fix: middleware didn't return

7 files changed, 56 insertions, 42 deletions

diff --git a/README.md b/README.md
index d69dca3..c109e41 100644
--- a/README.md
+++ b/README.md
@@ -19,24 +19,7 @@ The current focus is for a single user and CI user(s) and intends to become self
 Tools like gitea are great, but they require things like a DBMS. This increases hosting comlexity and maintenance especially for small teams or single user bases.
 
 
-### Admin events
 
-triggered by handler?
-triggered by hooks?
-
-* [ ] new repo
-* [ ] admin push
-
-### Git Mgmt
-
-* [ ] git web export
-* [ ] web description
-
-### Policy Mgmt
-
-* [x] policy generate
-* [x] upsert policies
-
-## Hooks
-
-what's the env for this?
+# TODO
+- [ ] Refactor config to be a versioned model
+- [ ] hooks env?
\ No newline at end of file
diff --git a/cmd/main.go b/cmd/main.go
index 38c3724..84d2fa0 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -25,7 +25,6 @@ var (
 
 func main() {
 	flag.Parse()
-	print(reposDir)
 	if newToken {
 		token, hash, err := authz.GenerateNewToken()
 		if err != nil {
diff --git a/gitserver.yaml b/gitserver.yaml
index 5640200..70d8eed 100644
--- a/gitserver.yaml
+++ b/gitserver.yaml
@@ -2,18 +2,18 @@
 name: "go-git-server"
 version: "v1alpha1"
 repos:
-  - name: mgmt
-    public: false
-    permissions:
-      - role: admin
-        mode: 1
-  - name: testmerepo
-    public: true
-    git_web_config:
-      owner: grumps
-      description: >-
-        A wrapper to git http-backend providing authentcation and authorization
-        inspired by gitolite.
-    permissions:
-      - role: maintainers
-        mode: 1
+- name: mgmt
+  public: false
+  permissions:
+  - role: admin
+    mode: 1
+- name: testmerepo
+  public: true
+  git_web_config:
+    owner: grumps
+    description: >-
+      A wrapper to git http-backend providing authentcation and authorization
+      inspired by gitolite.
+  permissions:
+  - role: maintainers
+    mode: 1
diff --git a/internal/admin/model.go b/internal/admin/model.go
index bf97b0f..2b97c5a 100644
--- a/internal/admin/model.go
+++ b/internal/admin/model.go
@@ -63,9 +63,13 @@ type GitRepo struct {
 
 // ServerRepos repos that are part of this server instance
 type ServerRepos struct {
-	Name     string     `json:"name"`
-	Version  string     `json:"version"`
-	Repos    []*GitRepo `json:"repos"`
+	// Name of the configuration
+	Name string `json:"name"`
+	// Version of the config file
+	Version string `json:"version"`
+	// Repos a list of repos that are managed
+	Repos []*GitRepo `json:"repos"`
+	// this is set by the cli on start
 	basePath string
 }
 
diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go
index 6763323..abebcdb 100644
--- a/internal/authz/middleware.go
+++ b/internal/authz/middleware.go
@@ -54,6 +54,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		urn, ok := ctx.Value(AuthzUrnKey).(string)
 		if !ok || urn == "" {
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		repo := req.URL.Path
 		action := req.Method
@@ -61,10 +62,12 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		if err != nil {
 			log.Printf("error running enforce %s", err)
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		if !ok {
-			log.Printf("Access denied")
+			log.Printf("Not Authorized - attempted access %s", urn)
 			http.Error(rw, "Access denied", http.StatusForbidden)
+			return
 		}
 		log.Printf("Method %s Url %s", action, repo)
 		next.ServeHTTP(rw, req.WithContext(ctx))
diff --git a/internal/authz/middleware_test.go b/internal/authz/middleware_test.go
index 9ed9081..314c24e 100644
--- a/internal/authz/middleware_test.go
+++ b/internal/authz/middleware_test.go
@@ -1,8 +1,11 @@
 package authz
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
+	"log"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -13,6 +16,10 @@ import (
 func junkTestHandler() http.HandlerFunc {
 	return func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(http.StatusOK)
+		_, err := rw.Write([]byte("Im a body"))
+		if err != nil {
+			log.Fatalf("couldn't write http body %s", err)
+		}
 	}
 }
 
@@ -89,18 +96,21 @@ func TestAuthorization(t *testing.T) {
 		user           string
 		expectedStatus int
 		description    string
+		body           []byte
 	}{
 		{
 			url:            fmt.Sprintf("%s/%s", baseURL, "repo/url"),
 			user:           "uid:jack",
 			expectedStatus: 200,
 			description:    "an authorized action should yield a 200",
+			body:           []byte("Im a body"),
 		},
 		{
 			url:            fmt.Sprintf("%s/%s", baseURL, "repo/url/bar"),
 			user:           "uid:chumba",
 			expectedStatus: 403,
 			description:    "an unauthorized action should yield a 403",
+			body:           []byte("Access denied\n"),
 		},
 	}
 	svcr := admin.NewService(
@@ -120,8 +130,16 @@ func TestAuthorization(t *testing.T) {
 		authHandler.ServeHTTP(recorder, req)
 		result := recorder.Result()
 		defer result.Body.Close()
+		body, err := io.ReadAll(result.Body)
+		if err != nil {
+			t.Fatal("couldn't read response body")
+		}
+
 		if result.StatusCode != tc.expectedStatus {
 			t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.expectedStatus, result.StatusCode)
 		}
+		if !bytes.Equal(body, tc.body) {
+			t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.body, body)
+		}
 	}
 }
diff --git a/justfile b/justfile
index db5bd05..8f30dbd 100644
--- a/justfile
+++ b/justfile
@@ -1,12 +1,19 @@
 TEMPDIR := `mktemp -d`
+alias dr := debug-run
+alias dt := debug-test
 
 build:
     CGO=0 go build -o go-git-server cmd/main.go
 
+run:
+    go run cmd/main.go -s {{justfile_directory()}}/gitserver.yaml -r $(mktemp -d)
+
 test:
     golangci-lint run
     go test -v -coverprofile={{ TEMPDIR }}/testcover.out ./...
     go tool cover -func={{ TEMPDIR }}/testcover.out
+debug-run:
+    dlv debug cmd/main.go -- -s {{justfile_directory()}}/gitserver.yaml -r $(mktemp -d) 
 
-debug-test:
-    dlv test -- -test.v
+debug-test pkg:
+    dlv test {{pkg}} -- -test.v