2020-08-03 17:40:46 +00:00
|
|
|
// Copyright 2020 The go-ethereum Authors
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2020-04-08 11:33:12 +00:00
|
|
|
package node
|
|
|
|
|
|
|
|
import (
|
2020-08-03 17:40:46 +00:00
|
|
|
"bytes"
|
2021-02-02 09:05:46 +00:00
|
|
|
"fmt"
|
2022-12-07 13:02:14 +00:00
|
|
|
"io"
|
2020-04-08 11:33:12 +00:00
|
|
|
"net/http"
|
2022-12-07 13:02:14 +00:00
|
|
|
"net/http/httptest"
|
2021-02-02 09:05:46 +00:00
|
|
|
"net/url"
|
|
|
|
"strconv"
|
2020-11-19 13:54:49 +00:00
|
|
|
"strings"
|
2020-04-08 11:33:12 +00:00
|
|
|
"testing"
|
2022-03-07 07:30:27 +00:00
|
|
|
"time"
|
2020-04-08 11:33:12 +00:00
|
|
|
|
2020-08-03 17:40:46 +00:00
|
|
|
"github.com/ethereum/go-ethereum/internal/testlog"
|
|
|
|
"github.com/ethereum/go-ethereum/log"
|
2020-04-08 11:33:12 +00:00
|
|
|
"github.com/ethereum/go-ethereum/rpc"
|
2022-03-07 07:30:27 +00:00
|
|
|
"github.com/golang-jwt/jwt/v4"
|
2020-08-03 17:40:46 +00:00
|
|
|
"github.com/gorilla/websocket"
|
2020-04-08 11:33:12 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
const testMethod = "rpc_modules"
|
|
|
|
|
2020-08-03 17:40:46 +00:00
|
|
|
// TestCorsHandler makes sure CORS are properly handled on the http server.
|
|
|
|
func TestCorsHandler(t *testing.T) {
|
2022-12-07 13:02:14 +00:00
|
|
|
srv := createAndStartServer(t, &httpConfig{CorsAllowedOrigins: []string{"test", "test.com"}}, false, &wsConfig{}, nil)
|
2020-08-03 17:40:46 +00:00
|
|
|
defer srv.stop()
|
2021-02-02 09:05:46 +00:00
|
|
|
url := "http://" + srv.listenAddr()
|
2020-08-03 17:40:46 +00:00
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
resp := rpcRequest(t, url, testMethod, "origin", "test.com")
|
2020-08-03 17:40:46 +00:00
|
|
|
assert.Equal(t, "test.com", resp.Header.Get("Access-Control-Allow-Origin"))
|
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
resp2 := rpcRequest(t, url, testMethod, "origin", "bad")
|
2020-08-03 17:40:46 +00:00
|
|
|
assert.Equal(t, "", resp2.Header.Get("Access-Control-Allow-Origin"))
|
|
|
|
}
|
|
|
|
|
|
|
|
// TestVhosts makes sure vhosts are properly handled on the http server.
|
|
|
|
func TestVhosts(t *testing.T) {
|
2022-12-07 13:02:14 +00:00
|
|
|
srv := createAndStartServer(t, &httpConfig{Vhosts: []string{"test"}}, false, &wsConfig{}, nil)
|
2020-08-03 17:40:46 +00:00
|
|
|
defer srv.stop()
|
2021-02-02 09:05:46 +00:00
|
|
|
url := "http://" + srv.listenAddr()
|
2020-08-03 17:40:46 +00:00
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
resp := rpcRequest(t, url, testMethod, "host", "test")
|
2020-08-03 17:40:46 +00:00
|
|
|
assert.Equal(t, resp.StatusCode, http.StatusOK)
|
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
resp2 := rpcRequest(t, url, testMethod, "host", "bad")
|
2020-08-03 17:40:46 +00:00
|
|
|
assert.Equal(t, resp2.StatusCode, http.StatusForbidden)
|
|
|
|
}
|
2020-04-08 11:33:12 +00:00
|
|
|
|
2020-11-19 13:54:49 +00:00
|
|
|
type originTest struct {
|
|
|
|
spec string
|
|
|
|
expOk []string
|
|
|
|
expFail []string
|
|
|
|
}
|
2020-04-08 11:33:12 +00:00
|
|
|
|
2020-11-19 13:54:49 +00:00
|
|
|
// splitAndTrim splits input separated by a comma
|
|
|
|
// and trims excessive white space from the substrings.
