, userRepository)) + mux.Handle("PUT /api/bookmarks", middleware.NewAuthenticateMiddleware(bookmarkAPI.NewUpdateHandler(updateABookmark), jwt, userRepository)) // hashtags mux.Handle("GET /api/hashtags/{hashtag}", middleware.NewCacheMiddleware(hashtagAPI.NewShowHandler(getArticlesByHashtagUseCase), httpCache)) @@ -361,73 +362,73 @@ func blog( // ---- dashboard HTTP API ---- // profile - mux.Handle("GET /api/dashboard/profile", middleware.NewAuthoriseMiddleware(profile.NewGetProfileHandler(getProfileUseCase), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/profile", middleware.NewAuthoriseMiddleware(profile.NewUpdateProfileHandler(updateProfileUseCase), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/password", middleware.NewAuthoriseMiddleware(profile.NewChangePasswordHandler(dashboardProfileChangePasswordUseCase), jwt, userRepository)) - mux.Handle("GET /api/dashboard/profile/roles", middleware.NewAuthoriseMiddleware(profile.NewGetRolesHandler(dashboardProfileGetRolesUseCase), jwt, userRepository)) + mux.Handle("GET /api/dashboard/profile", middleware.NewAuthenticateMiddleware(profile.NewGetProfileHandler(getProfileUseCase), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/profile", middleware.NewAuthenticateMiddleware(profile.NewUpdateProfileHandler(updateProfileUseCase), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/password", middleware.NewAuthenticateMiddleware(profile.NewChangePasswordHandler(dashboardProfileChangePasswordUseCase), jwt, userRepository)) + mux.Handle("GET /api/dashboard/profile/roles", middleware.NewAuthenticateMiddleware(profile.NewGetRolesHandler(dashboardProfileGetRolesUseCase), jwt, userRepository)) // user - mux.Handle("POST /api/dashboard/users", middleware.NewAuthoriseMiddleware(dashboardUserAPI.NewCreateHandler(dashboardCreateUserUsecase, authorizer), jwt, userRepository)) - mux.Handle("DELETE /api/dashboard/users/{uuid}", middleware.NewAuthoriseMiddleware(dashboardUserAPI.NewDeleteHandler(dashboardDeleteUserUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/users", middleware.NewAuthoriseMiddleware(dashboardUserAPI.NewIndexHandler(dashboardGetUsersUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/users/{uuid}", middleware.NewAuthoriseMiddleware(dashboardUserAPI.NewShowHandler(dashboardGetUserUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/users", middleware.NewAuthoriseMiddleware(dashboardUserAPI.NewUpdateHandler(dashboardUpdateUserUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/users/password", middleware.NewAuthoriseMiddleware(dashboardUserAPI.NewChangePasswordHandler(dashboardUpdateUserChangePasswordUsecase, authorizer), jwt, userRepository)) + mux.Handle("POST /api/dashboard/users", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardUserAPI.NewCreateHandler(dashboardCreateUserUsecase), authorizer, permission.UsersCreate), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/users/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardUserAPI.NewDeleteHandler(dashboardDeleteUserUsecase), authorizer, permission.UsersDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/users", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardUserAPI.NewIndexHandler(dashboardGetUsersUsecase), authorizer, permission.UsersIndex), jwt, userRepository)) + mux.Handle("GET /api/dashboard/users/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardUserAPI.NewShowHandler(dashboardGetUserUsecase), authorizer, permission.UsersShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/users", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardUserAPI.NewUpdateHandler(dashboardUpdateUserUsecase), authorizer, permission.UsersUpdate), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/users/password", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardUserAPI.NewChangePasswordHandler(dashboardUpdateUserChangePasswordUsecase), authorizer, permission.UsersPasswordUpdate), jwt, userRepository)) // permissions - mux.Handle("GET /api/dashboard/permissions", middleware.NewAuthoriseMiddleware(dashboardPermissionAPI.NewIndexHandler(dashboardGetPermissionsUseCase, authorizer), jwt, userRepository)) + mux.Handle("GET /api/dashboard/permissions", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardPermissionAPI.NewIndexHandler(dashboardGetPermissionsUseCase), authorizer, permission.PermissionsIndex), jwt, userRepository)) // roles - mux.Handle("POST /api/dashboard/roles", middleware.NewAuthoriseMiddleware(dashboardRoleAPI.NewCreateHandler(dashboardCreateRoleUsecase, authorizer), jwt, userRepository)) - mux.Handle("DELETE /api/dashboard/roles/{uuid}", middleware.NewAuthoriseMiddleware(dashboardRoleAPI.NewDeleteHandler(dashboardDeleteRoleUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/roles", middleware.NewAuthoriseMiddleware(dashboardRoleAPI.NewIndexHandler(dashboardGetRolesUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/roles/{uuid}", middleware.NewAuthoriseMiddleware(dashboardRoleAPI.NewShowHandler(dashboardGetRoleUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/roles", middleware.NewAuthoriseMiddleware(dashboardRoleAPI.NewUpdateHandler(dashboardUpdateRoleUsecase, authorizer), jwt, userRepository)) + mux.Handle("POST /api/dashboard/roles", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardRoleAPI.NewCreateHandler(dashboardCreateRoleUsecase), authorizer, permission.RolesCreate), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/roles/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardRoleAPI.NewDeleteHandler(dashboardDeleteRoleUsecase), authorizer, permission.RolesDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/roles", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardRoleAPI.NewIndexHandler(dashboardGetRolesUsecase), authorizer, permission.RolesIndex), jwt, userRepository)) + mux.Handle("GET /api/dashboard/roles/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardRoleAPI.NewShowHandler(dashboardGetRoleUsecase), authorizer, permission.RolesShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/roles", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardRoleAPI.NewUpdateHandler(dashboardUpdateRoleUsecase), authorizer, permission.RolesUpdate), jwt, userRepository)) // articles - mux.Handle("POST /api/dashboard/articles", middleware.NewAuthoriseMiddleware(dashboardArticleAPI.NewCreateHandler(dashboardCreateArticleUsecase, authorizer), jwt, userRepository)) - mux.Handle("DELETE /api/dashboard/articles/{uuid}", middleware.NewAuthoriseMiddleware(dashboardArticleAPI.NewDeleteHandler(dashboardDeleteArticleUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/articles", middleware.NewAuthoriseMiddleware(dashboardArticleAPI.NewIndexHandler(dashboardGetArticlesUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/articles/{uuid}", middleware.NewAuthoriseMiddleware(dashboardArticleAPI.NewShowHandler(dashboardGetArticleUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/articles", middleware.NewAuthoriseMiddleware(dashboardArticleAPI.NewUpdateHandler(dashboardUpdateArticleUsecase, authorizer), jwt, userRepository)) + mux.Handle("POST /api/dashboard/articles", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardArticleAPI.NewCreateHandler(dashboardCreateArticleUsecase), authorizer, permission.ArticlesCreate), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/articles/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardArticleAPI.NewDeleteHandler(dashboardDeleteArticleUsecase), authorizer, permission.ArticlesDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/articles", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardArticleAPI.NewIndexHandler(dashboardGetArticlesUsecase), authorizer, permission.ArticlesIndex), jwt, userRepository)) + mux.Handle("GET /api/dashboard/articles/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardArticleAPI.NewShowHandler(dashboardGetArticleUsecase), authorizer, permission.ArticlesShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/articles", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardArticleAPI.NewUpdateHandler(dashboardUpdateArticleUsecase), authorizer, permission.ArticlesUpdate), jwt, userRepository)) // comments - mux.Handle("POST /api/dashboard/comments", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewCreateHandler(dashboardCreateCommentUsecase, authorizer), jwt, userRepository)) - mux.Handle("DELETE /api/dashboard/comments/{uuid}", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewDeleteHandler(dashboardDeleteCommentUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/comments", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewIndexHandler(dashboardGetCommentsUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/comments/{uuid}", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewShowHandler(dashboardGetCommentUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/comments", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewUpdateHandler(dashboardUpdateCommentUsecase, authorizer), jwt, userRepository)) + mux.Handle("POST /api/dashboard/comments", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewCreateHandler(dashboardCreateCommentUsecase), authorizer, permission.CommentsCreate), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/comments/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewDeleteHandler(dashboardDeleteCommentUsecase), authorizer, permission.CommentsDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/comments", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewIndexHandler(dashboardGetCommentsUsecase), authorizer, permission.CommentsIndex), jwt, userRepository)) + mux.Handle("GET /api/dashboard/comments/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewShowHandler(dashboardGetCommentUsecase), authorizer, permission.CommentsShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/comments", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewUpdateHandler(dashboardUpdateCommentUsecase), authorizer, permission.CommentsUpdate), jwt, userRepository)) // self comments - mux.Handle("DELETE /api/dashboard/my/comments/{uuid}", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewDeleteUserCommentHandler(dashboardDeleteUserCommentUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/my/comments", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewIndexUserCommentsHandler(dashboardGetUserCommentsUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/my/comments/{uuid}", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewShowUserCommentHandler(dashboardGetUserCommentUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/my/comments", middleware.NewAuthoriseMiddleware(dashboardCommentAPI.NewUpdateUserCommentHandler(dashboardUpdateUserCommentUsecase, authorizer), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/my/comments/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewDeleteUserCommentHandler(dashboardDeleteUserCommentUsecase), authorizer, permission.SelfCommentsDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/my/comments", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewIndexUserCommentsHandler(dashboardGetUserCommentsUsecase), authorizer, permission.SelfCommentsIndex), jwt, userRepository)) + mux.Handle("GET /api/dashboard/my/comments/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewShowUserCommentHandler(dashboardGetUserCommentUsecase), authorizer, permission.SelfCommentsShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/my/comments", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardCommentAPI.NewUpdateUserCommentHandler(dashboardUpdateUserCommentUsecase), authorizer, permission.SelfCommentsUpdate), jwt, userRepository)) // self bookmarks - mux.Handle("DELETE /api/dashboard/my/bookmarks", middleware.NewAuthoriseMiddleware(dashboardBookmarkAPI.NewDeleteUserBookmarkHandler(dashboardDeleteUserBookmarkUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/my/bookmarks", middleware.NewAuthoriseMiddleware(dashboardBookmarkAPI.NewIndexUserBookmarksHandler(dashboardGetUserBookmarksUsecase, authorizer), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/my/bookmarks", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardBookmarkAPI.NewDeleteUserBookmarkHandler(dashboardDeleteUserBookmarkUsecase), authorizer, permission.SelfBookmarksDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/my/bookmarks", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardBookmarkAPI.NewIndexUserBookmarksHandler(dashboardGetUserBookmarksUsecase), authorizer, permission.SelfBookmarksIndex), jwt, userRepository)) // files - mux.Handle("POST /api/dashboard/files", middleware.NewAuthoriseMiddleware(dashboardFileAPI.NewUploadHandler(dashboardUploadFileUseCase, authorizer), jwt, userRepository)) - mux.Handle("DELETE /api/dashboard/files/{uuid}", middleware.NewAuthoriseMiddleware(dashboardFileAPI.NewDeleteHandler(dashboardDeleteFileUseCase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/files", middleware.NewAuthoriseMiddleware(dashboardFileAPI.NewIndexHandler(dashboardGetFilesUseCase, authorizer), jwt, userRepository)) - mux.Handle("GET /dashboard/files/{uuid}", middleware.NewAuthoriseMiddleware(dashboardFileAPI.NewShowHandler(dashboardGetFileUseCase, authorizer), jwt, userRepository)) + mux.Handle("POST /api/dashboard/files", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardFileAPI.NewUploadHandler(dashboardUploadFileUseCase), authorizer, permission.FilesCreate), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/files/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardFileAPI.NewDeleteHandler(dashboardDeleteFileUseCase), authorizer, permission.FilesDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/files", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardFileAPI.NewIndexHandler(dashboardGetFilesUseCase), authorizer, permission.FilesIndex), jwt, userRepository)) + mux.Handle("GET /dashboard/files/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardFileAPI.NewShowHandler(dashboardGetFileUseCase), authorizer, permission.FilesShow), jwt, userRepository)) // self files - mux.Handle("DELETE /api/dashboard/my/files/{uuid}", middleware.NewAuthoriseMiddleware(dashboardFileAPI.NewDeleteUserHandler(dashboardDeleteUserFileUseCase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/my/files", middleware.NewAuthoriseMiddleware(dashboardFileAPI.NewIndexUserHandler(dashboardGetUserFilesUseCase, authorizer), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/my/files/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardFileAPI.NewDeleteUserHandler(dashboardDeleteUserFileUseCase), authorizer, permission.SelfFilesDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/my/files", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardFileAPI.NewIndexUserHandler(dashboardGetUserFilesUseCase), authorizer, permission.SelfFilesIndex), jwt, userRepository)) // elements - mux.Handle("POST /api/dashboard/elements", middleware.NewAuthoriseMiddleware(dashboardElementAPI.NewCreateHandler(dashboardCreateElementUsecase, authorizer), jwt, userRepository)) - mux.Handle("DELETE /api/dashboard/elements/{uuid}", middleware.NewAuthoriseMiddleware(dashboardElementAPI.NewDeleteHandler(dashboardDeleteElementUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/elements", middleware.NewAuthoriseMiddleware(dashboardElementAPI.NewIndexHandler(dashboardGetElementsUsecase, authorizer), jwt, userRepository)) - mux.Handle("GET /api/dashboard/elements/{uuid}", middleware.NewAuthoriseMiddleware(dashboardElementAPI.NewShowHandler(dashboardGetElementUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/elements", middleware.NewAuthoriseMiddleware(dashboardElementAPI.NewUpdateHandler(dashboardUpdateElementUsecase, authorizer), jwt, userRepository)) + mux.Handle("POST /api/dashboard/elements", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardElementAPI.NewCreateHandler(dashboardCreateElementUsecase), authorizer, permission.ElementsCreate), jwt, userRepository)) + mux.Handle("DELETE /api/dashboard/elements/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardElementAPI.NewDeleteHandler(dashboardDeleteElementUsecase), authorizer, permission.ElementsDelete), jwt, userRepository)) + mux.Handle("GET /api/dashboard/elements", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardElementAPI.NewIndexHandler(dashboardGetElementsUsecase), authorizer, permission.ElementsIndex), jwt, userRepository)) + mux.Handle("GET /api/dashboard/elements/{uuid}", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardElementAPI.NewShowHandler(dashboardGetElementUsecase), authorizer, permission.ElementsShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/elements", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardElementAPI.NewUpdateHandler(dashboardUpdateElementUsecase), authorizer, permission.ElementsUpdate), jwt, userRepository)) // config - mux.Handle("GET /api/dashboard/config", middleware.NewAuthoriseMiddleware(dashboardConfigAPI.NewShowHandler(dashboardGetConfigUsecase, authorizer), jwt, userRepository)) - mux.Handle("PUT /api/dashboard/config", middleware.NewAuthoriseMiddleware(dashboardConfigAPI.NewUpdateHandler(dashboardUpdateConfigUsecase, authorizer), jwt, userRepository)) + mux.Handle("GET /api/dashboard/config", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardConfigAPI.NewShowHandler(dashboardGetConfigUsecase), authorizer, permission.ConfigShow), jwt, userRepository)) + mux.Handle("PUT /api/dashboard/config", middleware.NewAuthenticateMiddleware(middleware.NewAuthorizeMiddleware(dashboardConfigAPI.NewUpdateHandler(dashboardUpdateConfigUsecase), authorizer, permission.ConfigUpdate), jwt, userRepository)) handler := middleware.NewCORSMiddleware(middleware.NewRateLimitMiddleware(mux, 600, 1*time.Minute)) diff --git a/presentation/http/api/dashboard/article/create.go b/presentation/http/api/dashboard/article/create.go index 38346f85..fdebce31 100644 --- a/presentation/http/api/dashboard/article/create.go +++ b/presentation/http/api/dashboard/article/create.go @@ -6,31 +6,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" createarticle "github.com/khanzadimahdi/testproject/application/dashboard/article/createArticle" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type createHandler struct { - useCase *createarticle.UseCase - authorizer domain.Authorizer + useCase *createarticle.UseCase } -func NewCreateHandler(useCase *createarticle.UseCase, a domain.Authorizer) *createHandler { +func NewCreateHandler(useCase *createarticle.UseCase) *createHandler { return &createHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *createHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ArticlesCreate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var request createarticle.