cloudflare/cloudflared
Publicmirrored from https://github.com/cloudflare/cloudflaredAvailable
validation/validation_test.go
243lines · modecode
| 1 | package validation |
| 2 | |
| 3 | import ( |
| 4 | "fmt" |
| 5 | "testing" |
| 6 | |
| 7 | "context" |
| 8 | "crypto/tls" |
| 9 | "crypto/x509" |
| 10 | "github.com/stretchr/testify/assert" |
| 11 | "net" |
| 12 | "net/http" |
| 13 | "net/http/httptest" |
| 14 | "net/url" |
| 15 | "strings" |
| 16 | ) |
| 17 | |
| 18 | func TestValidateHostname(t *testing.T) { |
| 19 | var inputHostname string |
| 20 | hostname, err := ValidateHostname(inputHostname) |
| 21 | assert.Equal(t, err, nil) |
| 22 | assert.Empty(t, hostname) |
| 23 | |
| 24 | inputHostname = "hello.example.com" |
| 25 | hostname, err = ValidateHostname(inputHostname) |
| 26 | assert.Nil(t, err) |
| 27 | assert.Equal(t, "hello.example.com", hostname) |
| 28 | |
| 29 | inputHostname = "http://hello.example.com" |
| 30 | hostname, err = ValidateHostname(inputHostname) |
| 31 | assert.Nil(t, err) |
| 32 | assert.Equal(t, "hello.example.com", hostname) |
| 33 | |
| 34 | inputHostname = "bücher.example.com" |
| 35 | hostname, err = ValidateHostname(inputHostname) |
| 36 | assert.Nil(t, err) |
| 37 | assert.Equal(t, "xn--bcher-kva.example.com", hostname) |
| 38 | |
| 39 | inputHostname = "http://bücher.example.com" |
| 40 | hostname, err = ValidateHostname(inputHostname) |
| 41 | assert.Nil(t, err) |
| 42 | assert.Equal(t, "xn--bcher-kva.example.com", hostname) |
| 43 | |
| 44 | inputHostname = "http%3A%2F%2Fhello.example.com" |
| 45 | hostname, err = ValidateHostname(inputHostname) |
| 46 | assert.Nil(t, err) |
| 47 | assert.Equal(t, "hello.example.com", hostname) |
| 48 | |
| 49 | } |
| 50 | |
| 51 | func TestValidateUrl(t *testing.T) { |
| 52 | validUrl, err := ValidateUrl("") |
| 53 | assert.Equal(t, fmt.Errorf("URL should not be empty"), err) |
| 54 | assert.Empty(t, validUrl) |
| 55 | |
| 56 | validUrl, err = ValidateUrl("https://localhost:8080") |
| 57 | assert.Nil(t, err) |
| 58 | assert.Equal(t, "https://localhost:8080", validUrl) |
| 59 | |
| 60 | validUrl, err = ValidateUrl("localhost:8080") |
| 61 | assert.Nil(t, err) |
| 62 | assert.Equal(t, "http://localhost:8080", validUrl) |
| 63 | |
| 64 | validUrl, err = ValidateUrl("http://localhost") |
| 65 | assert.Nil(t, err) |
| 66 | assert.Equal(t, "http://localhost", validUrl) |
| 67 | |
| 68 | validUrl, err = ValidateUrl("http://127.0.0.1:8080") |
| 69 | assert.Nil(t, err) |
| 70 | assert.Equal(t, "http://127.0.0.1:8080", validUrl) |
| 71 | |
| 72 | validUrl, err = ValidateUrl("127.0.0.1:8080") |
| 73 | assert.Nil(t, err) |
| 74 | assert.Equal(t, "http://127.0.0.1:8080", validUrl) |
| 75 | |
| 76 | validUrl, err = ValidateUrl("127.0.0.1") |
| 77 | assert.Nil(t, err) |
| 78 | assert.Equal(t, "http://127.0.0.1", validUrl) |
| 79 | |
| 80 | validUrl, err = ValidateUrl("https://127.0.0.1:8080") |
| 81 | assert.Nil(t, err) |
| 82 | assert.Equal(t, "https://127.0.0.1:8080", validUrl) |
| 83 | |
| 84 | validUrl, err = ValidateUrl("[::1]:8080") |
| 85 | assert.Nil(t, err) |
| 86 | assert.Equal(t, "http://[::1]:8080", validUrl) |
| 87 | |
| 88 | validUrl, err = ValidateUrl("http://[::1]") |
