github.com/cloudreve/Cloudreve/v3@v3.0.0-20240224133659-3edb00a6484c/pkg/auth/auth_test.go (about) 1 package auth 2 3 import ( 4 "io/ioutil" 5 "net/http" 6 "strings" 7 "testing" 8 9 "github.com/cloudreve/Cloudreve/v3/pkg/util" 10 "github.com/stretchr/testify/assert" 11 ) 12 13 func TestSignURI(t *testing.T) { 14 asserts := assert.New(t) 15 General = HMACAuth{SecretKey: []byte(util.RandStringRunes(256))} 16 17 // 成功 18 { 19 sign, err := SignURI(General, "/api/v3/something?id=1", 0) 20 asserts.NoError(err) 21 queries := sign.Query() 22 asserts.Equal("1", queries.Get("id")) 23 asserts.NotEmpty(queries.Get("sign")) 24 } 25 26 // URI解码失败 27 { 28 sign, err := SignURI(General, "://dg.;'f]gh./'", 0) 29 asserts.Error(err) 30 asserts.Nil(sign) 31 } 32 } 33 34 func TestCheckURI(t *testing.T) { 35 asserts := assert.New(t) 36 General = HMACAuth{SecretKey: []byte(util.RandStringRunes(256))} 37 38 // 成功 39 { 40 sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", 10) 41 asserts.NoError(err) 42 asserts.NoError(CheckURI(General, sign)) 43 } 44 45 // 过期 46 { 47 sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", -1) 48 asserts.NoError(err) 49 asserts.Error(CheckURI(General, sign)) 50 } 51 } 52 53 func TestSignRequest(t *testing.T) { 54 asserts := assert.New(t) 55 General = HMACAuth{SecretKey: []byte(util.RandStringRunes(256))} 56 57 // 非上传请求 58 { 59 req, err := http.NewRequest("POST", "http://127.0.0.1/api/v3/slave/upload", strings.NewReader("I am body.")) 60 asserts.NoError(err) 61 req = SignRequest(General, req, 0) 62 asserts.NotEmpty(req.Header["Authorization"]) 63 } 64 65 // 上传请求 66 { 67 req, err := http.NewRequest( 68 "POST", 69 "http://127.0.0.1/api/v3/slave/upload", 70 strings.NewReader("I am body."), 71 ) 72 asserts.NoError(err) 73 req.Header["X-Cr-Policy"] = []string{"I am Policy"} 74 req = SignRequest(General, req, 10) 75 asserts.NotEmpty(req.Header["Authorization"]) 76 } 77 } 78 79 func TestCheckRequest(t *testing.T) { 80 asserts := assert.New(t) 81 General = HMACAuth{SecretKey: []byte(util.RandStringRunes(256))} 82 83 // 缺少请求头 84 { 85 req, err := http.NewRequest( 86 "POST", 87 "http://127.0.0.1/api/v3/upload", 88 strings.NewReader("I am body."), 89 ) 90 asserts.NoError(err) 91 err = CheckRequest(General, req) 92 asserts.Error(err) 93 asserts.Equal(ErrAuthHeaderMissing, err) 94 } 95 96 // 非上传请求 验证成功 97 { 98 req, err := http.NewRequest( 99 "POST", 100 "http://127.0.0.1/api/v3/upload", 101 strings.NewReader("I am body."), 102 ) 103 asserts.NoError(err) 104 req = SignRequest(General, req, 0) 105 err = CheckRequest(General, req) 106 asserts.NoError(err) 107 } 108 109 // 上传请求 验证成功 110 { 111 req, err := http.NewRequest( 112 "POST", 113 "http://127.0.0.1/api/v3/upload", 114 strings.NewReader("I am body."), 115 ) 116 asserts.NoError(err) 117 req.Header["X-Cr-Policy"] = []string{"I am Policy"} 118 req = SignRequest(General, req, 0) 119 err = CheckRequest(General, req) 120 asserts.NoError(err) 121 } 122 123 // 非上传请求 失败 124 { 125 req, err := http.NewRequest( 126 "POST", 127 "http://127.0.0.1/api/v3/upload", 128 strings.NewReader("I am body."), 129 ) 130 asserts.NoError(err) 131 req = SignRequest(General, req, 0) 132 req.Body = ioutil.NopCloser(strings.NewReader("2333")) 133 err = CheckRequest(General, req) 134 asserts.Error(err) 135 } 136 }