GOMODULES/fiber
1
0
Fork 0
mirror of https://github.com/gofiber/fiber.git synced 2025-05-31 03:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
fiber/middleware/cors/utils_test.go
RW ec48a76f14
V2 to v3 merge (#2864) 
* Update pull_request_template.md

* Update v3-changes.md

* Update CONTRIBUTING.md (#2752)

Grammar correction.

* chore(encryptcookie)!: update default config (#2753)

* chore(encryptcookie)!: update default config

docs(encryptcookie): enhance documentation and examples

BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.

* docs(encryptcookie): reads or modifies cookies

* chore(encryptcookie): csrf config example

* docs(encryptcookie): md table spacing

* build(deps): bump actions/setup-go from 4 to 5 (#2754)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* 🩹 middleware/logger/: log client IP address by default (#2755)

* middleware/logger: Log client IP address by default.

* Update doc.

* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)

* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"

This reverts commit 28be17f929cfa7d3c27dd292fc3956f2f9882e22.

* fix: request ContextKey default value condition

Should check for `nil` since it is `any`.

* fix: don't constrain middlewares' context-keys to strings

`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.

The official go blog also recommends this https://go.dev/blog/context.

`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.

But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.

This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.

* 📚 Update app.md for indentation (#2761)

Update app.md for indentation

* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 2 to 3 (#2763)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Changing default log output (#2730)

changing default log output

Closes #2729

* Update hooks.md

fix wrong hooks signature

* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)

* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)

* 🩹🚨 - fix for redirect with query params (#2748)

* redirect with query params did not work, fix it and add test for it

* redirect middleware - fix test typo

* ♻️ logger/middleware colorize logger error message #2593 (#2773)

*  feat: add liveness and readiness checks (#2509)

*  feat: add liveness and readiness checkers

* 📝 docs: add docs for liveness and readiness

*  feat: add options method for probe checkers

*  tests: add tests for liveness and readiness

* ♻️ refactor: change default endpoint values

* ♻️ refactor: change default value for liveness endpoint

* 📝 docs: add return status for liveness and readiness probes

* ♻️ refactor: change probechecker to middleware

* 📝 docs: move docs to middleware session

* ♻️ refactor: apply gofumpt formatting

* ♻️ refactor: remove unused parameter

* split config and apply a review

* apply reviews and add testcases

* add benchmark

* cleanup

* rename middleware

* fix linter

* Update docs and config values

* Revert change to IsReady

* Updates based on code review

* Update docs to match other middlewares

---------

Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>

* prepare release v2.52.0
- add more Parser tests

* fix healthcheck.md

* configure workflows for V2 branch

* configure workflows for V2 branch

* Fix default value to false in docs of QueryBool (#2811)

fix default value to false in docs of QueryBool

* update queryParser config

* Update ctx.md

* Update routing.md

* merge v2 in v3

* merge v2 in v3

* lint fixes

* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md

Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)

* fix: healthcheck middleware not working with route group (#2863)

* fix: healthcheck middleware not working with route group

* perf: change verification method to improve perf

* Update healthcheck_test.go

* test: add not matching route test for strict routing

* add more test cases

* correct tests

* correct test helpers

* correct tests

* correct tests

---------

Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>

* merge v2 in v3

* Merge pull request from GHSA-fmg4-x8pw-hjhg

* Enforce Wildcard Origins with AllowCredentials check

* Expand unit-tests, fix issues with subdomains logic, update docs

* Update cors.md

* Added test using localhost, ipv4, and ipv6 address

* improve documentation markdown

---------

Co-authored-by: René Werner <rene@gofiber.io>

* Update app.go

prepare release v2.52.1

* fix cors domain normalize

* fix sync-docs workflow

* test: fix failing tests

* fix sync-docs workflow

* test: cors middleware use testify require

* chore: fix lint warnings

* chore: revert test isolation.