| 89 | assert.Nil(t, err) |
| 90 | assert.Equal(t, "http://[::1]", validUrl) |
| 91 | |
| 92 | validUrl, err = ValidateUrl("http://[::1]:8080") |
| 93 | assert.Nil(t, err) |
| 94 | assert.Equal(t, "http://[::1]:8080", validUrl) |
| 95 | |
| 96 | validUrl, err = ValidateUrl("[::1]") |
| 97 | assert.Nil(t, err) |
| 98 | assert.Equal(t, "http://[::1]", validUrl) |
| 99 | |
| 100 | validUrl, err = ValidateUrl("https://example.com") |
| 101 | assert.Nil(t, err) |
| 102 | assert.Equal(t, "https://example.com", validUrl) |
| 103 | |
| 104 | validUrl, err = ValidateUrl("example.com") |
| 105 | assert.Nil(t, err) |
| 106 | assert.Equal(t, "http://example.com", validUrl) |
| 107 | |
| 108 | validUrl, err = ValidateUrl("http://hello.example.com") |
| 109 | assert.Nil(t, err) |
| 110 | assert.Equal(t, "http://hello.example.com", validUrl) |
| 111 | |
| 112 | validUrl, err = ValidateUrl("hello.example.com") |
| 113 | assert.Nil(t, err) |
| 114 | assert.Equal(t, "http://hello.example.com", validUrl) |
| 115 | |
| 116 | validUrl, err = ValidateUrl("hello.example.com:8080") |
| 117 | assert.Nil(t, err) |
| 118 | assert.Equal(t, "http://hello.example.com:8080", validUrl) |
| 119 | |
| 120 | validUrl, err = ValidateUrl("https://hello.example.com:8080") |
| 121 | assert.Nil(t, err) |
| 122 | assert.Equal(t, "https://hello.example.com:8080", validUrl) |
| 123 | |
| 124 | validUrl, err = ValidateUrl("https://bücher.example.com") |
| 125 | assert.Nil(t, err) |
| 126 | assert.Equal(t, "https://xn--bcher-kva.example.com", validUrl) |
| 127 | |
| 128 | validUrl, err = ValidateUrl("bücher.example.com") |
| 129 | assert.Nil(t, err) |
| 130 | assert.Equal(t, "http://xn--bcher-kva.example.com", validUrl) |
| 131 | |
| 132 | validUrl, err = ValidateUrl("https%3A%2F%2Fhello.example.com") |
| 133 | assert.Nil(t, err) |
| 134 | assert.Equal(t, "https://hello.example.com", validUrl) |
| 135 | |
| 136 | validUrl, err = ValidateUrl("ftp://alex:12345@hello.example.com:8080/robot.txt") |
| 137 | assert.Equal(t, "Currently Argo Tunnel does not support ftp protocol.", err.Error()) |
| 138 | assert.Empty(t, validUrl) |
| 139 | |
| 140 | validUrl, err = ValidateUrl("https://alex:12345@hello.example.com:8080") |
| 141 | assert.Nil(t, err) |
| 142 | assert.Equal(t, "https://hello.example.com:8080", validUrl) |
| 143 | |
| 144 | } |
| 145 | |
| 146 | func TestToggleProtocol(t *testing.T) { |
| 147 | assert.Equal(t, "https", toggleProtocol("http")) |
| 148 | assert.Equal(t, "http", toggleProtocol("https")) |
| 149 | assert.Equal(t, "random", toggleProtocol("random")) |
| 150 | assert.Equal(t, "", toggleProtocol("")) |
| 151 | } |
| 152 | |
| 153 | func TestValidateHTTPService_HTTP2HTTP(t *testing.T) { |
| 154 | server, client, err := createMockServerAndClient(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 155 | w.WriteHeader(200) |
| 156 | })) |
| 157 | assert.NoError(t, err) |
| 158 | defer server.Close() |
| 159 | |
| 160 | assert.Equal(t, nil, ValidateHTTPService("http://example.com/", client.Transport)) |
| 161 | } |
| 162 | |
| 163 | func TestValidateHTTPService_ServerNonOKResponse(t *testing.T) { |
