fix: middleware didn't return

3 files changed, 29 insertions, 4 deletions

diff --git a/internal/admin/model.go b/internal/admin/model.go
index bf97b0f..2b97c5a 100644
--- a/internal/admin/model.go
+++ b/internal/admin/model.go
@@ -63,9 +63,13 @@ type GitRepo struct {
 
 // ServerRepos repos that are part of this server instance
 type ServerRepos struct {
-	Name     string     `json:"name"`
-	Version  string     `json:"version"`
-	Repos    []*GitRepo `json:"repos"`
+	// Name of the configuration
+	Name string `json:"name"`
+	// Version of the config file
+	Version string `json:"version"`
+	// Repos a list of repos that are managed
+	Repos []*GitRepo `json:"repos"`
+	// this is set by the cli on start
 	basePath string
 }
 
diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go
index 6763323..abebcdb 100644
--- a/internal/authz/middleware.go
+++ b/internal/authz/middleware.go
@@ -54,6 +54,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		urn, ok := ctx.Value(AuthzUrnKey).(string)
 		if !ok || urn == "" {
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		repo := req.URL.Path
 		action := req.Method
@@ -61,10 +62,12 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		if err != nil {
 			log.Printf("error running enforce %s", err)
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		if !ok {
-			log.Printf("Access denied")
+			log.Printf("Not Authorized - attempted access %s", urn)
 			http.Error(rw, "Access denied", http.StatusForbidden)
+			return
 		}
 		log.Printf("Method %s Url %s", action, repo)
 		next.ServeHTTP(rw, req.WithContext(ctx))
diff --git a/internal/authz/middleware_test.go b/internal/authz/middleware_test.go
index 9ed9081..314c24e 100644
--- a/internal/authz/middleware_test.go
+++ b/internal/authz/middleware_test.go
@@ -1,8 +1,11 @@
 package authz
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
+	"log"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -13,6 +16,10 @@ import (
 func junkTestHandler() http.HandlerFunc {
 	return func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(http.StatusOK)
+		_, err := rw.Write([]byte("Im a body"))
+		if err != nil {
+			log.Fatalf("couldn't write http body %s", err)
+		}
 	}
 }
 
@@ -89,18 +96,21 @@ func TestAuthorization(t *testing.T) {
 		user           string
 		expectedStatus int
 		description    string
+		body           []byte
 	}{
 		{
 			url:            fmt.Sprintf("%s/%s", baseURL, "repo/url"),
 			user:           "uid:jack",
 			expectedStatus: 200,
 			description:    "an authorized action should yield a 200",
+			body:           []byte("Im a body"),
 		},
 		{
 			url:            fmt.Sprintf("%s/%s", baseURL, "repo/url/bar"),
 			user:           "uid:chumba",
 			expectedStatus: 403,
 			description:    "an unauthorized action should yield a 403",
+			body:           []byte("Access denied\n"),
 		},
 	}
 	svcr := admin.NewService(
@@ -120,8 +130,16 @@ func TestAuthorization(t *testing.T) {
 		authHandler.ServeHTTP(recorder, req)
 		result := recorder.Result()
 		defer result.Body.Close()
+		body, err := io.ReadAll(result.Body)
+		if err != nil {
+			t.Fatal("couldn't read response body")
+		}
+
 		if result.StatusCode != tc.expectedStatus {
 			t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.expectedStatus, result.StatusCode)
 		}
+		if !bytes.Equal(body, tc.body) {
+			t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.body, body)
+		}
 	}
 }