Merge pull request #92 from twitchdev/feature/auth-improvements-#80-#82

Feature/auth improvements #80 #82

Author: lleadbet

internal/mock_api/endpoints/bits/cheermotes.go

@@ -128,8 +128,8 @@ func getCheermotes(w http.ResponseWriter, r *http.Request) {
 		cheermoteBody = append(cheermoteBody, cheermote)
 	}
 
-	resposne, _ := json.Marshal(cheermoteBody)
-	w.Write(resposne)
+	response, _ := json.Marshal(cheermoteBody)
+	w.Write(response)
 }
 
 func generateCheermoteImageSizes(prefix string, theme string, imageType string, bits int) CheermoteImageSizes {

internal/mock_api/endpoints/clips/clips.go

@@ -92,21 +92,21 @@ func getClips(w http.ResponseWriter, r *http.Request) {
 	}
 
 	clips := dbr.Data.([]database.Clip)
-	apiResposne := models.APIResponse{
+	apiResponse := models.APIResponse{
 		Data: clips,
 	}
 
-	if len(apiResposne.Data.([]database.Clip)) == 0 {
-		apiResposne.Data = []string{}
+	if len(apiResponse.Data.([]database.Clip)) == 0 {
+		apiResponse.Data = []string{}
 	}
 
 	if dbr.Limit == len(dbr.Data.([]database.Clip)) {
-		apiResposne.Pagination = &models.APIPagination{
+		apiResponse.Pagination = &models.APIPagination{
 			Cursor: dbr.Cursor,
 		}
 	}
 
-	bytes, _ := json.Marshal(apiResposne)
+	bytes, _ := json.Marshal(apiResponse)
 	w.Write(bytes)
 }
 

internal/mock_api/endpoints/polls/polls.go

@@ -110,17 +110,17 @@ func getPolls(w http.ResponseWriter, r *http.Request) {
 		polls = append(polls, dbr.Data.([]database.Poll)...)
 	}
 
-	apiResposne := models.APIResponse{
+	apiResponse := models.APIResponse{
 		Data: polls,
 	}
 
 	if dbr != nil && dbr.Cursor != "" {
-		apiResposne.Pagination = &models.APIPagination{
+		apiResponse.Pagination = &models.APIPagination{
 			Cursor: dbr.Cursor,
 		}
 	}
 
-	bytes, _ := json.Marshal(apiResposne)
+	bytes, _ := json.Marshal(apiResponse)
 	w.Write(bytes)
 }
 
@@ -231,16 +231,16 @@ func patchPolls(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	apiResposne := models.APIResponse{
+	apiResponse := models.APIResponse{
 		Data: dbr.Data,
 	}
 
 	if dbr.Cursor != "" {
-		apiResposne.Pagination = &models.APIPagination{
+		apiResponse.Pagination = &models.APIPagination{
 			Cursor: dbr.Cursor,
 		}
 	}
 
-	bytes, _ := json.Marshal(apiResposne)
+	bytes, _ := json.Marshal(apiResponse)
 	w.Write(bytes)
 }

internal/mock_api/endpoints/predictions/predictions.go

@@ -110,17 +110,17 @@ func getPredictions(w http.ResponseWriter, r *http.Request) {
 		predictions = append(predictions, dbr.Data.([]database.Prediction)...)
 	}
 
-	apiResposne := models.APIResponse{
+	apiResponse := models.APIResponse{
 		Data: predictions,
 	}
 
 	if dbr != nil && dbr.Cursor != "" {
-		apiResposne.Pagination = &models.APIPagination{
+		apiResponse.Pagination = &models.APIPagination{
 			Cursor: dbr.Cursor,
 		}
 	}
 
-	bytes, _ := json.Marshal(apiResposne)
+	bytes, _ := json.Marshal(apiResponse)
 	w.Write(bytes)
 }
 

internal/mock_api/endpoints/streams/streamkey.go

@@ -32,7 +32,7 @@ var streamKeyScopesByMethod = map[string][]string{
 
 type StreamKey struct{}
 
-type StreamKeyResposne struct {
+type StreamKeyResponse struct {
 	StreamKey string `json:"stream_key"`
 }
 
