18690754649

Committed 21 Oct 2025 04:27PM UTC coverage: 53.953% (+0.02%) from 53.929%

Build # 18690754649

Build Type

push

github

Committed by

web-flow

Commit Message

endpoints: add paths (#5888)

## Summary
Add additional paths to the `endpoints` package.


## Checklist

- [ ] reference any related issues
- [x] updated unit tests
- [x] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [x] ready for review

Run Details

60 of 76 new or added lines in 22 files covered. (78.95%)

8 existing lines in 5 files now uncovered.

27424 of 50829 relevant lines covered (53.95%)

86.61 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pkg/authenticateapi/authenticateapi.go

// Package authenticateapi has the types and methods for the authenticate api.
package authenticateapi

import (
        "bytes"
        "context"
        "encoding/json"
        "fmt"
        "io"
        "net/http"
        "net/url"

        "github.com/pomerium/pomerium/internal/jwtutil"
        "github.com/pomerium/pomerium/pkg/endpoints"
)

// VerifyAccessTokenRequest is used to verify access tokens.
type VerifyAccessTokenRequest struct {
        AccessToken        string `json:"accessToken"`
        IdentityProviderID string `json:"identityProviderId,omitempty"`
}

// VerifyIdentityTokenRequest is used to verify identity tokens.
type VerifyIdentityTokenRequest struct {
        IdentityToken      string `json:"identityToken"`
        IdentityProviderID string `json:"identityProviderId,omitempty"`
}

// VerifyTokenResponse is the result of verifying an access or identity token.
type VerifyTokenResponse struct {
        Valid  bool           `json:"valid"`
        Claims jwtutil.Claims `json:"claims,omitempty"`
}

// An API is an api client for the authenticate service.
type API struct {
        authenticateURL *url.URL
        transport       http.RoundTripper
}

// New creates a new API client.
func New(
        authenticateURL *url.URL,
        transport http.RoundTripper,
) *API {
        return &API{
                authenticateURL: authenticateURL,
                transport:       transport,
        }
}

// VerifyAccessToken verifies an access token.
func (api *API) VerifyAccessToken(ctx context.Context, request *VerifyAccessTokenRequest) (*VerifyTokenResponse, error) {
        var response VerifyTokenResponse
        err := api.call(ctx, endpoints.SubPathVerifyAccessToken, request, &response)
        if err != nil {
                return nil, err
        }
        return &response, nil
}

// VerifyIdentityToken verifies an identity token.
func (api *API) VerifyIdentityToken(ctx context.Context, request *VerifyIdentityTokenRequest) (*VerifyTokenResponse, error) {
        var response VerifyTokenResponse
        err := api.call(ctx, endpoints.SubPathVerifyIdentityToken, request, &response)
        if err != nil {
                return nil, err
        }
        return &response, nil
}

func (api *API) call(
        ctx context.Context,
        endpoint string,
        request, response any,
) error {
        u := api.authenticateURL.ResolveReference(&url.URL{
                Path: endpoints.PathPomeriumDashboard + "/" + endpoint,
        })

        body, err := json.Marshal(request)
        if err != nil {
                return fmt.Errorf("error marshaling %s http request: %w", endpoint, err)
        }

        req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.String(), bytes.NewReader(body))
        if err != nil {
                return fmt.Errorf("error creating %s http request: %w", endpoint, err)
        }

        res, err := (&http.Client{
                Transport: api.transport,
        }).Do(req)
        if err != nil {
                return fmt.Errorf("error executing %s http request: %w", endpoint, err)
        }
        defer res.Body.Close()

        body, err = io.ReadAll(res.Body)
        if err != nil {
                return fmt.Errorf("error reading %s http response: %w", endpoint, err)
        }

        err = json.Unmarshal(body, &response)
        if err != nil {
                return fmt.Errorf("error reading %s http response (body=%s): %w", endpoint, body, err)
        }

