| 93 | } |
| 94 | |
| 95 | func TestAllowed(t *testing.T) { |
| 96 | allowHosts := []string{"good"} |
| 97 | key := [][]byte{ |
| 98 | []byte("c0ffee"), |
| 99 | } |
| 100 | multipleKey := [][]byte{ |
| 101 | []byte("c0ffee"), |
| 102 | []byte("beer"), |
| 103 | } |
| 104 | |
| 105 | genRequest := func(headers map[string]string) *http.Request { |
| 106 | req := &http.Request{Header: make(http.Header)} |
| 107 | for key, value := range headers { |
| 108 | req.Header.Set(key, value) |
| 109 | } |
| 110 | return req |
| 111 | } |
| 112 | |
| 113 | tests := []struct { |
| 114 | url string |
| 115 | options Options |
| 116 | allowHosts []string |
| 117 | denyHosts []string |
| 118 | referrers []string |
| 119 | keys [][]byte |
| 120 | request *http.Request |
| 121 | allowed bool |
| 122 | }{ |
| 123 | // no allowHosts or signature key |
| 124 | {"http://test/image", emptyOptions, nil, nil, nil, nil, nil, true}, |
| 125 | |
| 126 | // allowHosts |
| 127 | {"http://good/image", emptyOptions, allowHosts, nil, nil, nil, nil, true}, |
| 128 | {"http://bad/image", emptyOptions, allowHosts, nil, nil, nil, nil, false}, |
| 129 | |
| 130 | // referrer |
| 131 | {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "http://good/foo"}), true}, |
| 132 | {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "http://bad/foo"}), false}, |
| 133 | {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "MALFORMED!!"}), false}, |
| 134 | {"http://test/image", emptyOptions, nil, nil, allowHosts, nil, genRequest(map[string]string{}), false}, |
| 135 | |
| 136 | // signature key |
| 137 | {"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, nil, key, nil, true}, |
| 138 | {"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, nil, multipleKey, nil, true}, // signed with key "c0ffee" |
| 139 | {"http://test/image", Options{Signature: "FWIawYV4SEyI4zKJMeGugM-eJM1eI_jXPEQ20ZgRe4A="}, nil, nil, nil, multipleKey, nil, true}, // signed with key "beer" |
| 140 | {"http://test/image", Options{Signature: "deadbeef"}, nil, nil, nil, key, nil, false}, |
| 141 | {"http://test/image", Options{Signature: "deadbeef"}, nil, nil, nil, multipleKey, nil, false}, |
| 142 | {"http://test/image", emptyOptions, nil, nil, nil, key, nil, false}, |
| 143 | |
| 144 | // allowHosts and signature |
| 145 | {"http://good/image", emptyOptions, allowHosts, nil, nil, key, nil, true}, |
| 146 | {"http://bad/image", Options{Signature: "gWivrPhXBbsYEwpmWAKjbJEiAEgZwbXbltg95O2tgNI="}, nil, nil, nil, key, nil, true}, |
| 147 | {"http://bad/image", emptyOptions, allowHosts, nil, nil, key, nil, false}, |
| 148 | |
| 149 | // deny requests that match denyHosts, even if signature is valid or also matches allowHosts |
| 150 | {"http://test/image", emptyOptions, nil, []string{"test"}, nil, nil, nil, false}, |
| 151 | {"http://test:3000/image", emptyOptions, nil, []string{"test"}, nil, nil, nil, false}, |
| 152 | {"http://test/image", emptyOptions, []string{"test"}, []string{"test"}, nil, nil, nil, false}, |