lib/server/ip_test.go

package server

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/gin-gonic/gin"

	"warpbox/lib/config"
)

func TestClientIPDirectClient(t *testing.T) {
	app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
	ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
	ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
	ctx.Request.RemoteAddr = "198.51.100.10:1234"
	ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.4")
	if got := app.clientIP(ctx); got != "198.51.100.10" {
		t.Fatalf("expected direct remote IP, got %q", got)
	}
}

func TestClientIPTrustedProxyChain(t *testing.T) {
	app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
	ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
	ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
	ctx.Request.RemoteAddr = "10.1.2.3:8080"
	ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.44, 10.0.0.5")
	if got := app.clientIP(ctx); got != "203.0.113.44" {
		t.Fatalf("expected forwarded public client IP, got %q", got)
	}
}

func TestClientIPSpoofedHeaderFromUntrustedRemote(t *testing.T) {
	app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
	ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
	ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
	ctx.Request.RemoteAddr = "203.0.113.200:8080"
	ctx.Request.Header.Set("X-Forwarded-For", "198.51.100.55")
	if got := app.clientIP(ctx); got != "203.0.113.200" {
		t.Fatalf("expected untrusted remote IP, got %q", got)
	}
}
feat/security Reviewed-on: https://tea.chunkbyte.com/kato/warpbox/pulls/2 2026-05-04 00:00:36 +03:00			`package server`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

			`"github.com/gin-gonic/gin"`

			`"warpbox/lib/config"`
			`)`

			`func TestClientIPDirectClient(t *testing.T) {`
			`app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}`
			`ctx, _ := gin.CreateTestContext(httptest.NewRecorder())`
			`ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)`
			`ctx.Request.RemoteAddr = "198.51.100.10:1234"`
			`ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.4")`
			`if got := app.clientIP(ctx); got != "198.51.100.10" {`
			`t.Fatalf("expected direct remote IP, got %q", got)`
			`}`
			`}`

			`func TestClientIPTrustedProxyChain(t *testing.T) {`
			`app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}`
			`ctx, _ := gin.CreateTestContext(httptest.NewRecorder())`
			`ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)`
			`ctx.Request.RemoteAddr = "10.1.2.3:8080"`
			`ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.44, 10.0.0.5")`
			`if got := app.clientIP(ctx); got != "203.0.113.44" {`
			`t.Fatalf("expected forwarded public client IP, got %q", got)`
			`}`
			`}`

			`func TestClientIPSpoofedHeaderFromUntrustedRemote(t *testing.T) {`
			`app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}`
			`ctx, _ := gin.CreateTestContext(httptest.NewRecorder())`
			`ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)`
			`ctx.Request.RemoteAddr = "203.0.113.200:8080"`
			`ctx.Request.Header.Set("X-Forwarded-For", "198.51.100.55")`
			`if got := app.clientIP(ctx); got != "203.0.113.200" {`
			`t.Fatalf("expected untrusted remote IP, got %q", got)`
			`}`
			`}`