Merge pull request #16 from BetterCorp/testings

Testings

Author: mrinc

.golangci.yml

@@ -29,6 +29,10 @@ linters-settings:
 linters:
   enable-all: true
   disable:
+    - deadcode # deprecated
+    - varcheck # deprecated
+    - structcheck # deprecated
+    - nosnakecase # deprecated
     - interfacer # deprecated
     - maligned # deprecated
     - scopelint # deprecated

cloudflarewarp.go

@@ -27,6 +27,7 @@ type Config struct {
 
 // TrustResult for Trust IP test result.
 type TrustResult struct {
+	isFatal  bool
 	isError  bool
 	trusted  bool
 	directIP string
@@ -86,8 +87,16 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
 
 func (r *RealIPOverWriter) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	trustResult := r.trust(req.RemoteAddr)
-	if trustResult.directIP == "" || trustResult.isError {
-		http.Error(rw, "Unknown source", 500)
+	if trustResult.isFatal {
+		http.Error(rw, "Unknown source", http.StatusInternalServerError)
+		return
+	}
+	if trustResult.isError {
+		http.Error(rw, "Unknown source", http.StatusBadRequest)
+		return
+	}
+	if trustResult.directIP == "" {
+		http.Error(rw, "Unknown source", http.StatusUnprocessableEntity)
 		return
 	}
 	if trustResult.trusted {
@@ -118,6 +127,7 @@ func (r *RealIPOverWriter) trust(s string) *TrustResult {
 	temp, _, err := net.SplitHostPort(s)
 	if err != nil {
 		return &TrustResult{
+			isFatal:  true,
 			isError:  true,
 			trusted:  false,
 			directIP: "",
@@ -126,6 +136,7 @@ func (r *RealIPOverWriter) trust(s string) *TrustResult {
 	ip := net.ParseIP(temp)
 	if ip == nil {
 		return &TrustResult{
+			isFatal:  false,
 			isError:  true,
 			trusted:  false,
 			directIP: "",
@@ -134,13 +145,15 @@ func (r *RealIPOverWriter) trust(s string) *TrustResult {
 	for _, network := range r.TrustIP {
 		if network.Contains(ip) {
 			return &TrustResult{
+				isFatal:  false,
 				isError:  false,
 				trusted:  true,
 				directIP: ip.String(),
 			}
 		}
 	}
 	return &TrustResult{
+		isFatal:  false,
 		isError:  false,
 		trusted:  false,
 		directIP: ip.String(),

cloudflarewarp_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 	"net/http/httptest"
+	"strconv"
 	"testing"
 
 	plugin "github.com/BetterCorp/cloudflarewarp"
@@ -20,7 +21,8 @@ func TestNew(t *testing.T) {
 		t.Fatal(err)
 	}
 	testCases := []struct {
-		expect500      bool
+		ipv6           bool
+		expect400      bool
 		trusted        bool
 		remote         string
 		desc           string
@@ -56,14 +58,43 @@ func TestNew(t *testing.T) {
 			expectedScheme: "",
 			trusted:        false,
 		},
+		{
+			remote:         "10.0.1.20",
+			desc:           "not trust ip4/6",
+			cfConnectingIP: "1001:3984:3989::1",
+			cfVisitor:      "",
+			expected:       "",
+			expectedScheme: "",
+			trusted:        false,
+		},
+		{
+			remote:         "1001:3984:3989::1",
+			ipv6:           true,
+			desc:           "not trust ip6/6",
+			cfConnectingIP: "1001:3984:3989::1",
+			cfVisitor:      "",
+			expected:       "",
+			expectedScheme: "",
+			trusted:        false,
+		},
+		{
+			remote:         "1001:3984:3989::1",
+			ipv6:           true,
+			desc:           "not trust ip6/4",
+			cfConnectingIP: "10.0.1.20",
+			cfVisitor:      "",
+			expected:       "",
+			expectedScheme: "",
+			trusted:        false,
+		},
 		{
 			remote:         "10.0.2",
 			desc:           "wrong IP format",
 			cfConnectingIP: "10.0.0.1",
 			cfVisitor:      "",
 			expected:       "",
 			expectedScheme: "",
-			expect500:      true,
+			expect400:      true,
 			trusted:        false,
 		},
 		{
@@ -73,7 +104,7 @@ func TestNew(t *testing.T) {
 			cfVisitor:      "",
 			expected:       "",
 			expectedScheme: "",
-			expect500:      true,
+			expect400:      true,
 			trusted:        false,
 		},
 		{
@@ -104,18 +135,24 @@ func TestNew(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			req.RemoteAddr = test.remote + ":36001"
+			if test.ipv6 == true {
+				req.RemoteAddr = "[" + test.remote + "]:36001"
+			} else {
+				req.RemoteAddr = test.remote + ":36001"
+			}
 			req.Header.Set("X-Real-Ip", test.remote)
 			req.Header.Set("Cf-Connecting-IP", test.cfConnectingIP)
 			req.Header.Set("Cf-Visitor", test.cfVisitor)
 
