code.oscarkilo.com/okg #31cd1822b906fe1816ea2f4e3fd0d680ffaf988d

Hash:

31cd1822b906fe1816ea2f4e3fd0d680ffaf988d

Author:

Date:

Thu Jun 4 21:12:57 2026 -0400

Message:

okg: add `okg authz {list,set,delete}` Three commands wrapping //who's /authz endpoints: okg authz list GET /authz/list okg authz set URI O R POST /authz/set okg authz delete URI POST /authz/delete `list` prints a tabwriter table of URI / OWNER / READER / YOU (your effective rights — owner+reader/owner/reader/-), or --json for the raw response. //okg/who gains the matching types: User (lightweight owid+username), AuthzEntry, AuthzSetRequest, AuthzDeleteRequest; plus ListAuthz/SetAuthz/DeleteAuthz methods. Note that //who's public /authz/set requires non-empty owner and reader usernames — the "anyone" sentinel isn't honored from outside. Public-read chat channels are a server-side gap to revisit. With this commit the agent has the full toolkit to set up a chat channel: create a group, add members, then set authz on chat://<group>#{post,read,...}. Chat send/search comes next.

diff --git a/README.md b/README.md
index 3639d4d..eb2bd9e 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,10 @@ okg group remove-member GROUP USER [USER ...]
okg group members GROUP [--json]
okg group delete NAME

+okg authz list [--json]
+okg authz set URI OWNER READER
+okg authz delete URI
+
okg embed [--model NAME] [--dims N] [--full-path]
(reads stdin → vectors on stdout)
okg one [--model NAME] [--system-file FILE] \
diff --git a/authz.go b/authz.go
new file mode 100644
index 0000000..351ecf4
--- /dev/null
+++ b/authz.go
@@ -0,0 +1,141 @@
+package main
+
+import "encoding/json"
+import "flag"
+import "fmt"
+import "os"
+import "text/tabwriter"
+
+import "oscarkilo.com/okg/who"
+
+func runAuthz(args []string) error {
+ if len(args) == 0 {
+ return fmt.Errorf(
+ "usage: okg authz SUBCOMMAND ... " +
+ "(try `okg --help`)")
+ }
+ switch args[0] {
+ case "list":
+ return runAuthzList(args[1:])
+ case "set":
+ return runAuthzSet(args[1:])
+ case "delete":
+ return runAuthzDelete(args[1:])
+ default:
+ return fmt.Errorf(
+ "unknown authz subcommand: %s", args[0])
+ }
+}
+
+func runAuthzList(args []string) error {
+ fs := flag.NewFlagSet("authz list", flag.ContinueOnError)
+ asJSON := fs.Bool("json", false, "output raw JSON")
+ if err := fs.Parse(args); err != nil {
+ return err
+ }
+
+ c, err := newWhoClient()
+ if err != nil {
+ return err
+ }
+ uris, err := c.ListAuthz()
+ if err != nil {
+ return err
+ }
+
+ if *asJSON {
+ buf, err := json.MarshalIndent(uris, "", " ")
+ if err != nil {
+ return err
+ }
+ fmt.Println(string(buf))
+ return nil
+ }
+
+ tw := tabwriter.NewWriter(os.Stdout, 0, 2, 2, ' ', 0)
+ fmt.Fprintln(tw, "URI\tOWNER\tREADER\tYOU")
+ for _, e := range uris {
+ owner, reader := "", ""
+ if e.Owner != nil {
+ owner = e.Owner.Username
+ }
+ if e.Reader != nil {
+ reader = e.Reader.Username
+ }
+ fmt.Fprintf(tw, "%s\t%s\t%s\t%s\n",
+ e.Uri, owner, reader, rights(e))
+ }
+ return tw.Flush()
+}
+
+// rights is the human-friendly summary of the caller's
+// effective rights on an authz entry.
+func rights(e who.AuthzEntry) string {
+ switch {
+ case e.IsOwner && e.IsReader:
+ return "owner+reader"
+ case e.IsOwner:
+ return "owner"
+ case e.IsReader:
+ return "reader"
+ default:
+ return "-"
+ }
+}
+
+func runAuthzSet(args []string) error {
+ fs := flag.NewFlagSet("authz set", flag.ContinueOnError)
+ if err := fs.Parse(args); err != nil {
+ return err
+ }
+ positional := fs.Args()
+ if len(positional) != 3 {
+ return fmt.Errorf(
+ "usage: okg authz set URI OWNER READER")
+ }
+ uri := positional[0]
+ owner := positional[1]
+ reader := positional[2]
+
+ c, err := newWhoClient()
+ if err != nil {
+ return err
+ }
+ if err := c.SetAuthz(who.AuthzSetRequest{
+ Uri: uri,
+ OwnerUsername: owner,
+ ReaderUsername: reader,
+ }); err != nil {
+ return err
+ }
+ fmt.Printf(
+ "Set authz on %s (owner=%s, reader=%s)\n",
+ uri, owner, reader)
+ return nil
+}
+
+func runAuthzDelete(args []string) error {
+ fs := flag.NewFlagSet(
+ "authz delete", flag.ContinueOnError)
+ if err := fs.Parse(args); err != nil {
+ return err
+ }
+ positional := fs.Args()
+ if len(positional) != 1 {
+ return fmt.Errorf(
+ "usage: okg authz delete URI")
+ }
+ uri := positional[0]
+
+ c, err := newWhoClient()
+ if err != nil {
+ return err
+ }
+ if err := c.DeleteAuthz(who.AuthzDeleteRequest{
+ Uri: uri,
+ }); err != nil {
+ return err
+ }
+ fmt.Printf("Deleted authz on %s\n", uri)
+ return nil
+}
diff --git a/main.go b/main.go
index a92f14e..409a45a 100644
--- a/main.go
+++ b/main.go
@@ -24,6 +24,8 @@ func main() {
err = runOne(args[1:])
case "group":
err = runGroup(args[1:])
+ case "authz":
+ err = runAuthz(args[1:])
case "help", "--help", "-h":
printUsage()
return
@@ -72,6 +74,14 @@ GROUPS

okg group delete NAME

+AUTHZ
+ okg authz list
+ --json output raw JSON
+
+ okg authz set URI OWNER READER
+
+ okg authz delete URI
+
PULL REQUESTS
okg pr list
--state STATE open or closed (default: open)
@@ -142,6 +152,10 @@ EXAMPLES
okg group members chat-bots
okg group delete chat-bots

