From c2f4994c20072c11d407d506e7416e2c609d0ca3 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Wed, 13 Oct 2021 17:08:30 +0200 Subject: server: add a reverse proxy endpoint --- tests/Makefile.am | 5 +- tests/reverse-proxy-502.scm | 62 +++++++++++++++++++ tests/reverse-proxy-anonymous.scm | 124 +++++++++++++++++++++++++++++++++++++ tests/reverse-proxy.scm | 125 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 315 insertions(+), 1 deletion(-) create mode 100644 tests/reverse-proxy-502.scm create mode 100644 tests/reverse-proxy-anonymous.scm create mode 100644 tests/reverse-proxy.scm (limited to 'tests') diff --git a/tests/Makefile.am b/tests/Makefile.am index 2f5c1d6..8cc262b 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -66,7 +66,10 @@ TESTS = %reldir%/load-library.scm \ %reldir%/crud.scm \ %reldir%/preconditions.scm \ %reldir%/xml-keys.scm \ - %reldir%/xml-accounts.scm + %reldir%/xml-accounts.scm \ + %reldir%/reverse-proxy.scm \ + %reldir%/reverse-proxy-502.scm \ + %reldir%/reverse-proxy-anonymous.scm EXTRA_DIST += $(TESTS) %reldir%/ChangeLog diff --git a/tests/reverse-proxy-502.scm b/tests/reverse-proxy-502.scm new file mode 100644 index 0000000..22ef269 --- /dev/null +++ b/tests/reverse-proxy-502.scm @@ -0,0 +1,62 @@ +;; disfluid, implementation of the Solid specification +;; Copyright (C) 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see . + +(define-module (tests reverse-proxy-502) + #:use-module (webid-oidc server endpoint) + #:use-module (webid-oidc server endpoint reverse-proxy) + #:use-module (webid-oidc testing) + #:use-module (webid-oidc offloading) + #:use-module ((webid-oidc parameters) #:prefix p:) + #:use-module (oop goops) + #:use-module (web server) + #:use-module (web request) + #:use-module (web response) + #:use-module (web uri) + #:use-module (ice-9 match) + #:use-module (ice-9 receive) + #:use-module (srfi srfi-26) + #:use-module (rnrs bytevectors) + #:declarative? #t + #:duplicates (merge-generics)) + +(with-test-environment + "reverse-proxy-502" + (lambda () + (parameterize + ((p:current-date 0) + (open-socket-for-uri + (lambda _ + (error "This failed.")))) + (with-threads + (let ((reverse-proxy + (make + #:backend-uri (string->uri "https://example.com") + #:authentication-header 'test)) + (request + (build-request + (string->uri "https://example.com") + #:headers '((content-type text/plain) + (test . "https://attack.com/profile/card#me")) + #:meta `((user . ,(string->uri "https://example.com/profile/card#me"))))) + (request-body (string->utf8 "Hello, world!"))) + (receive (response response-body response-meta) + (handle reverse-proxy request request-body) + (unless (eqv? (response-code response) 502) + (exit 1)) + (primitive-exit 0)))) + (sleep 120) + (format (current-error-port) "Test timeout.\n") + (exit 2)))) diff --git a/tests/reverse-proxy-anonymous.scm b/tests/reverse-proxy-anonymous.scm new file mode 100644 index 0000000..34e113d --- /dev/null +++ b/tests/reverse-proxy-anonymous.scm @@ -0,0 +1,124 @@ +;; disfluid, implementation of the Solid specification +;; Copyright (C) 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see . + +(define-module (tests reverse-proxy-anonymous) + #:use-module (webid-oidc server endpoint) + #:use-module (webid-oidc server endpoint reverse-proxy) + #:use-module (webid-oidc testing) + #:use-module (webid-oidc offloading) + #:use-module ((webid-oidc parameters) #:prefix p:) + #:use-module (oop goops) + #:use-module (web server) + #:use-module (web request) + #:use-module (web response) + #:use-module (web uri) + #:use-module (ice-9 match) + #:use-module (ice-9 receive) + #:use-module (srfi srfi-26) + #:use-module (rnrs bytevectors) + #:declarative? #t + #:duplicates (merge-generics)) + +(with-test-environment + "reverse-proxy-anonymous" + (lambda () + (define request-characters-reversed '()) + (define (push-char c) + (set! request-characters-reversed + `(,c ,@request-characters-reversed))) + (define (push-string str) + (for-each push-char (string->list str))) + (define chars-to-read + (string->list + (call-with-output-string + (lambda (port) + (let ((updated + (write-response (build-response + #:headers '((content-type text/plain))) + port))) + (write-response-body updated (string->utf8 "Hello!"))))))) + (parameterize + ((p:current-date 0) + (open-socket-for-uri + (lambda _ + (make-soft-port + (vector + ;; Request character is written: + push-char + ;; Request string is written: + push-string + ;; Flushing output: + (lambda () #t) + ;; Get one character: + (lambda () + (match chars-to-read + ((next rest ...) + (set! chars-to-read rest) + next) + (else + (call-with-input-string "" read)))) ;; EOF + ;; Close the port: + (lambda () #t)) + "rw")))) + (with-threads + (let ((reverse-proxy + (make + #:backend-uri (string->uri "https://example.com") + #:authentication-header 'test)) + (request + (build-request + (string->uri "https://example.com") + #:headers '((content-type text/plain) + (test . "https://attack.com/profile/card#me")) + #:meta '())) + (request-body (string->utf8 "Hello, world!"))) + (receive (response response-body response-meta) + (handle reverse-proxy request request-body) + (unless (eqv? (response-code response) 200) + (exit 1)) + (let ((request-read + (list->string (reverse request-characters-reversed))) + (expected-request + (call-with-output-string + (lambda (port) + (write-request-body + (write-request + (build-request + (string->uri "https://example.com") + #:headers '((host . ("example.com" . #f)) + (content-type text/plain))) + port) + request-body))))) + (unless (equal? request-read expected-request) + (format (current-error-port) "Expected request: +~s +Actual request: +~s +" + expected-request request-read) + (exit 2))) + (set! response-body + (read-response-body response)) + (unless (null? chars-to-read) + (format (current-error-port) "Remaining chars to read: ~s\n" + (list->string chars-to-read)) + (exit 3)) + (unless (equal? response-body (string->utf8 "Hello!")) + (exit 4)) + (primitive-exit 0)))) + (sleep 120) + (format (current-error-port) "Test timeout.\n") + (exit 5)))) diff --git a/tests/reverse-proxy.scm b/tests/reverse-proxy.scm new file mode 100644 index 0000000..da074ff --- /dev/null +++ b/tests/reverse-proxy.scm @@ -0,0 +1,125 @@ +;; disfluid, implementation of the Solid specification +;; Copyright (C) 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see . + +(define-module (tests reverse-proxy) + #:use-module (webid-oidc server endpoint) + #:use-module (webid-oidc server endpoint reverse-proxy) + #:use-module (webid-oidc testing) + #:use-module (webid-oidc offloading) + #:use-module ((webid-oidc parameters) #:prefix p:) + #:use-module (oop goops) + #:use-module (web server) + #:use-module (web request) + #:use-module (web response) + #:use-module (web uri) + #:use-module (ice-9 match) + #:use-module (ice-9 receive) + #:use-module (srfi srfi-26) + #:use-module (rnrs bytevectors) + #:declarative? #t + #:duplicates (merge-generics)) + +(with-test-environment + "reverse-proxy" + (lambda () + (define request-characters-reversed '()) + (define (push-char c) + (set! request-characters-reversed + `(,c ,@request-characters-reversed))) + (define (push-string str) + (for-each push-char (string->list str))) + (define chars-to-read + (string->list + (call-with-output-string + (lambda (port) + (let ((updated + (write-response (build-response + #:headers '((content-type text/plain))) + port))) + (write-response-body updated (string->utf8 "Hello!"))))))) + (parameterize + ((p:current-date 0) + (open-socket-for-uri + (lambda _ + (make-soft-port + (vector + ;; Request character is written: + push-char + ;; Request string is written: + push-string + ;; Flushing output: + (lambda () #t) + ;; Get one character: + (lambda () + (match chars-to-read + ((next rest ...) + (set! chars-to-read rest) + next) + (else + (call-with-input-string "" read)))) ;; EOF + ;; Close the port: + (lambda () #t)) + "rw")))) + (with-threads + (let ((reverse-proxy + (make + #:backend-uri (string->uri "https://example.com") + #:authentication-header 'test)) + (request + (build-request + (string->uri "https://example.com") + #:headers '((content-type text/plain) + (test . "https://attack.com/profile/card#me")) + #:meta `((user . ,(string->uri "https://example.com/profile/card#me"))))) + (request-body (string->utf8 "Hello, world!"))) + (receive (response response-body response-meta) + (handle reverse-proxy request request-body) + (unless (eqv? (response-code response) 200) + (exit 1)) + (let ((request-read + (list->string (reverse request-characters-reversed))) + (expected-request + (call-with-output-string + (lambda (port) + (write-request-body + (write-request + (build-request + (string->uri "https://example.com") + #:headers '((test . "https://example.com/profile/card#me") + (host . ("example.com" . #f)) + (content-type text/plain))) + port) + request-body))))) + (unless (equal? request-read expected-request) + (format (current-error-port) "Expected request: +~s +Actual request: +~s +" + expected-request request-read) + (exit 2))) + (set! response-body + (read-response-body response)) + (unless (null? chars-to-read) + (format (current-error-port) "Remaining chars to read: ~s\n" + (list->string chars-to-read)) + (exit 3)) + (unless (equal? response-body (string->utf8 "Hello!")) + (exit 4)) + (primitive-exit 0)))) + (sleep 120) + (format (current-error-port) "Test timeout.\n") + (exit 5)))) -- cgit v1.2.3