2014-09-18 07:20:18 +08:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2014-09-26 09:28:28 +08:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2014-09-18 07:20:18 +08:00
|
|
|
"testing"
|
2014-09-19 11:12:49 +08:00
|
|
|
|
2023-05-20 20:25:21 +08:00
|
|
|
"gobot.io/x/gobot/v2/gobottest"
|
2014-09-18 07:20:18 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCORSIsOriginAllowed(t *testing.T) {
|
2014-09-26 09:28:28 +08:00
|
|
|
cors := &CORS{AllowOrigins: []string{"*"}}
|
|
|
|
cors.generatePatterns()
|
2014-09-18 07:20:18 +08:00
|
|
|
|
|
|
|
// When all the origins are accepted
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), true)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), true)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://server.com"), true)
|
2014-09-18 07:20:18 +08:00
|
|
|
|
|
|
|
// When one origin is accepted
|
2014-09-26 09:28:28 +08:00
|
|
|
cors = &CORS{AllowOrigins: []string{"http://localhost:8000"}}
|
|
|
|
cors.generatePatterns()
|
2014-09-18 07:20:18 +08:00
|
|
|
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), true)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), false)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://server.com"), false)
|
2014-09-18 07:20:18 +08:00
|
|
|
|
|
|
|
// When several origins are accepted
|
2014-09-26 09:28:28 +08:00
|
|
|
cors = &CORS{AllowOrigins: []string{"http://localhost:*", "http://server.com"}}
|
|
|
|
cors.generatePatterns()
|
2014-09-18 07:20:18 +08:00
|
|
|
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), true)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), true)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://server.com"), true)
|
2014-09-19 00:48:37 +08:00
|
|
|
|
|
|
|
// When several origins are accepted within the same domain
|
2014-09-26 09:28:28 +08:00
|
|
|
cors = &CORS{AllowOrigins: []string{"http://*.server.com"}}
|
|
|
|
cors.generatePatterns()
|
2014-09-19 00:48:37 +08:00
|
|
|
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), false)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), false)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://foo.server.com"), true)
|
|
|
|
gobottest.Assert(t, cors.isOriginAllowed("http://api.server.com"), true)
|
2014-09-19 00:48:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestCORSAllowedHeaders(t *testing.T) {
|
2014-09-26 09:28:28 +08:00
|
|
|
cors := &CORS{AllowOrigins: []string{"*"}, AllowHeaders: []string{"Header1", "Header2"}}
|
2014-09-19 00:48:37 +08:00
|
|
|
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.AllowedHeaders(), "Header1,Header2")
|
2014-09-19 00:48:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestCORSAllowedMethods(t *testing.T) {
|
2014-09-26 09:28:28 +08:00
|
|
|
cors := &CORS{AllowOrigins: []string{"*"}, AllowMethods: []string{"GET", "POST"}}
|
2014-09-19 00:48:37 +08:00
|
|
|
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.AllowedMethods(), "GET,POST")
|
2014-09-19 00:48:37 +08:00
|
|
|
|
|
|
|
cors.AllowMethods = []string{"GET", "POST", "PUT"}
|
|
|
|
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, cors.AllowedMethods(), "GET,POST,PUT")
|
2014-09-18 07:20:18 +08:00
|
|
|
}
|
2014-09-26 09:28:28 +08:00
|
|
|
|
|
|
|
func TestCORS(t *testing.T) {
|
|
|
|
api := initTestAPI()
|
|
|
|
|
|
|
|
// Accepted origin
|
|
|
|
allowedOrigin := []string{"http://server.com"}
|
|
|
|
api.AddHandler(AllowRequestsFrom(allowedOrigin[0]))
|
|
|
|
|
|
|
|
request, _ := http.NewRequest("GET", "/api/", nil)
|
|
|
|
request.Header.Set("Origin", allowedOrigin[0])
|
|
|
|
response := httptest.NewRecorder()
|
|
|
|
api.ServeHTTP(response, request)
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Assert(t, response.Header()["Access-Control-Allow-Origin"], allowedOrigin)
|
2014-09-26 09:28:28 +08:00
|
|
|
|
|
|
|
// Not accepted Origin
|
|
|
|
disallowedOrigin := []string{"http://disallowed.com"}
|
|
|
|
request, _ = http.NewRequest("GET", "/api/", nil)
|
|
|
|
request.Header.Set("Origin", disallowedOrigin[0])
|
|
|
|
response = httptest.NewRecorder()
|
|
|
|
api.ServeHTTP(response, request)
|
2016-02-22 13:21:24 +08:00
|
|
|
gobottest.Refute(t, response.Header()["Access-Control-Allow-Origin"], disallowedOrigin)
|
|
|
|
gobottest.Refute(t, response.Header()["Access-Control-Allow-Origin"], allowedOrigin)
|
2014-09-26 09:28:28 +08:00
|
|
|
}
|