3474 lines
89 KiB
Go
3474 lines
89 KiB
Go
package nghttp2
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/tls"
|
|
"encoding/json"
|
|
"fmt"
|
|
"golang.org/x/net/http2"
|
|
"golang.org/x/net/http2/hpack"
|
|
"io"
|
|
"net"
|
|
"net/http"
|
|
"regexp"
|
|
"strings"
|
|
"syscall"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
// TestH2H1PlainGET tests whether simple HTTP/2 GET request works.
|
|
func TestH2H1PlainGET(t *testing.T) {
|
|
st := newServerTester(t, options{})
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1PlainGET",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
want := 200
|
|
if res.status != want {
|
|
t.Errorf("status = %v; want %v", res.status, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddXfp tests that server appends :scheme to the existing
|
|
// x-forwarded-proto header field.
|
|
func TestH2H1AddXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--no-strip-incoming-x-forwarded-proto"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xfp := r.Header.Get("X-Forwarded-Proto")
|
|
if got, want := xfp, "foo, http"; got != want {
|
|
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1NoAddXfp tests that server does not append :scheme to the
|
|
// existing x-forwarded-proto header field.
|
|
func TestH2H1NoAddXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--no-add-x-forwarded-proto",
|
|
"--no-strip-incoming-x-forwarded-proto",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xfp := r.Header.Get("X-Forwarded-Proto")
|
|
if got, want := xfp, "foo"; got != want {
|
|
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1NoAddXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1StripXfp tests that server strips incoming
|
|
// x-forwarded-proto header field.
|
|
func TestH2H1StripXfp(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xfp := r.Header.Get("X-Forwarded-Proto")
|
|
if got, want := xfp, "http"; got != want {
|
|
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1StripXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1StripNoAddXfp tests that server strips incoming
|
|
// x-forwarded-proto header field, and does not add another.
|
|
func TestH2H1StripNoAddXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--no-add-x-forwarded-proto"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, found := r.Header["X-Forwarded-Proto"]; found {
|
|
t.Errorf("X-Forwarded-Proto = %q; want nothing", got)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1StripNoAddXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddXff tests that server generates X-Forwarded-For header
|
|
// field when forwarding request to backend.
|
|
func TestH2H1AddXff(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--add-x-forwarded-for"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Get("X-Forwarded-For")
|
|
want := "127.0.0.1"
|
|
if xff != want {
|
|
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddXff",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddXff2 tests that server appends X-Forwarded-For header
|
|
// field to existing one when forwarding request to backend.
|
|
func TestH2H1AddXff2(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--add-x-forwarded-for"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Get("X-Forwarded-For")
|
|
want := "host, 127.0.0.1"
|
|
if xff != want {
|
|
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddXff2",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-for", "host"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1StripXff tests that --strip-incoming-x-forwarded-for
|
|
// option.
|
|
func TestH2H1StripXff(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--strip-incoming-x-forwarded-for"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if xff, found := r.Header["X-Forwarded-For"]; found {
|
|
t.Errorf("X-Forwarded-For = %v; want nothing", xff)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1StripXff",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-for", "host"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1StripAddXff tests that --strip-incoming-x-forwarded-for and
|
|
// --add-x-forwarded-for options.
|
|
func TestH2H1StripAddXff(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--strip-incoming-x-forwarded-for",
|
|
"--add-x-forwarded-for",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Get("X-Forwarded-For")
|
|
want := "127.0.0.1"
|
|
if xff != want {
|
|
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1StripAddXff",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-for", "host"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddForwardedObfuscated tests that server generates
|
|
// Forwarded header field with obfuscated "by" and "for" parameters.
|
|
func TestH2H1AddForwardedObfuscated(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--add-forwarded=by,for,host,proto"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
pattern := fmt.Sprintf(`by=_[^;]+;for=_[^;]+;host="127\.0\.0\.1:%v";proto=http`, serverPort)
|
|
validFwd := regexp.MustCompile(pattern)
|
|
got := r.Header.Get("Forwarded")
|
|
|
|
if !validFwd.MatchString(got) {
|
|
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddForwardedObfuscated",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddForwardedByIP tests that server generates Forwarded header
|
|
// field with IP address in "by" parameter.
|
|
func TestH2H1AddForwardedByIP(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--add-forwarded=by,for", "--forwarded-by=ip"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
pattern := fmt.Sprintf(`by="127\.0\.0\.1:%v";for=_[^;]+`, serverPort)
|
|
validFwd := regexp.MustCompile(pattern)
|
|
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
|
|
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddForwardedByIP",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddForwardedForIP tests that server generates Forwarded header
|
|
// field with IP address in "for" parameters.
|
|
func TestH2H1AddForwardedForIP(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--add-forwarded=by,for,host,proto",
|
|
"--forwarded-by=_alpha",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
want := fmt.Sprintf(`by=_alpha;for=127.0.0.1;host="127.0.0.1:%v";proto=http`, serverPort)
|
|
if got := r.Header.Get("Forwarded"); got != want {
|
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddForwardedForIP",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddForwardedMerge tests that server generates Forwarded
|
|
// header field with IP address in "by" and "for" parameters. The
|
|
// generated values must be appended to the existing value.
|
|
func TestH2H1AddForwardedMerge(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--add-forwarded=proto"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("Forwarded"), `host=foo, proto=http`; got != want {
|
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddForwardedMerge",
|
|
header: []hpack.HeaderField{
|
|
pair("forwarded", "host=foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddForwardedStrip tests that server generates Forwarded
|
|
// header field with IP address in "by" and "for" parameters. The
|
|
// generated values must not include the existing value.
|
|
func TestH2H1AddForwardedStrip(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--strip-incoming-forwarded",
|
|
"--add-forwarded=proto",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("Forwarded"), `proto=http`; got != want {
|
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddForwardedStrip",
|
|
header: []hpack.HeaderField{
|
|
pair("forwarded", "host=foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1StripForwarded tests that server strips incoming Forwarded
|
|
// header field.
|
|
func TestH2H1StripForwarded(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--strip-incoming-forwarded"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, found := r.Header["Forwarded"]; found {
|
|
t.Errorf("Forwarded = %v; want nothing", got)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1StripForwarded",
|
|
header: []hpack.HeaderField{
|
|
pair("forwarded", "host=foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AddForwardedStatic tests that server generates Forwarded
|
|
// header field with the given static obfuscated string for "by"
|
|
// parameter.
|
|
func TestH2H1AddForwardedStatic(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--add-forwarded=by,for",
|
|
"--forwarded-by=_alpha",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
pattern := `by=_alpha;for=_[^;]+`
|
|
validFwd := regexp.MustCompile(pattern)
|
|
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
|
|
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AddForwardedStatic",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1GenerateVia tests that server generates Via header field to and
|
|
// from backend server.