+ Authz
+ okg authz set chat://chat-bots#post chat-bots chat-bots
+ okg authz list
+
Pull requests
okg pr list --state open
okg pr view 42
diff --git a/who/who.go b/who/who.go
index 3198a99..a37d71c 100644
--- a/who/who.go
+++ b/who/who.go
@@ -155,3 +155,60 @@ type DeleteGroupRequest struct {
func (c *HTTPClient) DeleteGroup(req DeleteGroupRequest) error {
return c.PostJSON("/groups/delete", req, nil)
}
+
+// ---- Authz ----
+
+// User is a thin //who-user identifier used inside AuthzEntry.
+// Mirrors the Owid/Username subset of //clients/who.User.
+type User struct {
+ Owid string `json:"owid"`
+ Username string `json:"username"`
+}
+
+// AuthzEntry is one row of GET /authz/list: the URI, its owner
+// and reader, and the caller's effective rights on it.
+type AuthzEntry struct {
+ Uri string `json:"uri"`
+ Owner *User `json:"owner"`
+ Reader *User `json:"reader"`
+ IsOwner bool `json:"is_owner"`
+ IsReader bool `json:"is_reader"`
+}
+
+type listAuthzResponse struct {
+ Uris []AuthzEntry `json:"uris"`
+}
+
+// ListAuthz returns all authz URIs visible to the caller.
+func (c *HTTPClient) ListAuthz() ([]AuthzEntry, error) {
+ var res listAuthzResponse
+ if err := c.GetJSON("/authz/list", &res); err != nil {
+ return nil, err
+ }
+ return res.Uris, nil
+}
+
+// AuthzSetRequest is the body for POST /authz/set. Both
+// usernames must be non-empty and known to //who; the public
+// endpoint does not honor the "anyone" sentinel.
+type AuthzSetRequest struct {
+ Uri string `json:"uri"`
+ OwnerUsername string `json:"owner_username"`
+ ReaderUsername string `json:"reader_username"`
+}
+
+// SetAuthz writes an authz entry. The caller must be an owner
+// of the URI (or a //who admin).
+func (c *HTTPClient) SetAuthz(req AuthzSetRequest) error {
+ return c.PostJSON("/authz/set", req, nil)
+}
+
+// AuthzDeleteRequest is the body for POST /authz/delete.
+type AuthzDeleteRequest struct {
+ Uri string `json:"uri"`
+}
+
+// DeleteAuthz removes an authz entry. The caller must own the URI.
+func (c *HTTPClient) DeleteAuthz(req AuthzDeleteRequest) error {
+ return c.PostJSON("/authz/delete", req, nil)
+}
diff --git a/who/who_test.go b/who/who_test.go
index 65ae002..090550c 100644
--- a/who/who_test.go
+++ b/who/who_test.go
@@ -212,6 +212,100 @@ func TestLeaveGroup(t *testing.T) {
}
}

+func TestListAuthz(t *testing.T) {
+ srv := httptest.NewServer(http.HandlerFunc(
+ func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path != "/authz/list" {
+ t.Errorf(
+ "path: got %q, want /authz/list", r.URL.Path)
+ }
+ json.NewEncoder(w).Encode(listAuthzResponse{
+ Uris: []AuthzEntry{
+ {
+ Uri: "chat://team#post",
+ Owner: &User{
+ Owid: "team-owid", Username: "team"},
+ Reader: &User{
+ Owid: "team-owid", Username: "team"},
+ IsOwner: true,
+ IsReader: true,
+ },
+ },
+ })
+ }))
+ defer srv.Close()
+
+ c := NewHTTPClient(srv.URL, "test-key")
+ uris, err := c.ListAuthz()
+ if err != nil {
+ t.Fatal(err)
+ }
+ if len(uris) != 1 {
+ t.Fatalf("len: got %d, want 1", len(uris))
+ }
+ if uris[0].Uri != "chat://team#post" {
+ t.Errorf(
+ "Uri: got %q, want chat://team#post", uris[0].Uri)
+ }
+ if uris[0].Owner.Username != "team" {
+ t.Errorf(
+ "Owner.Username: got %q", uris[0].Owner.Username)
+ }
+}
+
+func TestSetAuthz(t *testing.T) {
+ var seen AuthzSetRequest
+ srv := httptest.NewServer(http.HandlerFunc(
+ func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path != "/authz/set" {
+ t.Errorf("path: got %q", r.URL.Path)
+ }
+ json.NewDecoder(r.Body).Decode(&seen)
+ w.WriteHeader(204)
+ }))
+ defer srv.Close()
+
+ c := NewHTTPClient(srv.URL, "test-key")
+ err := c.SetAuthz(AuthzSetRequest{
+ Uri: "chat://team#post",
+ OwnerUsername: "team",
+ ReaderUsername: "team",
+ })
+ if err != nil {
+ t.Fatal(err)
+ }
+ if seen.Uri != "chat://team#post" {
+ t.Errorf("Uri: got %q", seen.Uri)
+ }
+ if seen.OwnerUsername != "team" {
+ t.Errorf("OwnerUsername: got %q", seen.OwnerUsername)
+ }
+}
+
+func TestDeleteAuthz(t *testing.T) {
+ var seen AuthzDeleteRequest
+ srv := httptest.NewServer(http.HandlerFunc(
+ func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path != "/authz/delete" {
+ t.Errorf("path: got %q", r.URL.Path)
+ }
+ json.NewDecoder(r.Body).Decode(&seen)
+ w.WriteHeader(204)
+ }))
+ defer srv.Close()
+
+ c := NewHTTPClient(srv.URL, "test-key")
+ err := c.DeleteAuthz(AuthzDeleteRequest{
+ Uri: "chat://team#post",
+ })
+ if err != nil {
+ t.Fatal(err)
+ }
+ if seen.Uri != "chat://team#post" {
+ t.Errorf("Uri: got %q", seen.Uri)
+ }
+}
+
func TestDeleteGroup(t *testing.T) {
var seen DeleteGroupRequest
srv := httptest.NewServer(http.HandlerFunc(

# okg — Oscar Kilo Goodness

A command-line tool that bundles Oscar Kilo's externally usable

services into one binary. Today: git ops against

[klee](https://code.oscarkilo.com), and LLM embeddings against

[klex](https://oscarkilo.com/klex). More LLM utilities (`one`,

`exemplary`) coming as the legacy `klex-git` binaries fold in.

Designed for both humans and AI agents (Claude, OpenClaw) to

use directly from the command line.

## Install

```bash

go install oscarkilo.com/okg@latest

```

Or build from source:

```bash

git clone https://code.oscarkilo.com/okg

cd okg && go build .

