|
| 1 | +/* eslint-disable prefer-rest-params */ |
| 2 | +import * as t from "tap"; |
| 3 | +import { ReportingAPIForTesting } from "../agent/api/ReportingAPIForTesting"; |
| 4 | +import { Token } from "../agent/api/Token"; |
| 5 | +import { wrap } from "../helpers/wrap"; |
| 6 | +import { Hono as HonoInternal } from "./Hono"; |
| 7 | +import { HTTPServer } from "./HTTPServer"; |
| 8 | +import { getMajorNodeVersion } from "../helpers/getNodeVersion"; |
| 9 | +import { createTestAgent } from "../helpers/createTestAgent"; |
| 10 | +import * as fetch from "../helpers/fetch"; |
| 11 | + |
| 12 | +wrap(fetch, "fetch", function mock(original) { |
| 13 | + return async function mock(this: typeof fetch) { |
| 14 | + if ( |
| 15 | + arguments.length > 0 && |
| 16 | + arguments[0] && |
| 17 | + arguments[0].url.toString().includes("firewall") |
| 18 | + ) { |
| 19 | + return { |
| 20 | + statusCode: 200, |
| 21 | + body: JSON.stringify({ |
| 22 | + blockedIPAddresses: [], |
| 23 | + blockedUserAgents: "", |
| 24 | + allowedIPAddresses: [], |
| 25 | + botSpoofingProtection: [ |
| 26 | + { |
| 27 | + key: "google_test", |
| 28 | + uaPattern: "Googlebot|GoogleStoreBot", |
| 29 | + ips: ["1.2.3.4/24", "4.3.2.1"], |
| 30 | + hostnames: ["google.com", "googlebot.com"], |
| 31 | + }, |
| 32 | + ], |
| 33 | + }), |
| 34 | + }; |
| 35 | + } |
| 36 | + |
| 37 | + return await original.apply(this, arguments); |
| 38 | + }; |
| 39 | +}); |
| 40 | + |
| 41 | +const agent = createTestAgent({ |
| 42 | + token: new Token("123"), |
| 43 | + api: new ReportingAPIForTesting({ |
| 44 | + success: true, |
| 45 | + endpoints: [ |
| 46 | + { |
| 47 | + method: "GET", |
| 48 | + route: "/rate-limited", |
| 49 | + forceProtectionOff: false, |
| 50 | + rateLimiting: { |
| 51 | + windowSizeInMS: 2000, |
| 52 | + maxRequests: 2, |
| 53 | + enabled: true, |
| 54 | + }, |
| 55 | + }, |
| 56 | + ], |
| 57 | + blockedUserIds: ["567"], |
| 58 | + configUpdatedAt: 0, |
| 59 | + heartbeatIntervalInMS: 10 * 60 * 1000, |
| 60 | + allowedIPAddresses: ["5.6.7.8"], |
| 61 | + }), |
| 62 | +}); |
| 63 | +agent.start([new HonoInternal(), new HTTPServer()]); |
| 64 | +const opts = { |
| 65 | + skip: |
| 66 | + getMajorNodeVersion() < 18 ? "Hono does not support Node.js < 18" : false, |
| 67 | +}; |
| 68 | + |
| 69 | +t.test("test bot spoofing protection", opts, async (t) => { |
| 70 | + const { Hono } = require("hono") as typeof import("hono"); |
| 71 | + const { serve } = |
| 72 | + require("@hono/node-server") as typeof import("@hono/node-server"); |
| 73 | + |
| 74 | + const app = new Hono(); |
| 75 | + |
| 76 | + app.get("/", (c) => { |
| 77 | + return c.text("Hello, world!"); |
| 78 | + }); |
| 79 | + |
| 80 | + const server = serve({ |
| 81 | + fetch: app.fetch, |
| 82 | + port: 8769, |
| 83 | + }); |
| 84 | + |
| 85 | + { |
| 86 | + const response = await fetch.fetch({ |
| 87 | + url: new URL("http://127.0.0.1:8769/"), |
| 88 | + headers: { |
| 89 | + "X-Forwarded-For": "1.1.1.1", |
| 90 | + "User-Agent": |
| 91 | + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36", |
| 92 | + }, |
| 93 | + }); |
| 94 | + t.equal(response.statusCode, 200); // Not a bot |
| 95 | + } |
| 96 | + { |
| 97 | + const response = await fetch.fetch({ |
| 98 | + url: new URL("http://127.0.0.1:8769/"), |
| 99 | + headers: { |
| 100 | + "X-Forwarded-For": "1.1.1.1", |
| 101 | + "User-Agent": "Googlebot/2.1 (+http://www.google.com/bot.html)", |
| 102 | + }, |
| 103 | + }); |
| 104 | + t.equal(response.statusCode, 403); // IP is not a googlebot |
| 105 | + t.equal(response.body, "You are not allowed to access this resource."); |
| 106 | + } |
| 107 | + { |
| 108 | + const response = await fetch.fetch({ |
| 109 | + url: new URL("http://127.0.0.1:8769/"), |
| 110 | + headers: { |
| 111 | + "X-Forwarded-For": "1.2.3.4", |
| 112 | + "User-Agent": "Googlebot/2.1 (+http://www.google.com/bot.html)", |
| 113 | + }, |
| 114 | + }); |
| 115 | + t.equal(response.statusCode, 200); // Whitelisted IP |
| 116 | + } |
| 117 | + { |
| 118 | + const response = await fetch.fetch({ |
| 119 | + url: new URL("http://127.0.0.1:8769/"), |
| 120 | + headers: { |
| 121 | + "X-Forwarded-For": "4.3.2.1", |
| 122 | + "User-Agent": "Googlebot/2.1 (+http://www.google.com/bot.html)", |
| 123 | + }, |
| 124 | + }); |
| 125 | + t.equal(response.statusCode, 200); // Whitelisted IP |
| 126 | + } |
| 127 | + { |
| 128 | + const response = await fetch.fetch({ |
| 129 | + url: new URL("http://127.0.0.1:8769/"), |
| 130 | + headers: { |
| 131 | + "X-Forwarded-For": "66.249.90.77", |
| 132 | + "User-Agent": "Googlebot/2.1 (+http://www.google.com/bot.html)", |
| 133 | + }, |
| 134 | + }); |
| 135 | + t.equal(response.statusCode, 200); // Real googlebot IP |
| 136 | + } |
| 137 | + |
| 138 | + server.close(); |
| 139 | +}); |
0 commit comments