|
|
func TestH2H1GenerateVia(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("Via"), "2 nghttpx"; got != want {
|
|
t.Errorf("Via: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1GenerateVia",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.header.Get("Via"), "1.1 nghttpx"; got != want {
|
|
t.Errorf("Via: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AppendVia tests that server adds value to existing Via
|
|
// header field to and from backend server.
|
|
func TestH2H1AppendVia(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("Via"), "foo, 2 nghttpx"; got != want {
|
|
t.Errorf("Via: %v; want %v", got, want)
|
|
}
|
|
w.Header().Add("Via", "bar")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AppendVia",
|
|
header: []hpack.HeaderField{
|
|
pair("via", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.header.Get("Via"), "bar, 1.1 nghttpx"; got != want {
|
|
t.Errorf("Via: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1NoVia tests that server does not add value to existing Via
|
|
// header field to and from backend server.
|
|
func TestH2H1NoVia(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--no-via"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("Via"), "foo"; got != want {
|
|
t.Errorf("Via: %v; want %v", got, want)
|
|
}
|
|
w.Header().Add("Via", "bar")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1NoVia",
|
|
header: []hpack.HeaderField{
|
|
pair("via", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.header.Get("Via"), "bar"; got != want {
|
|
t.Errorf("Via: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1HostRewrite tests that server rewrites host header field
|
|
func TestH2H1HostRewrite(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--host-rewrite"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("request-host", r.Host)
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1HostRewrite",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
if got, want := res.header.Get("request-host"), st.backendHost; got != want {
|
|
t.Errorf("request-host: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1NoHostRewrite tests that server does not rewrite host
|
|
// header field
|
|
func TestH2H1NoHostRewrite(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("request-host", r.Host)
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1NoHostRewrite",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
if got, want := res.header.Get("request-host"), st.frontendHost; got != want {
|
|
t.Errorf("request-host: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1BadRequestCL tests that server rejects request whose
|
|
// content-length header field value does not match its request body
|
|
// size.
|
|
func TestH2H1BadRequestCL(t *testing.T) {
|
|
st := newServerTester(t, options{})
|
|
defer st.Close()
|
|
|
|
// we set content-length: 1024, but the actual request body is
|
|
// 3 bytes.
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1BadRequestCL",
|
|
method: "POST",
|
|
header: []hpack.HeaderField{
|
|
pair("content-length", "1024"),
|
|
},
|
|
body: []byte("foo"),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
want := http2.ErrCodeProtocol
|
|
if res.errCode != want {
|
|
t.Errorf("res.errCode = %v; want %v", res.errCode, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1BadResponseCL tests that server returns error when
|
|
// content-length response header field value does not match its
|
|
// response body size.
|
|
func TestH2H1BadResponseCL(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
// we set content-length: 1024, but only send 3 bytes.
|
|
w.Header().Add("Content-Length", "1024")
|
|
w.Write([]byte("foo"))
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1BadResponseCL",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
want := http2.ErrCodeInternal
|
|
if res.errCode != want {
|
|
t.Errorf("res.errCode = %v; want %v", res.errCode, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1LocationRewrite tests location header field rewriting
|
|
// works.
|
|
func TestH2H1LocationRewrite(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
// TODO we cannot get st.ts's port number
|
|
// here.. 8443 is just a place holder. We
|
|
// ignore it on rewrite.
|
|
w.Header().Add("Location", "http://127.0.0.1:8443/p/q?a=b#fragment")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1LocationRewrite",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
want := fmt.Sprintf("http://127.0.0.1:%v/p/q?a=b#fragment", serverPort)
|
|
if got := res.header.Get("Location"); got != want {
|
|
t.Errorf("Location: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ChunkedRequestBody tests that chunked request body works.
|
|
func TestH2H1ChunkedRequestBody(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
want := "[chunked]"
|
|
if got := fmt.Sprint(r.TransferEncoding); got != want {
|
|
t.Errorf("Transfer-Encoding: %v; want %v", got, want)
|
|
}
|
|
body, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
t.Fatalf("Error reading r.body: %v", err)
|
|
}
|
|
want = "foo"
|
|
if got := string(body); got != want {
|
|
t.Errorf("body: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ChunkedRequestBody",
|
|
method: "POST",
|
|
body: []byte("foo"),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1MultipleRequestCL tests that server rejects request with
|
|
// multiple Content-Length request header fields.
|
|
func TestH2H1MultipleRequestCL(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward bad request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1MultipleRequestCL",
|
|
header: []hpack.HeaderField{
|
|
pair("content-length", "1"),
|
|
pair("content-length", "1"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
|
|
t.Errorf("res.errCode: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1InvalidRequestCL tests that server rejects request with
|
|
// Content-Length which cannot be parsed as a number.
|
|
func TestH2H1InvalidRequestCL(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward bad request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1InvalidRequestCL",
|
|
header: []hpack.HeaderField{
|
|
pair("content-length", ""),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
|
|
t.Errorf("res.errCode: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// // TestH2H1ConnectFailure tests that server handles the situation that
|
|
// // connection attempt to HTTP/1 backend failed.
|
|
// func TestH2H1ConnectFailure(t *testing.T) {
|
|
// st := newServerTester(t, options{})
|
|
// defer st.Close()
|
|
|
|
// // shutdown backend server to simulate backend connect failure
|
|
// st.ts.Close()
|
|
|
|
// res, err := st.http2(requestParam{
|
|
// name: "TestH2H1ConnectFailure",
|
|
// })
|
|
// if err != nil {
|
|
// t.Fatalf("Error st.http2() = %v", err)
|
|
// }
|
|
// want := 503
|
|
// if got := res.status; got != want {
|
|
// t.Errorf("status: %v; want %v", got, want)
|
|
// }
|
|
// }
|
|
|
|
// TestH2H1InvalidMethod tests that server rejects invalid method with
|
|
// 501.
|
|
func TestH2H1InvalidMethod(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1InvalidMethod",
|
|
method: "get",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 501; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1BadAuthority tests that server rejects request including
|
|
// bad characters in :authority header field.
|
|
func TestH2H1BadAuthority(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1BadAuthority",
|
|
authority: `foo\bar`,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
|
|
t.Errorf("res.errCode: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1BadScheme tests that server rejects request including
|
|
// bad characters in :scheme header field.
|
|
func TestH2H1BadScheme(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1BadScheme",
|
|
scheme: "http*",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
|
|
t.Errorf("res.errCode: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AssembleCookies tests that crumbled cookies in HTTP/2
|
|
// request is assembled into 1 when forwarding to HTTP/1 backend link.
|
|
func TestH2H1AssembleCookies(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("Cookie"), "alpha; bravo; charlie"; got != want {
|
|
t.Errorf("Cookie: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AssembleCookies",
|
|
header: []hpack.HeaderField{
|
|
pair("cookie", "alpha"),
|
|
pair("cookie", "bravo"),
|
|
pair("cookie", "charlie"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1TETrailers tests that server accepts TE request header
|
|
// field if it has trailers only.
