test/pleroma/web/plugs/remote_ip_test.exs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.Plugs.RemoteIpTest do
  use ExUnit.Case
  use Plug.Test

  alias Pleroma.Web.Plugs.RemoteIp

  import Pleroma.Tests.Helpers, only: [clear_config: 2]

  setup do:
          clear_config(RemoteIp,
            enabled: true,
            headers: ["x-forwarded-for"],
            proxies: [],
            reserved: [
              "127.0.0.0/8",
              "::1/128",
              "fc00::/7",
              "10.0.0.0/8",
              "172.16.0.0/12",
              "192.168.0.0/16"
            ]
          )

  test "disabled" do
    Pleroma.Config.put(RemoteIp, enabled: false)

    %{remote_ip: remote_ip} = conn(:get, "/")

    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "1.1.1.1")
      |> RemoteIp.call(nil)

    assert conn.remote_ip == remote_ip
  end

  test "enabled" do
    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "1.1.1.1")
      |> RemoteIp.call(nil)

    assert conn.remote_ip == {1, 1, 1, 1}
  end

  test "custom headers" do
    Pleroma.Config.put(RemoteIp, enabled: true, headers: ["cf-connecting-ip"])

    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "1.1.1.1")
      |> RemoteIp.call(nil)

    refute conn.remote_ip == {1, 1, 1, 1}

    conn =
      conn(:get, "/")
      |> put_req_header("cf-connecting-ip", "1.1.1.1")
      |> RemoteIp.call(nil)

    assert conn.remote_ip == {1, 1, 1, 1}
  end

  test "custom proxies" do
    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
      |> RemoteIp.call(nil)

    refute conn.remote_ip == {1, 1, 1, 1}

    Pleroma.Config.put([RemoteIp, :proxies], ["173.245.48.0/20"])

    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
      |> RemoteIp.call(nil)

    assert conn.remote_ip == {1, 1, 1, 1}
  end

  test "proxies set without CIDR format" do
    Pleroma.Config.put([RemoteIp, :proxies], ["173.245.48.1"])

    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1")
      |> RemoteIp.call(nil)

    assert conn.remote_ip == {1, 1, 1, 1}
  end

  test "proxies set `nonsensical` CIDR" do
    Pleroma.Config.put([RemoteIp, :reserved], ["127.0.0.0/8"])
    Pleroma.Config.put([RemoteIp, :proxies], ["10.0.0.3/24"])

    conn =
      conn(:get, "/")
      |> put_req_header("x-forwarded-for", "10.0.0.3, 1.1.1.1")
      |> RemoteIp.call(nil)

    assert conn.remote_ip == {1, 1, 1, 1}
  end
end