✨ Added a [encoding] module to help encoding/decoding strings (#643)

<!--
Copyright (C) 2020-2022 Arm Limited or its affiliates and Contributors.
All rights reserved.
SPDX-License-Identifier: Apache-2.0
-->
### Description

- Added helpers for performing base64 encoding


### Test Coverage

<!--
Please put an `x` in the correct box e.g. `[x]` to indicate the testing
coverage of this change.
-->

- [x]  This change is covered by existing or additional automated tests.
- [ ] Manual testing has been performed (and evidence provided) as
automated testing was not feasible.
- [ ] Additional tests are not required for this change (e.g.
documentation update).

Author: acabarbaye

.secrets.baseline

@@ -272,5 +272,5 @@
       }
     ]
   },
-  "generated_at": "2025-06-27T16:00:59Z"
+  "generated_at": "2025-07-09T20:27:15Z"
 }

changes/20250709190241.feature

@@ -0,0 +1 @@
+:sparkles: Added a `[encoding]` module to help encode/decode strings

utils/encoding/base64/decode.go

@@ -0,0 +1,118 @@
+package base64
+
+import (
+	"context"
+	"encoding/base64"
+	"strings"
+
+	"github.com/go-ozzo/ozzo-validation/v4/is"
+
+	"github.com/ARM-software/golang-utils/utils/commonerrors"
+	"github.com/ARM-software/golang-utils/utils/parallelisation"
+	"github.com/ARM-software/golang-utils/utils/reflection"
+)
+
+// DecodeString decodes a base64 encoded string. An error is raised if decoding fails.
+func DecodeString(ctx context.Context, s string) (decoded string, err error) {
+	if reflection.IsEmpty(s) {
+		err = commonerrors.New(commonerrors.ErrEmpty, "the string is empty")
+		return
+	}
+	err = parallelisation.DetermineContextError(ctx)
+	if err != nil {
+		return
+	}
+	data, err := base64.URLEncoding.DecodeString(s)
+	if err == nil {
+		decoded = string(data)
+		return
+	}
+	err = parallelisation.DetermineContextError(ctx)
+	if err != nil {
+		return
+	}
+	data, err = base64.RawURLEncoding.DecodeString(s)
+	if err == nil {
+		decoded = string(data)
+		return
+	}
+	err = parallelisation.DetermineContextError(ctx)
+	if err != nil {
+		return
+	}
+	data, err = base64.StdEncoding.DecodeString(s)
+	if err == nil {
+		decoded = string(data)
+		return
+	}
+	err = parallelisation.DetermineContextError(ctx)
+	if err != nil {
+		return
+	}
+	data, err = base64.RawStdEncoding.DecodeString(s)
+	if err == nil {
+		decoded = string(data)
+	} else {
+		trimmed := strings.TrimSuffix(strings.TrimSuffix(s, "="), "=")
+		if trimmed == s || strings.HasSuffix(trimmed, "=") {
+			err = commonerrors.WrapError(commonerrors.ErrMarshalling, err, "failed to decode base64 string")
+		} else {
+			decoded, err = DecodeString(ctx, trimmed)
+		}
+	}
+	return
+}
+
+// DecodeIfEncoded will attempt to decode any string if they are base64 encoded. If not, the string will be returned as is.
+// If the string is base64 encoded but the decoding fails, the original string will be returned.
+func DecodeIfEncoded(ctx context.Context, s string) (decoded string) {
+	decoded = s
+	if IsEncoded(s) {
+		d, err := DecodeString(ctx, s)
+		if err == nil {
+			decoded = d
+		}
+	}
+	return
+}
+
+// DecodeRecursively will attempt to decode any string until they are no longer base64 encoded.
+func DecodeRecursively(ctx context.Context, s string) (decoded string) {
+	decoded = s
+	for {
+		tmp := DecodeIfEncoded(ctx, decoded)
+		if decoded == tmp {
+			return
+		}
+		decoded = tmp
+	}
+}
+
+// IsEncoded checks whether a string is encoded or not.
+func IsEncoded(s string) bool {
+	if reflection.IsEmpty(s) {
+		return false
+	}
+	if is.Base64.Validate(s) == nil {
+		return true
+	}
+	_, err := DecodeString(context.Background(), s)
+	if err == nil {
+		return true
+	}
+	trimmed := strings.TrimSuffix(strings.TrimSuffix(s, "="), "=")
+	if trimmed == s || strings.HasSuffix(trimmed, "=") {
+		return false
+	} else {
+		return IsEncoded(trimmed)
+	}
+
+}
+
+func EncodeString(s string) string {
+	return Encode([]byte(s))
+}
+
+func Encode(b []byte) string {
+	return base64.StdEncoding.EncodeToString(b)
+}