|
|
|
|
// Copied over from flags.go
|
|
|
|
func splitAndTrim(input string) (ret []string) {
|
|
|
|
l := strings.Split(input, ",")
|
|
|
|
for _, r := range l {
|
|
|
|
r = strings.TrimSpace(r)
|
|
|
|
if len(r) > 0 {
|
|
|
|
ret = append(ret, r)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ret
|
|
|
|
}
|
2020-08-03 17:40:46 +00:00
|
|
|
|
2020-11-19 13:54:49 +00:00
|
|
|
// TestWebsocketOrigins makes sure the websocket origins are properly handled on the websocket server.
|
|
|
|
func TestWebsocketOrigins(t *testing.T) {
|
|
|
|
tests := []originTest{
|
|
|
|
{
|
|
|
|
spec: "*", // allow all
|
|
|
|
expOk: []string{"", "http://test", "https://test", "http://test:8540", "https://test:8540",
|
|
|
|
"http://test.com", "https://foo.test", "http://testa", "http://atestb:8540", "https://atestb:8540"},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
spec: "test",
|
|
|
|
expOk: []string{"http://test", "https://test", "http://test:8540", "https://test:8540"},
|
|
|
|
expFail: []string{"http://test.com", "https://foo.test", "http://testa", "http://atestb:8540", "https://atestb:8540"},
|
|
|
|
},
|
|
|
|
// scheme tests
|
|
|
|
{
|
|
|
|
spec: "https://test",
|
|
|
|
expOk: []string{"https://test", "https://test:9999"},
|
|
|
|
expFail: []string{
|
|
|
|
"test", // no scheme, required by spec
|
|
|
|
"http://test", // wrong scheme
|
2022-08-19 06:00:21 +00:00
|
|
|
"http://test.foo", "https://a.test.x", // subdomain variations
|
2020-11-19 13:54:49 +00:00
|
|
|
"http://testx:8540", "https://xtest:8540"},
|
|
|
|
},
|
|
|
|
// ip tests
|
|
|
|
{
|
|
|
|
spec: "https://12.34.56.78",
|
|
|
|
expOk: []string{"https://12.34.56.78", "https://12.34.56.78:8540"},
|
|
|
|
expFail: []string{
|
|
|
|
"http://12.34.56.78", // wrong scheme
|
|
|
|
"http://12.34.56.78:443", // wrong scheme
|
|
|
|
"http://1.12.34.56.78", // wrong 'domain name'
|
|
|
|
"http://12.34.56.78.a", // wrong 'domain name'
|
|
|
|
"https://87.65.43.21", "http://87.65.43.21:8540", "https://87.65.43.21:8540"},
|
|
|
|
},
|
|
|
|
// port tests
|
|
|
|
{
|
|
|
|
spec: "test:8540",
|
|
|
|
expOk: []string{"http://test:8540", "https://test:8540"},
|
|
|
|
expFail: []string{
|
|
|
|
"http://test", "https://test", // spec says port required
|
|
|
|
"http://test:8541", "https://test:8541", // wrong port
|
|
|
|
"http://bad", "https://bad", "http://bad:8540", "https://bad:8540"},
|
|
|
|
},
|
|
|
|
// scheme and port
|
|
|
|
{
|
|
|
|
spec: "https://test:8540",
|
|
|
|
expOk: []string{"https://test:8540"},
|
|
|
|
expFail: []string{
|
|
|
|
"https://test", // missing port
|
|
|
|
"http://test", // missing port, + wrong scheme
|
|
|
|
"http://test:8540", // wrong scheme
|
|
|
|
"http://test:8541", "https://test:8541", // wrong port
|
|
|
|
"http://bad", "https://bad", "http://bad:8540", "https://bad:8540"},
|
|
|
|
},
|
|
|
|
// several allowed origins
|
|
|
|
{
|
|
|
|
spec: "localhost,http://127.0.0.1",
|
|
|
|
expOk: []string{"localhost", "http://localhost", "https://localhost:8443",
|
|
|
|
"http://127.0.0.1", "http://127.0.0.1:8080"},
|
|
|
|
expFail: []string{
|
|
|
|
"https://127.0.0.1", // wrong scheme
|
|
|
|
"http://bad", "https://bad", "http://bad:8540", "https://bad:8540"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tc := range tests {
|
2022-12-07 13:02:14 +00:00
|
|
|
srv := createAndStartServer(t, &httpConfig{}, true, &wsConfig{Origins: splitAndTrim(tc.spec)}, nil)
|
2021-02-02 09:05:46 +00:00
|
|
|
url := fmt.Sprintf("ws://%v", srv.listenAddr())
|
2020-11-19 13:54:49 +00:00
