Skip to content

Commit

Permalink
feat: improve the e2e test of referer-restriction plugin (#976)
Browse files Browse the repository at this point in the history
  • Loading branch information
Chever-John authored May 10, 2022
1 parent 795be22 commit 1899d90
Showing 1 changed file with 123 additions and 4 deletions.
127 changes: 123 additions & 4 deletions test/e2e/suite-plugins/referer-restriction.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ var _ = ginkgo.Describe("suite-plugins: referer-restriction plugin", func() {
APISIXRouteVersion: "apisix.apache.org/v2beta3",
}
s := scaffold.NewScaffold(opts)
ginkgo.It("referer-restriction plugin configuration whitelist list", func() {
ginkgo.It("configure a access list", func() {
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2beta3
Expand Down Expand Up @@ -101,7 +101,126 @@ spec:
resp.Body().Contains("Your referer host is not allowed")
})

ginkgo.It("the bypass_missing field is true", func() {
ginkgo.It("configure a deny access list", func() {
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2beta3
kind: ApisixRoute
metadata:
name: httpbin-route
spec:
http:
- name: rule1
match:
hosts:
- httpbin.org
paths:
- /ip
backends:
- serviceName: %s
servicePort: %d
weight: 10
plugins:
- name: referer-restriction
enable: true
config:
blacklist:
- test.com
- "*.foo.com"
`, backendSvc, backendPorts[0])

assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))

err := s.EnsureNumApisixUpstreamsCreated(1)
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of upstreams")
err = s.EnsureNumApisixRoutesCreated(1)
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of routes")

// "Referer" match failed
resp := s.NewAPISIXClient().GET("/ip").
WithHeader("Host", "httpbin.org").
WithHeader("Referer", "http://test.com").
Expect()
resp.Status(http.StatusForbidden)
resp.Body().Contains("Your referer host is not allowed")

// "Referer" match passed
resp = s.NewAPISIXClient().GET("/ip").
WithHeader("Host", "httpbin.org").
WithHeader("Referer", "http://www.test.com").
Expect()
resp.Status(http.StatusOK)
resp.Body().Contains("origin")

// "Referer" match failed
resp = s.NewAPISIXClient().GET("/ip").
WithHeader("Host", "httpbin.org").
WithHeader("Referer", "http://www.foo.com").
Expect()
resp.Status(http.StatusForbidden)
resp.Body().Contains("Your referer host is not allowed")

// "Referer" is missing
resp = s.NewAPISIXClient().GET("/ip").
WithHeader("Host", "httpbin.org").
Expect()
resp.Status(http.StatusForbidden)
resp.Body().Contains("Your referer host is not allowed")
})

ginkgo.It("customize return message", func() {
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2beta3
kind: ApisixRoute
metadata:
name: httpbin-route
spec:
http:
- name: rule1
match:
hosts:
- httpbin.org
paths:
- /ip
backends:
- serviceName: %s
servicePort: %d
weight: 10
plugins:
- name: referer-restriction
enable: true
config:
whitelist:
- test.com
- "*.foo.com"
message: "You can customize the message any way you like"
`, backendSvc, backendPorts[0])

assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))

err := s.EnsureNumApisixUpstreamsCreated(1)
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of upstreams")
err = s.EnsureNumApisixRoutesCreated(1)
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of routes")

// "Referer" match failed
resp := s.NewAPISIXClient().GET("/ip").
WithHeader("Host", "httpbin.org").
WithHeader("Referer", "http://www.test.com").
Expect()
resp.Status(http.StatusForbidden)
resp.Body().Contains("You can customize the message any way you like")

// "Referer" is missing
resp = s.NewAPISIXClient().GET("/ip").
WithHeader("Host", "httpbin.org").
Expect()
resp.Status(http.StatusForbidden)
resp.Body().Contains("You can customize the message any way you like")
})

ginkgo.It("configure bypass_missing field to true", func() {
backendSvc, backendPorts := s.DefaultHTTPBackend()
ar := fmt.Sprintf(`
apiVersion: apisix.apache.org/v2beta3
Expand Down Expand Up @@ -132,9 +251,9 @@ spec:
assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar))

err := s.EnsureNumApisixUpstreamsCreated(1)
assert.Nil(ginkgo.GinkgoT(), err, "Checking number of upstreams")
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of upstreams")
err = s.EnsureNumApisixRoutesCreated(1)
assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes")
assert.Nil(ginkgo.GinkgoT(), err, "Checking the number of routes")

// "Referer" is missing
resp := s.NewAPISIXClient().GET("/ip").WithHeader("Host", "httpbin.org").Expect()
Expand Down

0 comments on commit 1899d90

Please sign in to comment.