github.com/xhghs/rclone@v1.51.1-0.20200430155106-e186a28cced8/cmd/serve/restic/restic_privaterepos_test.go (about) 1 package restic 2 3 import ( 4 "context" 5 "crypto/rand" 6 "io" 7 "io/ioutil" 8 "net/http" 9 "os" 10 "strings" 11 "testing" 12 13 "github.com/rclone/rclone/cmd/serve/httplib" 14 15 "github.com/rclone/rclone/cmd" 16 "github.com/rclone/rclone/cmd/serve/httplib/httpflags" 17 "github.com/stretchr/testify/require" 18 ) 19 20 // newAuthenticatedRequest returns a new HTTP request with the given params. 21 func newAuthenticatedRequest(t testing.TB, method, path string, body io.Reader) *http.Request { 22 req := newRequest(t, method, path, body) 23 req = req.WithContext(context.WithValue(req.Context(), httplib.ContextUserKey, "test")) 24 req.Header.Add("Accept", resticAPIV2) 25 return req 26 } 27 28 // TestResticPrivateRepositories runs tests on the restic handler code for private repositories 29 func TestResticPrivateRepositories(t *testing.T) { 30 buf := make([]byte, 32) 31 _, err := io.ReadFull(rand.Reader, buf) 32 require.NoError(t, err) 33 34 // setup rclone with a local backend in a temporary directory 35 tempdir, err := ioutil.TempDir("", "rclone-restic-test-") 36 require.NoError(t, err) 37 38 // make sure the tempdir is properly removed 39 defer func() { 40 err := os.RemoveAll(tempdir) 41 require.NoError(t, err) 42 }() 43 44 // globally set private-repos mode & test user 45 prev := privateRepos 46 prevUser := httpflags.Opt.BasicUser 47 prevPassword := httpflags.Opt.BasicPass 48 privateRepos = true 49 httpflags.Opt.BasicUser = "test" 50 httpflags.Opt.BasicPass = "password" 51 // reset when done 52 defer func() { 53 privateRepos = prev 54 httpflags.Opt.BasicUser = prevUser 55 httpflags.Opt.BasicPass = prevPassword 56 }() 57 58 // make a new file system in the temp dir 59 f := cmd.NewFsSrc([]string{tempdir}) 60 srv := newServer(f, &httpflags.Opt) 61 62 // Requesting /test/ should allow access 63 reqs := []*http.Request{ 64 newAuthenticatedRequest(t, "POST", "/test/?create=true", nil), 65 newAuthenticatedRequest(t, "POST", "/test/config", strings.NewReader("foobar test config")), 66 newAuthenticatedRequest(t, "GET", "/test/config", nil), 67 } 68 for _, req := range reqs { 69 checkRequest(t, srv.handler, req, []wantFunc{wantCode(http.StatusOK)}) 70 } 71 72 // Requesting everything else should raise forbidden errors 73 reqs = []*http.Request{ 74 newAuthenticatedRequest(t, "GET", "/", nil), 75 newAuthenticatedRequest(t, "POST", "/other_user", nil), 76 newAuthenticatedRequest(t, "GET", "/other_user/config", nil), 77 } 78 for _, req := range reqs { 79 checkRequest(t, srv.handler, req, []wantFunc{wantCode(http.StatusForbidden)}) 80 } 81 82 }