|
|
func TestH2H1TETrailers(t *testing.T) {
|
|
st := newServerTester(t, options{})
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1TETrailers",
|
|
header: []hpack.HeaderField{
|
|
pair("te", "trailers"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1TEGzip tests that server resets stream if TE request header
|
|
// field contains gzip.
|
|
func TestH2H1TEGzip(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Error("server should not forward bad request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1TEGzip",
|
|
header: []hpack.HeaderField{
|
|
pair("te", "gzip"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
|
|
t.Errorf("res.errCode = %v; want %v", res.errCode, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1SNI tests server's TLS SNI extension feature. It must
|
|
// choose appropriate certificate depending on the indicated
|
|
// server_name from client.
|
|
func TestH2H1SNI(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--subcert=" + testDir + "/alt-server.key:" + testDir + "/alt-server.crt"},
|
|
tls: true,
|
|
tlsConfig: &tls.Config{
|
|
ServerName: "alt-domain",
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
tlsConn := st.conn.(*tls.Conn)
|
|
connState := tlsConn.ConnectionState()
|
|
cert := connState.PeerCertificates[0]
|
|
|
|
if got, want := cert.Subject.CommonName, "alt-domain"; got != want {
|
|
t.Errorf("CommonName: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1TLSXfp tests nghttpx sends x-forwarded-proto header field
|
|
// with http value since :scheme is http, even if the frontend
|
|
// connection is encrypted.
|
|
func TestH2H1TLSXfp(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("x-forwarded-proto"), "http"; got != want {
|
|
t.Errorf("x-forwarded-proto: want %v; got %v", want, got)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1TLSXfp",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ServerPush tests server push using Link header field from
|
|
// backend server.
|
|
func TestH2H1ServerPush(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
// only resources marked as rel=preload are pushed
|
|
if !strings.HasPrefix(r.URL.Path, "/css/") {
|
|
w.Header().Add("Link", "</css/main.css>; rel=preload, </foo>, </css/theme.css>; rel=preload")
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ServerPush",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
if got, want := len(res.pushResponse), 2; got != want {
|
|
t.Fatalf("len(res.pushResponse): %v; want %v", got, want)
|
|
}
|
|
mainCSS := res.pushResponse[0]
|
|
if got, want := mainCSS.status, 200; got != want {
|
|
t.Errorf("mainCSS.status: %v; want %v", got, want)
|
|
}
|
|
themeCSS := res.pushResponse[1]
|
|
if got, want := themeCSS.status, 200; got != want {
|
|
t.Errorf("themeCSS.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RequestTrailer tests request trailer part is forwarded to
|
|
// backend.
|
|
func TestH2H1RequestTrailer(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
buf := make([]byte, 4096)
|
|
for {
|
|
_, err := r.Body.Read(buf)
|
|
if err == io.EOF {
|
|
break
|
|
}
|
|
if err != nil {
|
|
t.Fatalf("r.Body.Read() = %v", err)
|
|
}
|
|
}
|
|
if got, want := r.Trailer.Get("foo"), "bar"; got != want {
|
|
t.Errorf("r.Trailer.Get(foo): %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RequestTrailer",
|
|
body: []byte("1"),
|
|
trailer: []hpack.HeaderField{
|
|
pair("foo", "bar"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1HeaderFieldBuffer tests that request with header fields
|
|
// larger than configured buffer size is rejected.
|
|
func TestH2H1HeaderFieldBuffer(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--request-header-field-buffer=10"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatal("execution path should not be here")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1HeaderFieldBuffer",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 431; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1HeaderFields tests that request with header fields more
|
|
// than configured number is rejected.
|
|
func TestH2H1HeaderFields(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--max-request-header-fields=1"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatal("execution path should not be here")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1HeaderFields",
|
|
// we have at least 4 pseudo-header fields sent, and
|
|
// that ensures that buffer limit exceeds.
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 431; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ReqPhaseSetHeader tests mruby request phase hook
|
|
// modifies request header fields.
|
|
func TestH2H1ReqPhaseSetHeader(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--mruby-file=" + testDir + "/req-set-header.rb"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("User-Agent"), "mruby"; got != want {
|
|
t.Errorf("User-Agent = %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ReqPhaseSetHeader",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ReqPhaseReturn tests mruby request phase hook returns
|
|
// custom response.
|
|
func TestH2H1ReqPhaseReturn(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ReqPhaseReturn",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 404; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
hdtests := []struct {
|
|
k, v string
|
|
}{
|
|
{"content-length", "20"},
|
|
{"from", "mruby"},
|
|
}
|
|
for _, tt := range hdtests {
|
|
if got, want := res.header.Get(tt.k), tt.v; got != want {
|
|
t.Errorf("%v = %v; want %v", tt.k, got, want)
|
|
}
|
|
}
|
|
|
|
if got, want := string(res.body), "Hello World from req"; got != want {
|
|
t.Errorf("body = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RespPhaseSetHeader tests mruby response phase hook modifies
|
|
// response header fields.
|
|
func TestH2H1RespPhaseSetHeader(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--mruby-file=" + testDir + "/resp-set-header.rb"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RespPhaseSetHeader",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
if got, want := res.header.Get("alpha"), "bravo"; got != want {
|
|
t.Errorf("alpha = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RespPhaseReturn tests mruby response phase hook returns
|
|
// custom response.
|
|
func TestH2H1RespPhaseReturn(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--mruby-file=" + testDir + "/resp-return.rb"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RespPhaseReturn",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 404; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
hdtests := []struct {
|
|
k, v string
|
|
}{
|
|
{"content-length", "21"},
|
|
{"from", "mruby"},
|
|
}
|
|
for _, tt := range hdtests {
|
|
if got, want := res.header.Get(tt.k), tt.v; got != want {
|
|
t.Errorf("%v = %v; want %v", tt.k, got, want)
|
|
}
|
|
}
|
|
|
|
if got, want := string(res.body), "Hello World from resp"; got != want {
|
|
t.Errorf("body = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1Upgrade tests HTTP Upgrade to HTTP/2
|
|
func TestH2H1Upgrade(t *testing.T) {
|
|
st := newServerTester(t, options{})
|
|
defer st.Close()
|
|
|
|
res, err := st.http1(requestParam{
|
|
name: "TestH2H1Upgrade",
|
|
header: []hpack.HeaderField{
|
|
pair("Connection", "Upgrade, HTTP2-Settings"),
|
|
pair("Upgrade", "h2c"),
|
|
pair("HTTP2-Settings", "AAMAAABkAAQAAP__"),
|
|
},
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http1() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 101; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
|
|
res, err = st.http2(requestParam{
|
|
httpUpgrade: true,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1ForwardedForObfuscated tests that Forwarded
|
|
// header field includes obfuscated address even if PROXY protocol
|
|
// version 1 containing TCP4 entry is accepted.
