tmp commit

Author: evgeniy-scherbina

proxy/proxy_test.go

@@ -1,9 +1,342 @@
 package proxy
 
-import "testing"
+import (
+	"context"
+	"crypto/tls"
+	"io"
+	"log/slog"
+	"net/http"
+	"testing"
+	"time"
 
-// Stub test file - tests removed
-func TestStub(t *testing.T) {
-	// This is a stub test
-	t.Skip("stub test file")
+	"github.com/coder/boundary/audit"
+	"github.com/coder/boundary/rules"
+)
+
+// mockAuditor is a simple mock auditor for testing
+type mockAuditor struct{}
+
+func (m *mockAuditor) AuditRequest(req audit.Request) {
+	// No-op for testing
+}
+
+// TestProxyServerBasicHTTP tests basic HTTP request handling
+func TestProxyServerBasicHTTP(t *testing.T) {
+	// Create test logger
+	logger := slog.New(slog.NewTextHandler(io.Discard, &slog.HandlerOptions{
+		Level: slog.LevelError, // Reduce noise during testing
+	}))
+
+	// Create test rules (allow all for testing)
+	testRules, err := rules.ParseAllowSpecs([]string{"*"})
+	if err != nil {
+		t.Fatalf("Failed to parse test rules: %v", err)
+	}
+
+	// Create rule engine
+	ruleEngine := rules.NewRuleEngine(testRules, logger)
+
+	// Create mock auditor
+	auditor := &mockAuditor{}
+
+	// Create TLS config (minimal for testing)
+	tlsConfig := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+	}
+
+	// Create proxy server
+	server := NewProxyServer(Config{
+		HTTPPort:   0, // Use random port
+		RuleEngine: ruleEngine,
+		Auditor:    auditor,
+		Logger:     logger,
+		TLSConfig:  tlsConfig,
+	})
+
+	// Create context with timeout
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	// Start server in goroutine
+	serverDone := make(chan error, 1)
+	go func() {
+		serverDone <- server.Start(ctx)
+	}()
+
+	// Give server time to start
+	time.Sleep(100 * time.Millisecond)
+
+	// Test basic HTTP request
+	t.Run("BasicHTTPRequest", func(t *testing.T) {
+		// Create HTTP client
+		client := &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true, // Skip cert verification for testing
+				},
+			},
+			Timeout: 5 * time.Second,
+		}
+
+		// Make request to proxy
+		req, err := http.NewRequest("GET", "http://localhost:8080/test", nil)
+		if err != nil {
+			t.Fatalf("Failed to create request: %v", err)
+		}
+
+		// Set Host header (important for URL parsing)
+		req.Host = "localhost:8080"
+
+		// Make the request
+		resp, err := client.Do(req)
+		if err != nil {
+			t.Logf("Request failed (expected for proxy without target): %v", err)
+			// This is expected since we're not forwarding to a real target
+		} else {
+			resp.Body.Close()
+		}
+	})
+
+	// Test CONNECT request
+	//t.Run("CONNECTRequest", func(t *testing.T) {
+	//	// Create HTTP client
+	//	client := &http.Client{
+	//		Transport: &http.Transport{
+	//			TLSClientConfig: &tls.Config{
+	//				InsecureSkipVerify: true,
+	//			},
+	//		},
+	//		Timeout: 5 * time.Second,
+	//	}
+	//
+	//	// Make CONNECT request
+	//	req, err := http.NewRequest("CONNECT", "http://example.com:443", nil)
+	//	if err != nil {
+	//		t.Fatalf("Failed to create CONNECT request: %v", err)
+	//	}
+	//
+	//	// Set Host header
+	//	req.Host = "example.com:443"
+	//
+	//	// Make the request
+	//	resp, err := client.Do(req)
+	//	if err != nil {
+	//		t.Logf("CONNECT request failed (expected for proxy without target): %v", err)
+	//		// This is expected since we're not forwarding to a real target
+	//	} else {
+	//		resp.Body.Close()
+	//	}
+	//})
+	//
+	//// Cancel context to stop server
+	//cancel()
+	//
+	//// Wait for server to stop
+	//select {
+	//case err := <-serverDone:
+	//	if err != nil && err != context.Canceled {
+	//		t.Errorf("Server stopped with error: %v", err)
+	//	}
+	//case <-time.After(5 * time.Second):
+	//	t.Error("Server did not stop within timeout")
+	//}
 }
+
+// TestProxyServerWithRules tests proxy with specific rules
+//func TestProxyServerWithRules(t *testing.T) {
+//	// Create test logger
+//	logger := slog.New(slog.NewTextHandler(io.Discard, &slog.HandlerOptions{
+//		Level: slog.LevelError,
+//	}))
+//
+//	// Create restrictive rules (only allow github.com)
+//	testRules, err := rules.ParseAllowSpecs([]string{"github.com"})
+//	if err != nil {
+//		t.Fatalf("Failed to parse test rules: %v", err)
+//	}
+//
+//	// Create rule engine
+//	ruleEngine := rules.NewRuleEngine(testRules, logger)
+//
+//	// Create mock auditor
+//	auditor := &mockAuditor{}
+//
+//	// Create TLS config
+//	tlsConfig := &tls.Config{
+//		MinVersion: tls.VersionTLS12,
+//	}
+//
+//	// Create proxy server
+//	server := NewProxyServer(Config{
+//		HTTPPort:   0, // Use random port
+//		RuleEngine: ruleEngine,