        return nil
}

1	// Package authenticateapi has the types and methods for the authenticate api.
2	package authenticateapi
3
4	import (
5	"bytes"
6	"context"
7	"encoding/json"
8	"fmt"
9	"io"
10	"net/http"
11	"net/url"
12
13	"github.com/pomerium/pomerium/internal/jwtutil"
14	"github.com/pomerium/pomerium/pkg/endpoints"
15	)
16
17	// VerifyAccessTokenRequest is used to verify access tokens.
18	type VerifyAccessTokenRequest struct {
19	AccessToken string `json:"accessToken"`
20	IdentityProviderID string `json:"identityProviderId,omitempty"`
21	}
22
23	// VerifyIdentityTokenRequest is used to verify identity tokens.
24	type VerifyIdentityTokenRequest struct {
25	IdentityToken string `json:"identityToken"`
26	IdentityProviderID string `json:"identityProviderId,omitempty"`
27	}
28
29	// VerifyTokenResponse is the result of verifying an access or identity token.
30	type VerifyTokenResponse struct {
31	Valid bool `json:"valid"`
32	Claims jwtutil.Claims `json:"claims,omitempty"`
33	}
34
35	// An API is an api client for the authenticate service.
36	type API struct {
37	authenticateURL *url.URL
38	transport http.RoundTripper
39	}
40
41	// New creates a new API client.
42	func New(
43	authenticateURL *url.URL,
44	transport http.RoundTripper,
45	) *API {	×
46	return &API{	×
47	authenticateURL: authenticateURL,	×
48	transport: transport,	×
49	}	×
50	}	×
51
52	// VerifyAccessToken verifies an access token.
53	func (api API) VerifyAccessToken(ctx context.Context, request VerifyAccessTokenRequest) (*VerifyTokenResponse, error) {	×
54	var response VerifyTokenResponse	×
NEW 55	err := api.call(ctx, endpoints.SubPathVerifyAccessToken, request, &response)	×
56	if err != nil {	×
57	return nil, err	×
58	}	×
59	return &response, nil	×
60	}
61
62	// VerifyIdentityToken verifies an identity token.
63	func (api API) VerifyIdentityToken(ctx context.Context, request VerifyIdentityTokenRequest) (*VerifyTokenResponse, error) {	×
64	var response VerifyTokenResponse	×
NEW 65	err := api.call(ctx, endpoints.SubPathVerifyIdentityToken, request, &response)	×
66	if err != nil {	×
67	return nil, err	×
68	}	×
69	return &response, nil	×
70	}
71
72	func (api *API) call(
73	ctx context.Context,
74	endpoint string,
75	request, response any,
76	) error {	×
77	u := api.authenticateURL.ResolveReference(&url.URL{	×
NEW 78	Path: endpoints.PathPomeriumDashboard + "/" + endpoint,	×
79	})	×
80		×
81	body, err := json.Marshal(request)	×
82	if err != nil {	×
83	return fmt.Errorf("error marshaling %s http request: %w", endpoint, err)	×
84	}	×
85
86	req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.String(), bytes.NewReader(body))	×
87	if err != nil {	×
88	return fmt.Errorf("error creating %s http request: %w", endpoint, err)	×
89	}	×
90
91	res, err := (&http.Client{	×
92	Transport: api.transport,	×
93	}).Do(req)	×
94	if err != nil {	×
95	return fmt.Errorf("error executing %s http request: %w", endpoint, err)	×
96	}	×
97	defer res.Body.Close()	×
98		×
99	body, err = io.ReadAll(res.Body)	×
100	if err != nil {	×
101	return fmt.Errorf("error reading %s http response: %w", endpoint, err)	×
102	}	×
103
104	err = json.Unmarshal(body, &response)	×
105	if err != nil {	×
106	return fmt.Errorf("error reading %s http response (body=%s): %w", endpoint, body, err)	×
107	}	×
108
109	return nil	×
110	}

pomerium / pomerium / 18690754649

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous