LBP
/
miniflux_v2
mirror de https://github.com/miniflux/v2.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
							// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
// SPDX-License-Identifier: Apache-2.0

package request // import "miniflux.app/v2/internal/http/request"

import (
	"net/http"
	"testing"
)

func TestFindClientIPWithoutHeaders(t *testing.T) {
	r := &http.Request{RemoteAddr: "192.168.0.1:4242"}
	if ip := FindClientIP(r, false); ip != "192.168.0.1" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	r = &http.Request{RemoteAddr: "192.168.0.1"}
	if ip := FindClientIP(r, false); ip != "192.168.0.1" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	r = &http.Request{RemoteAddr: "fe80::14c2:f039:edc7:edc7"}
	if ip := FindClientIP(r, false); ip != "fe80::14c2:f039:edc7:edc7" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	r = &http.Request{RemoteAddr: "fe80::14c2:f039:edc7:edc7%eth0"}
	if ip := FindClientIP(r, false); ip != "fe80::14c2:f039:edc7:edc7" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	r = &http.Request{RemoteAddr: "[fe80::14c2:f039:edc7:edc7%eth0]:4242"}
	if ip := FindClientIP(r, false); ip != "fe80::14c2:f039:edc7:edc7" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	r = &http.Request{RemoteAddr: "@"}
	if ip := FindClientIP(r, false); ip != "127.0.0.1" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	r = &http.Request{RemoteAddr: ""}
	if ip := FindClientIP(r, false); ip != "127.0.0.1" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}
}

func TestFindClientIPWithXFFHeader(t *testing.T) {
	// Test with multiple IPv4 addresses.
	headers := http.Header{}
	headers.Set("X-Forwarded-For", "203.0.113.195, 70.41.3.18, 150.172.238.178")
	r := &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "203.0.113.195" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	// Test with single IPv6 address.
	headers = http.Header{}
	headers.Set("X-Forwarded-For", "2001:db8:85a3:8d3:1319:8a2e:370:7348")
	r = &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "2001:db8:85a3:8d3:1319:8a2e:370:7348" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	// Test with single IPv6 address with zone
	headers = http.Header{}
	headers.Set("X-Forwarded-For", "fe80::14c2:f039:edc7:edc7%eth0")
	r = &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "fe80::14c2:f039:edc7:edc7" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	// Test with single IPv4 address.
	headers = http.Header{}
	headers.Set("X-Forwarded-For", "70.41.3.18")
	r = &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "70.41.3.18" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}

	// Test with invalid IP address.
	headers = http.Header{}
	headers.Set("X-Forwarded-For", "fake IP")
	r = &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "192.168.0.1" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}
}

func TestClientIPWithXRealIPHeader(t *testing.T) {
	headers := http.Header{}
	headers.Set("X-Real-Ip", "192.168.122.1")
	r := &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "192.168.122.1" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}
}

func TestClientIPWithBothHeaders(t *testing.T) {
	headers := http.Header{}
	headers.Set("X-Forwarded-For", "203.0.113.195, 70.41.3.18, 150.172.238.178")
	headers.Set("X-Real-Ip", "192.168.122.1")

	r := &http.Request{RemoteAddr: "192.168.0.1:4242", Header: headers}

	if ip := FindClientIP(r, true); ip != "203.0.113.195" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}
}

func TestClientIPWithUnixSocketRemoteAddrAndBothHeaders(t *testing.T) {
	headers := http.Header{}
	headers.Set("X-Forwarded-For", "203.0.113.195, 70.41.3.18, 150.172.238.178")
	headers.Set("X-Real-Ip", "192.168.122.1")

	r := &http.Request{RemoteAddr: "@", Header: headers}

	if ip := FindClientIP(r, true); ip != "203.0.113.195" {
		t.Fatalf(`Unexpected result, got: %q`, ip)
	}
}

func TestIsTrustedIP(t *testing.T) {
	trustedNetworks := []string{"127.0.0.1/8", "10.0.0.0/8", "::1/128", "invalid"}

	scenarios := []struct {
		ip       string
		expected bool
	}{
		{"127.0.0.1", true},
		{"10.0.0.1", true},
		{"::1", true},
		{"192.168.1.1", false},
		{"invalid", false},
		{"@", false},
		{"/tmp/miniflux.sock", false},
		{"", false},
	}

	for _, scenario := range scenarios {
		result := IsTrustedIP(scenario.ip, trustedNetworks)
		if result != scenario.expected {
			t.Errorf("Expected %v for IP %s, got %v", scenario.expected, scenario.ip, result)
		}
	}

	if IsTrustedIP("127.0.0.1", nil) {
		t.Error("Expected false when no trusted networks are defined")
	}

	if IsTrustedIP("127.0.0.1", []string{}) {
		t.Error("Expected false when trusted networks list is empty")
	}
}

func TestFindRemoteIP(t *testing.T) {
	scenarios := []struct {
		ip       string
		expected string
	}{
		{"192.168.0.1:4242", "192.168.0.1"},
		{"[2001:db8::1]:4242", "2001:db8::1"},
		{"fe80::14c2:f039:edc7:edc7%eth0", "fe80::14c2:f039:edc7:edc7"},
		{"", "127.0.0.1"},
		{"@", "127.0.0.1"},
		{"invalid", "127.0.0.1"},
	}

	for _, scenario := range scenarios {
		r := &http.Request{RemoteAddr: scenario.ip}
		result := FindRemoteIP(r)
		if result != scenario.expected {
			t.Errorf("Expected %q for RemoteAddr %q, got %q", scenario.expected, scenario.ip, result)
		}
	}
}