23 Commits

Author SHA1 Message Date
releaser 9eeac0192d chore(release): prepare for v0.5.1
authz_client / test (pull_request) Successful in 1m28s
authz_client / vulnerabilities (pull_request) Successful in 58s
pre-commit / pre-commit (pull_request) Successful in 3m31s
2026-06-27 23:57:15 +00:00
releaser de44771485 chore(release): prepare for v0.5.1 2026-06-27 23:57:11 +00:00
renovate 752f80ea96 chore(deps): update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.26.0 (#313)
authz_client / test (push) Successful in 1m43s
authz_client / vulnerabilities (push) Successful in 58s
Release / release (push) Successful in 48s
pre-commit / pre-commit (push) Successful in 4m5s
2026-06-27 23:27:40 +00:00
renovate 08269c034b chore(deps): update actions/checkout action to v7 (#311)
Release / release (push) Successful in 1m0s
authz_client / test (push) Successful in 2m6s
authz_client / vulnerabilities (push) Successful in 2m13s
pre-commit / pre-commit (push) Successful in 5m42s
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://github.com/actions/checkout) | action | major | `v6` → `v7` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

### [`v7.0.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700)

[Compare Source](https://github.com/actions/checkout/compare/v7.0.0...v7.0.0)

- Block checking out fork PR for pull\_request\_target and workflow\_run by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2454](https://github.com/actions/checkout/pull/2454)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2458](https://github.com/actions/checkout/pull/2458)
- Bump flatted from 3.3.1 to 3.4.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2460](https://github.com/actions/checkout/pull/2460)
- Bump js-yaml from 4.1.0 to 4.2.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2461](https://github.com/actions/checkout/pull/2461)
- Bump [@&#8203;actions/core](https://github.com/actions/core) and [@&#8203;actions/tool-cache](https://github.com/actions/tool-cache) and Remove uuid by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2459](https://github.com/actions/checkout/pull/2459)
- upgrade module to esm and update dependencies by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2463](https://github.com/actions/checkout/pull/2463)
- Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2462](https://github.com/actions/checkout/pull/2462)

### [`v7`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700)

[Compare Source](https://github.com/actions/checkout/compare/v6.0.3...v7.0.0)

- Block checking out fork PR for pull\_request\_target and workflow\_run by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2454](https://github.com/actions/checkout/pull/2454)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2458](https://github.com/actions/checkout/pull/2458)
- Bump flatted from 3.3.1 to 3.4.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2460](https://github.com/actions/checkout/pull/2460)
- Bump js-yaml from 4.1.0 to 4.2.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2461](https://github.com/actions/checkout/pull/2461)
- Bump [@&#8203;actions/core](https://github.com/actions/core) and [@&#8203;actions/tool-cache](https://github.com/actions/tool-cache) and Remove uuid by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2459](https://github.com/actions/checkout/pull/2459)
- upgrade module to esm and update dependencies by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2463](https://github.com/actions/checkout/pull/2463)
- Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2462](https://github.com/actions/checkout/pull/2462)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: #311
Co-authored-by: Renovate Bot <renovate@unbound.se>
Co-committed-by: Renovate Bot <renovate@unbound.se>
2026-06-21 15:45:38 +00:00
renovate 89fa8928dc chore(deps): update pre-commit hook golangci/golangci-lint to v2.12.2 (#309)
Release / release (push) Successful in 1m8s
authz_client / vulnerabilities (push) Successful in 1m36s
authz_client / test (push) Successful in 2m23s
pre-commit / pre-commit (push) Successful in 5m56s
2026-05-09 13:27:43 +00:00
renovate 6fccd2010c chore(deps): update pre-commit hook golangci/golangci-lint to v2.12.1 (#308)
authz_client / vulnerabilities (push) Successful in 1m30s
Release / release (push) Failing after 1m1s
authz_client / test (push) Successful in 2m18s
pre-commit / pre-commit (push) Successful in 5m13s
2026-05-04 17:07:50 +00:00
renovate 4296334275 chore(deps): update pre-commit hook golangci/golangci-lint to v2.12.0 (#306)
Release / release (push) Successful in 1m5s
authz_client / vulnerabilities (push) Successful in 1m56s
authz_client / test (push) Successful in 2m41s
pre-commit / pre-commit (push) Successful in 6m8s
2026-05-04 14:07:07 +00:00
renovate daa836e97d chore(deps): update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.25.0 (#304)
authz_client / test (push) Successful in 2m23s
authz_client / vulnerabilities (push) Successful in 1m32s
Release / release (push) Successful in 53s
pre-commit / pre-commit (push) Successful in 5m53s
2026-05-03 16:17:20 +00:00
argoyle f9a89b64be fix(ci): use go-test-coverage binary directly to fix Gitea Actions (#303)
authz_client / vulnerabilities (push) Successful in 1m37s
Release / release (push) Failing after 1m2s
authz_client / test (push) Successful in 2m44s
pre-commit / pre-commit (push) Failing after 14m25s
## Summary

