apps/core
1
0
Fork 0
mirror of https://github.com/datarhei/core.git synced 2025-10-19 22:34:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix proper check of allowed remote values in session token

Browse Source
This commit is contained in:
Ingo Oppermann
2023-07-21 15:40:19 +02:00
parent a8fbdd288f
commit 4b79576340
2 changed files with 198 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
http/middleware/session/session_test.go Normal file
View File

@@ -0,0 +1,135 @@
package session
import (
"encoding/json"
"testing"
"github.com/stretchr/testify/require"
)
func TestVerifySession(t *testing.T) {
jsondata := []byte(`{
"match": "/memfs/6faad99a-c440-4df1-9344-963869718d8d/**",
"remote": [
"foo.example.com"
]
}`)
var rawdata interface{}
err := json.Unmarshal(jsondata, &rawdata)
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://foo.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://bar.example.com")
require.Error(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-0000-963869718d8d/main.m3u8", "http://foo.example.com")
require.Error(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "")
require.Error(t, err)
}
func TestVerifySessionNoRemote(t *testing.T) {
jsondata := []byte(`{
"match": "/memfs/6faad99a-c440-4df1-9344-963869718d8d/**",
"remote": []
}`)
var rawdata interface{}
err := json.Unmarshal(jsondata, &rawdata)
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://cm.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "")
require.NoError(t, err)
jsondata = []byte(`{
"match": "/memfs/6faad99a-c440-4df1-9344-963869718d8d/**"
}`)
err = json.Unmarshal(jsondata, &rawdata)
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://cm.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "")
require.NoError(t, err)
}
func TestVerifySessionWildcardRemote(t *testing.T) {
jsondata := []byte(`{
"match": "/memfs/6faad99a-c440-4df1-9344-963869718d8d/**",
"remote": [
"*.example.com"
]
}`)
var rawdata interface{}
err := json.Unmarshal(jsondata, &rawdata)
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://foo.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://bar.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://sub.bar.example.com")
require.Error(t, err)
}
func TestVerifySessionSuperWildcardRemote(t *testing.T) {
jsondata := []byte(`{
"match": "/memfs/6faad99a-c440-4df1-9344-963869718d8d/**",
"remote": [
"**.example.com"
]
}`)
var rawdata interface{}
err := json.Unmarshal(jsondata, &rawdata)
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://foo.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://bar.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://sub.bar.example.com")
require.NoError(t, err)
}
func TestVerifySessionMultipleRemote(t *testing.T) {
jsondata := []byte(`{
"match": "/memfs/6faad99a-c440-4df1-9344-963869718d8d/**",
"remote": [
"foo.example.com",
"bar.otherdomain.com"
]
}`)
var rawdata interface{}
err := json.Unmarshal(jsondata, &rawdata)
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://foo.example.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://bar.otherdomain.com")
require.NoError(t, err)
_, err = verifySession(rawdata, "/memfs/6faad99a-c440-4df1-9344-963869718d8d/main.m3u8", "http://bar.example.com")
require.Error(t, err)
}