mirror of
https://github.com/qdm12/gluetun.git
synced 2026-06-25 21:37:31 +02:00
Quentin McGaw
118 lines
2.9 KiB
Go
118 lines
2.9 KiB
Go
//go:build integration
|
|
|
|
package restrictednet
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/netip"
|
|
"testing"
|
|
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/qdm12/dns/v2/pkg/provider"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
type listenAddrPortMatcher struct {
|
|
expected netip.AddrPort
|
|
}
|
|
|
|
func (m listenAddrPortMatcher) Matches(x any) bool {
|
|
ip, ok := x.(netip.AddrPort)
|
|
if !ok {
|
|
return false
|
|
}
|
|
if m.expected.IsValid() {
|
|
return ip == m.expected
|
|
}
|
|
return ip.IsValid() && ip.Addr().IsValid() && ip.Port() > 0
|
|
}
|
|
|
|
func (m listenAddrPortMatcher) String() string {
|
|
if m.expected.IsValid() {
|
|
return "is the same as " + m.expected.String()
|
|
}
|
|
return "is a valid netip.AddrPort with a valid IP and non-zero port"
|
|
}
|
|
|
|
type destinationAddrPortMatcher struct {
|
|
expected netip.AddrPort
|
|
}
|
|
|
|
func (m destinationAddrPortMatcher) Matches(x any) bool {
|
|
ip, ok := x.(netip.AddrPort)
|
|
if !ok {
|
|
return false
|
|
}
|
|
if m.expected.IsValid() {
|
|
return ip == m.expected
|
|
}
|
|
return ip.IsValid() && ip.Port() == m.expected.Port()
|
|
}
|
|
|
|
func (m destinationAddrPortMatcher) String() string {
|
|
if m.expected.IsValid() {
|
|
return "is the same as " + m.expected.String()
|
|
}
|
|
return "matches the port " + fmt.Sprint(m.expected.Port())
|
|
}
|
|
|
|
func Test_Client_OpenHTTPS(t *testing.T) {
|
|
t.Parallel()
|
|
ctx := t.Context()
|
|
ctrl := gomock.NewController(t)
|
|
|
|
const destinationTLSName = "one.one.one.one"
|
|
destinationAddrPort := netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 443)
|
|
|
|
firewall := NewMockFirewall(ctrl)
|
|
sourceMatcher := listenAddrPortMatcher{}
|
|
firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
|
|
ctx, "tcp", "eth0", sourceMatcher, destinationAddrPort, false,
|
|
).DoAndReturn(func(_ context.Context,
|
|
_, _ string, source, _ netip.AddrPort, _ bool,
|
|
) error {
|
|
sourceMatcher.expected = source
|
|
return nil
|
|
})
|
|
firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
|
|
context.Background(), "tcp", "eth0", sourceMatcher, destinationAddrPort, true,
|
|
).Return(nil)
|
|
|
|
const ipv6Supported = false
|
|
upstreamResolvers := []provider.Provider{provider.Google()}
|
|
settings := Settings{
|
|
Firewall: firewall,
|
|
DefaultInterface: "eth0",
|
|
IPv6Supported: ptrTo(ipv6Supported),
|
|
UpstreamResolvers: upstreamResolvers,
|
|
}
|
|
client := New(settings)
|
|
|
|
httpClient, cleanup, err := client.OpenHTTPS(ctx, destinationTLSName, destinationAddrPort)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, httpClient)
|
|
require.NotNil(t, cleanup)
|
|
|
|
const requests = 2
|
|
|
|
for range requests {
|
|
request, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://"+destinationTLSName, nil)
|
|
require.NoError(t, err)
|
|
|
|
response, err := httpClient.Do(request)
|
|
require.NoError(t, err)
|
|
_, err = io.Copy(io.Discard, response.Body)
|
|
require.NoError(t, err)
|
|
err = response.Body.Close()
|
|
require.NoError(t, err)
|
|
assert.Equal(t, http.StatusOK, response.StatusCode)
|
|
}
|
|
|
|
err = cleanup()
|
|
require.NoError(t, err)
|
|
}
|