* fixed the fasthttp ctx race condition problem

* Update middleware/cors/utils.go

Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>

* fix sync_docs.sh

* fix review comments/hints

* fix review comments/hints

* stabilize Test_Proxy_Timeout_Slow_Server test

* stabilize Test_Proxy_.* tests

* ignore bodyclose linter for tests
use http.NoBody instead of nil

* revert(tests): undo http.NoBody usage

* fix(ctx pool): postpone the reset for some values

shortly before the release in the pool

* refactor(tests): use testify panic method instead of custom solution

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Lucas Lemos <lucashenriqueblemos@gmail.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
2024-02-29 08:29:59 +01:00

146 lines
8.8 KiB
Go
Raw Blame History

package cors
import (
"testing"
)
// go test -run -v Test_normalizeOrigin
func Test_normalizeOrigin(t *testing.T) {
testCases := []struct {
origin string
expectedValid bool
expectedOrigin string
}{
{"http://example.com", true, "http://example.com"}, // Simple case should work.
{"http://example.com/", true, "http://example.com"}, // Trailing slash should be removed.
{"http://example.com:3000", true, "http://example.com:3000"}, // Port should be preserved.
{"http://example.com:3000/", true, "http://example.com:3000"}, // Trailing slash should be removed.
{"http://", false, ""}, // Invalid origin should not be accepted.
{"http://example.com/path", false, ""}, // Path should not be accepted.
{"http://example.com?query=123", false, ""}, // Query should not be accepted.
{"http://example.com#fragment", false, ""}, // Fragment should not be accepted.
{"http://localhost", true, "http://localhost"}, // Localhost should be accepted.
{"http://127.0.0.1", true, "http://127.0.0.1"}, // IPv4 address should be accepted.
{"http://[::1]", true, "http://[::1]"}, // IPv6 address should be accepted.
{"http://[::1]:8080", true, "http://[::1]:8080"}, // IPv6 address with port should be accepted.
{"http://[::1]:8080/", true, "http://[::1]:8080"}, // IPv6 address with port and trailing slash should be accepted.
{"http://[::1]:8080/path", false, ""}, // IPv6 address with port and path should not be accepted.
{"http://[::1]:8080?query=123", false, ""}, // IPv6 address with port and query should not be accepted.
{"http://[::1]:8080#fragment", false, ""}, // IPv6 address with port and fragment should not be accepted.
{"http://[::1]:8080/path?query=123#fragment", false, ""}, // IPv6 address with port, path, query, and fragment should not be accepted.
{"http://[::1]:8080/path?query=123#fragment/", false, ""}, // IPv6 address with port, path, query, fragment, and trailing slash should not be accepted.
{"http://[::1]:8080/path?query=123#fragment/invalid", false, ""}, // IPv6 address with port, path, query, fragment, trailing slash, and invalid segment should not be accepted.
{"http://[::1]:8080/path?query=123#fragment/invalid/", false, ""}, // IPv6 address with port, path, query, fragment, trailing slash, and invalid segment with trailing slash should not be accepted.
{"http://[::1]:8080/path?query=123#fragment/invalid/segment", false, ""}, // IPv6 address with port, path, query, fragment, trailing slash, and invalid segment with additional segment should not be accepted.
}
for _, tc := range testCases {
valid, normalizedOrigin := normalizeOrigin(tc.origin)
if valid != tc.expectedValid {
t.Errorf("Expected origin '%s' to be valid: %v, but got: %v", tc.origin, tc.expectedValid, valid)
}
if normalizedOrigin != tc.expectedOrigin {
t.Errorf("Expected normalized origin '%s' for origin '%s', but got: '%s'", tc.expectedOrigin, tc.origin, normalizedOrigin)
}
}
}
// go test -run -v Test_matchScheme
func Test_matchScheme(t *testing.T) {
testCases := []struct {
domain string
pattern string
expected bool
}{
{"http://example.com", "http://example.com", true}, // Exact match should work.
{"https://example.com", "http://example.com", false}, // Scheme mismatch should matter.
{"http://example.com", "https://example.com", false}, // Scheme mismatch should matter.
{"http://example.com", "http://example.org", true}, // Different domains should not matter.
{"http://example.com", "http://example.com:8080", true}, // Port should not matter.
