2018-08-24 16:20:03 +02:00
|
|
|
package ip
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
2024-09-24 18:04:05 +02:00
|
|
|
const (
|
|
|
|
ipv6Basic = "::abcd:ffff:c0a8:1"
|
|
|
|
ipv6BracketsPort = "[::abcd:ffff:c0a8:1]:80"
|
|
|
|
ipv6BracketsZonePort = "[::abcd:ffff:c0a8:1%1]:80"
|
|
|
|
)
|
|
|
|
|
2018-08-24 16:20:03 +02:00
|
|
|
func TestRemoteAddrStrategy_GetIP(t *testing.T) {
|
|
|
|
testCases := []struct {
|
2024-09-24 18:04:05 +02:00
|
|
|
desc string
|
|
|
|
expected string
|
|
|
|
remoteAddr string
|
|
|
|
ipv6Subnet *int
|
2018-08-24 16:20:03 +02:00
|
|
|
}{
|
2024-09-24 18:04:05 +02:00
|
|
|
// Valid IP format
|
2018-08-24 16:20:03 +02:00
|
|
|
{
|
2024-09-24 18:04:05 +02:00
|
|
|
desc: "Use RemoteAddr, ipv4",
|
2019-08-26 12:20:06 +02:00
|
|
|
expected: "192.0.2.1",
|
2018-08-24 16:20:03 +02:00
|
|
|
},
|
2024-09-24 18:04:05 +02:00
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv6 brackets with port, no IPv6 subnet",
|
|
|
|
remoteAddr: ipv6BracketsPort,
|
|
|
|
expected: "::abcd:ffff:c0a8:1",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv6 brackets with zone and port, no IPv6 subnet",
|
|
|
|
remoteAddr: ipv6BracketsZonePort,
|
|
|
|
expected: "::abcd:ffff:c0a8:1%1",
|
|
|
|
},
|
|
|
|
|
|
|
|
// Invalid IPv6 format
|
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv6 basic, missing brackets, no IPv6 subnet",
|
|
|
|
remoteAddr: ipv6Basic,
|
|
|
|
expected: ipv6Basic,
|
|
|
|
},
|
|
|
|
|
|
|
|
// Valid IP format with subnet
|
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv4, ignore subnet",
|
|
|
|
expected: "192.0.2.1",
|
|
|
|
ipv6Subnet: intPtr(24),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv6 brackets with port, subnet",
|
|
|
|
remoteAddr: ipv6BracketsPort,
|
|
|
|
expected: "::abcd:0:0:0",
|
|
|
|
ipv6Subnet: intPtr(80),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv6 brackets with zone and port, subnet",
|
|
|
|
remoteAddr: ipv6BracketsZonePort,
|
|
|
|
expected: "::abcd:0:0:0",
|
|
|
|
ipv6Subnet: intPtr(80),
|
|
|
|
},
|
|
|
|
|
|
|
|
// Valid IP, invalid subnet
|
|
|
|
{
|
|
|
|
desc: "Use RemoteAddr, ipv6 brackets with port, invalid subnet",
|
|
|
|
remoteAddr: ipv6BracketsPort,
|
|
|
|
expected: "::abcd:ffff:c0a8:1",
|
|
|
|
ipv6Subnet: intPtr(500),
|
|
|
|
},
|
2018-08-24 16:20:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
2024-09-24 18:04:05 +02:00
|
|
|
strategy := RemoteAddrStrategy{
|
|
|
|
IPv6Subnet: test.ipv6Subnet,
|
|
|
|
}
|
2018-08-24 16:20:03 +02:00
|
|
|
req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1", nil)
|
2024-09-24 18:04:05 +02:00
|
|
|
if test.remoteAddr != "" {
|
|
|
|
req.RemoteAddr = test.remoteAddr
|
|
|
|
}
|
2018-08-24 16:20:03 +02:00
|
|
|
actual := strategy.GetIP(req)
|
|
|
|
assert.Equal(t, test.expected, actual)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDepthStrategy_GetIP(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
depth int
|
|
|
|
xForwardedFor string
|
|
|
|
expected string
|
2024-09-24 18:04:05 +02:00
|
|
|
ipv6Subnet *int
|
2018-08-24 16:20:03 +02:00
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Use depth",
|
|
|
|
depth: 3,
|
|
|
|
xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1",
|
|
|
|
expected: "10.0.0.3",
|
|
|
|
},
|
|
|
|
{
|
2024-09-13 05:40:04 -04:00
|
|
|
desc: "Use nonexistent depth in XForwardedFor",
|
2018-08-24 16:20:03 +02:00
