Add missing comment and re-order a few functions.

heroku · Mar 14, 2024 · 3bd2dfc · 3bd2dfc
1 parent 5b4d8c8
commit 3bd2dfc
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 25 deletions.
diff --git a/dynoid/dynoid.go b/dynoid/dynoid.go
@@ -16,7 +16,10 @@ import (
 )
 
 const (
-	AudienceHeroku = "heroku"
+	DefaultAudience = "heroku"
+
+	//nolint: gosec
+	DefaultTokenPath = "/etc/heroku/dyno_id_token"
 )
 
 // Returned by an IssuerCallback get's an issuer it doesn't trust
@@ -141,18 +144,20 @@ func (t *Token) LogValue() slog.Value {
 	)
 }
 
+// LocalTokenPath returns the path on disk to the token for the given audience
+func LocalTokenPath(audience string) string {
+	if audience == DefaultAudience {
+		return DefaultTokenPath
+	}
+
+	return fmt.Sprintf("/etc/heroku/dyno-id/%s/token", audience)
+}
+
 // ReadLocal reads the local machines token for the given audience
 //
 // Suitable for passing as a bearer token
 func ReadLocal(audience string) (string, error) {
-	//nolint: gosec
-	tokenPath := "/etc/heroku/dyno_id_token"
-
-	if audience != "heroku" {
-		tokenPath = fmt.Sprintf("/etc/heroku/dyno-id/%s/token", audience)
-	}
-
-	rawToken, err := os.ReadFile(tokenPath)
+	rawToken, err := os.ReadFile(LocalTokenPath(audience))
 	if err != nil {
 		return "", err
 	}

diff --git a/hmiddleware/dynoid/dynoid.go b/hmiddleware/dynoid/dynoid.go
@@ -50,6 +50,8 @@ func Authorize(audience string, callback dynoid.IssuerCallback) func(http.Handle
 	}
 }
 
+// AuthorizeSameSpace restricts access to tokens from the same space/issuer for
+// the given audience.
 func AuthorizeSameSpace(audience string) func(http.Handler) http.Handler {
 	token, err := dynoid.ReadLocalToken(context.Background(), audience)
 	if err != nil {
@@ -65,21 +67,19 @@ func AuthorizeSameSpace(audience string) func(http.Handler) http.Handler {
 	})
 }
 
-func internalServerError(format string, v ...any) func(http.Handler) http.Handler {
-	return func(http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			w.WriteHeader(http.StatusInternalServerError)
-			fmt.Fprintf(w, format, v...)
-		})
-	}
-}
-
 // AuthorizeSpace populates the dyno identity and blocks any requests that
 // aren't from one of the given spaces.
 func AuthorizeSpaces(audience, host string, spaces ...string) func(http.Handler) http.Handler {
 	return Authorize(audience, dynoid.AllowHerokuSpace(host, spaces...))
 }
 
+// AddToContext adds the Token to the given context
+func AddToContext(ctx context.Context, token *dynoid.Token, err error) context.Context {
+	ctx = context.WithValue(ctx, DynoIDKey, token)
+	ctx = context.WithValue(ctx, DynoIDErrKey, err)
+	return ctx
+}
+
 // FromContext fetches the Token from the context
 func FromContext(ctx context.Context) (*dynoid.Token, error) {
 	token, _ := ctx.Value(DynoIDKey).(*dynoid.Token)
@@ -88,13 +88,6 @@ func FromContext(ctx context.Context) (*dynoid.Token, error) {
 	return token, err
 }
 
-// AddToContext adds the Token to the given context
-func AddToContext(ctx context.Context, token *dynoid.Token, err error) context.Context {
-	ctx = context.WithValue(ctx, DynoIDKey, token)
-	ctx = context.WithValue(ctx, DynoIDErrKey, err)
-	return ctx
-}
-
 func populateDynoID(audience string, callback dynoid.IssuerCallback) func(*http.Request) *http.Request {
 	verifier := dynoid.NewWithCallback(audience, callback)
 
@@ -119,3 +112,12 @@ func tokenFromHeader(r *http.Request) string {
 	}
 	return ""
 }
+
+func internalServerError(format string, v ...any) func(http.Handler) http.Handler {
+	return func(http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusInternalServerError)
+			fmt.Fprintf(w, format, v...)
+		})
+	}
+}