| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 |
- package model
- import (
- "encoding/hex"
- "encoding/json"
- "strings"
- "testing"
- )
- func TestGenerateFakeTLSSecret(t *testing.T) {
- domain := "www.cloudflare.com"
- s := GenerateFakeTLSSecret(domain)
- if !strings.HasPrefix(s, "ee") {
- t.Fatalf("secret must start with ee, got %q", s)
- }
- wantSuffix := hex.EncodeToString([]byte(domain))
- if !strings.HasSuffix(s, wantSuffix) {
- t.Fatalf("secret must end with hex(domain) %q, got %q", wantSuffix, s)
- }
- if len(s) != 2+32+len(wantSuffix) {
- t.Fatalf("unexpected secret length %d", len(s))
- }
- if _, err := hex.DecodeString(s[2:34]); err != nil {
- t.Fatalf("middle is not valid hex: %v", err)
- }
- }
- func TestHealMtprotoSecret(t *testing.T) {
- domain := "example.com"
- suffix := hex.EncodeToString([]byte(domain))
- in := `{"fakeTlsDomain":"example.com","secret":""}`
- out, changed := HealMtprotoSecret(in)
- if !changed {
- t.Fatal("expected heal to populate an empty secret")
- }
- var parsed map[string]any
- if err := json.Unmarshal([]byte(out), &parsed); err != nil {
- t.Fatalf("healed settings not valid json: %v", err)
- }
- got, _ := parsed["secret"].(string)
- if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, suffix) {
- t.Fatalf("healed secret malformed: %q", got)
- }
- if _, changed2 := HealMtprotoSecret(out); changed2 {
- t.Fatal("expected no change for an already-valid secret")
- }
- mid := got[2:34]
- newDomain := "telegram.org"
- in3 := `{"fakeTlsDomain":"telegram.org","secret":"` + got + `"}`
- out3, changed3 := HealMtprotoSecret(in3)
- if !changed3 {
- t.Fatal("expected heal to rewrite the domain suffix")
- }
- if err := json.Unmarshal([]byte(out3), &parsed); err != nil {
- t.Fatalf("healed settings not valid json: %v", err)
- }
- got3, _ := parsed["secret"].(string)
- if got3[2:34] != mid {
- t.Fatalf("random middle should be preserved on domain change: %q vs %q", got3[2:34], mid)
- }
- if !strings.HasSuffix(got3, hex.EncodeToString([]byte(newDomain))) {
- t.Fatalf("suffix not updated for new domain: %q", got3)
- }
- if _, changed4 := HealMtprotoSecret(`{"secret":"ee"}`); changed4 {
- t.Fatal("expected no change when fakeTlsDomain is missing")
- }
- }
- func TestHealMtprotoClientSecrets(t *testing.T) {
- // An empty client secret is filled from the inbound-level default domain.
- in := `{"fakeTlsDomain":"a.com","clients":[{"email":"x","secret":""}]}`
- out, changed := HealMtprotoClientSecrets(in)
- if !changed {
- t.Fatal("expected an empty client secret to be filled")
- }
- var parsed map[string]any
- if err := json.Unmarshal([]byte(out), &parsed); err != nil {
- t.Fatalf("healed settings not valid json: %v", err)
- }
- clients := parsed["clients"].([]any)
- got := clients[0].(map[string]any)["secret"].(string)
- if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, hex.EncodeToString([]byte("a.com"))) {
- t.Fatalf("filled client secret malformed: %q", got)
- }
- // Healing is idempotent once every client secret is valid.
- if _, changed2 := HealMtprotoClientSecrets(out); changed2 {
- t.Fatal("expected no change for already-valid client secrets")
- }
- // A client's own embedded domain is preserved even when it differs from the
- // inbound-level default (per-client domain fronting).
- own := "ee00112233445566778899aabbccddeeff" + hex.EncodeToString([]byte("b.com"))
- in3 := `{"fakeTlsDomain":"a.com","clients":[{"email":"y","secret":"` + own + `"}]}`
- out3, changed3 := HealMtprotoClientSecrets(in3)
- if changed3 {
- t.Fatalf("a valid per-client secret must be left untouched, got %q", out3)
- }
- // No clients array — nothing to heal.
- if _, changed4 := HealMtprotoClientSecrets(`{"fakeTlsDomain":"a.com"}`); changed4 {
- t.Fatal("expected no change when there are no clients")
- }
- }
|