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { diff --git a/presentation/http/api/dashboard/article/create_test.go b/presentation/http/api/dashboard/article/create_test.go index 17133640..bc8b432a 100644 --- a/presentation/http/api/dashboard/article/create_test.go +++ b/presentation/http/api/dashboard/article/create_test.go @@ -3,7 +3,6 @@ package article import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -16,7 +15,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/article" "github.com/khanzadimahdi/testproject/domain/author" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/articles" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -30,7 +28,6 @@ func TestCreateHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator r = createarticle.Request{ @@ -61,16 +58,13 @@ func TestCreateHandler(t *testing.T) { au = "article-uuid" ) - authorizer.On("Authorize", r.AuthorUUID, permission.ArticlesCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) articleRepository.On("Save", &a).Once().Return(au, nil) defer articleRepository.AssertExpectations(t) - handler := NewCreateHandler(createarticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) + handler := NewCreateHandler(createarticle.NewUseCase(&articleRepository, &requestValidator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -90,55 +84,11 @@ func TestCreateHandler(t *testing.T) { assert.Equal(t, http.StatusCreated, response.Code) }) - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - r = createarticle.Request{ - Title: "test title", - Excerpt: "test excerpt", - Body: "test body", - AuthorUUID: "test-author-uuid", - Tags: []string{"tag1", "tag2"}, - } - - u = user.User{ - UUID: r.AuthorUUID, - } - ) - - authorizer.On("Authorize", r.AuthorUUID, permission.ArticlesCreate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createarticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(r) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodGet, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - articleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - t.Run("validation failed", func(t *testing.T) { t.Parallel() var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{ @@ -146,9 +96,6 @@ func TestCreateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &createarticle.Request{AuthorUUID: u.UUID}).Once().Return(domain.ValidationErrors{ "body": "body is required", "excerpt": "excerpt is required", @@ -156,7 +103,7 @@ func TestCreateHandler(t *testing.T) { }) defer requestValidator.AssertExpectations(t) - handler := NewCreateHandler(createarticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) + handler := NewCreateHandler(createarticle.NewUseCase(&articleRepository, &requestValidator)) request := httptest.NewRequest(http.MethodGet, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -173,47 +120,4 @@ func TestCreateHandler(t *testing.T) { assert.JSONEq(t, string(expected), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - r = createarticle.Request{ - Title: "test title", - Excerpt: "test excerpt", - Body: "test body", - AuthorUUID: "test-author-uuid", - Tags: []string{"tag1", "tag2"}, - } - - u = user.User{ - UUID: r.AuthorUUID, - } - ) - - authorizer.On("Authorize", r.AuthorUUID, permission.ArticlesCreate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createarticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(r) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodGet, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - articleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/article/delete.go b/presentation/http/api/dashboard/article/delete.go index 9d6c2bbf..6b7cdc44 100644 --- a/presentation/http/api/dashboard/article/delete.go +++ b/presentation/http/api/dashboard/article/delete.go @@ -3,34 +3,20 @@ package article import ( "net/http" - "github.com/khanzadimahdi/testproject/application/auth" deletearticle "github.com/khanzadimahdi/testproject/application/dashboard/article/deleteArticle" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteHandler struct { - useCase *deletearticle.UseCase - authorizer domain.Authorizer + useCase *deletearticle.UseCase } -func NewDeleteHandler(useCase *deletearticle.UseCase, a domain.Authorizer) *deleteHandler { +func NewDeleteHandler(useCase *deletearticle.UseCase) *deleteHandler { return &deleteHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ArticlesDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") request := &deletearticle.Request{ ArticleUUID: UUID, diff --git a/presentation/http/api/dashboard/article/delete_test.go b/presentation/http/api/dashboard/article/delete_test.go index ad25b640..5687d1b6 100644 --- a/presentation/http/api/dashboard/article/delete_test.go +++ b/presentation/http/api/dashboard/article/delete_test.go @@ -1,18 +1,13 @@ package article import ( - "errors" "net/http" "net/http/httptest" "testing" "github.com/stretchr/testify/assert" - "github.com/khanzadimahdi/testproject/application/auth" deletearticle "github.com/khanzadimahdi/testproject/application/dashboard/article/deleteArticle" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" - "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/articles" ) @@ -24,24 +19,16 @@ func TestDeleteHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer r = deletearticle.Request{ArticleUUID: "article-uuid"} - u = user.User{ - UUID: "user-uuid", - } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - articleRepository.On("Delete", r.ArticleUUID).Return(nil) defer articleRepository.AssertExpectations(t) - handler := NewDeleteHandler(deletearticle.NewUseCase(&articleRepository), &authorizer) + handler := NewDeleteHandler(deletearticle.NewUseCase(&articleRepository)) request := httptest.NewRequest(http.MethodPost, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) request.SetPathValue("uuid", r.ArticleUUID) response := httptest.NewRecorder() @@ -50,66 +37,4 @@ func TestDeleteHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - r = deletearticle.Request{ArticleUUID: "article-uuid"} - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deletearticle.NewUseCase(&articleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", r.ArticleUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - articleRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - r = deletearticle.Request{ArticleUUID: "article-uuid"} - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deletearticle.NewUseCase(&articleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", r.ArticleUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - articleRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/article/index.go b/presentation/http/api/dashboard/article/index.go index dbacdae0..c2de389c 100644 --- a/presentation/http/api/dashboard/article/index.go +++ b/presentation/http/api/dashboard/article/index.go @@ -6,34 +6,20 @@ import ( "strconv" "unsafe" - "github.com/khanzadimahdi/testproject/application/auth" getarticles "github.com/khanzadimahdi/testproject/application/dashboard/article/getArticles" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexHandler struct { - useCase *getarticles.UseCase - authorizer domain.Authorizer + useCase *getarticles.UseCase } -func NewIndexHandler(useCase *getarticles.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getarticles.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ArticlesIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var page uint = 1 if r.URL.Query().Has("page") { parsedPage, err := strconv.ParseUint(r.URL.Query().Get("page"), 10, int(unsafe.Sizeof(page))) diff --git a/presentation/http/api/dashboard/article/index_test.go b/presentation/http/api/dashboard/article/index_test.go index c870aca3..c078c6d6 100644 --- a/presentation/http/api/dashboard/article/index_test.go +++ b/presentation/http/api/dashboard/article/index_test.go @@ -1,7 +1,6 @@ package article import ( - "errors" "net/http" "net/http/httptest" "os" @@ -10,12 +9,8 @@ import ( "github.com/stretchr/testify/assert" - "github.com/khanzadimahdi/testproject/application/auth" getarticles "github.com/khanzadimahdi/testproject/application/dashboard/article/getArticles" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/article" - "github.com/khanzadimahdi/testproject/domain/permission" - "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/articles" ) @@ -27,7 +22,6 @@ func TestIndexHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer publishedAt, _ = time.Parse(time.RFC3339, "2024-10-11T04:27:44Z") @@ -48,23 +42,15 @@ func TestIndexHandler(t *testing.T) { PublishedAt: publishedAt, }, } - - u = user.User{ - UUID: "user-uuid", - } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - articleRepository.On("Count").Once().Return(uint(len(a)), nil) articleRepository.On("GetAll", uint(0), uint(20)).Return(a, nil) defer articleRepository.AssertExpectations(t) - handler := NewIndexHandler(getarticles.NewUseCase(&articleRepository), &authorizer) + handler := NewIndexHandler(getarticles.NewUseCase(&articleRepository)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) response := httptest.NewRecorder() handler.ServeHTTP(response, request) @@ -82,24 +68,15 @@ func TestIndexHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - articleRepository.On("Count").Once().Return(uint(0), nil) articleRepository.On("GetAll", uint(0), uint(20)).Return(nil, nil) defer articleRepository.AssertExpectations(t) - handler := NewIndexHandler(getarticles.NewUseCase(&articleRepository), &authorizer) + handler := NewIndexHandler(getarticles.NewUseCase(&articleRepository)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) response := httptest.NewRecorder() handler.ServeHTTP(response, request) @@ -111,64 +88,4 @@ func TestIndexHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getarticles.NewUseCase(&articleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - articleRepository.AssertNotCalled(t, "Count") - articleRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getarticles.NewUseCase(&articleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - articleRepository.AssertNotCalled(t, "Count") - articleRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/article/show.go b/presentation/http/api/dashboard/article/show.go index 68e71d02..bb993368 100644 --- a/presentation/http/api/dashboard/article/show.go +++ b/presentation/http/api/dashboard/article/show.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" getarticle "github.com/khanzadimahdi/testproject/application/dashboard/article/getArticle" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getarticle.UseCase - authorizer domain.Authorizer + useCase *getarticle.UseCase } -func NewShowHandler(useCase *getarticle.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getarticle.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ArticlesShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") response, err := h.useCase.Execute(UUID) diff --git a/presentation/http/api/dashboard/article/show_test.go b/presentation/http/api/dashboard/article/show_test.go index 2ca34ac2..206e35f5 100644 --- a/presentation/http/api/dashboard/article/show_test.go +++ b/presentation/http/api/dashboard/article/show_test.go @@ -1,7 +1,6 @@ package article import ( - "errors" "net/http" "net/http/httptest" "os" @@ -10,12 +9,9 @@ import ( "github.com/stretchr/testify/assert" - "github.com/khanzadimahdi/testproject/application/auth" getarticle "github.com/khanzadimahdi/testproject/application/dashboard/article/getArticle" "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/article" - "github.com/khanzadimahdi/testproject/domain/permission" - "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/articles" ) @@ -27,7 +23,6 @@ func TestShowHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer publishedAt, _ = time.Parse(time.RFC3339, "2024-10-11T04:27:44Z") @@ -39,22 +34,14 @@ func TestShowHandler(t *testing.T) { Tags: []string{"tag-1", "tag-2"}, PublishedAt: publishedAt, } - - u = user.User{ - UUID: "user-uuid", - } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - articleRepository.On("GetOne", a.UUID).Return(a, nil) defer articleRepository.AssertExpectations(t) - handler := NewShowHandler(getarticle.NewUseCase(&articleRepository), &authorizer) + handler := NewShowHandler(getarticle.NewUseCase(&articleRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) request.SetPathValue("uuid", a.UUID) response := httptest.NewRecorder() @@ -68,66 +55,23 @@ func TestShowHandler(t *testing.T) { assert.Equal(t, http.StatusOK, response.Code) }) - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - a = article.Article{ - UUID: "article-uuid-1", - } - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesShow).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getarticle.NewUseCase(&articleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", a.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - articleRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - t.Run("not found", func(t *testing.T) { t.Parallel() var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer a = article.Article{ UUID: "article-uuid-1", } - - u = user.User{ - UUID: "user-uuid", - } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - articleRepository.On("GetOne", a.UUID).Return(article.Article{}, domain.ErrNotExists) defer articleRepository.AssertExpectations(t) - handler := NewShowHandler(getarticle.NewUseCase(&articleRepository), &authorizer) + handler := NewShowHandler(getarticle.NewUseCase(&articleRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) request.SetPathValue("uuid", a.UUID) response := httptest.NewRecorder() @@ -136,38 +80,4 @@ func TestShowHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNotFound, response.Code) }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - - a = article.Article{ - UUID: "article-uuid-1", - } - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getarticle.NewUseCase(&articleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", a.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - articleRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/article/update.go b/presentation/http/api/dashboard/article/update.go index b2c23900..ff4887a1 100644 --- a/presentation/http/api/dashboard/article/update.go +++ b/presentation/http/api/dashboard/article/update.go @@ -8,30 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" updatearticle "github.com/khanzadimahdi/testproject/application/dashboard/article/updateArticle" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateHandler struct { - useCase *updatearticle.UseCase - authorizer domain.Authorizer + useCase *updatearticle.UseCase } -func NewUpdateHandler(useCase *updatearticle.UseCase, a domain.Authorizer) *updateHandler { +func NewUpdateHandler(useCase *updatearticle.UseCase) *updateHandler { return &updateHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ArticlesUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var request updatearticle.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { diff --git a/presentation/http/api/dashboard/article/update_test.go b/presentation/http/api/dashboard/article/update_test.go index a60f97f8..40540e41 100644 --- a/presentation/http/api/dashboard/article/update_test.go +++ b/presentation/http/api/dashboard/article/update_test.go @@ -16,7 +16,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/article" "github.com/khanzadimahdi/testproject/domain/author" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/articles" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -30,7 +29,6 @@ func TestUpdateHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator r = updatearticle.Request{ @@ -60,16 +58,13 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) articleRepository.On("Save", &a).Once().Return(a.UUID, nil) defer articleRepository.AssertExpectations(t) - handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -85,56 +80,11 @@ func TestUpdateHandler(t *testing.T) { assert.Equal(t, http.StatusNoContent, response.Code) }) - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - r = updatearticle.Request{ - UUID: "test-article-uuid", - Title: "test title", - Excerpt: "test excerpt", - Body: "test body", - AuthorUUID: "test-author-uuid", - Tags: []string{"tag1", "tag2"}, - } - - u = user.User{ - UUID: r.AuthorUUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.ArticlesUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(r) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPatch, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - articleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - t.Run("validation failed", func(t *testing.T) { t.Parallel() var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{ @@ -142,9 +92,6 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &updatearticle.Request{AuthorUUID: u.UUID}).Once().Return(domain.ValidationErrors{ "body": "body is required", "excerpt": "excerpt is required", @@ -152,7 +99,7 @@ func TestUpdateHandler(t *testing.T) { }) defer requestValidator.AssertExpectations(t) - handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator)) request := httptest.NewRequest(http.MethodPatch, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -175,7 +122,6 @@ func TestUpdateHandler(t *testing.T) { var ( articleRepository articles.MockArticlesRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator r = updatearticle.Request{ @@ -205,16 +151,13 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.ArticlesUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) articleRepository.On("Save", &a).Once().Return("", errors.New("unexpected error")) defer articleRepository.AssertExpectations(t) - handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updatearticle.NewUseCase(&articleRepository, &requestValidator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) diff --git a/presentation/http/api/dashboard/bookmark/deleteUser.go b/presentation/http/api/dashboard/bookmark/deleteUser.go index 6803fc0f..2cf22f25 100644 --- a/presentation/http/api/dashboard/bookmark/deleteUser.go +++ b/presentation/http/api/dashboard/bookmark/deleteUser.go @@ -6,38 +6,27 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/bookmark/deleteUserBookmark" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteUserHandler struct { - useCase *deleteUserBookmark.UseCase - authorizer domain.Authorizer + useCase *deleteUserBookmark.UseCase } -func NewDeleteUserBookmarkHandler(useCase *deleteUserBookmark.UseCase, a domain.Authorizer) *deleteUserHandler { +func NewDeleteUserBookmarkHandler(useCase *deleteUserBookmark.UseCase) *deleteUserHandler { return &deleteUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfBookmarksDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var request deleteUserBookmark.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) return } - request.OwnerUUID = auth.FromContext(r.Context()).UUID + request.OwnerUUID = userUUID response, err := h.useCase.Execute(&request) switch { diff --git a/presentation/http/api/dashboard/bookmark/deleteUser_test.go b/presentation/http/api/dashboard/bookmark/deleteUser_test.go index e9d8e952..f3d57424 100644 --- a/presentation/http/api/dashboard/bookmark/deleteUser_test.go +++ b/presentation/http/api/dashboard/bookmark/deleteUser_test.go @@ -3,7 +3,6 @@ package bookmark import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "testing" @@ -12,8 +11,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/bookmark/deleteUserBookmark" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/bookmarks" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -27,7 +24,6 @@ func TestDeleteUserHandler(t *testing.T) { var ( bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{ @@ -41,16 +37,13 @@ func TestDeleteUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfBookmarksDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) bookmarkRepository.On("DeleteByOwnerUUID", r.OwnerUUID, r.ObjectType, r.ObjectUUID).Return(nil) defer bookmarkRepository.AssertExpectations(t) - handler := NewDeleteUserBookmarkHandler(deleteUserBookmark.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) + handler := NewDeleteUserBookmarkHandler(deleteUserBookmark.NewUseCase(&bookmarkRepository, &requestValidator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -65,86 +58,4 @@ func TestDeleteUserHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{ - UUID: "user-uuid", - } - - r = deleteUserBookmark.Request{ - ObjectType: "article", - ObjectUUID: "article-uuid", - OwnerUUID: u.UUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfBookmarksDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteUserBookmarkHandler(deleteUserBookmark.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(r) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodDelete, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - bookmarkRepository.AssertNotCalled(t, "DeleteByOwnerUUID") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{ - UUID: "user-uuid", - } - - r = deleteUserBookmark.Request{ - ObjectType: "article", - ObjectUUID: "article-uuid", - OwnerUUID: u.UUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfBookmarksDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteUserBookmarkHandler(deleteUserBookmark.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(r) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodDelete, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - bookmarkRepository.AssertNotCalled(t, "DeleteByOwnerUUID") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/bookmark/indexUser.go b/presentation/http/api/dashboard/bookmark/indexUser.go index d1a483dc..845a35ff 100644 --- a/presentation/http/api/dashboard/bookmark/indexUser.go +++ b/presentation/http/api/dashboard/bookmark/indexUser.go @@ -8,31 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/bookmark/getUserBookmarks" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexUserHandler struct { - useCase *getUserBookmarks.UseCase - authorizer domain.Authorizer + useCase *getUserBookmarks.UseCase } -func NewIndexUserBookmarksHandler(useCase *getUserBookmarks.UseCase, a domain.Authorizer) *indexUserHandler { +func NewIndexUserBookmarksHandler(useCase *getUserBookmarks.UseCase) *indexUserHandler { return &indexUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfBookmarksIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var page uint = 1 if r.URL.Query().Has("page") { diff --git a/presentation/http/api/dashboard/bookmark/indexUser_test.go b/presentation/http/api/dashboard/bookmark/indexUser_test.go index 61699397..68f57d22 100644 --- a/presentation/http/api/dashboard/bookmark/indexUser_test.go +++ b/presentation/http/api/dashboard/bookmark/indexUser_test.go @@ -1,7 +1,6 @@ package bookmark import ( - "errors" "net/http" "net/http/httptest" "os" @@ -12,9 +11,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/bookmark/getUserBookmarks" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/bookmark" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/bookmarks" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -28,7 +25,6 @@ func TestIndexUserHandler(t *testing.T) { var ( bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator r = getUserBookmarks.Request{ @@ -70,9 +66,6 @@ func TestIndexUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", r.OwnerUUID, permission.SelfBookmarksIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -80,7 +73,7 @@ func TestIndexUserHandler(t *testing.T) { bookmarkRepository.On("GetAllByOwnerUUID", r.OwnerUUID, uint(0), uint(10)).Once().Return(b, nil) defer bookmarkRepository.AssertExpectations(t) - handler := NewIndexUserBookmarksHandler(getUserBookmarks.