```

## Setup

By default okg talks to the production klee host

(`https://code.oscarkilo.com`); the only setup you need is your

API key. `okg auth login` saves it to

`~/.config/okg/config.json`.

```bash

# Non-interactive (for agents and scripts).

okg auth login --key sk-...

cat ~/.klex.key | okg auth login # equivalent, ps-safe

# Interactive (prompts for host then key).

okg auth login

```

Override the host for dev/local work with `--host` on `auth login`.

## Commands

```

okg repo list

okg pr list [--state open|closed]

okg pr create --head BRANCH [--base master] --title TITLE [--body BODY]

okg pr view NUMBER

okg pr diff NUMBER

okg pr comment NUMBER --body BODY [--approve | --request-changes]

okg pr merge NUMBER

okg pr close NUMBER

okg pr reopen NUMBER

okg auth login [--key KEY] [--host HOST]

okg group list [--json]

okg group create NAME [--full-name TEXT] [--owner USER]

okg group add-member GROUP USER [USER ...]

okg group remove-member GROUP USER [USER ...]

okg group members GROUP [--json]

okg group delete NAME

okg authz list [--json]

okg authz set URI OWNER READER

okg authz delete URI

okg embed [--model NAME] [--dims N] [--full-path]

(reads stdin → vectors on stdout)

okg one [--model NAME] [--system-file FILE] \

[--prompt-file FILE] [--attach FILE] \

[--format text|json|jsonindent] [--fast-fail]

(reads stdin as a JSON MessagesRequest)

```

### Coming next

- `okg exemplary` — few-shot batch runner (from

`klex-git/exemplary`).

Once that lands, the standalone `klex-git` binaries are

deprecated.

### Flags

- `--repo REPO` overrides auto-detected repo name

(normally parsed from `git remote get-url origin`)

- `--json` outputs raw JSON for any command

- `OKG_REPO` env var also overrides repo detection

## Repo Detection

Like `gh`, okg detects the repo from the current directory's

git remote:

```

git remote get-url origin

→ https://code.oscarkilo.com/widget.git

100

→ https://code.oscarkilo.com/widget.git

→ repo = "widget"

101

→ repo = "widget"

