logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

remote_ip_test.exs (2660B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Plugs.RemoteIpTest do
  6.   use ExUnit.Case
  7.   use Plug.Test
  9.   alias Pleroma.Web.Plugs.RemoteIp
  11.   import Pleroma.Tests.Helpers, only: [clear_config: 2]
  13.   setup do:
  14.           clear_config(RemoteIp,
  15.             enabled: true,
  16.             headers: ["x-forwarded-for"],
  17.             proxies: [],
  18.             reserved: [
  19.               "127.0.0.0/8",
  20.               "::1/128",
  21.               "fc00::/7",
  22.               "10.0.0.0/8",
  23.               "172.16.0.0/12",
  24.               "192.168.0.0/16"
  25.             ]
  26.           )
  28.   test "disabled" do
  29.     clear_config(RemoteIp, enabled: false)
  31.     %{remote_ip: remote_ip} = conn(:get, "/")
  33.     conn =
  34.       conn(:get, "/")
  35.       |> put_req_header("x-forwarded-for", "1.1.1.1")
  36.       |> RemoteIp.call(nil)
  38.     assert conn.remote_ip == remote_ip
  39.   end
  41.   test "enabled" do
  42.     conn =
  43.       conn(:get, "/")
  44.       |> put_req_header("x-forwarded-for", "1.1.1.1")
  45.       |> RemoteIp.call(nil)
  47.     assert conn.remote_ip == {1, 1, 1, 1}
  48.   end
  50.   test "custom headers" do
  51.     clear_config(RemoteIp, enabled: true, headers: ["cf-connecting-ip"])
  53.     conn =
  54.       conn(:get, "/")
  55.       |> put_req_header("x-forwarded-for", "1.1.1.1")
  56.       |> RemoteIp.call(nil)
  58.     refute conn.remote_ip == {1, 1, 1, 1}
  60.     conn =
  61.       conn(:get, "/")
  62.       |> put_req_header("cf-connecting-ip", "1.1.1.1")
  63.       |> RemoteIp.call(nil)
  65.     assert conn.remote_ip == {1, 1, 1, 1}
  66.   end
  68.   test "custom proxies" do
  69.     conn =
  70.       conn(:get, "/")
  71.       |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
  72.       |> RemoteIp.call(nil)
  74.     refute conn.remote_ip == {1, 1, 1, 1}
  76.     clear_config([RemoteIp, :proxies], ["173.245.48.0/20"])
  78.     conn =
  79.       conn(:get, "/")
  80.       |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
  81.       |> RemoteIp.call(nil)
  83.     assert conn.remote_ip == {1, 1, 1, 1}
  84.   end
  86.   test "proxies set without CIDR format" do
  87.     clear_config([RemoteIp, :proxies], ["173.245.48.1"])
  89.     conn =
  90.       conn(:get, "/")
  91.       |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1")
  92.       |> RemoteIp.call(nil)
  94.     assert conn.remote_ip == {1, 1, 1, 1}
  95.   end
  97.   test "proxies set `nonsensical` CIDR" do
  98.     clear_config([RemoteIp, :reserved], ["127.0.0.0/8"])
  99.     clear_config([RemoteIp, :proxies], ["10.0.0.3/24"])
  101.     conn =
  102.       conn(:get, "/")
  103.       |> put_req_header("x-forwarded-for", "10.0.0.3, 1.1.1.1")
  104.       |> RemoteIp.call(nil)
  106.     assert conn.remote_ip == {1, 1, 1, 1}
  107.   end
  108. end