func TestGenerateToken(t *testing.T) {
ab := backends.NewCacheBasedAuthBackend(cache.NewBoltDBCache(TestDB, []byte(backends.TokenBucketName)), cache.NewBoltDBCache(TestDB, []byte(backends.UserBucketName)))
jwtBackend := InitJWTAuthenticationBackend(ab, []byte("verysecret"), 100)
token, err := jwtBackend.GenerateToken("userUUIDhereVeryLong", "userx")
expect(t, err, nil)
expect(t, len(token) > 0, true)
}
func TestNotBlacklisted(t *testing.T) {
ab := backends.NewCacheBasedAuthBackend(cache.NewBoltDBCache(TestDB, []byte(backends.TokenBucketName)), cache.NewBoltDBCache(TestDB, []byte(backends.UserBucketName)))
jwtBackend := InitJWTAuthenticationBackend(ab, []byte("verysecret"), 100)
tokenString := "exampleTokenStringThatIsNotBlacklisted"
blacklisted := jwtBackend.IsInBlacklist(tokenString)
expect(t, blacklisted, false)
}
func TestAuthenticateFail(t *testing.T) {
ab := backends.NewCacheBasedAuthBackend(cache.NewBoltDBCache(TestDB, []byte(backends.TokenBucketName)), cache.NewBoltDBCache(TestDB, []byte(backends.UserBucketName)))
jwtBackend := InitJWTAuthenticationBackend(ab, []byte("verysecret"), 100)
user := &backends.User{
Username: "******",
Password: "******",
UUID: "uuid_here",
IsAdmin: true}
success := jwtBackend.Authenticate(user)
expect(t, success, false)
}
func TestLogout(t *testing.T) {
ab := backends.NewCacheBasedAuthBackend(cache.NewBoltDBCache(TestDB, []byte(backends.TokenBucketName)), cache.NewBoltDBCache(TestDB, []byte(backends.UserBucketName)))
jwtBackend := InitJWTAuthenticationBackend(ab, []byte("verysecret"), 100)
tokenString := "exampletokenstring"
token := jwt.New(jwt.SigningMethodHS512)
err := jwtBackend.Logout(tokenString, token)
expect(t, err, nil)
// checking whether token is in blacklist
blacklisted := jwtBackend.IsInBlacklist(tokenString)
expect(t, blacklisted, true)
}
func TestAuthenticate(t *testing.T) {
ab := backends.NewCacheBasedAuthBackend(cache.NewBoltDBCache(TestDB, []byte(backends.TokenBucketName)), cache.NewBoltDBCache(TestDB, []byte(backends.UserBucketName)))
username := "******"
passw := "12345"
ab.AddUser(username, passw, true)
jwtBackend := InitJWTAuthenticationBackend(ab, []byte("verysecret"), 100)
user := &backends.User{
Username: string(username),
Password: string(passw),
UUID: "uuid_here",
IsAdmin: true}
success := jwtBackend.Authenticate(user)
expect(t, success, true)
}
func TestGetNewHoverflyCheckConfig(t *testing.T) {
RegisterTestingT(t)
cfg := InitSettings()
db := cache.GetDB("testing2.db")
requestCache := cache.NewBoltDBCache(db, []byte("requestBucket"))
metaCache := cache.NewBoltDBCache(db, []byte("metaBucket"))
tokenCache := cache.NewBoltDBCache(db, []byte("tokenBucket"))
userCache := cache.NewBoltDBCache(db, []byte("userBucket"))
backend := backends.NewCacheBasedAuthBackend(tokenCache, userCache)
dbClient := GetNewHoverfly(cfg, requestCache, metaCache, backend)
Expect(dbClient.Cfg).To(Equal(cfg))
// deleting this database
os.Remove("testing2.db")
}
func main() {
log.SetFormatter(&log.JSONFormatter{})
flag.Var(&importFlags, "import", "import from file or from URL (i.e. '-import my_service.json' or '-import http://mypage.com/service_x.json'")
flag.Var(&destinationFlags, "dest", "specify which hosts to process (i.e. '-dest fooservice.org -dest barservice.org -dest catservice.org') - other hosts will be ignored will passthrough'")
flag.Parse()
if *version {
fmt.Println(hoverflyVersion)
os.Exit(0)
}
// getting settings
cfg := hv.InitSettings()
if *verbose {
// Only log the warning severity or above.
log.SetLevel(log.DebugLevel)
}
cfg.Verbose = *verbose
if *dev {
// making text pretty
log.SetFormatter(&log.TextFormatter{})
}
if *generateCA {
tlsc, err := hvc.GenerateAndSave(*certName, *certOrg, 365*24*time.Hour)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
}).Fatal("failed to generate certificate.")
