kaslo/pawkey-sk
1
0
Fork 0
mirror of https://git.boykissers.com/pawkey/pawkey-sk.git synced 2025-12-20 04:04:16 +00:00
Code Packages Activity
Files
fb63167d854f277ffeb82da720580b3e99f9cc8c
pawkey-sk/packages/backend/test/unit/core/HttpRequestService.ts
Hazelnoot fb63167d85 allow private IP ranges to specify allowed ports
2025-05-12 21:44:45 -04:00

104 lines
3.0 KiB
TypeScript
Raw Blame History

/*
* SPDX-FileCopyrightText: hazelnoot and other Sharkey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { jest } from '@jest/globals';
import type { Mock } from 'jest-mock';
import type { PrivateNetwork } from '@/config.js';
import type { Socket } from 'net';
import { HttpRequestService, isPrivateIp, validateSocketConnect } from '@/core/HttpRequestService.js';
import { parsePrivateNetworks } from '@/config.js';
describe(HttpRequestService, () => {
let allowedPrivateNetworks: PrivateNetwork[] | undefined;
beforeEach(() => {
allowedPrivateNetworks = parsePrivateNetworks([
'10.0.0.1/32',
'127.0.0.1/32#1',
'127.0.0.1/32#3,4,5',
]);
});
describe('isPrivateIp', () => {
it('should return false when ip public', () => {
const result = isPrivateIp(allowedPrivateNetworks, '74.125.127.100', 80);
expect(result).toBeFalsy();
});
it('should return false when ip private and port matches', () => {
const result = isPrivateIp(allowedPrivateNetworks, '127.0.0.1', 1);
expect(result).toBeFalsy();
});
it('should return true when ip private and no ports specified', () => {
const result = isPrivateIp(allowedPrivateNetworks, '10.0.0.2', 80);
expect(result).toBeTruthy();
});
it('should return true when ip private and port does not match', () => {
const result = isPrivateIp(allowedPrivateNetworks, '127.0.0.1', 80);
expect(result).toBeTruthy();
});
});
describe('validateSocketConnect', () => {
let fakeSocket: Socket;
let fakeSocketMutable: {
remoteAddress: string | undefined;
remotePort: number | undefined;
destroy: Mock<(error?: Error) => void>;
};
beforeEach(() => {
fakeSocketMutable = {
remoteAddress: '74.125.127.100',
remotePort: 80,
destroy: jest.fn<(error?: Error) => void>(),
};
fakeSocket = fakeSocketMutable as unknown as Socket;
});
it('should accept when IP is empty', () => {
fakeSocketMutable.remoteAddress = undefined;
validateSocketConnect(allowedPrivateNetworks, fakeSocket);
expect(fakeSocket.destroy).not.toHaveBeenCalled();
});
it('should accept when IP is invalid', () => {
fakeSocketMutable.remoteAddress = 'AB939ajd9jdajsdja8jj';
validateSocketConnect(allowedPrivateNetworks, fakeSocket);
expect(fakeSocket.destroy).not.toHaveBeenCalled();
});
it('should accept when IP is valid', () => {
validateSocketConnect(allowedPrivateNetworks, fakeSocket);
expect(fakeSocket.destroy).not.toHaveBeenCalled();
});
it('should accept when IP is private and port match', () => {
fakeSocketMutable.remoteAddress = '127.0.0.1';
fakeSocketMutable.remotePort = 1;
validateSocketConnect(allowedPrivateNetworks, fakeSocket);
expect(fakeSocket.destroy).not.toHaveBeenCalled();
});
it('should reject when IP is private and port no match', () => {
fakeSocketMutable.remoteAddress = '127.0.0.1';
fakeSocketMutable.remotePort = 2;
validateSocketConnect(allowedPrivateNetworks, fakeSocket);
expect(fakeSocket.destroy).toHaveBeenCalled();
});
});
});
View Git Blame Copy Permalink