|
|
func TestH2H1ProxyProtocolV1ForwardedForObfuscated(t *testing.T) {
|
|
pattern := fmt.Sprintf(`^for=_[^;]+$`)
|
|
validFwd := regexp.MustCompile(pattern)
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=obfuscated",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
|
|
t.Errorf("Forwarded: %v; want pattern %v", got, pattern)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP4 192.168.0.2 192.168.0.100 12345 8080\r\n"))
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1ForwardedForObfuscated",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1TCP4 tests PROXY protocol version 1
|
|
// containing TCP4 entry is accepted and X-Forwarded-For contains
|
|
// advertised src address.
|
|
func TestH2H1ProxyProtocolV1TCP4(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "192.168.0.2"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), "for=192.168.0.2"; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP4 192.168.0.2 192.168.0.100 12345 8080\r\n"))
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1TCP4",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1TCP6 tests PROXY protocol version 1
|
|
// containing TCP6 entry is accepted and X-Forwarded-For contains
|
|
// advertised src address.
|
|
func TestH2H1ProxyProtocolV1TCP6(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "2001:0db8:85a3:0000:0000:8a2e:0370:7334"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), `for="[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"`; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 2001:0db8:85a3:0000:0000:8a2e:0370:7334 ::1 12345 8080\r\n"))
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1TCP6",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1Unknown tests PROXY protocol version 1
|
|
// containing UNKNOWN entry is accepted.
|
|
func TestH2H1ProxyProtocolV1Unknown(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, notWant := r.Header.Get("X-Forwarded-For"), "192.168.0.2"; got == notWant {
|
|
t.Errorf("X-Forwarded-For: %v; want something else", got)
|
|
}
|
|
if got, notWant := r.Header.Get("Forwarded"), "for=192.168.0.2"; got == notWant {
|
|
t.Errorf("Forwarded: %v; want something else", got)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY UNKNOWN 192.168.0.2 192.168.0.100 12345 8080\r\n"))
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1Unknown",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1JustUnknown tests PROXY protocol version 1
|
|
// containing only "PROXY UNKNOWN" is accepted.
|
|
func TestH2H1ProxyProtocolV1JustUnknown(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY UNKNOWN\r\n"))
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1JustUnknown",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1TooLongLine tests PROXY protocol version 1
|
|
// line longer than 107 bytes must be rejected
|
|
func TestH2H1ProxyProtocolV1TooLongLine(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY UNKNOWN ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535 655350\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1TooLongLine",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1BadLineEnd tests that PROXY protocol version
|
|
// 1 line ending without \r\n should be rejected.
|
|
func TestH2H1ProxyProtocolV1BadLineEnd(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 8080\r \n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1BadLineEnd",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1NoEnd tests that PROXY protocol version 1
|
|
// line containing no \r\n should be rejected.
|
|
func TestH2H1ProxyProtocolV1NoEnd(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 8080"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1NoEnd",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1EmbeddedNULL tests that PROXY protocol
|
|
// version 1 line containing NULL character should be rejected.
|
|
func TestH2H1ProxyProtocolV1EmbeddedNULL(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
b := []byte("PROXY TCP6 ::1*foo ::1 12345 8080\r\n")
|
|
b[14] = 0
|
|
st.conn.Write(b)
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1EmbeddedNULL",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1MissingSrcPort tests that PROXY protocol
|
|
// version 1 line without src port should be rejected.
|
|
func TestH2H1ProxyProtocolV1MissingSrcPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1MissingSrcPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1MissingDstPort tests that PROXY protocol
|
|
// version 1 line without dst port should be rejected.
|
|
func TestH2H1ProxyProtocolV1MissingDstPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 \r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1MissingDstPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1InvalidSrcPort tests that PROXY protocol
|
|
// containing invalid src port should be rejected.
|
|
func TestH2H1ProxyProtocolV1InvalidSrcPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 123x 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1InvalidSrcPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1InvalidDstPort tests that PROXY protocol
|
|
// containing invalid dst port should be rejected.
|
|
func TestH2H1ProxyProtocolV1InvalidDstPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 123456 80x\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1InvalidDstPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1LeadingZeroPort tests that PROXY protocol
|
|
// version 1 line with non zero port with leading zero should be
|
|
// rejected.
|
|
func TestH2H1ProxyProtocolV1LeadingZeroPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 03000 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1LeadingZeroPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1TooLargeSrcPort tests that PROXY protocol
|
|
// containing too large src port should be rejected.
|
|
func TestH2H1ProxyProtocolV1TooLargeSrcPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 65536 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1TooLargeSrcPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1TooLargeDstPort tests that PROXY protocol
|
|
// containing too large dst port should be rejected.
|
|
func TestH2H1ProxyProtocolV1TooLargeDstPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 65536\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1TooLargeDstPort",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1InvalidSrcAddr tests that PROXY protocol
|
|
// containing invalid src addr should be rejected.
|
|
func TestH2H1ProxyProtocolV1InvalidSrcAddr(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 192.168.0.1 ::1 12345 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1InvalidSrcAddr",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1InvalidDstAddr tests that PROXY protocol
|
|
// containing invalid dst addr should be rejected.
|
|
func TestH2H1ProxyProtocolV1InvalidDstAddr(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY TCP6 ::1 192.168.0.1 12345 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1InvalidDstAddr",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1InvalidProtoFamily tests that PROXY protocol
|
|
// containing invalid protocol family should be rejected.
|
|
func TestH2H1ProxyProtocolV1InvalidProtoFamily(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PROXY UNIX ::1 ::1 12345 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1InvalidProtoFamily",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV1InvalidID tests that PROXY protocol
|
|
// containing invalid PROXY protocol version 1 ID should be rejected.
|
|
func TestH2H1ProxyProtocolV1InvalidID(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
st.conn.Write([]byte("PR0XY TCP6 ::1 ::1 12345 8080\r\n"))
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV1InvalidID",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV2TCP4 tests PROXY protocol version 2
|
|
// containing AF_INET family is accepted and X-Forwarded-For contains
|
|
// advertised src address.
|
|
func TestH2H1ProxyProtocolV2TCP4(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "192.168.0.2"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), "for=192.168.0.2"; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
var b bytes.Buffer
|
|
writeProxyProtocolV2(&b, proxyProtocolV2{
|
|
command: proxyProtocolV2CommandProxy,
|
|
sourceAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("192.168.0.2").To4(),
|
|
Port: 12345,
|
|
},
|
|
destinationAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("192.168.0.100").To4(),
|
|
Port: 8080,
|
|
},
|
|
additionalData: []byte("foobar"),
|
|
})
|
|
st.conn.Write(b.Bytes())
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV2TCP4",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV2TCP6 tests PROXY protocol version 2
|
|
// containing AF_INET6 family is accepted and X-Forwarded-For contains
|
|
// advertised src address.
