mirror of
https://github.com/fatedier/frp.git
synced 2026-04-15 05:29:10 +08:00
103 lines
3.6 KiB
Go
103 lines
3.6 KiB
Go
package vhost
|
|
|
|
import (
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
httppkg "github.com/fatedier/frp/pkg/util/http"
|
|
)
|
|
|
|
func TestCheckRouteAuthByRequest(t *testing.T) {
|
|
rc := &RouteConfig{
|
|
Username: "alice",
|
|
Password: "secret",
|
|
}
|
|
|
|
t.Run("accepts nil route config", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/", nil)
|
|
require.True(t, checkRouteAuthByRequest(req, nil))
|
|
})
|
|
|
|
t.Run("accepts route without credentials", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/", nil)
|
|
require.True(t, checkRouteAuthByRequest(req, &RouteConfig{}))
|
|
})
|
|
|
|
t.Run("accepts authorization header", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/", nil)
|
|
req.SetBasicAuth("alice", "secret")
|
|
require.True(t, checkRouteAuthByRequest(req, rc))
|
|
})
|
|
|
|
t.Run("accepts proxy authorization header", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "http://target.example.com/", nil)
|
|
req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "secret"))
|
|
require.True(t, checkRouteAuthByRequest(req, rc))
|
|
})
|
|
|
|
t.Run("rejects authorization fallback for proxy request", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "http://target.example.com/", nil)
|
|
req.SetBasicAuth("alice", "secret")
|
|
require.False(t, checkRouteAuthByRequest(req, rc))
|
|
})
|
|
|
|
t.Run("rejects wrong proxy authorization even when authorization matches", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "http://target.example.com/", nil)
|
|
req.SetBasicAuth("alice", "secret")
|
|
req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "wrong"))
|
|
require.False(t, checkRouteAuthByRequest(req, rc))
|
|
})
|
|
|
|
t.Run("rejects when neither header matches", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "http://target.example.com/", nil)
|
|
req.SetBasicAuth("alice", "wrong")
|
|
req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "wrong"))
|
|
require.False(t, checkRouteAuthByRequest(req, rc))
|
|
})
|
|
|
|
t.Run("rejects proxy authorization on direct request", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/", nil)
|
|
req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "secret"))
|
|
require.False(t, checkRouteAuthByRequest(req, rc))
|
|
})
|
|
}
|
|
|
|
func TestGetRequestRouteUser(t *testing.T) {
|
|
t.Run("proxy request uses proxy authorization username", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "http://target.example.com/", nil)
|
|
req.Host = "target.example.com"
|
|
req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("proxy-user", "proxy-pass"))
|
|
req.SetBasicAuth("direct-user", "direct-pass")
|
|
|
|
require.Equal(t, "proxy-user", getRequestRouteUser(req))
|
|
})
|
|
|
|
t.Run("connect request keeps proxy authorization routing", func(t *testing.T) {
|
|
req := httptest.NewRequest("CONNECT", "http://target.example.com:443", nil)
|
|
req.Host = "target.example.com:443"
|
|
req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("proxy-user", "proxy-pass"))
|
|
req.SetBasicAuth("direct-user", "direct-pass")
|
|
|
|
require.Equal(t, "proxy-user", getRequestRouteUser(req))
|
|
})
|
|
|
|
t.Run("direct request uses authorization username", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/", nil)
|
|
req.Host = "example.com"
|
|
req.SetBasicAuth("direct-user", "direct-pass")
|
|
|
|
require.Equal(t, "direct-user", getRequestRouteUser(req))
|
|
})
|
|
|
|
t.Run("proxy request does not fall back when proxy authorization is invalid", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "http://target.example.com/", nil)
|
|
req.Host = "target.example.com"
|
|
req.Header.Set("Proxy-Authorization", "Basic !!!")
|
|
req.SetBasicAuth("direct-user", "direct-pass")
|
|
|
|
require.Empty(t, getRequestRouteUser(req))
|
|
})
|
|
}
|