mirror of https://github.com/cloudreve/Cloudreve
Test: new changes in middleware pkg
HFO4
parent
e51c5cd70d
commit
a568e5e45a
|
|
@ -199,6 +199,7 @@ func QiniuCallbackAuth() gin.HandlerFunc {
|
|||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
if !ok {
|
||||
c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "回调签名无效"})
|
||||
c.Abort()
|
||||
|
|
@ -283,21 +284,6 @@ func OneDriveCallbackAuth() gin.HandlerFunc {
|
|||
}
|
||||
}
|
||||
|
||||
// S3CallbackAuth Amazon S3回调签名验证
|
||||
func S3CallbackAuth() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
//// 验证key并查找用户
|
||||
//resp, _ := uploadCallbackCheck(c)
|
||||
//if resp.Code != 0 {
|
||||
// c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
|
||||
// c.Abort()
|
||||
// return
|
||||
//}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// IsAdmin 必须为管理员用户组
|
||||
func IsAdmin() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
|
|
|
|||
|
|
@ -3,21 +3,24 @@ package middleware
|
|||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/cache"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/mq"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
|
||||
"github.com/qiniu/go-sdk/v7/auth/qbox"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/DATA-DOG/go-sqlmock"
|
||||
model "github.com/cloudreve/Cloudreve/v3/models"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/auth"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/cache"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
|
||||
"github.com/cloudreve/Cloudreve/v3/pkg/util"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/jinzhu/gorm"
|
||||
"github.com/qiniu/go-sdk/v7/auth/qbox"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
|
|
@ -223,19 +226,31 @@ func TestWebDAVAuth(t *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestRemoteCallbackAuth(t *testing.T) {
|
||||
func TestUseUploadSession(t *testing.T) {
|
||||
asserts := assert.New(t)
|
||||
rec := httptest.NewRecorder()
|
||||
AuthFunc := RemoteCallbackAuth()
|
||||
AuthFunc := UseUploadSession("local")
|
||||
|
||||
// sessionID 为空
|
||||
{
|
||||
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/sessionID", nil)
|
||||
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
||||
auth.SignRequest(authInstance, c.Request, 0)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackRemote",
|
||||
filesystem.UploadSessionCachePrefix+"testCallBackRemote",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 513,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{Type: "local"},
|
||||
},
|
||||
0,
|
||||
)
|
||||
|
|
@ -248,7 +263,7 @@ func TestRemoteCallbackAuth(t *testing.T) {
|
|||
WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackRemote"},
|
||||
{"sessionID", "testCallBackRemote"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
||||
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
||||
|
|
@ -257,80 +272,96 @@ func TestRemoteCallbackAuth(t *testing.T) {
|
|||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.False(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
||||
// Callback Key 不存在
|
||||
func TestUploadCallbackCheck(t *testing.T) {
|
||||
a := assert.New(t)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
// 上传会话不存在
|
||||
{
|
||||
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackRemote"},
|
||||
{"sessionID", "testSessionNotExist"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
||||
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
||||
auth.SignRequest(authInstance, c.Request, 0)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
res := uploadCallbackCheck(c, "local")
|
||||
a.Contains("上传会话不存在或已过期", res.Msg)
|
||||
}
|
||||
|
||||
// 上传策略不一致
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"sessionID", "testPolicyNotMatch"},
|
||||
}
|
||||
cache.Set(
|
||||
filesystem.UploadSessionCachePrefix+"testPolicyNotMatch",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{Type: "remote"},
|
||||
},
|
||||
0,
|
||||
)
|
||||
res := uploadCallbackCheck(c, "local")
|
||||
a.Contains("Policy not supported", res.Msg)
|
||||
}
|
||||
|
||||
// 用户不存在
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"sessionID", "testUserNotExist"},
|
||||
}
|
||||
cache.Set(
|
||||
"callback_testCallBackRemote",
|
||||
filesystem.UploadSessionCachePrefix+"testUserNotExist",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 550,
|
||||
UID: 313,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{Type: "remote"},
