refactor: inject auth server

Integralist · Integralist · commit 831dbcde965e · 2023-09-12T15:40:07.000+01:00
diff --git a/cmd/fastly/main.go b/cmd/fastly/main.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/fastly/cli/pkg/api"
 	"github.com/fastly/cli/pkg/app"
+	"github.com/fastly/cli/pkg/auth"
 	"github.com/fastly/cli/pkg/config"
 	"github.com/fastly/cli/pkg/env"
 	fsterr "github.com/fastly/cli/pkg/errors"
@@ -84,13 +85,25 @@ func main() {
 	// NOTE: We skip handling the error because not all commands relate to C@E.
 	_ = md.File.Read(manifest.Filename)
 
+	// Configure authentication inputs.
+	// We do this here so that we can mock the values in our test suite.
+	result := make(chan auth.AuthorizationResult)
+	router := http.NewServeMux()
+	s := &auth.Server{
+		HTTPClient: httpClient,
+		Result:     result,
+		Router:     router,
+	}
+	router.HandleFunc("/callback", s.HandleCallback())
+
 	// The `main` function is a shim for calling `app.Run()`.
 	err = app.Run(app.RunOpts{
 		APIClient: func(token, endpoint string) (api.Interface, error) {
 			client, err := fastly.NewClientForEndpoint(token, endpoint)
 			return client, err
 		},
 		Args:       args,
+		AuthServer: s,
 		ConfigFile: cfg,
 		ConfigPath: config.FilePath,
 		Env:        e,
diff --git a/pkg/app/commands.go b/pkg/app/commands.go
@@ -98,7 +98,7 @@ func defineCommands(
 	aclEntryDescribe := aclentry.NewDescribeCommand(aclEntryCmdRoot.CmdClause, g, m)
 	aclEntryList := aclentry.NewListCommand(aclEntryCmdRoot.CmdClause, g, m)
 	aclEntryUpdate := aclentry.NewUpdateCommand(aclEntryCmdRoot.CmdClause, g, m)
-	authenticateCmdRoot := authenticate.NewRootCommand(app, g, opts.Opener)
+	authenticateCmdRoot := authenticate.NewRootCommand(app, g, opts.Opener, opts.AuthServer)
 	authtokenCmdRoot := authtoken.NewRootCommand(app, g)
 	authtokenCreate := authtoken.NewCreateCommand(authtokenCmdRoot.CmdClause, g, m)
 	authtokenDelete := authtoken.NewDeleteCommand(authtokenCmdRoot.CmdClause, g, m)
diff --git a/pkg/app/run.go b/pkg/app/run.go
@@ -104,6 +104,9 @@ type RunOpts struct {
 	APIClient APIClientFactory
 	// Args are the command line arguments provided by the user.
 	Args []string
+	// AuthServer is an instance of the authentication server type.
+	// Used for interacting with Fastly's SSO/OAuth authentication provider.
+	AuthServer auth.Starter
 	// ConfigFile is an instance of the CLI application config.
 	ConfigFile config.File
 	// ConfigPath is the location of the CLI application config.
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
@@ -27,21 +27,54 @@ const ClientID = "fastly-cli"
 // RedirectURL is the endpoint the auth provider will pass an authorization code to.
 const RedirectURL = "http://localhost:8080/callback"
 
+// Starter defines the behaviour for the authentication server.
+type Starter interface {
+	// GetResult returns the results channel
+	GetResult() chan AuthorizationResult
+	// SetAccountEndpoint sets the account endpoint.
+	SetAccountEndpoint(endpoint string)
+	// SetEndpoint sets the API endpoint.
+	SetAPIEndpoint(endpoint string)
+	// SetVerifier sets the code verifier.
+	SetVerifier(verifier *oidc.S256Verifier)
+	// Start starts a local server for handling authentication processing.
+	Start() error
+}
+
 // Server is a local server responsible for authentication processing.
 type Server struct {
+	// APIEndpoint is the API endpoint.
+	APIEndpoint string
 	// AccountEndpoint is the accounts endpoint.
 	AccountEndpoint string
-	// HTTPClient is a HTTP client used to call the API to exchange the access
-	// token for a session token.
+	// HTTPClient is a HTTP client used to call the API to exchange the access token for a session token.
 	HTTPClient api.HTTPClient
 	// Result is a channel that reports the result of authorization.
 	Result chan AuthorizationResult
 	// Router is an HTTP request multiplexer.
 	Router *http.ServeMux
-	// Verifier represents an OAuth PKCE code verifier that uses the S256 challenge method
+	// Verifier represents an OAuth PKCE code verifier that uses the S256 challenge method.
 	Verifier *oidc.S256Verifier
-	// APIEndpoint is the API endpoint.
-	APIEndpoint string
+}
+
+// GetResult returns the result channel.
+func (s Server) GetResult() chan AuthorizationResult {
+	return s.Result
+}
+
+// SetAccountEndpoint sets the account endpoint.
+func (s *Server) SetAccountEndpoint(endpoint string) {
+	s.AccountEndpoint = endpoint
+}
+
+// SetAPIEndpoint sets the API endpoint.
+func (s *Server) SetAPIEndpoint(endpoint string) {
+	s.APIEndpoint = endpoint
+}
+
+// SetVerifier sets the code verifier endpoint.
+func (s *Server) SetVerifier(verifier *oidc.S256Verifier) {
+	s.Verifier = verifier
 }
 
