Merge pull request #124 from deploymenttheory/dev

Moved cookiejar to it's own specific package

Author: ShocOne

authenticationhandler/auth_bearer_token.go

@@ -1,7 +1,6 @@
 // authenticationhandler/auth_bearer_token.go
 /* The http_client_auth package focuses on authentication mechanisms for an HTTP client.
-It provides structures and methods for handling both basic and bearer token based authentication
-*/
+It provides structures and methods for handling both basic and bearer token based authentication */
 
 package authenticationhandler
 

cookiejar/cookiejar.go

@@ -0,0 +1,75 @@
+// cookiejar/cookiejar.go
+
+/* The cookiejar package provides utility functions for managing cookies within an HTTP client
+context in Go. This package aims to enhance HTTP client functionalities by offering cookie
+handling capabilities, including initialization of a cookie jar, redaction of sensitive cookies,
+and parsing of cookies from HTTP headers. Below is an explanation of the core functionalities
+provided by this package*/
+
+package cookiejar
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/cookiejar"
+	"strings"
+
+	"github.com/deploymenttheory/go-api-http-client/logger"
+	"go.uber.org/zap"
+)
+
+// SetupCookieJar initializes the HTTP client with a cookie jar if enabled in the configuration.
+func SetupCookieJar(client *http.Client, enableCookieJar bool, log logger.Logger) error {
+	if enableCookieJar {
+		jar, err := cookiejar.New(nil) // nil options use default options
+		if err != nil {
+			log.Error("Failed to create cookie jar", zap.Error(err))
+			return fmt.Errorf("setupCookieJar failed: %w", err) // Wrap and return the error
+		}
+		client.Jar = jar
+	}
+	return nil
+}
+
+// RedactSensitiveCookies redacts sensitive information from cookies.
+// It takes a slice of *http.Cookie and returns a redacted slice of *http.Cookie.
+func RedactSensitiveCookies(cookies []*http.Cookie) []*http.Cookie {
+	// Define sensitive cookie names that should be redacted.
+	sensitiveCookieNames := map[string]bool{
+		"SessionID": true, // Example sensitive cookie name
+		// More sensitive cookie names will be added as needed.
+	}
+
+	// Iterate over the cookies and redact sensitive ones.
+	for _, cookie := range cookies {
+		if _, found := sensitiveCookieNames[cookie.Name]; found {
+			cookie.Value = "REDACTED"
+		}
+	}
+
+	return cookies
+}
+
+// Utility function to convert cookies from http.Header to []*http.Cookie.
+// This can be useful if cookies are stored in http.Header (e.g., from a response).
+func CookiesFromHeader(header http.Header) []*http.Cookie {
+	cookies := []*http.Cookie{}
+	for _, cookieHeader := range header["Set-Cookie"] {
+		if cookie := ParseCookieHeader(cookieHeader); cookie != nil {
+			cookies = append(cookies, cookie)
+		}
+	}
+	return cookies
+}
+
+// ParseCookieHeader parses a single Set-Cookie header and returns an *http.Cookie.
+func ParseCookieHeader(header string) *http.Cookie {
+	headerParts := strings.Split(header, ";")
+	if len(headerParts) > 0 {
+		cookieParts := strings.SplitN(headerParts[0], "=", 2)
+		if len(cookieParts) == 2 {
+			return &http.Cookie{Name: cookieParts[0], Value: cookieParts[1]}
+		}
+	}
+	return nil
+}

