ホーム エクスプローラ ヘルプ
サインイン
txlyre
/
3x-ui
同期ミラー https://github.com/MHSanaei/3x-ui
1
0
フォーク 0
ファイル 課題 0 Wiki
ツリー: 37c5e0bfd2
ブランチ タグ
3x-ui
/
internal
/
web
/
runtime
/
remote_mtls_test.go

remote_mtls_test.go 2.2 KB
履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. package runtime
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"net/http"
    6. 

  6. 	"net/http/httptest"
    7. 

  7. 	"net/url"
    8. 

  8. 	"strconv"
    9. 

  9. 	"testing"
    10. 

  10. 

  11. 	"github.com/mhsanaei/3x-ui/v3/internal/database/model"
    12. 

  12. )
    13. 

  13. 

  14. // nodeForPlainServer builds an http (non-TLS) node so do()'s token handling can
    15. 

  15. // be exercised without TLS scaffolding.
    16. 

  16. func nodeForPlainServer(t *testing.T, srv *httptest.Server, mode, token string) *model.Node {
    17. 

  17. 	t.Helper()
    18. 

  18. 	u, err := url.Parse(srv.URL)
    19. 

  19. 	if err != nil {
    20. 

  20. 		t.Fatalf("parse url: %v", err)
    21. 

  21. 	}
    22. 

  22. 	port, err := strconv.Atoi(u.Port())
    23. 

  23. 	if err != nil {
    24. 

  24. 		t.Fatalf("parse port: %v", err)
    25. 

  25. 	}
    26. 

  26. 	return &model.Node{
    27. 

  27. 		Id: 1, Name: "n1", Scheme: "http", Address: u.Hostname(), Port: port,
    28. 

  28. 		BasePath: "/", ApiToken: token, Enable: true, AllowPrivateAddress: true,
    29. 

  29. 		TlsVerifyMode: mode,
    30. 

  30. 	}
    31. 

  31. }
    32. 

  32. 

  33. // TestRemoteDo_MTLSNodeNoBearer asserts that an mtls node with no API token
    34. 

  34. // sends its request with NO Authorization header and does not trip the
    35. 

  35. // empty-token precondition; while a non-mtls node with no token still errors.
    36. 

  36. func TestRemoteDo_MTLSNodeNoBearer(t *testing.T) {
    37. 

  37. 	var reached bool
    38. 

  38. 	var gotAuth string
    39. 

  39. 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    40. 

  40. 		reached = true
    41. 

  41. 		gotAuth = r.Header.Get("Authorization")
    42. 

  42. 		w.Header().Set("Content-Type", "application/json")
    43. 

  43. 		_, _ = w.Write([]byte(`{"success":true}`))
    44. 

  44. 	}))
    45. 

  45. 	defer srv.Close()
    46. 

  46. 

  47. 	t.Run("mtls without token sends no Authorization header", func(t *testing.T) {
    48. 

  48. 		reached, gotAuth = false, "sentinel"
    49. 

  49. 		r := NewRemote(nodeForPlainServer(t, srv, "mtls", ""), nil)
    50. 

  50. 		if _, err := r.do(context.Background(), http.MethodGet, "ping", nil); err != nil {
    51. 

  51. 			t.Fatalf("mtls node with no token must not error on the token precondition: %v", err)
    52. 

  52. 		}
    53. 

  53. 		if !reached {
    54. 

  54. 			t.Fatal("request did not reach the server")
    55. 

  55. 		}
    56. 

  56. 		if gotAuth != "" {
    57. 

  57. 			t.Fatalf("Authorization header = %q, want empty for a tokenless mtls node", gotAuth)
    58. 

  58. 		}
    59. 

  59. 	})
    60. 

  60. 

  61. 	t.Run("non-mtls without token still errors", func(t *testing.T) {
    62. 

  62. 		reached = false
    63. 

  63. 		r := NewRemote(nodeForPlainServer(t, srv, "verify", ""), nil)
    64. 

  64. 		if _, err := r.do(context.Background(), http.MethodGet, "ping", nil); err == nil {
    65. 

  65. 			t.Fatal("non-mtls node with no token must still error")
    66. 

  66. 		}
    67. 

  67. 		if reached {
    68. 

  68. 			t.Fatal("non-mtls tokenless request must not reach the server")
    69. 

  69. 		}
    70. 

  70. 	})
    71. 

  71. }
    72.