|
|
func TestH2H1ProxyProtocolV2TCP6(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "2001:db8:85a3::8a2e:370:7334"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), `for="[2001:db8:85a3::8a2e:370:7334]"`; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
var b bytes.Buffer
|
|
writeProxyProtocolV2(&b, proxyProtocolV2{
|
|
command: proxyProtocolV2CommandProxy,
|
|
sourceAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("2001:0db8:85a3:0000:0000:8a2e:0370:7334"),
|
|
Port: 12345,
|
|
},
|
|
destinationAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("::1"),
|
|
Port: 8080,
|
|
},
|
|
additionalData: []byte("foobar"),
|
|
})
|
|
st.conn.Write(b.Bytes())
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV2TCP6",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV2Local tests PROXY protocol version 2
|
|
// containing cmd == Local is ignored.
|
|
func TestH2H1ProxyProtocolV2Local(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "127.0.0.1"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), "for=127.0.0.1"; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
var b bytes.Buffer
|
|
writeProxyProtocolV2(&b, proxyProtocolV2{
|
|
command: proxyProtocolV2CommandLocal,
|
|
sourceAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("192.168.0.2").To4(),
|
|
Port: 12345,
|
|
},
|
|
destinationAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("192.168.0.100").To4(),
|
|
Port: 8080,
|
|
},
|
|
additionalData: []byte("foobar"),
|
|
})
|
|
st.conn.Write(b.Bytes())
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV2Local",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV2UnknownCmd tests PROXY protocol version 2
|
|
// containing unknown cmd should be rejected.
|
|
func TestH2H1ProxyProtocolV2UnknownCmd(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--accept-proxy-protocol"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
var b bytes.Buffer
|
|
writeProxyProtocolV2(&b, proxyProtocolV2{
|
|
command: 0xf,
|
|
sourceAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("192.168.0.2").To4(),
|
|
Port: 12345,
|
|
},
|
|
destinationAddress: &net.TCPAddr{
|
|
IP: net.ParseIP("192.168.0.100").To4(),
|
|
Port: 8080,
|
|
},
|
|
additionalData: []byte("foobar"),
|
|
})
|
|
st.conn.Write(b.Bytes())
|
|
|
|
_, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV2UnknownCmd",
|
|
})
|
|
|
|
if err == nil {
|
|
t.Fatalf("connection was not terminated")
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV2Unix tests PROXY protocol version 2
|
|
// containing AF_UNIX family is ignored.
|
|
func TestH2H1ProxyProtocolV2Unix(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "127.0.0.1"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), "for=127.0.0.1"; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
var b bytes.Buffer
|
|
writeProxyProtocolV2(&b, proxyProtocolV2{
|
|
command: proxyProtocolV2CommandProxy,
|
|
sourceAddress: &net.UnixAddr{
|
|
Name: "/foo",
|
|
Net: "unix",
|
|
},
|
|
destinationAddress: &net.UnixAddr{
|
|
Name: "/bar",
|
|
Net: "unix",
|
|
},
|
|
additionalData: []byte("foobar"),
|
|
})
|
|
st.conn.Write(b.Bytes())
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV2Unix",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ProxyProtocolV2Unspec tests PROXY protocol version 2
|
|
// containing AF_UNSPEC family is ignored.
|
|
func TestH2H1ProxyProtocolV2Unspec(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--accept-proxy-protocol",
|
|
"--add-x-forwarded-for",
|
|
"--add-forwarded=for",
|
|
"--forwarded-for=ip",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("X-Forwarded-For"), "127.0.0.1"; got != want {
|
|
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
|
|
}
|
|
if got, want := r.Header.Get("Forwarded"), "for=127.0.0.1"; got != want {
|
|
t.Errorf("Forwarded: %v; want %v", got, want)
|
|
}
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
var b bytes.Buffer
|
|
writeProxyProtocolV2(&b, proxyProtocolV2{
|
|
command: proxyProtocolV2CommandProxy,
|
|
additionalData: []byte("foobar"),
|
|
})
|
|
st.conn.Write(b.Bytes())
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ProxyProtocolV2Unspec",
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ExternalDNS tests that DNS resolution using external DNS
|
|
// with HTTP/1 backend works.
|
|
func TestH2H1ExternalDNS(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--external-dns"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ExternalDNS",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1DNS tests that DNS resolution without external DNS with
|
|
// HTTP/1 backend works.
|
|
func TestH2H1DNS(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--dns"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1DNS",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1HTTPSRedirect tests that the request to the backend which
|
|
// requires TLS is redirected to https URI.
|
|
func TestH2H1HTTPSRedirect(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--redirect-if-not-tls"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1HTTPSRedirect",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 308; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
if got, want := res.header.Get("location"), "https://127.0.0.1/"; got != want {
|
|
t.Errorf("location: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1HTTPSRedirectPort tests that the request to the backend
|
|
// which requires TLS is redirected to https URI with given port.
|
|
func TestH2H1HTTPSRedirectPort(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--redirect-if-not-tls",
|
|
"--redirect-https-port=8443",
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
path: "/foo?bar",
|
|
name: "TestH2H1HTTPSRedirectPort",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 308; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
if got, want := res.header.Get("location"), "https://127.0.0.1:8443/foo?bar"; got != want {
|
|
t.Errorf("location: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1Code204 tests that 204 response without content-length, and
|
|
// transfer-encoding is valid.
|
|
func TestH2H1Code204(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNoContent)
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1Code204",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 204; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1Code204CL0 tests that 204 response with content-length: 0
|
|
// is allowed.
|
|
func TestH2H1Code204CL0(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
hj, ok := w.(http.Hijacker)
|
|
if !ok {
|
|
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
conn, bufrw, err := hj.Hijack()
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
defer conn.Close()
|
|
bufrw.WriteString("HTTP/1.1 204\r\nContent-Length: 0\r\n\r\n")
|
|
bufrw.Flush()
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1Code204CL0",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 204; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
if got, found := res.header["Content-Length"]; found {
|
|
t.Errorf("Content-Length = %v, want nothing", got)
|
|
}
|
|
}
|
|
|
|
// TestH2H1Code204CLNonzero tests that 204 response with nonzero
|
|
// content-length is not allowed.
|
|
func TestH2H1Code204CLNonzero(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
hj, ok := w.(http.Hijacker)
|
|
if !ok {
|
|
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
conn, bufrw, err := hj.Hijack()
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
defer conn.Close()
|
|
bufrw.WriteString("HTTP/1.1 204\r\nContent-Length: 1\r\n\r\n")
|
|
bufrw.Flush()
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1Code204CLNonzero",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 502; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1Code204TE tests that 204 response with transfer-encoding is
|
|
// not allowed.
|
|
func TestH2H1Code204TE(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
hj, ok := w.(http.Hijacker)
|
|
if !ok {
|
|
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
conn, bufrw, err := hj.Hijack()
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
defer conn.Close()
|
|
bufrw.WriteString("HTTP/1.1 204\r\nTransfer-Encoding: chunked\r\n\r\n")
|
|
bufrw.Flush()
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1Code204TE",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 502; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AffinityCookie tests that affinity cookie is sent back in
|
|
// cleartext http.
