2026-04-04 23:05:18 +00:00
|
|
|
package proxy
|
|
|
|
|
|
|
|
|
|
import (
|
2026-04-04 23:07:43 +00:00
|
|
|
"net"
|
2026-04-04 23:05:18 +00:00
|
|
|
"net/http"
|
2026-04-05 00:21:42 +00:00
|
|
|
"net/http/httptest"
|
2026-04-04 23:07:43 +00:00
|
|
|
"strconv"
|
2026-04-04 23:05:18 +00:00
|
|
|
"testing"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestProxy_allowHTTP_Good(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
Restricted: true,
|
|
|
|
|
AccessToken: "secret",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 03:44:35 +00:00
|
|
|
status, ok := p.AllowMonitoringRequest(&http.Request{
|
2026-04-04 23:05:18 +00:00
|
|
|
Method: http.MethodGet,
|
|
|
|
|
Header: http.Header{
|
|
|
|
|
"Authorization": []string{"Bearer secret"},
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatalf("expected authorised request to pass, got status %d", status)
|
|
|
|
|
}
|
|
|
|
|
if status != http.StatusOK {
|
|
|
|
|
t.Fatalf("expected status %d, got %d", http.StatusOK, status)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestProxy_allowHTTP_Bad(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
Restricted: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 03:44:35 +00:00
|
|
|
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodPost})
|
2026-04-04 23:05:18 +00:00
|
|
|
if ok {
|
|
|
|
|
t.Fatal("expected non-GET request to be rejected")
|
|
|
|
|
}
|
|
|
|
|
if status != http.StatusMethodNotAllowed {
|
|
|
|
|
t.Fatalf("expected status %d, got %d", http.StatusMethodNotAllowed, status)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:51:37 +00:00
|
|
|
func TestProxy_allowHTTP_Unrestricted_Good(t *testing.T) {
|
2026-04-04 23:39:29 +00:00
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 03:44:35 +00:00
|
|
|
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodGet})
|
2026-04-04 23:51:37 +00:00
|
|
|
if !ok {
|
|
|
|
|
t.Fatalf("expected unrestricted request to pass, got status %d", status)
|
2026-04-04 23:39:29 +00:00
|
|
|
}
|
2026-04-04 23:51:37 +00:00
|
|
|
if status != http.StatusOK {
|
|
|
|
|
t.Fatalf("expected status %d, got %d", http.StatusOK, status)
|
2026-04-04 23:39:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 02:43:49 +00:00
|
|
|
func TestProxy_allowHTTP_Unrestricted_Bad(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 03:44:35 +00:00
|
|
|
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodPost})
|
2026-04-05 02:55:36 +00:00
|
|
|
if !ok {
|
|
|
|
|
t.Fatalf("expected unrestricted non-GET request to pass, got status %d", status)
|
2026-04-05 02:43:49 +00:00
|
|
|
}
|
2026-04-05 02:55:36 +00:00
|
|
|
if status != http.StatusOK {
|
|
|
|
|
t.Fatalf("expected status %d, got %d", http.StatusOK, status)
|
2026-04-05 02:43:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:05:18 +00:00
|
|
|
func TestProxy_allowHTTP_Ugly(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
AccessToken: "secret",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 03:44:35 +00:00
|
|
|
status, ok := p.AllowMonitoringRequest(&http.Request{
|
2026-04-04 23:05:18 +00:00
|
|
|
Method: http.MethodGet,
|
|
|
|
|
Header: http.Header{
|
|
|
|
|
"Authorization": []string{"Bearer wrong"},
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
if ok {
|
|
|
|
|
t.Fatal("expected invalid token to be rejected")
|
|
|
|
|
}
|
|
|
|
|
if status != http.StatusUnauthorized {
|
|
|
|
|
t.Fatalf("expected status %d, got %d", http.StatusUnauthorized, status)
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-04-04 23:07:43 +00:00
|
|
|
|
2026-04-04 23:58:09 +00:00
|
|
|
func TestProxy_allowHTTP_NilConfig_Ugly(t *testing.T) {
|
|
|
|
|
p := &Proxy{}
|
|
|
|
|
|
2026-04-05 03:44:35 +00:00
|
|
|
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodGet})
|
2026-04-04 23:58:09 +00:00
|
|
|
if ok {
|
|
|
|
|
t.Fatal("expected nil config request to be rejected")
