Merge branch 'chore-add-many-tests-hbyqa' into main

Author: 777genius

internal/infrastructure/httpapi/http_forwardproxy_connect_extended_test.go

@@ -0,0 +1,150 @@
+package httpapi
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	mem "network-debugger/internal/adapters/storage/memory"
+	cfgpkg "network-debugger/internal/infrastructure/config"
+	obs "network-debugger/internal/infrastructure/observability"
+	"network-debugger/internal/usecase"
+)
+
+func TestHandleConnectTunnel_Success(t *testing.T) {
+	upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("ok"))
+	}))
+	defer upstream.Close()
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://"+upstream.URL[7:], nil)
+	req.Host = upstream.URL[7:]
+
+	d.handleConnectTunnel(rr, req)
+
+	if !bytes.Contains(rr.out.Bytes(), []byte("200 Connection Established")) {
+		t.Fatalf("expected 200 Connection Established")
+	}
+}
+
+func TestHandleConnectTunnel_NoHijack(t *testing.T) {
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodConnect, "http://example.com:443", nil)
+
+	d.handleConnectTunnel(rr, req)
+
+	if rr.Code != http.StatusInternalServerError {
+		t.Fatalf("expected 500, got %d", rr.Code)
+	}
+}
+
+func TestHandleConnectTunnel_InvalidHost(t *testing.T) {
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://invalid-host:99999", nil)
+	req.Host = "invalid-host:99999"
+
+	d.handleConnectTunnel(rr, req)
+
+	if !bytes.Contains(rr.out.Bytes(), []byte("502 Bad Gateway")) {
+		t.Fatalf("expected 502 error")
+	}
+}
+
+func TestHandleConnectTunnel_UnreachableHost(t *testing.T) {
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://127.0.0.1:1", nil)
+	req.Host = "127.0.0.1:1"
+
+	d.handleConnectTunnel(rr, req)
+
+	if !bytes.Contains(rr.out.Bytes(), []byte("502 Bad Gateway")) {
+		t.Fatalf("expected 502 error")
+	}
+}
+
+func TestHandleConnectTunnel_HTTPSHost(t *testing.T) {
+	upstream := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer upstream.Close()
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "https://example.com:443", nil)
+	req.Host = "example.com:443"
+
+	d.handleConnectTunnel(rr, req)
+}
+
+func TestHandleConnectTunnel_DataTransfer(t *testing.T) {
+	upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("response"))
+	}))
+	defer upstream.Close()
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://"+upstream.URL[7:], nil)
+	req.Host = upstream.URL[7:]
+
+	go func() {
+		time.Sleep(100 * time.Millisecond)
+	}()
+
+	d.handleConnectTunnel(rr, req)
+
+	if !bytes.Contains(rr.out.Bytes(), []byte("200 Connection Established")) {
+		t.Fatalf("expected 200 Connection Established")
+	}
+}

internal/infrastructure/httpapi/http_forwardproxy_mitm_test.go

@@ -0,0 +1,121 @@
+package httpapi
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	mem "network-debugger/internal/adapters/storage/memory"
+	cfgpkg "network-debugger/internal/infrastructure/config"
+	obs "network-debugger/internal/infrastructure/observability"
+	"network-debugger/internal/usecase"
+)
+
+func TestHandleConnectMITM_CertificateError(t *testing.T) {
+	certPEM, keyPEM, err := GenerateDevCA("dev", 1)
+	if err != nil {
+		t.Fatalf("ca gen: %v", err)
+	}
+	ca, err := LoadCertAuthorityFromPEM(certPEM, keyPEM)
+	if err != nil {
+		t.Fatalf("load ca: %v", err)
+	}
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		MITM:    &MITM{CA: ca},
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://invalid-host:443", nil)
+	req.Host = "invalid-host:443"
+
+	d.handleConnectMITM(rr, req)
+}
+
+func TestHandleConnectMITM_UpstreamDialError(t *testing.T) {
+	certPEM, keyPEM, err := GenerateDevCA("dev", 1)
+	if err != nil {
+		t.Fatalf("ca gen: %v", err)
+	}
+	ca, err := LoadCertAuthorityFromPEM(certPEM, keyPEM)
+	if err != nil {
+		t.Fatalf("load ca: %v", err)
+	}
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		MITM:    &MITM{CA: ca},
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://127.0.0.1:1", nil)
+	req.Host = "127.0.0.1:1"
+
+	d.handleConnectMITM(rr, req)
+}
+
+func TestHandleConnectMITM_ShouldIntercept(t *testing.T) {
+	certPEM, keyPEM, err := GenerateDevCA("dev", 1)
+	if err != nil {
+		t.Fatalf("ca gen: %v", err)
+	}
+	ca, err := LoadCertAuthorityFromPEM(certPEM, keyPEM)
+	if err != nil {
+		t.Fatalf("load ca: %v", err)
+	}
+
+	mitm := &MITM{CA: ca, AllowSuffix: []string{"example.com"}}
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		MITM:    mitm,
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://example.com:443", nil)
+	req.Host = "example.com:443"
+
+	d.handleConnectMITM(rr, req)
+}
+
+func TestHandleConnectMITM_ShouldNotIntercept(t *testing.T) {
+	certPEM, keyPEM, err := GenerateDevCA("dev", 1)
+	if err != nil {
+		t.Fatalf("ca gen: %v", err)
+	}
+	ca, err := LoadCertAuthorityFromPEM(certPEM, keyPEM)
+	if err != nil {
+		t.Fatalf("load ca: %v", err)
+	}
+
+	mitm := &MITM{CA: ca, AllowSuffix: []string{"example.com"}}
+
+	store := mem.NewStore(16, 16, 0)
+	d := &Deps{
+		MITM:    mitm,
+		Cfg:     cfgpkg.Config{PreviewMaxBytes: 512},
+		Metrics: obs.NewMetrics(),
+		Monitor: NewMonitorHub(),
+		Svc:     usecase.NewSessionService(store, store, store),
+	}
+
+	rr := &testHijackableWriter{out: &bytes.Buffer{}}
+	req := httptest.NewRequest(http.MethodConnect, "http://other.com:443", nil)
+	req.Host = "other.com:443"
+
+	d.handleConnectMITM(rr, req)
+}