fastmcpp/tests/server/http_auth.cpp at e90b28cd8498b34182859cc86b3c59f0fafc2115 · 0xeb/fastmcpp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#include "fastmcpp/server/http_server.hpp"
#include "fastmcpp/server/server.hpp"
#include "fastmcpp/util/json.hpp"

#include <cassert>
#include <chrono>
#include <httplib.h>
#include <string>
#include <thread>

int main()
{
    using namespace fastmcpp;
    auto core = std::make_shared<server::Server>();
    core->route("sum", [](const Json& j) { return j.at("a").get<int>() + j.at("b").get<int>(); });

    const int port = 18082;
    const std::string token = "secret-token";
    const std::string origin = "https://example.com";
    server::HttpServerWrapper http{core,  "127.0.0.1", port,
                                   token, origin,      static_cast<size_t>(1024 * 16)};
    if (!http.start())
    {
        std::cerr << "failed to start HTTP server\n";
        return 1;
    }
    std::this_thread::sleep_for(std::chrono::milliseconds(50));

    httplib::Client cli("127.0.0.1", port);

    // Missing auth should be rejected
    auto res = cli.Post("/sum", Json{{"a", 1}, {"b", 2}}.dump(), "application/json");
    if (!res || res->status != 401)
    {
        std::cerr << "expected 401 for missing auth (got "
                  << (res ? std::to_string(res->status) : std::string("no response")) << ")\n";
        http.stop();
        return 1;
    }

    // Authorized request should succeed and include CORS header
    httplib::Headers headers = {{"Authorization", std::string("Bearer ") + token}};
    res = cli.Post("/sum", headers, Json{{"a", 5}, {"b", 7}}.dump(), "application/json");
    if (!res || res->status != 200)
    {
        std::cerr << "expected 200 for authorized request\n";
        http.stop();
        return 1;
    }
    auto out = Json::parse(res->body);
    if (out.get<int>() != 12)
    {
        std::cerr << "unexpected sum result\n";
        http.stop();
        return 1;
    }
    auto cors = res->get_header_value("Access-Control-Allow-Origin");
    if (cors != origin)
    {
        std::cerr << "missing/invalid CORS header\n";
        http.stop();
        return 1;
    }

    http.stop();
    return 0;
}