|
|
|
for _, origin := range tc.expOk {
|
2022-03-07 07:30:27 +00:00
|
|
|
if err := wsRequest(t, url, "Origin", origin); err != nil {
|
2020-11-19 13:54:49 +00:00
|
|
|
t.Errorf("spec '%v', origin '%v': expected ok, got %v", tc.spec, origin, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, origin := range tc.expFail {
|
2022-03-07 07:30:27 +00:00
|
|
|
if err := wsRequest(t, url, "Origin", origin); err == nil {
|
2020-11-19 13:54:49 +00:00
|
|
|
t.Errorf("spec '%v', origin '%v': expected not to allow, got ok", tc.spec, origin)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
srv.stop()
|
|
|
|
}
|
2020-08-03 17:40:46 +00:00
|
|
|
}
|
|
|
|
|
2020-10-07 18:05:14 +00:00
|
|
|
// TestIsWebsocket tests if an incoming websocket upgrade request is handled properly.
|
|
|
|
func TestIsWebsocket(t *testing.T) {
|
2023-01-24 09:12:25 +00:00
|
|
|
r, _ := http.NewRequest(http.MethodGet, "/", nil)
|
2020-10-07 18:05:14 +00:00
|
|
|
|
|
|
|
assert.False(t, isWebsocket(r))
|
|
|
|
r.Header.Set("upgrade", "websocket")
|
|
|
|
assert.False(t, isWebsocket(r))
|
|
|
|
r.Header.Set("connection", "upgrade")
|
|
|
|
assert.True(t, isWebsocket(r))
|
|
|
|
r.Header.Set("connection", "upgrade,keep-alive")
|
|
|
|
assert.True(t, isWebsocket(r))
|
|
|
|
r.Header.Set("connection", " UPGRADE,keep-alive")
|
|
|
|
assert.True(t, isWebsocket(r))
|
|
|
|
}
|
|
|
|
|
2021-02-02 09:05:46 +00:00
|
|
|
func Test_checkPath(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
req *http.Request
|
|
|
|
prefix string
|
|
|
|
expected bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/test"}},
|
|
|
|
prefix: "/test",
|
|
|
|
expected: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/testing"}},
|
|
|
|
prefix: "/test",
|
|
|
|
expected: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/"}},
|
|
|
|
prefix: "/test",
|
|
|
|
expected: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/fail"}},
|
|
|
|
prefix: "/test",
|
|
|
|
expected: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/"}},
|
|
|
|
prefix: "",
|
|
|
|
expected: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/fail"}},
|
|
|
|
prefix: "",
|
|
|
|
expected: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/"}},
|
|
|
|
prefix: "/",
|
|
|
|
expected: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
req: &http.Request{URL: &url.URL{Path: "/testing"}},
|
|
|
|
prefix: "/",
|
|
|
|
expected: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for i, tt := range tests {
|
|
|
|
t.Run(strconv.Itoa(i), func(t *testing.T) {
|
|
|
|
assert.Equal(t, tt.expected, checkPath(tt.req, tt.prefix))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
func createAndStartServer(t *testing.T, conf *httpConfig, ws bool, wsConf *wsConfig, timeouts *rpc.HTTPTimeouts) *httpServer {
|
2020-08-03 17:40:46 +00:00
|
|
|
t.Helper()
|
|
|
|
|
2022-12-07 13:02:14 +00:00
|
|
|
if timeouts == nil {
|
|
|
|
timeouts = &rpc.DefaultHTTPTimeouts
|
|
|
|
}
|
|
|
|
srv := newHTTPServer(testlog.Logger(t, log.LvlDebug), *timeouts)
|
|
|
|
assert.NoError(t, srv.enableRPC(apis(), *conf))
|
2020-08-03 17:40:46 +00:00
|
|
|
if ws {
|
2021-02-02 09:05:46 +00:00
|
|
|
assert.NoError(t, srv.enableWS(nil, *wsConf))
|
2020-08-03 17:40:46 +00:00
|
|
|
}
|
|
|
|
assert.NoError(t, srv.setListenAddr("localhost", 0))
|
|
|
|
assert.NoError(t, srv.start())
|
|
|
|
return srv
|
|
|
|
}
|
2020-04-08 11:33:12 +00:00
|
|
|
|
2021-02-02 09:05:46 +00:00
|
|
|
// wsRequest attempts to open a WebSocket connection to the given URL.
