package services

import "testing"

func TestClientIPTrustsForwardedHeadersByDefault(t *testing.T) {
	ip := ClientIP("127.0.0.1:6070", "203.0.113.10, 10.0.0.2", "198.51.100.2", nil)
	if ip != "203.0.113.10" {
		t.Fatalf("ClientIP = %q, want forwarded IP", ip)
	}
}

func TestClientIPUsesTrustedProxyCIDRs(t *testing.T) {
	trusted := []string{"127.0.0.1", "172.16.0.0/12"}
	ip := ClientIP("172.20.0.4:6070", "203.0.113.11", "", trusted)
	if ip != "203.0.113.11" {
		t.Fatalf("trusted ClientIP = %q", ip)
	}
	spoofed := ClientIP("198.51.100.20:6070", "203.0.113.12", "203.0.113.13", trusted)
	if spoofed != "198.51.100.20" {
		t.Fatalf("untrusted ClientIP = %q, want remote addr", spoofed)
	}
}

func TestClientIPFallsBackToRealIP(t *testing.T) {
	ip := ClientIP("127.0.0.1:6070", "", "203.0.113.14", nil)
	if ip != "203.0.113.14" {
		t.Fatalf("ClientIP = %q, want real IP", ip)
	}
}