Allow for jwtAuth being provided inside of F[_] (#364)

This allows for the keys being stored in a database or fetched from an
api.

Author: froth

core/src/main/scala/dev/profunktor/auth/middleware.scala

@@ -14,6 +14,12 @@ object JwtAuthMiddleware {
   def apply[F[_]: MonadThrow, A](
       jwtAuth: JwtAuth,
       authenticate: JwtToken => JwtClaim => F[Option[A]]
+  ): AuthMiddleware[F, A] =
+    apply(jwtAuth.pure, authenticate)
+
+  def apply[F[_]: MonadThrow, A](
+      jwtAuth: F[JwtAuth],
+      authenticate: JwtToken => JwtClaim => F[Option[A]]
   ): AuthMiddleware[F, A] = {
     val dsl = new Http4sDsl[F] {}; import dsl.*
 
@@ -23,15 +29,16 @@ object JwtAuthMiddleware {
     val authUser: Kleisli[F, Request[F], Either[String, A]] =
       Kleisli { request =>
         AuthHeaders.getBearerToken(request).fold("Bearer token not found".asLeft[A].pure[F]) { token =>
-          jwtDecode[F](token, jwtAuth)
-            .flatMap(authenticate(token))
-            .map(_.fold("not found".asLeft[A])(_.asRight[String]))
-            .recover {
-              case _: JwtException => "Invalid access token".asLeft[A]
-            }
+          jwtAuth.flatMap(auth =>
+            jwtDecode[F](token, auth)
+              .flatMap(authenticate(token))
+              .map(_.fold("not found".asLeft[A])(_.asRight[String]))
+              .recover {
+                case _: JwtException => "Invalid access token".asLeft[A]
+              }
+          )
         }
       }
-
     AuthMiddleware(authUser, onFailure)
   }
 }

core/src/test/scala/dev/profunktor/auth/JwtAuthMiddlewareSuite.scala

@@ -1,15 +1,15 @@
 package dev.profunktor.auth
 
 import scala.util.Try
-
 import cats.data.OptionT
 import cats.effect.IO
 import cats.effect.unsafe.implicits.global
 import cats.syntax.all.*
-
 import munit.FunSuite
 import org.http4s.*
 
+import scala.util.control.NoStackTrace
+
 class JwtAuthMiddlewareSpec extends FunSuite with JwtFixture {
 
   private def assertResp(response: OptionT[IO, Response[IO]], expected: Status) =
@@ -41,6 +41,25 @@ class JwtAuthMiddlewareSpec extends FunSuite with JwtFixture {
     assertResp(middleware(adminRoute).run(noUserAdminReq), Status.Forbidden)
   }
 
+  test("Admin Route gives 200 when there's a valid token and secret is fetched via F[_]") {
+    val middleware = JwtAuthMiddleware[IO, AuthUser](IO.pure(jwtAuth), authenticate)
+    assertResp(middleware(adminRoute).run(goodAdminReq), Status.Ok)
+  }
+
+  test("Admin Route fails when secret fetching via F[_] fails") {
+    val exception = new Exception("key fetching failed") with NoStackTrace
+    val middleware = JwtAuthMiddleware[IO, AuthUser](
+      IO.raiseError(exception),
+      authenticate
+    )
+    middleware(adminRoute)
+      .run(goodAdminReq)
+      .value
+      .attempt
+      .map(response => assertEquals(response, Left(exception)))
+      .unsafeToFuture()
+  }
+
 }
 
 object TestUsers {}