1
0
mirror of https://github.com/tonarino/innernet.git synced 2025-01-10 04:19:31 +02:00

server: addd ipv6 tests as feature flag alongside ipv4

This commit is contained in:
Jake McGinty 2021-09-05 23:44:55 +09:00
parent 9c5380c7f8
commit 22203e63d0
5 changed files with 92 additions and 22 deletions

View File

@ -47,6 +47,11 @@ jobs:
with: with:
command: test command: test
args: --verbose args: --verbose
- name: Test (IPv6)
uses: actions-rs/cargo@v1
with:
command: test
args: --features v6-test --verbose
- name: Clippy - name: Clippy
uses: actions-rs/cargo@v1 uses: actions-rs/cargo@v1
with: with:

View File

@ -12,6 +12,9 @@ version = "1.4.1"
name = "innernet-server" name = "innernet-server"
path = "src/main.rs" path = "src/main.rs"
[features]
v6-test = []
[dependencies] [dependencies]
anyhow = "1" anyhow = "1"
bytes = "1" bytes = "1"

View File

@ -103,7 +103,11 @@ mod tests {
let old_peers = DatabasePeer::list(&server.db().lock())?; let old_peers = DatabasePeer::list(&server.db().lock())?;
let peer = test::developer_peer_contents("developer3", "10.80.64.4")?; let peer = if cfg!(feature = "v6-test") {
test::developer_peer_contents("developer3", "fd00:1337::2:0:0:3")?
} else {
test::developer_peer_contents("developer3", "10.80.64.4")?
};
let res = server let res = server
.form_request(test::ADMIN_PEER_IP, "POST", "/v1/admin/peers", &peer) .form_request(test::ADMIN_PEER_IP, "POST", "/v1/admin/peers", &peer)

View File

@ -651,8 +651,13 @@ mod tests {
async fn test_with_session_disguised_with_headers() -> Result<(), Error> { async fn test_with_session_disguised_with_headers() -> Result<(), Error> {
let server = test::Server::new()?; let server = test::Server::new()?;
let path = if cfg!(feature = "v6-test") {
format!("http://[{}]/v1/admin/peers", test::WG_MANAGE_PEER_IP)
} else {
format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)
};
let req = Request::builder() let req = Request::builder()
.uri(format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)) .uri(path)
.header("Forwarded", format!("for={}", test::ADMIN_PEER_IP)) .header("Forwarded", format!("for={}", test::ADMIN_PEER_IP))
.header("X-Forwarded-For", test::ADMIN_PEER_IP) .header("X-Forwarded-For", test::ADMIN_PEER_IP)
.header("X-Real-IP", test::ADMIN_PEER_IP) .header("X-Real-IP", test::ADMIN_PEER_IP)
@ -660,7 +665,11 @@ mod tests {
.unwrap(); .unwrap();
// Request from an unknown IP, trying to disguise as an admin using HTTP headers. // Request from an unknown IP, trying to disguise as an admin using HTTP headers.
let res = server.raw_request("10.80.80.80", req).await; let res = if cfg!(feature = "v6-test") {
server.raw_request("fd00:1337::1337", req).await
} else {
server.raw_request("10.80.80.80", req).await
};
// addr::remote() filter only look at remote_addr from TCP socket. // addr::remote() filter only look at remote_addr from TCP socket.
// HTTP headers are not considered. This also means that innernet // HTTP headers are not considered. This also means that innernet
@ -676,13 +685,22 @@ mod tests {
let key = Key::generate_private().generate_public(); let key = Key::generate_private().generate_public();
let path = if cfg!(feature = "v6-test") {
format!("http://[{}]/v1/admin/peers", test::WG_MANAGE_PEER_IP)
} else {
format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)
};
// Request from an unknown IP, trying to disguise as an admin using HTTP headers. // Request from an unknown IP, trying to disguise as an admin using HTTP headers.
let req = Request::builder() let req = Request::builder()
.uri(format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)) .uri(path)
.header(shared::INNERNET_PUBKEY_HEADER, key.to_base64()) .header(shared::INNERNET_PUBKEY_HEADER, key.to_base64())
.body(Body::empty()) .body(Body::empty())
.unwrap(); .unwrap();
let res = server.raw_request("10.80.80.80", req).await; let res = if cfg!(feature = "v6-test") {
server.raw_request("fd00:1337::1337", req).await
} else {
server.raw_request("10.80.80.80", req).await
};
// addr::remote() filter only look at remote_addr from TCP socket. // addr::remote() filter only look at remote_addr from TCP socket.
// HTTP headers are not considered. This also means that innernet // HTTP headers are not considered. This also means that innernet
@ -696,12 +714,21 @@ mod tests {
async fn test_unparseable_public_key() -> Result<(), Error> { async fn test_unparseable_public_key() -> Result<(), Error> {
let server = test::Server::new()?; let server = test::Server::new()?;
let path = if cfg!(feature = "v6-test") {
format!("http://[{}]/v1/admin/peers", test::WG_MANAGE_PEER_IP)
} else {
format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)
};
let req = Request::builder() let req = Request::builder()
.uri(format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)) .uri(path)
.header(shared::INNERNET_PUBKEY_HEADER, "!!!") .header(shared::INNERNET_PUBKEY_HEADER, "!!!")
.body(Body::empty()) .body(Body::empty())
.unwrap(); .unwrap();
let res = server.raw_request("10.80.80.80", req).await; let res = if cfg!(feature = "v6-test") {
server.raw_request("fd00:1337::1337", req).await
} else {
server.raw_request("10.80.80.80", req).await
};
// addr::remote() filter only look at remote_addr from TCP socket. // addr::remote() filter only look at remote_addr from TCP socket.
// HTTP headers are not considered. This also means that innernet // HTTP headers are not considered. This also means that innernet

