From 8169a40c2c48252b3973f9f08f651890035430e1 Mon Sep 17 00:00:00 2001
From: Aaron Hurt <ahurt@anbcs.com>
Date: Mon, 12 Feb 2018 23:16:54 -0600
Subject: [PATCH] add test cases for http request parsing

---
 route/access_rules_test.go | 68 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/route/access_rules_test.go b/route/access_rules_test.go
index ced406edb..1c9b3f4f9 100644
--- a/route/access_rules_test.go
+++ b/route/access_rules_test.go
@@ -2,6 +2,7 @@ package route
 
 import (
 	"net"
+	"net/http"
 	"testing"
 )
 
@@ -105,3 +106,70 @@ func TestAccessRules_denyByIP(t *testing.T) {
 		})
 	}
 }
+
+func TestAccessRules_AccessDeniedHTTP(t *testing.T) {
+	req, _ := http.NewRequest("GET", "http://example.com/", nil)
+	tests := []struct {
+		desc   string
+		target *Target
+		xff    string
+		remote string
+		denied bool
+	}{
+		{
+			desc: "AccessDeniedHTTPwithDeniedXFFandAllowedRemote",
+			target: &Target{
+				Opts: map[string]string{"allow": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
+			},
+			xff:    "1.1.1.2, 10.11.12.13, 10.11.12.14",
+			remote: "10.11.12.1:65500",
+			denied: true,
+		},
+		{
+			desc: "AccessDeniedHTTPwithAllowedXFFandDeniedRemote",
+			target: &Target{
+				Opts: map[string]string{"allow": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
+			},
+			xff:    "10.11.12.13, 1.2.3.4",
+			remote: "1.1.1.2:65500",
+			denied: true,
+		},
+		{
+			desc: "AccessDeniedHTTPwitAllowedXFFandAllowedRemote",
+			target: &Target{
+				Opts: map[string]string{"allow": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
+			},
+			xff:    "10.11.12.13, 1.2.3.4",
+			remote: "192.168.0.12:65500",
+			denied: false,
+		},
+		{
+			desc: "AccessDeniedHTTPwithDeniedXFFandDeniedRemote",
+			target: &Target{
+				Opts: map[string]string{"allow": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
+			},
+			xff:    "1.2.3.4, 10.11.12.13, 10.11.12.14",
+			remote: "200.17.18.20:65500",
+			denied: true,
+		},
+	}
+
+	for i, tt := range tests {
+		tt := tt // capture loop var
+
+		req.Header = http.Header{"X-Forwarded-For": []string{tt.xff}}
+		req.RemoteAddr = tt.remote
+
+		t.Run(tt.desc, func(t *testing.T) {
+			if err := tt.target.processAccessRules(); err != nil {
+				t.Errorf("%d: %s - failed to process access rules: %s",
+					i, tt.desc, err.Error())
+			}
+			if deny := tt.target.AccessDeniedHTTP(req); deny != tt.denied {
+				t.Errorf("%d: %s\ngot denied: %t\nwant denied: %t\n",
+					i, tt.desc, deny, tt.denied)
+				return
+			}
+		})
+	}
+}