From 53bd8f39b22614287f3d8ff118324c1d51537f24 Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Mon, 24 Jun 2019 22:26:50 +0200 Subject: [PATCH] add opt-out mechanism via cookie --- docker-compose.yml | 3 ++- shared/http/middleware.go | 4 ++-- shared/http/middleware_test.go | 22 +++++----------------- 3 files changed, 9 insertions(+), 20 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bd6eb49..49ab6ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -55,6 +55,7 @@ services: environment: - SERVER_HOST=http://localhost:8080 - KMS_HOST=http://localhost:8081 + - SCRIPT_HOST=http://localhost:9977 - AUDITORIUM_HOST=http://localhost:9955 script: @@ -69,7 +70,7 @@ services: ports: - 9966:9966 environment: - - VAULT_HOST=http://localhost:9977 + - VAULT_HOST=https://vault-alpha.offen.dev auditorium: build: diff --git a/shared/http/middleware.go b/shared/http/middleware.go index 94d34e4..8de39ad 100644 --- a/shared/http/middleware.go +++ b/shared/http/middleware.go @@ -18,9 +18,9 @@ func ContentTypeMiddleware(next http.Handler, contentType string) http.Handler { }) } -func DoNotTrackMiddleware(next http.Handler) http.Handler { +func OptoutMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if dnt := r.Header.Get("DNT"); dnt == "1" { + if _, err := r.Cookie("optout"); err == nil { w.WriteHeader(http.StatusNoContent) return } diff --git a/shared/http/middleware_test.go b/shared/http/middleware_test.go index 6100238..bb21a4e 100644 --- a/shared/http/middleware_test.go +++ b/shared/http/middleware_test.go @@ -34,14 +34,16 @@ func TestContentTypeMiddleware(t *testing.T) { }) } -func TestDoNotTrackMiddleware(t *testing.T) { - wrapped := DoNotTrackMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { +func TestOptoutMiddleware(t *testing.T) { + wrapped := OptoutMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("hey there")) })) t.Run("with header", func(t *testing.T) { w := httptest.NewRecorder() r := httptest.NewRequest(http.MethodGet, "/", nil) - r.Header.Set("DNT", "1") + r.AddCookie(&http.Cookie{ + Name: "optout", + }) wrapped.ServeHTTP(w, r) if w.Code != http.StatusNoContent { @@ -61,20 +63,6 @@ func TestDoNotTrackMiddleware(t *testing.T) { t.Errorf("Unexpected status code %d", w.Code) } - if w.Body.String() != "hey there" { - t.Errorf("Unexpected response body %s", w.Body.String()) - } - }) - t.Run("with header allowing", func(t *testing.T) { - w := httptest.NewRecorder() - r := httptest.NewRequest(http.MethodGet, "/", nil) - r.Header.Set("DNT", "0") - wrapped.ServeHTTP(w, r) - - if w.Code != http.StatusOK { - t.Errorf("Unexpected status code %d", w.Code) - } - if w.Body.String() != "hey there" { t.Errorf("Unexpected response body %s", w.Body.String()) }