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) + handler := NewIndexUserBookmarksHandler(getUserBookmarks.NewUseCase(&bookmarkRepository, &requestValidator)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -96,49 +89,11 @@ func TestIndexUserHandler(t *testing.T) { assert.Equal(t, http.StatusOK, response.Code) }) - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - r = getUserBookmarks.Request{ - OwnerUUID: "owner-uuid", - Page: 1, - } - - u = user.User{ - UUID: r.OwnerUUID, - } - ) - - authorizer.On("Authorize", r.OwnerUUID, permission.SelfBookmarksIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexUserBookmarksHandler(getUserBookmarks.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - bookmarkRepository.AssertNotCalled(t, "CountByOwnerUUID") - bookmarkRepository.AssertNotCalled(t, "GetAllByOwnerUUID") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - t.Run("no data", func(t *testing.T) { t.Parallel() var ( bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator r = getUserBookmarks.Request{ @@ -151,9 +106,6 @@ func TestIndexUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", r.OwnerUUID, permission.SelfBookmarksIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -161,7 +113,7 @@ func TestIndexUserHandler(t *testing.T) { bookmarkRepository.On("GetAllByOwnerUUID", r.OwnerUUID, uint(0), uint(10)).Once().Return(nil, nil) defer bookmarkRepository.AssertExpectations(t) - handler := NewIndexUserBookmarksHandler(getUserBookmarks.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) + handler := NewIndexUserBookmarksHandler(getUserBookmarks.NewUseCase(&bookmarkRepository, &requestValidator)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -176,40 +128,4 @@ func TestIndexUserHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - bookmarkRepository bookmarks.MockBookmarksRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - r = getUserBookmarks.Request{ - OwnerUUID: "owner-uuid", - } - - u = user.User{ - UUID: r.OwnerUUID, - } - ) - - authorizer.On("Authorize", r.OwnerUUID, permission.SelfBookmarksIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexUserBookmarksHandler(getUserBookmarks.NewUseCase(&bookmarkRepository, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - bookmarkRepository.AssertNotCalled(t, "CountByOwnerUUID") - bookmarkRepository.AssertNotCalled(t, "GetAllByOwnerUUID") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/create.go b/presentation/http/api/dashboard/comment/create.go index 292f5e30..5048876b 100644 --- a/presentation/http/api/dashboard/comment/create.go +++ b/presentation/http/api/dashboard/comment/create.go @@ -6,31 +6,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/createComment" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type createHandler struct { - useCase *createComment.UseCase - authorizer domain.Authorizer + useCase *createComment.UseCase } -func NewCreateHandler(useCase *createComment.UseCase, a domain.Authorizer) *createHandler { +func NewCreateHandler(useCase *createComment.UseCase) *createHandler { return &createHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *createHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.CommentsCreate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var request createComment.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { diff --git a/presentation/http/api/dashboard/comment/create_test.go b/presentation/http/api/dashboard/comment/create_test.go index 34978f31..b061f6b7 100644 --- a/presentation/http/api/dashboard/comment/create_test.go +++ b/presentation/http/api/dashboard/comment/create_test.go @@ -3,7 +3,6 @@ package comment import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -16,7 +15,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -30,7 +28,6 @@ func TestCreateHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} @@ -45,13 +42,10 @@ func TestCreateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.CommentsCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("Save", &c).Once().Return(c.UUID, nil) defer commentRepository.AssertExpectations(t) - handler := NewCreateHandler(createComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) + handler := NewCreateHandler(createComment.NewUseCase(&commentRepository, &requestValidator)) body := createComment.Request{ Body: c.Body, @@ -83,15 +77,11 @@ func TestCreateHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.CommentsCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &createComment.Request{AuthorUUID: u.UUID}).Once().Return(domain.ValidationErrors{ "body": "body is required", "object_type": "object type is not supported", @@ -99,7 +89,7 @@ func TestCreateHandler(t *testing.T) { }) defer requestValidator.AssertExpectations(t) - handler := NewCreateHandler(createComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) + handler := NewCreateHandler(createComment.NewUseCase(&commentRepository, &requestValidator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -116,102 +106,4 @@ func TestCreateHandler(t *testing.T) { assert.JSONEq(t, string(expected), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - c = comment.Comment{ - Body: "this is a test body", - ParentUUID: "parent-uuid-1", - ObjectUUID: "object-uuid-test", - ObjectType: "article", - Author: author.Author{ - UUID: u.UUID, - }, - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsCreate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) - - body := createComment.Request{ - Body: c.Body, - ParentUUID: c.ParentUUID, - ObjectUUID: c.ObjectUUID, - ObjectType: c.ObjectType, - } - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(body) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - commentRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - c = comment.Comment{ - Body: "this is a test body", - ParentUUID: "parent-uuid-1", - ObjectUUID: "object-uuid-test", - ObjectType: "article", - Author: author.Author{ - UUID: u.UUID, - }, - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsCreate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) - - body := createComment.Request{ - Body: c.Body, - ParentUUID: c.ParentUUID, - ObjectUUID: c.ObjectUUID, - ObjectType: c.ObjectType, - } - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(body) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - commentRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/delete.go b/presentation/http/api/dashboard/comment/delete.go index 0f7813d7..b581e62c 100644 --- a/presentation/http/api/dashboard/comment/delete.go +++ b/presentation/http/api/dashboard/comment/delete.go @@ -3,34 +3,20 @@ package comment import ( "net/http" - "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/deleteComment" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteHandler struct { - useCase *deleteComment.UseCase - authorizer domain.Authorizer + useCase *deleteComment.UseCase } -func NewDeleteHandler(useCase *deleteComment.UseCase, a domain.Authorizer) *deleteHandler { +func NewDeleteHandler(useCase *deleteComment.UseCase) *deleteHandler { return &deleteHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.CommentsDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") request := deleteComment.Request{ diff --git a/presentation/http/api/dashboard/comment/deleteUser.go b/presentation/http/api/dashboard/comment/deleteUser.go index fbcc5e48..96285463 100644 --- a/presentation/http/api/dashboard/comment/deleteUser.go +++ b/presentation/http/api/dashboard/comment/deleteUser.go @@ -5,31 +5,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/deleteUserComment" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteUserHandler struct { - useCase *deleteUserComment.UseCase - authorizer domain.Authorizer + useCase *deleteUserComment.UseCase } -func NewDeleteUserCommentHandler(useCase *deleteUserComment.UseCase, a domain.Authorizer) *deleteUserHandler { +func NewDeleteUserCommentHandler(useCase *deleteUserComment.UseCase) *deleteUserHandler { return &deleteUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfCommentsDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } UUID := r.PathValue("uuid") diff --git a/presentation/http/api/dashboard/comment/deleteUser_test.go b/presentation/http/api/dashboard/comment/deleteUser_test.go index 4b2cc8ed..6347ea1e 100644 --- a/presentation/http/api/dashboard/comment/deleteUser_test.go +++ b/presentation/http/api/dashboard/comment/deleteUser_test.go @@ -1,7 +1,6 @@ package comment import ( - "errors" "net/http" "net/http/httptest" "testing" @@ -10,9 +9,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/deleteUserComment" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" ) @@ -23,7 +20,6 @@ func TestDeleteUserHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -32,13 +28,10 @@ func TestDeleteUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("DeleteByAuthorUUID", c.UUID, u.UUID).Once().Return(nil) defer commentRepository.AssertExpectations(t) - handler := NewDeleteUserCommentHandler(deleteUserComment.NewUseCase(&commentRepository), &authorizer) + handler := NewDeleteUserCommentHandler(deleteUserComment.NewUseCase(&commentRepository)) request := httptest.NewRequest(http.MethodDelete, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -50,68 +43,4 @@ func TestDeleteUserHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - c = comment.Comment{ - UUID: "comment-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteUserCommentHandler(deleteUserComment.NewUseCase(&commentRepository), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", c.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - c = comment.Comment{ - UUID: "comment-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteUserCommentHandler(deleteUserComment.NewUseCase(&commentRepository), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", c.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/delete_test.go b/presentation/http/api/dashboard/comment/delete_test.go index f0bac9e0..722e663d 100644 --- a/presentation/http/api/dashboard/comment/delete_test.go +++ b/presentation/http/api/dashboard/comment/delete_test.go @@ -1,7 +1,6 @@ package comment import ( - "errors" "net/http" "net/http/httptest" "testing" @@ -10,9 +9,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/deleteComment" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" ) @@ -25,7 +22,6 @@ func TestDeleteHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -34,13 +30,10 @@ func TestDeleteHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.CommentsDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("Delete", c.UUID).Once().Return(nil) defer commentRepository.AssertExpectations(t) - handler := NewDeleteHandler(deleteComment.NewUseCase(&commentRepository), &authorizer) + handler := NewDeleteHandler(deleteComment.NewUseCase(&commentRepository)) request := httptest.NewRequest(http.MethodDelete, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -52,68 +45,4 @@ func TestDeleteHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - c = comment.Comment{ - UUID: "comment-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deleteComment.NewUseCase(&commentRepository), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", c.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - c = comment.Comment{ - UUID: "comment-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deleteComment.NewUseCase(&commentRepository), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", c.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/index.go b/presentation/http/api/dashboard/comment/index.go index 12ebe424..85f3a8bc 100644 --- a/presentation/http/api/dashboard/comment/index.go +++ b/presentation/http/api/dashboard/comment/index.go @@ -6,34 +6,20 @@ import ( "strconv" "unsafe" - "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getComments" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexHandler struct { - useCase *getComments.UseCase - authorizer domain.Authorizer + useCase *getComments.UseCase } -func NewIndexHandler(useCase *getComments.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getComments.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.CommentsIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var page uint = 1 if r.URL.Query().Has("page") { parsedPage, err := strconv.ParseUint(r.URL.Query().Get("page"), 10, int(unsafe.Sizeof(page))) diff --git a/presentation/http/api/dashboard/comment/indexUser.go b/presentation/http/api/dashboard/comment/indexUser.go index 99fabd12..27a1959e 100644 --- a/presentation/http/api/dashboard/comment/indexUser.go +++ b/presentation/http/api/dashboard/comment/indexUser.go @@ -8,31 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getUserComments" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexUserHandler struct { - useCase *getUserComments.UseCase - authorizer domain.Authorizer + useCase *getUserComments.UseCase } -func NewIndexUserCommentsHandler(useCase *getUserComments.UseCase, a domain.Authorizer) *indexUserHandler { +func NewIndexUserCommentsHandler(useCase *getUserComments.UseCase) *indexUserHandler { return &indexUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfCommentsIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var page uint = 1 if r.URL.Query().Has("page") { diff --git a/presentation/http/api/dashboard/comment/indexUser_test.go b/presentation/http/api/dashboard/comment/indexUser_test.go index d793770d..6e1769ba 100644 --- a/presentation/http/api/dashboard/comment/indexUser_test.go +++ b/presentation/http/api/dashboard/comment/indexUser_test.go @@ -1,7 +1,6 @@ package comment import ( - "errors" "fmt" "net/http" "net/http/httptest" @@ -14,10 +13,8 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getComments" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getUserComments" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" @@ -32,7 +29,6 @@ func TestIndexUserHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -71,9 +67,6 @@ func TestIndexUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("CountByAuthorUUID", u.UUID).Once().Return(uint(len(a)), nil) commentRepository.On("GetAllByAuthorUUID", u.UUID, uint(0), uint(10)).Return(a, nil) defer commentRepository.AssertExpectations(t) @@ -81,7 +74,7 @@ func TestIndexUserHandler(t *testing.T) { userRepository.On("GetOne", u.UUID).Once().Return(u, nil) defer userRepository.AssertExpectations(t) - handler := NewIndexUserCommentsHandler(getUserComments.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewIndexUserCommentsHandler(getUserComments.NewUseCase(&commentRepository, &userRepository)) url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) request := httptest.NewRequest(http.MethodGet, url, nil) @@ -104,7 +97,6 @@ func TestIndexUserHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -115,9 +107,6 @@ func TestIndexUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("CountByAuthorUUID", u.UUID).Once().Return(uint(0), nil) commentRepository.On("GetAllByAuthorUUID", u.UUID, uint(0), uint(10)).Return(nil, nil) defer commentRepository.AssertExpectations(t) @@ -125,7 +114,7 @@ func TestIndexUserHandler(t *testing.T) { userRepository.On("GetOne", u.UUID).Once().Return(u, nil) defer userRepository.AssertExpectations(t) - handler := NewIndexUserCommentsHandler(getUserComments.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewIndexUserCommentsHandler(getUserComments.NewUseCase(&commentRepository, &userRepository)) url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) request := httptest.NewRequest(http.MethodGet, url, nil) @@ -141,78 +130,4 @@ func TestIndexUserHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - r = getComments.Request{ - Page: 1, - ObjectUUID: "object-uuid-1", - ObjectType: "article", - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexUserCommentsHandler(getUserComments.NewUseCase(&commentRepository, &userRepository), &authorizer) - - url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) - request := httptest.NewRequest(http.MethodGet, url, nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Count") - commentRepository.AssertNotCalled(t, "GetAll") - userRepository.AssertNotCalled(t, "GetByUUIDs") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - r = getComments.Request{ - Page: 1, - ObjectUUID: "object-uuid-1", - ObjectType: "article", - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexUserCommentsHandler(getUserComments.NewUseCase(&commentRepository, &userRepository), &authorizer) - - url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) - request := httptest.NewRequest(http.MethodGet, url, nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Count") - commentRepository.AssertNotCalled(t, "GetAll") - userRepository.AssertNotCalled(t, "GetByUUIDs") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/index_test.go b/presentation/http/api/dashboard/comment/index_test.go index bfe77859..f22a9e28 100644 --- a/presentation/http/api/dashboard/comment/index_test.go +++ b/presentation/http/api/dashboard/comment/index_test.go @@ -1,7 +1,6 @@ package comment import ( - "errors" "fmt" "net/http" "net/http/httptest" @@ -13,10 +12,8 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getComments" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" @@ -31,7 +28,6 @@ func TestIndexHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -77,9 +73,6 @@ func TestIndexHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.CommentsIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("Count").Once().Return(uint(len(a)), nil) commentRepository.On("GetAll", uint(0), uint(10)).Return(a, nil) defer commentRepository.AssertExpectations(t) @@ -87,7 +80,7 @@ func TestIndexHandler(t *testing.T) { userRepository.On("GetByUUIDs", userUUIDs).Once().Return(users, nil) defer userRepository.AssertExpectations(t) - handler := NewIndexHandler(getComments.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewIndexHandler(getComments.NewUseCase(&commentRepository, &userRepository)) url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) request := httptest.NewRequest(http.MethodGet, url, nil) @@ -110,7 +103,6 @@ func TestIndexHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -121,9 +113,6 @@ func TestIndexHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.CommentsIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("Count").Once().Return(uint(0), nil) commentRepository.On("GetAll", uint(0), uint(10)).Return(nil, nil) defer commentRepository.AssertExpectations(t) @@ -131,7 +120,7 @@ func TestIndexHandler(t *testing.T) { userRepository.On("GetByUUIDs", []string{}).Once().Return(nil, nil) defer userRepository.AssertExpectations(t) - handler := NewIndexHandler(getComments.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewIndexHandler(getComments.NewUseCase(&commentRepository, &userRepository)) url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) request := httptest.NewRequest(http.MethodGet, url, nil) @@ -147,78 +136,4 @@ func TestIndexHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - r = getComments.Request{ - Page: 1, - ObjectUUID: "object-uuid-1", - ObjectType: "article", - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getComments.NewUseCase(&commentRepository, &userRepository), &authorizer) - - url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) - request := httptest.NewRequest(http.MethodGet, url, nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Count") - commentRepository.AssertNotCalled(t, "GetAll") - userRepository.AssertNotCalled(t, "GetByUUIDs") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - r = getComments.Request{ - Page: 1, - ObjectUUID: "object-uuid-1", - ObjectType: "article", - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getComments.NewUseCase(&commentRepository, &userRepository), &authorizer) - - url := fmt.Sprintf("/?object_uuid=%s&object_type=%s&page=%d", r.ObjectUUID, r.ObjectType, r.Page) - request := httptest.NewRequest(http.MethodGet, url, nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "Count") - commentRepository.AssertNotCalled(t, "GetAll") - userRepository.AssertNotCalled(t, "GetByUUIDs") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/show.go b/presentation/http/api/dashboard/comment/show.go index 5b722cd6..00845fbf 100644 --- a/presentation/http/api/dashboard/comment/show.go +++ b/presentation/http/api/dashboard/comment/show.