wdevs/amcs
5
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(auth): enhance middleware to support Bearer token auth

Browse Source 
* Added support for extracting Bearer tokens from Authorization header.
* Updated middleware to prefer explicit header over Bearer token.
* Improved test coverage for authentication scenarios.
This commit is contained in:
Hein
2026-03-26 17:02:38 +02:00
parent ef0ace2bab
commit ed05d390b7
3 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
internal/auth/keyring_test.go
View File

@@ -57,6 +57,58 @@ func TestMiddlewareAllowsHeaderAuthAndSetsContext(t *testing.T) {
}
}
func TestMiddlewareAllowsBearerAuthAndSetsContext(t *testing.T) {
keyring, err := NewKeyring([]config.APIKey{{ID: "client-a", Value: "secret"}})
if err != nil {
t.Fatalf("NewKeyring() error = %v", err)
}
handler := Middleware(config.AuthConfig{HeaderName: "x-brain-key"}, keyring, testLogger())(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
keyID, ok := KeyIDFromContext(r.Context())
if !ok || keyID != "client-a" {
t.Fatalf("KeyIDFromContext() = (%q, %v), want (client-a, true)", keyID, ok)
}
w.WriteHeader(http.StatusOK)
}))
req := httptest.NewRequest(http.MethodGet, "/mcp", nil)
req.Header.Set("Authorization", "Bearer secret")
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
}
}
func TestMiddlewarePrefersExplicitHeaderOverBearerAuth(t *testing.T) {
keyring, err := NewKeyring([]config.APIKey{
{ID: "client-a", Value: "secret"},
{ID: "client-b", Value: "other-secret"},
})
if err != nil {
t.Fatalf("NewKeyring() error = %v", err)
}
handler := Middleware(config.AuthConfig{HeaderName: "x-brain-key"}, keyring, testLogger())(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
keyID, ok := KeyIDFromContext(r.Context())
if !ok || keyID != "client-a" {
t.Fatalf("KeyIDFromContext() = (%q, %v), want (client-a, true)", keyID, ok)
}
w.WriteHeader(http.StatusOK)
}))
req := httptest.NewRequest(http.MethodGet, "/mcp", nil)
req.Header.Set("x-brain-key", "secret")
req.Header.Set("Authorization", "Bearer other-secret")
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
}
}
func TestMiddlewareAllowsQueryParamWhenEnabled(t *testing.T) {
keyring, err := NewKeyring([]config.APIKey{{ID: "client-a", Value: "secret"}})
if err != nil {