utils/encoding/base64/decode_test.go

@@ -0,0 +1,121 @@
+package base64
+
+import (
+	"context"
+	"encoding/base64"
+	"testing"
+
+	"github.com/go-faker/faker/v4"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ARM-software/golang-utils/utils/commonerrors"
+	"github.com/ARM-software/golang-utils/utils/commonerrors/errortest"
+)
+
+func TestIsBase64Encoded(t *testing.T) {
+	random := faker.Sentence()
+	base641 := base64.RawURLEncoding.EncodeToString([]byte(random))
+	base642 := base64.RawStdEncoding.EncodeToString([]byte(random))
+	base643 := base64.URLEncoding.EncodeToString([]byte(random))
+	base644 := base64.StdEncoding.EncodeToString([]byte(random))
+	tests := []struct {
+		input    string
+		expected bool
+	}{
+		{"U29tZSBkYXRh", true},     // "Some data"
+		{"SGVsbG8gd29ybGQ=", true}, // "Hello world"
+		{"U29tZSBkYXRh===", false},
+		{"", false},                    // Empty string
+		{"NotBase64", false},           // Plain text
+		{"!@#$%^&*", false},            // Non-Base64 characters
+		{"U29tZSBkYXRh\n", true},       // Line break
+		{"V2l0aCB3aGl0ZXNwYWNl", true}, // "With whitespace" (valid if stripped)
+		{base641, true},
+		{base642, true},
+		{base643, true},
+		{base644, true},
+		{"U29tZSBkYXRh=", true},
+		{"U29tZSBkYXRh==", true},
+	}
+
+	for i := range tests {
+		test := tests[i]
+		t.Run(test.input, func(t *testing.T) {
+			if test.expected {
+				assert.True(t, IsEncoded(test.input))
+			} else {
+				assert.False(t, IsEncoded(test.input))
+			}
+		})
+	}
+}
+
+func TestDecodeIfBase64(t *testing.T) {
+	random := faker.Sentence()
+	base641 := base64.RawURLEncoding.EncodeToString([]byte(random))
+	base642 := base64.RawStdEncoding.EncodeToString([]byte(random))
+	base643 := base64.URLEncoding.EncodeToString([]byte(random))
+	base644 := base64.StdEncoding.EncodeToString([]byte(random))
+
+	tests := []struct {
+		input    string
+		expected string
+		errors   bool
+	}{
+		{input: "U29tZSBkYXRh", expected: "Some data"},
+		{input: "SGVsbG8gd29ybGQ=", expected: "Hello world"},
+		{input: "VGVzdCBzdHJpbmc=", expected: "Test string"},
+		{input: "MTIzNDU2", expected: "123456"},
+		{input: base641, expected: random},
+		{input: base642, expected: random},
+		{input: base643, expected: random},
+		{input: base644, expected: random},
+
+		{input: "NotBase64", expected: "NotBase64", errors: true},
+		{input: "Invalid===", expected: "Invalid===", errors: true},
+		{input: "", expected: "", errors: true},
+		{input: "!@#$%^&*", expected: "!@#$%^&*", errors: true},
+
+		{input: "U29tZSBkYXRh\n", expected: "Some data"}, // newline is not part of valid base64
+		{input: "U29tZSBkYXRh=", expected: "Some data"},  // valid with single padding
+		{input: "U29tZSBkYXRh==", expected: "Some data"}, // valid with double padding
+	}
+
+	for i := range tests {
+		test := tests[i]
+		t.Run(test.input, func(t *testing.T) {
+			result, err := DecodeString(context.Background(), test.input)
+			assert.Equal(t, test.expected, DecodeIfEncoded(context.Background(), test.input))
+			if test.errors {
+				errortest.AssertError(t, err, commonerrors.ErrMarshalling, commonerrors.ErrInvalid, commonerrors.ErrEmpty)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, test.expected, result)
+			}
+		})
+	}
+
+	t.Run("cancellation", func(t *testing.T) {
+		ctx, cancel := context.WithCancel(context.Background())
+		cancel()
+		_, err := DecodeString(ctx, random)
+		errortest.AssertError(t, err, commonerrors.ErrCancelled)
+		assert.Equal(t, random, DecodeIfEncoded(ctx, random))
+
+	})
+}
+
+func TestDecodeRecursively(t *testing.T) {
+	randomText := faker.Paragraph()
+	random, err := faker.RandomInt(1, 10, 1)
+	require.NoError(t, err)
+
+	encodedText := randomText
+	for i := 0; i < random[0]; i++ {
+		encodedText = EncodeString(encodedText)
+	}
+
+	assert.NotEqual(t, randomText, encodedText)
+	assert.Equal(t, randomText, DecodeRecursively(context.Background(), encodedText))
+}

utils/http/headers/headers.go

@@ -1,7 +1,7 @@
 package headers
 
 import (
-	"encoding/base64"
+	"context"
 	"fmt"
 	"net/http"
 	"strings"
@@ -10,6 +10,7 @@ import (
 