@@ -66,7 +66,7 @@ func getStreamKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	streamKeys := []StreamKeyResposne{{StreamKey: fmt.Sprintf("live_%v_%v", userCtx.UserID, util.RandomGUID())}}
+	streamKeys := []StreamKeyResponse{{StreamKey: fmt.Sprintf("live_%v_%v", userCtx.UserID, util.RandomGUID())}}
 
 	bytes, _ := json.Marshal(models.APIResponse{Data: streamKeys})
 	w.Write(bytes)

internal/mock_api/endpoints/teams/channel_teams.go

@@ -28,7 +28,7 @@ var channelTeamsScopesByMethod = map[string][]string{
 }
 
 type ChannelTeams struct{}
-type ChannelTeamResposne struct {
+type ChannelTeamResponse struct {
 	ID                 string  `json:"id"`
 	BackgroundImageUrl *string `json:"background_image_url"`
 	Banner             *string `json:"banner"`
@@ -77,9 +77,9 @@ func getChannelTeams(w http.ResponseWriter, r *http.Request) {
 	if len(team) == 0 {
 		dbr.Data = make([]database.Team, 0)
 	}
-	response := []ChannelTeamResposne{}
+	response := []ChannelTeamResponse{}
 	for _, t := range team {
-		response = append(response, ChannelTeamResposne{
+		response = append(response, ChannelTeamResponse{
 			ID:                 t.ID,
 			Info:               t.Info,
 			BackgroundImageUrl: t.BackgroundImageUrl,

internal/mock_auth/app_access_token.go

@@ -15,7 +15,14 @@ import (
 
 type AppAccessTokenEndpoint struct{}
 
-type AppAccessTokenEndpointResposne struct {
+type AppAccessTokenRequestBody struct {
+	ClientID     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
+	GrantType    string `json:"grant_type"`
+	Scope        string `json:"scope"`
+}
+
+type AppAccessTokenEndpointResponse struct {
 	AccessToken  string   `json:"access_token"`
 	RefreshToken string   `json:"refresh_token"`
 	ExpiresIn    int      `json:"expires_in"`
@@ -33,12 +40,37 @@ func (e AppAccessTokenEndpoint) ServeHTTP(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	clientID := r.URL.Query().Get("client_id")
-	clientSecret := r.URL.Query().Get("client_secret")
-	grantType := r.URL.Query().Get("grant_type")
-	scope := r.URL.Query().Get("scope")
-	scopes := strings.Split(scope, " ")
-	if clientID == "" || clientSecret == "" || grantType != "client_credentials" {
+	params := AppAccessTokenRequestBody{
+		ClientID:     r.URL.Query().Get("client_id"),
+		ClientSecret: r.URL.Query().Get("client_secret"),
+		GrantType:    r.URL.Query().Get("grant_type"),
+		Scope:        r.URL.Query().Get("scope"),
+	}
+
+	if r.Header.Get("Content-Type") == "application/x-www-form-urlencoded" {
+		err := r.ParseForm()
+		if err != nil {
+			mock_errors.WriteServerError(w, err.Error())
+			return
+		}
+
+		if r.Form.Get("client_id") != "" {
+			params.ClientID = r.Form.Get("client_id")
+		}
+		if r.Form.Get("client_secret") != "" {
+			params.ClientSecret = r.Form.Get("client_secret")
+		}
+		if r.Form.Get("grant_type") != "" {
+			params.GrantType = r.Form.Get("grant_type")
+		}
+		if r.Form.Get("scope") != "" {
+			params.Scope = r.Form.Get("scope")
+		}
+	}
+
+	scopes := strings.Split(params.Scope, " ")
+
+	if params.ClientID == "" || params.ClientSecret == "" || params.GrantType != "client_credentials" {
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
@@ -55,7 +87,7 @@ func (e AppAccessTokenEndpoint) ServeHTTP(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	res, err := db.NewQuery(r, 10).GetAuthenticationClient(database.AuthenticationClient{ID: clientID, Secret: clientSecret})
+	res, err := db.NewQuery(r, 10).GetAuthenticationClient(database.AuthenticationClient{ID: params.ClientID, Secret: params.ClientSecret})
 	if err != nil {
 		mock_errors.WriteServerError(w, err.Error())
 		return
@@ -79,7 +111,7 @@ func (e AppAccessTokenEndpoint) ServeHTTP(w http.ResponseWriter, r *http.Request
 		return
 	}
 	ea, _ := time.Parse(time.RFC3339, a.ExpiresAt)
-	ater := AppAccessTokenEndpointResposne{
+	ater := AppAccessTokenEndpointResponse{
 		AccessToken:  auth.Token,
 		RefreshToken: "",
 		ExpiresIn:    int(ea.Sub(time.Now().UTC()).Seconds()),

