|
| 1 | +package main |
| 2 | + |
| 3 | +import ( |
| 4 | + "bytes" |
| 5 | + "encoding/base64" |
| 6 | + "errors" |
| 7 | + "io" |
| 8 | + "net" |
| 9 | + "net/http" |
| 10 | + "net/http/httptest" |
| 11 | + "testing" |
| 12 | +) |
| 13 | + |
| 14 | +func TestHandleRequestAndRedirect(t *testing.T) { |
| 15 | + tests := []struct { |
| 16 | + name string |
| 17 | + requestMethod string |
| 18 | + requestBody string |
| 19 | + requestHeaders map[string]string |
| 20 | + mockResponse *http.Response |
| 21 | + mockError error |
| 22 | + expectedCode int |
| 23 | + expectedBody string |
| 24 | + dropCreds bool |
| 25 | + }{ |
| 26 | + { |
| 27 | + name: "successful http request", |
| 28 | + requestMethod: http.MethodGet, |
| 29 | + mockResponse: &http.Response{ |
| 30 | + StatusCode: http.StatusOK, |
| 31 | + Body: io.NopCloser(bytes.NewBufferString("success")), |
| 32 | + }, |
| 33 | + expectedCode: http.StatusOK, |
| 34 | + expectedBody: "success", |
| 35 | + }, |
| 36 | + { |
| 37 | + name: "bad gateway on forward error", |
| 38 | + requestMethod: http.MethodGet, |
| 39 | + mockError: errors.New("dial tcp connection failed"), |
| 40 | + expectedCode: http.StatusBadGateway, |
| 41 | + expectedBody: "Error forwarding request: dial tcp connection failed\n", |
| 42 | + }, |
| 43 | + { |
| 44 | + name: "request with wrong credentials", |
| 45 | + requestMethod: http.MethodGet, |
| 46 | + expectedCode: http.StatusProxyAuthRequired, |
| 47 | + expectedBody: "Proxy Authentication Required\n", |
| 48 | + dropCreds: true, |
| 49 | + }, |
| 50 | + } |
| 51 | + |
| 52 | + for _, tt := range tests { |
| 53 | + t.Run(tt.name, func(t *testing.T) { |
| 54 | + originalTransport := http.DefaultTransport |
| 55 | + defer func() { http.DefaultTransport = originalTransport }() |
| 56 | + |
| 57 | + http.DefaultTransport = &mockTransport{ |
| 58 | + response: tt.mockResponse, |
| 59 | + err: tt.mockError, |
| 60 | + } |
| 61 | + |
| 62 | + req := httptest.NewRequest(tt.requestMethod, "/test", bytes.NewBufferString(tt.requestBody)) |
| 63 | + for k, v := range tt.requestHeaders { |
| 64 | + req.Header.Add(k, v) |
| 65 | + } |
| 66 | + |
| 67 | + if !tt.dropCreds { |
| 68 | + req.Header.Add( |
| 69 | + "Proxy-Authorization", |
| 70 | + "Basic "+base64.StdEncoding.EncodeToString([]byte("test-user:valid-pass")), |
| 71 | + ) |
| 72 | + } |
| 73 | + |
| 74 | + rr := httptest.NewRecorder() |
| 75 | + |
| 76 | + t.Setenv("PROXY_USER", "test-user") |
| 77 | + t.Setenv("PROXY_PASS", "valid-pass") |
| 78 | + |
| 79 | + handleProxy(rr, req) |
| 80 | + |
| 81 | + res := rr.Result() |
| 82 | + |
| 83 | + t.Cleanup(callAndLogCleanup(t, res.Body.Close)) |
| 84 | + |
| 85 | + if res.StatusCode != tt.expectedCode { |
| 86 | + t.Errorf("expected status %d, got %d", tt.expectedCode, res.StatusCode) |
| 87 | + } |
| 88 | + |
| 89 | + body, _ := io.ReadAll(res.Body) |
| 90 | + if string(body) != tt.expectedBody { |
| 91 | + t.Errorf("expected body %q, got %q", tt.expectedBody, string(body)) |
| 92 | + } |
| 93 | + |
| 94 | + if tt.mockResponse != nil { |
| 95 | + for key, values := range tt.mockResponse.Header { |
| 96 | + for _, value := range values { |
| 97 | + if rr.Header().Get(key) != value { |
| 98 | + t.Errorf("expected header %q with value %q, got %q", key, value, rr.Header().Get(key)) |
| 99 | + } |
| 100 | + } |
| 101 | + } |
| 102 | + } |
| 103 | + }) |
| 104 | + } |
| 105 | +} |
| 106 | + |
| 107 | +type mockTransport struct { |
| 108 | + response *http.Response |
| 109 | + err error |
| 110 | +} |
| 111 | + |
| 112 | +func (m *mockTransport) RoundTrip(_ *http.Request) (*http.Response, error) { |
| 113 | + return m.response, m.err |
| 114 | +} |
| 115 | + |
| 116 | +func callAndLogCleanup(t *testing.T, f func() error) func() { |
| 117 | + t.Helper() |
| 118 | + |
| 119 | + return func() { |
| 120 | + if err := f(); err != nil { |
| 121 | + t.Log(err) |
| 122 | + } |
| 123 | + } |
| 124 | +} |
| 125 | + |
| 126 | +// Start a simple TCP echo server |
| 127 | +func startEchoServer(t *testing.T) (addr string, closeFn func()) { |
| 128 | + ln, err := net.Listen("tcp", "127.0.0.1:0") // random free port |
| 129 | + if err != nil { |
| 130 | + t.Fatal(err) |
| 131 | + } |
| 132 | + |
| 133 | + go func() { |
| 134 | + for { |
| 135 | + conn, err := ln.Accept() |
| 136 | + if err != nil { |
| 137 | + return |
| 138 | + } |
| 139 | + |
| 140 | + go func(c net.Conn) { |
| 141 | + defer callAndLogError(c.Close) |
| 142 | + |
| 143 | + _, err = io.Copy(c, c) // echo back |
| 144 | + if err != nil { |
| 145 | + t.Error(err) |
| 146 | + } |
| 147 | + }(conn) |
| 148 | + } |
| 149 | + }() |
| 150 | + |
| 151 | + return ln.Addr().String(), func() { callAndLogError(ln.Close) } |
| 152 | +} |
| 153 | + |
| 154 | +func TestHandleTunneling(t *testing.T) { |
| 155 | + // Start upstream echo server |
| 156 | + targetAddr, closeEcho := startEchoServer(t) |
| 157 | + t.Cleanup(closeEcho) |
| 158 | + |
| 159 | + // Fake CONNECT request to proxy |
| 160 | + req := httptest.NewRequest(http.MethodConnect, targetAddr, nil) |
| 161 | + w := httptest.NewRecorder() |
| 162 | + |
| 163 | + // Run tunneling handler |
| 164 | + handleTunneling(w, req) |
| 165 | + |
| 166 | + // The proxy should reply with 200 (connection established) |
| 167 | + if w.Code != http.StatusOK { |
| 168 | + t.Fatalf("expected 200, got %d", w.Code) |
| 169 | + } |
| 170 | +} |
0 commit comments