164 lines
4.6 KiB
Go
Raw Normal View History

// Copyright 2019 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
package explorer
import (
"fmt"
"net/http"
"net/http/httptest"
"testing"
"github.com/ethereum/go-ethereum/swarm/storage/mock/mem"
)
// TestHandler_CORSOrigin validates that the correct Access-Control-Allow-Origin
// header is served with various allowed origin settings.
func TestHandler_CORSOrigin(t *testing.T) {
notAllowedOrigin := "http://not-allowed-origin.com/"
for _, tc := range []struct {
name string
origins []string
}{
{
name: "no origin",
origins: nil,
},
{
name: "single origin",
origins: []string{"http://localhost/"},
},
{
name: "multiple origins",
origins: []string{"http://localhost/", "http://ethereum.org/"},
},
} {
t.Run(tc.name, func(t *testing.T) {
handler := NewHandler(mem.NewGlobalStore(), tc.origins)
origins := tc.origins
if origins == nil {
// handle the "no origin" test case
origins = []string{""}
}
for _, origin := range origins {
t.Run(fmt.Sprintf("get %q", origin), newTestCORSOrigin(handler, origin, origin))
t.Run(fmt.Sprintf("preflight %q", origin), newTestCORSPreflight(handler, origin, origin))
}
t.Run(fmt.Sprintf("get %q", notAllowedOrigin), newTestCORSOrigin(handler, notAllowedOrigin, ""))
t.Run(fmt.Sprintf("preflight %q", notAllowedOrigin), newTestCORSPreflight(handler, notAllowedOrigin, ""))
})
}
t.Run("wildcard", func(t *testing.T) {
handler := NewHandler(mem.NewGlobalStore(), []string{"*"})
for _, origin := range []string{
"http://example.com/",
"http://ethereum.org",
"http://localhost",
} {
t.Run(fmt.Sprintf("get %q", origin), newTestCORSOrigin(handler, origin, origin))
t.Run(fmt.Sprintf("preflight %q", origin), newTestCORSPreflight(handler, origin, origin))
}
})
}
// newTestCORSOrigin returns a test function that validates if wantOrigin CORS header is
// served by the handler for a GET request.
func newTestCORSOrigin(handler http.Handler, origin, wantOrigin string) func(t *testing.T) {
return func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
if err != nil {
t.Fatal(err)
}
req.Header.Set("Origin", origin)
w := httptest.NewRecorder()
handler.ServeHTTP(w, req)
resp := w.Result()
header := resp.Header.Get("Access-Control-Allow-Origin")
if header != wantOrigin {
t.Errorf("got Access-Control-Allow-Origin header %q, want %q", header, wantOrigin)
}
}
}
// newTestCORSPreflight returns a test function that validates if wantOrigin CORS header is
// served by the handler for an OPTIONS CORS preflight request.
func newTestCORSPreflight(handler http.Handler, origin, wantOrigin string) func(t *testing.T) {
return func(t *testing.T) {
req, err := http.NewRequest(http.MethodOptions, "/", nil)
if err != nil {
t.Fatal(err)
}
req.Header.Set("Origin", origin)
req.Header.Set("Access-Control-Request-Method", "GET")
w := httptest.NewRecorder()
handler.ServeHTTP(w, req)
resp := w.Result()
header := resp.Header.Get("Access-Control-Allow-Origin")
if header != wantOrigin {
t.Errorf("got Access-Control-Allow-Origin header %q, want %q", header, wantOrigin)
}
}
}
// TestHandler_noCacheHeaders validates that no cache headers are server.
func TestHandler_noCacheHeaders(t *testing.T) {
handler := NewHandler(mem.NewGlobalStore(), nil)
for _, tc := range []struct {
url string
}{
{
url: "/",
},
{
url: "/api/nodes",
},
{
url: "/api/keys",
},
} {
req, err := http.NewRequest(http.MethodGet, tc.url, nil)
if err != nil {
t.Fatal(err)
}
w := httptest.NewRecorder()
handler.ServeHTTP(w, req)
resp := w.Result()
for header, want := range map[string]string{
"Cache-Control": "no-cache, no-store, must-revalidate",
"Pragma": "no-cache",
"Expires": "0",
} {
got := resp.Header.Get(header)
if got != want {
t.Errorf("got %q header %q for url %q, want %q", header, tc.url, got, want)
}
}
}
}