fix(network-proxy, route-utils, route-manager): Normalize IPv6-mapped IPv4 addresses in IP matching functions and remove deprecated legacy configuration methods in NetworkProxy. Update route-utils and route-manager to compare both canonical and IPv6-mapped IP forms, adjust tests accordingly, and clean up legacy exports.
This commit is contained in:
@ -1,116 +1,110 @@
|
||||
import { expect } from '@push.rocks/tapbundle';
|
||||
import { expect, tap } from '@push.rocks/tapbundle';
|
||||
import * as routeUtils from '../../../ts/core/utils/route-utils.js';
|
||||
|
||||
// Test domain matching
|
||||
expect.describe('Route Utils - Domain Matching', async () => {
|
||||
expect.it('should match exact domains', async () => {
|
||||
expect(routeUtils.matchDomain('example.com', 'example.com')).to.be.true;
|
||||
});
|
||||
tap.test('Route Utils - Domain Matching - exact domains', async () => {
|
||||
expect(routeUtils.matchDomain('example.com', 'example.com')).toEqual(true);
|
||||
});
|
||||
|
||||
expect.it('should match wildcard domains', async () => {
|
||||
expect(routeUtils.matchDomain('*.example.com', 'sub.example.com')).to.be.true;
|
||||
expect(routeUtils.matchDomain('*.example.com', 'another.sub.example.com')).to.be.true;
|
||||
expect(routeUtils.matchDomain('*.example.com', 'example.com')).to.be.false;
|
||||
});
|
||||
tap.test('Route Utils - Domain Matching - wildcard domains', async () => {
|
||||
expect(routeUtils.matchDomain('*.example.com', 'sub.example.com')).toEqual(true);
|
||||
expect(routeUtils.matchDomain('*.example.com', 'another.sub.example.com')).toEqual(true);
|
||||
expect(routeUtils.matchDomain('*.example.com', 'example.com')).toEqual(false);
|
||||
});
|
||||
|
||||
expect.it('should match domains case-insensitively', async () => {
|
||||
expect(routeUtils.matchDomain('example.com', 'EXAMPLE.com')).to.be.true;
|
||||
});
|
||||
tap.test('Route Utils - Domain Matching - case insensitivity', async () => {
|
||||
expect(routeUtils.matchDomain('example.com', 'EXAMPLE.com')).toEqual(true);
|
||||
});
|
||||
|
||||
expect.it('should match routes with multiple domain patterns', async () => {
|
||||
expect(routeUtils.matchRouteDomain(['example.com', '*.test.com'], 'example.com')).to.be.true;
|
||||
expect(routeUtils.matchRouteDomain(['example.com', '*.test.com'], 'sub.test.com')).to.be.true;
|
||||
expect(routeUtils.matchRouteDomain(['example.com', '*.test.com'], 'something.else')).to.be.false;
|
||||
});
|
||||
tap.test('Route Utils - Domain Matching - multiple domain patterns', async () => {
|
||||
expect(routeUtils.matchRouteDomain(['example.com', '*.test.com'], 'example.com')).toEqual(true);
|
||||
expect(routeUtils.matchRouteDomain(['example.com', '*.test.com'], 'sub.test.com')).toEqual(true);
|
||||
expect(routeUtils.matchRouteDomain(['example.com', '*.test.com'], 'something.else')).toEqual(false);
|
||||
});
|
||||
|
||||
// Test path matching
|
||||
expect.describe('Route Utils - Path Matching', async () => {
|
||||
expect.it('should match exact paths', async () => {
|
||||
expect(routeUtils.matchPath('/api/users', '/api/users')).to.be.true;
|
||||
});
|
||||
tap.test('Route Utils - Path Matching - exact paths', async () => {
|
||||
expect(routeUtils.matchPath('/api/users', '/api/users')).toEqual(true);
|
||||
});
|
||||
|
||||
expect.it('should match wildcard paths', async () => {
|
||||
expect(routeUtils.matchPath('/api/*', '/api/users')).to.be.true;
|
||||
expect(routeUtils.matchPath('/api/*', '/api/products')).to.be.true;
|
||||
expect(routeUtils.matchPath('/api/*', '/something/else')).to.be.false;
|
||||
});
|
||||
tap.test('Route Utils - Path Matching - wildcard paths', async () => {
|
||||
expect(routeUtils.matchPath('/api/*', '/api/users')).toEqual(true);
|
||||
expect(routeUtils.matchPath('/api/*', '/api/products')).toEqual(true);
|
||||
expect(routeUtils.matchPath('/api/*', '/something/else')).toEqual(false);