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getComment" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getComment.UseCase - authorizer domain.Authorizer + useCase *getComment.UseCase } -func NewShowHandler(useCase *getComment.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getComment.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.CommentsShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") response, err := h.useCase.Execute(UUID) diff --git a/presentation/http/api/dashboard/comment/showUser.go b/presentation/http/api/dashboard/comment/showUser.go index 7502ca86..42ee9c1c 100644 --- a/presentation/http/api/dashboard/comment/showUser.go +++ b/presentation/http/api/dashboard/comment/showUser.go @@ -8,30 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/getUserComment" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showUserHandler struct { - useCase *getUserComment.UseCase - authorizer domain.Authorizer + useCase *getUserComment.UseCase } -func NewShowUserCommentHandler(useCase *getUserComment.UseCase, a domain.Authorizer) *showUserHandler { +func NewShowUserCommentHandler(useCase *getUserComment.UseCase) *showUserHandler { return &showUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfCommentsShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } UUID := r.PathValue("uuid") diff --git a/presentation/http/api/dashboard/comment/showUser_test.go b/presentation/http/api/dashboard/comment/showUser_test.go index b30d34a4..6cf632ac 100644 --- a/presentation/http/api/dashboard/comment/showUser_test.go +++ b/presentation/http/api/dashboard/comment/showUser_test.go @@ -1,7 +1,6 @@ package comment import ( - "errors" "net/http" "net/http/httptest" "os" @@ -14,7 +13,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" @@ -29,7 +27,6 @@ func TestShowUserHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -42,16 +39,13 @@ func TestShowUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("GetOneByAuthorUUID", commentUUID, u.UUID).Return(a, nil) defer commentRepository.AssertExpectations(t) userRepository.On("GetOne", a.Author.UUID).Once().Return(user.User{UUID: a.Author.UUID}, nil) defer userRepository.AssertExpectations(t) - handler := NewShowUserCommentHandler(getUserComment.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewShowUserCommentHandler(getUserComment.NewUseCase(&commentRepository, &userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -74,20 +68,16 @@ func TestShowUserHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} commentUUID = "role-uuid" ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("GetOneByAuthorUUID", commentUUID, u.UUID).Return(comment.Comment{}, domain.ErrNotExists) defer commentRepository.AssertExpectations(t) - handler := NewShowUserCommentHandler(getUserComment.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewShowUserCommentHandler(getUserComment.NewUseCase(&commentRepository, &userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -101,36 +91,4 @@ func TestShowUserHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNotFound, response.Code) }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - commentUUID = "role-uuid" - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewShowUserCommentHandler(getUserComment.NewUseCase(&commentRepository, &userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", commentUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "GetOneByAuthorUUID") - userRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/show_test.go b/presentation/http/api/dashboard/comment/show_test.go index 04b4bfe7..8d29c5e1 100644 --- a/presentation/http/api/dashboard/comment/show_test.go +++ b/presentation/http/api/dashboard/comment/show_test.go @@ -1,7 +1,6 @@ package comment import ( - "errors" "net/http" "net/http/httptest" "os" @@ -14,7 +13,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" @@ -29,7 +27,6 @@ func TestShowHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -42,16 +39,13 @@ func TestShowHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.CommentsShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("GetOne", commentUUID).Return(a, nil) defer commentRepository.AssertExpectations(t) userRepository.On("GetOne", a.Author.UUID).Once().Return(u, nil) defer userRepository.AssertExpectations(t) - handler := NewShowHandler(getComment.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewShowHandler(getComment.NewUseCase(&commentRepository, &userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -74,20 +68,16 @@ func TestShowHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} commentUUID = "role-uuid" ) - authorizer.On("Authorize", u.UUID, permission.CommentsShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("GetOne", commentUUID).Return(comment.Comment{}, domain.ErrNotExists) defer commentRepository.AssertExpectations(t) - handler := NewShowHandler(getComment.NewUseCase(&commentRepository, &userRepository), &authorizer) + handler := NewShowHandler(getComment.NewUseCase(&commentRepository, &userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -101,36 +91,4 @@ func TestShowHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNotFound, response.Code) }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - commentUUID = "role-uuid" - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getComment.NewUseCase(&commentRepository, &userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", commentUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - commentRepository.AssertNotCalled(t, "GetOne") - userRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/update.go b/presentation/http/api/dashboard/comment/update.go index bd51a119..290b9bed 100644 --- a/presentation/http/api/dashboard/comment/update.go +++ b/presentation/http/api/dashboard/comment/update.go @@ -8,30 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/updateComment" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateHandler struct { - useCase *updateComment.UseCase - authorizer domain.Authorizer + useCase *updateComment.UseCase } -func NewUpdateHandler(useCase *updateComment.UseCase, a domain.Authorizer) *updateHandler { +func NewUpdateHandler(useCase *updateComment.UseCase) *updateHandler { return &updateHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.CommentsUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var request updateComment.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { diff --git a/presentation/http/api/dashboard/comment/updateUser.go b/presentation/http/api/dashboard/comment/updateUser.go index 89dda78b..80a8e147 100644 --- a/presentation/http/api/dashboard/comment/updateUser.go +++ b/presentation/http/api/dashboard/comment/updateUser.go @@ -8,30 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/comment/updateUserComment" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateUserHandler struct { - useCase *updateUserComment.UseCase - authorizer domain.Authorizer + useCase *updateUserComment.UseCase } -func NewUpdateUserCommentHandler(useCase *updateUserComment.UseCase, a domain.Authorizer) *updateUserHandler { +func NewUpdateUserCommentHandler(useCase *updateUserComment.UseCase) *updateUserHandler { return &updateUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfCommentsUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var request updateUserComment.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { diff --git a/presentation/http/api/dashboard/comment/updateUser_test.go b/presentation/http/api/dashboard/comment/updateUser_test.go index 0e8002e7..4efdea04 100644 --- a/presentation/http/api/dashboard/comment/updateUser_test.go +++ b/presentation/http/api/dashboard/comment/updateUser_test.go @@ -3,7 +3,6 @@ package comment import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -16,7 +15,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -26,7 +24,6 @@ func TestUpdateUserHandler(t *testing.T) { t.Run("create comment", func(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} @@ -42,14 +39,11 @@ func TestUpdateUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("GetOneByAuthorUUID", c.UUID, u.UUID).Once().Return(c, nil) commentRepository.On("Save", &c).Once().Return(c.UUID, nil) defer commentRepository.AssertExpectations(t) - handler := NewUpdateUserCommentHandler(updateUserComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) + handler := NewUpdateUserCommentHandler(updateUserComment.NewUseCase(&commentRepository, &requestValidator)) body := updateUserComment.Request{ UUID: c.UUID, @@ -77,22 +71,18 @@ func TestUpdateUserHandler(t *testing.T) { t.Run("validation fails", func(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.SelfCommentsUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &updateUserComment.Request{UserUUID: u.UUID}).Once().Return(domain.ValidationErrors{ "body": "body is required", "uuid": "uuid is required", }) defer requestValidator.AssertExpectations(t) - handler := NewUpdateUserCommentHandler(updateUserComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) + handler := NewUpdateUserCommentHandler(updateUserComment.NewUseCase(&commentRepository, &requestValidator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -110,92 +100,4 @@ func TestUpdateUserHandler(t *testing.T) { assert.JSONEq(t, string(expected), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - c = comment.Comment{ - UUID: "comment-uuid", - Body: "this is a test body", - Author: author.Author{ - UUID: u.UUID, - }, - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateUserCommentHandler(updateUserComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) - - body := updateUserComment.Request{ - UUID: c.UUID, - Body: c.Body, - } - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(body) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - commentRepository.AssertNotCalled(t, "GetOneByAuthorUUID") - commentRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - c = comment.Comment{ - UUID: "comment-uuid", - Body: "this is a test body", - Author: author.Author{ - UUID: u.UUID, - }, - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfCommentsUpdate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateUserCommentHandler(updateUserComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) - - body := updateUserComment.Request{ - UUID: c.UUID, - Body: c.Body, - } - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(body) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - commentRepository.AssertNotCalled(t, "GetOneByAuthorUUID") - commentRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/comment/update_test.go b/presentation/http/api/dashboard/comment/update_test.go index b7aae1bd..47717451 100644 --- a/presentation/http/api/dashboard/comment/update_test.go +++ b/presentation/http/api/dashboard/comment/update_test.go @@ -3,7 +3,6 @@ package comment import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -16,7 +15,6 @@ import ( "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/author" "github.com/khanzadimahdi/testproject/domain/comment" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/comments" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -30,7 +28,6 @@ func TestUpdateHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} @@ -46,13 +43,10 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.CommentsUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - commentRepository.On("Save", &c).Once().Return(c.UUID, nil) defer commentRepository.AssertExpectations(t) - handler := NewUpdateHandler(updateComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updateComment.NewUseCase(&commentRepository, &requestValidator)) body := updateComment.Request{ UUID: c.UUID, @@ -85,15 +79,11 @@ func TestUpdateHandler(t *testing.T) { var ( commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.CommentsUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &updateComment.Request{AuthorUUID: u.UUID}).Once().Return(domain.ValidationErrors{ "body": "body is required", "object_type": "object type is not supported", @@ -102,7 +92,7 @@ func TestUpdateHandler(t *testing.T) { }) defer requestValidator.AssertExpectations(t) - handler := NewUpdateHandler(updateComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updateComment.NewUseCase(&commentRepository, &requestValidator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -119,102 +109,4 @@ func TestUpdateHandler(t *testing.T) { assert.JSONEq(t, string(expected), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - c = comment.Comment{ - Body: "this is a test body", - ParentUUID: "parent-uuid-1", - ObjectUUID: "object-uuid-test", - ObjectType: "article", - Author: author.Author{ - UUID: u.UUID, - }, - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updateComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) - - body := updateComment.Request{ - Body: c.Body, - ParentUUID: c.ParentUUID, - ObjectUUID: c.ObjectUUID, - ObjectType: c.ObjectType, - } - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(body) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - commentRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - commentRepository comments.MockCommentsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - c = comment.Comment{ - Body: "this is a test body", - ParentUUID: "parent-uuid-1", - ObjectUUID: "object-uuid-test", - ObjectType: "article", - Author: author.Author{ - UUID: u.UUID, - }, - } - ) - - authorizer.On("Authorize", u.UUID, permission.CommentsUpdate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updateComment.NewUseCase(&commentRepository, &requestValidator), &authorizer) - - body := updateComment.Request{ - Body: c.Body, - ParentUUID: c.ParentUUID, - ObjectUUID: c.ObjectUUID, - ObjectType: c.ObjectType, - } - - var payload bytes.Buffer - err := json.NewEncoder(&payload).Encode(body) - assert.NoError(t, err) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - commentRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/config/show.go b/presentation/http/api/dashboard/config/show.go index 34f2dd74..52da6c2b 100644 --- a/presentation/http/api/dashboard/config/show.go +++ b/presentation/http/api/dashboard/config/show.go @@ -4,34 +4,20 @@ import ( "encoding/json" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/config/getConfig" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getConfig.UseCase - authorizer domain.Authorizer + useCase *getConfig.UseCase } -func NewShowHandler(useCase *getConfig.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getConfig.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ConfigShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - response, err := h.useCase.Execute() switch { diff --git a/presentation/http/api/dashboard/config/show_test.go b/presentation/http/api/dashboard/config/show_test.go index 41a20e57..4bbd8f36 100644 --- a/presentation/http/api/dashboard/config/show_test.go +++ b/presentation/http/api/dashboard/config/show_test.go @@ -1,7 +1,6 @@ package config import ( - "errors" "net/http" "net/http/httptest" "os" @@ -11,9 +10,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/config/getConfig" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/config" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" configMocks "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/config" ) @@ -26,7 +23,6 @@ func TestShowHandler(t *testing.T) { var ( configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -36,13 +32,10 @@ func TestShowHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.ConfigShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - configRepository.On("GetLatestRevision").Once().Return(loadedConfig, nil) defer configRepository.AssertExpectations(t) - handler := NewShowHandler(getConfig.NewUseCase(&configRepository), &authorizer) + handler := NewShowHandler(getConfig.NewUseCase(&configRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -57,58 +50,4 @@ func TestShowHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.ConfigShow).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getConfig.NewUseCase(&configRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - configRepository.AssertNotCalled(t, "GetLatestRevision") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.ConfigShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getConfig.NewUseCase(&configRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - configRepository.AssertNotCalled(t, "GetLatestRevision") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/config/update.go b/presentation/http/api/dashboard/config/update.go index 6c2f70d7..132f004e 100644 --- a/presentation/http/api/dashboard/config/update.go +++ b/presentation/http/api/dashboard/config/update.go @@ -4,34 +4,20 @@ import ( "encoding/json" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/config/updateConfig" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateHandler struct { - useCase *updateConfig.UseCase - authorizer domain.Authorizer + useCase *updateConfig.UseCase } -func NewUpdateHandler(useCase *updateConfig.UseCase, a domain.Authorizer) *updateHandler { +func NewUpdateHandler(useCase *updateConfig.UseCase) *updateHandler { return &updateHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ConfigUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request updateConfig.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/config/update_test.go b/presentation/http/api/dashboard/config/update_test.go index 1be7e640..c56bc743 100644 --- a/presentation/http/api/dashboard/config/update_test.go +++ b/presentation/http/api/dashboard/config/update_test.go @@ -3,7 +3,6 @@ package config import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -15,7 +14,6 @@ import ( "github.com/khanzadimahdi/testproject/application/dashboard/config/updateConfig" "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/config" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" configMocks "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/config" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -29,7 +27,6 @@ func TestUpdateHandler(t *testing.T) { var ( configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} @@ -49,9 +46,6 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.ConfigUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -59,7 +53,7 @@ func TestUpdateHandler(t *testing.T) { configRepository.On("Save", &savedConfig).Once().Return("new-revision-uuid", nil) defer configRepository.AssertExpectations(t) - handler := NewUpdateHandler(updateConfig.NewUseCase(&configRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updateConfig.NewUseCase(&configRepository, &requestValidator)) var payload bytes.Buffer json.NewEncoder(&payload).Encode(r) @@ -79,21 +73,17 @@ func TestUpdateHandler(t *testing.T) { var ( configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.ConfigUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &updateConfig.Request{}).Once().Return(domain.ValidationErrors{ "user_default_roles": "user_default_roles is required", }) defer requestValidator.AssertExpectations(t) - handler := NewUpdateHandler(updateConfig.NewUseCase(&configRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updateConfig.NewUseCase(&configRepository, &requestValidator)) request := httptest.NewRequest(http.MethodPut, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -111,78 +101,4 @@ func TestUpdateHandler(t *testing.T) { assert.JSONEq(t, string(expected), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - - r = updateConfig.Request{ - UserDefaultRoles: []string{"role1", "role2"}, - } - ) - - authorizer.On("Authorize", u.UUID, permission.ConfigUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updateConfig.NewUseCase(&configRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - json.NewEncoder(&payload).Encode(r) - - request := httptest.NewRequest(http.MethodPut, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - configRepository.AssertNotCalled(t, "GetLatestRevision") - configRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - configRepository configMocks.MockConfigRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - - r = updateConfig.Request{ - UserDefaultRoles: []string{"role1", "role2"}, - } - ) - - authorizer.On("Authorize", u.UUID, permission.ConfigUpdate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updateConfig.NewUseCase(&configRepository, &requestValidator), &authorizer) - - var payload bytes.Buffer - json.NewEncoder(&payload).Encode(r) - - request := httptest.NewRequest(http.MethodPut, "/", &payload) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - configRepository.AssertNotCalled(t, "GetLatestRevision") - configRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/element/create.go b/presentation/http/api/dashboard/element/create.go index 2a826cbc..e0037571 100644 --- a/presentation/http/api/dashboard/element/create.go +++ b/presentation/http/api/dashboard/element/create.