From a1e5f5862307a4740569962a955f9cf2b1368f19 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 27 Feb 2023 15:30:49 +0100
Subject: [PATCH 01/27] Add configuration for jwt key

---
 internal/config/config.go | 53 ++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 9 deletions(-)

diff --git a/internal/config/config.go b/internal/config/config.go
index 5eda76a4..90b99375 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -38,14 +39,16 @@ type Config struct {
 }
 
 type APIConf struct {
-	CACert     string
-	ServerCert string
-	ServerKey  string
-	Host       string
-	Port       int
-	Session    SessionConfig
-	DB         *database.SQLdb
-	MQ         *broker.AMQPBroker
+	CACert        string
+	ServerCert    string
+	ServerKey     string
+	Host          string
+	Port          int
+	Session       SessionConfig
+	DB            *database.SQLdb
+	MQ            *broker.AMQPBroker
+	JwtPubKeyPath string
+	JtwKeys       map[string][]byte
 }
 
 type SessionConfig struct {
@@ -452,7 +455,7 @@ func (c *Config) configDatabase() error {
 	return nil
 }
 
-// configDatabase provides configuration for the database
+// configAPI provides configuration for the API service
 func (c *Config) configAPI() error {
 	c.apiDefaults()
 	api := APIConf{}
@@ -469,6 +472,11 @@ func (c *Config) configAPI() error {
 	api.ServerCert = viper.GetString("api.serverCert")
 	api.CACert = viper.GetString("api.CACert")
 
+	// Token authentication
+	if viper.IsSet("api.jwtpubkeypath") {
+		api.JwtPubKeyPath = viper.GetString("api.jwtpubkeypath")
+	}
+
 	c.API = api
 
 	return nil
@@ -590,3 +598,30 @@ func CopyHeader() bool {
 
 	return false
 }
+
+// Function for reading the ega key in []byte
+func GetJwtKey(jwtpubkeypath string, jwtKeys map[string][]byte) error {
+
+	err := filepath.Walk(jwtpubkeypath,
+		func(path string, info os.FileInfo, err error) error {
+			if err != nil {
+				log.Print(err)
+				return err
+			}
+			if info.Mode().IsRegular() {
+				log.Debug("Reading file: ", filepath.Join(filepath.Clean(jwtpubkeypath), info.Name()))
+				keyData, err := os.ReadFile(filepath.Join(filepath.Clean(jwtpubkeypath), info.Name()))
+				if err != nil {
+					return fmt.Errorf("token file error: %v", err)
+				}
+				jwtKeys[strings.TrimSuffix(info.Name(), filepath.Ext(info.Name()))] = keyData
+			}
+
+			return nil
+		})
+	if err != nil {
+		return fmt.Errorf("failed to get public key files (%v)", err)
+	}
+
+	return nil
+}

From 8461351490beedb49388e05e6e5c2d56d546fd74 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 27 Feb 2023 15:31:34 +0100
Subject: [PATCH 02/27] Add database call for getting files per user

---
 internal/database/db.go | 62 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/internal/database/db.go b/internal/database/db.go
index 4bb45c55..6fe402f2 100644
--- a/internal/database/db.go
+++ b/internal/database/db.go
@@ -56,6 +56,12 @@ type FileInfo struct {
 	DecryptedSize     int64
 }
 
+type SubmissionFileInfo struct {
+	InboxPath string `json:"inboxPath"`
+	Status    string `json:"fileStatus"`
+	CreateAt  string `json:"createAt"`
+}
+
 // dbRetryTimes is the number of times to retry the same function if it fails
 var dbRetryTimes = 5
 
@@ -483,6 +489,62 @@ func (dbs *SQLdb) getArchived(user, filepath, checksum string) (string, int, err
 	return filePath, fileSize, nil
 }
 
+// GetUserFiles retrieves all the files a user submitted
+func (dbs *SQLdb) GetUserFiles(userID string) ([]*SubmissionFileInfo, error) {
+	var (
+		err   error = nil
+		count int   = 0
+	)
+
+	files := []*SubmissionFileInfo{}
+
+	for count == 0 || (err != nil && count < dbRetryTimes) {
+		files, err = dbs.getUserFiles(userID)
+		count++
+	}
+
+	return files, err
+}
+
+// getUserFiles is the actual function performing work for GetUserFiles
+func (dbs *SQLdb) getUserFiles(userID string) ([]*SubmissionFileInfo, error) {
+	dbs.checkAndReconnectIfNeeded()
+
+	files := []*SubmissionFileInfo{}
+	db := dbs.DB
+
+	const query = "SELECT inbox_path, status, created_at " +
+		"FROM local_ega.files " +
+		"WHERE elixir_id = $1;"
+
+	// nolint:rowserrcheck
+	rows, err := db.Query(query, userID)
+	if err != nil {
+		log.Error(err)
+
+		return nil, err
+	}
+	defer rows.Close()
+
+	// Iterate rows
+	for rows.Next() {
+
+		// Read rows into struct
+		fi := &SubmissionFileInfo{}
+		err := rows.Scan(&fi.InboxPath, &fi.Status, &fi.CreateAt)
+		if err != nil {
+			log.Error(err)
+
+			return nil, err
+		}
+
+		// Add instance of struct (file) to array
+		files = append(files, fi)
+	}
+
+	return files, nil
+}
+
 // Close terminates the connection to the database
 func (dbs *SQLdb) Close() {
 	db := dbs.DB

From c8f3266adf8297f236ebaf5ff7c465f29c80e76e Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 27 Feb 2023 15:34:18 +0100
Subject: [PATCH 03/27] Change API framework to gin

---
 cmd/api/api.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/cmd/api/api.go b/cmd/api/api.go
index da47abcd..17ddbb3a 100644
--- a/cmd/api/api.go
+++ b/cmd/api/api.go
@@ -14,7 +14,8 @@ import (
 	"sda-pipeline/internal/config"
 	"sda-pipeline/internal/database"
 
-	"github.com/gorilla/mux"
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -62,9 +63,11 @@ func main() {
 }
 
 func setup(config *config.Config) *http.Server {
-	r := mux.NewRouter().SkipClean(true)
 
-	r.HandleFunc("/ready", readinessResponse).Methods("GET")
+	r := gin.Default()
+
+	r.GET("/ready", readinessResponse)
+	r.GET("/files", getFiles)
 
 	cfg := &tls.Config{
 		MinVersion:               tls.VersionTLS12,
@@ -94,7 +97,7 @@ func shutdown() {
 	defer Conf.API.DB.Close()
 }
 
-func readinessResponse(w http.ResponseWriter, r *http.Request) {
+func readinessResponse(c *gin.Context) {
 	statusCocde := http.StatusOK
 
 	if Conf.API.MQ.Connection.IsClosed() {
@@ -124,7 +127,7 @@ func readinessResponse(w http.ResponseWriter, r *http.Request) {
 		statusCocde = http.StatusServiceUnavailable
 	}
 
-	w.WriteHeader(statusCocde)
+	c.JSON(statusCocde, "")
 }
 
 func checkDB(database *database.SQLdb, timeout time.Duration) error {

From 723a63f8529772e17edbe273f7e3273bfa1b3d46 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 27 Feb 2023 15:34:36 +0100
Subject: [PATCH 04/27] Add get files API call

---
 cmd/api/api.go | 132 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 132 insertions(+)

diff --git a/cmd/api/api.go b/cmd/api/api.go
index 17ddbb3a..11a3dc21 100644
--- a/cmd/api/api.go
+++ b/cmd/api/api.go
@@ -5,8 +5,10 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net/http"
+	"net/url"
 	"os"
 	"os/signal"
+	"strings"
 	"syscall"
 	"time"
 
