123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510 |
- package http
- import (
- "context"
- "crypto/tls"
- "io"
- "net"
- "net/http"
- "os"
- "path/filepath"
- "strings"
- "testing"
- "github.com/stretchr/testify/require"
- )
- func testEmptyHandler() http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
- }
- func testEchoHandler(data []byte) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- _, _ = w.Write(data)
- })
- }
- func testAuthUserHandler() http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- userID, ok := CtxGetUser(r.Context())
- if !ok {
- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
- }
- _, _ = w.Write([]byte(userID))
- })
- }
- func testExpectRespBody(t *testing.T, resp *http.Response, expected []byte) {
- body, err := io.ReadAll(resp.Body)
- require.NoError(t, err)
- require.Equal(t, expected, body)
- }
- func testGetServerURL(t *testing.T, s *Server) string {
- urls := s.URLs()
- require.GreaterOrEqual(t, len(urls), 1, "server should return at least one url")
- return urls[0]
- }
- func testNewHTTPClientUnix(path string) *http.Client {
- return &http.Client{
- Transport: &http.Transport{
- DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
- return net.Dial("unix", path)
- },
- },
- }
- }
- func testReadTestdataFile(t *testing.T, path string) []byte {
- data, err := os.ReadFile(filepath.Join("./testdata", path))
- require.NoError(t, err, "")
- return data
- }
- func TestNewServerUnix(t *testing.T) {
- ctx := context.Background()
- tempDir := t.TempDir()
- path := filepath.Join(tempDir, "rclone.sock")
- cfg := DefaultCfg()
- cfg.ListenAddr = []string{path}
- auth := AuthConfig{
- BasicUser: "test",
- BasicPass: "test",
- }
- s, err := NewServer(ctx, WithConfig(cfg), WithAuth(auth))
- require.NoError(t, err)
- defer func() {
- require.NoError(t, s.Shutdown())
- _, err := os.Stat(path)
- require.ErrorIs(t, err, os.ErrNotExist, "shutdown should remove socket")
- }()
- require.Empty(t, s.URLs(), "unix socket should not appear in URLs")
- expected := []byte("hello world")
- s.Router().Mount("/", testEchoHandler(expected))
- s.Serve()
- client := testNewHTTPClientUnix(path)
- req, err := http.NewRequest("GET", "http://unix", nil)
- require.NoError(t, err)
- resp, err := client.Do(req)
- require.NoError(t, err)
- testExpectRespBody(t, resp, expected)
- require.Equal(t, http.StatusOK, resp.StatusCode, "unix sockets should ignore auth")
- for _, key := range _testCORSHeaderKeys {
- require.NotContains(t, resp.Header, key, "unix sockets should not be sent CORS headers")
- }
- }
- func TestNewServerHTTP(t *testing.T) {
- ctx := context.Background()
- cfg := DefaultCfg()
- cfg.ListenAddr = []string{"127.0.0.1:0"}
- auth := AuthConfig{
- BasicUser: "test",
- BasicPass: "test",
- }
- s, err := NewServer(ctx, WithConfig(cfg), WithAuth(auth))
- require.NoError(t, err)
- defer func() {
- require.NoError(t, s.Shutdown())
- }()
- url := testGetServerURL(t, s)
- require.True(t, strings.HasPrefix(url, "http://"), "url should have http scheme")
- expected := []byte("hello world")
- s.Router().Mount("/", testEchoHandler(expected))
- s.Serve()
- t.Run("StatusUnauthorized", func(t *testing.T) {
- client := &http.Client{}
- req, err := http.NewRequest("GET", url, nil)
- require.NoError(t, err)
- resp, err := client.Do(req)
- require.NoError(t, err)
- defer func() {
- _ = resp.Body.Close()
- }()
- require.Equal(t, http.StatusUnauthorized, resp.StatusCode, "no basic auth creds should return unauthorized")
- })
- t.Run("StatusOK", func(t *testing.T) {
- client := &http.Client{}
- req, err := http.NewRequest("GET", url, nil)
- require.NoError(t, err)
- req.SetBasicAuth(auth.BasicUser, auth.BasicPass)
- resp, err := client.Do(req)
- require.NoError(t, err)
- defer func() {
- _ = resp.Body.Close()
- }()
- require.Equal(t, http.StatusOK, resp.StatusCode, "using basic auth creds should return ok")
- testExpectRespBody(t, resp, expected)
- })
- }
- func TestNewServerBaseURL(t *testing.T) {
- servers := []struct {
- name string
- cfg Config
- suffix string
- }{
- {
- name: "Empty",
- cfg: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- BaseURL: "",
- },
- suffix: "/",
- },
- {
- name: "Single/NoTrailingSlash",
- cfg: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- BaseURL: "/rclone",
- },
- suffix: "/rclone/",
- },
- {
- name: "Single/TrailingSlash",
- cfg: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- BaseURL: "/rclone/",
- },
- suffix: "/rclone/",
- },
- {
- name: "Multi/NoTrailingSlash",
- cfg: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- BaseURL: "/rclone/test/base/url",
- },
- suffix: "/rclone/test/base/url/",
- },
- {
- name: "Multi/TrailingSlash",
- cfg: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- BaseURL: "/rclone/test/base/url/",
- },
- suffix: "/rclone/test/base/url/",
- },
- }
- for _, ss := range servers {
- t.Run(ss.name, func(t *testing.T) {
- s, err := NewServer(context.Background(), WithConfig(ss.cfg))
- require.NoError(t, err)
- defer func() {
- require.NoError(t, s.Shutdown())
- }()
- expected := []byte("data")
- s.Router().Get("/", testEchoHandler(expected).ServeHTTP)
- s.Serve()
- url := testGetServerURL(t, s)
- require.True(t, strings.HasPrefix(url, "http://"), "url should have http scheme")
- require.True(t, strings.HasSuffix(url, ss.suffix), "url should have the expected suffix")
- client := &http.Client{}
- req, err := http.NewRequest("GET", url, nil)
- require.NoError(t, err)