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" createElement "github.com/khanzadimahdi/testproject/application/dashboard/element/createElement" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type createHandler struct { - useCase *createElement.UseCase - authorizer domain.Authorizer + useCase *createElement.UseCase } -func NewCreateHandler(useCase *createElement.UseCase, a domain.Authorizer) *createHandler { +func NewCreateHandler(useCase *createElement.UseCase) *createHandler { return &createHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *createHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ElementsCreate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request createElement.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/element/delete.go b/presentation/http/api/dashboard/element/delete.go index ec17e1f1..91be836f 100644 --- a/presentation/http/api/dashboard/element/delete.go +++ b/presentation/http/api/dashboard/element/delete.go @@ -4,34 +4,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" deleteElement "github.com/khanzadimahdi/testproject/application/dashboard/element/deleteElement" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteHandler struct { - useCase *deleteElement.UseCase - authorizer domain.Authorizer + useCase *deleteElement.UseCase } -func NewDeleteHandler(useCase *deleteElement.UseCase, a domain.Authorizer) *deleteHandler { +func NewDeleteHandler(useCase *deleteElement.UseCase) *deleteHandler { return &deleteHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ElementsDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") request := &deleteElement.Request{ diff --git a/presentation/http/api/dashboard/element/index.go b/presentation/http/api/dashboard/element/index.go index d3d7d2e1..e8acf6eb 100644 --- a/presentation/http/api/dashboard/element/index.go +++ b/presentation/http/api/dashboard/element/index.go @@ -6,34 +6,20 @@ import ( "strconv" "unsafe" - "github.com/khanzadimahdi/testproject/application/auth" getElements "github.com/khanzadimahdi/testproject/application/dashboard/element/getElements" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexHandler struct { - useCase *getElements.UseCase - authorizer domain.Authorizer + useCase *getElements.UseCase } -func NewIndexHandler(useCase *getElements.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getElements.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ElementsIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var page uint = 1 if r.URL.Query().Has("page") { parsedPage, err := strconv.ParseUint(r.URL.Query().Get("page"), 10, int(unsafe.Sizeof(page))) diff --git a/presentation/http/api/dashboard/element/show.go b/presentation/http/api/dashboard/element/show.go index 7b6bd103..b84f4f21 100644 --- a/presentation/http/api/dashboard/element/show.go +++ b/presentation/http/api/dashboard/element/show.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" getElement "github.com/khanzadimahdi/testproject/application/dashboard/element/getElement" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getElement.UseCase - authorizer domain.Authorizer + useCase *getElement.UseCase } -func NewShowHandler(useCase *getElement.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getElement.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ElementsShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") response, err := h.useCase.Execute(UUID) diff --git a/presentation/http/api/dashboard/element/update.go b/presentation/http/api/dashboard/element/update.go index 36d941e6..04f12c16 100644 --- a/presentation/http/api/dashboard/element/update.go +++ b/presentation/http/api/dashboard/element/update.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" updateElement "github.com/khanzadimahdi/testproject/application/dashboard/element/updateElement" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateHandler struct { - useCase *updateElement.UseCase - authorizer domain.Authorizer + useCase *updateElement.UseCase } -func NewUpdateHandler(useCase *updateElement.UseCase, a domain.Authorizer) *updateHandler { +func NewUpdateHandler(useCase *updateElement.UseCase) *updateHandler { return &updateHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.ElementsUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request updateElement.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/file/delete.go b/presentation/http/api/dashboard/file/delete.go index fbce47f8..d284dcc1 100644 --- a/presentation/http/api/dashboard/file/delete.go +++ b/presentation/http/api/dashboard/file/delete.go @@ -4,34 +4,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" deletefile "github.com/khanzadimahdi/testproject/application/dashboard/file/deleteFile" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteHandler struct { - useCase *deletefile.UseCase - authorizer domain.Authorizer + useCase *deletefile.UseCase } -func NewDeleteHandler(useCase *deletefile.UseCase, a domain.Authorizer) *deleteHandler { +func NewDeleteHandler(useCase *deletefile.UseCase) *deleteHandler { return &deleteHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.FilesDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") err := h.useCase.Execute(deletefile.Request{ diff --git a/presentation/http/api/dashboard/file/deleteUser.go b/presentation/http/api/dashboard/file/deleteUser.go index 5048f67c..51a2af49 100644 --- a/presentation/http/api/dashboard/file/deleteUser.go +++ b/presentation/http/api/dashboard/file/deleteUser.go @@ -7,30 +7,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" deleteuserfile "github.com/khanzadimahdi/testproject/application/dashboard/file/deleteUserFile" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteUserHandler struct { - useCase *deleteuserfile.UseCase - authorizer domain.Authorizer + useCase *deleteuserfile.UseCase } -func NewDeleteUserHandler(useCase *deleteuserfile.UseCase, a domain.Authorizer) *deleteUserHandler { +func NewDeleteUserHandler(useCase *deleteuserfile.UseCase) *deleteUserHandler { return &deleteUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfFilesDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } UUID := r.PathValue("uuid") diff --git a/presentation/http/api/dashboard/file/deleteUser_test.go b/presentation/http/api/dashboard/file/deleteUser_test.go index c626716e..aa7acbd7 100644 --- a/presentation/http/api/dashboard/file/deleteUser_test.go +++ b/presentation/http/api/dashboard/file/deleteUser_test.go @@ -2,7 +2,6 @@ package file import ( "context" - "errors" "net/http" "net/http/httptest" "testing" @@ -11,9 +10,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" deleteuserfile "github.com/khanzadimahdi/testproject/application/dashboard/file/deleteUserFile" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/files" s "github.com/khanzadimahdi/testproject/infrastructure/storage/mock" @@ -28,7 +25,6 @@ func TestDeleteUserHandler(t *testing.T) { var ( filesRepository files.MockFilesRepository storage s.MockStorage - authorizer domain.MockAuthorizer u = user.User{UUID: "user-test-uuid"} @@ -44,9 +40,6 @@ func TestDeleteUserHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.SelfFilesDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("GetOneByOwnerUUID", r.OwnerUUID, r.FileUUID).Once().Return(f, nil) filesRepository.On("DeleteByOwnerUUID", r.OwnerUUID, r.FileUUID).Return(nil) defer filesRepository.AssertExpectations(t) @@ -54,7 +47,7 @@ func TestDeleteUserHandler(t *testing.T) { storage.On("Delete", context.Background(), f.StoredName).Once().Return(nil) defer storage.AssertExpectations(t) - handler := NewDeleteUserHandler(deleteuserfile.NewUseCase(&filesRepository, &storage), &authorizer) + handler := NewDeleteUserHandler(deleteuserfile.NewUseCase(&filesRepository, &storage)) request := httptest.NewRequest(http.MethodDelete, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -66,86 +59,4 @@ func TestDeleteUserHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage s.MockStorage - authorizer domain.MockAuthorizer - - u = user.User{UUID: "user-test-uuid"} - - r = deleteuserfile.Request{ - OwnerUUID: u.UUID, - FileUUID: "file-uuid", - } - - f = file.File{ - UUID: r.FileUUID, - Name: "file-name", - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfFilesDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteUserHandler(deleteuserfile.NewUseCase(&filesRepository, &storage), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", f.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - filesRepository.AssertNotCalled(t, "GetOneByOwnerUUID") - filesRepository.AssertNotCalled(t, "DeleteByOwnerUUID") - storage.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage s.MockStorage - authorizer domain.MockAuthorizer - - u = user.User{UUID: "user-test-uuid"} - - r = deleteuserfile.Request{ - OwnerUUID: u.UUID, - FileUUID: "file-uuid", - } - - f = file.File{ - UUID: r.FileUUID, - Name: "file-name", - } - ) - - authorizer.On("Authorize", u.UUID, permission.SelfFilesDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteUserHandler(deleteuserfile.NewUseCase(&filesRepository, &storage), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", f.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - filesRepository.AssertNotCalled(t, "GetOneByOwnerUUID") - filesRepository.AssertNotCalled(t, "DeleteByOwnerUUID") - storage.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/file/delete_test.go b/presentation/http/api/dashboard/file/delete_test.go index 548bbeae..e5193b65 100644 --- a/presentation/http/api/dashboard/file/delete_test.go +++ b/presentation/http/api/dashboard/file/delete_test.go @@ -2,7 +2,6 @@ package file import ( "context" - "errors" "net/http" "net/http/httptest" "testing" @@ -11,9 +10,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" deletefile "github.com/khanzadimahdi/testproject/application/dashboard/file/deleteFile" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/files" s "github.com/khanzadimahdi/testproject/infrastructure/storage/mock" @@ -28,7 +25,6 @@ func TestDeleteHandler(t *testing.T) { var ( filesRepository files.MockFilesRepository storage s.MockStorage - authorizer domain.MockAuthorizer u = user.User{UUID: "user-test-uuid"} @@ -41,9 +37,6 @@ func TestDeleteHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.FilesDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("GetOne", r.FileUUID).Once().Return(f, nil) filesRepository.On("Delete", r.FileUUID).Return(nil) defer filesRepository.AssertExpectations(t) @@ -51,7 +44,7 @@ func TestDeleteHandler(t *testing.T) { storage.On("Delete", context.Background(), f.StoredName).Once().Return(nil) defer storage.AssertExpectations(t) - handler := NewDeleteHandler(deletefile.NewUseCase(&filesRepository, &storage), &authorizer) + handler := NewDeleteHandler(deletefile.NewUseCase(&filesRepository, &storage)) request := httptest.NewRequest(http.MethodDelete, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -63,78 +56,4 @@ func TestDeleteHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage s.MockStorage - authorizer domain.MockAuthorizer - - u = user.User{UUID: "user-test-uuid"} - - r = deletefile.Request{FileUUID: "file-uuid"} - - f = file.File{ - UUID: r.FileUUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.FilesDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deletefile.NewUseCase(&filesRepository, &storage), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", f.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - filesRepository.AssertNotCalled(t, "GetOne") - filesRepository.AssertNotCalled(t, "Delete") - storage.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage s.MockStorage - authorizer domain.MockAuthorizer - - u = user.User{UUID: "user-test-uuid"} - - r = deletefile.Request{FileUUID: "file-uuid"} - - f = file.File{ - UUID: r.FileUUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.FilesDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deletefile.NewUseCase(&filesRepository, &storage), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", f.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - filesRepository.AssertNotCalled(t, "GetOne") - filesRepository.AssertNotCalled(t, "Delete") - storage.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/file/index.go b/presentation/http/api/dashboard/file/index.go index 6ca413e9..444c4ccf 100644 --- a/presentation/http/api/dashboard/file/index.go +++ b/presentation/http/api/dashboard/file/index.go @@ -6,34 +6,20 @@ import ( "strconv" "unsafe" - "github.com/khanzadimahdi/testproject/application/auth" getfiles "github.com/khanzadimahdi/testproject/application/dashboard/file/getFiles" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexHandler struct { - useCase *getfiles.UseCase - authorizer domain.Authorizer + useCase *getfiles.UseCase } -func NewIndexHandler(useCase *getfiles.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getfiles.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.FilesIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var page uint = 1 if r.URL.Query().Has("page") { parsedPage, err := strconv.ParseUint(r.URL.Query().Get("page"), 10, int(unsafe.Sizeof(page))) diff --git a/presentation/http/api/dashboard/file/indexUser.go b/presentation/http/api/dashboard/file/indexUser.go index a81acaf9..4067a624 100644 --- a/presentation/http/api/dashboard/file/indexUser.go +++ b/presentation/http/api/dashboard/file/indexUser.go @@ -8,31 +8,20 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getuserfiles "github.com/khanzadimahdi/testproject/application/dashboard/file/getUserFiles" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexUserHandler struct { - useCase *getuserfiles.UseCase - authorizer domain.Authorizer + useCase *getuserfiles.UseCase } -func NewIndexUserHandler(useCase *getuserfiles.UseCase, a domain.Authorizer) *indexUserHandler { +func NewIndexUserHandler(useCase *getuserfiles.UseCase) *indexUserHandler { return &indexUserHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexUserHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.SelfFilesIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } var page uint = 1 if r.URL.Query().Has("page") { diff --git a/presentation/http/api/dashboard/file/indexUser_test.go b/presentation/http/api/dashboard/file/indexUser_test.go index 078d4f8f..af573d9a 100644 --- a/presentation/http/api/dashboard/file/indexUser_test.go +++ b/presentation/http/api/dashboard/file/indexUser_test.go @@ -1,7 +1,6 @@ package file import ( - "errors" "net/http" "net/http/httptest" "os" @@ -11,9 +10,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getuserfiles "github.com/khanzadimahdi/testproject/application/dashboard/file/getUserFiles" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/files" ) @@ -25,7 +22,6 @@ func TestIndexUserHandler(t *testing.T) { t.Parallel() var ( - authorizer domain.MockAuthorizer filesRepository files.MockFilesRepository f = []file.File{ @@ -47,14 +43,11 @@ func TestIndexUserHandler(t *testing.T) { u = user.User{UUID: "user-test-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.SelfFilesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("CountByOwnerUUID", u.UUID).Once().Return(uint(len(f)), nil) filesRepository.On("GetAllByOwnerUUID", u.UUID, uint(0), uint(20)).Once().Return(f, nil) defer filesRepository.AssertExpectations(t) - handler := NewIndexUserHandler(getuserfiles.NewUseCase(&filesRepository), &authorizer) + handler := NewIndexUserHandler(getuserfiles.NewUseCase(&filesRepository)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -74,20 +67,16 @@ func TestIndexUserHandler(t *testing.T) { t.Parallel() var ( - authorizer domain.MockAuthorizer filesRepository files.MockFilesRepository u = user.User{UUID: "user-test-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.SelfFilesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("CountByOwnerUUID", u.UUID).Once().Return(uint(0), nil) filesRepository.On("GetAllByOwnerUUID", u.UUID, uint(0), uint(20)).Once().Return(nil, nil) defer filesRepository.AssertExpectations(t) - handler := NewIndexUserHandler(getuserfiles.NewUseCase(&filesRepository), &authorizer) + handler := NewIndexUserHandler(getuserfiles.NewUseCase(&filesRepository)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -102,60 +91,4 @@ func TestIndexUserHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - authorizer domain.MockAuthorizer - filesRepository files.MockFilesRepository - - u = user.User{UUID: "user-test-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.SelfFilesIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - filesRepository.AssertNotCalled(t, "CountByOwnerUUID") - filesRepository.AssertNotCalled(t, "GetAllByOwnerUUID") - - handler := NewIndexUserHandler(getuserfiles.NewUseCase(&filesRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - authorizer domain.MockAuthorizer - filesRepository files.MockFilesRepository - - u = user.User{UUID: "user-test-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.SelfFilesIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - filesRepository.AssertNotCalled(t, "CountByOwnerUUID") - filesRepository.AssertNotCalled(t, "GetAllByOwnerUUID") - - handler := NewIndexUserHandler(getuserfiles.NewUseCase(&filesRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/file/index_test.go b/presentation/http/api/dashboard/file/index_test.go index 34b88504..a58e3411 100644 --- a/presentation/http/api/dashboard/file/index_test.go +++ b/presentation/http/api/dashboard/file/index_test.go @@ -1,7 +1,6 @@ package file import ( - "errors" "net/http" "net/http/httptest" "os" @@ -11,9 +10,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getfiles "github.com/khanzadimahdi/testproject/application/dashboard/file/getFiles" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/files" ) @@ -25,7 +22,6 @@ func TestIndexHandler(t *testing.T) { t.Parallel() var ( - authorizer domain.MockAuthorizer filesRepository files.MockFilesRepository f = []file.File{ @@ -47,14 +43,11 @@ func TestIndexHandler(t *testing.T) { u = user.User{UUID: "user-test-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.FilesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("Count").Once().Return(uint(len(f)), nil) filesRepository.On("GetAll", uint(0), uint(20)).Once().Return(f, nil) defer filesRepository.AssertExpectations(t) - handler := NewIndexHandler(getfiles.NewUseCase(&filesRepository), &authorizer) + handler := NewIndexHandler(getfiles.NewUseCase(&filesRepository)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -74,20 +67,16 @@ func TestIndexHandler(t *testing.T) { t.Parallel() var ( - authorizer domain.MockAuthorizer filesRepository files.MockFilesRepository u = user.User{UUID: "user-test-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.FilesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("Count").Once().Return(uint(0), nil) filesRepository.On("GetAll", uint(0), uint(20)).Once().Return(nil, nil) defer filesRepository.AssertExpectations(t) - handler := NewIndexHandler(getfiles.NewUseCase(&filesRepository), &authorizer) + handler := NewIndexHandler(getfiles.NewUseCase(&filesRepository)) request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -102,60 +91,4 @@ func TestIndexHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - authorizer domain.MockAuthorizer - filesRepository files.MockFilesRepository - - u = user.User{UUID: "user-test-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.FilesIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - filesRepository.AssertNotCalled(t, "Count") - filesRepository.AssertNotCalled(t, "GetAll") - - handler := NewIndexHandler(getfiles.NewUseCase(&filesRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - authorizer domain.MockAuthorizer - filesRepository files.MockFilesRepository - - u = user.User{UUID: "user-test-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.FilesIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - filesRepository.AssertNotCalled(t, "Count") - filesRepository.AssertNotCalled(t, "GetAll") - - handler := NewIndexHandler(getfiles.NewUseCase(&filesRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/?page=1", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/file/show.go b/presentation/http/api/dashboard/file/show.go index 839013fd..583498dd 100644 --- a/presentation/http/api/dashboard/file/show.go +++ b/presentation/http/api/dashboard/file/show.go @@ -4,34 +4,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" getfile "github.com/khanzadimahdi/testproject/application/dashboard/file/getFile" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getfile.UseCase - authorizer domain.Authorizer + useCase *getfile.UseCase } -func NewShowHandler(useCase *getfile.