- `vladopajic/go-test-coverage@v2` (v2.18.5+, released 2026-04-26/27) restructured its composite action to pass inputs via env-var mapping. Gitea `act_runner` doesn't expand `${{ }}` expressions inside docker-action `env:` blocks reliably, so the literal string `${{ inputs.config }}` reached the binary and broke the 'Check coverage' step.
- Replace the action with a direct `go install` + binary invocation (matching the established Frostmoln pattern).
- Use `--github-action-output` to expose `total-coverage` as a step output, replacing the manual `go tool cover -func | grep | awk` calculations.
- Baseline artifact now stores the percentage directly instead of the full coverage profile.
- Bump `go` directive in `go.mod` from 1.22.12 → 1.26.2 (matching toolchain) — we are the sole consumers of this module.

## Test plan

- [x] `prek run --all-files` passes
- [ ] CI passes on this PR
- [ ] After merge, baseline artifact format propagates on next push to main

Reviewed-on: #303
2026-04-29 06:06:22 +00:00
renovate 775d25cb59 chore(deps): update dependency go to v1.26.2 (#300)
Release / release (push) Successful in 1m0s
authz_client / vulnerabilities (push) Successful in 1m46s
authz_client / test (push) Successful in 2m10s
pre-commit / pre-commit (push) Successful in 6m1s
2026-04-10 00:13:25 +00:00
renovate ef992cb9db chore(deps): update pre-commit hook golangci/golangci-lint to v2.11.4 (#298)
Release / release (push) Successful in 1m6s
authz_client / vulnerabilities (push) Successful in 1m38s
authz_client / test (push) Successful in 2m18s
pre-commit / pre-commit (push) Successful in 6m1s
2026-03-22 18:11:14 +00:00
renovate c3b8a3f1ce chore(deps): update pre-commit hook gitleaks/gitleaks to v8.30.1 (#296)
Release / release (push) Successful in 1m29s
authz_client / vulnerabilities (push) Successful in 2m10s
authz_client / test (push) Successful in 3m0s
pre-commit / pre-commit (push) Successful in 7m11s
2026-03-12 16:09:43 +00:00
releaser 45512115c5 chore(release): prepare for v0.5.0 (#295)
Release / release (push) Successful in 40s
authz_client / vulnerabilities (push) Successful in 1m23s
authz_client / test (push) Successful in 2m1s
pre-commit / pre-commit (push) Successful in 4m10s
## [0.5.0] - 2026-03-12

### 🚀 Features

- *(client)* Add API key authentication for /authz endpoint (#294)

### ⚙️ Miscellaneous Tasks

- *(deps)* Update golang:1.25.5 docker digest to 3a01526 (#271)
- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.24.0 (#273)
- *(deps)* Update dependency go to v1.25.6 (#274)
- *(deps)* Update golang docker tag to v1.25.6 (#275)
- Remove GitLab CI configuration
- Add code coverage integration
- *(deps)* Update dependency go to v1.25.7 (#279)
- *(deps)* Update dependency go to v1.26.0 (#280)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
- *(deps)* Update dependency go to v1.26.1 (#286)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)

<!-- generated by git-cliff -->

---

**Note:** Please use **Squash Merge** when merging this PR.

Reviewed-on: #295
Co-authored-by: Unbound Releaser <releaser@unbound.se>
Co-committed-by: Unbound Releaser <releaser@unbound.se>
2026-03-12 07:39:47 +00:00
argoyle fe0abd62c8 feat(client): add API key authentication for /authz endpoint (#294)
Release / release (push) Successful in 1m15s
authz_client / vulnerabilities (push) Successful in 2m9s
authz_client / test (push) Successful in 2m21s
pre-commit / pre-commit (push) Successful in 4m46s
## Summary

- Add `WithAPIKey(key string)` option to `PrivilegeHandler`
- When set, `Fetch()` sends `Authorization: Bearer <key>` header
- Backward compatible: no key = no header (existing behavior)

