github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/image_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "io/ioutil" 8 "net/http" 9 "net/http/httptest" 10 "net/url" 11 "testing" 12 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 16 "github.com/mattermost/mattermost-server/model" 17 ) 18 19 func TestGetImage(t *testing.T) { 20 th := Setup().InitBasic() 21 defer th.TearDown() 22 23 // Prevent the test client from following a redirect 24 th.Client.HttpClient.CheckRedirect = func(*http.Request, []*http.Request) error { 25 return http.ErrUseLastResponse 26 } 27 28 t.Run("proxy disabled", func(t *testing.T) { 29 imageURL := "http://foo.bar/baz.gif" 30 31 th.App.UpdateConfig(func(cfg *model.Config) { 32 cfg.ImageProxySettings.Enable = model.NewBool(false) 33 }) 34 35 r, err := http.NewRequest("GET", th.Client.ApiUrl+"/image?url="+url.QueryEscape(imageURL), nil) 36 require.NoError(t, err) 37 r.Header.Set(model.HEADER_AUTH, th.Client.AuthType+" "+th.Client.AuthToken) 38 39 resp, err := th.Client.HttpClient.Do(r) 40 require.NoError(t, err) 41 assert.Equal(t, http.StatusNotFound, resp.StatusCode) 42 }) 43 44 t.Run("atmos/camo", func(t *testing.T) { 45 imageURL := "http://foo.bar/baz.gif" 46 proxiedURL := "https://proxy.foo.bar/004afe2ef382eb5f30c4490f793f8a8c5b33d8a2/687474703a2f2f666f6f2e6261722f62617a2e676966" 47 48 th.App.UpdateConfig(func(cfg *model.Config) { 49 cfg.ImageProxySettings.Enable = model.NewBool(true) 50 cfg.ImageProxySettings.ImageProxyType = model.NewString("atmos/camo") 51 cfg.ImageProxySettings.RemoteImageProxyOptions = model.NewString("foo") 52 cfg.ImageProxySettings.RemoteImageProxyURL = model.NewString("https://proxy.foo.bar") 53 }) 54 55 r, err := http.NewRequest("GET", th.Client.ApiUrl+"/image?url="+url.QueryEscape(imageURL), nil) 56 require.NoError(t, err) 57 r.Header.Set(model.HEADER_AUTH, th.Client.AuthType+" "+th.Client.AuthToken) 58 59 resp, err := th.Client.HttpClient.Do(r) 60 require.NoError(t, err) 61 assert.Equal(t, http.StatusFound, resp.StatusCode) 62 assert.Equal(t, proxiedURL, resp.Header.Get("Location")) 63 }) 64 65 t.Run("local", func(t *testing.T) { 66 th.App.UpdateConfig(func(cfg *model.Config) { 67 cfg.ImageProxySettings.Enable = model.NewBool(true) 68 cfg.ImageProxySettings.ImageProxyType = model.NewString("local") 69 70 // Allow requests to the "remote" image 71 cfg.ServiceSettings.AllowedUntrustedInternalConnections = model.NewString("127.0.0.1") 72 }) 73 74 handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 75 w.Header().Set("Content-Type", "image/png") 76 w.Write([]byte("success")) 77 }) 78 79 imageServer := httptest.NewServer(handler) 80 defer imageServer.Close() 81 82 r, err := http.NewRequest("GET", th.Client.ApiUrl+"/image?url="+url.QueryEscape(imageServer.URL+"/image.png"), nil) 83 require.NoError(t, err) 84 r.Header.Set(model.HEADER_AUTH, th.Client.AuthType+" "+th.Client.AuthToken) 85 86 resp, err := th.Client.HttpClient.Do(r) 87 require.NoError(t, err) 88 assert.Equal(t, http.StatusOK, resp.StatusCode) 89 90 respBody, err := ioutil.ReadAll(resp.Body) 91 require.NoError(t, err) 92 assert.Equal(t, "success", string(respBody)) 93 }) 94 }