@@ -37,6 +39,13 @@ func main() {
 		log.Fatal(err)
 	}
 
+	Conf.API.JtwKeys = make(map[string][]byte)
+	if Conf.API.JwtPubKeyPath != "" {
+		if err := config.GetJwtKey(Conf.API.JwtPubKeyPath, Conf.API.JtwKeys); err != nil {
+			log.Panicf("Error while getting key %s: %v", Conf.API.JwtPubKeyPath, err)
+		}
+	}
+
 	sigc := make(chan os.Signal, 5)
 	signal.Notify(sigc, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT)
 	go func() {
@@ -139,3 +148,126 @@ func checkDB(database *database.SQLdb, timeout time.Duration) error {
 
 	return database.DB.PingContext(ctx)
 }
+
+// getFiles returns the files from the database for a specific user
+func getFiles(c *gin.Context) {
+
+	log.Debugf("request files in project")
+	c.Writer.Header().Set("Content-Type", "application/json")
+	// Get user ID to extract all files
+	userID, err := getUserFromToken(c.Writer, c.Request)
+	if err != nil {
+		// something went wrong with user token
+		c.JSON(500, err.Error())
+
+		return
+	}
+
+	files, err := Conf.API.DB.GetUserFiles(userID)
+	if err != nil {
+		// something went wrong with querying or parsing rows
+		c.JSON(500, err.Error())
+
+		return
+	}
+
+	// Return response
+	c.JSON(200, files)
+}
+
+// getUserFromToken parses the token, validates it against the key and returns the key
+func getUserFromToken(w http.ResponseWriter, r *http.Request) (string, error) {
+	// Check that a token is provided
+	tokenStr, err := getToken(r.Header.Get("Authorization"))
+	if err != nil {
+		log.Error("authorisation header missing frm request")
+
+		return "", fmt.Errorf("could not get token from header: %v", err)
+	}
+
+	var claims jwt.MapClaims
+	var ok bool
+
+	token, err := jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return nil, nil })
+	// Return error if token is broken (without claims)
+	if claims, ok = token.Claims.(jwt.MapClaims); !ok {
+		log.Error("could not parse claims from token")
+
+		return "", fmt.Errorf("broken token (claims are empty): %v\nerror: %s", claims, err)
+	}
+
+	strIss := fmt.Sprintf("%v", claims["iss"])
+	// Poor string unescaper for elixir
+	strIss = strings.ReplaceAll(strIss, "\\", "")
+
+	log.Debugf("Looking for key for %s", strIss)
+
+	iss, err := url.ParseRequestURI(strIss)
+	if err != nil || iss.Hostname() == "" {
+		return "", fmt.Errorf("Failed to get issuer from token (%v)", strIss)
+	}
+
+	switch token.Header["alg"] {
+	case "ES256":
+		key, err := jwt.ParseECPublicKeyFromPEM(Conf.API.JtwKeys[iss.Hostname()])
+		if err != nil {
+			return "", fmt.Errorf("failed to parse EC public key (%v)", err)
+		}
+		_, err = jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return key, nil })
+		if err != nil {
+			return "", fmt.Errorf("signed token (ES256) not valid: %v, (token was %s)", err, tokenStr)
+		}
+	case "RS256":
+		key, err := jwt.ParseRSAPublicKeyFromPEM(Conf.API.JtwKeys[iss.Hostname()])
+		if err != nil {
+			return "", fmt.Errorf("failed to parse RSA256 public key (%v)", err)
+		}
+		_, err = jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return key, nil })
+		if err != nil {
+			return "", fmt.Errorf("signed token (RS256) not valid: %v, (token was %s)", err, tokenStr)
+		}
+	default:
+		return "", fmt.Errorf("unsupported algorithm %s", token.Header["alg"])
+	}
+
+	return fmt.Sprintf("%v", claims["sub"]), nil
+}
+
+// getToken parses the token string from header
+func getToken(header string) (string, error) {
+	log.Debug("parsing access token from header")
+
+	if len(header) == 0 {
+		log.Error("authorization check failed, empty header")
+
+		return "", fmt.Errorf("access token must be provided")
+	}
+
+	// Check that Bearer scheme is used
+	headerParts := strings.Split(header, " ")
+	if headerParts[0] != "Bearer" {
+		log.Error("authorization check failed, no Bearer on header")
+
+		return "", fmt.Errorf("authorization scheme must be bearer")
+	}
+
+	// Check that header contains a token string
+	var token string
+	if len(headerParts) == 2 {
+		token = headerParts[1]
+	} else {
+		log.Error("authorization check failed, no token on header")
+
+		return "", fmt.Errorf("token string is missing from authorization header")
+	}
+
+	if len(token) < 2 {
+		log.Error("authorization check failed, too small token")
+
+		return "", fmt.Errorf("token string is missing from authorization header")
+	}
+
+	log.Debug("access token found")
+
+	return token, nil
+}

From fb7348cf29cf73b472303a5248d5352a55d7bc6f Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 27 Feb 2023 15:39:12 +0100
Subject: [PATCH 05/27] Add tests for api

---
 cmd/api/api_test.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/cmd/api/api_test.go b/cmd/api/api_test.go
index 3bf2108a..34fe28d7 100644
--- a/cmd/api/api_test.go
+++ b/cmd/api/api_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"log"
 	"testing"
 	"time"
 
@@ -54,3 +55,22 @@ func TestDatabasePingCheck(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NoError(t, checkDB(&database, 1*time.Second), "ping should succeed")
 }
+
+func TestGetToken(t *testing.T) {
+	authHeader := "Bearer sometoken"
+	_, err := getToken(authHeader)
+	assert.NoError(t, err)
+
+	authHeader = "Bearer "
+	_, err = getToken(authHeader)
+	log.Print(err)
+	assert.EqualError(t, err, "token string is missing from authorization header")
+
+	authHeader = "Beare"
+	_, err = getToken(authHeader)
+	assert.EqualError(t, err, "authorization scheme must be bearer")
+
+	authHeader = ""
+	_, err = getToken(authHeader)
+	assert.EqualError(t, err, "access token must be provided")
+}

From 26b08ac61225e226e3d89032dce2239e42bf6785 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 27 Feb 2023 15:39:46 +0100
Subject: [PATCH 06/27] Update to gin framework in integration test

---
 cmd/api/api_integgration_test.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/api/api_integgration_test.go b/cmd/api/api_integgration_test.go
index 08e5867c..15bfd2b6 100644
--- a/cmd/api/api_integgration_test.go
+++ b/cmd/api/api_integgration_test.go
@@ -9,7 +9,7 @@ import (
 	"sda-pipeline/internal/config"
 	"sda-pipeline/internal/database"
 
-	"github.com/gorilla/mux"
+	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -51,8 +51,8 @@ func TestShutdown(t *testing.T) {
 }
 
 func TestReadinessResponse(t *testing.T) {
-	r := mux.NewRouter()
-	r.HandleFunc("/ready", readinessResponse)
+	r := gin.Default()
+	r.GET("/ready", readinessResponse)
 	ts := httptest.NewServer(r)
 	defer ts.Close()
 

From 24820c47a82c9714e7ee5b8982183ecc779a1c53 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:48:02 +0100
Subject: [PATCH 07/27] Update database query in get user files

---
 internal/database/db.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/internal/database/db.go b/internal/database/db.go
index 6fe402f2..6b950bf9 100644
--- a/internal/database/db.go
+++ b/internal/database/db.go
@@ -513,9 +513,11 @@ func (dbs *SQLdb) getUserFiles(userID string) ([]*SubmissionFileInfo, error) {
 	files := []*SubmissionFileInfo{}
 	db := dbs.DB
 
-	const query = "SELECT inbox_path, status, created_at " +
-		"FROM local_ega.files " +
-		"WHERE elixir_id = $1;"
+	const query = "SELECT f.submission_file_path, e.event, f.created_at FROM sda.files f " +
+		"LEFT JOIN (SELECT file_id, (ARRAY_AGG(event ORDER BY started_at DESC))[1] AS event " +
+		"FROM sda.file_event_log GROUP BY file_id) e " +
+		"ON f.id = e.file_id " +
+		"WHERE f.submission_user = $1;"
 
 	// nolint:rowserrcheck
 	rows, err := db.Query(query, userID)

From 6c820fb721713050dbd4e614d22b6eb40217390c Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:48:46 +0100
Subject: [PATCH 08/27] Change JWT library in get user files

---
 cmd/api/api.go | 66 +++++++++++++++++++++-----------------------------
 1 file changed, 27 insertions(+), 39 deletions(-)

diff --git a/cmd/api/api.go b/cmd/api/api.go
index 11a3dc21..9b1a8ff7 100644
--- a/cmd/api/api.go
+++ b/cmd/api/api.go
@@ -3,6 +3,8 @@ package main
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -17,7 +19,8 @@ import (
 	"sda-pipeline/internal/database"
 
 	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwt"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -107,10 +110,10 @@ func shutdown() {
 }
 
 func readinessResponse(c *gin.Context) {
-	statusCocde := http.StatusOK
+	statusCode := http.StatusOK
 
 	if Conf.API.MQ.Connection.IsClosed() {
-		statusCocde = http.StatusServiceUnavailable
+		statusCode = http.StatusServiceUnavailable
 		newConn, err := broker.NewMQ(Conf.Broker)
 		if err != nil {
 			log.Errorf("failed to reconnect to MQ, reason: %v", err)
@@ -120,7 +123,7 @@ func readinessResponse(c *gin.Context) {
 	}
 
 	if Conf.API.MQ.Channel.IsClosed() {
-		statusCocde = http.StatusServiceUnavailable
+		statusCode = http.StatusServiceUnavailable
 		Conf.API.MQ.Connection.Close()
 		newConn, err := broker.NewMQ(Conf.Broker)
 		if err != nil {
@@ -133,10 +136,10 @@ func readinessResponse(c *gin.Context) {
 	if DBRes := checkDB(Conf.API.DB, 5*time.Millisecond); DBRes != nil {
 		log.Debugf("DB connection error :%v", DBRes)
 		Conf.API.DB.Reconnect()
-		statusCocde = http.StatusServiceUnavailable
+		statusCode = http.StatusServiceUnavailable
 	}
 