## Test plan

- [x] Unit test verifying Authorization header is sent
- [x] Unit test verifying no header without key
- [x] Existing tests still pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #294
2026-03-12 07:32:12 +00:00
renovate a54cf45a4b chore(deps): update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)
Release / release (push) Successful in 1m21s
authz_client / vulnerabilities (push) Successful in 2m9s
authz_client / test (push) Successful in 4m40s
pre-commit / pre-commit (push) Successful in 7m39s
2026-03-10 11:12:34 +00:00
renovate f9a5ef7085 chore(deps): update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
pre-commit / pre-commit (push) Successful in 4m44s
Release / release (push) Successful in 1m2s
authz_client / vulnerabilities (push) Failing after 2h42m46s
authz_client / test (push) Failing after 2h42m53s
2026-03-07 22:09:47 +00:00
renovate 200e7cf963 chore(deps): update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
Release / release (push) Successful in 57s
authz_client / vulnerabilities (push) Successful in 1m46s
authz_client / test (push) Successful in 2m49s
pre-commit / pre-commit (push) Successful in 5m49s
2026-03-06 15:11:17 +00:00
renovate 110f6206f9 chore(deps): update dependency go to v1.26.1 (#286)
Release / release (push) Successful in 1m13s
authz_client / vulnerabilities (push) Successful in 1m36s
authz_client / test (push) Successful in 2m27s
pre-commit / pre-commit (push) Successful in 10m39s
2026-03-06 01:18:10 +00:00
renovate c53d80792c chore(deps): update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
Release / release (push) Successful in 1m31s
authz_client / vulnerabilities (push) Successful in 2m39s
authz_client / test (push) Successful in 3m54s
pre-commit / pre-commit (push) Successful in 8m34s
2026-02-17 17:01:30 +00:00
renovate ebc0c3bb8e chore(deps): update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
Release / release (push) Failing after 41s
authz_client / vulnerabilities (push) Successful in 17m19s
authz_client / test (push) Successful in 18m59s
pre-commit / pre-commit (push) Successful in 52m24s
2026-02-17 15:01:11 +00:00
renovate cb59762fc9 chore(deps): update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
authz_client / vulnerabilities (push) Successful in 2m12s
Release / release (push) Successful in 1m55s
authz_client / test (push) Successful in 4m10s
pre-commit / pre-commit (push) Successful in 17m58s
2026-02-11 07:13:35 +00:00
renovate a82466cb27 chore(deps): update dependency go to v1.26.0 (#280)
Release / release (push) Successful in 1m22s
authz_client / vulnerabilities (push) Successful in 4m20s
authz_client / test (push) Successful in 4m30s
pre-commit / pre-commit (push) Successful in 9m2s
2026-02-11 06:19:26 +00:00
renovate 29eab978f7 chore(deps): update dependency go to v1.25.7 (#279)
Release / release (push) Failing after 58s
authz_client / test (push) Successful in 4m30s
authz_client / vulnerabilities (push) Successful in 3m54s
pre-commit / pre-commit (push) Successful in 12m54s
2026-02-04 16:16:32 +00:00
8 changed files with 115 additions and 34 deletions
+13 -17
View File
@@ -10,7 +10,7 @@ jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v7
- uses: actions/setup-go@v6 - uses: actions/setup-go@v6
with: with:
go-version: 'stable' go-version: 'stable'
@@ -18,11 +18,10 @@ jobs:
run: go test -race -coverprofile=coverage.txt ./... run: go test -race -coverprofile=coverage.txt ./...
- name: Check coverage - name: Check coverage
uses: vladopajic/go-test-coverage@v2 id: coverage
with: run: |
config: ./.testcoverage.yml go install github.com/vladopajic/go-test-coverage/v2@latest
go-test-coverage --config ./.testcoverage.yml --github-action-output
# Download baseline coverage from main branch (for PRs)
- name: Download baseline coverage - name: Download baseline coverage
if: gitea.event_name == 'pull_request' if: gitea.event_name == 'pull_request'
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
@@ -30,14 +29,12 @@ jobs:
name: coverage-baseline name: coverage-baseline
path: ./baseline path: ./baseline
continue-on-error: true continue-on-error: true
# Compare coverage against baseline (for PRs)
- name: Compare coverage - name: Compare coverage
if: gitea.event_name == 'pull_request' if: gitea.event_name == 'pull_request'
run: | run: |
CURRENT=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%') CURRENT="${{ steps.coverage.outputs.total-coverage }}"
if [ -f ./baseline/coverage.txt ]; then if [ -f ./baseline/coverage.txt ]; then