 			handler.ServeHTTP(recorder, req)
 
-			if recorder.Result().StatusCode == 500 {
-				if test.expect500 == true {
+			if recorder.Result().StatusCode == http.StatusBadRequest {
+				if test.expect400 == true {
 					return
 				}
-				t.Errorf("invalid response: 500")
+			}
+			if recorder.Result().StatusCode != http.StatusOK {
+				t.Errorf("invalid response: " + strconv.Itoa(recorder.Result().StatusCode))
 				return
 			}
 

test/config/invalid.toml

@@ -0,0 +1,8 @@
+
+[http]
+  [http.middlewares]
+    [http.middlewares.cloudflarewarp]
+      [http.middlewares.cloudflarewarp.plugin]
+        [http.middlewares.cloudflarewarp.plugin.cloudflarewarp]
+          trustip=[]
+          

test/config/invalid.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    cloudflarewarp:
+      plugin:
+        cloudflarewarp:
+          disableDefault: false

test/test-prod.sh

@@ -3,7 +3,14 @@
 TEST_IP="187.2.2.3"
 
 rm -rf ./logs-success
+rm -rf ./logs-success-toml
+rm -rf ./logs-success-yml
 rm -rf ./logs-fail
+rm -rf ./logs-fail-toml
+rm -rf ./logs-fail-yml
+rm -rf ./logs-invalid
+rm -rf ./logs-invalid-toml
+rm -rf ./logs-invalid-yml
 
 if [ "${1}" = "stack" ]; then
   docker swarm init
@@ -27,7 +34,7 @@ if [ ! "${1}" = "stack" ]; then
   cp docker-compose-prod.yml docker-compose.yml
 fi
 
-rm -rf ./logs-success-toml
+sleep 1s
 
 bash test-base.sh success toml "${1}" $TEST_IP
 
@@ -38,8 +45,6 @@ mv ./tempconfig ./logs-success-toml/config
 
 sleep 1s
 
-rm -rf ./logs-fail-toml
-
 bash test-base.sh fail toml "${1}" $TEST_IP
 
 sleep 1s
@@ -49,7 +54,14 @@ mv ./tempconfig ./logs-fail-toml/config
 
 sleep 1s
 
-rm -rf ./logs-success-yml
+bash test-base.sh invalid toml "${1}" "1522.20.2"
+
+sleep 1s
+
+mv ./logs ./logs-invalid-toml
+mv ./tempconfig ./logs-invalid-toml/config
+
+sleep 1s
 
