2019-06-08 01:47:46 +08:00
|
|
|
package restic
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"crypto/rand"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
|
2019-07-29 01:47:38 +08:00
|
|
|
"github.com/rclone/rclone/cmd/serve/httplib"
|
2019-06-08 01:47:46 +08:00
|
|
|
|
2019-07-29 01:47:38 +08:00
|
|
|
"github.com/rclone/rclone/cmd"
|
|
|
|
"github.com/rclone/rclone/cmd/serve/httplib/httpflags"
|
2019-06-08 01:47:46 +08:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
// newAuthenticatedRequest returns a new HTTP request with the given params.
|
|
|
|
func newAuthenticatedRequest(t testing.TB, method, path string, body io.Reader) *http.Request {
|
|
|
|
req := newRequest(t, method, path, body)
|
|
|
|
req = req.WithContext(context.WithValue(req.Context(), httplib.ContextUserKey, "test"))
|
|
|
|
req.Header.Add("Accept", resticAPIV2)
|
|
|
|
return req
|
|
|
|
}
|
|
|
|
|
|
|
|
// TestResticPrivateRepositories runs tests on the restic handler code for private repositories
|
|
|
|
func TestResticPrivateRepositories(t *testing.T) {
|
|
|
|
buf := make([]byte, 32)
|
|
|
|
_, err := io.ReadFull(rand.Reader, buf)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
// setup rclone with a local backend in a temporary directory
|
2022-01-30 00:24:56 +08:00
|
|
|
tempdir := t.TempDir()
|
2019-06-08 01:47:46 +08:00
|
|
|
|
|
|
|
// globally set private-repos mode & test user
|
|
|
|
prev := privateRepos
|
|
|
|
prevUser := httpflags.Opt.BasicUser
|
|
|
|
prevPassword := httpflags.Opt.BasicPass
|
|
|
|
privateRepos = true
|
|
|
|
httpflags.Opt.BasicUser = "test"
|
|
|
|
httpflags.Opt.BasicPass = "password"
|
|
|
|
// reset when done
|
|
|
|
defer func() {
|
|
|
|
privateRepos = prev
|
|
|
|
httpflags.Opt.BasicUser = prevUser
|
|
|
|
httpflags.Opt.BasicPass = prevPassword
|
|
|
|
}()
|
|
|
|
|
|
|
|
// make a new file system in the temp dir
|
|
|
|
f := cmd.NewFsSrc([]string{tempdir})
|
2020-07-26 19:06:47 +08:00
|
|
|
srv := NewServer(f, &httpflags.Opt)
|
2019-06-08 01:47:46 +08:00
|
|
|
|
|
|
|
// Requesting /test/ should allow access
|
|
|
|
reqs := []*http.Request{
|
|
|
|
newAuthenticatedRequest(t, "POST", "/test/?create=true", nil),
|
|
|
|
newAuthenticatedRequest(t, "POST", "/test/config", strings.NewReader("foobar test config")),
|
|
|
|
newAuthenticatedRequest(t, "GET", "/test/config", nil),
|
|
|
|
}
|
|
|
|
for _, req := range reqs {
|
2020-07-26 19:06:47 +08:00
|
|
|
checkRequest(t, srv.ServeHTTP, req, []wantFunc{wantCode(http.StatusOK)})
|
2019-06-08 01:47:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// Requesting everything else should raise forbidden errors
|
|
|
|
reqs = []*http.Request{
|
|
|
|
newAuthenticatedRequest(t, "GET", "/", nil),
|
|
|
|
newAuthenticatedRequest(t, "POST", "/other_user", nil),
|
|
|
|
newAuthenticatedRequest(t, "GET", "/other_user/config", nil),
|
|
|
|
}
|
|
|
|
for _, req := range reqs {
|
2020-07-26 19:06:47 +08:00
|
|
|
checkRequest(t, srv.ServeHTTP, req, []wantFunc{wantCode(http.StatusForbidden)})
|
2019-06-08 01:47:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|