BASE=$(go tool cover -func=./baseline/coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%') BASE=$(cat ./baseline/coverage.txt)
echo "Base coverage: ${BASE}%" echo "Base coverage: ${BASE}%"
echo "Current coverage: ${CURRENT}%" echo "Current coverage: ${CURRENT}%"
if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then
@@ -49,8 +46,9 @@ jobs:
echo "No baseline coverage found, skipping comparison" echo "No baseline coverage found, skipping comparison"
echo "Current coverage: ${CURRENT}%" echo "Current coverage: ${CURRENT}%"
fi fi
- name: Save coverage baseline
# Upload coverage as baseline (only on main) if: gitea.ref == 'refs/heads/main'
run: echo "${{ steps.coverage.outputs.total-coverage }}" > coverage.txt
- name: Upload coverage baseline - name: Upload coverage baseline
if: gitea.ref == 'refs/heads/main' if: gitea.ref == 'refs/heads/main'
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
@@ -58,24 +56,22 @@ jobs:
name: coverage-baseline name: coverage-baseline
path: coverage.txt path: coverage.txt
retention-days: 90 retention-days: 90
# Post coverage to PR comment
- name: Post coverage comment - name: Post coverage comment
if: gitea.event_name == 'pull_request' if: gitea.event_name == 'pull_request'
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITEA_URL: ${{ gitea.server_url }} GITEA_URL: ${{ gitea.server_url }}
run: | run: |
COVERAGE=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}') COVERAGE="${{ steps.coverage.outputs.total-coverage }}"
curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \ curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
-H "Authorization: token ${GITEA_TOKEN}" \ -H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}**\"}" -d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}%**\"}"
vulnerabilities: vulnerabilities:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v7
- uses: actions/setup-go@v6 - uses: actions/setup-go@v6
with: with:
go-version: 'stable' go-version: 'stable'
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
env: env:
SKIP: no-commit-to-branch SKIP: no-commit-to-branch
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v7
- uses: actions/setup-go@v6 - uses: actions/setup-go@v6
with: with:
go-version: stable go-version: stable
+3 -3
View File
@@ -11,7 +11,7 @@ repos:
- --allow-multiple-documents - --allow-multiple-documents
- id: check-added-large-files - id: check-added-large-files
- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
rev: v9.24.0 rev: v9.26.0
hooks: hooks:
- id: commitlint - id: commitlint
stages: [ commit-msg ] stages: [ commit-msg ]
@@ -30,10 +30,10 @@ repos:
- id: go-test - id: go-test
- id: gofumpt - id: gofumpt
- repo: https://github.com/golangci/golangci-lint - repo: https://github.com/golangci/golangci-lint
rev: v2.8.0 rev: v2.12.2
hooks: hooks:
- id: golangci-lint-full - id: golangci-lint-full
- repo: https://github.com/gitleaks/gitleaks - repo: https://github.com/gitleaks/gitleaks
rev: v8.30.0 rev: v8.30.1
hooks: hooks:
- id: gitleaks - id: gitleaks
+1 -1
View File
@@ -1,3 +1,3 @@
{ {
"version": "v0.4.1" "version": "v0.5.1"
} }
+42
View File
@@ -2,6 +2,48 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [0.5.1] - 2026-06-27
### 🐛 Bug Fixes
- *(ci)* Use go-test-coverage binary directly to fix Gitea Actions (#303)
### ⚙️ Miscellaneous Tasks
- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.30.1 (#296)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.4 (#298)
- *(deps)* Update dependency go to v1.26.2 (#300)
- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.25.0 (#304)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.12.0 (#306)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.12.1 (#308)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.12.2 (#309)
- *(deps)* Update actions/checkout action to v7 (#311)
- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.26.0 (#313)
## [0.5.0] - 2026-03-12
### 🚀 Features
- *(client)* Add API key authentication for /authz endpoint (#294)
### ⚙️ Miscellaneous Tasks
- *(deps)* Update golang:1.25.5 docker digest to 3a01526 (#271)
- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.24.0 (#273)
- *(deps)* Update dependency go to v1.25.6 (#274)
- *(deps)* Update golang docker tag to v1.25.6 (#275)
- Remove GitLab CI configuration
- Add code coverage integration
- *(deps)* Update dependency go to v1.25.7 (#279)
- *(deps)* Update dependency go to v1.26.0 (#280)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
- *(deps)* Update dependency go to v1.26.1 (#286)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)
