1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
{-# OPTIONS_GHC -fno-warn-warnings-deprecations #-}
{-# LANGUAGE BangPatterns #-}
{-# LANGUAGE OverloadedStrings #-}
module Snap.Util.Proxy.Tests (tests) where
------------------------------------------------------------------------------
import Control.Monad.State.Strict (modify)
import Data.ByteString.Char8 (ByteString)
import qualified Data.ByteString.Char8 as S
import Data.CaseInsensitive (CI (..))
import qualified Data.Map as Map
import Snap.Core (Request (rqClientAddr, rqClientPort), Snap, rqRemotePort, withRequest)
import Snap.Test (RequestBuilder, evalHandler, get, setHeader)
import Snap.Test.Common (coverEqInstance, coverOrdInstance, coverReadInstance, coverShowInstance)
import Snap.Util.Proxy (ProxyType (NoProxy, X_Forwarded_For), behindProxy)
import Test.Framework (Test)
import Test.Framework.Providers.HUnit (testCase)
import Test.HUnit (assertEqual)
------------------------------------------------------------------------------
------------------------------------------------------------------------------
tests :: [Test]
tests = [ testNoProxy
, testForwardedFor
, testTrivials
]
---------------
-- Constants --
---------------
------------------------------------------------------------------------------
initialPort :: Int
initialPort = 9999
initialAddr :: ByteString
initialAddr = "127.0.0.1"
-----------
-- Tests --
-----------
------------------------------------------------------------------------------
testNoProxy :: Test
testNoProxy = testCase "proxy/no-proxy" $ do
a <- evalHandler (mkReq $ forwardedFor ["4.3.2.1"])
(behindProxy NoProxy reportRemoteAddr)
p <- evalHandler (mkReq $ forwardedFor ["4.3.2.1"] >> xForwardedPort [10903])
(behindProxy NoProxy reportRemotePort)
assertEqual "NoProxy leaves request alone" initialAddr a
assertEqual "NoProxy leaves request alone" initialPort p
--------------------------------------------------------------------------
b <- evalHandler (mkReq $ xForwardedFor ["2fe3::d4"])
(behindProxy NoProxy reportRemoteAddr)
assertEqual "NoProxy leaves request alone" initialAddr b
--------------------------------------------------------------------------
c <- evalHandler (mkReq $ return ())
(behindProxy NoProxy reportRemoteAddr)
assertEqual "NoProxy leaves request alone" initialAddr c
------------------------------------------------------------------------------
testForwardedFor :: Test
testForwardedFor = testCase "proxy/forwarded-for" $ do
(a,p) <- evalHandler (mkReq $ return ()) handler
assertEqual "No Forwarded-For, no change" initialAddr a
assertEqual "port" initialPort p
--------------------------------------------------------------------------
(b,q) <- evalHandler (mkReq $ forwardedFor [ip4]) handler
assertEqual "Behind 5.6.7.8" ip4 b
assertEqual "No Forwarded-Port, no port change" initialPort q
--------------------------------------------------------------------------
(c,_) <- evalHandler (mkReq $ xForwardedFor [ip4, ip6]) handler
assertEqual "Behind 23fe::d4" ip6 c
--------------------------------------------------------------------------
(d,r) <- evalHandler (mkReq $ xForwardedFor [ip6, ip4] >> xForwardedPort [20202, port]) handler
assertEqual "Behind 5.6.7.8" ip4 d
assertEqual "port change" port r
where
handler = behindProxy X_Forwarded_For $ do
!a <- reportRemoteAddr
!p <- reportRemotePort'
return $! (a,p)
ip4 = "5.6.7.8"
ip6 = "23fe::d4"
port = 10101
------------------------------------------------------------------------------
testTrivials :: Test
testTrivials = testCase "proxy/trivials" $ do
coverShowInstance NoProxy
coverReadInstance NoProxy
coverEqInstance NoProxy
coverOrdInstance NoProxy
---------------
-- Functions --
---------------
------------------------------------------------------------------------------
mkReq :: RequestBuilder IO () -> RequestBuilder IO ()
mkReq m = do
get "/" Map.empty
modify $ \req -> req { rqClientAddr = initialAddr
, rqClientPort = initialPort
}
m
------------------------------------------------------------------------------
reportRemoteAddr :: Snap ByteString
reportRemoteAddr = withRequest $ \req -> return $ rqClientAddr req
------------------------------------------------------------------------------
reportRemotePort :: Snap Int
reportRemotePort = withRequest $ \req -> return $ rqClientPort req
------------------------------------------------------------------------------
-- Cover deprecated rqRemotePort
reportRemotePort' :: Snap Int
reportRemotePort' = withRequest $ \req -> return $ rqRemotePort req
------------------------------------------------------------------------------
forwardedFor' :: CI ByteString -- ^ header name
-> [ByteString] -- ^ list of "forwarded-for"
-> RequestBuilder IO ()
forwardedFor' hdr addrs =
setHeader hdr $ S.intercalate ", " addrs
------------------------------------------------------------------------------
forwardedFor :: [ByteString]
-> RequestBuilder IO ()
forwardedFor = forwardedFor' "Forwarded-For"
------------------------------------------------------------------------------
xForwardedFor :: [ByteString]
-> RequestBuilder IO ()
xForwardedFor = forwardedFor' "X-Forwarded-For"
------------------------------------------------------------------------------
xForwardedPort :: [Int] -- ^ list of "forwarded-port"
-> RequestBuilder IO ()
xForwardedPort ports =
setHeader "X-Forwarded-Port" $ S.intercalate ", " $ map (S.pack . show) $ ports
|