 bash ./test-verify.sh toml $TEST_IP
 
@@ -64,8 +76,6 @@ mv ./tempconfig ./logs-success-yml/config
 
 sleep 1s
 
-rm -rf ./logs-fail-yml
-
 bash test-base.sh fail yml "${1}" $TEST_IP
 
 sleep 1s
@@ -75,6 +85,15 @@ mv ./tempconfig ./logs-fail-yml/config
 
 sleep 1s
 
+bash test-base.sh invalid yml "${1}" "1522.20.2"
+
+sleep 1s
+
+mv ./logs ./logs-invalid-yml
+mv ./tempconfig ./logs-invalid-yml/config
+
+sleep 1s
+
 bash ./test-verify.sh yml $TEST_IP
 
 if [ ! "${1}" = "stack" ]; then

test/test-verify.sh

@@ -1,9 +1,11 @@
 SUCCESS_CONFIG_FILE="./logs-success-${1}/output.log"
 FAIL_CONFIG_FILE="./logs-fail-${1}/output.log"
+INVALID_CONFIG_FILE="./logs-invalid-${1}/output.log"
 
 echo "RUNNING TESTS FOR ${1}"
 echo " - Succ $SUCCESS_CONFIG_FILE"
 echo " - Fail $FAIL_CONFIG_FILE"
+echo " - Inva $INVALID_CONFIG_FILE"
 
 sleep 1s
 
@@ -28,6 +30,10 @@ if ! grep -q "X-Is-Trusted: no" $FAIL_CONFIG_FILE; then
   echo "'X-Is-Trusted: no' header was not added to the invalid request ($FAIL_CONFIG_FILE)"
   exit 5
 fi
+if ! grep -q "X-Is-Trusted: no" $INVALID_CONFIG_FILE; then
+  echo "'X-Is-Trusted: no' header was not added to the invalid request ($INVALID_CONFIG_FILE)"
+  exit 5
+fi
 #if ! grep -q "X-Forwarded-For: 10.0.0.2" $FAIL_CONFIG_FILE; then
 #  echo "Forwarded header was not defined as the original IP"
 #  exit 5

test/test.sh

@@ -3,7 +3,14 @@
 TEST_IP="187.2.2.1"
 
 rm -rf ./logs-success
+rm -rf ./logs-success-toml
+rm -rf ./logs-success-yml
 rm -rf ./logs-fail
+rm -rf ./logs-fail-toml
+rm -rf ./logs-fail-yml
+rm -rf ./logs-invalid
+rm -rf ./logs-invalid-toml
+rm -rf ./logs-invalid-yml
 
 if [ "${1}" = "stack" ]; then
   docker swarm init
@@ -15,8 +22,6 @@ docker pull traefik:2.8
 
 sleep 1s
 
-rm -rf ./logs-success-toml
-
 bash test-base.sh success toml "${1}" $TEST_IP
 
 sleep 1s
@@ -26,8 +31,6 @@ mv ./tempconfig ./logs-success-toml/config
 
 sleep 1s
 
-rm -rf ./logs-fail-toml
-
 bash test-base.sh fail toml "${1}" $TEST_IP
 
 sleep 1s
@@ -37,7 +40,14 @@ mv ./tempconfig ./logs-fail-toml/config
 
 sleep 1s
 
-rm -rf ./logs-success-yml
+bash test-base.sh invalid toml "${1}" "1522.20.2"
+
+sleep 1s
+
+mv ./logs ./logs-invalid-toml
+mv ./tempconfig ./logs-invalid-toml/config
+
+sleep 1s
 
 bash ./test-verify.sh toml $TEST_IP
 
@@ -52,8 +62,6 @@ mv ./tempconfig ./logs-success-yml/config
 
 sleep 1s
 
-rm -rf ./logs-fail-yml
-
 bash test-base.sh fail yml "${1}" $TEST_IP
 
 sleep 1s
@@ -63,4 +71,13 @@ mv ./tempconfig ./logs-fail-yml/config
 
 sleep 1s
 
+bash test-base.sh invalid yml "${1}" "1522.20.2"
+
+sleep 1s
+
+mv ./logs ./logs-invalid-yml
+mv ./tempconfig ./logs-invalid-yml/config
+
+sleep 1s
+
 bash ./test-verify.sh yml $TEST_IP