model_mtproto_test.go 3.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. package model
  2. import (
  3. "encoding/hex"
  4. "encoding/json"
  5. "strings"
  6. "testing"
  7. )
  8. func TestGenerateFakeTLSSecret(t *testing.T) {
  9. domain := "www.cloudflare.com"
  10. s := GenerateFakeTLSSecret(domain)
  11. if !strings.HasPrefix(s, "ee") {
  12. t.Fatalf("secret must start with ee, got %q", s)
  13. }
  14. wantSuffix := hex.EncodeToString([]byte(domain))
  15. if !strings.HasSuffix(s, wantSuffix) {
  16. t.Fatalf("secret must end with hex(domain) %q, got %q", wantSuffix, s)
  17. }
  18. if len(s) != 2+32+len(wantSuffix) {
  19. t.Fatalf("unexpected secret length %d", len(s))
  20. }
  21. if _, err := hex.DecodeString(s[2:34]); err != nil {
  22. t.Fatalf("middle is not valid hex: %v", err)
  23. }
  24. }
  25. func TestStripMtprotoInboundSecret(t *testing.T) {
  26. // A multi-client inbound that still carries a dead inbound-level secret has
  27. // it removed while the clients (and every other key) survive untouched.
  28. in := `{"fakeTlsDomain":"a.com","secret":"eedeadbeef","clients":[{"email":"x","secret":"eeaaaa"}]}`
  29. out, changed := StripMtprotoInboundSecret(in)
  30. if !changed {
  31. t.Fatal("expected the inbound-level secret to be stripped")
  32. }
  33. var parsed map[string]any
  34. if err := json.Unmarshal([]byte(out), &parsed); err != nil {
  35. t.Fatalf("stripped settings not valid json: %v", err)
  36. }
  37. if _, ok := parsed["secret"]; ok {
  38. t.Fatalf("inbound-level secret should be gone, got %q", out)
  39. }
  40. if parsed["fakeTlsDomain"] != "a.com" {
  41. t.Fatalf("fakeTlsDomain must survive, got %q", out)
  42. }
  43. clients, ok := parsed["clients"].([]any)
  44. if !ok || len(clients) != 1 {
  45. t.Fatalf("clients must survive untouched, got %q", out)
  46. }
  47. if clients[0].(map[string]any)["secret"] != "eeaaaa" {
  48. t.Fatalf("client secret must survive untouched, got %q", out)
  49. }
  50. // Nothing to strip when there is no inbound-level secret.
  51. if _, changed2 := StripMtprotoInboundSecret(out); changed2 {
  52. t.Fatal("expected no change when there is no inbound-level secret")
  53. }
  54. if _, changed3 := StripMtprotoInboundSecret(`{"clients":[]}`); changed3 {
  55. t.Fatal("expected no change for settings without a secret key")
  56. }
  57. }
  58. func TestHealMtprotoClientSecrets(t *testing.T) {
  59. // An empty client secret is filled from the inbound-level default domain.
  60. in := `{"fakeTlsDomain":"a.com","clients":[{"email":"x","secret":""}]}`
  61. out, changed := HealMtprotoClientSecrets(in)
  62. if !changed {
  63. t.Fatal("expected an empty client secret to be filled")
  64. }
  65. var parsed map[string]any
  66. if err := json.Unmarshal([]byte(out), &parsed); err != nil {
  67. t.Fatalf("healed settings not valid json: %v", err)
  68. }
  69. clients := parsed["clients"].([]any)
  70. got := clients[0].(map[string]any)["secret"].(string)
  71. if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, hex.EncodeToString([]byte("a.com"))) {
  72. t.Fatalf("filled client secret malformed: %q", got)
  73. }
  74. // Healing is idempotent once every client secret is valid.
  75. if _, changed2 := HealMtprotoClientSecrets(out); changed2 {
  76. t.Fatal("expected no change for already-valid client secrets")
  77. }
  78. // A client's own embedded domain is preserved even when it differs from the
  79. // inbound-level default (per-client domain fronting).
  80. own := "ee00112233445566778899aabbccddeeff" + hex.EncodeToString([]byte("b.com"))
  81. in3 := `{"fakeTlsDomain":"a.com","clients":[{"email":"y","secret":"` + own + `"}]}`
  82. out3, changed3 := HealMtprotoClientSecrets(in3)
  83. if changed3 {
  84. t.Fatalf("a valid per-client secret must be left untouched, got %q", out3)
  85. }
  86. // No clients array — nothing to heal.
  87. if _, changed4 := HealMtprotoClientSecrets(`{"fakeTlsDomain":"a.com"}`); changed4 {
  88. t.Fatal("expected no change when there are no clients")
  89. }
  90. }