```

102

```

103

100

## Dependencies

104

## Dependencies

101

105

102

- `oscarkilo.com/klex-git` for the LLM API client (transitional;

106

- `oscarkilo.com/klex-git` for the LLM API client (transitional;

103

to be folded in once all `klex-git` binaries have moved here).

107

to be folded in once all `klex-git` binaries have moved here).

104

- Otherwise Go standard library only.

108

- Otherwise Go standard library only.

package main

import "encoding/json"

import "flag"

import "fmt"

import "os"

import "text/tabwriter"

import "oscarkilo.com/okg/who"

func runAuthz(args []string) error {

if len(args) == 0 {

return fmt.Errorf(

"usage: okg authz SUBCOMMAND ... " +

"(try `okg --help`)")

}

switch args[0] {

case "list":

return runAuthzList(args[1:])

case "set":

return runAuthzSet(args[1:])

case "delete":

return runAuthzDelete(args[1:])

default:

return fmt.Errorf(

"unknown authz subcommand: %s", args[0])

}

func runAuthzList(args []string) error {

fs := flag.NewFlagSet("authz list", flag.ContinueOnError)

asJSON := fs.Bool("json", false, "output raw JSON")

if err := fs.Parse(args); err != nil {

return err

}

c, err := newWhoClient()

if err != nil {

return err

}

uris, err := c.ListAuthz()

if err != nil {

return err

}

if *asJSON {

buf, err := json.MarshalIndent(uris, "", " ")

if err != nil {

return err

}

fmt.Println(string(buf))

return nil

}

tw := tabwriter.NewWriter(os.Stdout, 0, 2, 2, ' ', 0)

fmt.Fprintln(tw, "URI\tOWNER\tREADER\tYOU")

for _, e := range uris {

owner, reader := "", ""

if e.Owner != nil {

owner = e.Owner.Username

}

if e.Reader != nil {

reader = e.Reader.Username

}

fmt.Fprintf(tw, "%s\t%s\t%s\t%s\n",

e.Uri, owner, reader, rights(e))

}

return tw.Flush()

}

// rights is the human-friendly summary of the caller's

// effective rights on an authz entry.

func rights(e who.AuthzEntry) string {

switch {

case e.IsOwner && e.IsReader:

return "owner+reader"

case e.IsOwner:

return "owner"

case e.IsReader:

return "reader"

default:

return "-"

}

func runAuthzSet(args []string) error {

fs := flag.NewFlagSet("authz set", flag.ContinueOnError)

if err := fs.Parse(args); err != nil {

return err

}

positional := fs.Args()

if len(positional) != 3 {

return fmt.Errorf(

"usage: okg authz set URI OWNER READER")

}

uri := positional[0]

owner := positional[1]

reader := positional[2]

100

c, err := newWhoClient()

101

if err != nil {

102

return err

103

}

104

if err := c.SetAuthz(who.AuthzSetRequest{

105

Uri: uri,

106

OwnerUsername: owner,

107

ReaderUsername: reader,

108

}); err != nil {

109

return err

110

}

111

fmt.Printf(

112

"Set authz on %s (owner=%s, reader=%s)\n",

113

uri, owner, reader)

114

return nil

115

}

116

117

func runAuthzDelete(args []string) error {

118

fs := flag.NewFlagSet(

119

"authz delete", flag.ContinueOnError)

120

if err := fs.Parse(args); err != nil {

121

return err

122

}

123

positional := fs.Args()

124

if len(positional) != 1 {

125

return fmt.Errorf(

126

"usage: okg authz delete URI")

127

}

128

uri := positional[0]

129

130

c, err := newWhoClient()

131

if err != nil {

132

return err

133

}

134

if err := c.DeleteAuthz(who.AuthzDeleteRequest{

135

Uri: uri,

136

}); err != nil {

137

return err

138

}

139

fmt.Printf("Deleted authz on %s\n", uri)

140

return nil

141

}

package main

import "fmt"

import "os"

func main() {

args := os.Args[1:]

if len(args) == 0 {

printUsage()

os.Exit(1)

}

var err error

switch args[0] {

case "pr":

err = runPR(args[1:])

case "repo":

err = runRepo(args[1:])

case "auth":

err = runAuth(args[1:])

case "embed":

err = runEmbed(args[1:])

case "one":

err = runOne(args[1:])

case "group":

err = runGroup(args[1:])

case "authz":

err = runAuthz(args[1:])

case "help", "--help", "-h":

printUsage()

return

default:

fmt.Fprintf(os.Stderr, "unknown command: %s\n", args[0])

printUsage()

os.Exit(1)

}

if err != nil {

fmt.Fprintf(os.Stderr, "error: %v\n", err)

os.Exit(1)

}

func printUsage() {

fmt.Fprintf(os.Stderr, `NAME

okg — Oscar Kilo Goodness

SETUP

okg auth login

--key KEY API key (also accepted via stdin)

--host HOST klee host (default: production)

GIT REPOS

okg repo list

--json output raw JSON

okg repo create NAME

--reader USER grant read to USER (default: anyone)

GROUPS

okg group list

--json output raw JSON

okg group create NAME

--full-name TEXT display name (default: NAME)

--owner USER owner username (default: caller)

okg group add-member GROUP USER [USER ...]

okg group remove-member GROUP USER [USER ...]

okg group members GROUP

--json full DAG (Up/Down/Usernames) as raw JSON

okg group delete NAME

AUTHZ

okg authz list

--json output raw JSON

okg authz set URI OWNER READER

okg authz delete URI

PULL REQUESTS

okg pr list

--state STATE open or closed (default: open)

--json output raw JSON

okg pr create

--head BRANCH source branch

--base BRANCH target branch (default: master)

--title TITLE PR title

--body BODY PR body (optional)

--json output raw JSON

okg pr view NUMBER

--json output raw JSON

okg pr diff NUMBER

100

okg pr diff NUMBER

101

okg pr comment NUMBER

102

okg pr comment NUMBER

--body BODY comment body

103

--body BODY comment body

--approve also approve the PR

104

--approve also approve the PR

--request-changes also request changes

105

--request-changes also request changes

106

okg pr merge NUMBER

107

okg pr merge NUMBER

--json output raw JSON

108

--json output raw JSON

109

100

okg pr close NUMBER

110

okg pr close NUMBER

101

--json output raw JSON

111

--json output raw JSON

102

112

103

okg pr reopen NUMBER

113

okg pr reopen NUMBER

104

--json output raw JSON

114

--json output raw JSON

105

115

106

ARTIFICIAL INTELLIGENCE

116

ARTIFICIAL INTELLIGENCE

107

okg embed

117

okg embed

108

--model NAME embedding model

118

--model NAME embedding model

109

(default: openai:text-embedding-3-small)

119

(default: openai:text-embedding-3-small)

110

--dims N number of dimensions (default: 1536)

120

--dims N number of dimensions (default: 1536)

111

--full-path one vector per prefix of input

121

--full-path one vector per prefix of input

112

(reads stdin; writes vectors to stdout, one per line)

122

(reads stdin; writes vectors to stdout, one per line)

113

123

114

okg one

124

okg one

115

--model NAME override .Model in the request

125

--model NAME override .Model in the request

116

--system-file FILE override .System with contents of FILE

