Http Input support unauthenticated test connection / health check (#96)

* allow GET requests with empty bodies to bypass auth for test connection / healthchecks * Test GET with payload and POST with empty payload
observIQ · Oct 18, 2021 · 9866f27 · 9866f27
1 parent bd03d66
commit 9866f27
Show file tree

Hide file tree

Showing 3 changed files with 131 additions and 3 deletions.
diff --git a/pkg/receiver/operators/input/http/auth.go b/pkg/receiver/operators/input/http/auth.go
@@ -14,6 +14,11 @@ type authToken struct {
 
 func (a authToken) auth(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// GET requests without a body do not require auth
+		if r.Method == http.MethodGet && r.Body == http.NoBody {
+			return
+		}
+
 		token := r.Header.Get(a.tokenHeader)
 
 		for _, validToken := range a.tokens {
@@ -37,6 +42,11 @@ type authBasic struct {
 
 func (a authBasic) auth(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// GET requests without a body do not require auth
+		if r.Method == http.MethodGet && r.Body == http.NoBody {
+			return
+		}
+
 		u, p, ok := r.BasicAuth()
 		if ok {
 			if u == a.username && p == a.password {

diff --git a/pkg/receiver/operators/input/http/operator.go b/pkg/receiver/operators/input/http/operator.go
@@ -53,18 +53,18 @@ func (t *HTTPInput) Stop() error {
 
 // goListenn will listen for http connections.
 func (t *HTTPInput) goListen(ctx context.Context) {
-	entryCreateMethods := []string{"POST", "PUT"}
+	entryCreateMethods := []string{http.MethodPost, http.MethodPut}
 
 	m := mux.NewRouter()
 	m.HandleFunc("/", t.goHandleMessages).Methods(entryCreateMethods...)
+	m.HandleFunc("/", t.health).Methods(http.MethodGet)
+	m.HandleFunc("/health", t.health).Methods(http.MethodGet)
 
 	if t.auth != nil {
 		t.Debugf("using authentication middleware: %s", t.auth.name())
 		m.Use(t.auth.auth)
 	}
 
-	m.HandleFunc("/health", t.health).Methods("GET")
-
 	t.server.Handler = m
 
 	// shutdown go routine waits for a canceled context before stopping the server

diff --git a/pkg/receiver/operators/input/http/operator_test.go b/pkg/receiver/operators/input/http/operator_test.go
@@ -223,6 +223,65 @@ func TestServerBasicAuth(t *testing.T) {
 			}(),
 			403,
 		},
+		{
+			"auth-not-required",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+				req, _ := http.NewRequest("GET", u.String(), nil)
+				return req
+			}(),
+			200,
+		},
+		{
+			"auth-required",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+				req, _ := http.NewRequest("POST", u.String(), nil)
+				return req
+			}(),
+			403,
+		},
+		{
+			"auth-required-get",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+
+				raw := map[string]interface{}{
+					"message": "this is a basic event",
+				}
+				b, _ := json.Marshal(raw)
+				buf := bytes.NewBuffer(b)
+
+				req, _ := http.NewRequest("GET", u.String(), buf)
+				return req
+			}(),
+			403,
+		},
+		{
+			"auth-not-required-health",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+				req, _ := http.NewRequest("GET", u.String(), nil)
+				return req
+			}(),
+			200,
+		},
 		{
 			"valid",
 			func() *http.Request {
@@ -354,6 +413,65 @@ func TestServerTokenAuth(t *testing.T) {
 			}(),
 			201,
 		},
+		{
+			"auth-not-required",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+				req, _ := http.NewRequest("GET", u.String(), nil)
+				return req
+			}(),
+			200,
+		},
+		{
+			"auth-not-required-health",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/health",
+				}
+				req, _ := http.NewRequest("GET", u.String(), nil)
+				return req
+			}(),
+			200,
+		},
+		{
+			"auth-required",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+				req, _ := http.NewRequest("POST", u.String(), nil)
+				return req
+			}(),
+			403,
+		},
+		{
+			"auth-required-get",
+			func() *http.Request {
+				u := url.URL{
+					Scheme: "http",
+					Host:   cfg.ListenAddress,
+					Path:   "/",
+				}
+
+				raw := map[string]interface{}{
+					"message": "this is a basic event",
+				}
+				b, _ := json.Marshal(raw)
+				buf := bytes.NewBuffer(b)
+
+				req, _ := http.NewRequest("GET", u.String(), buf)
+				return req
+			}(),
+			403,
+		},
 		{
 			"test-token2",
 			func() *http.Request {