-	c.JSON(statusCocde, "")
+	c.JSON(statusCode, "")
 }
 
 func checkDB(database *database.SQLdb, timeout time.Duration) error {
@@ -180,23 +183,14 @@ func getUserFromToken(w http.ResponseWriter, r *http.Request) (string, error) {
 	// Check that a token is provided
 	tokenStr, err := getToken(r.Header.Get("Authorization"))
 	if err != nil {
-		log.Error("authorisation header missing frm request")
+		log.Error("authorization header missing from request")
 
 		return "", fmt.Errorf("could not get token from header: %v", err)
 	}
 
-	var claims jwt.MapClaims
-	var ok bool
+	token, err := jwt.Parse([]byte(tokenStr), jwt.WithVerify(false))
+	strIss := token.Issuer()
 
-	token, err := jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return nil, nil })
-	// Return error if token is broken (without claims)
-	if claims, ok = token.Claims.(jwt.MapClaims); !ok {
-		log.Error("could not parse claims from token")
-
-		return "", fmt.Errorf("broken token (claims are empty): %v\nerror: %s", claims, err)
-	}
-
-	strIss := fmt.Sprintf("%v", claims["iss"])
 	// Poor string unescaper for elixir
 	strIss = strings.ReplaceAll(strIss, "\\", "")
 
@@ -204,33 +198,27 @@ func getUserFromToken(w http.ResponseWriter, r *http.Request) (string, error) {
 
 	iss, err := url.ParseRequestURI(strIss)
 	if err != nil || iss.Hostname() == "" {
-		return "", fmt.Errorf("Failed to get issuer from token (%v)", strIss)
+		return "", fmt.Errorf("failed to get issuer from token (%v)", strIss)
 	}
 
-	switch token.Header["alg"] {
-	case "ES256":
-		key, err := jwt.ParseECPublicKeyFromPEM(Conf.API.JtwKeys[iss.Hostname()])
-		if err != nil {
-			return "", fmt.Errorf("failed to parse EC public key (%v)", err)
-		}
-		_, err = jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return key, nil })
-		if err != nil {
-			return "", fmt.Errorf("signed token (ES256) not valid: %v, (token was %s)", err, tokenStr)
-		}
-	case "RS256":
-		key, err := jwt.ParseRSAPublicKeyFromPEM(Conf.API.JtwKeys[iss.Hostname()])
-		if err != nil {
-			return "", fmt.Errorf("failed to parse RSA256 public key (%v)", err)
-		}
-		_, err = jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return key, nil })
+	block, _ := pem.Decode(Conf.API.JtwKeys[iss.Hostname()])
+	key, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse key (%v)", err)
+	}
+
+	verifiedToken, err := jwt.Parse([]byte(tokenStr), jwt.WithKey(jwa.RS256, key))
+	if err != nil {
+		log.Debugf("failed to verify token as RS256 signature of token %s, %s", tokenStr, err)
+		verifiedToken, err = jwt.Parse([]byte(tokenStr), jwt.WithKey(jwa.ES256, key))
 		if err != nil {
-			return "", fmt.Errorf("signed token (RS256) not valid: %v, (token was %s)", err, tokenStr)
+			log.Errorf("failed to verify token as ES256 signature of token %s, %s", tokenStr, err)
+
+			return "", fmt.Errorf("failed to verify token as RSA256 or ES256 signature of token %s, %s", tokenStr, err)
 		}
-	default:
-		return "", fmt.Errorf("unsupported algorithm %s", token.Header["alg"])
 	}
 
-	return fmt.Sprintf("%v", claims["sub"]), nil
+	return verifiedToken.Subject(), nil
 }
 
 // getToken parses the token string from header

From d10ec0284fc2d645cebefb03fc4c8d636adf9c35 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:49:08 +0100
Subject: [PATCH 09/27] Update tests in get user files

---
 cmd/api/api_test.go | 219 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 216 insertions(+), 3 deletions(-)

diff --git a/cmd/api/api_test.go b/cmd/api/api_test.go
index 34fe28d7..b2e8cd26 100644
--- a/cmd/api/api_test.go
+++ b/cmd/api/api_test.go
@@ -1,28 +1,80 @@
 package main
 
 import (
-	"log"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
+	log "github.com/sirupsen/logrus"
+
 	"sda-pipeline/internal/config"
 	"sda-pipeline/internal/database"
 
 	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwt"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )
 
+var (
+	CorrectToken = map[string]interface{}{
+		"sub":   "requester@demo.org",
+		"azp":   "azp",
+		"scope": "openid ga4gh_passport_v1",
+		"iss":   "http://example.demo",
+		"exp":   time.Now().Add(time.Hour * 2).Unix(),
+		"iat":   time.Now().Unix(),
+		"jti":   "6ad7aa42-3e9c-4833-bd16-765cb80c2102",
+	}
+
+	NoIssuer = map[string]interface{}{
+		"sub":   "requester@demo.org",
+		"azp":   "azp",
+		"scope": "openid ga4gh_passport_v1",
+		"exp":   time.Now().Add(time.Hour * 2).Unix(),
+		"iat":   time.Now().Unix(),
+		"jti":   "6ad7aa42-3e9c-4833-bd16-765cb80c2102",
+	}
+
+	WrongTokenAlgClaims = map[string]interface{}{
+		"iss":       "Online JWT Builder",
+		"iat":       time.Now().Unix(),
+		"exp":       time.Now().Add(time.Hour * 2).Unix(),
+		"aud":       "4e9416a7-3515-447a-b848-d4ac7a57f",
+		"sub":       "pleasefix@snurre-in-the-house.org",
+		"auth_time": "1632207224",
+		"jti":       "cc847f9c-7608-4b4f-9c6f-6e734813355f",
+	}
+)
+
 type TestSuite struct {
 	suite.Suite
+	PrivateKey *rsa.PrivateKey
+	Path       string
+	KeyName    string
 }
 
 func TestApiTestSuite(t *testing.T) {
 	suite.Run(t, new(TestSuite))
 }
 
-func TestSetup(t *testing.T) {
+// Remove the created keys after all tests are run
+func (suite *TestSuite) TearDownTest() {
+	os.Remove(suite.Path + suite.KeyName + ".pem")
+	os.Remove(suite.Path + suite.KeyName + ".pub")
+}
+
+// Initialise configuration and create jwt keys
+func (suite *TestSuite) SetupTest() {
 	viper.Set("log.level", "debug")
 
 	viper.Set("broker.host", "test")
@@ -43,8 +95,118 @@ func TestSetup(t *testing.T) {
 	conf.API.Port = 8080
 	server := setup(&conf)
 
-	assert.Equal(t, "localhost:8080", server.Addr)
+	assert.Equal(suite.T(), "localhost:8080", server.Addr)
+
+	suite.Path = "/tmp/keys/"
+	suite.KeyName = "example.demo"
+
+	log.Print("Creating JWT keys for testing")
+	suite.CreateKeys(suite.Path, suite.KeyName)
+
+}
+
+// CreateKeys creates an RSA key pair for testing
+func (suite *TestSuite) CreateKeys(path string, keyName string) {
+	CreateFolder(path)
+	CreateRSAkeys(path, keyName)
+	suite.PrivateKey, err = ParsePrivateRSAKey(path, keyName+".pem")
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
+
+}
+
+// CreateFolder where the keys will be stored
+func CreateFolder(path string) error {
+	err := os.MkdirAll(path, 0750)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ParsePrivateRSAKey reads and parses the RSA private key
+func ParsePrivateRSAKey(path, keyName string) (*rsa.PrivateKey, error) {
+	keyPath := path + keyName
+	prKey, err := os.ReadFile(filepath.Clean(keyPath))
+	if err != nil {
+		return nil, err
+	}
+
+	block, _ := pem.Decode(prKey)
+	prKeyParsed, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+
+	return prKeyParsed, nil
+}
+
+// CreateRSAkeys creates the RSA key pair
+func CreateRSAkeys(keyPath string, keyName string) error {
+	privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return err
+	}
+	publickey := &privatekey.PublicKey
+
+	// dump private key to file
+	privateKeyBytes := x509.MarshalPKCS1PrivateKey(privatekey)
+	privateKeyBlock := &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: privateKeyBytes,
+	}
+	privatePem, err := os.Create(keyPath + keyName + ".pem")
+	if err != nil {
+		return err
+	}
+	err = pem.Encode(privatePem, privateKeyBlock)
+	if err != nil {
+		return err
+	}
+
+	// dump public key to file
+	publicKeyBytes, err := x509.MarshalPKIXPublicKey(publickey)
+	if err != nil {
+		return err
+	}
+	publicKeyBlock := &pem.Block{
+		Type:  "PUBLIC KEY",
+		Bytes: publicKeyBytes,
+	}
+	publicPem, err := os.Create(keyPath + keyName + ".pub")
+	if err != nil {
+		return err
+	}
+	err = pem.Encode(publicPem, publicKeyBlock)
+	if err != nil {
+		return err
+	}
 