## [0.4.1] - 2026-01-09 ## [0.4.1] - 2026-01-09
### ⚙️ Miscellaneous Tasks ### ⚙️ Miscellaneous Tasks
+21 -9
View File
@@ -28,6 +28,7 @@ type PrivilegeHandler struct {
*sync.RWMutex *sync.RWMutex
client *http.Client client *http.Client
baseURL string baseURL string
apiKey string
privileges map[string]map[string]*CompanyPrivileges privileges map[string]map[string]*CompanyPrivileges
} }
@@ -41,6 +42,13 @@ func WithBaseURL(url string) OptsFunc {
} }
} }
// WithAPIKey sets an API key used as a Bearer token when fetching privileges
func WithAPIKey(key string) OptsFunc {
return func(handler *PrivilegeHandler) {
handler.apiKey = key
}
}
// New creates a new PrivilegeHandler. Pass OptsFuncs to configure. // New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
func New(opts ...OptsFunc) *PrivilegeHandler { func New(opts ...OptsFunc) *PrivilegeHandler {
handler := &PrivilegeHandler{ handler := &PrivilegeHandler{
@@ -57,7 +65,16 @@ func New(opts ...OptsFunc) *PrivilegeHandler {
// Fetch the initial set of privileges from an authz-service // Fetch the initial set of privileges from an authz-service
func (h *PrivilegeHandler) Fetch() error { func (h *PrivilegeHandler) Fetch() error {
resp, err := h.client.Get(fmt.Sprintf("%s/authz", h.baseURL)) req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/authz", h.baseURL), nil)
if err != nil {
return err
}
if h.apiKey != "" {
req.Header.Set("Authorization", "Bearer "+h.apiKey)
}
resp, err := h.client.Do(req)
if err != nil { if err != nil {
return err return err
} }
@@ -87,13 +104,14 @@ func (h *PrivilegeHandler) Setup() []goamqp.Setup {
// Process privilege-related events and update the internal state // Process privilege-related events and update the internal state
func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface{}, error) { func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface{}, error) {
h.Lock()
defer h.Unlock()
switch ev := msg.(type) { switch ev := msg.(type) {
case *UserAdded: case *UserAdded:
if priv, exists := h.privileges[ev.Email]; exists { if priv, exists := h.privileges[ev.Email]; exists {
priv[ev.CompanyID] = &CompanyPrivileges{} priv[ev.CompanyID] = &CompanyPrivileges{}
} else { } else {
h.Lock()
defer h.Unlock()
h.privileges[ev.Email] = map[string]*CompanyPrivileges{ h.privileges[ev.Email] = map[string]*CompanyPrivileges{
ev.CompanyID: {}, ev.CompanyID: {},
} }
@@ -101,19 +119,13 @@ func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface
return nil, nil return nil, nil
case *UserRemoved: case *UserRemoved:
if priv, exists := h.privileges[ev.Email]; exists { if priv, exists := h.privileges[ev.Email]; exists {
h.Lock()
defer h.Unlock()
delete(priv, ev.CompanyID) delete(priv, ev.CompanyID)
} }
return nil, nil return nil, nil
case *PrivilegeAdded: case *PrivilegeAdded:
h.Lock()
defer h.Unlock()
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true) h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true)
return nil, nil return nil, nil
case *PrivilegeRemoved: case *PrivilegeRemoved:
h.Lock()
defer h.Unlock()
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false) h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false)
return nil, nil return nil, nil
default: default:
+33
View File
@@ -251,6 +251,39 @@ func TestPrivilegeHandler_IsAllowed_Return_True_If_Privilege_Exists(t *testing.T
assert.True(t, result) assert.True(t, result)
} }
func TestPrivilegeHandler_Fetch_Sends_Authorization_Header_When_APIKey_Set(t *testing.T) {
var receivedAuth string
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
receivedAuth = r.Header.Get("Authorization")
_, _ = w.Write([]byte("{}"))
}))
defer server.Close()
handler := New(
WithBaseURL(server.URL),
WithAPIKey("my-secret-key"),
)
err := handler.Fetch()
assert.NoError(t, err)
assert.Equal(t, "Bearer my-secret-key", receivedAuth)
}
func TestPrivilegeHandler_Fetch_No_Authorization_Header_Without_APIKey(t *testing.T) {
var receivedAuth string
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
receivedAuth = r.Header.Get("Authorization")
_, _ = w.Write([]byte("{}"))
}))
defer server.Close()
handler := New(WithBaseURL(server.URL))
err := handler.Fetch()
assert.NoError(t, err)
assert.Empty(t, receivedAuth)
}
func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) { func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(500) w.WriteHeader(500)
+1 -3
View File
@@ -1,8 +1,6 @@
module gitea.unbound.se/shiny/authz_client module gitea.unbound.se/shiny/authz_client
go 1.22.12 go 1.26.2
toolchain go1.25.6
require ( require (
github.com/sparetimecoders/goamqp v0.3.3 github.com/sparetimecoders/goamqp v0.3.3