128 lines
3.2 KiB
Go
128 lines
3.2 KiB
Go
package forwardedheaders
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestServeHTTP(t *testing.T) {
|
|
testCases := []struct {
|
|
desc string
|
|
insecure bool
|
|
trustedIps []string
|
|
incomingHeaders map[string]string
|
|
remoteAddr string
|
|
expectedHeaders map[string]string
|
|
}{
|
|
{
|
|
desc: "all Empty",
|
|
insecure: true,
|
|
trustedIps: nil,
|
|
remoteAddr: "",
|
|
incomingHeaders: map[string]string{},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "",
|
|
},
|
|
},
|
|
{
|
|
desc: "insecure true with incoming X-Forwarded-For",
|
|
insecure: true,
|
|
trustedIps: nil,
|
|
remoteAddr: "",
|
|
incomingHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
},
|
|
{
|
|
desc: "insecure false with incoming X-Forwarded-For",
|
|
insecure: false,
|
|
trustedIps: nil,
|
|
remoteAddr: "",
|
|
incomingHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "",
|
|
},
|
|
},
|
|
{
|
|
desc: "insecure false with incoming X-Forwarded-For and valid Trusted Ips",
|
|
insecure: false,
|
|
trustedIps: []string{"10.0.1.100"},
|
|
remoteAddr: "10.0.1.100:80",
|
|
incomingHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
},
|
|
{
|
|
desc: "insecure false with incoming X-Forwarded-For and invalid Trusted Ips",
|
|
insecure: false,
|
|
trustedIps: []string{"10.0.1.100"},
|
|
remoteAddr: "10.0.1.101:80",
|
|
incomingHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "",
|
|
},
|
|
},
|
|
{
|
|
desc: "insecure false with incoming X-Forwarded-For and valid Trusted Ips CIDR",
|
|
insecure: false,
|
|
trustedIps: []string{"1.2.3.4/24"},
|
|
remoteAddr: "1.2.3.156:80",
|
|
incomingHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
},
|
|
{
|
|
desc: "insecure false with incoming X-Forwarded-For and invalid Trusted Ips CIDR",
|
|
insecure: false,
|
|
trustedIps: []string{"1.2.3.4/24"},
|
|
remoteAddr: "10.0.1.101:80",
|
|
incomingHeaders: map[string]string{
|
|
"X-Forwarded-for": "10.0.1.0, 10.0.1.12",
|
|
},
|
|
expectedHeaders: map[string]string{
|
|
"X-Forwarded-for": "",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
test := test
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
req, err := http.NewRequest(http.MethodGet, "", nil)
|
|
require.NoError(t, err)
|
|
|
|
req.RemoteAddr = test.remoteAddr
|
|
|
|
for k, v := range test.incomingHeaders {
|
|
req.Header.Set(k, v)
|
|
}
|
|
|
|
m, err := NewXForwarded(test.insecure, test.trustedIps, http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {}))
|
|
require.NoError(t, err)
|
|
|
|
m.ServeHTTP(nil, req)
|
|
|
|
for k, v := range test.expectedHeaders {
|
|
assert.Equal(t, v, req.Header.Get(k))
|
|
}
|
|
})
|
|
}
|
|
}
|