vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 03:20:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: Update TestPublicURLDetectionUsesForwardedHeaders for proxy hardening

Browse source 
The test was failing after commit d6cbfc23 added security hardening
that requires authentication and trusted proxy configuration for
X-Forwarded-* headers to be read during public URL detection.

- Add API token authentication to the test request
- Configure 127.0.0.1 as trusted proxy for the test
- Add export_test.go with ResetTrustedProxyConfigForTests() to allow
  external tests to reset the trusted proxy configuration
This commit is contained in:
rcourtman 2025-12-02 03:16:52 +00:00
parent 3a38e4abf7
commit e248f2b895
2 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/api/export_test.go Normal file
View file

@ -0,0 +1,10 @@
package api
import "sync"
// ResetTrustedProxyConfigForTests resets the trusted proxy configuration.
// This must be called after setting PULSE_TRUSTED_PROXY_CIDRS env var.
func ResetTrustedProxyConfigForTests() {
trustedProxyCIDRs = nil
trustedProxyOnce = sync.Once{}
}

17
internal/api/router_integration_test.go
View file

@ -784,7 +784,21 @@ func TestSessionCookieAllowsAuthenticatedAccess(t *testing.T) {
}
func TestPublicURLDetectionUsesForwardedHeaders(t *testing.T) {
srv := newIntegrationServer(t)
const apiToken = "public-url-detection-token-12345"
// Configure 127.0.0.1 as trusted proxy so X-Forwarded-* headers are read
t.Setenv("PULSE_TRUSTED_PROXY_CIDRS", "127.0.0.1/32")
api.ResetTrustedProxyConfigForTests()
srv := newIntegrationServerWithConfig(t, func(cfg *config.Config) {
cfg.APITokenEnabled = true
record, err := config.NewAPITokenRecord(apiToken, "Public URL detection test", nil)
if err != nil {
t.Fatalf("create API token record: %v", err)
}
cfg.APITokens = []config.APITokenRecord{*record}
cfg.SortAPITokens()
})
req, err := http.NewRequest(http.MethodGet, srv.server.URL+"/api/health", nil)
if err != nil {
@ -793,6 +807,7 @@ func TestPublicURLDetectionUsesForwardedHeaders(t *testing.T) {
req.Header.Set("X-Forwarded-Proto", "https")
req.Header.Set("X-Forwarded-Host", "pulse.example.com")
req.Header.Set("X-Forwarded-Port", "8443")
req.Header.Set("X-API-Token", apiToken)
res, err := srv.server.Client().Do(req)
if err != nil {