+	return nil
+}
+
+// CreateRSAToken creates an RSA token
+func CreateRSAToken(privateKey *rsa.PrivateKey, headerAlg, headerType string, tokenClaims map[string]interface{}) (string, error) {
+	var tok jwt.Token
+	tok, err := jwt.NewBuilder().Issuer(fmt.Sprintf("%v", tokenClaims["iss"])).Build()
+
+	if err != nil {
+		log.Error(err)
+	}
+
+	for key, element := range tokenClaims {
+		tok.Set(key, element)
+	}
+
+	serialized, err := jwt.Sign(tok, jwt.WithKey(jwa.RS256, privateKey))
+	if err != nil {
+		fmt.Printf("failed to sign token: %s\n", err)
+		return "no-token", err
+	}
+
+	return string(serialized), nil
 }
 
 func TestDatabasePingCheck(t *testing.T) {
@@ -74,3 +236,54 @@ func TestGetToken(t *testing.T) {
 	_, err = getToken(authHeader)
 	assert.EqualError(t, err, "access token must be provided")
 }
+
+func (suite *TestSuite) TestGetUserFromToken() {
+	c := &config.Config{}
+	ApiConf := config.APIConf{}
+	ApiConf.JwtPubKeyPath = "/tmp/keys"
+	c.API = ApiConf
+
+	Conf = c
+	Conf.API.JtwKeys = make(map[string][]byte)
+
+	err := config.GetJwtKey(Conf.API.JwtPubKeyPath, Conf.API.JtwKeys)
+	if err != nil {
+		log.Fatalf("error in GetJwtKey: %v", err)
+	}
+
+	var w http.ResponseWriter
+	url := "localhost:8080/files"
+	method := "GET"
+	r, err := http.NewRequest(method, url, nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	// Functional token
+	token, err := CreateRSAToken(suite.PrivateKey, "RS256", "JWT", CorrectToken)
+	if err != nil {
+		log.Fatalf("error in createToken: %v", err)
+	}
+	r.Header.Add("Authorization", "Bearer "+token)
+
+	user, err := getUserFromToken(w, r)
+	assert.NoError(suite.T(), err)
+	assert.Equal(suite.T(), "requester@demo.org", user)
+
+	// Token without authorization header
+	r.Header.Del("Authorization")
+
+	user, err = getUserFromToken(w, r)
+	assert.EqualError(suite.T(), err, "could not get token from header: access token must be provided")
+	assert.Equal(suite.T(), "", user)
+
+	// Token without issuer
+	token, err = CreateRSAToken(suite.PrivateKey, "RS256", "JWT", NoIssuer)
+	r.Header.Add("Authorization", "Bearer "+token)
+
+	user, err = getUserFromToken(w, r)
+	assert.EqualError(suite.T(), err, "failed to get issuer from token (<nil>)")
+	assert.Equal(suite.T(), "", user)
+
+}

From 6894ccc1e120cf489acc9d431bd3882e703e308f Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:50:04 +0100
Subject: [PATCH 10/27] Fix spelling mistakes

---
 cmd/api/api_integgration_test.go | 2 +-
 internal/config/config.go        | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/cmd/api/api_integgration_test.go b/cmd/api/api_integgration_test.go
index 15bfd2b6..01a215fd 100644
--- a/cmd/api/api_integgration_test.go
+++ b/cmd/api/api_integgration_test.go
@@ -86,7 +86,7 @@ func TestReadinessResponse(t *testing.T) {
 	assert.Equal(t, http.StatusOK, res.StatusCode)
 	defer res.Body.Close()
 
-	// close the connection to force a reconneciton
+	// close the connection to force a reconnection
 	Conf.API.MQ.Connection.Close()
 	res, err = http.Get(ts.URL + "/ready")
 	assert.NoError(t, err)
diff --git a/internal/config/config.go b/internal/config/config.go
index 90b99375..2ba971ac 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -601,11 +601,9 @@ func CopyHeader() bool {
 
 // Function for reading the ega key in []byte
 func GetJwtKey(jwtpubkeypath string, jwtKeys map[string][]byte) error {
-
 	err := filepath.Walk(jwtpubkeypath,
 		func(path string, info os.FileInfo, err error) error {
 			if err != nil {
-				log.Print(err)
 				return err
 			}
 			if info.Mode().IsRegular() {

From a3470e56613fb3751c45d24aef8647a802f5a760 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:51:52 +0100
Subject: [PATCH 11/27] Update config files for API

---
 dev_utils/config-notls.yaml | 3 +++
 dev_utils/config.yaml       | 1 +
 2 files changed, 4 insertions(+)

diff --git a/dev_utils/config-notls.yaml b/dev_utils/config-notls.yaml
index 64c26075..7665c63b 100644
--- a/dev_utils/config-notls.yaml
+++ b/dev_utils/config-notls.yaml
@@ -1,3 +1,6 @@
+api:
+  jwtpubkeypath: "/tmp/keys"
+
 archive:
   type: ""
   # S3 backend
diff --git a/dev_utils/config.yaml b/dev_utils/config.yaml
index 5fb154b9..a8ffbae9 100644
--- a/dev_utils/config.yaml
+++ b/dev_utils/config.yaml
@@ -2,6 +2,7 @@ api:
   cacert: "./dev_utils/certs/ca.pem"
   serverCert: "./dev_utils/certs/client.pem"
   serverKey: "./dev_utils/certs/client-key.pem"
+  jwtpubkeypath: "/keys"
 
 archive:
   type: ""

From 0b7f61b38486964d17dec653ac091fc59563f1aa Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:57:39 +0100
Subject: [PATCH 12/27] Update config

---
 dev_utils/config-notls.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev_utils/config-notls.yaml b/dev_utils/config-notls.yaml
index 7665c63b..873b0800 100644
--- a/dev_utils/config-notls.yaml
+++ b/dev_utils/config-notls.yaml
@@ -1,5 +1,5 @@
 api:
-  jwtpubkeypath: "/tmp/keys"
+  jwtpubkeypath: "/keys"
 
 archive:
   type: ""

From 2ed1f830f23feb160f72f33d39ae9f65ef60235e Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 08:59:00 +0100
Subject: [PATCH 13/27] Update api in docker compose files

---
 dev_utils/compose-no-tls.yml | 2 ++
 dev_utils/compose-sda.yml    | 1 +
 2 files changed, 3 insertions(+)

diff --git a/dev_utils/compose-no-tls.yml b/dev_utils/compose-no-tls.yml
index fbb103bc..6d9a90eb 100644
--- a/dev_utils/compose-no-tls.yml
+++ b/dev_utils/compose-no-tls.yml
@@ -55,6 +55,7 @@ services:
     ports:
       - "9000:9000"
       - "9001:9001"
+
   createbucket:
     image: minio/mc
     depends_on:
@@ -223,6 +224,7 @@ services:
     restart: always
     volumes:
       - ./config-notls.yaml:/config.yaml
+      - ./keys:/keys
 volumes:
   archive:
   backup:
diff --git a/dev_utils/compose-sda.yml b/dev_utils/compose-sda.yml
index 555bea72..12dae7fe 100644
--- a/dev_utils/compose-sda.yml
+++ b/dev_utils/compose-sda.yml
@@ -258,6 +258,7 @@ services:
       - ./config.yaml:/config.yaml
       - ./:/dev_utils/
       - certs:/dev_utils/certs
+      - ./keys:/keys
 
   sftp-server:
     build:

From de05fe3dadda25a35e35a479b0f533b9ab307172 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Thu, 2 Mar 2023 10:14:06 +0100
Subject: [PATCH 14/27] Fix linter issues

