116 lines
3.1 KiB
Go
116 lines
3.1 KiB
Go
package tlsauth_test
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"tildegit.org/tjp/gus"
|
|
"tildegit.org/tjp/gus/contrib/tlsauth"
|
|
"tildegit.org/tjp/gus/gemini"
|
|
)
|
|
|
|
func TestGeminiAuth(t *testing.T) {
|
|
handler1 := func(_ context.Context, request *gus.Request) *gus.Response {
|
|
if !strings.HasPrefix(request.Path, "/one") {
|
|
return nil
|
|
}
|
|
|
|
return gemini.Success("", &bytes.Buffer{})
|
|
}
|
|
handler2 := func(_ context.Context, request *gus.Request) *gus.Response {
|
|
if !strings.HasPrefix(request.Path, "/two") {
|
|
return nil
|
|
}
|
|
|
|
return gemini.Success("", &bytes.Buffer{})
|
|
}
|
|
handler3 := func(_ context.Context, request *gus.Request) *gus.Response {
|
|
if !strings.HasPrefix(request.Path, "/three") {
|
|
return nil
|
|
}
|
|
|
|
return gemini.Success("", &bytes.Buffer{})
|
|
}
|
|
handler4 := func(_ context.Context, request *gus.Request) *gus.Response {
|
|
return gemini.Success("", &bytes.Buffer{})
|
|
}
|
|
|
|
handler := gus.FallthroughHandler(
|
|
tlsauth.GeminiAuth(tlsauth.Allow)(handler1),
|
|
tlsauth.GeminiAuth(tlsauth.Allow)(handler2),
|
|
tlsauth.GeminiAuth(tlsauth.Reject)(handler3),
|
|
tlsauth.GeminiAuth(tlsauth.Reject)(handler4),
|
|
)
|
|
|
|
server, authClient, _ := setup(t,
|
|
"testdata/server.crt", "testdata/server.key",
|
|
"testdata/client1.crt", "testdata/client1.key",
|
|
handler,
|
|
)
|
|
|
|
authlessClient, _ := clientFor(t, server, "", "")
|
|
|
|
go func() {
|
|
_ = server.Serve()
|
|
}()
|
|
defer server.Close()
|
|
|
|
resp := requestPath(t, authClient, server, "/one")
|
|
assert.Equal(t, gemini.StatusSuccess, resp.Status)
|
|
|
|
resp = requestPath(t, authlessClient, server, "/two")
|
|
assert.Equal(t, gemini.StatusClientCertificateRequired, resp.Status)
|
|
|
|
resp = requestPath(t, authClient, server, "/three")
|
|
assert.Equal(t, gemini.StatusCertificateNotAuthorized, resp.Status)
|
|
|
|
resp = requestPath(t, authlessClient, server, "/four")
|
|
assert.Equal(t, gemini.StatusClientCertificateRequired, resp.Status)
|
|
}
|
|
|
|
func TestGeminiOptionalAuth(t *testing.T) {
|
|
pathHandler := func(path string) gus.Handler {
|
|
return func(_ context.Context, request *gus.Request) *gus.Response {
|
|
if !strings.HasPrefix(request.Path, path) {
|
|
return nil
|
|
}
|
|
return gemini.Success("", &bytes.Buffer{})
|
|
}
|
|
}
|
|
|
|
handler := gus.FallthroughHandler(
|
|
tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/one")),
|
|
tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/two")),
|
|
tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/three")),
|
|
tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/four")),
|
|
)
|
|
|
|
server, authClient, _ := setup(t,
|
|
"testdata/server.crt", "testdata/server.key",
|
|
"testdata/client1.crt", "testdata/client1.key",
|
|
handler,
|
|
)
|
|
authlessClient, _ := clientFor(t, server, "", "")
|
|
|
|
go func() {
|
|
_ = server.Serve()
|
|
}()
|
|
defer server.Close()
|
|
|
|
resp := requestPath(t, authClient, server, "/one")
|
|
assert.Equal(t, gemini.StatusSuccess, resp.Status)
|
|
|
|
resp = requestPath(t, authlessClient, server, "/two")
|
|
assert.Equal(t, gemini.StatusSuccess, resp.Status)
|
|
|
|
resp = requestPath(t, authClient, server, "/three")
|
|
assert.Equal(t, gemini.StatusCertificateNotAuthorized, resp.Status)
|
|
|
|
resp = requestPath(t, authlessClient, server, "/four")
|
|
assert.Equal(t, gemini.StatusSuccess, resp.Status)
|
|
}
|