 	"github.com/ARM-software/golang-utils/utils/collection"
 	"github.com/ARM-software/golang-utils/utils/commonerrors"
+	"github.com/ARM-software/golang-utils/utils/encoding/base64"
 	"github.com/ARM-software/golang-utils/utils/http/headers/useragent"
 	"github.com/ARM-software/golang-utils/utils/http/schemes"
 	"github.com/ARM-software/golang-utils/utils/reflection"
@@ -259,7 +260,7 @@ func FetchWebsocketAuthorisation(r *http.Request) (authorisationHeader string) {
 	if found {
 		if i < len(subProtocols)-1 {
 			authorisationHeader = subProtocols[i+1]
-			if decoded, err := decodeBase64Token(authorisationHeader); err == nil {
+			if decoded, err := base64.DecodeString(context.Background(), authorisationHeader); err == nil {
 				authorisationHeader = decoded
 			}
 			_ = SetAuthorisationIfNotPresent(r, authorisationHeader)
@@ -272,7 +273,7 @@ func FetchWebsocketAuthorisation(r *http.Request) (authorisationHeader string) {
 		for j := range subProtocols {
 			token := strings.TrimPrefix(subProtocols[j], "base64url.bearer.authorization.k8s.io.")
 			if token != subProtocols[j] {
-				data, err := decodeBase64Token(token)
+				data, err := base64.DecodeString(context.Background(), token)
 				if err == nil {
 					authorisationHeader = data
 					_ = SetAuthorisationIfNotPresent(r, authorisationHeader)
@@ -285,29 +286,6 @@ func FetchWebsocketAuthorisation(r *http.Request) (authorisationHeader string) {
 	return
 }
 
-func decodeBase64Token(token string) (decoded string, err error) {
-	data, err := base64.URLEncoding.DecodeString(token)
-	if err == nil {
-		decoded = string(data)
-		return
-	}
-	data, err = base64.RawURLEncoding.DecodeString(token)
-	if err == nil {
-		decoded = string(data)
-		return
-	}
-	data, err = base64.StdEncoding.DecodeString(token)
-	if err == nil {
-		decoded = string(data)
-		return
-	}
-	data, err = base64.RawStdEncoding.DecodeString(token)
-	if err == nil {
-		decoded = string(data)
-	}
-	return
-}
-
 // SetAuthorisationIfNotPresent sets the value of the `Authorization` header if not already set.
 func SetAuthorisationIfNotPresent(r *http.Request, authorisation string) (err error) {
 	if strings.TrimSpace(FetchAuthorisation(r)) == "" {

utils/validation/rules.go

@@ -8,10 +8,11 @@ import (
 	"github.com/go-ozzo/ozzo-validation/v4/is"
 
 	"github.com/ARM-software/golang-utils/utils/commonerrors"
+	"github.com/ARM-software/golang-utils/utils/encoding/base64"
 )
 
 // IsPort validates whether a value is a port using is.Port from github.com/go-ozzo/ozzo-validation/v4.
-// However it supports all base go integer types not just strings.
+// However, it supports all base go integer types not just strings.
 var IsPort = validation.By(isPort)
 
 func isPort(vRaw any) (err error) {
@@ -37,3 +38,6 @@ func isPort(vRaw any) (err error) {
 
 	return
 }
+
+// IsBase64 validates whether a value is a base64 encoded string. It is similar to is.Base64 but more generic and robust although less performant.
+var IsBase64 = validation.NewStringRuleWithError(base64.IsEncoded, is.ErrBase64)

utils/validation/rules_test.go

@@ -1,9 +1,14 @@
 package validation
 
 import (
+	"encoding/base64"
 	"testing"
 
+	"github.com/go-faker/faker/v4"
+	validation "github.com/go-ozzo/ozzo-validation/v4"
+	"github.com/go-ozzo/ozzo-validation/v4/is"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/ARM-software/golang-utils/utils/commonerrors"
 	"github.com/ARM-software/golang-utils/utils/commonerrors/errortest"
@@ -53,3 +58,42 @@ func TestCastingToInt(t *testing.T) {
 		})
 	}
 }
+
+func TestIsBase64Encoded(t *testing.T) {
+	random := faker.Sentence()
+	base641 := base64.RawURLEncoding.EncodeToString([]byte(random))
+	base642 := base64.RawStdEncoding.EncodeToString([]byte(random))
+	base643 := base64.URLEncoding.EncodeToString([]byte(random))
+	base644 := base64.StdEncoding.EncodeToString([]byte(random))
+	tests := []struct {
+		input    string
+		expected bool
+	}{
+		{"U29tZSBkYXRh", true},     // "Some data"
+		{"SGVsbG8gd29ybGQ=", true}, // "Hello world"
+		{"U29tZSBkYXRh===", false},
+		{"", true},                     // Empty string
+		{"NotBase64", false},           // Plain text
+		{"!@#$%^&*", false},            // Non-Base64 characters
+		{"U29tZSBkYXRh\n", true},       // Line break
+		{"V2l0aCB3aGl0ZXNwYWNl", true}, // "With whitespace" (valid if stripped)
+		{base641, true},
+		{base642, true},
+		{base643, true},
+		{base644, true},
+		{"U29tZSBkYXRh=", true},
+		{"U29tZSBkYXRh==", true},
+	}
+
+	for i := range tests {
+		test := tests[i]
+		t.Run(test.input, func(t *testing.T) {
+			err := validation.Validate(test.input, IsBase64)
+			if test.expected {
+				require.NoError(t, err)
+			} else {
+				errortest.AssertErrorDescription(t, err, is.ErrBase64.Error())
+			}
+		})
+	}
+}