MCPcopy
hub / github.com/willnorris/imageproxy / TestAllowed

Function TestAllowed

imageproxy_test.go:95–174  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

93}
94
95func TestAllowed(t *testing.T) {
96 allowHosts := []string{"good"}
97 key := [][]byte{
98 []byte("c0ffee"),
99 }
100 multipleKey := [][]byte{
101 []byte("c0ffee"),
102 []byte("beer"),
103 }
104
105 genRequest := func(headers map[string]string) *http.Request {
106 req := &http.Request{Header: make(http.Header)}
107 for key, value := range headers {
108 req.Header.Set(key, value)
109 }
110 return req
111 }
112
113 tests := []struct {
114 url string
115 options Options
116 allowHosts []string
117 denyHosts []string
118 referrers []string
119 keys [][]byte
120 request *http.Request
121 allowed bool
122 }{
123 // no allowHosts or signature key
124 {"http://test/image", emptyOptions, nil, nil, nil, nil, nil, true},
125
126 // allowHosts
127 {"http://good/image", emptyOptions, allowHosts, nil, nil, nil, nil, true},
128 {"http://bad/image", emptyOptions, allowHosts, nil, nil, nil, nil, false},
129
130 // referrer
131 {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "http://good/foo"}), true},
132 {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "http://bad/foo"}), false},
133 {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "MALFORMED!!"}), false},
134 {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{}), false},
135
136 // signature key
137 {"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, nil, key, nil, true},
138 {"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, nil, multipleKey, nil, true}, // signed with key "c0ffee"
139 {"http://test/image", Options{Signature: "FWIawYV4SEyI4zKJMeGugM-eJM1eI_jXPEQ20ZgRe4A="}, nil, nil, nil, multipleKey, nil, true}, // signed with key "beer"
140 {"http://test/image", Options{Signature: "deadbeef"}, nil, nil, nil, key, nil, false},
141 {"http://test/image", Options{Signature: "deadbeef"}, nil, nil, nil, multipleKey, nil, false},
142 {"http://test/image", emptyOptions, nil, nil, nil, key, nil, false},
143
144 // allowHosts and signature
145 {"http://good/image", emptyOptions, allowHosts, nil, nil, key, nil, true},
146 {"http://bad/image", Options{Signature: "gWivrPhXBbsYEwpmWAKjbJEiAEgZwbXbltg95O2tgNI="}, nil, nil, nil, key, nil, true},
147 {"http://bad/image", emptyOptions, allowHosts, nil, nil, key, nil, false},
148
149 // deny requests that match denyHosts, even if signature is valid or also matches allowHosts
150 {"http://test/image", emptyOptions, nil, []string{"test"}, nil, nil, nil, false},
151 {"http://test:3000/image", emptyOptions, nil, []string{"test"}, nil, nil, nil, false},
152 {"http://test/image", emptyOptions, []string{"test"}, []string{"test"}, nil, nil, nil, false},

Callers

nothing calls this directly

Calls 3

allowedMethod · 0.95
NewProxyFunction · 0.85
SetMethod · 0.65

Tested by

no test coverage detected