Test: remote callback auth

2025-10-30 16:18:11 +08:00 · 2019-12-30 19:56:01 +08:00
parent 4a5782b4e5
commit eceee2fc76
3 changed files with 153 additions and 4 deletions
--- a/middleware/auth_test.go
+++ b/middleware/auth_test.go
@ -5,6 +5,8 @@ import (
 	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/auth"
+	"github.com/HFO4/cloudreve/pkg/cache"
+	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/HFO4/cloudreve/pkg/util"
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
@ -198,3 +200,145 @@ func TestWebDAVAuth(t *testing.T) {
 	}

 }
+
+func TestRemoteCallbackAuth(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	AuthFunc := RemoteCallbackAuth()
+
+	// 成功
+	{
+		cache.Set(
+			"callback_testCallBackRemote",
+			serializer.UploadSession{
+				UID:         1,
+				PolicyID:    2,
+				VirtualPath: "/",
+			},
+			0,
+		)
+		cache.Deletes([]string{"1"}, "policy_")
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
+		mock.ExpectQuery("SELECT(.+)groups(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[2]"))
+		mock.ExpectQuery("SELECT(.+)policies(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.False(c.IsAborted())
+	}
+
+	// Callback Key 不存在
+	{
+
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
+		AuthFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// 用户不存在
+	{
+		cache.Set(
+			"callback_testCallBackRemote",
+			serializer.UploadSession{
+				UID:         1,
+				PolicyID:    2,
+				VirtualPath: "/",
+			},
+			0,
+		)
+		cache.Deletes([]string{"1"}, "policy_")
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}))
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.True(c.IsAborted())
+	}
+
+	// 存储策略不一致
+	{
+		cache.Set(
+			"callback_testCallBackRemote",
+			serializer.UploadSession{
+				UID:         1,
+				PolicyID:    2,
+				VirtualPath: "/",
+			},
+			0,
+		)
+		cache.Deletes([]string{"1"}, "policy_")
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
+		mock.ExpectQuery("SELECT(.+)groups(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[3]"))
+		mock.ExpectQuery("SELECT(.+)policies(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(3, "123"))
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.True(c.IsAborted())
+	}
+
+	// 签名错误
+	{
+		cache.Set(
+			"callback_testCallBackRemote",
+			serializer.UploadSession{
+				UID:         1,
+				PolicyID:    2,
+				VirtualPath: "/",
+			},
+			0,
+		)
+		cache.Deletes([]string{"1"}, "policy_")
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
+		mock.ExpectQuery("SELECT(.+)groups(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[2]"))
+		mock.ExpectQuery("SELECT(.+)policies(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.True(c.IsAborted())
+	}
+
+	// Callback Key 为空
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote", nil)
+		AuthFunc(c)
+		asserts.True(c.IsAborted())
+	}
+}