feat: move templ component from foundations to shield; add bunch of tests

Author: roman-vanesyan

README.md

@@ -1,9 +1,17 @@
 # shield
+
 Shield is a comprehensive opinionated authentication framework for Go, built on Postgres.
 
 It is built on top of sqlc, pgx and supporting SSO, MFA out of the box.
 
-There is no intention to adapt this framework for other stacks.
+## FAQ
+
+<details>
+<summary>Can shield support my stack (mysql, database/sql, etc.), please?</summary>
+
+No, not at the moment. There is no intention to adapt this framework for other stacks in the near future.
+
+</details>
 
 ## LICENSE
 

go.mod

@@ -3,6 +3,7 @@ module go.inout.gg/shield
 go 1.23.1
 
 require (
+	github.com/a-h/templ v0.2.747
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/go-playground/mold/v4 v4.5.0
 	github.com/go-playground/validator/v10 v10.22.0

go.sum

@@ -1,3 +1,5 @@
+github.com/a-h/templ v0.2.747 h1:D0dQ2lxC3W7Dxl6fxQ/1zZHBQslSkTSvl5FxP/CfdKg=
+github.com/a-h/templ v0.2.747/go.mod h1:69ObQIbrcuwPCU32ohNaWce3Cb7qM5GMiqN1K+2yop4=
 github.com/caarlos0/env/v11 v11.1.0 h1:a5qZqieE9ZfzdvbbdhTalRrHT5vu/4V1/ad1Ka6frhI=
 github.com/caarlos0/env/v11 v11.1.0/go.mod h1:LwgkYk1kDvfGpHthrWWLof3Ny7PezzFwS4QrsJdHTMo=
 github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
@@ -29,8 +31,8 @@ github.com/go-webauthn/x v0.1.14 h1:1wrB8jzXAofojJPAaRxnZhRgagvLGnLjhCAwg3kTpT0=
 github.com/go-webauthn/x v0.1.14/go.mod h1:UuVvFZ8/NbOnkDz3y1NaxtUN87pmtpC1PQ+/5BBQRdc=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM=
 github.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=

internal/sliceutil/sliceutil_test.go

@@ -0,0 +1,42 @@
+package sliceutil_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"go.inout.gg/shield/internal/sliceutil"
+)
+
+func TestFilter(t *testing.T) {
+	t.Run("Filter should work", func(t *testing.T) {
+		result := sliceutil.Filter([]string{"even", "odd", "even"}, func(v string) bool {
+			return v == "odd"
+		})
+
+		assert.Equal(t, []string{"odd"}, result)
+	})
+
+	t.Run("Filter should keep the slice", func(t *testing.T) {
+		result := sliceutil.Filter([]int{1, 2, 3, 4}, func(v int) bool {
+			return true
+		})
+
+		assert.Equal(t, []int{1, 2, 3, 4}, result)
+	})
+
+	t.Run("Filter should return empty slice", func(t *testing.T) {
+		result := sliceutil.Filter([]int{1, 2, 3, 4}, func(v int) bool {
+			return false
+		})
+
+		assert.Equal(t, []int{}, result)
+	})
+
+	t.Run("Filter should handle empty slice", func(t *testing.T) {
+		result := sliceutil.Filter([]int{}, func(v int) bool {
+			return true
+		})
+
+		assert.Equal(t, []int{}, result)
+	})
+}

csrf/middleware.go shieldcsrf/middleware.go

@@ -1,6 +1,6 @@
 // Package csrf implements a CSRF protection middleware based on the double
 // submit cookie pattern.
-package csrf
+package shieldcsrf
 
 import (
 	"context"

csrf/middleware_test.go shieldcsrf/middleware_test.go

@@ -1,4 +1,4 @@
-package csrf
+package shieldcsrf
 
 import (
 	"net/http"
@@ -10,17 +10,19 @@ import (
 
 var checksumSecret = "really-long-and-super-protected-checksum-secret"
 
-var safeMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodTrace}
-var unsafeMethods = []string{http.MethodPost, http.MethodPut, http.MethodPatch, http.MethodDelete}
-var testHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-	tok, err := FromRequest(r)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-	}
+var (
+	safeMethods   = []string{http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodTrace}
+	unsafeMethods = []string{http.MethodPost, http.MethodPut, http.MethodPatch, http.MethodDelete}
+	testHandler   = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		tok, err := FromRequest(r)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
 
-	SetToken(w, tok)
-	_, _ = w.Write([]byte("ok"))
-})
+		SetToken(w, tok)
+		_, _ = w.Write([]byte("ok"))
+	})
+)
 
 func TestMethods(t *testing.T) {
 	mux := http.NewServeMux()

shieldcsrf/shieldcsrf.go

@@ -0,0 +1,6 @@
+// Package shieldcsrf provides an HTTP middleware helping to prevent CSRF attacks
+// by employing Double Submit Cookie pattern.
+//
+// Check out https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
+// for more information.
+package shieldcsrf

csrf/csrf.go shieldcsrf/token.go

@@ -1,4 +1,4 @@
-package csrf
+package shieldcsrf
 
 import (
 	"crypto/sha256"

shieldtempl/csrf.go

@@ -0,0 +1,27 @@
+package shieldtempl
+
+import (
+	"context"
+	"io"
+
+	"github.com/a-h/templ"
+	"go.inout.gg/shield/shieldcsrf"
+)
+
+// CsrfToken returns a component that renders a CSRF token as an input field.
+func CsrfToken(name string) templ.Component {
+	return templ.ComponentFunc(func(ctx context.Context, w io.Writer) error {
+		tok, err := shieldcsrf.FromContext(ctx)
+		if err != nil {
+			return err
+		}
+
+		_, err = w.Write(
+			[]byte(
+				"<input type=\"hidden\" name=\"" + name + "\"" + "value=\"" + tok.String() + "\">",
+			),
+		)
+
+		return err
+	})
+}