- resp, err := client.Do(req)
- require.NoError(t, err)
- defer func() {
- _ = resp.Body.Close()
- }()
- t.Log(url, resp.Request.URL)
- require.Equal(t, http.StatusOK, resp.StatusCode, "should return ok")
- testExpectRespBody(t, resp, expected)
- })
- }
- }
- func TestNewServerTLS(t *testing.T) {
- serverCertBytes := testReadTestdataFile(t, "local.crt")
- serverKeyBytes := testReadTestdataFile(t, "local.key")
- clientCertBytes := testReadTestdataFile(t, "client.crt")
- clientKeyBytes := testReadTestdataFile(t, "client.key")
- clientCert, err := tls.X509KeyPair(clientCertBytes, clientKeyBytes)
- require.NoError(t, err)
- // TODO: generate a proper cert with SAN
- servers := []struct {
- name string
- clientCerts []tls.Certificate
- wantErr bool
- wantClientErr bool
- err error
- http Config
- }{
- {
- name: "FromFile/Valid",
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCert: "./testdata/local.crt",
- TLSKey: "./testdata/local.key",
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromFile/NoCert",
- wantErr: true,
- err: ErrTLSFileMismatch,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCert: "",
- TLSKey: "./testdata/local.key",
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromFile/InvalidCert",
- wantErr: true,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCert: "./testdata/local.crt.invalid",
- TLSKey: "./testdata/local.key",
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromFile/NoKey",
- wantErr: true,
- err: ErrTLSFileMismatch,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCert: "./testdata/local.crt",
- TLSKey: "",
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromFile/InvalidKey",
- wantErr: true,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCert: "./testdata/local.crt",
- TLSKey: "./testdata/local.key.invalid",
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromBody/Valid",
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromBody/NoCert",
- wantErr: true,
- err: ErrTLSBodyMismatch,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: nil,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromBody/InvalidCert",
- wantErr: true,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: []byte("JUNK DATA"),
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromBody/NoKey",
- wantErr: true,
- err: ErrTLSBodyMismatch,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: nil,
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "FromBody/InvalidKey",
- wantErr: true,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: []byte("JUNK DATA"),
- MinTLSVersion: "tls1.0",
- },
- },
- {
- name: "MinTLSVersion/Valid/1.1",
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.1",
- },
- },
- {
- name: "MinTLSVersion/Valid/1.2",
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.2",
- },
- },
- {
- name: "MinTLSVersion/Valid/1.3",
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.3",
- },
- },
- {
- name: "MinTLSVersion/Invalid",
- wantErr: true,
- err: ErrInvalidMinTLSVersion,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls0.9",
- },
- },
- {
- name: "MutualTLS/InvalidCA",
- clientCerts: []tls.Certificate{clientCert},
- wantErr: true,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.0",
- ClientCA: "./testdata/client-ca.crt.invalid",
- },
- },
- {
- name: "MutualTLS/InvalidClient",
- clientCerts: []tls.Certificate{},
- wantClientErr: true,
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.0",
- ClientCA: "./testdata/client-ca.crt",
- },
- },
- {
- name: "MutualTLS/Valid",
- clientCerts: []tls.Certificate{clientCert},
- http: Config{
- ListenAddr: []string{"127.0.0.1:0"},
- TLSCertBody: serverCertBytes,
- TLSKeyBody: serverKeyBytes,
- MinTLSVersion: "tls1.0",
- ClientCA: "./testdata/client-ca.crt",
- },
- },
- }
- for _, ss := range servers {
- t.Run(ss.name, func(t *testing.T) {
- s, err := NewServer(context.Background(), WithConfig(ss.http))
- if ss.wantErr == true {
- if ss.err != nil {
- require.ErrorIs(t, err, ss.err, "new server should return the expected error")
- } else {
- require.Error(t, err, "new server should return error for invalid TLS config")
- }
- return
- }
- require.NoError(t, err)
- defer func() {
- require.NoError(t, s.Shutdown())
- }()
- expected := []byte("secret-page")
- s.Router().Mount("/", testEchoHandler(expected))
- s.Serve()
- url := testGetServerURL(t, s)
- require.True(t, strings.HasPrefix(url, "https://"), "url should have https scheme")
- client := &http.Client{
- Transport: &http.Transport{
- DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
- dest := strings.TrimPrefix(url, "https://")
- dest = strings.TrimSuffix(dest, "/")
- return net.Dial("tcp", dest)
- },
- TLSClientConfig: &tls.Config{
- Certificates: ss.clientCerts,
- InsecureSkipVerify: true,
- },
- },
- }
- req, err := http.NewRequest("GET", "https://dev.rclone.org", nil)
- require.NoError(t, err)
- resp, err := client.Do(req)
- if ss.wantClientErr {
- require.Error(t, err, "new server client should return error")
- return
- }
- require.NoError(t, err)
- defer func() {
- _ = resp.Body.Close()
- }()
- require.Equal(t, http.StatusOK, resp.StatusCode, "should return ok")
- testExpectRespBody(t, resp, expected)
- })
- }
- }
- func TestHelpPrefixServer(t *testing.T) {
- // This test assumes template variables are placed correctly.
- const testPrefix = "server-help-test"
- helpMessage := Help(testPrefix)
- if !strings.Contains(helpMessage, testPrefix) {
- t.Fatal("flag prefix not found")
- }
- }
|