}
goproxy.GoproxyCa = *tlsc
} else if *cert != "" && *key != "" {
tlsc, err := tls.LoadX509KeyPair(*cert, *key)
if err != nil {
log.Fatalf("Failed to load certifiate and key pair, got error: %s", err.Error())
}
goproxy.GoproxyCa = tlsc
}
// overriding environment variables (proxy and admin ports)
if *proxyPort != "" {
cfg.ProxyPort = *proxyPort
}
if *adminPort != "" {
cfg.AdminPort = *adminPort
}
// development settings
cfg.Development = *dev
// overriding default middleware setting
cfg.Middleware = *middleware
mode := getInitialMode(cfg)
// setting mode
cfg.SetMode(mode)
// disabling authentication if no-auth for auth disabled env variable
if *authEnabled {
cfg.AuthEnabled = true
}
// disabling tls verification if flag or env variable is set to 'false' (defaults to true)
if !cfg.TLSVerification || !*tlsVerification {
cfg.TLSVerification = false
log.Info("tls certificate verification is now turned off!")
}
if len(destinationFlags) > 0 {
cfg.Destination = strings.Join(destinationFlags[:], "|")
} else {
// setting destination regexp
cfg.Destination = *destination
}
var requestCache cache.Cache
var metadataCache cache.Cache
var tokenCache cache.Cache
var userCache cache.Cache
if *databasePath != "" {
cfg.DatabasePath = *databasePath
}
if *database == boltBackend {
log.Info("Creating bolt db backend...")
db := cache.GetDB(cfg.DatabasePath)
defer db.Close()
requestCache = cache.NewBoltDBCache(db, []byte("requestsBucket"))
metadataCache = cache.NewBoltDBCache(db, []byte("metadataBucket"))
tokenCache = cache.NewBoltDBCache(db, []byte(backends.TokenBucketName))
userCache = cache.NewBoltDBCache(db, []byte(backends.UserBucketName))
} else if *database == inmemoryBackend {
log.Info("Creating in memory map backend...")
log.Warn("Turning off authentication...")
cfg.AuthEnabled = false
requestCache = cache.NewInMemoryCache()
metadataCache = cache.NewInMemoryCache()
tokenCache = cache.NewInMemoryCache()
userCache = cache.NewInMemoryCache()
} else {
log.Fatalf("unknown database type chosen: %s", *database)
}
authBackend := backends.NewCacheBasedAuthBackend(tokenCache, userCache)
hoverfly := hv.GetNewHoverfly(cfg, requestCache, metadataCache, authBackend)
// if add new user supplied - adding it to database
if *addNew {
err := hoverfly.Authentication.AddUser(*addUser, *addPassword, *isAdmin)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
"username": *addUser,
}).Fatal("failed to add new user")
} else {
log.WithFields(log.Fields{
"username": *addUser,
}).Info("user added successfuly")
}
return
}
if cfg.AuthEnabled {
if os.Getenv(hv.HoverflyAdminUsernameEV) != "" && os.Getenv(hv.HoverflyAdminPasswordEV) != "" {
hoverfly.Authentication.AddUser(
os.Getenv(hv.HoverflyAdminUsernameEV),
os.Getenv(hv.HoverflyAdminPasswordEV),
true)
}
// checking if there are any users
users, err := hoverfly.Authentication.GetAllUsers()
if err != nil {
log.WithFields(log.Fields{
"error": err,
}).Fatal("got error while trying to get all users")
}
if len(users) < 1 {
createSuperUser(hoverfly)
}
}
// importing records if environment variable is set
ev := os.Getenv(hv.HoverflyImportRecordsEV)
if ev != "" {
err := hoverfly.Import(ev)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
"import": ev,
}).Fatal("Environment variable for importing was set but failed to import this resource")
} else {
err = hoverfly.MetadataCache.Set([]byte("import_from_env_variable"), []byte(ev))
}
}
// importing stuff
if len(importFlags) > 0 {
for i, v := range importFlags {
if v != "" {
log.WithFields(log.Fields{
"import": v,
}).Debug("Importing given resource")
err := hoverfly.Import(v)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
"import": v,
}).Fatal("Failed to import given resource")
} else {
err = hoverfly.MetadataCache.Set([]byte(fmt.Sprintf("import_%d", i+1)), []byte(v))
}
}
}
}
// start metrics registry flush
if *metrics {
hoverfly.Counter.Init()
}
cfg.Webserver = *webserver
err := hoverfly.StartProxy()
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
}).Fatal("failed to start proxy...")
}
// starting admin interface, this is blocking
hoverfly.StartAdminInterface()
}