mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-17 02:48:28 -07:00
fc9ddcf941
Merge in DNS/adguard-home from 1383-client-id to master Updates #1383. Squashed commit of the following: commit ebe2678bfa9bf651a2cb1e64499b38edcf19a7ad Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 27 17:51:59 2021 +0300 - client: check if IP is valid commit 0c330585a170ea149ee75e43dfa65211e057299c Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 27 17:07:50 2021 +0300 - client: find clients by client_id commit 71c9593ee35d996846f061e114b7867c3aa3c978 Merge: 9104f1613e9edd9eAuthor: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jan 27 16:09:45 2021 +0300 Merge branch 'master' into 1383-client-id commit 9104f1615d2d462606c52017df25a422df872cea Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jan 27 13:28:50 2021 +0300 dnsforward: imp tests commit ed47f26e611ade625a2cc2c2f71a291b796bbf8f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jan 27 12:39:52 2021 +0300 dnsforward: fix address commit 98b222ba69a5d265f620c180c960d01c84a1fb3b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 19:50:31 2021 +0300 home: imp code commit 4f3966548a2d8437d0b68207dd108dd1a6cb7d20 Merge: 199fdc05c215b820Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 19:45:13 2021 +0300 Merge branch 'master' into 1383-client-id commit 199fdc056f8a8be5500584f3aaee32865188aedc Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 19:20:37 2021 +0300 all: imp tests, logging, etc commit 35ff14f4d534251aecb2ea60baba225f3eed8a3e Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jan 26 18:55:19 2021 +0300 + client: remove block button from clients with client_id commit 32991a0b4c56583a02fb5e00bba95d96000bce20 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jan 26 18:54:25 2021 +0300 + client: add requests count for client_id commit 2d68df4d2eac4a296d7469923e601dad4575c1a1 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 15:49:50 2021 +0300 stats: handle client ids commit 4e14ab3590328f93a8cd6e9cbe1665baf74f220b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 13:45:25 2021 +0300 openapi: fix example commit ca9cf3f744fe197cace2c28ddc5bc68f71dad1f3 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 13:37:10 2021 +0300 openapi: improve clients find api docs commit f79876e550c424558b704bc316a4cd04f25db011 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 13:18:52 2021 +0300 home: accept ids in clients find commit 5b72595122aa0bd64debadfd753ed8a0e0840629 Merge: 607e241fabf8f65fAuthor: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 25 18:34:56 2021 +0300 Merge branch 'master' into 1383-client-id commit 607e241f1c339dd6397218f70b8301e3de6a1ee0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 25 18:30:39 2021 +0300 dnsforward: fix quic commit f046352fef93e46234c2bbe8ae316d21034260e5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 25 16:53:09 2021 +0300 all: remove wildcard requirement commit 3b679489bae82c54177372be453fe184d8f0bab6 Author: Andrey Meshkov <am@adguard.com> Date: Mon Jan 25 16:02:28 2021 +0300 workDir now supports symlinks commit 0647ab4f113de2223f6949df001f42ecab05c995 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Jan 25 14:59:46 2021 +0300 - client: remove wildcard from domain validation commit b1aec04a4ecadc9d65648ed6d284188fecce01c3 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Jan 25 14:55:39 2021 +0300 + client: add form to download mobileconfig ... and 12 more commits
236 lines
5.8 KiB
Go
236 lines
5.8 KiB
Go
package dnsforward
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/AdguardTeam/dnsproxy/proxy"
|
|
"github.com/lucas-clemente/quic-go"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// testTLSConn is a tlsConn for tests.
|
|
type testTLSConn struct {
|
|
// Conn is embedded here simply to make testTLSConn a net.Conn without
|
|
// acctually implementing all methods.
|
|
net.Conn
|
|
|
|
serverName string
|
|
}
|
|
|
|
// ConnectionState implements the tlsConn interface for testTLSConn.
|
|
func (c testTLSConn) ConnectionState() (cs tls.ConnectionState) {
|
|
cs.ServerName = c.serverName
|
|
|
|
return cs
|
|
}
|
|
|
|
// testQUICSession is a quicSession for tests.
|
|
type testQUICSession struct {
|
|
// Session is embedded here simply to make testQUICSession
|
|
// a quic.Session without acctually implementing all methods.
|
|
quic.Session
|
|
|
|
serverName string
|
|
}
|
|
|
|
// ConnectionState implements the quicSession interface for testQUICSession.
