kitgen implementation

.travis.yml

@@ -12,6 +12,5 @@ script:
   - ./coveralls.bash
 
 go:
-  - 1.7.x
-  - 1.8.x
+  - 1.9.x
   - tip

auth/basic/README.md

@@ -0,0 +1,20 @@
+This package provides a Basic Authentication middleware.
+
+It'll try to compare credentials from Authentication request header to a username/password pair in middleware constructor.
+
+More details about this type of authentication can be found in [Mozilla article](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication).
+
+## Usage
+
+```go
+import httptransport "github.com/go-kit/kit/transport/http"
+
+httptransport.NewServer(
+		AuthMiddleware(cfg.auth.user, cfg.auth.password, "Example Realm")(makeUppercaseEndpoint()),
+		decodeMappingsRequest,
+		httptransport.EncodeJSONResponse,
+		httptransport.ServerBefore(httptransport.PopulateRequestContext),
+	)
+```
+
+For AuthMiddleware to be able to pick up the Authentication header from an HTTP request we need to pass it through the context with something like ```httptransport.ServerBefore(httptransport.PopulateRequestContext)```.

auth/basic/middleware.go

@@ -0,0 +1,94 @@
+package basic
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/go-kit/kit/endpoint"
+	httptransport "github.com/go-kit/kit/transport/http"
+)
+
+// AuthError represents an authorization error.
+type AuthError struct {
+	Realm string
+}
+
+// StatusCode is an implementation of the StatusCoder interface in go-kit/http.
+func (AuthError) StatusCode() int {
+	return http.StatusUnauthorized
+}
+
+// Error is an implementation of the Error interface.
+func (AuthError) Error() string {
+	return http.StatusText(http.StatusUnauthorized)
+}
+
+// Headers is an implementation of the Headerer interface in go-kit/http.
+func (e AuthError) Headers() http.Header {
+	return http.Header{
+		"Content-Type":           []string{"text/plain; charset=utf-8"},
+		"X-Content-Type-Options": []string{"nosniff"},
+		"WWW-Authenticate":       []string{fmt.Sprintf(`Basic realm=%q`, e.Realm)},
+	}
+}
+
+// parseBasicAuth parses an HTTP Basic Authentication string.
+// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ([]byte("Aladdin"), []byte("open sesame"), true).
+func parseBasicAuth(auth string) (username, password []byte, ok bool) {
+	const prefix = "Basic "
+	if !strings.HasPrefix(auth, prefix) {
+		return
+	}
+	c, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
+	if err != nil {
+		return
+	}
+
+	s := bytes.IndexByte(c, ':')
+	if s < 0 {
+		return
+	}
+	return c[:s], c[s+1:], true
+}
+
+// Returns a hash of a given slice.
+func toHashSlice(s []byte) []byte {
+	hash := sha256.Sum256(s)
+	return hash[:]
+}
+
+// AuthMiddleware returns a Basic Authentication middleware for a particular user and password.
+func AuthMiddleware(requiredUser, requiredPassword, realm string) endpoint.Middleware {
+	requiredUserBytes := toHashSlice([]byte(requiredUser))
+	requiredPasswordBytes := toHashSlice([]byte(requiredPassword))
+
+	return func(next endpoint.Endpoint) endpoint.Endpoint {
+		return func(ctx context.Context, request interface{}) (interface{}, error) {
+			auth, ok := ctx.Value(httptransport.ContextKeyRequestAuthorization).(string)
+			if !ok {
+				return nil, AuthError{realm}
+			}
+
+			givenUser, givenPassword, ok := parseBasicAuth(auth)
+			if !ok {
+				return nil, AuthError{realm}
+			}
+
+			givenUserBytes := toHashSlice(givenUser)
+			givenPasswordBytes := toHashSlice(givenPassword)
+
+			if subtle.ConstantTimeCompare(givenUserBytes, requiredUserBytes) == 0 ||
+				subtle.ConstantTimeCompare(givenPasswordBytes, requiredPasswordBytes) == 0 {
+				return nil, AuthError{realm}
+			}
+
+			return next(ctx, request)
+		}
+	}
+}

auth/basic/middleware_test.go

@@ -0,0 +1,52 @@
+package basic
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"testing"
+
+	httptransport "github.com/go-kit/kit/transport/http"
+)
+
+func TestWithBasicAuth(t *testing.T) {
+	requiredUser := "test-user"
+	requiredPassword := "test-pass"
+	realm := "test realm"
+
+	type want struct {
+		result interface{}
+		err    error
+	}
+	tests := []struct {
+		name       string
+		authHeader interface{}
+		want       want
+	}{
+		{"Isn't valid with nil header", nil, want{nil, AuthError{realm}}},
+		{"Isn't valid with non-string header", 42, want{nil, AuthError{realm}}},
+		{"Isn't valid without authHeader", "", want{nil, AuthError{realm}}},
+		{"Isn't valid for wrong user", makeAuthString("wrong-user", requiredPassword), want{nil, AuthError{realm}}},
+		{"Isn't valid for wrong password", makeAuthString(requiredUser, "wrong-password"), want{nil, AuthError{realm}}},
+		{"Is valid for correct creds", makeAuthString(requiredUser, requiredPassword), want{true, nil}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.WithValue(context.TODO(), httptransport.ContextKeyRequestAuthorization, tt.authHeader)
+
+			result, err := AuthMiddleware(requiredUser, requiredPassword, realm)(passedValidation)(ctx, nil)
+			if result != tt.want.result || err != tt.want.err {
+				t.Errorf("WithBasicAuth() = result: %v, err: %v, want result: %v, want error: %v", result, err, tt.want.result, tt.want.err)
+			}
+		})
+	}
+}
+
+func makeAuthString(user string, password string) string {
+	data := []byte(fmt.Sprintf("%s:%s", user, password))
+	return fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString(data))
+}
+
+func passedValidation(ctx context.Context, request interface{}) (response interface{}, err error) {
+	return true, nil
+}