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getfile.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.FilesShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") response, err := h.useCase.Execute(UUID) diff --git a/presentation/http/api/dashboard/file/show_test.go b/presentation/http/api/dashboard/file/show_test.go index 77b1f3cc..dc73e666 100644 --- a/presentation/http/api/dashboard/file/show_test.go +++ b/presentation/http/api/dashboard/file/show_test.go @@ -16,7 +16,6 @@ import ( getfile "github.com/khanzadimahdi/testproject/application/dashboard/file/getFile" "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/files" "github.com/khanzadimahdi/testproject/infrastructure/storage/mock" @@ -31,7 +30,6 @@ func TestShowHandler(t *testing.T) { var ( filesRepository files.MockFilesRepository storage mock.MockStorage - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -45,9 +43,6 @@ func TestShowHandler(t *testing.T) { fileData := []byte("this is the file payload") reader := NewSeekReadCloser(fileData) - authorizer.On("Authorize", u.UUID, permission.FilesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("GetOne", f.UUID).Once().Return(f, nil) defer filesRepository.AssertExpectations(t) @@ -55,7 +50,7 @@ func TestShowHandler(t *testing.T) { defer storage.AssertExpectations(t) useCase := getfile.NewUseCase(&filesRepository, &storage) - handler := NewShowHandler(useCase, &authorizer) + handler := NewShowHandler(useCase) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -75,7 +70,6 @@ func TestShowHandler(t *testing.T) { var ( filesRepository files.MockFilesRepository storage mock.MockStorage - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -84,14 +78,11 @@ func TestShowHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.FilesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("GetOne", f.UUID).Once().Return(file.File{}, domain.ErrNotExists) defer filesRepository.AssertExpectations(t) useCase := getfile.NewUseCase(&filesRepository, &storage) - handler := NewShowHandler(useCase, &authorizer) + handler := NewShowHandler(useCase) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -107,49 +98,12 @@ func TestShowHandler(t *testing.T) { assert.Equal(t, http.StatusNotFound, response.Code) }) - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage mock.MockStorage - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - file = file.File{ - UUID: "file-test-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.FilesShow).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - useCase := getfile.NewUseCase(&filesRepository, &storage) - handler := NewShowHandler(useCase, &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", file.UUID) - - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - filesRepository.AssertNotCalled(t, "GetOne") - storage.AssertNotCalled(t, "Read") - - assert.Equal(t, 0, response.Body.Len()) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - t.Run("error on reading file/writing to output", func(t *testing.T) { t.Parallel() var ( filesRepository files.MockFilesRepository storage mock.MockStorage - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -163,9 +117,6 @@ func TestShowHandler(t *testing.T) { fileData := "this is the file payload" reader := io.NopCloser(strings.NewReader(fileData)) - authorizer.On("Authorize", u.UUID, permission.FilesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - filesRepository.On("GetOne", file.UUID).Once().Return(file, nil) defer filesRepository.AssertExpectations(t) @@ -173,7 +124,7 @@ func TestShowHandler(t *testing.T) { defer storage.AssertExpectations(t) useCase := getfile.NewUseCase(&filesRepository, &storage) - handler := NewShowHandler(useCase, &authorizer) + handler := NewShowHandler(useCase) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -186,42 +137,6 @@ func TestShowHandler(t *testing.T) { assert.Equal(t, 0, response.Body.Len()) assert.Equal(t, http.StatusInternalServerError, response.Code) }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage mock.MockStorage - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - file = file.File{ - UUID: "file-test-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.FilesShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - useCase := getfile.NewUseCase(&filesRepository, &storage) - handler := NewShowHandler(useCase, &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", file.UUID) - - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - filesRepository.AssertNotCalled(t, "GetOne") - storage.AssertNotCalled(t, "Read") - - assert.Equal(t, 0, response.Body.Len()) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } type SeekReadCloser struct { diff --git a/presentation/http/api/dashboard/file/upload.go b/presentation/http/api/dashboard/file/upload.go index 7a9e90b3..0cffc9c6 100644 --- a/presentation/http/api/dashboard/file/upload.go +++ b/presentation/http/api/dashboard/file/upload.go @@ -7,32 +7,19 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" uploadfile "github.com/khanzadimahdi/testproject/application/dashboard/file/uploadFile" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type createHandler struct { - useCase *uploadfile.UseCase - authorizer domain.Authorizer + useCase *uploadfile.UseCase } -func NewUploadHandler(useCase *uploadfile.UseCase, a domain.Authorizer) *createHandler { +func NewUploadHandler(useCase *uploadfile.UseCase) *createHandler { return &createHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *createHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.FilesCreate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - if err := r.ParseMultipartForm(uploadfile.MaxFileSize); err != nil { rw.WriteHeader(http.StatusInternalServerError) return diff --git a/presentation/http/api/dashboard/file/upload_test.go b/presentation/http/api/dashboard/file/upload_test.go index 6cc334fb..c99ac57b 100644 --- a/presentation/http/api/dashboard/file/upload_test.go +++ b/presentation/http/api/dashboard/file/upload_test.go @@ -3,7 +3,6 @@ package file import ( "bytes" "context" - "errors" "mime/multipart" "net/http" "net/http/httptest" @@ -16,9 +15,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" createfile "github.com/khanzadimahdi/testproject/application/dashboard/file/uploadFile" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/file" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/files" s "github.com/khanzadimahdi/testproject/infrastructure/storage/mock" @@ -34,7 +31,6 @@ func TestUploadHandler(t *testing.T) { var ( filesRepository files.MockFilesRepository storage s.MockStorage - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{UUID: "auth-user-uuid"} @@ -58,9 +54,6 @@ func TestUploadHandler(t *testing.T) { err = w.Close() assert.NoError(t, err) - authorizer.On("Authorize", u.UUID, permission.FilesCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", mock.Anything).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -74,7 +67,7 @@ func TestUploadHandler(t *testing.T) { filesRepository.On("Save", matchingFile).Once().Return(fileUUID, nil) defer filesRepository.AssertExpectations(t) - handler := NewUploadHandler(createfile.NewUseCase(&filesRepository, &storage, &requestValidator), &authorizer) + handler := NewUploadHandler(createfile.NewUseCase(&filesRepository, &storage, &requestValidator)) request := httptest.NewRequest(http.MethodPost, "/", &payload) request.Header.Add("Content-Type", w.FormDataContentType()) @@ -92,98 +85,4 @@ func TestUploadHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusCreated, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage s.MockStorage - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - - fileContent = "file content" - - r = createfile.Request{ - Name: "test filename.ext", - } - ) - - var payload bytes.Buffer - w := multipart.NewWriter(&payload) - fw, err := w.CreateFormFile("file", r.Name) - assert.NoError(t, err) - _, err = fw.Write([]byte(fileContent)) - assert.NoError(t, err) - err = w.Close() - assert.NoError(t, err) - - authorizer.On("Authorize", u.UUID, permission.FilesCreate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUploadHandler(createfile.NewUseCase(&filesRepository, &storage, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request.Header.Add("Content-Type", w.FormDataContentType()) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - storage.AssertNotCalled(t, "Store") - filesRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - filesRepository files.MockFilesRepository - storage s.MockStorage - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{UUID: "auth-user-uuid"} - - fileContent = "file content" - - r = createfile.Request{ - Name: "test filename.ext", - } - ) - - var payload bytes.Buffer - w := multipart.NewWriter(&payload) - fw, err := w.CreateFormFile("file", r.Name) - assert.NoError(t, err) - _, err = fw.Write([]byte(fileContent)) - assert.NoError(t, err) - err = w.Close() - assert.NoError(t, err) - - authorizer.On("Authorize", u.UUID, permission.FilesCreate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewUploadHandler(createfile.NewUseCase(&filesRepository, &storage, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", &payload) - request.Header.Add("Content-Type", w.FormDataContentType()) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - storage.AssertNotCalled(t, "Store") - filesRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/permission/index.go b/presentation/http/api/dashboard/permission/index.go index ee8abf72..04becf5b 100644 --- a/presentation/http/api/dashboard/permission/index.go +++ b/presentation/http/api/dashboard/permission/index.go @@ -4,35 +4,20 @@ import ( "encoding/json" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" - getpermissions "github.com/khanzadimahdi/testproject/application/dashboard/permission/getPermissions" ) type indexHandler struct { - useCase *getpermissions.UseCase - authorizer domain.Authorizer + useCase *getpermissions.UseCase } -func NewIndexHandler(useCase *getpermissions.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getpermissions.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.PermissionsIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - response, err := h.useCase.Execute() switch { case err != nil: diff --git a/presentation/http/api/dashboard/permission/index_test.go b/presentation/http/api/dashboard/permission/index_test.go index 8154ddfa..3766e8cd 100644 --- a/presentation/http/api/dashboard/permission/index_test.go +++ b/presentation/http/api/dashboard/permission/index_test.go @@ -1,7 +1,6 @@ package permission import ( - "errors" "net/http" "net/http/httptest" "os" @@ -11,7 +10,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getpermissions "github.com/khanzadimahdi/testproject/application/dashboard/permission/getPermissions" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/permissions" @@ -25,7 +23,6 @@ func TestIndexHandler(t *testing.T) { var ( permissionsRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -36,13 +33,10 @@ func TestIndexHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.PermissionsIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - permissionsRepository.On("GetAll").Once().Return(p) defer permissionsRepository.AssertExpectations(t) - handler := NewIndexHandler(getpermissions.NewUseCase(&permissionsRepository), &authorizer) + handler := NewIndexHandler(getpermissions.NewUseCase(&permissionsRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -57,58 +51,4 @@ func TestIndexHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - permissionsRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.PermissionsIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getpermissions.NewUseCase(&permissionsRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - permissionsRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - permissionsRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.PermissionsIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getpermissions.NewUseCase(&permissionsRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - permissionsRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/role/create.go b/presentation/http/api/dashboard/role/create.go index 212d8d4f..d7d0256c 100644 --- a/presentation/http/api/dashboard/role/create.go +++ b/presentation/http/api/dashboard/role/create.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" createrole "github.com/khanzadimahdi/testproject/application/dashboard/role/createRole" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type createHandler struct { - useCase *createrole.UseCase - authorizer domain.Authorizer + useCase *createrole.UseCase } -func NewCreateHandler(useCase *createrole.UseCase, a domain.Authorizer) *createHandler { +func NewCreateHandler(useCase *createrole.UseCase) *createHandler { return &createHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *createHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.RolesCreate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request createrole.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/role/create_test.go b/presentation/http/api/dashboard/role/create_test.go index 78668865..cc75a2b1 100644 --- a/presentation/http/api/dashboard/role/create_test.go +++ b/presentation/http/api/dashboard/role/create_test.go @@ -3,7 +3,6 @@ package role import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -32,7 +31,6 @@ func TestCreateHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator translator translator.TranslatorMock @@ -61,9 +59,6 @@ func TestCreateHandler(t *testing.T) { roleUUID = "role-uuid" ) - authorizer.On("Authorize", u.UUID, permission.RolesCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -73,7 +68,7 @@ func TestCreateHandler(t *testing.T) { roleRepository.On("Save", &c).Once().Return(roleUUID, nil) defer roleRepository.AssertExpectations(t) - handler := NewCreateHandler(createrole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) + handler := NewCreateHandler(createrole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -101,23 +96,19 @@ func TestCreateHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator translator translator.TranslatorMock u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.RolesCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &createrole.Request{}).Once().Return(domain.ValidationErrors{ "description": "description is required", "name": "name is required", }) defer requestValidator.AssertExpectations(t) - handler := NewCreateHandler(createrole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) + handler := NewCreateHandler(createrole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -136,70 +127,4 @@ func TestCreateHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - translator translator.TranslatorMock - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesCreate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createrole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - translator.AssertNotCalled(t, "Translate") - permissionRepository.AssertNotCalled(t, "Get") - roleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - translator translator.TranslatorMock - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesCreate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createrole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - translator.AssertNotCalled(t, "Translate") - permissionRepository.AssertNotCalled(t, "Get") - roleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/role/delete.go b/presentation/http/api/dashboard/role/delete.go index 1353d291..7d2ee2f9 100644 --- a/presentation/http/api/dashboard/role/delete.go +++ b/presentation/http/api/dashboard/role/delete.go @@ -4,34 +4,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" deleterole "github.com/khanzadimahdi/testproject/application/dashboard/role/deleteRole" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteHandler struct { - useCase *deleterole.UseCase - authorizer domain.Authorizer + useCase *deleterole.UseCase } -func NewDeleteHandler(useCase *deleterole.UseCase, a domain.Authorizer) *deleteHandler { +func NewDeleteHandler(useCase *deleterole.UseCase) *deleteHandler { return &deleteHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.RolesDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") request := &deleterole.Request{ diff --git a/presentation/http/api/dashboard/role/delete_test.go b/presentation/http/api/dashboard/role/delete_test.go index 0e6ee1a9..94d30671 100644 --- a/presentation/http/api/dashboard/role/delete_test.go +++ b/presentation/http/api/dashboard/role/delete_test.go @@ -1,7 +1,6 @@ package role import ( - "errors" "net/http" "net/http/httptest" "testing" @@ -10,8 +9,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" deleterole "github.com/khanzadimahdi/testproject/application/dashboard/role/deleteRole" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/roles" ) @@ -24,20 +21,16 @@ func TestDeleteHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} r = deleterole.Request{RoleUUID: "role-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.RolesDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - roleRepository.On("Delete", r.RoleUUID).Return(nil) defer roleRepository.AssertExpectations(t) - handler := NewDeleteHandler(deleterole.NewUseCase(&roleRepository), &authorizer) + handler := NewDeleteHandler(deleterole.NewUseCase(&roleRepository)) request := httptest.NewRequest(http.MethodDelete, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -49,64 +42,4 @@ func TestDeleteHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - r = deleterole.Request{RoleUUID: "role-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deleterole.NewUseCase(&roleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", r.RoleUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - roleRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - r = deleterole.Request{RoleUUID: "role-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deleterole.NewUseCase(&roleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodDelete, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", r.RoleUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - roleRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/role/index.go b/presentation/http/api/dashboard/role/index.go index 62fc9f14..728323f2 100644 --- a/presentation/http/api/dashboard/role/index.go +++ b/presentation/http/api/dashboard/role/index.go @@ -6,34 +6,20 @@ import ( "strconv" "unsafe" - "github.com/khanzadimahdi/testproject/application/auth" getroles "github.com/khanzadimahdi/testproject/application/dashboard/role/getRoles" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexHandler struct { - useCase *getroles.UseCase - authorizer domain.Authorizer + useCase *getroles.UseCase } -func NewIndexHandler(useCase *getroles.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getroles.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.RolesIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var page uint = 1 if r.URL.Query().Has("page") { parsedPage, err := strconv.ParseUint(r.URL.Query().Get("page"), 10, int(unsafe.Sizeof(page))) diff --git a/presentation/http/api/dashboard/role/index_test.go b/presentation/http/api/dashboard/role/index_test.go index 475070dc..f3effe84 100644 --- a/presentation/http/api/dashboard/role/index_test.go +++ b/presentation/http/api/dashboard/role/index_test.go @@ -1,7 +1,6 @@ package role import ( - "errors" "net/http" "net/http/httptest" "os" @@ -11,8 +10,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getroles "github.com/khanzadimahdi/testproject/application/dashboard/role/getRoles" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/role" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/roles" @@ -26,7 +23,6 @@ func TestIndexHandler(t *testing.T) { var ( rolesRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -46,14 +42,11 @@ func TestIndexHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.RolesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - rolesRepository.On("Count").Once().Return(uint(len(p)), nil) rolesRepository.On("GetAll", uint(0), uint(10)).Once().Return(p, nil) defer rolesRepository.AssertExpectations(t) - handler := NewIndexHandler(getroles.NewUseCase(&rolesRepository), &authorizer) + handler := NewIndexHandler(getroles.NewUseCase(&rolesRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -74,19 +67,15 @@ func TestIndexHandler(t *testing.T) { var ( rolesRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.RolesIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - rolesRepository.On("Count").Once().Return(uint(0), nil) rolesRepository.On("GetAll", uint(0), uint(10)).Once().Return(nil, nil) defer rolesRepository.AssertExpectations(t) - handler := NewIndexHandler(getroles.NewUseCase(&rolesRepository), &authorizer) + handler := NewIndexHandler(getroles.NewUseCase(&rolesRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -101,60 +90,4 @@ func TestIndexHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - rolesRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getroles.NewUseCase(&rolesRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - rolesRepository.AssertNotCalled(t, "Count") - rolesRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - rolesRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getroles.NewUseCase(&rolesRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - rolesRepository.AssertNotCalled(t, "Count") - rolesRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/role/show.go b/presentation/http/api/dashboard/role/show.go index 862a0825..94bfeea7 100644 --- a/presentation/http/api/dashboard/role/show.go +++ b/presentation/http/api/dashboard/role/show.