|
2022-03-07 07:30:27 +00:00
|
|
|
func wsRequest(t *testing.T, url string, extraHeaders ...string) error {
|
2020-11-19 13:54:49 +00:00
|
|
|
t.Helper()
|
2022-03-07 07:30:27 +00:00
|
|
|
//t.Logf("checking WebSocket on %s (origin %q)", url, browserOrigin)
|
2021-02-02 09:05:46 +00:00
|
|
|
|
|
|
|
headers := make(http.Header)
|
2022-03-07 07:30:27 +00:00
|
|
|
// Apply extra headers.
|
|
|
|
if len(extraHeaders)%2 != 0 {
|
|
|
|
panic("odd extraHeaders length")
|
|
|
|
}
|
|
|
|
for i := 0; i < len(extraHeaders); i += 2 {
|
|
|
|
key, value := extraHeaders[i], extraHeaders[i+1]
|
|
|
|
headers.Set(key, value)
|
2021-02-02 09:05:46 +00:00
|
|
|
}
|
|
|
|
conn, _, err := websocket.DefaultDialer.Dial(url, headers)
|
|
|
|
if conn != nil {
|
|
|
|
conn.Close()
|
|
|
|
}
|
2020-11-19 13:54:49 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-02-02 09:05:46 +00:00
|
|
|
// rpcRequest performs a JSON-RPC request to the given URL.
|
2022-12-07 13:02:14 +00:00
|
|
|
func rpcRequest(t *testing.T, url, method string, extraHeaders ...string) *http.Response {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
body := fmt.Sprintf(`{"jsonrpc":"2.0","id":1,"method":"%s","params":[]}`, method)
|
|
|
|
return baseRpcRequest(t, url, body, extraHeaders...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func batchRpcRequest(t *testing.T, url string, methods []string, extraHeaders ...string) *http.Response {
|
|
|
|
reqs := make([]string, len(methods))
|
|
|
|
for i, m := range methods {
|
|
|
|
reqs[i] = fmt.Sprintf(`{"jsonrpc":"2.0","id":1,"method":"%s","params":[]}`, m)
|
|
|
|
}
|
|
|
|
body := fmt.Sprintf(`[%s]`, strings.Join(reqs, ","))
|
|
|
|
return baseRpcRequest(t, url, body, extraHeaders...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func baseRpcRequest(t *testing.T, url, bodyStr string, extraHeaders ...string) *http.Response {
|
2020-08-03 17:40:46 +00:00
|
|
|
t.Helper()
|
2020-04-08 11:33:12 +00:00
|
|
|
|
2021-02-02 09:05:46 +00:00
|
|
|
// Create the request.
