-- 14_http_auth.sql: HTTP authentication configuration validation -- pg_regress test for ulak -- ============================================================================ -- BEARER AUTH: VALID CONFIG -- ============================================================================ SELECT ulak.create_endpoint('auth_bearer', 'http', '{ "url": "http://localhost:9999/bearer", "auth": {"type": "bearer", "token": "eyJhbGciOiJSUzI1NiJ9.test"} }'::jsonb) IS NOT NULL AS bearer_ok; INFO: [ulak] Created endpoint with ID 27 bearer_ok ----------- t (1 row) -- ============================================================================ -- BASIC AUTH: VALID CONFIG -- ============================================================================ SELECT ulak.create_endpoint('auth_basic', 'http', '{ "url": "http://localhost:9999/basic", "auth": {"type": "basic", "username": "admin", "password": "secret123"} }'::jsonb) IS NOT NULL AS basic_ok; INFO: [ulak] Created endpoint with ID 28 basic_ok ---------- t (1 row) -- ============================================================================ -- OAUTH2: VALID CONFIG -- ============================================================================ SELECT ulak.create_endpoint('auth_oauth2', 'http', '{ "url": "http://localhost:9999/oauth", "auth": { "type": "oauth2", "token_url": "https://auth.example.com/oauth/token", "client_id": "my-client-id", "client_secret": "my-client-secret", "scope": "messages:write" } }'::jsonb) IS NOT NULL AS oauth2_ok; INFO: [ulak] Created endpoint with ID 29 oauth2_ok ----------- t (1 row) -- ============================================================================ -- AWS SIGV4: VALID CONFIG -- ============================================================================ SELECT ulak.create_endpoint('auth_sigv4', 'http', '{ "url": "http://localhost:9999/aws", "auth": { "type": "aws_sigv4", "access_key": "AKIAIOSFODNN7EXAMPLE", "secret_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "region": "us-east-1", "service": "sqs" } }'::jsonb) IS NOT NULL AS sigv4_ok; INFO: [ulak] Created endpoint with ID 30 sigv4_ok ---------- t (1 row) -- ============================================================================ -- AWS SIGV4 WITH SESSION TOKEN -- ============================================================================ SELECT ulak.create_endpoint('auth_sigv4_sts', 'http', '{ "url": "http://localhost:9999/aws-sts", "auth": { "type": "aws_sigv4", "access_key": "ASIATEMPORARY", "secret_key": "tempSecret", "region": "eu-west-1", "service": "lambda", "session_token": "FwoGZXIv..." } }'::jsonb) IS NOT NULL AS sigv4_sts_ok; INFO: [ulak] Created endpoint with ID 31 sigv4_sts_ok -------------- t (1 row) -- ============================================================================ -- INVALID: MISSING REQUIRED FIELDS -- ============================================================================ -- Bearer without token SELECT ulak.validate_endpoint_config('http', '{ "url": "http://localhost:9999/test", "auth": {"type": "bearer"} }'::jsonb) AS bearer_no_token; WARNING: [ulak] Bearer auth requires 'token' WARNING: [ulak] ERROR: Invalid HTTP auth configuration bearer_no_token ----------------- f (1 row) -- Basic without password SELECT ulak.validate_endpoint_config('http', '{ "url": "http://localhost:9999/test", "auth": {"type": "basic", "username": "admin"} }'::jsonb) AS basic_no_password; WARNING: [ulak] Basic auth requires 'username' and 'password' WARNING: [ulak] ERROR: Invalid HTTP auth configuration basic_no_password ------------------- f (1 row) -- OAuth2 without client_secret SELECT ulak.validate_endpoint_config('http', '{ "url": "http://localhost:9999/test", "auth": {"type": "oauth2", "token_url": "https://auth.example.com/token", "client_id": "id"} }'::jsonb) AS oauth2_no_secret; WARNING: [ulak] OAuth2 auth requires 'token_url', 'client_id', 'client_secret' WARNING: [ulak] ERROR: Invalid HTTP auth configuration oauth2_no_secret ------------------ f (1 row) -- SigV4 without region