---
 cmd/api/api.go      |  3 +++
 cmd/api/api_test.go | 30 ++++++++++++++++++++----------
 2 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/cmd/api/api.go b/cmd/api/api.go
index 9b1a8ff7..58f29809 100644
--- a/cmd/api/api.go
+++ b/cmd/api/api.go
@@ -189,6 +189,9 @@ func getUserFromToken(w http.ResponseWriter, r *http.Request) (string, error) {
 	}
 
 	token, err := jwt.Parse([]byte(tokenStr), jwt.WithVerify(false))
+	if err != nil {
+		return "", fmt.Errorf("failed to get parse token: %v", err)
+	}
 	strIss := token.Issuer()
 
 	// Poor string unescaper for elixir
diff --git a/cmd/api/api_test.go b/cmd/api/api_test.go
index b2e8cd26..5fa5b4cc 100644
--- a/cmd/api/api_test.go
+++ b/cmd/api/api_test.go
@@ -107,13 +107,18 @@ func (suite *TestSuite) SetupTest() {
 
 // CreateKeys creates an RSA key pair for testing
 func (suite *TestSuite) CreateKeys(path string, keyName string) {
-	CreateFolder(path)
-	CreateRSAkeys(path, keyName)
+	err := CreateFolder(path)
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
+	err = CreateRSAkeys(path, keyName)
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
 	suite.PrivateKey, err = ParsePrivateRSAKey(path, keyName+".pem")
 	if err != nil {
 		log.Fatalf("error: %v", err)
 	}
-
 }
 
 // CreateFolder where the keys will be stored
@@ -191,18 +196,19 @@ func CreateRSAkeys(keyPath string, keyName string) error {
 func CreateRSAToken(privateKey *rsa.PrivateKey, headerAlg, headerType string, tokenClaims map[string]interface{}) (string, error) {
 	var tok jwt.Token
 	tok, err := jwt.NewBuilder().Issuer(fmt.Sprintf("%v", tokenClaims["iss"])).Build()
-
 	if err != nil {
 		log.Error(err)
 	}
 
 	for key, element := range tokenClaims {
-		tok.Set(key, element)
+		err = tok.Set(key, element)
+		if err != nil {
+			log.Error(err)
+		}
 	}
 
 	serialized, err := jwt.Sign(tok, jwt.WithKey(jwa.RS256, privateKey))
 	if err != nil {
-		fmt.Printf("failed to sign token: %s\n", err)
 		return "no-token", err
 	}
 
@@ -239,9 +245,9 @@ func TestGetToken(t *testing.T) {
 
 func (suite *TestSuite) TestGetUserFromToken() {
 	c := &config.Config{}
-	ApiConf := config.APIConf{}
-	ApiConf.JwtPubKeyPath = "/tmp/keys"
-	c.API = ApiConf
+	APIConf := config.APIConf{}
+	APIConf.JwtPubKeyPath = "/tmp/keys"
+	c.API = APIConf
 
 	Conf = c
 	Conf.API.JtwKeys = make(map[string][]byte)
@@ -256,7 +262,8 @@ func (suite *TestSuite) TestGetUserFromToken() {
 	method := "GET"
 	r, err := http.NewRequest(method, url, nil)
 	if err != nil {
-		log.Println(err)
+		log.Fatalf("error: %v", err)
+
 		return
 	}
 
@@ -280,6 +287,9 @@ func (suite *TestSuite) TestGetUserFromToken() {
 
 	// Token without issuer
 	token, err = CreateRSAToken(suite.PrivateKey, "RS256", "JWT", NoIssuer)
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
 	r.Header.Add("Authorization", "Bearer "+token)
 
 	user, err = getUserFromToken(w, r)

From 9d0cacb26dedd56fee4937b2eebeed5300316061 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Fri, 3 Mar 2023 16:05:05 +0100
Subject: [PATCH 15/27] Add script to create jwt in tests

---
 .../integration/setup/common/23_create_jwt.sh | 71 +++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 .github/integration/setup/common/23_create_jwt.sh

diff --git a/.github/integration/setup/common/23_create_jwt.sh b/.github/integration/setup/common/23_create_jwt.sh
new file mode 100644
index 00000000..99ea436e
--- /dev/null
+++ b/.github/integration/setup/common/23_create_jwt.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/bash
+
+# Create RSA keys
+cd dev_utils || exit 1
+mkdir -p keys || exit 1
+cd keys || exit 1
+
+ssh-keygen -t rsa -b 4096 -m PEM -f example.demo.pem -q -N ""
+openssl rsa -in example.demo.pem -pubout -outform PEM -out example.demo.pub
+
+# Shared content to use as template
+header_template='{
+    "typ": "JWT",
+    "kid": "0001"
+}'
+
+build_header() {
+        jq -c \
+                --arg iat_str "$(date +%s)" \
+                --arg alg "${1}" \
+                '
+        ($iat_str | tonumber) as $iat
+        | .alg = $alg
+        | .iat = $iat
+        | .exp = ($iat + 86400)
+        ' <<<"$header_template" | tr -d '\n'
+}
+
+b64enc() { openssl enc -base64 -A | tr '+/' '-_' | tr -d '='; }
+json() { jq -c . | LC_CTYPE=C tr -d '\n'; }
+rs_sign() { openssl dgst -binary -sha"${1}" -sign <(printf '%s\n' "$2"); }
+es_sign() { openssl dgst -binary -sha"${1}" -sign <(printf '%s\n' "$2") | openssl asn1parse -inform DER | grep INTEGER | cut -d ':' -f 4 | xxd -p -r; }
+
+sign() {
+        if [ -n "$2" ]; then
+                rsa_secret=$(<"$2")
+        else
+                echo "no signing key supplied"
+                exit 1
+        fi
+        local algo payload header sig secret=$rsa_secret
+        algo=${1:-RS256}
+        algo=${algo^^}
+        header=$(build_header "$algo") || return
+        payload=${4:-$test_payload}
+        signed_content="$(json <<<"$header" | b64enc).$(json <<<"$payload" | b64enc)"
+        case $algo in
+        RS*) sig=$(printf %s "$signed_content" | rs_sign "${algo#RS}" "$secret" | b64enc) ;;
+        ES*) sig=$(printf %s "$signed_content" | es_sign "${algo#ES}" "$secret" | b64enc) ;;
+        *)
+                echo "Unknown algorithm" >&2
+                return 1
+                ;;
+        esac
+        printf '%s.%s\n' "${signed_content}" "${sig}"
+}
+
+iat=$(date +%s)
+exp=$(date --date="${3:-tomorrow}" +%s)
+
+test_payload='{
+  "sub": "test",
+  "azp": "azp",
+  "scope": "openid ga4gh_passport_v1",
+  "iss": "http://example.demo",
+  "exp": '"$exp"',
+  "iat": '"$iat"',
+  "jti": "6ad7aa42-3e9c-4833-bd16-765cb80c2102"
+}'
+
+sign RS256 example.demo.pem > token.jwt

From 858bd28c4a7c67ff46eb0cdad3db6854502a04d4 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Fri, 3 Mar 2023 16:05:29 +0100
Subject: [PATCH 16/27] Add api to integration testing

---
 .github/integration/setup/common/10_services.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/integration/setup/common/10_services.sh b/.github/integration/setup/common/10_services.sh
index c1c7d861..068220c6 100644
--- a/.github/integration/setup/common/10_services.sh
+++ b/.github/integration/setup/common/10_services.sh
@@ -79,7 +79,7 @@ else
 
     docker-compose -f compose-sda.yml up -d
 
-    for p in ingest verify finalize mapper intercept backup; do
+    for p in ingest verify finalize mapper intercept backup api; do
         RETRY_TIMES=0
         until docker ps -f name="$p" --format "{{.Status}}" | grep "Up"
         do echo "waiting for $p to become ready"

From bac5c7c21d2e469b25642ce3df7e7973c3fcce48 Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Fri, 3 Mar 2023 16:05:55 +0100
Subject: [PATCH 17/27] Add check for api response in integration testing

---
 .github/integration/tests/common/30_ingest_test.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/integration/tests/common/30_ingest_test.sh b/.github/integration/tests/common/30_ingest_test.sh
index 3c9cd632..36ccf739 100644
--- a/.github/integration/tests/common/30_ingest_test.sh
+++ b/.github/integration/tests/common/30_ingest_test.sh
@@ -340,6 +340,11 @@ for file in dummy_data.c4gh largefile.c4gh; do
 		fi
 	done
 
+	# Test the API files endpoint
+	token="$(cat keys/token.jwt)"
+	response="$(curl --location "localhost:8080/files" --header "Authorization: Bearer $token")"
+	echo "$response"
+
 	RETRY_TIMES=0
 	decryptedsizedb=''
 