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}))
|
||||
res := uploadCallbackCheck(c, "remote")
|
||||
a.Contains("找不到用户", res.Msg)
|
||||
a.NoError(mock.ExpectationsWereMet())
|
||||
_, ok := cache.Get(filesystem.UploadSessionCachePrefix + "testUserNotExist")
|
||||
a.False(ok)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRemoteCallbackAuth(t *testing.T) {
|
||||
asserts := assert.New(t)
|
||||
rec := httptest.NewRecorder()
|
||||
AuthFunc := RemoteCallbackAuth()
|
||||
|
||||
// 成功
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackRemote"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{SecretKey: "123"},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
||||
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
||||
auth.SignRequest(authInstance, c.Request, 0)
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
asserts.False(c.IsAborted())
|
||||
}
|
||||
|
||||
// 签名错误
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackRemote",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 514,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[514]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackRemote"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{SecretKey: "123"},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// Callback Key 为空
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
|
@ -340,39 +371,17 @@ func TestQiniuCallbackAuth(t *testing.T) {
|
|||
rec := httptest.NewRecorder()
|
||||
AuthFunc := QiniuCallbackAuth()
|
||||
|
||||
// Callback Key 相关验证失败
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testQiniuBackRemote"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testQiniuBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackQiniu",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 515,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[515]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackQiniu"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackQiniu", nil)
|
||||
mac := qbox.NewMac("123", "123")
|
||||
token, err := mac.SignRequest(c.Request)
|
||||
|
|
@ -385,33 +394,21 @@ func TestQiniuCallbackAuth(t *testing.T) {
|
|||
|
||||
// 验证失败
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackQiniu",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 516,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[516]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackQiniu"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackQiniu", nil)
|
||||
mac := qbox.NewMac("123", "123")
|
||||
mac := qbox.NewMac("123", "1213")
|
||||
token, err := mac.SignRequest(c.Request)
|
||||
asserts.NoError(err)
|
||||
c.Request.Header["Authorization"] = []string{"QBox " + token + " "}
|
||||
c.Request.Header["Authorization"] = []string{"QBox " + token}
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
|
@ -421,76 +418,41 @@ func TestOSSCallbackAuth(t *testing.T) {
|
|||
rec := httptest.NewRecorder()
|
||||
AuthFunc := OSSCallbackAuth()
|
||||
|
||||
// Callback Key 相关验证失败
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testOSSBackRemote"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testQiniuBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 签名验证失败
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackOSS",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 517,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[517]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackOSS"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testCallBackOSS", nil)
|
||||
mac := qbox.NewMac("123", "123")
|
||||
token, err := mac.SignRequest(c.Request)
|
||||
asserts.NoError(err)
|
||||
c.Request.Header["Authorization"] = []string{"QBox " + token}
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 518,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[518]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH", ioutil.NopCloser(strings.NewReader(`{"name":"2f7b2ccf30e9270ea920f1ab8a4037a546a2f0d5.jpg","source_name":"1/1_hFRtDLgM_2f7b2ccf30e9270ea920f1ab8a4037a546a2f0d5.jpg","size":114020,"pic_info":"810,539"}`)))
|
||||
c.Request.Header["Authorization"] = []string{"e5LwzwTkP9AFAItT4YzvdJOHd0Y0wqTMWhsV/h5SG90JYGAmMd+8LQyj96R+9qUfJWjMt6suuUh7LaOryR87Dw=="}
|
||||
c.Request.Header["X-Oss-Pub-Key-Url"] = []string{"aHR0cHM6Ly9nb3NzcHVibGljLmFsaWNkbi5jb20vY2FsbGJhY2tfcHViX2tleV92MS5wZW0="}
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.False(c.IsAborted())
|
||||
}
|
||||
|
||||
|
|
@ -507,130 +469,71 @@ func TestUpyunCallbackAuth(t *testing.T) {