|
2022-12-07 13:02:14 +00:00
|
|
|
body := bytes.NewReader([]byte(bodyStr))
|
2023-01-24 09:12:25 +00:00
|
|
|
req, err := http.NewRequest(http.MethodPost, url, body)
|
2021-02-02 09:05:46 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal("could not create http request:", err)
|
|
|
|
}
|
2020-08-03 17:40:46 +00:00
|
|
|
req.Header.Set("content-type", "application/json")
|
2022-12-07 13:02:14 +00:00
|
|
|
req.Header.Set("accept-encoding", "identity")
|
2021-02-02 09:05:46 +00:00
|
|
|
|
|
|
|
// Apply extra headers.
|
|
|
|
if len(extraHeaders)%2 != 0 {
|
|
|
|
panic("odd extraHeaders length")
|
2020-08-03 17:40:46 +00:00
|
|
|
}
|
2021-02-02 09:05:46 +00:00
|
|
|
for i := 0; i < len(extraHeaders); i += 2 {
|
|
|
|
key, value := extraHeaders[i], extraHeaders[i+1]
|
2022-05-17 11:56:52 +00:00
|
|
|
if strings.EqualFold(key, "host") {
|
2021-02-02 09:05:46 +00:00
|
|
|
req.Host = value
|
|
|
|
} else {
|
|
|
|
req.Header.Set(key, value)
|
|
|
|
}
|
2020-08-03 17:40:46 +00:00
|
|
|
}
|
2020-04-08 11:33:12 +00:00
|
|
|
|
2021-02-02 09:05:46 +00:00
|
|
|
// Perform the request.
|
|
|
|
t.Logf("checking RPC/HTTP on %s %v", url, extraHeaders)
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
2020-08-03 17:40:46 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2023-03-27 11:44:41 +00:00
|
|
|
t.Cleanup(func() { resp.Body.Close() })
|
2020-08-03 17:40:46 +00:00
|
|
|
return resp
|
2020-04-08 11:33:12 +00:00
|
|
|
}
|
2022-03-07 07:30:27 +00:00
|
|
|
|
|
|
|
type testClaim map[string]interface{}
|
|
|
|
|
|
|
|
func (testClaim) Valid() error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestJWT(t *testing.T) {
|
|
|
|
var secret = []byte("secret")
|
|
|
|
issueToken := func(secret []byte, method jwt.SigningMethod, input map[string]interface{}) string {
|
|
|
|
if method == nil {
|
|
|
|
method = jwt.SigningMethodHS256
|
|
|
|
}
|
|
|
|
ss, _ := jwt.NewWithClaims(method, testClaim(input)).SignedString(secret)
|
|
|
|
return ss
|
|
|
|
}
|
2022-06-02 18:21:35 +00:00
|
|
|
srv := createAndStartServer(t, &httpConfig{jwtSecret: []byte("secret")},
|
2022-12-07 13:02:14 +00:00
|
|
|
true, &wsConfig{Origins: []string{"*"}, jwtSecret: []byte("secret")}, nil)
|
2022-06-02 18:21:35 +00:00
|
|
|
wsUrl := fmt.Sprintf("ws://%v", srv.listenAddr())
|
|
|
|
htUrl := fmt.Sprintf("http://%v", srv.listenAddr())
|
|
|
|
|
2022-06-20 08:10:25 +00:00
|
|
|
expOk := []func() string{
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 4}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 4}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{
|
|
|
|
"iat": time.Now().Unix(),
|
|
|
|
"exp": time.Now().Unix() + 2,
|
|
|
|
}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{
|
|
|
|
"iat": time.Now().Unix(),
|
|
|
|
"bar": "baz",
|
|
|
|
}))
|
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
}
|
2022-06-20 08:10:25 +00:00
|
|
|
for i, tokenFn := range expOk {
|
|
|
|
token := tokenFn()
|
2022-06-02 18:21:35 +00:00
|
|
|
if err := wsRequest(t, wsUrl, "Authorization", token); err != nil {
|
|
|
|
t.Errorf("test %d-ws, token '%v': expected ok, got %v", i, token, err)
|
|
|
|
}
|
2022-06-20 08:10:25 +00:00
|
|
|
token = tokenFn()
|
2022-12-07 13:02:14 +00:00
|
|
|
if resp := rpcRequest(t, htUrl, testMethod, "Authorization", token); resp.StatusCode != 200 {
|
2022-06-02 18:21:35 +00:00
|
|
|
t.Errorf("test %d-http, token '%v': expected ok, got %v", i, token, resp.StatusCode)
|
|
|
|
}
|
|
|
|
}
|
2022-06-20 08:10:25 +00:00
|
|
|
|
|
|
|
expFail := []func() string{
|
2022-03-07 07:30:27 +00:00
|
|
|
// future
|
2022-06-20 08:10:25 +00:00
|
|
|
func() string {
|