From 691b031cb9b97b94a94e6602a79158b1daa0454a Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Fri, 3 Mar 2023 16:21:40 +0100
Subject: [PATCH 18/27] Remove unused variable from api tests

---
 cmd/api/api_test.go | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/cmd/api/api_test.go b/cmd/api/api_test.go
index 5fa5b4cc..ca0908d7 100644
--- a/cmd/api/api_test.go
+++ b/cmd/api/api_test.go
@@ -44,16 +44,6 @@ var (
 		"iat":   time.Now().Unix(),
 		"jti":   "6ad7aa42-3e9c-4833-bd16-765cb80c2102",
 	}
-
-	WrongTokenAlgClaims = map[string]interface{}{
-		"iss":       "Online JWT Builder",
-		"iat":       time.Now().Unix(),
-		"exp":       time.Now().Add(time.Hour * 2).Unix(),
-		"aud":       "4e9416a7-3515-447a-b848-d4ac7a57f",
-		"sub":       "pleasefix@snurre-in-the-house.org",
-		"auth_time": "1632207224",
-		"jti":       "cc847f9c-7608-4b4f-9c6f-6e734813355f",
-	}
 )
 
 type TestSuite struct {

From 33c3b464ea4563e10f181302ec991b04d0a30286 Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 12:43:05 +0200
Subject: [PATCH 19/27] Storage_test don't look for static files

---
 internal/storage/storage_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/storage/storage_test.go b/internal/storage/storage_test.go
index 1e266cf6..0108456d 100644
--- a/internal/storage/storage_test.go
+++ b/internal/storage/storage_test.go
@@ -48,7 +48,7 @@ var testS3Conf = S3Conf{
 	"region",
 	10,
 	5 * 1024 * 1024,
-	"../../dev_utils/certs/ca.pem",
+	"",
 	2 * time.Second}
 
 var testConf = Conf{posixType, testS3Conf, testPosixConf, testSftpConf}

From e9bffbcf500b167321d3eec1cb943142f3e2f62a Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 12:43:50 +0200
Subject: [PATCH 20/27] [Api integration test] start containers from within the
 test

---
 cmd/api/api_integgration_test.go | 138 +++++++++++++++++++++++++++++--
 1 file changed, 133 insertions(+), 5 deletions(-)

diff --git a/cmd/api/api_integgration_test.go b/cmd/api/api_integgration_test.go
index 01a215fd..d7330290 100644
--- a/cmd/api/api_integgration_test.go
+++ b/cmd/api/api_integgration_test.go
@@ -1,23 +1,151 @@
 package main
 
 import (
+	"database/sql"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"os"
+	"strconv"
 	"testing"
+	"time"
 
 	"sda-pipeline/internal/broker"
 	"sda-pipeline/internal/config"
 	"sda-pipeline/internal/database"
 
+	_ "github.com/lib/pq"
+	log "github.com/sirupsen/logrus"
+
 	"github.com/gin-gonic/gin"
+	"github.com/ory/dockertest/v3"
+	"github.com/ory/dockertest/v3/docker"
 	"github.com/stretchr/testify/assert"
 )
 
+var dbPort, mqPort int
+
+func TestMain(m *testing.M) {
+	if _, err := os.Stat("/.dockerenv"); err == nil {
+		m.Run()
+	}
+	// uses a sensible default on windows (tcp/http) and linux/osx (socket)
+	pool, err := dockertest.NewPool("")
+	if err != nil {
+		log.Fatalf("Could not construct pool: %s", err)
+	}
+
+	// uses pool to try to connect to Docker
+	err = pool.Client.Ping()
+	if err != nil {
+		log.Fatalf("Could not connect to Docker: %s", err)
+	}
+
+	// pulls an image, creates a container based on it and runs it
+	postgres, err := pool.RunWithOptions(&dockertest.RunOptions{
+		Repository: "ghcr.io/neicnordic/sda-db",
+		Tag:        "v2.1.3",
+		Env: []string{
+			"DB_LEGA_IN_PASSWORD=lega_in",
+			"DB_LEGA_OUT_PASSWORD=lega_out",
+			"NOTLS=true",
+			"POSTGRES_PASSWORD=rootpassword",
+		},
+	}, func(config *docker.HostConfig) {
+		// set AutoRemove to true so that stopped container goes away by itself
+		config.AutoRemove = true
+		config.RestartPolicy = docker.RestartPolicy{
+			Name: "no",
+		}
+	})
+	if err != nil {
+		log.Fatalf("Could not start resource: %s", err)
+	}
+
+	dbHostAndPort := postgres.GetHostPort("5432/tcp")
+	dbPort, _ = strconv.Atoi(postgres.GetPort("5432/tcp"))
+	databaseURL := fmt.Sprintf("postgres://lega_in:lega_in@%s/lega?sslmode=disable", dbHostAndPort)
+
+	pool.MaxWait = 120 * time.Second
+	if err = pool.Retry(func() error {
+		db, err := sql.Open("postgres", databaseURL)
+		if err != nil {
+			log.Println(err)
+
+			return err
+		}
+
+		return db.Ping()
+	}); err != nil {
+		log.Fatalf("Could not connect to postgres: %s", err)
+	}
+
+	// pulls an image, creates a container based on it and runs it
+	rabbitmq, err := pool.RunWithOptions(&dockertest.RunOptions{
+		Repository: "ghcr.io/neicnordic/sda-mq",
+		Tag:        "v1.4.30",
+		Env: []string{
+			"MQ_USER=test",
+			"MQ_PASSWORD_HASH=C5ufXbYlww6ZBcEqDUB04YdUptO81s+ozI3Ll5GCHTnv8NAm",
+			"MQ_VHOST=test",
+			"NOTLS=true",
+		},
+	}, func(config *docker.HostConfig) {
+		// set AutoRemove to true so that stopped container goes away by itself
+		config.AutoRemove = true
+		config.RestartPolicy = docker.RestartPolicy{
+			Name: "no",
+		}
+	})
+	if err != nil {
+		log.Fatalf("Could not start resource: %s", err)
+	}
+
+	mqPort, _ = strconv.Atoi(rabbitmq.GetPort("5672/tcp"))
+	mqHostAndPort := rabbitmq.GetHostPort("15672/tcp")
+
+	client := http.Client{Timeout: 5 * time.Second}
+	req, err := http.NewRequest(http.MethodGet, "http://"+mqHostAndPort+"/api/users", http.NoBody)
+	if err != nil {
+		log.Fatal(err)
+	}
+	req.SetBasicAuth("test", "test")
+
+	// exponential backoff-retry, because the application in the container might not be ready to accept connections yet
+	if err := pool.Retry(func() error {
+		res, err := client.Do(req)
+		if err != nil {
+			return err
+		}
+		res.Body.Close()
+
+		return nil
+	}); err != nil {
+		if err := pool.Purge(postgres); err != nil {
+			log.Fatalf("Could not purge resource: %s", err)
+		}
+		if err := pool.Purge(rabbitmq); err != nil {
+			log.Fatalf("Could not purge resource: %s", err)
+		}
+		log.Fatalf("Could not connect to rabbitmq: %s", err)
+	}
+
+	_ = m.Run()
+
+	log.Println("tests completed")
+	if err := pool.Purge(postgres); err != nil {
+		log.Fatalf("Could not purge resource: %s", err)
+	}
+	if err := pool.Purge(rabbitmq); err != nil {
+		log.Fatalf("Could not purge resource: %s", err)
+	}
+}
+
 func TestShutdown(t *testing.T) {
 	Conf = &config.Config{}
 	Conf.Broker = broker.MQConf{
 		Host:       "localhost",
-		Port:       5672,
+		Port:       mqPort,
 		User:       "test",
 		Password:   "test",
 		RoutingKey: "test",
@@ -30,7 +158,7 @@ func TestShutdown(t *testing.T) {
 
 	Conf.Database = database.DBConf{
 		Host:     "localhost",
-		Port:     5432,
+		Port:     dbPort,
 		User:     "lega_in",
 		Password: "lega_in",
 		Database: "lega",
@@ -51,6 +179,7 @@ func TestShutdown(t *testing.T) {
 }
 
 func TestReadinessResponse(t *testing.T) {
+	gin.SetMode(gin.ReleaseMode)
 	r := gin.Default()
 	r.GET("/ready", readinessResponse)
 	ts := httptest.NewServer(r)
@@ -59,7 +188,7 @@ func TestReadinessResponse(t *testing.T) {
 	Conf = &config.Config{}
 	Conf.Broker = broker.MQConf{
 		Host:       "localhost",
-		Port:       5672,
+		Port:       mqPort,
 		User:       "test",
 		Password:   "test",
 		RoutingKey: "test",
@@ -72,7 +201,7 @@ func TestReadinessResponse(t *testing.T) {
 
