lib/security/guard_test.go

package security

import (
	"path/filepath"
	"testing"
	"time"
)

func TestGuardWhitelistSupportsIPAndCIDR(t *testing.T) {
	g := NewGuard()
	if err := g.Reload(Config{IPWhitelist: "203.0.113.10,10.0.0.0/8", AdminIPWhitelist: "192.168.1.0/24"}); err != nil {
		t.Fatalf("Reload returned error: %v", err)
	}
	if !g.IsWhitelisted("203.0.113.10") || !g.IsWhitelisted("10.2.3.4") {
		t.Fatal("expected IP and CIDR entries to match")
	}
	if !g.IsAdminWhitelisted("192.168.1.5") {
		t.Fatal("expected admin CIDR whitelist match")
	}
}

func TestGuardBanPersistenceAcrossRestart(t *testing.T) {
	dir := filepath.Join(t.TempDir(), "bans.badger")
	g1 := NewGuard()
	if err := g1.EnableBanPersistence(dir); err != nil {
		t.Fatalf("EnableBanPersistence returned error: %v", err)
	}
	g1.Ban("198.51.100.4", 3600)
	if err := g1.Close(); err != nil {
		t.Fatalf("Close returned error: %v", err)
	}

	g2 := NewGuard()
	if err := g2.EnableBanPersistence(dir); err != nil {
		t.Fatalf("EnableBanPersistence returned error: %v", err)
	}
	defer g2.Close()
	if !g2.IsBanned("198.51.100.4") {
		t.Fatal("expected ban to persist across guard restart")
	}
}

func TestGuardBanListPrunesExpired(t *testing.T) {
	g := NewGuard()
	g.BanUntil("198.51.100.7", time.Now().UTC().Add(-time.Minute))
	if g.IsBanned("198.51.100.7") {
		t.Fatal("expected expired ban to be treated as inactive")
	}
	if len(g.BanList()) != 0 {
		t.Fatal("expected BanList to prune expired entries")
	}
}
feat/security Reviewed-on: https://tea.chunkbyte.com/kato/warpbox/pulls/2 2026-05-04 00:00:36 +03:00			`package security`

			`import (`
			`"path/filepath"`
			`"testing"`
			`"time"`
			`)`

			`func TestGuardWhitelistSupportsIPAndCIDR(t *testing.T) {`
			`g := NewGuard()`
			`if err := g.Reload(Config{IPWhitelist: "203.0.113.10,10.0.0.0/8", AdminIPWhitelist: "192.168.1.0/24"}); err != nil {`
			`t.Fatalf("Reload returned error: %v", err)`
			`}`
			`if !g.IsWhitelisted("203.0.113.10") \|\| !g.IsWhitelisted("10.2.3.4") {`
			`t.Fatal("expected IP and CIDR entries to match")`
			`}`
			`if !g.IsAdminWhitelisted("192.168.1.5") {`
			`t.Fatal("expected admin CIDR whitelist match")`
			`}`
			`}`

			`func TestGuardBanPersistenceAcrossRestart(t *testing.T) {`
			`dir := filepath.Join(t.TempDir(), "bans.badger")`
			`g1 := NewGuard()`
			`if err := g1.EnableBanPersistence(dir); err != nil {`
			`t.Fatalf("EnableBanPersistence returned error: %v", err)`
			`}`
			`g1.Ban("198.51.100.4", 3600)`
			`if err := g1.Close(); err != nil {`
			`t.Fatalf("Close returned error: %v", err)`
			`}`

			`g2 := NewGuard()`
			`if err := g2.EnableBanPersistence(dir); err != nil {`
			`t.Fatalf("EnableBanPersistence returned error: %v", err)`
			`}`
			`defer g2.Close()`
			`if !g2.IsBanned("198.51.100.4") {`
			`t.Fatal("expected ban to persist across guard restart")`
			`}`
			`}`

			`func TestGuardBanListPrunesExpired(t *testing.T) {`
			`g := NewGuard()`
			`g.BanUntil("198.51.100.7", time.Now().UTC().Add(-time.Minute))`
			`if g.IsBanned("198.51.100.7") {`
			`t.Fatal("expected expired ban to be treated as inactive")`
			`}`
			`if len(g.BanList()) != 0 {`
			`t.Fatal("expected BanList to prune expired entries")`
			`}`
			`}`