2022-07-28 06:30:50 +00:00
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + int64(jwtExpiryTimeout.Seconds()) + 1}))
|
2022-06-20 08:10:25 +00:00
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
// stale
|
2022-06-20 08:10:25 +00:00
|
|
|
func() string {
|
2022-07-28 06:30:50 +00:00
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - int64(jwtExpiryTimeout.Seconds()) - 1}))
|
2022-06-20 08:10:25 +00:00
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
// wrong algo
|
2022-06-20 08:10:25 +00:00
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, jwt.SigningMethodHS512, testClaim{"iat": time.Now().Unix() + 4}))
|
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
// expired
|
2022-06-20 08:10:25 +00:00
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix(), "exp": time.Now().Unix()}))
|
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
// missing mandatory iat
|
2022-06-20 08:10:25 +00:00
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{}))
|
|
|
|
},
|
|
|
|
// wrong secret
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken([]byte("wrong"), nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken([]byte{}, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(nil, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
// Various malformed syntax
|
2022-06-20 08:10:25 +00:00
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer: %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer:%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer\t%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
|
|
|
func() string {
|
|
|
|
return fmt.Sprintf("Bearer \t%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
|
|
|
},
|
2022-03-07 07:30:27 +00:00
|
|
|
}
|
2022-06-20 08:10:25 +00:00
|
|
|
for i, tokenFn := range expFail {
|
|
|
|
token := tokenFn()
|
2022-03-07 07:30:27 +00:00
|
|
|
if err := wsRequest(t, wsUrl, "Authorization", token); err == nil {
|
|
|
|
t.Errorf("tc %d-ws, token '%v': expected not to allow, got ok", i, token)
|
|
|
|
}
|
2022-08-30 14:41:09 +00:00
|
|
|
|
2022-06-20 08:10:25 +00:00
|
|
|
token = tokenFn()
|
2022-12-07 13:02:14 +00:00
|
|
|
resp := rpcRequest(t, htUrl, testMethod, "Authorization", token)
|
2022-08-30 14:41:09 +00:00
|
|
|
if resp.StatusCode != http.StatusUnauthorized {
|
2022-03-07 07:30:27 +00:00
|
|
|
t.Errorf("tc %d-http, token '%v': expected not to allow, got %v", i, token, resp.StatusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
srv.stop()
|
|
|
|
}
|
2022-12-07 13:02:14 +00:00
|
|
|
|
|
|
|
func TestGzipHandler(t *testing.T) {
|
|
|
|
type gzipTest struct {
|
|
|
|
name string
|
|
|
|
handler http.HandlerFunc
|
|
|
|
status int
|
|
|
|
isGzip bool
|
|
|
|
header map[string]string
|
|
|
|
}
|
|
|
|
tests := []gzipTest{
|
|
|
|
{
|
|
|
|
name: "Write",
|
|
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Write([]byte("response"))
|
|
|
|
},
|
|
|
|
isGzip: true,
|
|
|
|
status: 200,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "WriteHeader",
|
|
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("x-foo", "bar")
|
|
|
|
w.WriteHeader(205)
|
|
|
|
w.Write([]byte("response"))
|
|
|
|
},
|
|
|
|
isGzip: true,
|
|
|
|
status: 205,
|
|
|
|
header: map[string]string{"x-foo": "bar"},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "WriteContentLength",
|
|
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("content-length", "8")
|
|
|
|
w.Write([]byte("response"))
|
|
|
|
},
|
|
|
|
isGzip: true,
|
|
|
|
status: 200,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Flush",
|
|
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Write([]byte("res"))
|
|
|