 // Start starts a local server for handling authentication processing.
@@ -63,12 +96,8 @@ func (s *Server) Start() error {
 	return nil
 }
 
-// Routes configures the callback handler.
-func (s *Server) Routes() {
-	s.Router.HandleFunc("/callback", s.handleCallback())
-}
-
-func (s *Server) handleCallback() http.HandlerFunc {
+// HandleCallback processes the callback from the authentication service.
+func (s *Server) HandleCallback() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		authorizationCode := r.URL.Query().Get("code")
 		if authorizationCode == "" {
@@ -153,6 +182,11 @@ type AuthorizationResult struct {
 	SessionToken string
 }
 
+// GenVerifier creates a code verifier.
+func GenVerifier() (*oidc.S256Verifier, error) {
+	return oidc.NewCodeVerifier()
+}
+
 // GenURL constructs the required authorization_endpoint path.
 func GenURL(accountEndpoint, apiEndpoint string, verifier *oidc.S256Verifier) (string, error) {
 	challenge, err := oidc.CreateCodeChallenge(verifier)
diff --git a/pkg/commands/authenticate/root.go b/pkg/commands/authenticate/root.go
@@ -3,11 +3,8 @@ package authenticate
 import (
 	"fmt"
 	"io"
-	"net/http"
 	"time"
 
-	"github.com/hashicorp/cap/oidc"
-
 	"github.com/fastly/cli/pkg/auth"
 	"github.com/fastly/cli/pkg/cmd"
 	"github.com/fastly/cli/pkg/config"
@@ -21,6 +18,7 @@ import (
 // It should be installed under the primary root command.
 type RootCommand struct {
 	cmd.Base
+	authServer  auth.Starter
 	openBrowser func(string) error
 
 	// IMPORTANT: The following fields are public to the `profile` subcommands.
@@ -36,8 +34,9 @@ type RootCommand struct {
 }
 
 // NewRootCommand returns a new command registered in the parent.
-func NewRootCommand(parent cmd.Registerer, g *global.Data, opener func(string) error) *RootCommand {
+func NewRootCommand(parent cmd.Registerer, g *global.Data, opener func(string) error, authServer auth.Starter) *RootCommand {
 	var c RootCommand
+	c.authServer = authServer
 	c.openBrowser = opener
 	c.Globals = g
 	c.CmdClause = parent.Command("authenticate", "SSO (Single Sign-On) authentication")
@@ -64,37 +63,26 @@ func (c *RootCommand) Exec(in io.Reader, out io.Writer) error {
 		}
 	}
 
-	verifier, err := oidc.NewCodeVerifier()
+	accountEndpoint, _ := c.Globals.Account()
+	apiEndpoint, _ := c.Globals.Endpoint()
+	verifier, err := auth.GenVerifier()
 	if err != nil {
 		return fsterr.RemediationError{
 			Inner:       fmt.Errorf("failed to generate a code verifier: %w", err),
 			Remediation: auth.Remediation,
 		}
 	}
-
-	result := make(chan auth.AuthorizationResult)
-	apiEndpoint, _ := c.Globals.Endpoint()
-	accountEndpoint, _ := c.Globals.Account()
-
-	s := auth.Server{
-		APIEndpoint:     apiEndpoint,
-		AccountEndpoint: accountEndpoint,
-		HTTPClient:      c.Globals.HTTPClient,
-		Result:          result,
-		Router:          http.NewServeMux(),
-		Verifier:        verifier,
-	}
-	s.Routes()
+	c.authServer.SetAccountEndpoint(accountEndpoint)
+	c.authServer.SetAPIEndpoint(apiEndpoint)
+	c.authServer.SetVerifier(verifier)
 
 	var serverErr error
-
 	go func() {
-		err := s.Start()
+		err := c.authServer.Start()
 		if err != nil {
 			serverErr = err
 		}
 	}()
-
 	if serverErr != nil {
 		return serverErr
 	}
@@ -117,7 +105,7 @@ func (c *RootCommand) Exec(in io.Reader, out io.Writer) error {
 		return fmt.Errorf("failed to open your default browser: %w", err)
 	}
 
-	ar := <-result
+	ar := <-c.authServer.GetResult()
 	if ar.Err != nil || ar.SessionToken == "" {
 		return fsterr.RemediationError{
 			Inner:       fmt.Errorf("failed to authorize: %w", ar.Err),
diff --git a/pkg/testutil/args.go b/pkg/testutil/args.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/fastly/cli/pkg/app"
+	"github.com/fastly/cli/pkg/auth"
 	"github.com/fastly/cli/pkg/config"
 	"github.com/fastly/cli/pkg/errors"
 	"github.com/fastly/cli/pkg/manifest"
@@ -67,6 +68,7 @@ func NewRunOpts(args []string, stdout io.Writer) app.RunOpts {
 		ConfigPath: "/dev/null",
 		Args:       args,
 		APIClient:  mock.APIClient(mock.API{}),
+		AuthServer: &auth.Server{},
 		Env:        config.Environment{},
 		ErrLog:     errors.Log,
 		ConfigFile: config.File{