{"http://example.com:8080", "http://example.com", true}, // Port should not matter.
{"http://example.com:8080", "http://example.com:8081", true}, // Different ports should not matter.
{"http://localhost", "http://localhost", true}, // Localhost should match.
{"http://127.0.0.1", "http://127.0.0.1", true}, // IPv4 address should match.
{"http://[::1]", "http://[::1]", true}, // IPv6 address should match.
}
for _, tc := range testCases {
result := matchScheme(tc.domain, tc.pattern)
if result != tc.expected {
t.Errorf("Expected matchScheme('%s', '%s') to be %v, but got %v", tc.domain, tc.pattern, tc.expected, result)
}
}
}
// go test -run -v Test_validateOrigin
func Test_validateOrigin(t *testing.T) {
testCases := []struct {
domain string
pattern string
expected bool
}{
{"http://example.com", "http://example.com", true}, // Exact match should work.
{"https://example.com", "http://example.com", false}, // Scheme mismatch should matter in CORS context.
{"http://example.com", "https://example.com", false}, // Scheme mismatch should matter in CORS context.
{"http://example.com", "http://example.org", false}, // Different domains should not match.
{"http://example.com", "http://example.com:8080", false}, // Port mismatch should matter.
{"http://example.com:8080", "http://example.com", false}, // Port mismatch should matter.
{"http://example.com:8080", "http://example.com:8081", false}, // Different ports should not match.
{"example.com", "example.com", true}, // Simplified form, assuming scheme and port are not considered here, but in practice, they are part of the origin.
{"sub.example.com", "example.com", false}, // Subdomain should not match the base domain directly.
{"sub.example.com", "*.example.com", true}, // Correct assumption for wildcard subdomain matching.
{"example.com", "*.example.com", false}, // Base domain should not match its wildcard subdomain pattern.
{"sub.example.com", "*.com", true}, // Technically correct for pattern matching, but broad wildcard use like this is not recommended for CORS.
{"sub.sub.example.com", "*.example.com", true}, // Nested subdomain should match the wildcard pattern.
{"example.com", "*.org", false}, // Different TLDs should not match.
{"example.com", "example.org", false}, // Different domains should not match.
{"example.com:8080", "*.example.com", false}, // Different ports mean different origins.
{"example.com", "sub.example.net", false}, // Different domains should not match.
{"http://localhost", "http://localhost", true}, // Localhost should match.
{"http://127.0.0.1", "http://127.0.0.1", true}, // IPv4 address should match.
{"http://[::1]", "http://[::1]", true}, // IPv6 address should match.
}
for _, tc := range testCases {
result := validateDomain(tc.domain, tc.pattern)
if result != tc.expected {
t.Errorf("Expected validateOrigin('%s', '%s') to be %v, but got %v", tc.domain, tc.pattern, tc.expected, result)
}
}
}
// go test -run -v Test_normalizeDomain
func Test_normalizeDomain(t *testing.T) {
testCases := []struct {
input string
expectedOutput string
}{
{"http://example.com", "example.com"}, // Simple case with http scheme.
{"https://example.com", "example.com"}, // Simple case with https scheme.
{"http://example.com:3000", "example.com"}, // Case with port.
{"https://example.com:3000", "example.com"}, // Case with port and https scheme.
{"http://example.com/path", "example.com/path"}, // Case with path.
{"http://example.com?query=123", "example.com?query=123"}, // Case with query.
{"http://example.com#fragment", "example.com#fragment"}, // Case with fragment.
{"example.com", "example.com"}, // Case without scheme.
{"example.com:8080", "example.com"}, // Case without scheme but with port.
{"sub.example.com", "sub.example.com"}, // Case with subdomain.
{"sub.sub.example.com", "sub.sub.example.com"}, // Case with nested subdomain.
{"http://localhost", "localhost"}, // Case with localhost.
{"http://127.0.0.1", "127.0.0.1"}, // Case with IPv4 address.
{"http://[::1]", "[::1]"}, // Case with IPv6 address.
}
for _, tc := range testCases {
output := normalizeDomain(tc.input)
if output != tc.expectedOutput {
t.Errorf("Expected normalized domain '%s' for input '%s', but got: '%s'", tc.expectedOutput, tc.input, output)
}
}
}
Reference in New Issue View Git Blame Copy Permalink