(t *testing.T)
| 517 | } |
| 518 | |
| 519 | func TestLoopbackLocalAPI(t *testing.T) { |
| 520 | flakytest.Mark(t, "https://github.com/tailscale/tailscale/issues/8557") |
| 521 | tstest.ResourceCheck(t) |
| 522 | ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) |
| 523 | defer cancel() |
| 524 | |
| 525 | controlURL, _ := startControl(t) |
| 526 | s1, _, _ := startServer(t, ctx, controlURL, "s1") |
| 527 | |
| 528 | addr, proxyCred, localAPICred, err := s1.Loopback() |
| 529 | if err != nil { |
| 530 | t.Fatal(err) |
| 531 | } |
| 532 | if proxyCred == localAPICred { |
| 533 | t.Fatal("proxy password matches local API password, they should be different") |
| 534 | } |
| 535 | |
| 536 | url := "http://" + addr + "/localapi/v0/status" |
| 537 | req, err := http.NewRequestWithContext(ctx, "GET", url, nil) |
| 538 | if err != nil { |
| 539 | t.Fatal(err) |
| 540 | } |
| 541 | res, err := http.DefaultClient.Do(req) |
| 542 | if err != nil { |
| 543 | t.Fatal(err) |
| 544 | } |
| 545 | res.Body.Close() |
| 546 | if res.StatusCode != 403 { |
| 547 | t.Errorf("GET %s returned %d, want 403 without Sec- header", url, res.StatusCode) |
| 548 | } |
| 549 | |
| 550 | req, err = http.NewRequestWithContext(ctx, "GET", url, nil) |
| 551 | if err != nil { |
| 552 | t.Fatal(err) |
| 553 | } |
| 554 | req.Header.Set("Sec-Tailscale", "localapi") |
| 555 | res, err = http.DefaultClient.Do(req) |
| 556 | if err != nil { |
| 557 | t.Fatal(err) |
| 558 | } |
| 559 | res.Body.Close() |
| 560 | if res.StatusCode != 401 { |
| 561 | t.Errorf("GET %s returned %d, want 401 without basic auth", url, res.StatusCode) |
| 562 | } |
| 563 | |
| 564 | req, err = http.NewRequestWithContext(ctx, "GET", url, nil) |
| 565 | if err != nil { |
| 566 | t.Fatal(err) |
| 567 | } |
| 568 | req.SetBasicAuth("", localAPICred) |
| 569 | res, err = http.DefaultClient.Do(req) |
| 570 | if err != nil { |
| 571 | t.Fatal(err) |
| 572 | } |
| 573 | res.Body.Close() |
| 574 | if res.StatusCode != 403 { |
| 575 | t.Errorf("GET %s returned %d, want 403 without Sec- header", url, res.StatusCode) |
| 576 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…