package server

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/gin-gonic/gin"

	"warpbox/lib/config"
)

func TestClientIPDirectClient(t *testing.T) {
	app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
	ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
	ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
	ctx.Request.RemoteAddr = "198.51.100.10:1234"
	ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.4")
	if got := app.clientIP(ctx); got != "198.51.100.10" {
		t.Fatalf("expected direct remote IP, got %q", got)
	}
}

func TestClientIPTrustedProxyChain(t *testing.T) {
	app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
	ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
	ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
	ctx.Request.RemoteAddr = "10.1.2.3:8080"
	ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.44, 10.0.0.5")
	if got := app.clientIP(ctx); got != "203.0.113.44" {
		t.Fatalf("expected forwarded public client IP, got %q", got)
	}
}

func TestClientIPSpoofedHeaderFromUntrustedRemote(t *testing.T) {
	app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
	ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
	ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
	ctx.Request.RemoteAddr = "203.0.113.200:8080"
	ctx.Request.Header.Set("X-Forwarded-For", "198.51.100.55")
	if got := app.clientIP(ctx); got != "203.0.113.200" {
		t.Fatalf("expected untrusted remote IP, got %q", got)
	}
}