+//		Auditor:    auditor,
+//		Logger:     logger,
+//		TLSConfig:  tlsConfig,
+//	})
+//
+//	// Create context with timeout
+//	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+//	defer cancel()
+//
+//	// Start server in goroutine
+//	serverDone := make(chan error, 1)
+//	go func() {
+//		serverDone <- server.Start(ctx)
+//	}()
+//
+//	// Give server time to start
+//	time.Sleep(100 * time.Millisecond)
+//
+//	// Test allowed request
+//	t.Run("AllowedRequest", func(t *testing.T) {
+//		client := &http.Client{
+//			Transport: &http.Transport{
+//				TLSClientConfig: &tls.Config{
+//					InsecureSkipVerify: true,
+//				},
+//			},
+//			Timeout: 5 * time.Second,
+//		}
+//
+//		req, err := http.NewRequest("GET", "http://localhost:8080/test", nil)
+//		if err != nil {
+//			t.Fatalf("Failed to create request: %v", err)
+//		}
+//
+//		// Set Host header to github.com (should be allowed)
+//		req.Host = "github.com"
+//
+//		resp, err := client.Do(req)
+//		if err != nil {
+//			t.Logf("Request failed (expected for proxy without target): %v", err)
+//		} else {
+//			resp.Body.Close()
+//		}
+//	})
+//
+//	// Test blocked request
+//	t.Run("BlockedRequest", func(t *testing.T) {
+//		client := &http.Client{
+//			Transport: &http.Transport{
+//				TLSClientConfig: &tls.Config{
+//					InsecureSkipVerify: true,
+//				},
+//			},
+//			Timeout: 5 * time.Second,
+//		}
+//
+//		req, err := http.NewRequest("GET", "http://localhost:8080/test", nil)
+//		if err != nil {
+//			t.Fatalf("Failed to create request: %v", err)
+//		}
+//
+//		// Set Host header to example.com (should be blocked)
+//		req.Host = "example.com"
+//
+//		resp, err := client.Do(req)
+//		if err != nil {
+//			t.Logf("Request failed (expected for proxy without target): %v", err)
+//		} else {
+//			resp.Body.Close()
+//		}
+//	})
+//
+//	// Cancel context to stop server
+//	cancel()
+//
+//	// Wait for server to stop
+//	select {
+//	case err := <-serverDone:
+//		if err != nil && err != context.Canceled {
+//			t.Errorf("Server stopped with error: %v", err)
+//		}
+//	case <-time.After(5 * time.Second):
+//		t.Error("Server did not stop within timeout")
+//	}
+//}
+//
+//// TestProxyServerStartStop tests basic start/stop functionality
+//func TestProxyServerStartStop(t *testing.T) {
+//	// Create test logger
+//	logger := slog.New(slog.NewTextHandler(io.Discard, &slog.HandlerOptions{
+//		Level: slog.LevelError,
+//	}))
+//
+//	// Create test rules
+//	testRules, err := rules.ParseAllowSpecs([]string{"*"})
+//	if err != nil {
+//		t.Fatalf("Failed to parse test rules: %v", err)
+//	}
+//
+//	ruleEngine := rules.NewRuleEngine(testRules, logger)
+//	auditor := &mockAuditor{}
+//	tlsConfig := &tls.Config{MinVersion: tls.VersionTLS12}
+//
+//	// Create proxy server
+//	server := NewProxyServer(Config{
+//		HTTPPort:   0,
+//		RuleEngine: ruleEngine,
+//		Auditor:    auditor,
+//		Logger:     logger,
+//		TLSConfig:  tlsConfig,
+//	})
+//
+//	// Test that server can be created
+//	if server == nil {
+//		t.Fatal("Failed to create proxy server")
+//	}
+//
+//	// Test that server can be stopped (even if not started)
+//	err = server.Stop()
+//	if err != nil {
+//		t.Errorf("Stop() failed: %v", err)
+//	}
+//}
+//
+//// TestProxyServerContextCancellation tests context cancellation
+//func TestProxyServerContextCancellation(t *testing.T) {
+//	// Create test logger
+//	logger := slog.New(slog.NewTextHandler(io.Discard, &slog.HandlerOptions{
+//		Level: slog.LevelError,
+//	}))
+//
+//	// Create test rules
+//	testRules, err := rules.ParseAllowSpecs([]string{"*"})
+//	if err != nil {
+//		t.Fatalf("Failed to parse test rules: %v", err)
+//	}
+//
+//	ruleEngine := rules.NewRuleEngine(testRules, logger)
+//	auditor := &mockAuditor{}
+//	tlsConfig := &tls.Config{MinVersion: tls.VersionTLS12}
+//
+//	// Create proxy server
+//	server := NewProxyServer(Config{
+//		HTTPPort:   0,
+//		RuleEngine: ruleEngine,
+//		Auditor:    auditor,
+//		Logger:     logger,
+//		TLSConfig:  tlsConfig,
+//	})
+//
+//	// Create context that will be cancelled quickly
+//	ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
+//	defer cancel()
+//
+//	// Start server
+//	serverDone := make(chan error, 1)
+//	go func() {
+//		serverDone <- server.Start(ctx)
+//	}()
+//
+//	// Wait for context cancellation
+//	select {
+//	case err := <-serverDone:
+//		if err != nil && err != context.DeadlineExceeded {
+//			t.Errorf("Server stopped with unexpected error: %v", err)
+//		}
+//	case <-time.After(1 * time.Second):
+//		t.Error("Server did not stop within timeout")
+//	}
+//}