|
|
func TestH2H1AffinityCookie(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--affinity-cookie"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AffinityCookie",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar`
|
|
validCookie := regexp.MustCompile(pattern)
|
|
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
|
|
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
|
|
}
|
|
}
|
|
|
|
// TestH2H1AffinityCookieTLS tests that affinity cookie is sent back
|
|
// in https.
|
|
func TestH2H1AffinityCookieTLS(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--affinity-cookie"},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1AffinityCookieTLS",
|
|
scheme: "https",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar; Secure`
|
|
validCookie := regexp.MustCompile(pattern)
|
|
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
|
|
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
|
|
}
|
|
}
|
|
|
|
// TestH2H1GracefulShutdown tests graceful shutdown.
|
|
func TestH2H1GracefulShutdown(t *testing.T) {
|
|
st := newServerTester(t, options{})
|
|
defer st.Close()
|
|
|
|
fmt.Fprint(st.conn, "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n")
|
|
if err := st.fr.WriteSettings(); err != nil {
|
|
t.Fatalf("st.fr.WriteSettings(): %v", err)
|
|
}
|
|
|
|
header := []hpack.HeaderField{
|
|
pair(":method", "GET"),
|
|
pair(":scheme", "http"),
|
|
pair(":authority", st.authority),
|
|
pair(":path", "/"),
|
|
}
|
|
|
|
for _, h := range header {
|
|
_ = st.enc.WriteField(h)
|
|
}
|
|
|
|
if err := st.fr.WriteHeaders(http2.HeadersFrameParam{
|
|
StreamID: 1,
|
|
EndStream: false,
|
|
EndHeaders: true,
|
|
BlockFragment: st.headerBlkBuf.Bytes(),
|
|
}); err != nil {
|
|
t.Fatalf("st.fr.WriteHeaders(): %v", err)
|
|
}
|
|
|
|
// send SIGQUIT signal to nghttpx to perform graceful shutdown
|
|
st.cmd.Process.Signal(syscall.SIGQUIT)
|
|
time.Sleep(150 * time.Millisecond)
|
|
|
|
// after signal, finish request body
|
|
if err := st.fr.WriteData(1, true, nil); err != nil {
|
|
t.Fatalf("st.fr.WriteData(): %v", err)
|
|
}
|
|
|
|
numGoAway := 0
|
|
|
|
for {
|
|
fr, err := st.readFrame()
|
|
if err != nil {
|
|
if err == io.EOF {
|
|
want := 2
|
|
if got := numGoAway; got != want {
|
|
t.Fatalf("numGoAway: %v; want %v", got, want)
|
|
}
|
|
return
|
|
}
|
|
t.Fatalf("st.readFrame(): %v", err)
|
|
}
|
|
switch f := fr.(type) {
|
|
case *http2.GoAwayFrame:
|
|
numGoAway += 1
|
|
want := http2.ErrCodeNo
|
|
if got := f.ErrCode; got != want {
|
|
t.Fatalf("f.ErrCode(%v): %v; want %v", numGoAway, got, want)
|
|
}
|
|
switch numGoAway {
|
|
case 1:
|
|
want := (uint32(1) << 31) - 1
|
|
if got := f.LastStreamID; got != want {
|
|
t.Fatalf("f.LastStreamID(%v): %v; want %v", numGoAway, got, want)
|
|
}
|
|
case 2:
|
|
want := uint32(1)
|
|
if got := f.LastStreamID; got != want {
|
|
t.Fatalf("f.LastStreamID(%v): %v; want %v", numGoAway, got, want)
|
|
}
|
|
case 3:
|
|
t.Fatalf("too many GOAWAYs received")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// TestH2H2MultipleResponseCL tests that server returns error if
|
|
// multiple Content-Length response header fields are received.
|
|
func TestH2H2MultipleResponseCL(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("content-length", "1")
|
|
w.Header().Add("content-length", "1")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2MultipleResponseCL",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeInternal; got != want {
|
|
t.Errorf("res.errCode: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2InvalidResponseCL tests that server returns error if
|
|
// Content-Length response header field value cannot be parsed as a
|
|
// number.
|
|
func TestH2H2InvalidResponseCL(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("content-length", "")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2InvalidResponseCL",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.errCode, http2.ErrCodeInternal; got != want {
|
|
t.Errorf("res.errCode: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// // TestH2H2ConnectFailure tests that server handles the situation that
|
|
// // connection attempt to HTTP/2 backend failed.
|
|
// func TestH2H2ConnectFailure(t *testing.T) {
|
|
// opts := options{
|
|
// args: []string{"--http2-bridge"},
|
|
// }
|
|
// st := newServerTester(t, opts)
|
|
// defer st.Close()
|
|
|
|
// // simulate backend connect attempt failure
|
|
// st.ts.Close()
|
|
|
|
// res, err := st.http2(requestParam{
|
|
// name: "TestH2H2ConnectFailure",
|
|
// })
|
|
// if err != nil {
|
|
// t.Fatalf("Error st.http2() = %v", err)
|
|
// }
|
|
// want := 503
|
|
// if got := res.status; got != want {
|
|
// t.Errorf("status: %v; want %v", got, want)
|
|
// }
|
|
// }
|
|
|
|
// TestH2H2HostRewrite tests that server rewrites host header field
|
|
func TestH2H2HostRewrite(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--host-rewrite"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("request-host", r.Host)
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2HostRewrite",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
if got, want := res.header.Get("request-host"), st.backendHost; got != want {
|
|
t.Errorf("request-host: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2NoHostRewrite tests that server does not rewrite host
|
|
// header field
|
|
func TestH2H2NoHostRewrite(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("request-host", r.Host)
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2NoHostRewrite",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
if got, want := res.header.Get("request-host"), st.frontendHost; got != want {
|
|
t.Errorf("request-host: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2TLSXfp tests nghttpx sends x-forwarded-proto header field
|
|
// with http value since :scheme is http, even if the frontend
|
|
// connection is encrypted.
|
|
func TestH2H2TLSXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, want := r.Header.Get("x-forwarded-proto"), "http"; got != want {
|
|
t.Errorf("x-forwarded-proto: want %v; got %v", want, got)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2TLSXfp",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2AddXfp tests that server appends :scheme to the existing
|
|
// x-forwarded-proto header field.
|
|
func TestH2H2AddXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--no-strip-incoming-x-forwarded-proto",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xfp := r.Header.Get("X-Forwarded-Proto")
|
|
if got, want := xfp, "foo, http"; got != want {
|
|
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2AddXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2NoAddXfp tests that server does not append :scheme to the
|
|
// existing x-forwarded-proto header field.
|
|
func TestH2H2NoAddXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--no-add-x-forwarded-proto",
|
|
"--no-strip-incoming-x-forwarded-proto",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xfp := r.Header.Get("X-Forwarded-Proto")
|
|
if got, want := xfp, "foo"; got != want {
|
|
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2NoAddXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2StripXfp tests that server strips incoming
|
|
// x-forwarded-proto header field.