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" getrole "github.com/khanzadimahdi/testproject/application/dashboard/role/getRole" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getrole.UseCase - authorizer domain.Authorizer + useCase *getrole.UseCase } -func NewShowHandler(useCase *getrole.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getrole.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.RolesShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") response, err := h.useCase.Execute(UUID) diff --git a/presentation/http/api/dashboard/role/show_test.go b/presentation/http/api/dashboard/role/show_test.go index 82002ed2..745c966f 100644 --- a/presentation/http/api/dashboard/role/show_test.go +++ b/presentation/http/api/dashboard/role/show_test.go @@ -1,7 +1,6 @@ package role import ( - "errors" "net/http" "net/http/httptest" "os" @@ -12,7 +11,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getrole "github.com/khanzadimahdi/testproject/application/dashboard/role/getRole" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/role" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/roles" @@ -26,7 +24,6 @@ func TestShowHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} @@ -38,13 +35,10 @@ func TestShowHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.RolesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - roleRepository.On("GetOne", roleUUID).Return(a, nil) defer roleRepository.AssertExpectations(t) - handler := NewShowHandler(getrole.NewUseCase(&roleRepository), &authorizer) + handler := NewShowHandler(getrole.NewUseCase(&roleRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -66,20 +60,16 @@ func TestShowHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer u = user.User{UUID: "auth-user-uuid"} roleUUID = "role-uuid" ) - authorizer.On("Authorize", u.UUID, permission.RolesShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - roleRepository.On("GetOne", roleUUID).Return(role.Role{}, domain.ErrNotExists) defer roleRepository.AssertExpectations(t) - handler := NewShowHandler(getrole.NewUseCase(&roleRepository), &authorizer) + handler := NewShowHandler(getrole.NewUseCase(&roleRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -91,64 +81,4 @@ func TestShowHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNotFound, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - roleUUID = "role-uuid" - ) - - authorizer.On("Authorize", u.UUID, permission.RolesShow).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getrole.NewUseCase(&roleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", roleUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - roleRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - authorizer domain.MockAuthorizer - - u = user.User{UUID: "auth-user-uuid"} - - roleUUID = "role-uuid" - ) - - authorizer.On("Authorize", u.UUID, permission.RolesShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getrole.NewUseCase(&roleRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", roleUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - roleRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/role/update.go b/presentation/http/api/dashboard/role/update.go index afc9bceb..5b684efa 100644 --- a/presentation/http/api/dashboard/role/update.go +++ b/presentation/http/api/dashboard/role/update.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" updaterole "github.com/khanzadimahdi/testproject/application/dashboard/role/updateRole" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateHandler struct { - useCase *updaterole.UseCase - authorizer domain.Authorizer + useCase *updaterole.UseCase } -func NewUpdateHandler(useCase *updaterole.UseCase, a domain.Authorizer) *updateHandler { +func NewUpdateHandler(useCase *updaterole.UseCase) *updateHandler { return &updateHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - userUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(userUUID, permission.RolesUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request updaterole.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/role/update_test.go b/presentation/http/api/dashboard/role/update_test.go index e41c50c7..261bd7c9 100644 --- a/presentation/http/api/dashboard/role/update_test.go +++ b/presentation/http/api/dashboard/role/update_test.go @@ -3,7 +3,6 @@ package role import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -32,7 +31,6 @@ func TestUpdateHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator translator translator.TranslatorMock @@ -61,9 +59,6 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.RolesUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -73,7 +68,7 @@ func TestUpdateHandler(t *testing.T) { roleRepository.On("Save", &c).Once().Return(c.UUID, nil) defer roleRepository.AssertExpectations(t) - handler := NewUpdateHandler(updaterole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) + handler := NewUpdateHandler(updaterole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -97,16 +92,12 @@ func TestUpdateHandler(t *testing.T) { var ( roleRepository roles.MockRolesRepository permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator translator translator.TranslatorMock u = user.User{UUID: "auth-user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.RolesUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &updaterole.Request{}).Once().Return(domain.ValidationErrors{ "description": "description is required", "name": "name is required", @@ -114,7 +105,7 @@ func TestUpdateHandler(t *testing.T) { }) defer requestValidator.AssertExpectations(t) - handler := NewUpdateHandler(updaterole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) + handler := NewUpdateHandler(updaterole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -133,72 +124,4 @@ func TestUpdateHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorized", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - translator translator.TranslatorMock - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updaterole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - translator.AssertNotCalled(t, "Translate") - - permissionRepository.AssertNotCalled(t, "Get") - roleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - roleRepository roles.MockRolesRepository - permissionRepository permissions.MockPermissionsRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - translator translator.TranslatorMock - - u = user.User{UUID: "auth-user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.RolesUpdate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updaterole.NewUseCase(&roleRepository, &permissionRepository, &requestValidator, &translator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - translator.AssertNotCalled(t, "Translate") - - permissionRepository.AssertNotCalled(t, "Get") - roleRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/user/changepassword.go b/presentation/http/api/dashboard/user/changepassword.go index ee4b8359..31355842 100644 --- a/presentation/http/api/dashboard/user/changepassword.go +++ b/presentation/http/api/dashboard/user/changepassword.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/user/userchangepassword" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type changePasswordHandler struct { - userCase *userchangepassword.UseCase - authorizer domain.Authorizer + userCase *userchangepassword.UseCase } -func NewChangePasswordHandler(userCase *userchangepassword.UseCase, a domain.Authorizer) *changePasswordHandler { +func NewChangePasswordHandler(userCase *userchangepassword.UseCase) *changePasswordHandler { return &changePasswordHandler{ - userCase: userCase, - authorizer: a, + userCase: userCase, } } func (h *changePasswordHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - currentUserUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(currentUserUUID, permission.UsersPasswordUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request userchangepassword.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/user/changepassword_test.go b/presentation/http/api/dashboard/user/changepassword_test.go index 8ba65643..b44d802e 100644 --- a/presentation/http/api/dashboard/user/changepassword_test.go +++ b/presentation/http/api/dashboard/user/changepassword_test.go @@ -3,7 +3,6 @@ package user import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -15,7 +14,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" "github.com/khanzadimahdi/testproject/application/dashboard/user/userchangepassword" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" crypt "github.com/khanzadimahdi/testproject/infrastructure/crypto/mock" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" @@ -31,7 +29,6 @@ func TestChangePasswordHandler(t *testing.T) { var ( userRepository users.MockUsersRepository hasher crypt.MockCrypto - authorizer domain.MockAuthorizer requestValidator validator.MockValidator r = userchangepassword.Request{ @@ -44,9 +41,6 @@ func TestChangePasswordHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersPasswordUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -57,7 +51,7 @@ func TestChangePasswordHandler(t *testing.T) { hasher.On("Hash", []byte(r.NewPassword), mock.AnythingOfType("[]uint8")).Once().Return([]byte("hashed-new-password"), nil) defer hasher.AssertExpectations(t) - handler := NewChangePasswordHandler(userchangepassword.NewUseCase(&userRepository, &hasher, &requestValidator), &authorizer) + handler := NewChangePasswordHandler(userchangepassword.NewUseCase(&userRepository, &hasher, &requestValidator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -79,7 +73,6 @@ func TestChangePasswordHandler(t *testing.T) { var ( userRepository users.MockUsersRepository hasher crypt.MockCrypto - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{ @@ -92,13 +85,10 @@ func TestChangePasswordHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersPasswordUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &userchangepassword.Request{}).Once().Return(validationErrors) defer requestValidator.AssertExpectations(t) - handler := NewChangePasswordHandler(userchangepassword.NewUseCase(&userRepository, &hasher, &requestValidator), &authorizer) + handler := NewChangePasswordHandler(userchangepassword.NewUseCase(&userRepository, &hasher, &requestValidator)) request := httptest.NewRequest(http.MethodPatch, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -117,74 +107,4 @@ func TestChangePasswordHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorised", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - hasher crypt.MockCrypto - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersPasswordUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewChangePasswordHandler(userchangepassword.NewUseCase(&userRepository, &hasher, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodPatch, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - - userRepository.AssertNotCalled(t, "GetOne") - userRepository.AssertNotCalled(t, "Save") - hasher.AssertNotCalled(t, "Hash") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - hasher crypt.MockCrypto - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersPasswordUpdate).Once().Return(false, errors.New("undexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewChangePasswordHandler(userchangepassword.NewUseCase(&userRepository, &hasher, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodPatch, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - - userRepository.AssertNotCalled(t, "GetOne") - userRepository.AssertNotCalled(t, "Save") - hasher.AssertNotCalled(t, "Hash") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/user/create.go b/presentation/http/api/dashboard/user/create.go index 46285624..8ec1cf9d 100644 --- a/presentation/http/api/dashboard/user/create.go +++ b/presentation/http/api/dashboard/user/create.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" createuser "github.com/khanzadimahdi/testproject/application/dashboard/user/createUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type createHandler struct { - useCase *createuser.UseCase - authorizer domain.Authorizer + useCase *createuser.UseCase } -func NewCreateHandler(useCase *createuser.UseCase, a domain.Authorizer) *createHandler { +func NewCreateHandler(useCase *createuser.UseCase) *createHandler { return &createHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *createHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - currentUserUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(currentUserUUID, permission.UsersCreate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request createuser.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/user/create_test.go b/presentation/http/api/dashboard/user/create_test.go index ebeecc88..a7d7a8b0 100644 --- a/presentation/http/api/dashboard/user/create_test.go +++ b/presentation/http/api/dashboard/user/create_test.go @@ -3,7 +3,6 @@ package user import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -15,7 +14,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" createuser "github.com/khanzadimahdi/testproject/application/dashboard/user/createUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/crypto/mock" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" @@ -32,7 +30,6 @@ func TestCreateHandler(t *testing.T) { var ( userRepository users.MockUsersRepository hasher mock.MockCrypto - authorizer domain.MockAuthorizer requestValidator validator.MockValidator translator translator.TranslatorMock @@ -50,9 +47,6 @@ func TestCreateHandler(t *testing.T) { userUUID = "test-user-uuid" ) - authorizer.On("Authorize", u.UUID, permission.UsersCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -64,7 +58,7 @@ func TestCreateHandler(t *testing.T) { hasher.On("Hash", []byte(r.Password), mock2.AnythingOfType("[]uint8")).Once().Return([]byte("hashed-password")) defer hasher.AssertExpectations(t) - handler := NewCreateHandler(createuser.NewUseCase(&userRepository, &hasher, &requestValidator, &translator), &authorizer) + handler := NewCreateHandler(createuser.NewUseCase(&userRepository, &hasher, &requestValidator, &translator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -92,7 +86,6 @@ func TestCreateHandler(t *testing.T) { var ( userRepository users.MockUsersRepository hasher mock.MockCrypto - authorizer domain.MockAuthorizer requestValidator validator.MockValidator translator translator.TranslatorMock @@ -107,13 +100,10 @@ func TestCreateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersCreate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &createuser.Request{}).Once().Return(validationErrors) defer requestValidator.AssertExpectations(t) - handler := NewCreateHandler(createuser.NewUseCase(&userRepository, &hasher, &requestValidator, &translator), &authorizer) + handler := NewCreateHandler(createuser.NewUseCase(&userRepository, &hasher, &requestValidator, &translator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -135,81 +125,4 @@ func TestCreateHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("unauthorised", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - hasher mock.MockCrypto - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - translator translator.TranslatorMock - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersCreate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createuser.NewUseCase(&userRepository, &hasher, &requestValidator, &translator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - translator.AssertNotCalled(t, "Translate") - - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "Save") - hasher.AssertNotCalled(t, "Hash") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - hasher mock.MockCrypto - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - translator translator.TranslatorMock - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersCreate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewCreateHandler(createuser.NewUseCase(&userRepository, &hasher, &requestValidator, &translator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - translator.AssertNotCalled(t, "Translate") - - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "Save") - hasher.AssertNotCalled(t, "Hash") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/user/delete.go b/presentation/http/api/dashboard/user/delete.go index 3b6396ab..86f62ae5 100644 --- a/presentation/http/api/dashboard/user/delete.go +++ b/presentation/http/api/dashboard/user/delete.go @@ -4,34 +4,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" deleteuser "github.com/khanzadimahdi/testproject/application/dashboard/user/deleteUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type deleteHandler struct { - useCase *deleteuser.UseCase - authorizer domain.Authorizer + useCase *deleteuser.UseCase } -func NewDeleteHandler(useCase *deleteuser.UseCase, a domain.Authorizer) *deleteHandler { +func NewDeleteHandler(useCase *deleteuser.UseCase) *deleteHandler { return &deleteHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *deleteHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - currentUserUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(currentUserUUID, permission.UsersDelete); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") request := &deleteuser.Request{ diff --git a/presentation/http/api/dashboard/user/delete_test.go b/presentation/http/api/dashboard/user/delete_test.go index 737cb0d4..1172c0c0 100644 --- a/presentation/http/api/dashboard/user/delete_test.go +++ b/presentation/http/api/dashboard/user/delete_test.go @@ -1,18 +1,16 @@ package user import ( - "errors" "net/http" "net/http/httptest" "testing" + "github.com/stretchr/testify/assert" + "github.com/khanzadimahdi/testproject/application/auth" deleteuser "github.com/khanzadimahdi/testproject/application/dashboard/user/deleteUser" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" - "github.com/stretchr/testify/assert" ) func TestDeleteHandler(t *testing.T) { @@ -23,7 +21,6 @@ func TestDeleteHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{ UUID: "user-uuid", @@ -32,12 +29,9 @@ func TestDeleteHandler(t *testing.T) { r = deleteuser.Request{UserUUID: "user-uuid"} ) - authorizer.On("Authorize", u.UUID, permission.UsersDelete).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - userRepository.On("Delete", r.UserUUID).Return(nil) defer userRepository.AssertExpectations(t) - handler := NewDeleteHandler(deleteuser.NewUseCase(&userRepository), &authorizer) + handler := NewDeleteHandler(deleteuser.NewUseCase(&userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -49,68 +43,4 @@ func TestDeleteHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNoContent, response.Code) }) - - t.Run("unauthorised", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - - r = deleteuser.Request{UserUUID: "user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.UsersDelete).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deleteuser.NewUseCase(&userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", r.UserUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - userRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - - r = deleteuser.Request{UserUUID: "user-uuid"} - ) - - authorizer.On("Authorize", u.UUID, permission.UsersDelete).