cookiejar/cookiejar_test.go

@@ -0,0 +1,56 @@
+// cookiejar/cookiejar_test.go
+package cookiejar
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestRedactSensitiveCookies tests the RedactSensitiveCookies function to ensure it correctly redacts sensitive cookies.
+func TestRedactSensitiveCookies(t *testing.T) {
+	cookies := []*http.Cookie{
+		{Name: "SessionID", Value: "sensitive-value-1"},
+		{Name: "NonSensitiveCookie", Value: "non-sensitive-value"},
+		{Name: "AnotherSensitiveCookie", Value: "sensitive-value-2"},
+	}
+
+	redactedCookies := RedactSensitiveCookies(cookies)
+
+	// Define expected outcomes for each cookie.
+	expectedValues := map[string]string{
+		"SessionID":              "REDACTED",
+		"NonSensitiveCookie":     "non-sensitive-value",
+		"AnotherSensitiveCookie": "sensitive-value-2", // Assuming this is not in the sensitive list.
+	}
+
+	for _, cookie := range redactedCookies {
+		assert.Equal(t, expectedValues[cookie.Name], cookie.Value, "Cookie value should match expected redaction outcome")
+	}
+}
+
+// TestCookiesFromHeader tests the CookiesFromHeader function to ensure it can correctly parse cookies from HTTP headers.
+func TestCookiesFromHeader(t *testing.T) {
+	header := http.Header{
+		"Set-Cookie": []string{
+			"SessionID=sensitive-value; Path=/; HttpOnly",
+			"NonSensitiveCookie=non-sensitive-value; Path=/",
+		},
+	}
+
+	cookies := CookiesFromHeader(header)
+
+	// Define expected outcomes for each cookie.
+	expectedCookies := []*http.Cookie{
+		{Name: "SessionID", Value: "sensitive-value"},
+		{Name: "NonSensitiveCookie", Value: "non-sensitive-value"},
+	}
+
+	assert.Equal(t, len(expectedCookies), len(cookies), "Number of parsed cookies should match expected")
+
+	for i, expectedCookie := range expectedCookies {
+		assert.Equal(t, expectedCookie.Name, cookies[i].Name, "Cookie names should match")
+		assert.Equal(t, expectedCookie.Value, cookies[i].Value, "Cookie values should match")
+	}
+}

httpclient/httpclient_client.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/deploymenttheory/go-api-http-client/apiintegrations/apihandler"
 	"github.com/deploymenttheory/go-api-http-client/authenticationhandler"
+	"github.com/deploymenttheory/go-api-http-client/cookiejar"
 	"github.com/deploymenttheory/go-api-http-client/logger"
 	"github.com/deploymenttheory/go-api-http-client/redirecthandler"
 	"go.uber.org/zap"
@@ -27,13 +28,13 @@ type Client struct {
 	OverrideBaseDomain string    // Base domain override used when the default in the api handler isn't suitable
 	Expiry             time.Time // Expiry time set for the auth token
 	httpClient         *http.Client
-	tokenLock          sync.Mutex
-	clientConfig       ClientConfig
-	Logger             logger.Logger
-	ConcurrencyMgr     *ConcurrencyManager
-	PerfMetrics        PerformanceMetrics
-	APIHandler         apihandler.APIHandler // APIHandler interface used to define which API handler to use
-	AuthTokenHandler   *authenticationhandler.AuthTokenHandler
+	//tokenLock          sync.Mutex
+	clientConfig     ClientConfig
+	Logger           logger.Logger
+	ConcurrencyMgr   *ConcurrencyManager
+	PerfMetrics      PerformanceMetrics
+	APIHandler       apihandler.APIHandler // APIHandler interface used to define which API handler to use
+	AuthTokenHandler *authenticationhandler.AuthTokenHandler
 }
 
 // Config holds configuration options for the HTTP Client.
@@ -136,7 +137,7 @@ func BuildClient(config ClientConfig) (*Client, error) {
 	}
 
 	// Conditionally setup cookie jar
-	if err := setupCookieJar(httpClient, config.ClientOptions.EnableCookieJar, log); err != nil {
+	if err := cookiejar.SetupCookieJar(httpClient, config.ClientOptions.EnableCookieJar, log); err != nil {
 		log.Error("Error setting up cookie jar", zap.Error(err))
 		return nil, err
 	}

httpclient/httpclient_cookies.go renamed to httpclient/httpclient_cookies.go.BACK

@@ -1,4 +1,4 @@
-// httpclient_cookies.go
+// cookiejar/cookiejar_test.go
 package httpclient
 
 import (