SELECT ulak.validate_endpoint_config('http', '{ "url": "http://localhost:9999/test", "auth": {"type": "aws_sigv4", "access_key": "AK", "secret_key": "SK", "service": "sqs"} }'::jsonb) AS sigv4_no_region; WARNING: [ulak] AWS SigV4 auth requires 'access_key', 'secret_key', 'region', 'service' WARNING: [ulak] ERROR: Invalid HTTP auth configuration sigv4_no_region ----------------- f (1 row) -- ============================================================================ -- INVALID: UNKNOWN AUTH TYPE -- ============================================================================ SELECT ulak.validate_endpoint_config('http', '{ "url": "http://localhost:9999/test", "auth": {"type": "kerberos"} }'::jsonb) AS unknown_type; WARNING: [ulak] Unknown auth type: 'kerberos' WARNING: [ulak] ERROR: Invalid HTTP auth configuration unknown_type -------------- f (1 row) -- ============================================================================ -- INVALID: MISSING AUTH TYPE -- ============================================================================ SELECT ulak.validate_endpoint_config('http', '{ "url": "http://localhost:9999/test", "auth": {"token": "something"} }'::jsonb) AS missing_type; WARNING: [ulak] Auth config missing 'type' field WARNING: [ulak] ERROR: Invalid HTTP auth configuration missing_type -------------- f (1 row) -- ============================================================================ -- BACKWARD COMPATIBLE: NO AUTH KEY -- ============================================================================ SELECT ulak.create_endpoint('no_auth_ep', 'http', '{ "url": "http://localhost:9999/noauth" }'::jsonb) IS NOT NULL AS no_auth_ok; INFO: [ulak] Created endpoint with ID 32 no_auth_ok ------------ t (1 row) -- ============================================================================ -- AUTH + SIGNING SECRET (both work together) -- ============================================================================ SELECT ulak.create_endpoint('auth_plus_signing', 'http', '{ "url": "http://localhost:9999/both", "signing_secret": "whsec_test123", "auth": {"type": "bearer", "token": "my-token"} }'::jsonb) IS NOT NULL AS auth_plus_signing_ok; INFO: [ulak] Created endpoint with ID 33 auth_plus_signing_ok ---------------------- t (1 row) -- ============================================================================ -- AUTH + CLOUDEVENTS + RATE LIMIT (all features combined) -- ============================================================================ SELECT ulak.create_endpoint('auth_all_features', 'http', '{ "url": "http://localhost:9999/all", "auth": {"type": "basic", "username": "user", "password": "pass"}, "cloudevents": true, "cloudevents_mode": "binary", "rate_limit": {"limit": 10, "interval": "second", "burst": 20} }'::jsonb) IS NOT NULL AS all_features_ok; INFO: [ulak] Created endpoint with ID 34 all_features_ok ----------------- t (1 row) -- ============================================================================ -- CLEANUP -- ============================================================================ SELECT ulak.drop_endpoint('auth_bearer'); INFO: [ulak] Dropped endpoint 'auth_bearer' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('auth_basic'); INFO: [ulak] Dropped endpoint 'auth_basic' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('auth_oauth2'); INFO: [ulak] Dropped endpoint 'auth_oauth2' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('auth_sigv4'); INFO: [ulak] Dropped endpoint 'auth_sigv4' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('auth_sigv4_sts'); INFO: [ulak] Dropped endpoint 'auth_sigv4_sts' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('no_auth_ep'); INFO: [ulak] Dropped endpoint 'no_auth_ep' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('auth_plus_signing'); INFO: [ulak] Dropped endpoint 'auth_plus_signing' drop_endpoint --------------- t (1 row) SELECT ulak.drop_endpoint('auth_all_features'); INFO: [ulak] Dropped endpoint 'auth_all_features' drop_endpoint --------------- t (1 row)