akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
a4b4c0fc838f2706eef411bfa3a0bdfc8be9d42e
Charon/backend/internal/caddy/manager_patch_coverage_test.go
GitHub Actions 3169b05156 fix: skip incomplete system log viewer tests 
- Marked 12 tests as skip pending feature implementation
- Features tracked in GitHub issue #686 (system log viewer feature completion)
- Tests cover sorting by timestamp/level/method/URI/status, pagination controls, filtering by text/level, download functionality
- Unblocks Phase 2 at 91.7% pass rate to proceed to Phase 3 security enforcement validation
- TODO comments in code reference GitHub #686 for feature completion tracking
- Tests skipped: Pagination (3), Search/Filter (2), Download (2), Sorting (1), Log Display (4)
2026-02-09 21:55:55 +00:00

188 lines
7.2 KiB
Go
Raw Blame History

package caddy
import (
"context"
"encoding/base64"
"net/http"
"net/http/httptest"
"os"
"testing"
"github.com/Wikid82/charon/backend/internal/config"
"github.com/Wikid82/charon/backend/internal/crypto"
"github.com/Wikid82/charon/backend/internal/models"
"github.com/stretchr/testify/require"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
)
func TestManagerApplyConfig_DNSProviders_NoKey_SkipsDecryption(t *testing.T) {
caddyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/load" && r.Method == http.MethodPost {
w.WriteHeader(http.StatusOK)
return
}
w.WriteHeader(http.StatusNotFound)
}))
defer caddyServer.Close()
dsn := "file:" + t.Name() + "?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{})
require.NoError(t, err)
require.NoError(t, db.AutoMigrate(
&models.ProxyHost{},
&models.Location{},
&models.Setting{},
&models.CaddyConfig{},
&models.SSLCertificate{},
&models.SecurityConfig{},
&models.SecurityRuleSet{},
&models.SecurityDecision{},
&models.DNSProvider{},
))
db.Create(&models.SecurityConfig{Name: "default", Enabled: true})
db.Create(&models.DNSProvider{Name: "p", ProviderType: "cloudflare", Enabled: true, CredentialsEncrypted: "invalid"})
_ = os.Unsetenv("CHARON_ENCRYPTION_KEY")
_ = os.Unsetenv("ENCRYPTION_KEY")
_ = os.Unsetenv("CERBERUS_ENCRYPTION_KEY")
var capturedLen int
origGen := generateConfigFunc
origVal := validateConfigFunc
defer func() {
generateConfigFunc = origGen
validateConfigFunc = origVal
}()
generateConfigFunc = func(_ []models.ProxyHost, _ string, _ string, _ string, _ string, _ bool, _ bool, _ bool, _ bool, _ bool, _ string, _ []models.SecurityRuleSet, _ map[string]string, _ []models.SecurityDecision, _ *models.SecurityConfig, dnsProviderConfigs []DNSProviderConfig) (*Config, error) {
capturedLen = len(dnsProviderConfigs)
return &Config{}, nil
}
validateConfigFunc = func(_ *Config) error { return nil }
manager := NewManager(newTestClient(t, caddyServer.URL), db, t.TempDir(), "", false, config.SecurityConfig{CerberusEnabled: true})
require.NoError(t, manager.ApplyConfig(context.Background()))
require.Equal(t, 0, capturedLen)
}
func TestManagerApplyConfig_DNSProviders_UsesFallbackEnvKeys(t *testing.T) {
caddyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/load" && r.Method == http.MethodPost {
w.WriteHeader(http.StatusOK)
return
}
w.WriteHeader(http.StatusNotFound)
}))
defer caddyServer.Close()
keyBytes := make([]byte, 32)
keyB64 := base64.StdEncoding.EncodeToString(keyBytes)
t.Setenv("ENCRYPTION_KEY", keyB64)
encryptor, err := crypto.NewEncryptionService(keyB64)
require.NoError(t, err)
ciphertext, err := encryptor.Encrypt([]byte(`{"api_token":"tok"}`))
require.NoError(t, err)
dsn := "file:" + t.Name() + "_fallback?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{})
require.NoError(t, err)
require.NoError(t, db.AutoMigrate(
&models.ProxyHost{},
&models.Location{},
&models.Setting{},
&models.CaddyConfig{},
&models.SSLCertificate{},
&models.SecurityConfig{},
&models.SecurityRuleSet{},
&models.SecurityDecision{},
&models.DNSProvider{},
))
db.Create(&models.SecurityConfig{Name: "default", Enabled: true})
db.Create(&models.DNSProvider{ID: 11, Name: "p", ProviderType: "cloudflare", Enabled: true, CredentialsEncrypted: ciphertext, PropagationTimeout: 99})
var captured []DNSProviderConfig
origGen := generateConfigFunc
origVal := validateConfigFunc
defer func() {
generateConfigFunc = origGen
validateConfigFunc = origVal
}()
generateConfigFunc = func(_ []models.ProxyHost, _ string, _ string, _ string, _ string, _ bool, _ bool, _ bool, _ bool, _ bool, _ string, _ []models.SecurityRuleSet, _ map[string]string, _ []models.SecurityDecision, _ *models.SecurityConfig, dnsProviderConfigs []DNSProviderConfig) (*Config, error) {
captured = append([]DNSProviderConfig(nil), dnsProviderConfigs...)
