Add explicit deadline for auth request

An explicit timeout is passed to the handler and a new unit test proves that the functionality is in place. A additional return statement was needed in the handler as pointed out by @stefanprodan. Signed-off-by: Alex Ellis <alexellis2@gmail.com>
2025-06-10 09:16:48 +00:00 · 2019-06-05 13:08:55 +01:00 · 2019-06-05 13:08:55 +01:00 · 35508ac70b
commit 35508ac70b
parent a66097a9f9
2 changed files with 59 additions and 16 deletions
--- a/gateway/handlers/external_auth.go
+++ b/gateway/handlers/external_auth.go
@ -1 +1,37 @@
 package handlers
+
+import (
+	"context"
+	"net/http"
+	"time"
+)
+
+// MakeExternalAuthHandler make an authentication proxy handler
+func MakeExternalAuthHandler(next http.HandlerFunc, upstreamTimeout time.Duration, upstreamURL string, passBody bool) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		req, _ := http.NewRequest(http.MethodGet, upstreamURL, nil)
+
+		deadlineContext, cancel := context.WithDeadline(
+			context.Background(),
+			time.Now().Add(upstreamTimeout))
+
+		defer cancel()
+
+		res, err := http.DefaultClient.Do(req.WithContext(deadlineContext))
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+
+		if res.Body != nil {
+			defer res.Body.Close()
+		}
+
+		if res.StatusCode == http.StatusOK {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		w.WriteHeader(res.StatusCode)
+	}
+}
--- a/gateway/handlers/external_auth_test.go
+++ b/gateway/handlers/external_auth_test.go
@ -4,6 +4,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 )

 func Test_External_Auth_Wrapper_FailsInvalidAuth(t *testing.T) {
@ -18,7 +19,7 @@ func Test_External_Auth_Wrapper_FailsInvalidAuth(t *testing.T) {
 	}

 	passBody := false
-	handler := MakeExternalAuthHandler(next, s.URL, passBody)
+	handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)

 	req := httptest.NewRequest(http.MethodGet, s.URL, nil)
 	rr := httptest.NewRecorder()
@ -41,7 +42,7 @@ func Test_External_Auth_Wrapper_PassesValidAuth(t *testing.T) {
 	}

 	passBody := false
-	handler := MakeExternalAuthHandler(next, s.URL, passBody)
+	handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)

 	req := httptest.NewRequest(http.MethodGet, s.URL, nil)
 	rr := httptest.NewRecorder()
@ -52,21 +53,27 @@ func Test_External_Auth_Wrapper_PassesValidAuth(t *testing.T) {
 	}
 }

-func MakeExternalAuthHandler(next http.HandlerFunc, upstreamURL string, passBody bool) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		req, _ := http.NewRequest(http.MethodGet, upstreamURL, nil)
+func Test_External_Auth_Wrapper_TimeoutGivesInternalServerError(t *testing.T) {

-		res, err := http.DefaultClient.Do(req)
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-		}
-		if res.Body != nil {
-			defer res.Body.Close()
-		}
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		time.Sleep(50 * time.Millisecond)
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer s.Close()

-		if res.StatusCode == http.StatusOK {
-			next.ServeHTTP(w, r)
-		}
-		w.WriteHeader(res.StatusCode)
+	next := func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusNotImplemented)
+	}
+
+	passBody := false
+	handler := MakeExternalAuthHandler(next, time.Millisecond*10, s.URL, passBody)
+
+	req := httptest.NewRequest(http.MethodGet, s.URL, nil)
+	rr := httptest.NewRecorder()
+	handler(rr, req)
+
+	want := http.StatusInternalServerError
+	if rr.Code != want {
+		t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
 	}
 }