feat(client): add API key authentication for /authz endpoint
Add WithAPIKey option to set a Bearer token on requests to the authz-service /authz endpoint. When set, Fetch() includes an Authorization header. Backward compatible - no key means no header. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -251,6 +251,39 @@ func TestPrivilegeHandler_IsAllowed_Return_True_If_Privilege_Exists(t *testing.T
|
||||
assert.True(t, result)
|
||||
}
|
||||
|
||||
func TestPrivilegeHandler_Fetch_Sends_Authorization_Header_When_APIKey_Set(t *testing.T) {
|
||||
var receivedAuth string
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
receivedAuth = r.Header.Get("Authorization")
|
||||
_, _ = w.Write([]byte("{}"))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
handler := New(
|
||||
WithBaseURL(server.URL),
|
||||
WithAPIKey("my-secret-key"),
|
||||
)
|
||||
|
||||
err := handler.Fetch()
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, "Bearer my-secret-key", receivedAuth)
|
||||
}
|
||||
|
||||
func TestPrivilegeHandler_Fetch_No_Authorization_Header_Without_APIKey(t *testing.T) {
|
||||
var receivedAuth string
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
receivedAuth = r.Header.Get("Authorization")
|
||||
_, _ = w.Write([]byte("{}"))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
handler := New(WithBaseURL(server.URL))
|
||||
|
||||
err := handler.Fetch()
|
||||
assert.NoError(t, err)
|
||||
assert.Empty(t, receivedAuth)
|
||||
}
|
||||
|
||||
func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(500)
|
||||
|
||||
Reference in New Issue
Block a user