|
|
|
|
|
}
|
|
|
|
|
if status != http.StatusServiceUnavailable {
|
|
|
|
|
t.Fatalf("expected status %d, got %d", http.StatusServiceUnavailable, status)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:07:43 +00:00
|
|
|
func TestProxy_startHTTP_Good(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
Enabled: true,
|
|
|
|
|
Host: "127.0.0.1",
|
|
|
|
|
Port: 0,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
done: make(chan struct{}),
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:42:26 +00:00
|
|
|
if ok := p.startMonitoringServer(); !ok {
|
2026-04-04 23:07:43 +00:00
|
|
|
t.Fatal("expected HTTP server to start on a free port")
|
|
|
|
|
}
|
|
|
|
|
p.Stop()
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:58:09 +00:00
|
|
|
func TestProxy_startHTTP_NilConfig_Bad(t *testing.T) {
|
|
|
|
|
p := &Proxy{}
|
|
|
|
|
|
|
|
|
|
if ok := p.startMonitoringServer(); ok {
|
|
|
|
|
t.Fatal("expected nil config to skip HTTP server start")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:07:43 +00:00
|
|
|
func TestProxy_startHTTP_Bad(t *testing.T) {
|
|
|
|
|
listener, err := net.Listen("tcp", "127.0.0.1:0")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("listen on ephemeral port: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer listener.Close()
|
|
|
|
|
|
|
|
|
|
host, port, err := net.SplitHostPort(listener.Addr().String())
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("split listener addr: %v", err)
|
|
|
|
|
}
|
|
|
|
|
portNum, err := strconv.Atoi(port)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("parse listener port: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
Enabled: true,
|
|
|
|
|
Host: host,
|
|
|
|
|
Port: uint16(portNum),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
done: make(chan struct{}),
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-04 23:42:26 +00:00
|
|
|
if ok := p.startMonitoringServer(); ok {
|
2026-04-04 23:07:43 +00:00
|
|
|
t.Fatal("expected HTTP server start to fail when the port is already in use")
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-04-05 00:21:42 +00:00
|
|
|
|
|
|
|
|
func TestProxy_registerMonitoringRoute_MethodNotAllowed_Bad(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
Restricted: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
|
p.registerMonitoringRoute(mux, "/1/summary", func() any { return map[string]string{"status": "ok"} })
|
|
|
|
|
|
|
|
|
|
request := httptest.NewRequest(http.MethodPost, "/1/summary", nil)
|
|
|
|
|
recorder := httptest.NewRecorder()
|
|
|
|
|
mux.ServeHTTP(recorder, request)
|
|
|
|
|
|
|
|
|
|
if recorder.Code != http.StatusMethodNotAllowed {
|
|
|
|
|
t.Fatalf("expected %d, got %d", http.StatusMethodNotAllowed, recorder.Code)
|
|
|
|
|
}
|
|
|
|
|
if got := recorder.Header().Get("Allow"); got != http.MethodGet {
|
|
|
|
|
t.Fatalf("expected Allow header %q, got %q", http.MethodGet, got)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestProxy_registerMonitoringRoute_Unauthorized_Ugly(t *testing.T) {
|
|
|
|
|
p := &Proxy{
|
|
|
|
|
config: &Config{
|
|
|
|
|
HTTP: HTTPConfig{
|
|
|
|
|
AccessToken: "secret",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
|
p.registerMonitoringRoute(mux, "/1/summary", func() any { return map[string]string{"status": "ok"} })
|
|
|
|
|
|
|
|
|
|
request := httptest.NewRequest(http.MethodGet, "/1/summary", nil)
|
|
|
|
|
recorder := httptest.NewRecorder()
|
|
|
|
|
mux.ServeHTTP(recorder, request)
|
|
|
|
|
|
|
|
|
|
if recorder.Code != http.StatusUnauthorized {
|
|
|
|
|
t.Fatalf("expected %d, got %d", http.StatusUnauthorized, recorder.Code)
|
|
|
|
|
}
|
|
|
|
|
if got := recorder.Header().Get("WWW-Authenticate"); got != "Bearer" {
|
|
|
|
|
t.Fatalf("expected WWW-Authenticate header %q, got %q", "Bearer", got)
|
|
|
|
|
}
|
|
|
|
|
}
|
