Merge pull request go-openapi#45 from davidalpert/44-basic-auth-custo…

…m-headers-for-load-requests Enable use of Basic Auth and custom HTTP Headers
seanprince · Apr 14, 2020 · ab98f8e · ab98f8e
2 parents e96f63f + 3a1cec9
commit ab98f8e
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 0 deletions.
diff --git a/loading.go b/loading.go
@@ -27,6 +27,15 @@ import (
 // LoadHTTPTimeout the default timeout for load requests
 var LoadHTTPTimeout = 30 * time.Second
 
+// LoadHTTPBasicAuthUsername the username to use when load requests require basic auth
+var LoadHTTPBasicAuthUsername = ""
+
+// LoadHTTPBasicAuthPassword the password to use when load requests require basic auth
+var LoadHTTPBasicAuthPassword = ""
+
+// LoadHTTPCustomHeaders an optional collection of custom HTTP headers for load requests
+var LoadHTTPCustomHeaders = map[string]string{}
+
 // LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the path passed in
 func LoadFromFileOrHTTP(path string) ([]byte, error) {
 	return LoadStrategy(path, ioutil.ReadFile, loadHTTPBytes(LoadHTTPTimeout))(path)
@@ -59,6 +68,15 @@ func loadHTTPBytes(timeout time.Duration) func(path string) ([]byte, error) {
 		if err != nil {
 			return nil, err
 		}
+
+		if LoadHTTPBasicAuthUsername != "" && LoadHTTPBasicAuthPassword != "" {
+			req.SetBasicAuth(LoadHTTPBasicAuthUsername, LoadHTTPBasicAuthPassword)
+		}
+
+		for key, val := range LoadHTTPCustomHeaders {
+			req.Header.Set(key, val)
+		}
+
 		resp, err := client.Do(req)
 		defer func() {
 			if resp != nil {

diff --git a/loading_test.go b/loading_test.go
@@ -22,6 +22,14 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+const (
+	validUsername     = "fake-user"
+	validPassword     = "correct-password"
+	invalidPassword   = "incorrect-password"
+	sharedHeaderKey   = "X-Myapp"
+	sharedHeaderValue = "MySecretKey"
+)
+
 func TestLoadFromHTTP(t *testing.T) {
 
 	_, err := LoadFromFileOrHTTP("httx://12394:abd")
@@ -44,4 +52,62 @@ func TestLoadFromHTTP(t *testing.T) {
 	d, err := LoadFromFileOrHTTP(ts2.URL)
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("the content"), d)
+
+	ts3 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		u, p, ok := r.BasicAuth()
+		if ok && u == validUsername && p == validPassword {
+			rw.WriteHeader(http.StatusOK)
+		} else {
+			rw.WriteHeader(http.StatusForbidden)
+		}
+	}))
+	defer ts3.Close()
+
+	// no auth
+	_, err = LoadFromFileOrHTTP(ts3.URL)
+	assert.Error(t, err)
+
+	// basic auth, invalide credentials
+	LoadHTTPBasicAuthUsername = validUsername
+	LoadHTTPBasicAuthPassword = invalidPassword
+
+	_, err = LoadFromFileOrHTTP(ts3.URL)
+	assert.Error(t, err)
+
+	// basic auth, valid credentials
+	LoadHTTPBasicAuthUsername = validUsername
+	LoadHTTPBasicAuthPassword = validPassword
+
+	_, err = LoadFromFileOrHTTP(ts3.URL)
+	assert.NoError(t, err)
+
+	ts4 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		myHeaders := r.Header[sharedHeaderKey]
+		ok := false
+		for _, v := range myHeaders {
+			if v == sharedHeaderValue {
+				ok = true
+				break
+			}
+		}
+		if ok {
+			rw.WriteHeader(http.StatusOK)
+		} else {
+			rw.WriteHeader(http.StatusForbidden)
+		}
+	}))
+	defer ts4.Close()
+
+	_, err = LoadFromFileOrHTTP(ts4.URL)
+	assert.Error(t, err)
+
+	LoadHTTPCustomHeaders[sharedHeaderKey] = sharedHeaderValue
+
+	_, err = LoadFromFileOrHTTP(ts4.URL)
+	assert.NoError(t, err)
+
+	// clean up for future tests
+	LoadHTTPBasicAuthUsername = ""
+	LoadHTTPBasicAuthPassword = ""
+	LoadHTTPCustomHeaders = map[string]string{}
 }