|
|
func (c testQUICSession) ConnectionState() (cs quic.ConnectionState) {
|
|
cs.ServerName = c.serverName
|
|
|
|
return cs
|
|
}
|
|
|
|
func TestProcessClientID(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
proto string
|
|
hostSrvName string
|
|
cliSrvName string
|
|
wantClientID string
|
|
wantErrMsg string
|
|
wantRes resultCode
|
|
}{{
|
|
name: "udp",
|
|
proto: proxy.ProtoUDP,
|
|
hostSrvName: "",
|
|
cliSrvName: "",
|
|
wantClientID: "",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "tls_no_client_id",
|
|
proto: proxy.ProtoTLS,
|
|
hostSrvName: "example.com",
|
|
cliSrvName: "example.com",
|
|
wantClientID: "",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "tls_client_id",
|
|
proto: proxy.ProtoTLS,
|
|
hostSrvName: "example.com",
|
|
cliSrvName: "cli.example.com",
|
|
wantClientID: "cli",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "tls_client_id_hostname_error",
|
|
proto: proxy.ProtoTLS,
|
|
hostSrvName: "example.com",
|
|
cliSrvName: "cli.example.net",
|
|
wantClientID: "",
|
|
wantErrMsg: `client id check: client server name "cli.example.net" doesn't match host server name "example.com"`,
|
|
wantRes: resultCodeError,
|
|
}, {
|
|
name: "tls_invalid_client_id",
|
|
proto: proxy.ProtoTLS,
|
|
hostSrvName: "example.com",
|
|
cliSrvName: "!!!.example.com",
|
|
wantClientID: "",
|
|
wantErrMsg: `client id check: invalid client id: invalid char '!' at index 0 in client id "!!!"`,
|
|
wantRes: resultCodeError,
|
|
}, {
|
|
name: "tls_client_id_too_long",
|
|
proto: proxy.ProtoTLS,
|
|
hostSrvName: "example.com",
|
|
cliSrvName: "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789.example.com",
|
|
wantClientID: "",
|
|
wantErrMsg: `client id check: invalid client id: client id "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" is too long, max: 64`,
|
|
wantRes: resultCodeError,
|
|
}, {
|
|
name: "quic_client_id",
|
|
proto: proxy.ProtoQUIC,
|
|
hostSrvName: "example.com",
|
|
cliSrvName: "cli.example.com",
|
|
wantClientID: "cli",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
srv := &Server{
|
|
conf: ServerConfig{
|
|
TLSConfig: TLSConfig{ServerName: tc.hostSrvName},
|
|
},
|
|
}
|
|
|
|
var conn net.Conn
|
|
if tc.proto == proxy.ProtoTLS {
|
|
conn = testTLSConn{
|
|
serverName: tc.cliSrvName,
|
|
}
|
|
}
|
|
|
|
var qs quic.Session
|
|
if tc.proto == proxy.ProtoQUIC {
|
|
qs = testQUICSession{
|
|
serverName: tc.cliSrvName,
|
|
}
|
|
}
|
|
|
|
dctx := &dnsContext{
|
|
srv: srv,
|
|
proxyCtx: &proxy.DNSContext{
|
|
Proto: tc.proto,
|
|
Conn: conn,
|
|
QUICSession: qs,
|
|
},
|
|
}
|
|
|
|
res := processClientID(dctx)
|
|
assert.Equal(t, tc.wantRes, res)
|
|
assert.Equal(t, tc.wantClientID, dctx.clientID)
|
|
|
|
if tc.wantErrMsg != "" && assert.NotNil(t, dctx.err) {
|
|
assert.Equal(t, tc.wantErrMsg, dctx.err.Error())
|
|
} else {
|
|
assert.Nil(t, dctx.err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestProcessClientID_https(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
path string
|
|
wantClientID string
|
|
wantErrMsg string
|
|
wantRes resultCode
|
|
}{{
|
|
name: "no_client_id",
|
|
path: "/dns-query",
|
|
wantClientID: "",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "no_client_id_slash",
|
|
path: "/dns-query/",
|
|
wantClientID: "",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "client_id",
|
|
path: "/dns-query/cli",
|
|
wantClientID: "cli",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "client_id_slash",
|
|
path: "/dns-query/cli/",
|
|
wantClientID: "cli",
|
|
wantErrMsg: "",
|
|
wantRes: resultCodeSuccess,
|
|
}, {
|
|
name: "bad_url",
|
|
path: "/foo",
|
|
wantClientID: "",
|
|
wantErrMsg: `client id check: invalid path "/foo"`,
|
|
wantRes: resultCodeError,
|
|
}, {
|
|
name: "extra",
|
|
path: "/dns-query/cli/foo",
|
|
wantClientID: "",
|
|
wantErrMsg: `client id check: invalid path "/dns-query/cli/foo": extra parts`,
|
|
wantRes: resultCodeError,
|
|
}, {
|
|
name: "invalid_client_id",
|
|
path: "/dns-query/!!!",
|
|
wantClientID: "",
|
|
wantErrMsg: `client id check: invalid client id: invalid char '!' at index 0 in client id "!!!"`,
|
|
wantRes: resultCodeError,
|
|
}}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
r := &http.Request{
|
|
URL: &url.URL{
|
|
Path: tc.path,
|
|
},
|
|
}
|
|
|
|
dctx := &dnsContext{
|
|
proxyCtx: &proxy.DNSContext{
|
|
Proto: proxy.ProtoHTTPS,
|
|
HTTPRequest: r,
|
|
},
|
|
}
|
|
|
|
res := processClientID(dctx)
|
|
assert.Equal(t, tc.wantRes, res)
|
|
assert.Equal(t, tc.wantClientID, dctx.clientID)
|
|
|
|
if tc.wantErrMsg != "" && assert.NotNil(t, dctx.err) {
|
|
assert.Equal(t, tc.wantErrMsg, dctx.err.Error())
|
|
} else {
|
|
assert.Nil(t, dctx.err)
|
|
}
|
|
})
|
|
}
|
|
}
|