2019-09-27 15:59:23 -06:00
|
|
|
# Pleroma: A lightweight social networking server
|
2023-01-01 04:11:47 -07:00
|
|
|
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
|
2019-09-27 15:59:23 -06:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2020-06-23 09:16:47 -06:00
|
|
|
defmodule Pleroma.Web.Plugs.RemoteIpTest do
|
2020-10-06 16:02:46 -06:00
|
|
|
use ExUnit.Case
|
2019-09-27 15:59:23 -06:00
|
|
|
use Plug.Test
|
|
|
|
|
2020-06-24 00:30:32 -06:00
|
|
|
alias Pleroma.Web.Plugs.RemoteIp
|
2019-09-27 15:59:23 -06:00
|
|
|
|
2020-10-06 16:02:46 -06:00
|
|
|
import Pleroma.Tests.Helpers, only: [clear_config: 2]
|
|
|
|
|
|
|
|
setup do:
|
|
|
|
clear_config(RemoteIp,
|
|
|
|
enabled: true,
|
|
|
|
headers: ["x-forwarded-for"],
|
|
|
|
proxies: [],
|
|
|
|
reserved: [
|
|
|
|
"127.0.0.0/8",
|
|
|
|
"::1/128",
|
|
|
|
"fc00::/7",
|
|
|
|
"10.0.0.0/8",
|
|
|
|
"172.16.0.0/12",
|
|
|
|
"192.168.0.0/16"
|
|
|
|
]
|
|
|
|
)
|
2020-02-13 11:55:47 -07:00
|
|
|
|
2019-09-27 15:59:23 -06:00
|
|
|
test "disabled" do
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config(RemoteIp, enabled: false)
|
2019-09-27 15:59:23 -06:00
|
|
|
|
|
|
|
%{remote_ip: remote_ip} = conn(:get, "/")
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "1.1.1.1")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
assert conn.remote_ip == remote_ip
|
|
|
|
end
|
|
|
|
|
|
|
|
test "enabled" do
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "1.1.1.1")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
assert conn.remote_ip == {1, 1, 1, 1}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "custom headers" do
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config(RemoteIp, enabled: true, headers: ["cf-connecting-ip"])
|
2019-09-27 15:59:23 -06:00
|
|
|
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "1.1.1.1")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
refute conn.remote_ip == {1, 1, 1, 1}
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("cf-connecting-ip", "1.1.1.1")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
assert conn.remote_ip == {1, 1, 1, 1}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "custom proxies" do
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
refute conn.remote_ip == {1, 1, 1, 1}
|
|
|
|
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config([RemoteIp, :proxies], ["173.245.48.0/20"])
|
2019-09-27 15:59:23 -06:00
|
|
|
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
assert conn.remote_ip == {1, 1, 1, 1}
|
|
|
|
end
|
2020-10-06 16:08:26 -06:00
|
|
|
|
|
|
|
test "proxies set without CIDR format" do
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config([RemoteIp, :proxies], ["173.245.48.1"])
|
2020-10-06 16:08:26 -06:00
|
|
|
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
assert conn.remote_ip == {1, 1, 1, 1}
|
2020-10-07 13:32:09 -06:00
|
|
|
end
|
2020-10-07 13:16:53 -06:00
|
|
|
|
|
|
|
test "proxies set `nonsensical` CIDR" do
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config([RemoteIp, :reserved], ["127.0.0.0/8"])
|
|
|
|
clear_config([RemoteIp, :proxies], ["10.0.0.3/24"])
|
2020-10-07 13:16:53 -06:00
|
|
|
|
|
|
|
conn =
|
|
|
|
conn(:get, "/")
|
|
|
|
|> put_req_header("x-forwarded-for", "10.0.0.3, 1.1.1.1")
|
|
|
|
|> RemoteIp.call(nil)
|
|
|
|
|
|
|
|
assert conn.remote_ip == {1, 1, 1, 1}
|
2020-10-06 16:08:26 -06:00
|
|
|
end
|
2019-09-27 15:59:23 -06:00
|
|
|
end
|