pr comments

0xsequence · Oct 25, 2024 · bd7a5d1 · bd7a5d1
1 parent cb1f212
commit bd7a5d1
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 17 deletions.
diff --git a/http.go b/http.go
@@ -12,11 +12,16 @@ import (
 	"github.com/lestrrat-go/jwx/v2/jwt"
 )
 
+const (
+	defaultExpiration time.Duration = 30 * time.Second
+	acceptableSkew    time.Duration = 2 * time.Minute
+)
+
 type S2SClientConfig struct {
-	ServiceName   string
-	JWTSecret     string
-	DebugRequests bool
-	Expiration    time.Duration
+	ServiceName     string
+	JWTSecret       string
+	DebugRequests   bool
+	TokenExpiration time.Duration
 }
 
 func (cfg *S2SClientConfig) Validate() error {
@@ -40,7 +45,7 @@ func S2SClient(cfg *S2SClientConfig) (*http.Client, error) {
 	tokenCfg := &S2STokenConfig{
 		JWTSecret:   cfg.JWTSecret,
 		ServiceName: cfg.ServiceName,
-		Expiration:  cfg.Expiration,
+		Expiration:  cfg.TokenExpiration,
 	}
 
 	httpClient := &http.Client{
@@ -60,11 +65,6 @@ func s2sAuthHeader(cfg *S2STokenConfig) func(req *http.Request) string {
 	}
 }
 
-const (
-	defaultExpiration time.Duration = 30 * time.Second
-	acceptableSkew    time.Duration = 2 * time.Minute
-)
-
 type S2STokenConfig struct {
 	JWTSecret   string
 	ServiceName string

diff --git a/http_test.go b/http_test.go
@@ -18,9 +18,9 @@ func TestS2SClient(t *testing.T) {
 	serviceName := "test-service-name"
 
 	cfg := &authcontrol.S2SClientConfig{
-		JWTSecret:   secret,
-		ServiceName: serviceName,
-		Expiration:  10 * time.Second,
+		JWTSecret:       secret,
+		ServiceName:     serviceName,
+		TokenExpiration: 10 * time.Second,
 	}
 
 	err := cfg.Validate()

diff --git a/middleware_test.go b/middleware_test.go
@@ -219,11 +219,13 @@ func TestInvalid(t *testing.T) {
 	assert.False(t, ok)
 	assert.ErrorIs(t, err, proto.ErrUnauthorized)
 
-	claims := map[string]any{"service": "client_service"}
-	jwtAuth = jwtauth.New("HS256", []byte(secret), nil)
-	_, jwt, _ = jwtAuth.Encode(claims)
-
 	// Valid Request
+	cfg := &authcontrol.S2STokenConfig{
+		JWTSecret:   secret,
+		ServiceName: ServiceName,
+	}
+	jwt = authcontrol.S2SToken(cfg)
+
 	ok, err = executeRequest(t, ctx, r, fmt.Sprintf("/rpc/%s/%s", ServiceName, MethodName), AccessKey, &jwt)
 	assert.True(t, ok)
 	assert.NoError(t, err)
@@ -249,6 +251,7 @@ func TestInvalid(t *testing.T) {
 	assert.ErrorIs(t, err, proto.ErrUnauthorized)
 
 	// Expired JWT Token
+	claims := map[string]any{"service": ServiceName}
 	claims["exp"] = time.Now().Add(-time.Second).Unix()
 	jwtAuth = jwtauth.New("HS256", []byte(secret), nil)
 	_, expiredJWT, _ := jwtAuth.Encode(claims)