View File

@ -14,21 +14,47 @@ use std::{collections::HashMap, net::SocketAddr, path::PathBuf, sync::Arc};
use tempfile::TempDir; use tempfile::TempDir;
use wgctrl::{Backend, InterfaceName, Key, KeyPair}; use wgctrl::{Backend, InterfaceName, Key, KeyPair};
pub const ROOT_CIDR: &str = "10.80.0.0/15"; #[cfg(not(feature = "v6-test"))]
pub const SERVER_CIDR: &str = "10.80.0.1/32"; mod v4 {
pub const ADMIN_CIDR: &str = "10.80.1.0/24"; pub const ROOT_CIDR: &str = "10.80.0.0/15";
pub const DEVELOPER_CIDR: &str = "10.80.64.0/24"; pub const SERVER_CIDR: &str = "10.80.0.1/32";
pub const USER_CIDR: &str = "10.80.128.0/17"; pub const ADMIN_CIDR: &str = "10.80.1.0/24";
pub const EXPERIMENTAL_CIDR: &str = "10.81.0.0/16"; pub const DEVELOPER_CIDR: &str = "10.80.64.0/24";
pub const EXPERIMENTAL_SUBCIDR: &str = "10.81.0.0/17"; pub const USER_CIDR: &str = "10.80.128.0/17";
pub const EXPERIMENTAL_CIDR: &str = "10.81.0.0/16";
pub const EXPERIMENTAL_SUBCIDR: &str = "10.81.0.0/17";
pub const ADMIN_PEER_IP: &str = "10.80.1.1"; pub const ADMIN_PEER_IP: &str = "10.80.1.1";
pub const WG_MANAGE_PEER_IP: &str = "10.80.1.1"; pub const WG_MANAGE_PEER_IP: &str = ADMIN_PEER_IP;
pub const DEVELOPER1_PEER_IP: &str = "10.80.64.2"; pub const DEVELOPER1_PEER_IP: &str = "10.80.64.2";
pub const DEVELOPER2_PEER_IP: &str = "10.80.64.3"; pub const DEVELOPER2_PEER_IP: &str = "10.80.64.3";
pub const USER1_PEER_IP: &str = "10.80.128.2"; pub const USER1_PEER_IP: &str = "10.80.128.2";
pub const USER2_PEER_IP: &str = "10.80.129.2"; pub const USER2_PEER_IP: &str = "10.80.129.2";
pub const EXPERIMENT_SUBCIDR_PEER_IP: &str = "10.81.0.1"; pub const EXPERIMENT_SUBCIDR_PEER_IP: &str = "10.81.0.1";
}
#[cfg(not(feature = "v6-test"))]
pub use v4::*;
#[cfg(feature = "v6-test")]
mod v6 {
pub const ROOT_CIDR: &str = "fd00:1337::/64";
pub const SERVER_CIDR: &str = "fd00:1337::1/128";
pub const ADMIN_CIDR: &str = "fd00:1337::1:0:0:0/80";
pub const DEVELOPER_CIDR: &str = "fd00:1337::2:0:0:0/80";
pub const USER_CIDR: &str = "fd00:1337::3:0:0:0/80";
pub const EXPERIMENTAL_CIDR: &str = "fd00:1337::4:0:0:0/80";
pub const EXPERIMENTAL_SUBCIDR: &str = "fd00:1337::4:0:0:0/81";
pub const ADMIN_PEER_IP: &str = "fd00:1337::1:0:0:1";
pub const WG_MANAGE_PEER_IP: &str = ADMIN_PEER_IP;
pub const DEVELOPER1_PEER_IP: &str = "fd00:1337::2:0:0:1";
pub const DEVELOPER2_PEER_IP: &str = "fd00:1337::2:0:0:2";
pub const USER1_PEER_IP: &str = "fd00:1337::3:0:0:1";
pub const USER2_PEER_IP: &str = "fd00:1337::3:0:0:2";
pub const EXPERIMENT_SUBCIDR_PEER_IP: &str = "fd00:1337::4:0:0:1";
}
#[cfg(feature = "v6-test")]
pub use v6::*;
pub const ROOT_CIDR_ID: i64 = 1; pub const ROOT_CIDR_ID: i64 = 1;
pub const INFRA_CIDR_ID: i64 = 2; pub const INFRA_CIDR_ID: i64 = 2;
@ -160,8 +186,13 @@ impl Server {
} }
fn base_request_builder(&self, verb: &str, path: &str) -> http::request::Builder { fn base_request_builder(&self, verb: &str, path: &str) -> http::request::Builder {
let path = if cfg!(feature = "v6-test") {
format!("http://[{}]{}", WG_MANAGE_PEER_IP, path)
} else {
format!("http://{}{}", WG_MANAGE_PEER_IP, path)
};
Request::builder() Request::builder()
.uri(format!("http://{}{}", WG_MANAGE_PEER_IP, path)) .uri(path)
.method(verb) .method(verb)
.header( .header(
shared::INNERNET_PUBKEY_HEADER, shared::INNERNET_PUBKEY_HEADER,