return &Config{}, nil
}
validateConfigFunc = func(_ *Config) error { return nil }
manager := NewManager(newTestClient(t, caddyServer.URL), db, t.TempDir(), "", false, config.SecurityConfig{CerberusEnabled: true})
require.NoError(t, manager.ApplyConfig(context.Background()))
require.Len(t, captured, 1)
require.Equal(t, uint(11), captured[0].ID)
require.Equal(t, "cloudflare", captured[0].ProviderType)
require.Equal(t, "tok", captured[0].Credentials["api_token"])
}
func TestManagerApplyConfig_DNSProviders_SkipsDecryptOrJSONFailures(t *testing.T) {
caddyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/load" && r.Method == http.MethodPost {
w.WriteHeader(http.StatusOK)
return
}
w.WriteHeader(http.StatusNotFound)
}))
defer caddyServer.Close()
keyBytes := make([]byte, 32)
keyB64 := base64.StdEncoding.EncodeToString(keyBytes)
t.Setenv("CHARON_ENCRYPTION_KEY", keyB64)
encryptor, err := crypto.NewEncryptionService(keyB64)
require.NoError(t, err)
goodCiphertext, err := encryptor.Encrypt([]byte(`{"api_token":"tok"}`))
require.NoError(t, err)
badJSONCiphertext, err := encryptor.Encrypt([]byte(`not-json`))
require.NoError(t, err)
dsn := "file:" + t.Name() + "_skip?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{})
require.NoError(t, err)
require.NoError(t, db.AutoMigrate(
&models.ProxyHost{},
&models.Location{},
&models.Setting{},
&models.CaddyConfig{},
&models.SSLCertificate{},
&models.SecurityConfig{},
&models.SecurityRuleSet{},
&models.SecurityDecision{},
&models.DNSProvider{},
))
db.Create(&models.SecurityConfig{Name: "default", Enabled: true})
db.Create(&models.DNSProvider{ID: 21, UUID: "uuid-empty-21", Name: "empty", ProviderType: "cloudflare", Enabled: true, CredentialsEncrypted: ""})
db.Create(&models.DNSProvider{ID: 22, UUID: "uuid-bad-22", Name: "bad", ProviderType: "cloudflare", Enabled: true, CredentialsEncrypted: "not-base64"})
db.Create(&models.DNSProvider{ID: 23, UUID: "uuid-badjson-23", Name: "badjson", ProviderType: "cloudflare", Enabled: true, CredentialsEncrypted: badJSONCiphertext})
db.Create(&models.DNSProvider{ID: 24, UUID: "uuid-good-24", Name: "good", ProviderType: "cloudflare", Enabled: true, CredentialsEncrypted: goodCiphertext, PropagationTimeout: 7})
var captured []DNSProviderConfig
origGen := generateConfigFunc
origVal := validateConfigFunc
defer func() {
generateConfigFunc = origGen
validateConfigFunc = origVal
}()
generateConfigFunc = func(_ []models.ProxyHost, _ string, _ string, _ string, _ string, _ bool, _ bool, _ bool, _ bool, _ bool, _ string, _ []models.SecurityRuleSet, _ map[string]string, _ []models.SecurityDecision, _ *models.SecurityConfig, dnsProviderConfigs []DNSProviderConfig) (*Config, error) {
captured = append([]DNSProviderConfig(nil), dnsProviderConfigs...)
return &Config{}, nil
}
validateConfigFunc = func(_ *Config) error { return nil }
manager := NewManager(newTestClient(t, caddyServer.URL), db, t.TempDir(), "", false, config.SecurityConfig{CerberusEnabled: true})
require.NoError(t, manager.ApplyConfig(context.Background()))
require.Len(t, captured, 1)
require.Equal(t, uint(24), captured[0].ID)
}
Reference in New Issue View Git Blame Copy Permalink