|
|
func TestH2H2StripXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xfp := r.Header.Get("X-Forwarded-Proto")
|
|
if got, want := xfp, "http"; got != want {
|
|
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2StripXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2StripNoAddXfp tests that server strips incoming
|
|
// x-forwarded-proto header field, and does not add another.
|
|
func TestH2H2StripNoAddXfp(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--no-add-x-forwarded-proto"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, found := r.Header["X-Forwarded-Proto"]; found {
|
|
t.Errorf("X-Forwarded-Proto = %q; want nothing", got)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2StripNoAddXfp",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-proto", "foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2AddXff tests that server generates X-Forwarded-For header
|
|
// field when forwarding request to backend.
|
|
func TestH2H2AddXff(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--add-x-forwarded-for"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Get("X-Forwarded-For")
|
|
want := "127.0.0.1"
|
|
if xff != want {
|
|
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2AddXff",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2AddXff2 tests that server appends X-Forwarded-For header
|
|
// field to existing one when forwarding request to backend.
|
|
func TestH2H2AddXff2(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--add-x-forwarded-for"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Get("X-Forwarded-For")
|
|
want := "host, 127.0.0.1"
|
|
if xff != want {
|
|
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2AddXff2",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-for", "host"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2StripXff tests that --strip-incoming-x-forwarded-for
|
|
// option.
|
|
func TestH2H2StripXff(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--strip-incoming-x-forwarded-for",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if xff, found := r.Header["X-Forwarded-For"]; found {
|
|
t.Errorf("X-Forwarded-For = %v; want nothing", xff)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2StripXff",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-for", "host"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2StripAddXff tests that --strip-incoming-x-forwarded-for and
|
|
// --add-x-forwarded-for options.
|
|
func TestH2H2StripAddXff(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--strip-incoming-x-forwarded-for",
|
|
"--add-x-forwarded-for",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Get("X-Forwarded-For")
|
|
want := "127.0.0.1"
|
|
if xff != want {
|
|
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2StripAddXff",
|
|
header: []hpack.HeaderField{
|
|
pair("x-forwarded-for", "host"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2AddForwarded tests that server generates Forwarded header
|
|
// field using static obfuscated "by" parameter.
|
|
func TestH2H2AddForwarded(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--add-forwarded=by,for,host,proto",
|
|
"--forwarded-by=_alpha",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
pattern := fmt.Sprintf(`by=_alpha;for=_[^;]+;host="127\.0\.0\.1:%v";proto=https`, serverPort)
|
|
validFwd := regexp.MustCompile(pattern)
|
|
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
|
|
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2AddForwarded",
|
|
scheme: "https",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2AddForwardedMerge tests that server generates Forwarded
|
|
// header field using static obfuscated "by" parameter, and
|
|
// existing Forwarded header field.
|
|
func TestH2H2AddForwardedMerge(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--add-forwarded=by,host,proto",
|
|
"--forwarded-by=_alpha",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
want := fmt.Sprintf(`host=foo, by=_alpha;host="127.0.0.1:%v";proto=https`, serverPort)
|
|
if got := r.Header.Get("Forwarded"); got != want {
|
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2AddForwardedMerge",
|
|
scheme: "https",
|
|
header: []hpack.HeaderField{
|
|
pair("forwarded", "host=foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2AddForwardedStrip tests that server generates Forwarded
|
|
// header field using static obfuscated "by" parameter, and
|
|
// existing Forwarded header field stripped.
|
|
func TestH2H2AddForwardedStrip(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--strip-incoming-forwarded",
|
|
"--add-forwarded=by,host,proto",
|
|
"--forwarded-by=_alpha",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
want := fmt.Sprintf(`by=_alpha;host="127.0.0.1:%v";proto=https`, serverPort)
|
|
if got := r.Header.Get("Forwarded"); got != want {
|
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2AddForwardedStrip",
|
|
scheme: "https",
|
|
header: []hpack.HeaderField{
|
|
pair("forwarded", "host=foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2StripForwarded tests that server strips incoming Forwarded
|
|
// header field.
|
|
func TestH2H2StripForwarded(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--strip-incoming-forwarded"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
if got, found := r.Header["Forwarded"]; found {
|
|
t.Errorf("Forwarded = %v; want nothing", got)
|
|
}
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2StripForwarded",
|
|
scheme: "https",
|
|
header: []hpack.HeaderField{
|
|
pair("forwarded", "host=foo"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2ReqPhaseReturn tests mruby request phase hook returns
|
|
// custom response.
|
|
func TestH2H2ReqPhaseReturn(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--mruby-file=" + testDir + "/req-return.rb",
|
|
},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2ReqPhaseReturn",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 404; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
hdtests := []struct {
|
|
k, v string
|
|
}{
|
|
{"content-length", "20"},
|
|
{"from", "mruby"},
|
|
}
|
|
for _, tt := range hdtests {
|
|
if got, want := res.header.Get(tt.k), tt.v; got != want {
|
|
t.Errorf("%v = %v; want %v", tt.k, got, want)
|
|
}
|
|
}
|
|
|
|
if got, want := string(res.body), "Hello World from req"; got != want {
|
|
t.Errorf("body = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2RespPhaseReturn tests mruby response phase hook returns
|
|
// custom response.
|
|
func TestH2H2RespPhaseReturn(t *testing.T) {
|
|
opts := options{
|
|
args: []string{
|
|
"--http2-bridge",
|
|
"--mruby-file=" + testDir + "/resp-return.rb",
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2RespPhaseReturn",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 404; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
|
|
hdtests := []struct {
|
|
k, v string
|
|
}{
|
|
{"content-length", "21"},
|
|
{"from", "mruby"},
|
|
}
|
|
for _, tt := range hdtests {
|
|
if got, want := res.header.Get(tt.k), tt.v; got != want {
|
|
t.Errorf("%v = %v; want %v", tt.k, got, want)
|
|
}
|
|
}
|
|
|
|
if got, want := string(res.body), "Hello World from resp"; got != want {
|
|
t.Errorf("body = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2ExternalDNS tests that DNS resolution using external DNS
|
|
// with HTTP/2 backend works.
|
|
func TestH2H2ExternalDNS(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--external-dns"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2ExternalDNS",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2DNS tests that DNS resolution without external DNS with
|
|
// HTTP/2 backend works.
|
|
func TestH2H2DNS(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge", "--dns"},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2DNS",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H2Code204 tests that 204 response without content-length, and
|
|
// transfer-encoding is valid.
|
|
func TestH2H2Code204(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--http2-bridge"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNoContent)
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H2Code204",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 204; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2APIBackendconfig exercise backendconfig API endpoint routine
|
|
// for successful case.
