45 lines
1.5 KiB
Go
45 lines
1.5 KiB
Go
package server
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"warpbox/lib/config"
|
|
)
|
|
|
|
func TestClientIPDirectClient(t *testing.T) {
|
|
app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
|
|
ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
|
|
ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
|
|
ctx.Request.RemoteAddr = "198.51.100.10:1234"
|
|
ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.4")
|
|
if got := app.clientIP(ctx); got != "198.51.100.10" {
|
|
t.Fatalf("expected direct remote IP, got %q", got)
|
|
}
|
|
}
|
|
|
|
func TestClientIPTrustedProxyChain(t *testing.T) {
|
|
app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
|
|
ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
|
|
ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
|
|
ctx.Request.RemoteAddr = "10.1.2.3:8080"
|
|
ctx.Request.Header.Set("X-Forwarded-For", "203.0.113.44, 10.0.0.5")
|
|
if got := app.clientIP(ctx); got != "203.0.113.44" {
|
|
t.Fatalf("expected forwarded public client IP, got %q", got)
|
|
}
|
|
}
|
|
|
|
func TestClientIPSpoofedHeaderFromUntrustedRemote(t *testing.T) {
|
|
app := &App{config: &config.Config{TrustedProxyCIDRs: "10.0.0.0/8"}}
|
|
ctx, _ := gin.CreateTestContext(httptest.NewRecorder())
|
|
ctx.Request = httptest.NewRequest(http.MethodGet, "/", nil)
|
|
ctx.Request.RemoteAddr = "203.0.113.200:8080"
|
|
ctx.Request.Header.Set("X-Forwarded-For", "198.51.100.55")
|
|
if got := app.clientIP(ctx); got != "203.0.113.200" {
|
|
t.Fatalf("expected untrusted remote IP, got %q", got)
|
|
}
|
|
}
|