126

--system-file FILE override .System with contents of FILE

117

--prompt-file FILE append FILE as a user prompt

127

--prompt-file FILE append FILE as a user prompt

118

--attach FILE attach an image or PDF to the prompt

128

--attach FILE attach an image or PDF to the prompt

119

--format FORMAT text | json | jsonindent (default: text)

129

--format FORMAT text | json | jsonindent (default: text)

120

--fast-fail preflight attachment MIME (default: on)

130

--fast-fail preflight attachment MIME (default: on)

121

(reads stdin as a JSON MessagesRequest; flags override

131

(reads stdin as a JSON MessagesRequest; flags override

122

its fields)

132

its fields)

123

133

124

GLOBAL FLAGS

134

GLOBAL FLAGS

125

--repo REPO override auto-detected repo name

135

--repo REPO override auto-detected repo name

126

--json output raw JSON (where applicable)

136

--json output raw JSON (where applicable)

127

137

128

EXAMPLES

138

EXAMPLES

129

Setup

139

Setup

130

okg auth login --key sk-...

140

okg auth login --key sk-...

131

cat ~/.klex.key | okg auth login

141

cat ~/.klex.key | okg auth login

132

142

133

Git repos

143

Git repos

134

okg repo list

144

okg repo list

135

okg repo create my-new-repo

145

okg repo create my-new-repo

136

146

137

Groups

147

Groups

138

okg group list

148

okg group list

139

okg group create chat-bots

149

okg group create chat-bots

140

okg group add-member chat-bots claude openclaw

150

okg group add-member chat-bots claude openclaw

141

okg group remove-member chat-bots openclaw

151

okg group remove-member chat-bots openclaw

142

okg group members chat-bots

152

okg group members chat-bots

143

okg group delete chat-bots

153

okg group delete chat-bots

144

154

155

Authz

156

okg authz set chat://chat-bots#post chat-bots chat-bots

157

okg authz list

158

145

Pull requests

159

Pull requests

146

okg pr list --state open

160

okg pr list --state open

147

okg pr view 42

161

okg pr view 42

148

okg pr comment 42 --body 'LGTM' --approve

162

okg pr comment 42 --body 'LGTM' --approve

149

163

150

Artificial intelligence

164

Artificial intelligence

151

echo 'hello world' | okg embed --dims 384

165

echo 'hello world' | okg embed --dims 384

152

echo Hello? > /tmp/q.txt && \

166

echo Hello? > /tmp/q.txt && \

153

okg one --model openai:gpt-4o-mini --prompt-file /tmp/q.txt

167

okg one --model openai:gpt-4o-mini --prompt-file /tmp/q.txt

154

168

155

}

169

}

// Package who is the public HTTP client for OscarKilo's //who

// service. It is the world-public side of //who, used by

// `okg` and any other tool that talks to oscarkilo.com over

// the network.

// //clients/who (intra-cluster, has the in-process MockClient,

// the /internal/* calls, the dev/prod factory) will eventually

// import this package via `import . "oscarkilo.com/okg/who"`

// so the two share types and request paths. To make that dot

// import work, the struct here is named HTTPClient — leaving

// the unqualified `Client` name free for //clients/who's

// existing interface.

package who

import "oscarkilo.com/okg/internal/rest"

// HTTPClient talks to a //who server over HTTPS. Embeds the

// shared rest helpers; who-specific methods live below.

type HTTPClient struct {

*rest.Client

}

func NewHTTPClient(host, apiKey string) *HTTPClient {

return &HTTPClient{Client: rest.NewClient(host, apiKey)}

}

// ---- Caller identity ----

// Profile is the caller's //who profile. Mirrors the

// JSON-serialized subset of //who.Profile that GET

// /login/profile/get returns. Extra fields the server may

// return (ApiKeys, Logins, AppData, timestamps) are decoded

// permissively if added later; we just don't expose them here

// until okg has a use for them.

type Profile struct {

Owid string `json:"owid"`

Username string `json:"username"`

Name string `json:"name"`

Email string `json:"email"`

PortraitUrl string `json:"portrait_url"`

OwnerOwid string `json:"owner_owid"`

Groups []string `json:"groups"`

}

// GetProfile returns the caller's own profile, identified by

// the Bearer key.

func (c *HTTPClient) GetProfile() (*Profile, error) {

var p Profile

if err := c.GetJSON("/login/profile/get", &p); err != nil {

return nil, err

}

return &p, nil

}

// ---- Groups ----

// Group describes a //who group (a named entity with members).

// Mirrors the listedGroup shape in //who/server/groups_list.go.

type Group struct {

Owid string `json:"owid"`

Username string `json:"username"`

Name string `json:"name"`

OwnerOwid string `json:"owner_owid"`

OwnerUsername string `json:"owner_username"`

}

type listGroupsResponse struct {

Groups []Group `json:"groups"`

}

// ListGroups returns the groups visible to the caller.

func (c *HTTPClient) ListGroups() ([]Group, error) {

var res listGroupsResponse

if err := c.GetJSON("/groups/list", &res); err != nil {

return nil, err

}

return res.Groups, nil

}

// CreateGroupRequest is the body for POST /groups/add. Username

// is the group's //who username (e.g. "team"); Name is the

// human-facing display name; OwnerUsername is the user who'll

// own the new group.

type CreateGroupRequest struct {

Username string `json:"username"`

Name string `json:"name"`

OwnerUsername string `json:"owner_username"`

}

// CreateGroup creates a new //who group.

func (c *HTTPClient) CreateGroup(req CreateGroupRequest) error {

return c.PostJSON("/groups/add", req, nil)

}

// JoinGroupsRequest is the body for POST /groups/join. The

// server adds every (GroupUsernames[i], MemberUsernames[j])

// pair, requiring the caller to be an owner of each group.

type JoinGroupsRequest struct {

GroupUsernames []string `json:"group_usernames"`

100

MemberUsernames []string `json:"member_usernames"`

100

MemberUsernames []string `json:"member_usernames"`

101

}

101

}

102

103

// JoinGroups adds members to groups (all pairwise combinations).

103

// JoinGroups adds members to groups (all pairwise combinations).

104

func (c *HTTPClient) JoinGroups(req JoinGroupsRequest) error {

104

func (c *HTTPClient) JoinGroups(req JoinGroupsRequest) error {

105

return c.PostJSON("/groups/join", req, nil)

105

return c.PostJSON("/groups/join", req, nil)

106

}

106

}

107

108

// GroupMembersResponse is the response from POST

108

// GroupMembersResponse is the response from POST

109

// /groups/members. Up lists the groups that contain the queried

109

// /groups/members. Up lists the groups that contain the queried

110