 	Conf.Database = database.DBConf{
 		Host:     "localhost",
-		Port:     5432,
+		Port:     dbPort,
 		User:     "lega_in",
 		Password: "lega_in",
 		Database: "lega",
@@ -124,5 +253,4 @@ func TestReadinessResponse(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, http.StatusOK, res.StatusCode)
 	defer res.Body.Close()
-
 }

From 89620715b5489c6f2815abde6676c13d391ef8df Mon Sep 17 00:00:00 2001
From: dbampalikis <dimitris.bampalikis@gmail.com>
Date: Mon, 6 Mar 2023 10:11:34 +0100
Subject: [PATCH 21/27] Update go mod and sum

---
 go.mod |  53 +++++++++++++++++++---
 go.sum | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 178 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 162a165d..111d3829 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3
 	github.com/lib/pq v1.10.8
 	github.com/mocktools/go-smtp-mock v1.10.0
-	github.com/neicnordic/crypt4gh v1.7.3
+	github.com/neicnordic/crypt4gh v1.7.4
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/sftp v1.13.5
 	github.com/rabbitmq/amqp091-go v1.8.0
@@ -22,31 +22,74 @@ require (
 
 require (
 	filippo.io/edwards25519 v1.0.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/Microsoft/go-winio v0.6.0 // indirect
+	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
+	github.com/bytedance/sonic v1.8.7 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/containerd/continuity v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
+	github.com/docker/cli v23.0.3+incompatible // indirect
+	github.com/docker/docker v23.0.3+incompatible // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/gorilla/mux v1.8.0
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-gonic/gin v1.9.0
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.12.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/kr/fs v0.1.0 // indirect
+	github.com/leodido/go-urn v1.2.3 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.1 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/jwx/v2 v2.0.9
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
+	github.com/opencontainers/runc v1.1.6 // indirect
+	github.com/ory/dockertest/v3 v3.9.1
+	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
 	github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/crypto v0.8.0
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
 	golang.org/x/sys v0.7.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 45358675..b1e4d036 100644
--- a/go.sum
+++ b/go.sum
@@ -38,16 +38,30 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
 filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.44.244 h1:QzBWLD5HjZHdRZyTMTOWtD9Pobzf1n8/CeTJB4giXi0=
 github.com/aws/aws-sdk-go v1.44.244/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.8.7 h1:d3sry5vGgVq/OpgozRUNP6xBsSo0mtNdwliApw+SAMQ=
+github.com/bytedance/sonic v1.8.7/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
+github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4=
+github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -55,11 +69,25 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
+github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 h1:HbphB4TFFXpv7MNrT52FGrrgVXF1owhMVTHFZIlnvd4=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0/go.mod h1:DZGJHZMqrU4JJqFAWUS2UO1+lbSKsdiOoYi9Zzey7Fc=
+github.com/docker/cli v23.0.3+incompatible h1:Zcse1DuDqBdgI7OQDV8Go7b83xLgfhW1eza4HfEdxpY=
+github.com/docker/cli v23.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho=
+github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -69,12 +97,28 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8=
+github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI=
+github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -100,6 +144,7 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -111,7 +156,9 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -126,20 +173,22 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -147,9 +196,15 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 h1:aTscQmvmU/1AS3PqVaNtUtJUwyMexxqVErkhwsWoEpw=
 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3/go.mod h1:Cnosl0cRZIfKjTMuH49sQog2LeNsU5Hf4WnPIDWIDV0=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
+github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -157,18 +212,50 @@ github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/leodido/go-urn v1.2.3 h1:6BE2vPT0lqoz3fmOesHZiaiFh7889ssCo2GMvLCfiuA=
+github.com/leodido/go-urn v1.2.3/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
+github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
+github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.0.9 h1:TRX4Q630UXxPVLvP5vGaqVJO7S+0PE6msRZUsFSBoC8=
+github.com/lestrrat-go/jwx/v2 v2.0.9/go.mod h1:K68euYaR95FnL0hIQB8VvzL70vB7pSifbJUydCTPmgM=
+github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lib/pq v1.10.8 h1:3fdt97i/cwSU83+E0hZTC/Xpc9mTZxc6UWSCRcSbxiE=
 github.com/lib/pq v1.10.8/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
+github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
+github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/mocktools/go-smtp-mock v1.10.0 h1:glrRmjNqASyy+jf1IJ2nCWgEbJScD3Amf2IGcXgdEVg=
 github.com/mocktools/go-smtp-mock v1.10.0/go.mod h1:mmvlBVX6MTOBHtROX+tor9YZF5JENN8d8wrToD1vvg4=
-github.com/neicnordic/crypt4gh v1.7.3 h1:GUuutiuZjbAR+Ci4O5RTJBUMJXxncf+UHoE1W6FR5uk=
-github.com/neicnordic/crypt4gh v1.7.3/go.mod h1:F6uTrg2YajFj2nyz1Kbdy2GQFqMstCmE85Q/iQCBH7E=
-github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
-github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/neicnordic/crypt4gh v1.7.4 h1:ESa4uB0a+RJIIlz3XqUzQiviu8cJtmclU0IGvoX/HOc=
+github.com/neicnordic/crypt4gh v1.7.4/go.mod h1:1JZn346TxQFXzdbuEHQSzGOie05HNK4PrUB3l8PRO/w=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
+github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
+github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/ory/dockertest/v3 v3.9.1 h1:v4dkG+dlu76goxMiTT2j8zV7s4oPPEppKT8K8p2f1kY=
+github.com/ory/dockertest/v3 v3.9.1/go.mod h1:42Ir9hmvaAPm0Mgibk6mBPi7SFvTXxEcnztDYOJ//uM=
+github.com/pelletier/go-toml/v2 v2.0.7 h1:muncTPStnKRos5dpVKULv2FVd4bMOhNePj9CjgDb8Us=
+github.com/pelletier/go-toml/v2 v2.0.7/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
@@ -189,8 +276,8 @@ github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500/go.mod h1:+n
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
-github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
+github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
@@ -207,6 +294,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
@@ -215,6 +303,10 @@ github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -236,6 +328,9 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
+golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -243,9 +338,10 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
 golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -282,6 +378,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -317,7 +416,10 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -338,6 +440,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -373,20 +477,26 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -397,6 +507,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -441,6 +553,7 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
@@ -449,11 +562,13 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -546,6 +661,9 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -560,6 +678,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -568,5 +687,6 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From 1112f6c8d21c22b4fd9d079a167058bbd5c6bae5 Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 13:38:06 +0200
Subject: [PATCH 22/27] Remove unused variable from `getUserFromToken`

---
 cmd/api/api.go      | 4 ++--
 cmd/api/api_test.go | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/cmd/api/api.go b/cmd/api/api.go
index 58f29809..565e0338 100644
--- a/cmd/api/api.go
+++ b/cmd/api/api.go
@@ -158,7 +158,7 @@ func getFiles(c *gin.Context) {
 	log.Debugf("request files in project")
 	c.Writer.Header().Set("Content-Type", "application/json")
 	// Get user ID to extract all files
-	userID, err := getUserFromToken(c.Writer, c.Request)
+	userID, err := getUserFromToken(c.Request)
 	if err != nil {
 		// something went wrong with user token
 		c.JSON(500, err.Error())
@@ -179,7 +179,7 @@ func getFiles(c *gin.Context) {
 }
 
 // getUserFromToken parses the token, validates it against the key and returns the key
-func getUserFromToken(w http.ResponseWriter, r *http.Request) (string, error) {
+func getUserFromToken(r *http.Request) (string, error) {
 	// Check that a token is provided
 	tokenStr, err := getToken(r.Header.Get("Authorization"))
 	if err != nil {
diff --git a/cmd/api/api_test.go b/cmd/api/api_test.go
index ca0908d7..7f6e6c0e 100644
--- a/cmd/api/api_test.go
+++ b/cmd/api/api_test.go
@@ -247,7 +247,6 @@ func (suite *TestSuite) TestGetUserFromToken() {
 		log.Fatalf("error in GetJwtKey: %v", err)
 	}
 
-	var w http.ResponseWriter
 	url := "localhost:8080/files"
 	method := "GET"
 	r, err := http.NewRequest(method, url, nil)
@@ -264,14 +263,14 @@ func (suite *TestSuite) TestGetUserFromToken() {
 	}
 	r.Header.Add("Authorization", "Bearer "+token)
 
-	user, err := getUserFromToken(w, r)
+	user, err := getUserFromToken(r)
 	assert.NoError(suite.T(), err)
 	assert.Equal(suite.T(), "requester@demo.org", user)
 