|
||||
});
|
||||
|
||||
expect.it('should match complex wildcard patterns', async () => {
|
||||
expect(routeUtils.matchPath('/api/*/details', '/api/users/details')).to.be.true;
|
||||
expect(routeUtils.matchPath('/api/*/details', '/api/products/details')).to.be.true;
|
||||
expect(routeUtils.matchPath('/api/*/details', '/api/users/other')).to.be.false;
|
||||
});
|
||||
tap.test('Route Utils - Path Matching - complex wildcard patterns', async () => {
|
||||
expect(routeUtils.matchPath('/api/*/details', '/api/users/details')).toEqual(true);
|
||||
expect(routeUtils.matchPath('/api/*/details', '/api/products/details')).toEqual(true);
|
||||
expect(routeUtils.matchPath('/api/*/details', '/api/users/other')).toEqual(false);
|
||||
});
|
||||
|
||||
// Test IP matching
|
||||
expect.describe('Route Utils - IP Matching', async () => {
|
||||
expect.it('should match exact IPs', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.1', '192.168.1.1')).to.be.true;
|
||||
});
|
||||
tap.test('Route Utils - IP Matching - exact IPs', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.1', '192.168.1.1')).toEqual(true);
|
||||
});
|
||||
|
||||
expect.it('should match wildcard IPs', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.*', '192.168.1.100')).to.be.true;
|
||||
expect(routeUtils.matchIpPattern('192.168.1.*', '192.168.2.1')).to.be.false;
|
||||
});
|
||||
tap.test('Route Utils - IP Matching - wildcard IPs', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.*', '192.168.1.100')).toEqual(true);
|
||||
expect(routeUtils.matchIpPattern('192.168.1.*', '192.168.2.1')).toEqual(false);
|
||||
});
|
||||
|
||||
expect.it('should match CIDR notation', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.0/24', '192.168.1.100')).to.be.true;
|
||||
expect(routeUtils.matchIpPattern('192.168.1.0/24', '192.168.2.1')).to.be.false;
|
||||
});
|
||||
tap.test('Route Utils - IP Matching - CIDR notation', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.0/24', '192.168.1.100')).toEqual(true);
|
||||
expect(routeUtils.matchIpPattern('192.168.1.0/24', '192.168.2.1')).toEqual(false);
|
||||
});
|
||||
|
||||
expect.it('should handle IPv6-mapped IPv4 addresses', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.1', '::ffff:192.168.1.1')).to.be.true;
|
||||
});
|
||||
tap.test('Route Utils - IP Matching - IPv6-mapped IPv4 addresses', async () => {
|
||||
expect(routeUtils.matchIpPattern('192.168.1.1', '::ffff:192.168.1.1')).toEqual(true);
|
||||
});
|
||||
|
||||
expect.it('should correctly authorize IPs based on allow/block lists', async () => {
|
||||
// With allow and block lists
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', ['192.168.1.*'], ['192.168.1.5'])).to.be.true;
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.5', ['192.168.1.*'], ['192.168.1.5'])).to.be.false;
|
||||
|
||||
// With only allow list
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', ['192.168.1.*'])).to.be.true;
|
||||
expect(routeUtils.isIpAuthorized('192.168.2.1', ['192.168.1.*'])).to.be.false;
|
||||
|
||||
// With only block list
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.5', undefined, ['192.168.1.5'])).to.be.false;
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', undefined, ['192.168.1.5'])).to.be.true;
|
||||
|
||||
// With wildcard in allow list
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', ['*'], ['192.168.1.5'])).to.be.true;
|
||||
});
|
||||
tap.test('Route Utils - IP Matching - IP authorization with allow/block lists', async () => {
|
||||
// With allow and block lists
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', ['192.168.1.*'], ['192.168.1.5'])).toEqual(true);
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.5', ['192.168.1.*'], ['192.168.1.5'])).toEqual(false);
|
||||
|
||||
// With only allow list
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', ['192.168.1.*'])).toEqual(true);
|
||||