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewDeleteHandler(deleteuser.NewUseCase(&userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", r.UserUUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - userRepository.AssertNotCalled(t, "Delete") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/user/index.go b/presentation/http/api/dashboard/user/index.go index 426240ab..d3ac5598 100644 --- a/presentation/http/api/dashboard/user/index.go +++ b/presentation/http/api/dashboard/user/index.go @@ -6,34 +6,20 @@ import ( "strconv" "unsafe" - "github.com/khanzadimahdi/testproject/application/auth" getusers "github.com/khanzadimahdi/testproject/application/dashboard/user/getUsers" - "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type indexHandler struct { - useCase *getusers.UseCase - authorizer domain.Authorizer + useCase *getusers.UseCase } -func NewIndexHandler(useCase *getusers.UseCase, a domain.Authorizer) *indexHandler { +func NewIndexHandler(useCase *getusers.UseCase) *indexHandler { return &indexHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *indexHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - currentUserUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(currentUserUUID, permission.UsersIndex); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var page uint = 1 if r.URL.Query().Has("page") { parsedPage, err := strconv.ParseUint(r.URL.Query().Get("page"), 10, int(unsafe.Sizeof(page))) diff --git a/presentation/http/api/dashboard/user/index_test.go b/presentation/http/api/dashboard/user/index_test.go index 8323ce28..c4821b02 100644 --- a/presentation/http/api/dashboard/user/index_test.go +++ b/presentation/http/api/dashboard/user/index_test.go @@ -1,7 +1,6 @@ package user import ( - "errors" "net/http" "net/http/httptest" "os" @@ -11,9 +10,7 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getusers "github.com/khanzadimahdi/testproject/application/dashboard/user/getUsers" - "github.com/khanzadimahdi/testproject/domain" "github.com/khanzadimahdi/testproject/domain/password" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" ) @@ -26,7 +23,6 @@ func TestIndexHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{ UUID: "user-uuid", @@ -55,14 +51,11 @@ func TestIndexHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - userRepository.On("Count").Once().Return(uint(len(a)), nil) userRepository.On("GetAll", uint(0), uint(10)).Return(a, nil) defer userRepository.AssertExpectations(t) - handler := NewIndexHandler(getusers.NewUseCase(&userRepository), &authorizer) + handler := NewIndexHandler(getusers.NewUseCase(&userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -83,21 +76,17 @@ func TestIndexHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{ UUID: "user-uuid", } ) - authorizer.On("Authorize", u.UUID, permission.UsersIndex).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - userRepository.On("Count").Once().Return(uint(0), nil) userRepository.On("GetAll", uint(0), uint(10)).Return(nil, nil) defer userRepository.AssertExpectations(t) - handler := NewIndexHandler(getusers.NewUseCase(&userRepository), &authorizer) + handler := NewIndexHandler(getusers.NewUseCase(&userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -112,64 +101,4 @@ func TestIndexHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusOK, response.Code) }) - - t.Run("unauthorised", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersIndex).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getusers.NewUseCase(&userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - userRepository.AssertNotCalled(t, "Count") - userRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.String(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersIndex).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewIndexHandler(getusers.NewUseCase(&userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - userRepository.AssertNotCalled(t, "Count") - userRepository.AssertNotCalled(t, "GetAll") - - assert.Len(t, response.Body.String(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/user/show.go b/presentation/http/api/dashboard/user/show.go index 6c32aeb0..800f2fba 100644 --- a/presentation/http/api/dashboard/user/show.go +++ b/presentation/http/api/dashboard/user/show.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" getuser "github.com/khanzadimahdi/testproject/application/dashboard/user/getUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type showHandler struct { - useCase *getuser.UseCase - authorizer domain.Authorizer + useCase *getuser.UseCase } -func NewShowHandler(useCase *getuser.UseCase, a domain.Authorizer) *showHandler { +func NewShowHandler(useCase *getuser.UseCase) *showHandler { return &showHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *showHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - currentUserUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(currentUserUUID, permission.UsersShow); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - UUID := r.PathValue("uuid") response, err := h.useCase.Execute(UUID) diff --git a/presentation/http/api/dashboard/user/show_test.go b/presentation/http/api/dashboard/user/show_test.go index 9e725559..82ebeaaf 100644 --- a/presentation/http/api/dashboard/user/show_test.go +++ b/presentation/http/api/dashboard/user/show_test.go @@ -1,7 +1,6 @@ package user import ( - "errors" "net/http" "net/http/httptest" "os" @@ -12,7 +11,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" getuser "github.com/khanzadimahdi/testproject/application/dashboard/user/getUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" ) @@ -25,7 +23,6 @@ func TestShowHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{ UUID: "user-uuid", @@ -37,13 +34,10 @@ func TestShowHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - userRepository.On("GetOne", userUUID).Return(a, nil) defer userRepository.AssertExpectations(t) - handler := NewShowHandler(getuser.NewUseCase(&userRepository), &authorizer) + handler := NewShowHandler(getuser.NewUseCase(&userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -65,7 +59,6 @@ func TestShowHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer u = user.User{ UUID: "user-uuid", @@ -77,13 +70,10 @@ func TestShowHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersShow).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - userRepository.On("GetOne", userUUID).Return(user.User{}, domain.ErrNotExists) defer userRepository.AssertExpectations(t) - handler := NewShowHandler(getuser.NewUseCase(&userRepository), &authorizer) + handler := NewShowHandler(getuser.NewUseCase(&userRepository)) request := httptest.NewRequest(http.MethodGet, "/", nil) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -95,74 +85,4 @@ func TestShowHandler(t *testing.T) { assert.Len(t, response.Body.Bytes(), 0) assert.Equal(t, http.StatusNotFound, response.Code) }) - - t.Run("unauthorised", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - - userUUID = "user-uuid" - a = user.User{ - UUID: userUUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersShow).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getuser.NewUseCase(&userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", a.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - userRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - - u = user.User{ - UUID: "user-uuid", - } - - userUUID = "user-uuid" - a = user.User{ - UUID: userUUID, - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersShow).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewShowHandler(getuser.NewUseCase(&userRepository), &authorizer) - - request := httptest.NewRequest(http.MethodGet, "/", nil) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - request.SetPathValue("uuid", a.UUID) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - userRepository.AssertNotCalled(t, "GetOne") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/api/dashboard/user/update.go b/presentation/http/api/dashboard/user/update.go index 0b121207..a2da3041 100644 --- a/presentation/http/api/dashboard/user/update.go +++ b/presentation/http/api/dashboard/user/update.go @@ -5,34 +5,21 @@ import ( "errors" "net/http" - "github.com/khanzadimahdi/testproject/application/auth" updateuser "github.com/khanzadimahdi/testproject/application/dashboard/user/updateUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" ) type updateHandler struct { - useCase *updateuser.UseCase - authorizer domain.Authorizer + useCase *updateuser.UseCase } -func NewUpdateHandler(useCase *updateuser.UseCase, a domain.Authorizer) *updateHandler { +func NewUpdateHandler(useCase *updateuser.UseCase) *updateHandler { return &updateHandler{ - useCase: useCase, - authorizer: a, + useCase: useCase, } } func (h *updateHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { - currentUserUUID := auth.FromContext(r.Context()).UUID - if ok, err := h.authorizer.Authorize(currentUserUUID, permission.UsersUpdate); err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } else if !ok { - rw.WriteHeader(http.StatusForbidden) - return - } - var request updateuser.Request if err := json.NewDecoder(r.Body).Decode(&request); err != nil { rw.WriteHeader(http.StatusBadRequest) diff --git a/presentation/http/api/dashboard/user/update_test.go b/presentation/http/api/dashboard/user/update_test.go index 97a463f0..cde36952 100644 --- a/presentation/http/api/dashboard/user/update_test.go +++ b/presentation/http/api/dashboard/user/update_test.go @@ -3,7 +3,6 @@ package user import ( "bytes" "encoding/json" - "errors" "net/http" "net/http/httptest" "os" @@ -15,7 +14,6 @@ import ( "github.com/khanzadimahdi/testproject/application/auth" updateuser "github.com/khanzadimahdi/testproject/application/dashboard/user/updateUser" "github.com/khanzadimahdi/testproject/domain" - "github.com/khanzadimahdi/testproject/domain/permission" "github.com/khanzadimahdi/testproject/domain/user" "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" "github.com/khanzadimahdi/testproject/infrastructure/validator" @@ -29,7 +27,6 @@ func TestUpdateHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{ @@ -51,9 +48,6 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &r).Once().Return(nil) defer requestValidator.AssertExpectations(t) @@ -63,7 +57,7 @@ func TestUpdateHandler(t *testing.T) { userRepository.On("Save", mock2.Anything).Once().Return(r.UserUUID, nil) defer userRepository.AssertExpectations(t) - handler := NewUpdateHandler(updateuser.NewUseCase(&userRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updateuser.NewUseCase(&userRepository, &requestValidator)) var payload bytes.Buffer err := json.NewEncoder(&payload).Encode(r) @@ -84,7 +78,6 @@ func TestUpdateHandler(t *testing.T) { var ( userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer requestValidator validator.MockValidator u = user.User{ @@ -92,9 +85,6 @@ func TestUpdateHandler(t *testing.T) { } ) - authorizer.On("Authorize", u.UUID, permission.UsersUpdate).Once().Return(true, nil) - defer authorizer.AssertExpectations(t) - requestValidator.On("Validate", &updateuser.Request{}).Once().Return(domain.ValidationErrors{ "email": "email is required", "name": "name is required", @@ -102,7 +92,7 @@ func TestUpdateHandler(t *testing.T) { }) defer requestValidator.AssertExpectations(t) - handler := NewUpdateHandler(updateuser.NewUseCase(&userRepository, &requestValidator), &authorizer) + handler := NewUpdateHandler(updateuser.NewUseCase(&userRepository, &requestValidator)) request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) request = request.WithContext(auth.ToContext(request.Context(), &u)) @@ -122,73 +112,4 @@ func TestUpdateHandler(t *testing.T) { assert.JSONEq(t, string(expectedBody), response.Body.String()) assert.Equal(t, http.StatusBadRequest, response.Code) }) - - t.Run("access forbidden", func(t *testing.T) { - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersUpdate).Once().Return(false, nil) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updateuser.NewUseCase(&userRepository, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "GetOne") - userRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusForbidden, response.Code) - - }) - - t.Run("error", func(t *testing.T) { - t.Parallel() - - var ( - userRepository users.MockUsersRepository - authorizer domain.MockAuthorizer - requestValidator validator.MockValidator - - u = user.User{ - UUID: "user-uuid", - } - ) - - authorizer.On("Authorize", u.UUID, permission.UsersUpdate).Once().Return(false, errors.New("unexpected error")) - defer authorizer.AssertExpectations(t) - - handler := NewUpdateHandler(updateuser.NewUseCase(&userRepository, &requestValidator), &authorizer) - - request := httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString("{}")) - request = request.WithContext(auth.ToContext(request.Context(), &u)) - response := httptest.NewRecorder() - - handler.ServeHTTP(response, request) - - requestValidator.AssertNotCalled(t, "Validate") - - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "GetOneByIdentity") - userRepository.AssertNotCalled(t, "GetOne") - userRepository.AssertNotCalled(t, "Save") - - assert.Len(t, response.Body.Bytes(), 0) - assert.Equal(t, http.StatusInternalServerError, response.Code) - }) } diff --git a/presentation/http/middleware/authorise.go b/presentation/http/middleware/authenticate.go similarity index 67% rename from presentation/http/middleware/authorise.go rename to presentation/http/middleware/authenticate.go index bd6c8948..51f8fe41 100644 --- a/presentation/http/middleware/authorise.go +++ b/presentation/http/middleware/authenticate.go @@ -8,23 +8,28 @@ import ( "github.com/khanzadimahdi/testproject/infrastructure/jwt" ) -type Authorise struct { +const ( + authenticationHeaderName = "authorization" + authenticationHeaderPrefix = "bearer " +) + +type Authenticate struct { next http.Handler j *jwt.JWT userRepository user.Repository } -var _ http.Handler = &Authorise{} +var _ http.Handler = &Authenticate{} -func NewAuthoriseMiddleware(next http.Handler, j *jwt.JWT, userRepository user.Repository) *Authorise { - return &Authorise{ +func NewAuthenticateMiddleware(next http.Handler, j *jwt.JWT, userRepository user.Repository) *Authenticate { + return &Authenticate{ j: j, userRepository: userRepository, next: next, } } -func (a *Authorise) ServeHTTP(rw http.ResponseWriter, r *http.Request) { +func (a *Authenticate) ServeHTTP(rw http.ResponseWriter, r *http.Request) { token := a.bearerToken(r) claims, err := a.j.Verify(token) if err != nil { @@ -52,9 +57,9 @@ func (a *Authorise) ServeHTTP(rw http.ResponseWriter, r *http.Request) { a.next.ServeHTTP(rw, r.WithContext(auth.ToContext(r.Context(), &user))) } -func (a *Authorise) bearerToken(r *http.Request) string { - offset := len("bearer ") - h := r.Header.Get("authorization") +func (a *Authenticate) bearerToken(r *http.Request) string { + offset := len(authenticationHeaderPrefix) + h := r.Header.Get(authenticationHeaderName) if len(h) <= offset { return "" } diff --git a/presentation/http/middleware/authorise_test.go b/presentation/http/middleware/authenticate_test.go similarity index 84% rename from presentation/http/middleware/authorise_test.go rename to presentation/http/middleware/authenticate_test.go index 1e2ccfa6..8529854e 100644 --- a/presentation/http/middleware/authorise_test.go +++ b/presentation/http/middleware/authenticate_test.go @@ -2,7 +2,6 @@ package middleware import ( "bytes" - "fmt" "net/http" "net/http/httptest" "testing" @@ -17,13 +16,13 @@ import ( "github.com/khanzadimahdi/testproject/infrastructure/repository/mocks/users" ) -func TestAuthorizeMiddleware(t *testing.T) { +func TestAuthenticateMiddleware(t *testing.T) { privateKey, err := ecdsa.Generate() assert.NoError(t, err) j := jwt.NewJWT(privateKey, privateKey.Public()) - t.Run("authorize and run next handler", func(t *testing.T) { + t.Run("authenticate and run next handler", func(t *testing.T) { var ( userRepository users.MockUsersRepository @@ -47,10 +46,10 @@ func TestAuthorizeMiddleware(t *testing.T) { assert.NoError(t, err) }) - middleware := NewAuthoriseMiddleware(next, j, &userRepository) + middleware := NewAuthenticateMiddleware(next, j, &userRepository) request := httptest.NewRequest(http.MethodPost, "/", nil) - request.Header.Set("authorization", fmt.Sprintf("bearer %s", token)) + request.Header.Set(authenticationHeaderName, authenticationHeaderPrefix+token) response := httptest.NewRecorder() middleware.ServeHTTP(response, request) @@ -59,7 +58,7 @@ func TestAuthorizeMiddleware(t *testing.T) { assert.Equal(t, http.StatusOK, response.Code) }) - t.Run("unauthorized", func(t *testing.T) { + t.Run("authentication fails", func(t *testing.T) { var ( userRepository users.MockUsersRepository @@ -80,10 +79,10 @@ func TestAuthorizeMiddleware(t *testing.T) { assert.NoError(t, err) }) - middleware := NewAuthoriseMiddleware(next, j, &userRepository) + middleware := NewAuthenticateMiddleware(next, j, &userRepository) request := httptest.NewRequest(http.MethodPost, "/", nil) - request.Header.Set("authorization", fmt.Sprintf("bearer %s", token)) + request.Header.Set(authenticationHeaderName, authenticationHeaderPrefix+token) response := httptest.NewRecorder() middleware.ServeHTTP(response, request) diff --git a/presentation/http/middleware/authorize.go b/presentation/http/middleware/authorize.go new file mode 100644 index 00000000..eba75d63 --- /dev/null +++ b/presentation/http/middleware/authorize.go @@ -0,0 +1,41 @@ +package middleware + +import ( + "net/http" + + "github.com/khanzadimahdi/testproject/application/auth" + "github.com/khanzadimahdi/testproject/domain" +) + +type Authorize struct { + next http.Handler + authorizer domain.Authorizer + permission string +} + +var _ http.Handler = &Authorize{} + +func NewAuthorizeMiddleware( + next http.Handler, + authorizer domain.Authorizer, + permission string, +) *Authorize { + return &Authorize{ + next: next, + authorizer: authorizer, + permission: permission, + } +} + +func (a *Authorize) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + userUUID := auth.FromContext(r.Context()).UUID + if ok, err := a.authorizer.Authorize(userUUID, a.permission); err != nil { + rw.WriteHeader(http.StatusInternalServerError) + return + } else if !ok { + rw.WriteHeader(http.StatusForbidden) + return + } + + a.next.ServeHTTP(rw, r) +} diff --git a/presentation/http/middleware/authorize_test.go b/presentation/http/middleware/authorize_test.go new file mode 100644 index 00000000..91233645 --- /dev/null +++ b/presentation/http/middleware/authorize_test.go @@ -0,0 +1,124 @@ +package middleware + +import ( + "bytes" + "errors" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/khanzadimahdi/testproject/application/auth" + "github.com/khanzadimahdi/testproject/domain" + "github.com/khanzadimahdi/testproject/domain/user" +) + +func TestAuthorizeMiddleware(t *testing.T) { + t.Parallel() + + t.Run("authorize middleware", func(t *testing.T) { + t.Parallel() + + var ( + authorizer domain.MockAuthorizer + + u = user.User{ + UUID: "user-test-uuid", + } + + permission = "test-permission" + expectedResponse = "test response" + ) + + authorizer.On("Authorize", u.UUID, permission).Once().Return(true, nil) + defer authorizer.AssertExpectations(t) + + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := bytes.NewBufferString(expectedResponse).WriteTo(w) + assert.NoError(t, err) + }) + + middleware := NewAuthorizeMiddleware(next, &authorizer, permission) + + request := httptest.NewRequest(http.MethodGet, "/", nil) + request = request.WithContext(auth.ToContext(request.Context(), &u)) + response := httptest.NewRecorder() + + middleware.ServeHTTP(response, request) + + assert.Equal(t, expectedResponse, response.Body.String()) + assert.Equal(t, http.StatusOK, response.Code) + }) + + t.Run("authorize middleware with error", func(t *testing.T) { + t.Parallel() + + var ( + authorizer domain.MockAuthorizer + + u = user.User{ + UUID: "user-test-uuid", + } + + permission = "test-permission" + expectedResponse = "test response" + ) + + authorizer.On("Authorize", u.UUID, permission).Once().Return(false, errors.New("some error")) + defer authorizer.AssertExpectations(t) + + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := bytes.NewBufferString(expectedResponse).WriteTo(w) + assert.NoError(t, err) + }) + + middleware := NewAuthorizeMiddleware(next, &authorizer, permission) + + request := httptest.NewRequest(http.MethodGet, "/", nil) + request = request.WithContext(auth.ToContext(request.Context(), &u)) + response := httptest.NewRecorder() + + middleware.ServeHTTP(response, request) + + assert.Empty(t, response.Body) + assert.Equal(t, http.StatusInternalServerError, response.Code) + }) + + t.Run("authorize middleware with forbidden", func(t *testing.T) { + t.Parallel() + + var ( + authorizer domain.MockAuthorizer + + u = user.User{ + UUID: "user-test-uuid", + } + + permission = "test-permission" + expectedResponse = "test response" + ) + + authorizer.On("Authorize", u.UUID, permission).Once().Return(false, nil) + defer authorizer.AssertExpectations(t) + + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := bytes.NewBufferString(expectedResponse).WriteTo(w) + assert.NoError(t, err) + }) + + middleware := NewAuthorizeMiddleware(next, &authorizer, permission) + + request := httptest.NewRequest(http.MethodGet, "/", nil) + request = request.WithContext(auth.ToContext(request.Context(), &u)) + response := httptest.NewRecorder() + + middleware.ServeHTTP(response, request) + + assert.Empty(t, response.Body) + assert.Equal(t, http.StatusForbidden, response.Code) + }) +}