mirror of
https://github.com/0xJacky/nginx-ui.git
synced 2026-05-06 22:12:23 +08:00
93 lines
2.2 KiB
Go
93 lines
2.2 KiB
Go
package streams
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/0xJacky/Nginx-UI/internal/cache"
|
|
"github.com/0xJacky/Nginx-UI/internal/middleware"
|
|
internaluser "github.com/0xJacky/Nginx-UI/internal/user"
|
|
"github.com/0xJacky/Nginx-UI/model"
|
|
"github.com/0xJacky/Nginx-UI/query"
|
|
"github.com/gin-gonic/gin"
|
|
cosysettings "github.com/uozi-tech/cosy/settings"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func setupStreamSecurityTest(t *testing.T) string {
|
|
t.Helper()
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
cache.InitInMemoryCache()
|
|
|
|
originalJWTSecret := cosysettings.AppSettings.JwtSecret
|
|
cosysettings.AppSettings.JwtSecret = "test-secret"
|
|
|
|
db, err := gorm.Open(sqlite.Open(fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())), &gorm.Config{})
|
|
if err != nil {
|
|
t.Fatalf("failed to open test db: %v", err)
|
|
}
|
|
|
|
if err := db.AutoMigrate(&model.User{}, &model.AuthToken{}, &model.Passkey{}); err != nil {
|
|
t.Fatalf("failed to migrate test db: %v", err)
|
|
}
|
|
|
|
model.Use(db)
|
|
query.Use(db)
|
|
query.SetDefault(db)
|
|
|
|
otpUser := &model.User{
|
|
Model: model.Model{ID: 2},
|
|
Name: "otp",
|
|
Status: true,
|
|
Language: "en",
|
|
OTPSecret: []byte("otp-enabled"),
|
|
}
|
|
if err := db.Create(otpUser).Error; err != nil {
|
|
t.Fatalf("failed to create test user: %v", err)
|
|
}
|
|
|
|
payload, err := internaluser.GenerateJWT(otpUser)
|
|
if err != nil {
|
|
t.Fatalf("failed to create token: %v", err)
|
|
}
|
|
|
|
t.Cleanup(func() {
|
|
cache.Shutdown()
|
|
cosysettings.AppSettings.JwtSecret = originalJWTSecret
|
|
})
|
|
|
|
return payload.Token
|
|
}
|
|
|
|
func TestStreamSaveRequiresSecureSessionForOTPUser(t *testing.T) {
|
|
token := setupStreamSecurityTest(t)
|
|
|
|
router := gin.New()
|
|
group := router.Group("/", middleware.AuthRequired())
|
|
InitRouter(group)
|
|
|
|
body, err := json.Marshal(gin.H{
|
|
"content": "server {\n listen 8080;\n}\n",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("failed to marshal request body: %v", err)
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/streams/tcp_proxy", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req.Header.Set("Authorization", token)
|
|
|
|
recorder := httptest.NewRecorder()
|
|
router.ServeHTTP(recorder, req)
|
|
|
|
if recorder.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected 401, got %d", recorder.Code)
|
|
}
|
|
}
|