feat: re introduce IpWhitelist middleware as deprecated

2024-01-11 10:40:06 +01:00 · 2024-01-11 10:40:06 +01:00 · ff7966f9cd
commit ff7966f9cd
parent 3bbc560283
38 changed files with 1314 additions and 200 deletions
--- a/integration/simple_test.go
+++ b/integration/simple_test.go
@ -483,6 +483,69 @@ func (s *SimpleSuite) TestIPStrategyAllowlist() {
 	}
 }

+func (s *SimpleSuite) TestIPStrategyWhitelist() {
+	s.createComposeProject("whitelist")
+
+	s.composeUp()
+	defer s.composeDown()
+
+	s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
+
+	err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override"))
+	require.NoError(s.T(), err)
+
+	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local"))
+	require.NoError(s.T(), err)
+
+	testCases := []struct {
+		desc               string
+		xForwardedFor      string
+		host               string
+		expectedStatusCode int
+	}{
+		{
+			desc:               "override remote addr reject",
+			xForwardedFor:      "8.8.8.8,8.8.8.8",
+			host:               "override.remoteaddr.whitelist.docker.local",
+			expectedStatusCode: 403,
+		},
+		{
+			desc:               "override depth accept",
+			xForwardedFor:      "8.8.8.8,10.0.0.1,127.0.0.1",
+			host:               "override.depth.whitelist.docker.local",
+			expectedStatusCode: 200,
+		},
+		{
+			desc:               "override depth reject",
+			xForwardedFor:      "10.0.0.1,8.8.8.8,127.0.0.1",
+			host:               "override.depth.whitelist.docker.local",
+			expectedStatusCode: 403,
+		},
+		{
+			desc:               "override excludedIPs reject",
+			xForwardedFor:      "10.0.0.3,10.0.0.1,10.0.0.2",
+			host:               "override.excludedips.whitelist.docker.local",
+			expectedStatusCode: 403,
+		},
+		{
+			desc:               "override excludedIPs accept",
+			xForwardedFor:      "8.8.8.8,10.0.0.1,10.0.0.2",
+			host:               "override.excludedips.whitelist.docker.local",
+			expectedStatusCode: 200,
+		},
+	}
+
+	for _, test := range testCases {
+		req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
+		req.Header.Set("X-Forwarded-For", test.xForwardedFor)
+		req.Host = test.host
+		req.RequestURI = ""
+
+		err = try.Request(req, 1*time.Second, try.StatusCodeIs(test.expectedStatusCode))
+		require.NoErrorf(s.T(), err, "Error during %s: %v", test.desc, err)
+	}
+}
+
 func (s *SimpleSuite) TestXForwardedHeaders() {
 	s.createComposeProject("allowlist")