internal/mock_auth/mock_auth.go

@@ -58,8 +58,9 @@ var validScopesByTokenType = map[string]map[string]bool{
 
 func All() []AuthEndpoint {
 	return []AuthEndpoint{
-		UserTokenEndpoint{},
 		AppAccessTokenEndpoint{},
+		UserTokenEndpoint{},
+		ValidateTokenEndpoint{},
 	}
 }
 

internal/mock_auth/mock_auth_test.go

@@ -4,10 +4,13 @@ package mock_auth
 
 import (
 	"context"
+	"fmt"
 	"log"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/twitchdev/twitch-cli/internal/database"
@@ -19,6 +22,10 @@ var a *assert.Assertions
 var firstRun = true
 var ac = database.AuthenticationClient{ID: "222", Secret: "333", Name: "test_client", IsExtension: false}
 
+func TestMain(m *testing.M) {
+
+	os.Exit(m.Run())
+}
 func TestAreValidScopes(t *testing.T) {
 	a := test_setup.SetupTestEnv(t)
 
@@ -70,6 +77,46 @@ func TestUserToken(t *testing.T) {
 	a.Equal(400, resp.StatusCode)
 }
 
+func TestValidateToken(t *testing.T) {
+	a = test_setup.SetupTestEnv(t)
+	ts := httptest.NewServer(baseMiddleware(ValidateTokenEndpoint{}))
+
+	req, _ := http.NewRequest(http.MethodGet, ts.URL+ValidateTokenEndpoint{}.Path(), nil)
+	resp, err := http.DefaultClient.Do(req)
+	a.Nil(err, err)
+	a.Equal(401, resp.StatusCode)
+
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", "auth.Token"))
+	resp, err = http.DefaultClient.Do(req)
+	a.Nil(err, err)
+	a.Equal(401, resp.StatusCode)
+
+	db, err := database.NewConnection()
+	a.Nil(err, err)
+	defer db.DB.Close()
+
+	auth, err := db.NewQuery(nil, 0).CreateAuthorization(database.Authorization{
+		ClientID:  ac.ID,
+		ExpiresAt: util.GetTimestamp().Add(time.Hour * 4).Format(time.RFC3339),
+		Scopes:    "",
+	})
+
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", auth.Token))
+	resp, err = http.DefaultClient.Do(req)
+	a.Nil(err, err)
+	a.Equal(200, resp.StatusCode)
+
+	auth, err = db.NewQuery(nil, 0).CreateAuthorization(database.Authorization{
+		ClientID:  ac.ID,
+		ExpiresAt: util.GetTimestamp().Add(time.Hour * 4).Format(time.RFC3339),
+		Scopes:    "user:read:email",
+		UserID:    "1",
+	})
+	req.Header.Set("Authorization", fmt.Sprintf("Oauth %v", auth.Token))
+	resp, err = http.DefaultClient.Do(req)
+	a.Nil(err, err)
+	a.Equal(200, resp.StatusCode)
+}
 func TestAppAccessToken(t *testing.T) {
 	a = test_setup.SetupTestEnv(t)
 	ts := httptest.NewServer(baseMiddleware(AppAccessTokenEndpoint{}))
@@ -99,6 +146,7 @@ func TestAppAccessToken(t *testing.T) {
 	a.Nil(err)
 	a.Equal(200, resp.StatusCode)
 }
+
 func baseMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := context.Background()

internal/mock_auth/user_token.go

@@ -77,7 +77,7 @@ func (e UserTokenEndpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	ea, _ := time.Parse(time.RFC3339, a.ExpiresAt)
-	ater := AppAccessTokenEndpointResposne{
+	ater := AppAccessTokenEndpointResponse{
 		AccessToken:  auth.Token,
 		RefreshToken: "",
 		ExpiresIn:    int(ea.Sub(time.Now().UTC()).Seconds()),