func NewWebRunner(
port uint,
logger lager.Logger,
handler http.Handler,
tlsConfig *tls.Config,
forceHTTPS bool,
redirectPort uint,
username string,
password string,
cookieHandler *securecookie.SecureCookie,
) ifrit.Runner {
m := middleware.Chain{
middleware.NewPanicRecovery(logger),
middleware.NewLogger(logger),
}
if forceHTTPS {
m = append(m, middleware.NewHTTPSEnforcer(redirectPort))
} else if username != "" && password != "" {
m = append(m, middleware.NewAuth(username, password, logger, cookieHandler))
}
return &webRunner{
port: port,
logger: logger,
handler: m.Wrap(handler),
tlsConfig: tlsConfig,
}
}
var fakeResponseWriter http.ResponseWriter
var fakeHandler *fakes.FakeHandler
var fakeLogger *fakes.FakeLogger
BeforeEach(func() {
dummyRequest, err = http.NewRequest("GET", "/some-url", nil)
Expect(err).NotTo(HaveOccurred())
dummyRequest.Header.Add("Authorization", "some auth")
fakeResponseWriter = &fakes.FakeResponseWriter{}
fakeHandler = &fakes.FakeHandler{}
fakeLogger = &fakes.FakeLogger{}
})
It("should not log credentials", func() {
loggerMiddleware := middleware.NewLogger(fakeLogger)
loggerHandler := loggerMiddleware.Wrap(fakeHandler)
loggerHandler.ServeHTTP(fakeResponseWriter, dummyRequest)
Expect(fakeLogger.DebugCallCount()).To(Equal(1))
_, arg1 := fakeLogger.DebugArgsForCall(0)
loggedRequest := arg1[0]["request"].(middleware.LoggableHTTPRequest)
Expect(loggedRequest.Header.Get("Authorization")).To(Equal(""))
})
It("should call next handler", func() {
loggerMiddleware := middleware.NewLogger(fakeLogger)
loggerHandler := loggerMiddleware.Wrap(fakeHandler)
loggerHandler.ServeHTTP(fakeResponseWriter, dummyRequest)