|
|
func TestH2APIBackendconfig(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"-f127.0.0.1,3010;api;no-tls"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
connectPort: 3010,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2APIBackendconfig",
|
|
path: "/api/v1beta1/backendconfig",
|
|
method: "PUT",
|
|
body: []byte(`# comment
|
|
backend=127.0.0.1,3011
|
|
|
|
`),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
|
|
var apiResp APIResponse
|
|
err = json.Unmarshal(res.body, &apiResp)
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshaling API response: %v", err)
|
|
}
|
|
if got, want := apiResp.Status, "Success"; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
if got, want := apiResp.Code, 200; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2APIBackendconfigQuery exercise backendconfig API endpoint
|
|
// routine with query.
|
|
func TestH2APIBackendconfigQuery(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"-f127.0.0.1,3010;api;no-tls"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
connectPort: 3010,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2APIBackendconfigQuery",
|
|
path: "/api/v1beta1/backendconfig?foo=bar",
|
|
method: "PUT",
|
|
body: []byte(`# comment
|
|
backend=127.0.0.1,3011
|
|
|
|
`),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
|
|
var apiResp APIResponse
|
|
err = json.Unmarshal(res.body, &apiResp)
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshaling API response: %v", err)
|
|
}
|
|
if got, want := apiResp.Status, "Success"; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
if got, want := apiResp.Code, 200; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2APIBackendconfigBadMethod exercise backendconfig API endpoint
|
|
// routine with bad method.
|
|
func TestH2APIBackendconfigBadMethod(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"-f127.0.0.1,3010;api;no-tls"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
connectPort: 3010,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2APIBackendconfigBadMethod",
|
|
path: "/api/v1beta1/backendconfig",
|
|
method: "GET",
|
|
body: []byte(`# comment
|
|
backend=127.0.0.1,3011
|
|
|
|
`),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 405; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
|
|
var apiResp APIResponse
|
|
err = json.Unmarshal(res.body, &apiResp)
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshaling API response: %v", err)
|
|
}
|
|
if got, want := apiResp.Status, "Failure"; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
if got, want := apiResp.Code, 405; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2APIConfigrevision tests configrevision API.
|
|
func TestH2APIConfigrevision(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"-f127.0.0.1,3010;api;no-tls"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
connectPort: 3010,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2APIConfigrevision",
|
|
path: "/api/v1beta1/configrevision",
|
|
method: "GET",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want = %v", got, want)
|
|
}
|
|
|
|
var apiResp APIResponse
|
|
d := json.NewDecoder(bytes.NewBuffer(res.body))
|
|
d.UseNumber()
|
|
err = d.Decode(&apiResp)
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshalling API response: %v", err)
|
|
}
|
|
if got, want := apiResp.Status, "Success"; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
if got, want := apiResp.Code, 200; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
if got, want := apiResp.Data["configRevision"], json.Number("0"); got != want {
|
|
t.Errorf(`apiResp.Data["configRevision"]: %v %t; want %v`, got, got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2APINotFound exercise backendconfig API endpoint routine when
|
|
// API endpoint is not found.
|
|
func TestH2APINotFound(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"-f127.0.0.1,3010;api;no-tls"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
connectPort: 3010,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2APINotFound",
|
|
path: "/api/notfound",
|
|
method: "GET",
|
|
body: []byte(`# comment
|
|
backend=127.0.0.1,3011
|
|
|
|
`),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 404; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
|
|
var apiResp APIResponse
|
|
err = json.Unmarshal(res.body, &apiResp)
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshaling API response: %v", err)
|
|
}
|
|
if got, want := apiResp.Status, "Failure"; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
if got, want := apiResp.Code, 404; got != want {
|
|
t.Errorf("apiResp.Status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2Healthmon tests health monitor endpoint.
|
|
func TestH2Healthmon(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"-f127.0.0.1,3011;healthmon;no-tls"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatalf("request should not be forwarded")
|
|
},
|
|
connectPort: 3011,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2Healthmon",
|
|
path: "/alpha/bravo",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 200; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2ResponseBeforeRequestEnd tests the situation where response
|
|
// ends before request body finishes.
|
|
func TestH2ResponseBeforeRequestEnd(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatal("request should not be forwarded")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2ResponseBeforeRequestEnd",
|
|
noEndStream: true,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
if got, want := res.status, 404; got != want {
|
|
t.Errorf("res.status: %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1ChunkedEndsPrematurely tests that a stream is reset if the
|
|
// backend chunked encoded response ends prematurely.
|
|
func TestH2H1ChunkedEndsPrematurely(t *testing.T) {
|
|
opts := options{
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
hj, ok := w.(http.Hijacker)
|
|
if !ok {
|
|
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
conn, bufrw, err := hj.Hijack()
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
defer conn.Close()
|
|
bufrw.WriteString("HTTP/1.1 200\r\nTransfer-Encoding: chunked\r\n\r\n")
|
|
bufrw.Flush()
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1ChunkedEndsPrematurely",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.errCode, http2.ErrCodeInternal; got != want {
|
|
t.Errorf("res.errCode = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RequireHTTPSchemeHTTPSWithoutEncryption verifies that https
|
|
// scheme in non-encrypted connection is treated as error.
|
|
func TestH2H1RequireHTTPSchemeHTTPSWithoutEncryption(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--require-http-scheme"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RequireHTTPSchemeHTTPSWithoutEncryption",
|
|
scheme: "https",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 400; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RequireHTTPSchemeHTTPWithEncryption verifies that http
|
|
// scheme in encrypted connection is treated as error.
|
|
func TestH2H1RequireHTTPSchemeHTTPWithEncryption(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--require-http-scheme"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RequireHTTPSchemeHTTPWithEncryption",
|
|
scheme: "http",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 400; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RequireHTTPSchemeUnknownSchemeWithoutEncryption verifies
|
|
// that unknown scheme in non-encrypted connection is treated as
|
|
// error.
|
|
func TestH2H1RequireHTTPSchemeUnknownSchemeWithoutEncryption(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--require-http-scheme"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RequireHTTPSchemeUnknownSchemeWithoutEncryption",
|
|
scheme: "unknown",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 400; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestH2H1RequireHTTPSchemeUnknownSchemeWithEncryption verifies that
|
|
// unknown scheme in encrypted connection is treated as error.
|
|
func TestH2H1RequireHTTPSchemeUnknownSchemeWithEncryption(t *testing.T) {
|
|
opts := options{
|
|
args: []string{"--require-http-scheme"},
|
|
handler: func(w http.ResponseWriter, r *http.Request) {
|
|
t.Errorf("server should not forward this request")
|
|
},
|
|
tls: true,
|
|
}
|
|
st := newServerTester(t, opts)
|
|
defer st.Close()
|
|
|
|
res, err := st.http2(requestParam{
|
|
name: "TestH2H1RequireHTTPSchemeUnknownSchemeWithEncryption",
|
|
scheme: "unknown",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Error st.http2() = %v", err)
|
|
}
|
|
|
|
if got, want := res.status, 400; got != want {
|
|
t.Errorf("status = %v; want %v", got, want)
|
|
}
|
|
}
|