|
w.(http.Flusher).Flush()
|
|
|
|
w.Write([]byte("ponse"))
|
|
|
|
},
|
|
|
|
isGzip: true,
|
|
|
|
status: 200,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "disable",
|
|
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("transfer-encoding", "identity")
|
|
|
|
w.Header().Set("x-foo", "bar")
|
|
|
|
w.Write([]byte("response"))
|
|
|
|
},
|
|
|
|
isGzip: false,
|
|
|
|
status: 200,
|
|
|
|
header: map[string]string{"x-foo": "bar"},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "disable-WriteHeader",
|
|
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("transfer-encoding", "identity")
|
|
|
|
w.Header().Set("x-foo", "bar")
|
|
|
|
w.WriteHeader(205)
|
|
|
|
w.Write([]byte("response"))
|
|
|
|
},
|
|
|
|
isGzip: false,
|
|
|
|
status: 205,
|
|
|
|
header: map[string]string{"x-foo": "bar"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
test := test
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
srv := httptest.NewServer(newGzipHandler(test.handler))
|
|
|
|
defer srv.Close()
|
|
|
|
|
|
|
|
resp, err := http.Get(srv.URL)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
content, err := io.ReadAll(resp.Body)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
wasGzip := resp.Uncompressed
|
|
|
|
|
|
|
|
if string(content) != "response" {
|
|
|
|
t.Fatalf("wrong response content %q", content)
|
|
|
|
}
|
|
|
|
if wasGzip != test.isGzip {
|
|
|
|
t.Fatalf("response gzipped == %t, want %t", wasGzip, test.isGzip)
|
|
|
|
}
|
|
|
|
if resp.StatusCode != test.status {
|
|
|
|
t.Fatalf("response status == %d, want %d", resp.StatusCode, test.status)
|
|
|
|
}
|
|
|
|
for name, expectedValue := range test.header {
|
|
|
|
if v := resp.Header.Get(name); v != expectedValue {
|
|
|
|
t.Fatalf("response header %s == %s, want %s", name, v, expectedValue)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestHTTPWriteTimeout(t *testing.T) {
|
|
|
|
const (
|
|
|
|
timeoutRes = `{"jsonrpc":"2.0","id":1,"error":{"code":-32002,"message":"request timed out"}}`
|
|
|
|
greetRes = `{"jsonrpc":"2.0","id":1,"result":"Hello"}`
|
|
|
|
)
|
|
|
|
// Set-up server
|
|
|
|
timeouts := rpc.DefaultHTTPTimeouts
|
|
|
|
timeouts.WriteTimeout = time.Second
|
|
|
|
srv := createAndStartServer(t, &httpConfig{Modules: []string{"test"}}, false, &wsConfig{}, &timeouts)
|
|
|
|
url := fmt.Sprintf("http://%v", srv.listenAddr())
|
|
|
|
|
|
|
|
// Send normal request
|
|
|
|
t.Run("message", func(t *testing.T) {
|
|
|
|
resp := rpcRequest(t, url, "test_sleep")
|
|
|
|
defer resp.Body.Close()
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if string(body) != timeoutRes {
|
|
|
|
t.Errorf("wrong response. have %s, want %s", string(body), timeoutRes)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
// Batch request
|
|
|
|
t.Run("batch", func(t *testing.T) {
|
|
|
|
want := fmt.Sprintf("[%s,%s,%s]", greetRes, timeoutRes, timeoutRes)
|
|
|
|
resp := batchRpcRequest(t, url, []string{"test_greet", "test_sleep", "test_greet"})
|
|
|
|
defer resp.Body.Close()
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if string(body) != want {
|
|
|
|
t.Errorf("wrong response. have %s, want %s", string(body), want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func apis() []rpc.API {
|
|
|
|
return []rpc.API{
|
|
|
|
{
|
|
|
|
Namespace: "test",
|
|
|
|
Service: &testService{},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type testService struct{}
|
|
|
|
|
|
|
|
func (s *testService) Greet() string {
|
|
|
|
return "Hello"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testService) Sleep() {
|
|
|
|
time.Sleep(1500 * time.Millisecond)
|
|
|
|
}
|