// entity (each level as a slice of owids). Down lists its

110

// entity (each level as a slice of owids). Down lists its

111

// members the same way. Usernames maps every owid mentioned to

111

// members the same way. Usernames maps every owid mentioned to

112

// its //who username.

112

// its //who username.

113

type GroupMembersResponse struct {

113

type GroupMembersResponse struct {

114

Up [][]string `json:"up"`

114

Up [][]string `json:"up"`

115

Down [][]string `json:"down"`

115

Down [][]string `json:"down"`

116

Usernames map[string]string `json:"usernames"`

116

Usernames map[string]string `json:"usernames"`

117

}

117

}

118

119

// GroupMembers returns membership DAG navigation for the given

119

// GroupMembers returns membership DAG navigation for the given

120

// entity owid. For a group, Down enumerates its members.

120

// entity owid. For a group, Down enumerates its members.

121

func (c *HTTPClient) GroupMembers(

121

func (c *HTTPClient) GroupMembers(

122

ownerOwid string,

122

ownerOwid string,

123

) (*GroupMembersResponse, error) {

123

) (*GroupMembersResponse, error) {

124

var res GroupMembersResponse

124

var res GroupMembersResponse

125

err := c.PostJSON("/groups/members",

125

err := c.PostJSON("/groups/members",

126

map[string]string{"owid": ownerOwid}, &res)

126

map[string]string{"owid": ownerOwid}, &res)

127

if err != nil {

127

if err != nil {

128

return nil, err

128

return nil, err

129

}

129

}

130

return &res, nil

130

return &res, nil

131

}

131

}

132

133

// LeaveGroupRequest is the body for POST /groups/leave. Both

133

// LeaveGroupRequest is the body for POST /groups/leave. Both

134

// IDs are owids (obfuscated wids); to translate from usernames,

134

// IDs are owids (obfuscated wids); to translate from usernames,

135

// call ListGroups + GroupMembers first.

135

// call ListGroups + GroupMembers first.

136

type LeaveGroupRequest struct {

136

type LeaveGroupRequest struct {

137

GroupOwid string `json:"group_owid"`

137

GroupOwid string `json:"group_owid"`

138

MemberOwid string `json:"member_owid"`

138

MemberOwid string `json:"member_owid"`

139

}

139

}

140

141

// LeaveGroup removes a member from a group. The caller must own

141

// LeaveGroup removes a member from a group. The caller must own

142

// the group.

142

// the group.

143

func (c *HTTPClient) LeaveGroup(req LeaveGroupRequest) error {

143

func (c *HTTPClient) LeaveGroup(req LeaveGroupRequest) error {

144

return c.PostJSON("/groups/leave", req, nil)

144

return c.PostJSON("/groups/leave", req, nil)

145

}

145

}

146

147

// DeleteGroupRequest is the body for POST /groups/delete. Owid

147

// DeleteGroupRequest is the body for POST /groups/delete. Owid

148

// is the group's obfuscated wid.

148

// is the group's obfuscated wid.

149

type DeleteGroupRequest struct {

149

type DeleteGroupRequest struct {

150

Owid string `json:"owid"`

150

Owid string `json:"owid"`

151

}

151

}

152

153

// DeleteGroup destroys a group. The caller must own it (or be a

153

// DeleteGroup destroys a group. The caller must own it (or be a

154

// //who admin).

154

// //who admin).

155

func (c *HTTPClient) DeleteGroup(req DeleteGroupRequest) error {

155

func (c *HTTPClient) DeleteGroup(req DeleteGroupRequest) error {

156

return c.PostJSON("/groups/delete", req, nil)

156

return c.PostJSON("/groups/delete", req, nil)

157

}

157

}

158

159

// ---- Authz ----

160

161

// User is a thin //who-user identifier used inside AuthzEntry.

162

// Mirrors the Owid/Username subset of //clients/who.User.

163

type User struct {

164

Owid string `json:"owid"`

165

Username string `json:"username"`

166

}

167

168

// AuthzEntry is one row of GET /authz/list: the URI, its owner

169

// and reader, and the caller's effective rights on it.

170

type AuthzEntry struct {

171

Uri string `json:"uri"`

172

Owner *User `json:"owner"`

173

Reader *User `json:"reader"`

174

IsOwner bool `json:"is_owner"`

175

IsReader bool `json:"is_reader"`

176

}

177

178

type listAuthzResponse struct {

179

Uris []AuthzEntry `json:"uris"`

180

}

181

182

// ListAuthz returns all authz URIs visible to the caller.

183

func (c *HTTPClient) ListAuthz() ([]AuthzEntry, error) {

184

var res listAuthzResponse

185

if err := c.GetJSON("/authz/list", &res); err != nil {

186

return nil, err

187

}

188

return res.Uris, nil

189

}

190

191

// AuthzSetRequest is the body for POST /authz/set. Both

192

// usernames must be non-empty and known to //who; the public

193

// endpoint does not honor the "anyone" sentinel.

194

type AuthzSetRequest struct {

195

Uri string `json:"uri"`

196

OwnerUsername string `json:"owner_username"`

197

ReaderUsername string `json:"reader_username"`

198

}

199

200

// SetAuthz writes an authz entry. The caller must be an owner

201

// of the URI (or a //who admin).

202

func (c *HTTPClient) SetAuthz(req AuthzSetRequest) error {

203

return c.PostJSON("/authz/set", req, nil)

204

}

205

206

// AuthzDeleteRequest is the body for POST /authz/delete.

207

type AuthzDeleteRequest struct {

208

Uri string `json:"uri"`

209

}

210

211

// DeleteAuthz removes an authz entry. The caller must own the URI.

212

func (c *HTTPClient) DeleteAuthz(req AuthzDeleteRequest) error {

213

return c.PostJSON("/authz/delete", req, nil)

214

}

package who

import "encoding/json"

import "net/http"

import "net/http/httptest"

import "testing"

func TestListGroups(t *testing.T) {

srv := httptest.NewServer(http.HandlerFunc(

func(w http.ResponseWriter, r *http.Request) {

if r.URL.Path != "/groups/list" {

t.Errorf("path: got %q, want /groups/list",

r.URL.Path)

}

if r.Header.Get("Authorization") !=

"Bearer test-key" {

t.Errorf("Authorization: got %q",

r.Header.Get("Authorization"))

}

w.Header().Set(

"Content-Type", "application/json")

json.NewEncoder(w).Encode(listGroupsResponse{

Groups: []Group{

{

Username: "team",

Name: "Team",

OwnerUsername: "alice",

{

Username: "admins",

Name: "Admins",

OwnerUsername: "alice",

})

}))

defer srv.Close()

c := NewHTTPClient(srv.URL, "test-key")

groups, err := c.ListGroups()

if err != nil {

t.Fatal(err)

}

if len(groups) != 2 {

t.Fatalf("len: got %d, want 2", len(groups))

}

if groups[0].Username != "team" {

t.Errorf(

"groups[0].Username: got %q, want team",

groups[0].Username)

}

if groups[1].OwnerUsername != "alice" {

t.Errorf(

"groups[1].OwnerUsername: got %q, want alice",