|
|
|
depth: 2,
|
|
|
|
xForwardedFor: "",
|
|
|
|
expected: "",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Use depth that match the first IP in XForwardedFor",
|
|
|
|
depth: 2,
|
|
|
|
xForwardedFor: "10.0.0.2,10.0.0.1",
|
|
|
|
expected: "10.0.0.2",
|
|
|
|
},
|
2024-09-24 18:04:05 +02:00
|
|
|
{
|
|
|
|
desc: "Use depth with IPv4 subnet",
|
|
|
|
depth: 2,
|
|
|
|
xForwardedFor: "10.0.0.3,10.0.0.2,10.0.0.1",
|
|
|
|
expected: "10.0.0.2",
|
|
|
|
ipv6Subnet: intPtr(80),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Use depth with IPv6 subnet",
|
|
|
|
depth: 2,
|
|
|
|
xForwardedFor: "10.0.0.3," + ipv6Basic + ",10.0.0.1",
|
|
|
|
expected: "::abcd:0:0:0",
|
|
|
|
ipv6Subnet: intPtr(80),
|
|
|
|
},
|
2018-08-24 16:20:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
2024-09-24 18:04:05 +02:00
|
|
|
strategy := DepthStrategy{
|
|
|
|
Depth: test.depth,
|
|
|
|
IPv6Subnet: test.ipv6Subnet,
|
|
|
|
}
|
2018-08-24 16:20:03 +02:00
|
|
|
req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1", nil)
|
|
|
|
req.Header.Set(xForwardedFor, test.xForwardedFor)
|
|
|
|
actual := strategy.GetIP(req)
|
|
|
|
assert.Equal(t, test.expected, actual)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-06-07 17:46:14 +02:00
|
|
|
func TestTrustedIPsStrategy_GetIP(t *testing.T) {
|
2018-08-24 16:20:03 +02:00
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
2021-06-07 17:46:14 +02:00
|
|
|
trustedIPs []string
|
2018-08-24 16:20:03 +02:00
|
|
|
xForwardedFor string
|
|
|
|
expected string
|
2021-06-07 17:46:14 +02:00
|
|
|
useRemote bool
|
2018-08-24 16:20:03 +02:00
|
|
|
}{
|
|
|
|
{
|
2021-06-07 17:46:14 +02:00
|
|
|
desc: "Trust all IPs",
|
|
|
|
trustedIPs: []string{"10.0.0.4", "10.0.0.3", "10.0.0.2", "10.0.0.1"},
|
2018-08-24 16:20:03 +02:00
|
|
|
xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1",
|
|
|
|
expected: "",
|
|
|
|
},
|
|
|
|
{
|
2021-06-07 17:46:14 +02:00
|
|
|
desc: "Do not trust all IPs",
|
|
|
|
trustedIPs: []string{"10.0.0.2", "10.0.0.1"},
|
2018-08-24 16:20:03 +02:00
|
|
|
xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1",
|
|
|
|
expected: "10.0.0.3",
|
|
|
|
},
|
|
|
|
{
|
2021-06-07 17:46:14 +02:00
|
|
|
desc: "Do not trust all IPs with CIDR",
|
|
|
|
trustedIPs: []string{"10.0.0.1/24"},
|
2018-08-24 16:20:03 +02:00
|
|
|
xForwardedFor: "127.0.0.1,10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1",
|
|
|
|
expected: "127.0.0.1",
|
|
|
|
},
|
|
|
|
{
|
2021-06-07 17:46:14 +02:00
|
|
|
desc: "Trust all IPs with CIDR",
|
|
|
|
trustedIPs: []string{"10.0.0.1/24"},
|
2018-08-24 16:20:03 +02:00
|
|
|
xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1",
|
|
|
|
expected: "",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
2021-06-07 17:46:14 +02:00
|
|
|
checker, err := NewChecker(test.trustedIPs)
|
2018-08-24 16:20:03 +02:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-07 17:46:14 +02:00
|
|
|
strategy := PoolStrategy{Checker: checker}
|
2018-08-24 16:20:03 +02:00
|
|
|
req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1", nil)
|
|
|
|
req.Header.Set(xForwardedFor, test.xForwardedFor)
|
|
|
|
actual := strategy.GetIP(req)
|
|
|
|
assert.Equal(t, test.expected, actual)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2024-09-24 18:04:05 +02:00
|
|
|
|
|
|
|
func intPtr(value int) *int {
|
|
|
|
return &value
|
|
|
|
}
|