mirror of
https://github.com/ipfs/kubo.git
synced 2025-08-24 19:27:14 +08:00
3b098b969a
* fix(cli): support HTTPS in ipfs --api Closes #10539 * chore: go-ipfs-cmds v0.14.1 https://github.com/ipfs/go-ipfs-cmds/releases/tag/v0.14.1 * docs: ipfs --api example * test(cli): https rpc support makes sure we dont have regression where HTTPS endpoint starts getting cleartext requests
47 lines
1.3 KiB
Go
47 lines
1.3 KiB
Go
package cli
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/ipfs/kubo/test/cli/harness"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestCLIWithRemoteHTTPS(t *testing.T) {
|
|
tests := []struct{ addrSuffix string }{{"https"}, {"tls/http"}}
|
|
for _, tt := range tests {
|
|
t.Run("with "+tt.addrSuffix+" multiaddr", func(t *testing.T) {
|
|
|
|
// Create HTTPS test server
|
|
server := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.TLS == nil {
|
|
t.Error("Mocked Kubo RPC received plain HTTP request instead of HTTPS TLS Handshake")
|
|
}
|
|
_, _ = w.Write([]byte("OK"))
|
|
}))
|
|
defer server.Close()
|
|
|
|
serverURL, _ := url.Parse(server.URL)
|
|
_, port, _ := net.SplitHostPort(serverURL.Host)
|
|
|
|
// Create Kubo repo
|
|
node := harness.NewT(t).NewNode().Init()
|
|
|
|
// Attempt to talk to remote Kubo RPC endpoint over HTTPS
|
|
resp := node.RunIPFS("id", "--api", fmt.Sprintf("/ip4/127.0.0.1/tcp/%s/%s", port, tt.addrSuffix))
|
|
|
|
// Expect HTTPS error (confirming TLS and https:// were used, and not Cleartext HTTP)
|
|
require.Error(t, resp.Err)
|
|
require.Contains(t, resp.Stderr.String(), "Error: tls: failed to verify certificate: x509: certificate signed by unknown authority")
|
|
|
|
node.StopDaemon()
|
|
|
|
})
|
|
}
|
|
}
|