groups[1].OwnerUsername)

}

func TestListGroupsHTTPError(t *testing.T) {

srv := httptest.NewServer(http.HandlerFunc(

func(w http.ResponseWriter, r *http.Request) {

w.WriteHeader(401)

w.Write([]byte("not authenticated"))

}))

defer srv.Close()

c := NewHTTPClient(srv.URL, "bad-key")

_, err := c.ListGroups()

if err == nil {

t.Fatal("want error on 401, got nil")

}

func TestGetProfile(t *testing.T) {

srv := httptest.NewServer(http.HandlerFunc(

func(w http.ResponseWriter, r *http.Request) {

if r.URL.Path != "/login/profile/get" {

t.Errorf(

"path: got %q, want /login/profile/get",

r.URL.Path)

}

w.Header().Set(

"Content-Type", "application/json")

json.NewEncoder(w).Encode(Profile{

Username: "alice",

Name: "Alice Liddell",

Email: "[email protected]",

Groups: []string{"team", "admins"},

})

}))

defer srv.Close()

c := NewHTTPClient(srv.URL, "test-key")

p, err := c.GetProfile()

if err != nil {

t.Fatal(err)

}

if p.Username != "alice" {

t.Errorf(

100

"Username: got %q, want alice", p.Username)

100

"Username: got %q, want alice", p.Username)

101

}

101

}

102

if len(p.Groups) != 2 {

102

if len(p.Groups) != 2 {

103

t.Errorf(

103

t.Errorf(

104

"Groups: got %d, want 2", len(p.Groups))

104

"Groups: got %d, want 2", len(p.Groups))

105

}

105

}

106

}

106

}

107

108

func TestCreateGroup(t *testing.T) {

108

func TestCreateGroup(t *testing.T) {

109

var seen CreateGroupRequest

109

var seen CreateGroupRequest

110

srv := httptest.NewServer(http.HandlerFunc(

110

srv := httptest.NewServer(http.HandlerFunc(

111

func(w http.ResponseWriter, r *http.Request) {

111

func(w http.ResponseWriter, r *http.Request) {

112

if r.URL.Path != "/groups/add" {

112

if r.URL.Path != "/groups/add" {

113

t.Errorf(

113

t.Errorf(

114

"path: got %q, want /groups/add",

114

"path: got %q, want /groups/add",

115

r.URL.Path)

115

r.URL.Path)

116

}

116

}

117

if r.Method != "POST" {

117

if r.Method != "POST" {

118

t.Errorf("method: got %q, want POST", r.Method)

118

t.Errorf("method: got %q, want POST", r.Method)

119

}

119

}

120

json.NewDecoder(r.Body).Decode(&seen)

120

json.NewDecoder(r.Body).Decode(&seen)

121

w.WriteHeader(200)

121

w.WriteHeader(200)

122

}))

122

}))

123

defer srv.Close()

123

defer srv.Close()

124

125

c := NewHTTPClient(srv.URL, "test-key")

125

c := NewHTTPClient(srv.URL, "test-key")

126

err := c.CreateGroup(CreateGroupRequest{

126

err := c.CreateGroup(CreateGroupRequest{

127

Username: "team",

127

Username: "team",

128

Name: "Team",

128

Name: "Team",

129

OwnerUsername: "alice",

129

OwnerUsername: "alice",

130

})

130

})

131

if err != nil {

131

if err != nil {

132

t.Fatal(err)

132

t.Fatal(err)

133

}

133

}

134

if seen.Username != "team" {

134

if seen.Username != "team" {

135

t.Errorf(

135

t.Errorf(

136

"Username: got %q, want team", seen.Username)

136

"Username: got %q, want team", seen.Username)

137

}

137

}

138

if seen.OwnerUsername != "alice" {

138

if seen.OwnerUsername != "alice" {

139

t.Errorf(

139

t.Errorf(

140

"OwnerUsername: got %q, want alice",

140

"OwnerUsername: got %q, want alice",

141

seen.OwnerUsername)

141

seen.OwnerUsername)

142

}

142

}

143

}

143

}

144

145

func TestGroupMembers(t *testing.T) {

145

func TestGroupMembers(t *testing.T) {

146

srv := httptest.NewServer(http.HandlerFunc(

146

srv := httptest.NewServer(http.HandlerFunc(

147

func(w http.ResponseWriter, r *http.Request) {

147

func(w http.ResponseWriter, r *http.Request) {

148

if r.URL.Path != "/groups/members" {

148

if r.URL.Path != "/groups/members" {

149

t.Errorf(

149

t.Errorf(

150

"path: got %q, want /groups/members",

150

"path: got %q, want /groups/members",

151

r.URL.Path)

151

r.URL.Path)

152

}

152

}

153

var body map[string]string

153

var body map[string]string

154

json.NewDecoder(r.Body).Decode(&body)

154

json.NewDecoder(r.Body).Decode(&body)

155

if body["owid"] != "team-owid" {

155

if body["owid"] != "team-owid" {

156

t.Errorf(

156

t.Errorf(

157

"owid: got %q, want team-owid", body["owid"])

157

"owid: got %q, want team-owid", body["owid"])

158

}

158

}

159

json.NewEncoder(w).Encode(GroupMembersResponse{

159

json.NewEncoder(w).Encode(GroupMembersResponse{

160

Down: [][]string{

160

Down: [][]string{

161

{"alice-owid", "bob-owid"},

161

{"alice-owid", "bob-owid"},

162

163

Usernames: map[string]string{

163

Usernames: map[string]string{

164

"alice-owid": "alice",

164

"alice-owid": "alice",

165

"bob-owid": "bob",

165

"bob-owid": "bob",

166

167

})

167

})

168

}))

168

}))

169

defer srv.Close()

169

defer srv.Close()

170

171

c := NewHTTPClient(srv.URL, "test-key")

171

c := NewHTTPClient(srv.URL, "test-key")

172

res, err := c.GroupMembers("team-owid")

172

res, err := c.GroupMembers("team-owid")

173

if err != nil {

173

if err != nil {

174

t.Fatal(err)

174

t.Fatal(err)

175

}

175

}

176

if res.Usernames["alice-owid"] != "alice" {

176

if res.Usernames["alice-owid"] != "alice" {

177

t.Errorf(

177

t.Errorf(

178

"Usernames[alice-owid]: got %q",

178

"Usernames[alice-owid]: got %q",

179

res.Usernames["alice-owid"])

179

res.Usernames["alice-owid"])

180

}

180

}

181

}

181

}

182

183

func TestLeaveGroup(t *testing.T) {

183

func TestLeaveGroup(t *testing.T) {

184

var seen LeaveGroupRequest

184

var seen LeaveGroupRequest

185

srv := httptest.NewServer(http.HandlerFunc(

185

srv := httptest.NewServer(http.HandlerFunc(

186

func(w http.ResponseWriter, r *http.Request) {

186

func(w http.ResponseWriter, r *http.Request) {

187

if r.URL.Path != "/groups/leave" {

187

if r.URL.Path != "/groups/leave" {

188

t.Errorf(

188

t.Errorf(

189

"path: got %q, want /groups/leave",

189

"path: got %q, want /groups/leave",

190

r.URL.Path)

190

r.URL.Path)

191

}

191

}

192

json.NewDecoder(r.Body).Decode(&seen)

192

json.NewDecoder(r.Body).Decode(&seen)

193

w.WriteHeader(204)

193

w.WriteHeader(204)

194

}))

194

}))

195

defer srv.Close()

195

defer srv.Close()

196

197

c := NewHTTPClient(srv.URL, "test-key")

197

c := NewHTTPClient(srv.URL, "test-key")

198

err := c.LeaveGroup(LeaveGroupRequest{

198

err := c.LeaveGroup(LeaveGroupRequest{

199

GroupOwid: "team-owid",

199

GroupOwid: "team-owid",

200

MemberOwid: "alice-owid",

200

MemberOwid: "alice-owid",

201

})

201

})

202

if err != nil {

202

if err != nil {

203

t.Fatal(err)

203

t.Fatal(err)

204

}

204

}