 	// Token without authorization header
 	r.Header.Del("Authorization")
 
-	user, err = getUserFromToken(w, r)
+	user, err = getUserFromToken(r)
 	assert.EqualError(suite.T(), err, "could not get token from header: access token must be provided")
 	assert.Equal(suite.T(), "", user)
 
@@ -282,7 +281,7 @@ func (suite *TestSuite) TestGetUserFromToken() {
 	}
 	r.Header.Add("Authorization", "Bearer "+token)
 
-	user, err = getUserFromToken(w, r)
+	user, err = getUserFromToken(r)
 	assert.EqualError(suite.T(), err, "failed to get issuer from token (<nil>)")
 	assert.Equal(suite.T(), "", user)
 

From b3d17f4e7c00369f3307b69727ee703dcefb13ef Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 13:40:17 +0200
Subject: [PATCH 23/27] Remove unused variable from `CreateRSAToken`

---
 cmd/api/api_test.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/api/api_test.go b/cmd/api/api_test.go
index 7f6e6c0e..cb73d6f8 100644
--- a/cmd/api/api_test.go
+++ b/cmd/api/api_test.go
@@ -183,7 +183,7 @@ func CreateRSAkeys(keyPath string, keyName string) error {
 }
 
 // CreateRSAToken creates an RSA token
-func CreateRSAToken(privateKey *rsa.PrivateKey, headerAlg, headerType string, tokenClaims map[string]interface{}) (string, error) {
+func CreateRSAToken(privateKey *rsa.PrivateKey, headerAlg string, tokenClaims map[string]interface{}) (string, error) {
 	var tok jwt.Token
 	tok, err := jwt.NewBuilder().Issuer(fmt.Sprintf("%v", tokenClaims["iss"])).Build()
 	if err != nil {
@@ -197,7 +197,7 @@ func CreateRSAToken(privateKey *rsa.PrivateKey, headerAlg, headerType string, to
 		}
 	}
 
-	serialized, err := jwt.Sign(tok, jwt.WithKey(jwa.RS256, privateKey))
+	serialized, err := jwt.Sign(tok, jwt.WithKey(jwa.SignatureAlgorithm(headerAlg), privateKey))
 	if err != nil {
 		return "no-token", err
 	}
@@ -257,7 +257,7 @@ func (suite *TestSuite) TestGetUserFromToken() {
 	}
 
 	// Functional token
-	token, err := CreateRSAToken(suite.PrivateKey, "RS256", "JWT", CorrectToken)
+	token, err := CreateRSAToken(suite.PrivateKey, "RS256", CorrectToken)
 	if err != nil {
 		log.Fatalf("error in createToken: %v", err)
 	}
@@ -275,7 +275,7 @@ func (suite *TestSuite) TestGetUserFromToken() {
 	assert.Equal(suite.T(), "", user)
 
 	// Token without issuer
-	token, err = CreateRSAToken(suite.PrivateKey, "RS256", "JWT", NoIssuer)
+	token, err = CreateRSAToken(suite.PrivateKey, "RS256", NoIssuer)
 	if err != nil {
 		log.Fatalf("error: %v", err)
 	}

From e46bce5dd98c115ae24b20f5f65011a77ce3121c Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 14:14:48 +0200
Subject: [PATCH 24/27] Make script run at a proper time

---
 .../setup/common/{23_create_jwt.sh => 09_create_jwt.sh}           | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/integration/setup/common/{23_create_jwt.sh => 09_create_jwt.sh} (100%)

diff --git a/.github/integration/setup/common/23_create_jwt.sh b/.github/integration/setup/common/09_create_jwt.sh
similarity index 100%
rename from .github/integration/setup/common/23_create_jwt.sh
rename to .github/integration/setup/common/09_create_jwt.sh

From 5136c88d647be1a19f20a48532d5008efa6726e5 Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 14:53:18 +0200
Subject: [PATCH 25/27] Put public keys in a separate folder

---
 .github/integration/setup/common/09_create_jwt.sh | 4 ++--
 dev_utils/compose-sda.yml                         | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/integration/setup/common/09_create_jwt.sh b/.github/integration/setup/common/09_create_jwt.sh
index 99ea436e..6508501a 100644
--- a/.github/integration/setup/common/09_create_jwt.sh
+++ b/.github/integration/setup/common/09_create_jwt.sh
@@ -2,11 +2,11 @@
 
 # Create RSA keys
 cd dev_utils || exit 1
-mkdir -p keys || exit 1
+mkdir -p keys/pub || exit 1
 cd keys || exit 1
 
 ssh-keygen -t rsa -b 4096 -m PEM -f example.demo.pem -q -N ""
-openssl rsa -in example.demo.pem -pubout -outform PEM -out example.demo.pub
+openssl rsa -in example.demo.pem -pubout -outform PEM -out pub/example.demo.pub
 
 # Shared content to use as template
 header_template='{
diff --git a/dev_utils/compose-sda.yml b/dev_utils/compose-sda.yml
index 12dae7fe..a426f8a9 100644
--- a/dev_utils/compose-sda.yml
+++ b/dev_utils/compose-sda.yml
@@ -258,7 +258,7 @@ services:
       - ./config.yaml:/config.yaml
       - ./:/dev_utils/
       - certs:/dev_utils/certs
-      - ./keys:/keys
+      - ./keys/pub:/keys
 
   sftp-server:
     build:

From a48bdec76f6911270d5d39bb50324a53ad4cc3b3 Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Mon, 17 Apr 2023 15:18:00 +0200
Subject: [PATCH 26/27] Don't expose token in logs

---
 cmd/api/api.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/api/api.go b/cmd/api/api.go
index 565e0338..4ad69886 100644
--- a/cmd/api/api.go
+++ b/cmd/api/api.go
@@ -212,12 +212,12 @@ func getUserFromToken(r *http.Request) (string, error) {
 
 	verifiedToken, err := jwt.Parse([]byte(tokenStr), jwt.WithKey(jwa.RS256, key))
 	if err != nil {
-		log.Debugf("failed to verify token as RS256 signature of token %s, %s", tokenStr, err)
+		log.Debugf("failed to verify token as RS256 signature of token %s", err)
 		verifiedToken, err = jwt.Parse([]byte(tokenStr), jwt.WithKey(jwa.ES256, key))
 		if err != nil {
-			log.Errorf("failed to verify token as ES256 signature of token %s, %s", tokenStr, err)
+			log.Errorf("failed to verify token as ES256 signature of token %s", err)
 
-			return "", fmt.Errorf("failed to verify token as RSA256 or ES256 signature of token %s, %s", tokenStr, err)
+			return "", fmt.Errorf("failed to verify token as RSA256 or ES256 signature of token %s", err)
 		}
 	}
 

From 58e99fb8032700dfec46515c5b9abc96713b1475 Mon Sep 17 00:00:00 2001
From: Joakim Bygdell <joakim.bygdell@nbis.se>
Date: Tue, 18 Apr 2023 09:27:12 +0200
Subject: [PATCH 27/27] Fail test if API returns bad value

---
 .github/integration/tests/common/30_ingest_test.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/integration/tests/common/30_ingest_test.sh b/.github/integration/tests/common/30_ingest_test.sh
index 36ccf739..52173d8b 100644
--- a/.github/integration/tests/common/30_ingest_test.sh
+++ b/.github/integration/tests/common/30_ingest_test.sh
@@ -340,11 +340,6 @@ for file in dummy_data.c4gh largefile.c4gh; do
 		fi
 	done
 
-	# Test the API files endpoint
-	token="$(cat keys/token.jwt)"
-	response="$(curl --location "localhost:8080/files" --header "Authorization: Bearer $token")"
-	echo "$response"
-
 	RETRY_TIMES=0
 	decryptedsizedb=''
 
@@ -412,3 +407,11 @@ docker run --rm --name client --network dev_utils_default -v "$PWD/certs:/certs"
 	-e PGSSLCERT=/certs/client.pem -e PGSSLKEY=/certs/client-key.pem -e PGSSLROOTCERT=/certs/ca.pem \
 	neicnordic/pg-client:latest postgresql://postgres:rootpassword@db:5432/lega \
 	-t -c "SELECT id, status, stable_id, archive_path FROM local_ega.files ORDER BY id DESC"
+
+# Test the API files endpoint
+token="$(cat keys/token.jwt)"
+response="$(curl -k -L "https://localhost:8080/files" -H "Authorization: Bearer $token" | jq -r 'sort_by(.inboxPath)|.[-1].fileStatus')"
+if [ "$response" != "ready" ]; then
+	echo "API returned incorrect value, expected ready got: $response"
+	exit 1
+fi