auth/jwt/README.md

@@ -13,7 +13,7 @@ will be added to the context via the `jwt.JWTClaimsContextKey`.
 ```go
 import (
 	stdjwt "github.com/dgrijalva/jwt-go"
-	
+
 	"github.com/go-kit/kit/auth/jwt"
 	"github.com/go-kit/kit/endpoint"
 )
@@ -23,7 +23,7 @@ func main() {
 	{
 		kf := func(token *stdjwt.Token) (interface{}, error) { return []byte("SigningString"), nil }
 		exampleEndpoint = MakeExampleEndpoint(service)
-		exampleEndpoint = jwt.NewParser(kf, stdjwt.SigningMethodHS256)(exampleEndpoint)
+		exampleEndpoint = jwt.NewParser(kf, stdjwt.SigningMethodHS256, jwt.StandardClaimsFactory)(exampleEndpoint)
 	}
 }
 ```
@@ -35,7 +35,7 @@ the token string and add it to the context via the `jwt.JWTTokenContextKey`.
 ```go
 import (
 	stdjwt "github.com/dgrijalva/jwt-go"
-	
+
 	"github.com/go-kit/kit/auth/jwt"
 	"github.com/go-kit/kit/endpoint"
 )
@@ -45,9 +45,9 @@ func main() {
 	{
 		exampleEndpoint = grpctransport.NewClient(...).Endpoint()
 		exampleEndpoint = jwt.NewSigner(
-			"kid-header", 
-			[]byte("SigningString"), 
-			stdjwt.SigningMethodHS256, 
+			"kid-header",
+			[]byte("SigningString"),
+			stdjwt.SigningMethodHS256,
 			jwt.Claims{},
 		)(exampleEndpoint)
 	}
@@ -67,7 +67,7 @@ Example of use in a client:
 import (
 	stdjwt "github.com/dgrijalva/jwt-go"
 
-	grpctransport "github.com/go-kit/kit/transport/grpc"	
+	grpctransport "github.com/go-kit/kit/transport/grpc"
 	"github.com/go-kit/kit/auth/jwt"
 	"github.com/go-kit/kit/endpoint"
 )

auth/jwt/middleware.go

@@ -70,21 +70,21 @@ func NewSigner(kid string, key []byte, method jwt.SigningMethod, claims jwt.Clai
 // Useful in NewParser middleware.
 type ClaimsFactory func() jwt.Claims
 
-// MapClaimsFactory is a ClaimsFactory that returns 
+// MapClaimsFactory is a ClaimsFactory that returns
 // an empty jwt.MapClaims.
 func MapClaimsFactory() jwt.Claims {
-    return jwt.MapClaims{}
+	return jwt.MapClaims{}
 }
 
-// StandardClaimsFactory is a ClaimsFactory that returns 
+// StandardClaimsFactory is a ClaimsFactory that returns
 // an empty jwt.StandardClaims.
 func StandardClaimsFactory() jwt.Claims {
-    return &jwt.StandardClaims{}
+	return &jwt.StandardClaims{}
 }
 
 // NewParser creates a new JWT token parsing middleware, specifying a
 // jwt.Keyfunc interface, the signing method and the claims type to be used. NewParser
-// adds the resulting  claims to endpoint context or returns error on invalid token.
+// adds the resulting claims to endpoint context or returns error on invalid token.
 // Particularly useful for servers.
 func NewParser(keyFunc jwt.Keyfunc, method jwt.SigningMethod, newClaims ClaimsFactory) endpoint.Middleware {
 	return func(next endpoint.Endpoint) endpoint.Endpoint {

circle.yml

@@ -2,7 +2,7 @@ machine:
   pre:
     - curl -sSL https://s3.amazonaws.com/circle-downloads/install-circleci-docker.sh | bash -s -- 1.10.0
     - sudo rm -rf /usr/local/go
-    - curl -sSL https://storage.googleapis.com/golang/go1.8.3.linux-amd64.tar.gz | sudo tar xz -C /usr/local
+    - curl -sSL https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz | sudo tar xz -C /usr/local
   services:
     - docker
 

cmd/kitgen/.ignore

@@ -0,0 +1 @@
+testdata/*/*/

cmd/kitgen/arg.go

@@ -0,0 +1,36 @@
+package main
+
+import "go/ast"
+
+type arg struct {
+	name, asField *ast.Ident
+	typ           ast.Expr
+}
+
+func (a arg) chooseName(scope *ast.Scope) *ast.Ident {
+	if a.name == nil || scope.Lookup(a.name.Name) != nil {
+		return inventName(a.typ, scope)
+	}
+	return a.name
+}
+
+func (a arg) field(scope *ast.Scope) *ast.Field {
+	return &ast.Field{
+		Names: []*ast.Ident{a.chooseName(scope)},
+		Type:  a.typ,
+	}
+}
+
+func (a arg) result() *ast.Field {
+	return &ast.Field{
+		Names: nil,
+		Type:  a.typ,
+	}
+}
+
+func (a arg) exported() *ast.Field {
+	return &ast.Field{
+		Names: []*ast.Ident{id(export(a.asField.Name))},
+		Type:  a.typ,
+	}
+}