205

if seen.GroupOwid != "team-owid" {

205

if seen.GroupOwid != "team-owid" {

206

t.Errorf(

206

t.Errorf(

207

"GroupOwid: got %q", seen.GroupOwid)

207

"GroupOwid: got %q", seen.GroupOwid)

208

}

208

}

209

if seen.MemberOwid != "alice-owid" {

209

if seen.MemberOwid != "alice-owid" {

210

t.Errorf(

210

t.Errorf(

211

"MemberOwid: got %q", seen.MemberOwid)

211

"MemberOwid: got %q", seen.MemberOwid)

212

}

212

}

213

}

213

}

214

215

func TestListAuthz(t *testing.T) {

216

srv := httptest.NewServer(http.HandlerFunc(

217

func(w http.ResponseWriter, r *http.Request) {

218

if r.URL.Path != "/authz/list" {

219

t.Errorf(

220

"path: got %q, want /authz/list", r.URL.Path)

221

}

222

json.NewEncoder(w).Encode(listAuthzResponse{

223

Uris: []AuthzEntry{

224

{

225

Uri: "chat://team#post",

226

Owner: &User{

227

Owid: "team-owid", Username: "team"},

228

Reader: &User{

229

Owid: "team-owid", Username: "team"},

230

IsOwner: true,

231

IsReader: true,

232

233

234

})

235

}))

236

defer srv.Close()

237

238

c := NewHTTPClient(srv.URL, "test-key")

239

uris, err := c.ListAuthz()

240

if err != nil {

241

t.Fatal(err)

242

}

243

if len(uris) != 1 {

244

t.Fatalf("len: got %d, want 1", len(uris))

245

}

246

if uris[0].Uri != "chat://team#post" {

247

t.Errorf(

248

"Uri: got %q, want chat://team#post", uris[0].Uri)

249

}

250

if uris[0].Owner.Username != "team" {

251

t.Errorf(

252

"Owner.Username: got %q", uris[0].Owner.Username)

253

}

254

}

255

256

func TestSetAuthz(t *testing.T) {

257

var seen AuthzSetRequest

258

srv := httptest.NewServer(http.HandlerFunc(

259

func(w http.ResponseWriter, r *http.Request) {

260

if r.URL.Path != "/authz/set" {

261

t.Errorf("path: got %q", r.URL.Path)

262

}

263

json.NewDecoder(r.Body).Decode(&seen)

264

w.WriteHeader(204)

265

}))

266

defer srv.Close()

267

268

c := NewHTTPClient(srv.URL, "test-key")

269

err := c.SetAuthz(AuthzSetRequest{

270

Uri: "chat://team#post",

271

OwnerUsername: "team",

272

ReaderUsername: "team",

273

})

274

if err != nil {

275

t.Fatal(err)

276

}

277

if seen.Uri != "chat://team#post" {

278

t.Errorf("Uri: got %q", seen.Uri)

279

}

280

if seen.OwnerUsername != "team" {

281

t.Errorf("OwnerUsername: got %q", seen.OwnerUsername)

282

}

283

}

284

285

func TestDeleteAuthz(t *testing.T) {

286

var seen AuthzDeleteRequest

287

srv := httptest.NewServer(http.HandlerFunc(

288

func(w http.ResponseWriter, r *http.Request) {

289

if r.URL.Path != "/authz/delete" {

290

t.Errorf("path: got %q", r.URL.Path)

291

}

292

json.NewDecoder(r.Body).Decode(&seen)

293

w.WriteHeader(204)

294

}))

295

defer srv.Close()

296

297

c := NewHTTPClient(srv.URL, "test-key")

298

err := c.DeleteAuthz(AuthzDeleteRequest{

299

Uri: "chat://team#post",

300

})

301

if err != nil {

302

t.Fatal(err)

303

}

304

if seen.Uri != "chat://team#post" {

305

t.Errorf("Uri: got %q", seen.Uri)

306

}

307

}

308

215

func TestDeleteGroup(t *testing.T) {

309

func TestDeleteGroup(t *testing.T) {

216

var seen DeleteGroupRequest

310

var seen DeleteGroupRequest

217

srv := httptest.NewServer(http.HandlerFunc(

311

srv := httptest.NewServer(http.HandlerFunc(

218

func(w http.ResponseWriter, r *http.Request) {

312

func(w http.ResponseWriter, r *http.Request) {

219

if r.URL.Path != "/groups/delete" {

313

if r.URL.Path != "/groups/delete" {

220

t.Errorf(

314

t.Errorf(

221

"path: got %q, want /groups/delete",

315

"path: got %q, want /groups/delete",

222

r.URL.Path)

316

r.URL.Path)

223

}

317

}

224

json.NewDecoder(r.Body).Decode(&seen)

318

json.NewDecoder(r.Body).Decode(&seen)

225

w.WriteHeader(200)

319

w.WriteHeader(200)

226

}))

320

}))

227

defer srv.Close()

321

defer srv.Close()

228

322

229

c := NewHTTPClient(srv.URL, "test-key")

323

c := NewHTTPClient(srv.URL, "test-key")

230

err := c.DeleteGroup(DeleteGroupRequest{

324

err := c.DeleteGroup(DeleteGroupRequest{

231

Owid: "team-owid",

325

Owid: "team-owid",

232

})

326

})

233

if err != nil {

327

if err != nil {

234

t.Fatal(err)

328

t.Fatal(err)

235

}

329

}

236

if seen.Owid != "team-owid" {

330

if seen.Owid != "team-owid" {

237

t.Errorf("Owid: got %q, want team-owid", seen.Owid)

331

t.Errorf("Owid: got %q, want team-owid", seen.Owid)

238

}

332

}

239

}

333

}

240

334

241

func TestJoinGroups(t *testing.T) {

335

func TestJoinGroups(t *testing.T) {

242

var seen JoinGroupsRequest

336

var seen JoinGroupsRequest

243

srv := httptest.NewServer(http.HandlerFunc(

337

srv := httptest.NewServer(http.HandlerFunc(

244

func(w http.ResponseWriter, r *http.Request) {

338

func(w http.ResponseWriter, r *http.Request) {

245

if r.URL.Path != "/groups/join" {

339

if r.URL.Path != "/groups/join" {

246

t.Errorf(

340

t.Errorf(

247

"path: got %q, want /groups/join",

341

"path: got %q, want /groups/join",

248

r.URL.Path)

342

r.URL.Path)

249

}

343

}

250

if r.Method != "POST" {

344

if r.Method != "POST" {

251

t.Errorf("method: got %q, want POST", r.Method)

345

t.Errorf("method: got %q, want POST", r.Method)

252

}

346

}

253

json.NewDecoder(r.Body).Decode(&seen)

347

json.NewDecoder(r.Body).Decode(&seen)

254

w.WriteHeader(200)

348

w.WriteHeader(200)

255

}))

349

}))

256

defer srv.Close()

350

defer srv.Close()

257

351

258

c := NewHTTPClient(srv.URL, "test-key")

352

c := NewHTTPClient(srv.URL, "test-key")

259

err := c.JoinGroups(JoinGroupsRequest{

353

err := c.JoinGroups(JoinGroupsRequest{

260

GroupUsernames: []string{"team"},

354

GroupUsernames: []string{"team"},

261

MemberUsernames: []string{"alice", "bob"},

355

MemberUsernames: []string{"alice", "bob"},

262

})

356

})

263

if err != nil {

357

if err != nil {

264

t.Fatal(err)

358

t.Fatal(err)

265

}

359

}

266

if len(seen.GroupUsernames) != 1 ||

360

if len(seen.GroupUsernames) != 1 ||

267

seen.GroupUsernames[0] != "team" {

361

seen.GroupUsernames[0] != "team" {

268

t.Errorf(

362

t.Errorf(

269

"GroupUsernames: got %v, want [team]",

363

"GroupUsernames: got %v, want [team]",

270

seen.GroupUsernames)

364

seen.GroupUsernames)

271

}

365

}

272

if len(seen.MemberUsernames) != 2 {

366

if len(seen.MemberUsernames) != 2 {

273

t.Errorf(

367

t.Errorf(

274

"MemberUsernames: got %v, want 2 members",

368

"MemberUsernames: got %v, want 2 members",

275

seen.MemberUsernames)

369

seen.MemberUsernames)

276

}

370

}

277

}

371

}