@@ -4,12 +4,16 @@ import (
44 "context"
55 "crypto/tls"
66 "io"
7+ "log"
78 "log/slog"
89 "net/http"
910 "os"
11+ "os/user"
12+ "strconv"
1013 "testing"
1114 "time"
1215
16+ boundary_tls "github.com/coder/boundary/tls"
1317 "github.com/stretchr/testify/require"
1418
1519 "github.com/coder/boundary/audit"
@@ -106,3 +110,105 @@ func TestProxyServerBasicHTTP(t *testing.T) {
106110 require .Equal (t , expectedResponse , string (body ))
107111 })
108112}
113+
114+ // TestProxyServerBasicHTTPS tests basic HTTPS request handling
115+ func TestProxyServerBasicHTTPS (t * testing.T ) {
116+ // Create test logger
117+ logger := slog .New (slog .NewTextHandler (os .Stderr , & slog.HandlerOptions {
118+ Level : slog .LevelDebug ,
119+ }))
120+
121+ // Create test rules (allow all for testing)
122+ testRules , err := rules .ParseAllowSpecs ([]string {"*" })
123+ if err != nil {
124+ t .Fatalf ("Failed to parse test rules: %v" , err )
125+ }
126+
127+ // Create rule engine
128+ ruleEngine := rules .NewRuleEngine (testRules , logger )
129+
130+ // Create mock auditor
131+ auditor := & mockAuditor {}
132+
133+ // Create TLS config (minimal for testing)
134+ tlsConfig := & tls.Config {
135+ MinVersion : tls .VersionTLS12 ,
136+ }
137+
138+ currentUser , err := user .Current ()
139+ if err != nil {
140+ log .Fatal (err )
141+ }
142+
143+ uid , _ := strconv .Atoi (currentUser .Uid )
144+ gid , _ := strconv .Atoi (currentUser .Gid )
145+
146+ // Create TLS certificate manager
147+ certManager , err := boundary_tls .NewCertificateManager (boundary_tls.Config {
148+ Logger : logger ,
149+ ConfigDir : "/tmp/boundary" ,
150+ Uid : uid ,
151+ Gid : gid ,
152+ })
153+ require .NoError (t , err )
154+
155+ // Setup TLS to get cert path for jailer
156+ tlsConfig , caCertPath , configDir , err := certManager .SetupTLSAndWriteCACert ()
157+ require .NoError (t , err )
158+ _ , _ = caCertPath , configDir
159+
160+ // Create proxy server
161+ server := NewProxyServer (Config {
162+ HTTPPort : 8080 ,
163+ RuleEngine : ruleEngine ,
164+ Auditor : auditor ,
165+ Logger : logger ,
166+ TLSConfig : tlsConfig ,
167+ })
168+
169+ // Create context with timeout
170+ ctx , cancel := context .WithTimeout (context .Background (), 10 * time .Second )
171+ defer cancel ()
172+
173+ // Start server in goroutine
174+ serverDone := make (chan error , 1 )
175+ go func () {
176+ serverDone <- server .Start (ctx )
177+ }()
178+
179+ // Give server time to start
180+ time .Sleep (100 * time .Millisecond )
181+
182+ // Test basic HTTPS request
183+ t .Run ("BasicHTTPSRequest" , func (t * testing.T ) {
184+ // Create HTTP client
185+ client := & http.Client {
186+ Transport : & http.Transport {
187+ TLSClientConfig : & tls.Config {
188+ InsecureSkipVerify : true , // Skip cert verification for testing
189+ },
190+ },
191+ Timeout : 5 * time .Second ,
192+ }
193+
194+ // Make request to proxy
195+ req , err := http .NewRequest ("GET" , "https://localhost:8080/api/v2" , nil )
196+ if err != nil {
197+ t .Fatalf ("Failed to create request: %v" , err )
198+ }
199+ // Override the Host header
200+ req .Host = "dev.coder.com"
201+
202+ // Make the request
203+ resp , err := client .Do (req )
204+ require .NoError (t , err )
205+
206+ body , err := io .ReadAll (resp .Body )
207+ require .NoError (t , err )
208+ resp .Body .Close ()
209+
210+ expectedResponse := `{"message":"👋"}
211+ `
212+ require .Equal (t , expectedResponse , string (body ))
213+ })
214+ }
0 commit comments