0854f94089
- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries. - Introduced new functions in Cerberus for checking admin authentication and admin whitelist status. - Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted. - Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting. - Created a new utility for checking if an IP is in a CIDR list. - Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns. - Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.
58 lines
1.1 KiB
Go
58 lines
1.1 KiB
Go
package security
|
|
|
|
import "testing"
|
|
|
|
func TestIsIPInCIDRList(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
ip string
|
|
list string
|
|
expected bool
|
|
}{
|
|
{
|
|
name: "empty list",
|
|
ip: "127.0.0.1",
|
|
list: "",
|
|
expected: false,
|
|
},
|
|
{
|
|
name: "direct IP match",
|
|
ip: "127.0.0.1",
|
|
list: "127.0.0.1",
|
|
expected: true,
|
|
},
|
|
{
|
|
name: "cidr match",
|
|
ip: "172.16.5.10",
|
|
list: "172.16.0.0/12",
|
|
expected: true,
|
|
},
|
|
{
|
|
name: "mixed list with whitespace",
|
|
ip: "10.0.0.5",
|
|
list: "192.168.0.0/16, 10.0.0.0/8",
|
|
expected: true,
|
|
},
|
|
{
|
|
name: "no match",
|
|
ip: "203.0.113.10",
|
|
list: "192.168.0.0/16,10.0.0.0/8",
|
|
expected: false,
|
|
},
|
|
{
|
|
name: "invalid client ip",
|
|
ip: "not-an-ip",
|
|
list: "192.168.0.0/16",
|
|
expected: false,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := IsIPInCIDRList(tt.ip, tt.list); got != tt.expected {
|
|
t.Fatalf("expected %v, got %v", tt.expected, got)
|
|
}
|
|
})
|
|
}
|
|
}
|