|
|||
rec := httptest.NewRecorder()
|
||||
AuthFunc := UpyunCallbackAuth()
|
||||
|
||||
// Callback Key 相关验证失败
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testUpyunBackRemote"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 无法获取请求正文
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 509,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[519]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(fakeRead("")))
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 正文MD5不一致
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 510,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[520]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
|
||||
c.Request.Header["Content-Md5"] = []string{"123"}
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 签名不一致
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 511,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[521]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
|
||||
c.Request.Header["Content-Md5"] = []string{"c4ca4238a0b923820dcc509a6f75849b"}
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 512,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[522]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
|
||||
c.Request.Header["Content-Md5"] = []string{"c4ca4238a0b923820dcc509a6f75849b"}
|
||||
c.Request.Header["Authorization"] = []string{"UPYUN 123:GWueK9x493BKFFk5gmfdO2Mn6EM="}
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.False(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
|
@ -640,87 +543,28 @@ func TestOneDriveCallbackAuth(t *testing.T) {
|
|||
rec := httptest.NewRecorder()
|
||||
AuthFunc := OneDriveCallbackAuth()
|
||||
|
||||
// Callback Key 相关验证失败
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testUpyunBackRemote"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 512,
|
||||
VirtualPath: "/",
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"sessionID", "TestOneDriveCallbackAuth"},
|
||||
}
|
||||
c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
|
||||
UID: 1,
|
||||
VirtualPath: "/",
|
||||
Policy: model.Policy{
|
||||
SecretKey: "123",
|
||||
AccessKey: "123",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[657]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
|
||||
})
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/TestOneDriveCallbackAuth", ioutil.NopCloser(strings.NewReader("1")))
|
||||
res := mq.GlobalMQ.Subscribe("TestOneDriveCallbackAuth", 1)
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.False(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
||||
func TestCOSCallbackAuth(t *testing.T) {
|
||||
asserts := assert.New(t)
|
||||
rec := httptest.NewRecorder()
|
||||
AuthFunc := COSCallbackAuth()
|
||||
|
||||
// Callback Key 相关验证失败
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testUpyunBackRemote"},
|
||||
select {
|
||||
case <-res:
|
||||
case <-time.After(time.Millisecond * 500):
|
||||
asserts.Fail("mq message should be published")
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 512,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
|
||||
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
|
||||
AuthFunc(c)
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
asserts.False(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
|
@ -759,46 +603,3 @@ func TestIsAdmin(t *testing.T) {
|
|||
asserts.False(c.IsAborted())
|
||||
}
|
||||
}
|
||||
|
||||
func TestS3CallbackAuth(t *testing.T) {
|
||||
asserts := assert.New(t)
|
||||
rec := httptest.NewRecorder()
|
||||
AuthFunc := S3CallbackAuth()
|
||||
|
||||
// Callback Key 相关验证失败
|
||||
{
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testUpyunBackRemote"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
|
||||
AuthFunc(c)
|
||||
asserts.True(c.IsAborted())
|
||||
}
|
||||
|
||||
// 成功
|
||||
{
|
||||
cache.Set(
|
||||
"callback_testCallBackUpyun",
|
||||
serializer.UploadSession{
|
||||
UID: 1,
|
||||
PolicyID: 512,
|
||||
VirtualPath: "/",
|
||||
},
|
||||
0,
|
||||
)
|
||||
cache.Deletes([]string{"1"}, "policy_")
|
||||
mock.ExpectQuery("SELECT(.+)users(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
||||
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Params = []gin.Param{
|
||||
{"key", "testCallBackUpyun"},
|
||||
}
|
||||
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
|
||||
AuthFunc(c)
|
||||
asserts.False(c.IsAborted())
|
||||
asserts.NoError(mock.ExpectationsWereMet())
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue