akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
e0a39518ba7672736847a5884ed8f63d8c9ce5c6
Charon/backend/internal/caddy/config_buildacl_test.go
GitHub Actions 8294d6ee49 Add QA test outputs, build scripts, and Dockerfile validation 
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
2025-12-11 18:26:24 +00:00

64 lines
2.0 KiB
Go
Raw Blame History

package caddy
import (
"encoding/json"
"testing"
"github.com/Wikid82/charon/backend/internal/models"
"github.com/stretchr/testify/require"
)
func TestBuildACLHandler_GeoWhitelist(t *testing.T) {
acl := &models.AccessList{Type: "geo_whitelist", CountryCodes: "US,CA", Enabled: true}
h, err := buildACLHandler(acl, "")
require.NoError(t, err)
require.NotNil(t, h)
// Ensure it contains static_response status_code 403
b, _ := json.Marshal(h)
require.Contains(t, string(b), "Access denied: Geographic restriction")
}
func TestBuildACLHandler_LocalNetwork(t *testing.T) {
acl := &models.AccessList{Type: "whitelist", LocalNetworkOnly: true, Enabled: true}
h, err := buildACLHandler(acl, "")
require.NoError(t, err)
require.NotNil(t, h)
b, _ := json.Marshal(h)
require.Contains(t, string(b), "Access denied: Not a local network IP")
}
func TestBuildACLHandler_IPRules(t *testing.T) {
rules := `[ {"cidr": "192.168.1.0/24", "description": "local"} ]`
acl := &models.AccessList{Type: "blacklist", IPRules: rules, Enabled: true}
h, err := buildACLHandler(acl, "")
require.NoError(t, err)
require.NotNil(t, h)
b, _ := json.Marshal(h)
require.Contains(t, string(b), "Access denied: IP blacklisted")
}
func TestBuildACLHandler_InvalidIPJSON(t *testing.T) {
acl := &models.AccessList{Type: "blacklist", IPRules: `invalid-json`, Enabled: true}
h, err := buildACLHandler(acl, "")
require.Error(t, err)
require.Nil(t, h)
}
func TestBuildACLHandler_NoIPRulesReturnsNil(t *testing.T) {
acl := &models.AccessList{Type: "blacklist", IPRules: `[]`, Enabled: true}
h, err := buildACLHandler(acl, "")
require.NoError(t, err)
require.Nil(t, h)
}
func TestBuildACLHandler_Whitelist(t *testing.T) {
rules := `[ { "cidr": "192.168.1.0/24", "description": "local" } ]`
acl := &models.AccessList{Type: "whitelist", IPRules: rules, Enabled: true}
h, err := buildACLHandler(acl, "")
require.NoError(t, err)
require.NotNil(t, h)
b, _ := json.Marshal(h)
require.Contains(t, string(b), "Access denied: IP not in whitelist")
}
Reference in New Issue View Git Blame Copy Permalink