expect(routeUtils.isIpAuthorized('192.168.2.1', ['192.168.1.*'])).toEqual(false);
|
||||
|
||||
// With only block list
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.5', undefined, ['192.168.1.5'])).toEqual(false);
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', undefined, ['192.168.1.5'])).toEqual(true);
|
||||
|
||||
// With wildcard in allow list
|
||||
expect(routeUtils.isIpAuthorized('192.168.1.1', ['*'], ['192.168.1.5'])).toEqual(true);
|
||||
});
|
||||
|
||||
// Test route specificity calculation
|
||||
expect.describe('Route Utils - Route Specificity', async () => {
|
||||
expect.it('should calculate route specificity correctly', async () => {
|
||||
const basicRoute = { domains: 'example.com' };
|
||||
const pathRoute = { domains: 'example.com', path: '/api' };
|
||||
const wildcardPathRoute = { domains: 'example.com', path: '/api/*' };
|
||||
const headerRoute = { domains: 'example.com', headers: { 'content-type': 'application/json' } };
|
||||
const complexRoute = {
|
||||
domains: 'example.com',
|
||||
path: '/api',
|
||||
headers: { 'content-type': 'application/json' },
|
||||
clientIp: ['192.168.1.1']
|
||||
};
|
||||
|
||||
// Path routes should have higher specificity than domain-only routes
|
||||
expect(routeUtils.calculateRouteSpecificity(pathRoute))
|
||||
.to.be.greaterThan(routeUtils.calculateRouteSpecificity(basicRoute));
|
||||
|
||||
// Exact path routes should have higher specificity than wildcard path routes
|
||||
expect(routeUtils.calculateRouteSpecificity(pathRoute))
|
||||
.to.be.greaterThan(routeUtils.calculateRouteSpecificity(wildcardPathRoute));
|
||||
|
||||
// Routes with headers should have higher specificity than routes without
|
||||
expect(routeUtils.calculateRouteSpecificity(headerRoute))
|
||||
.to.be.greaterThan(routeUtils.calculateRouteSpecificity(basicRoute));
|
||||
|
||||
// Complex routes should have the highest specificity
|
||||
expect(routeUtils.calculateRouteSpecificity(complexRoute))
|
||||
.to.be.greaterThan(routeUtils.calculateRouteSpecificity(pathRoute));
|
||||
expect(routeUtils.calculateRouteSpecificity(complexRoute))
|
||||
.to.be.greaterThan(routeUtils.calculateRouteSpecificity(headerRoute));
|
||||
});
|
||||
});
|
||||
tap.test('Route Utils - Route Specificity - calculating correctly', async () => {
|
||||
const basicRoute = { domains: 'example.com' };
|
||||
const pathRoute = { domains: 'example.com', path: '/api' };
|
||||
const wildcardPathRoute = { domains: 'example.com', path: '/api/*' };
|
||||
const headerRoute = { domains: 'example.com', headers: { 'content-type': 'application/json' } };
|
||||
const complexRoute = {
|
||||
domains: 'example.com',
|
||||
path: '/api',
|
||||
headers: { 'content-type': 'application/json' },
|
||||
clientIp: ['192.168.1.1']
|
||||
};
|
||||
|
||||
// Path routes should have higher specificity than domain-only routes
|
||||
expect(routeUtils.calculateRouteSpecificity(pathRoute) >
|
||||
routeUtils.calculateRouteSpecificity(basicRoute)).toEqual(true);
|
||||
|
||||
// Exact path routes should have higher specificity than wildcard path routes
|
||||
expect(routeUtils.calculateRouteSpecificity(pathRoute) >
|
||||
routeUtils.calculateRouteSpecificity(wildcardPathRoute)).toEqual(true);
|
||||
|
||||
// Routes with headers should have higher specificity than routes without
|
||||
expect(routeUtils.calculateRouteSpecificity(headerRoute) >
|
||||
routeUtils.calculateRouteSpecificity(basicRoute)).toEqual(true);
|
||||
|
||||
// Complex routes should have the highest specificity
|
||||
expect(routeUtils.calculateRouteSpecificity(complexRoute) >
|
||||
routeUtils.calculateRouteSpecificity(pathRoute)).toEqual(true);
|
||||
expect(routeUtils.calculateRouteSpecificity(complexRoute) >
|
||||
routeUtils.calculateRouteSpecificity(headerRoute)).toEqual(true);
|
||||
});
|
||||
|
||||
export default tap.start();
|
||||
Reference in New Issue
Block a user