| 164 | server, client, err := createMockServerAndClient(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 165 | w.WriteHeader(400) |
| 166 | })) |
| 167 | assert.NoError(t, err) |
| 168 | defer server.Close() |
| 169 | |
| 170 | assert.Equal(t, nil, ValidateHTTPService("http://example.com/", client.Transport)) |
| 171 | } |
| 172 | |
| 173 | func TestValidateHTTPService_HTTPS2HTTP(t *testing.T) { |
| 174 | server, client, err := createMockServerAndClient(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 175 | w.WriteHeader(200) |
| 176 | })) |
| 177 | assert.NoError(t, err) |
| 178 | defer server.Close() |
| 179 | |
| 180 | assert.Equal(t, |
| 181 | "example.com doesn't seem to work over https, but does seem to work over http. Consider changing the origin URL to http://example.com:1234/", |
| 182 | ValidateHTTPService("https://example.com:1234/", client.Transport).Error()) |
| 183 | } |
| 184 | |
| 185 | func TestValidateHTTPService_HTTPS2HTTPS(t *testing.T) { |
| 186 | server, client, err := createSecureMockServerAndClient(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 187 | w.WriteHeader(200) |
| 188 | })) |
| 189 | assert.NoError(t, err) |
| 190 | defer server.Close() |
| 191 | |
| 192 | assert.Equal(t, nil, ValidateHTTPService("https://example.com/", client.Transport)) |
| 193 | } |
| 194 | |
| 195 | func TestValidateHTTPService_HTTP2HTTPS(t *testing.T) { |
| 196 | server, client, err := createSecureMockServerAndClient(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 197 | w.WriteHeader(200) |
| 198 | })) |
| 199 | assert.NoError(t, err) |
| 200 | defer server.Close() |
| 201 | |
| 202 | assert.Equal(t, |
| 203 | "example.com doesn't seem to work over http, but does seem to work over https. Consider changing the origin URL to https://example.com:1234/", |
| 204 | ValidateHTTPService("http://example.com:1234/", client.Transport).Error()) |
| 205 | } |
| 206 | |
| 207 | func createMockServerAndClient(handler http.Handler) (*httptest.Server, *http.Client, error) { |
| 208 | client := http.DefaultClient |
| 209 | server := httptest.NewServer(handler) |
| 210 | |
| 211 | client.Transport = &http.Transport{ |
| 212 | Proxy: func(req *http.Request) (*url.URL, error) { |
| 213 | return url.Parse(server.URL) |
| 214 | }, |
| 215 | } |
| 216 | |
| 217 | return server, client, nil |
| 218 | } |
| 219 | |
| 220 | func createSecureMockServerAndClient(handler http.Handler) (*httptest.Server, *http.Client, error) { |
| 221 | client := http.DefaultClient |
| 222 | server := httptest.NewTLSServer(handler) |
| 223 | |
| 224 | cert, err := x509.ParseCertificate(server.TLS.Certificates[0].Certificate[0]) |
| 225 | if err != nil { |
| 226 | server.Close() |
| 227 | return nil, nil, err |
| 228 | } |
| 229 | |
| 230 | certpool := x509.NewCertPool() |
| 231 | certpool.AddCert(cert) |
| 232 | |
| 233 | client.Transport = &http.Transport{ |
| 234 | DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { |
| 235 | return net.Dial("tcp", server.URL[strings.LastIndex(server.URL, "/")+1:]) |
| 236 | }, |
| 237 | TLSClientConfig: &tls.Config{ |
| 238 | RootCAs: certpool, |
| 239 | }, |
| 240 | } |
| 241 | |
| 242 | return server, client, nil |
| 243 | } |
| 244 | |