func middlewareScenario(desc string, fn scenarioFunc) {
Convey(desc, func() {
defer bus.ClearBusHandlers()
sc := &scenarioContext{}
viewsPath, _ := filepath.Abs("../../public/views")
sc.m = macaron.New()
sc.m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: viewsPath,
Delims: macaron.Delims{Left: "[[", Right: "]]"},
}))
sc.m.Use(GetContextHandler())
// mock out gc goroutine
startSessionGC = func() {}
sc.m.Use(Sessioner(&session.Options{}))
sc.defaultHandler = func(c *Context) {
sc.context = c
if sc.handlerFunc != nil {
sc.handlerFunc(sc.context)
}
}
sc.m.Get("/", sc.defaultHandler)
fn(sc)
})
}
func Test_Flash(t *testing.T) {
Convey("Test flash", t, func() {
m := macaron.New()
m.Use(Sessioner())
m.Get("/set", func(f *Flash) string {
f.Success("success")
f.Error("error")
f.Warning("warning")
f.Info("info")
return ""
})
m.Get("/get", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/set", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/get", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", "macaron_flash=error%3Derror%26info%3Dinfo%26success%3Dsuccess%26warning%3Dwarning; Path=/")
m.ServeHTTP(resp, req)
})
}
func Test_SelectiveRouter(t *testing.T) {
for _, test := range tests {
w := httptest.NewRecorder()
m := macaron.New()
done := make(chan bool)
selectRoute(m, test.ExpectedMethod, func(rq *http.Request) {
done <- true
})
req, err := http.NewRequest(test.Method, "/", nil)
if err != nil {
t.Fatal(err)
}
OverrideRequestMethod(req, test.OverrideMethod)
m.Before(Override())
go m.ServeHTTP(w, req)
select {
case <-done:
case <-time.After(30 * time.Millisecond):
t.Errorf("Expected router to route to %s, got something else (%v).", test.ExpectedMethod, test)
}
}
}
func newMacaron() *macaron.Macaron {
macaron.Env = setting.Env
m := macaron.New()
m.Use(middleware.Logger())
m.Use(macaron.Recovery())
if setting.EnableGzip {
m.Use(middleware.Gziper())
}
mapStatic(m, "", "public")
mapStatic(m, "app", "app")
mapStatic(m, "css", "css")
mapStatic(m, "img", "img")
mapStatic(m, "fonts", "fonts")
mapStatic(m, "robots.txt", "robots.txt")
m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: path.Join(setting.StaticRootPath, "views"),
IndentJSON: macaron.Env != macaron.PROD,
Delims: macaron.Delims{Left: "[[", Right: "]]"},
}))
if setting.EnforceDomain {
m.Use(middleware.ValidateHostHeader(setting.Domain))
}
m.Use(middleware.GetContextHandler())
m.Use(middleware.Sessioner(&setting.SessionOptions))
return m
}
func Test_GenerateToken(t *testing.T) {
Convey("Generate token", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer())
// Simulate login.
m.Get("/login", func(sess session.Store, x CSRF) {
sess.Set("uid", "123456")
})
// Generate token.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
})
}
func main() {
log.Info("Peach %s", APP_VER)
m := macaron.New()
m.Use(macaron.Logger())
m.Use(macaron.Recovery())
m.Use(macaron.Statics(macaron.StaticOptions{
SkipLogging: setting.ProdMode,
}, "custom/public", "public"))
m.Use(i18n.I18n(i18n.Options{
Files: setting.Docs.Locales,
}))
tplDir := "templates"
if setting.Page.UseCustomTpl {
tplDir = "custom/templates"
}
m.Use(pongo2.Pongoer(pongo2.Options{
Directory: tplDir,
}))
m.Use(middleware.Contexter())
m.Get("/", routers.Home)
m.Get("/docs", routers.Docs)
m.Get("/docs/images/*", routers.DocsStatic)
m.Get("/docs/*", routers.Docs)
m.Post("/hook", routers.Hook)
m.Get("/search", routers.Search)
m.Get("/*", routers.Pages)
m.NotFound(routers.NotFound)
listenAddr := fmt.Sprintf("0.0.0.0:%d", setting.HTTPPort)
log.Info("%s Listen on %s", setting.Site.Name, listenAddr)
log.Fatal("Fail to start Peach: %v", http.ListenAndServe(listenAddr, m))
}
func newInstance() *macaron.Macaron {
m := macaron.New()
m.Use(macaron.Logger())
m.Use(macaron.Recovery())
m.Use(macaron.Static("static"))
m.Use(pongo2.Pongoer(pongo2.Options{
Directory: "views",
IndentJSON: macaron.Env != macaron.PROD,
IndentXML: macaron.Env != macaron.PROD,
}))
m.Use(cache.Cacher())
m.Use(session.Sessioner())
//DoXXX 表示GET请求;
//OnXXX 表示POST请求;
//AnyXXX 表示GET、POST混合请求
m.Any("/", AnyValidate)
m.Get("/dogs", DoDogs)
m.Get("/pups", DoPups)
m.Get("/about", DoAbout)
m.Get("/comment", DoComment)
m.Get("/signin", DoSignin)
m.Get("/dogDetail", DoDogDetail)
m.Get("/pupDetail", DoPupDetail)
m.Post("/onComment", OnComment)
m.Post("/onSignin", OnSignin)
return m
}
// newMacaron initializes Macaron instance.
func newMacaron() *macaron.Macaron {
m := macaron.New()
m.Use(macaron.Logger())
m.Use(macaron.Recovery())
if setting.EnableGzip {
m.Use(macaron.Gziper())
}
m.Use(macaron.Static(
path.Join(setting.StaticRootPath, "public"),
macaron.StaticOptions{
SkipLogging: !setting.DisableRouterLog,
},
))
m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: path.Join(setting.StaticRootPath, "templates"),
Funcs: []template.FuncMap{base.TemplateFuncs},
IndentJSON: macaron.Env != macaron.PROD,
}))
m.Use(i18n.I18n(i18n.Options{
SubURL: setting.AppSubUrl,
Directory: path.Join(setting.ConfRootPath, "locale"),
CustomDirectory: path.Join(setting.CustomPath, "conf/locale"),
Langs: setting.Langs,
Names: setting.Names,
Redirect: true,
}))
m.Use(cache.Cacher(cache.Options{
Adapter: setting.CacheAdapter,
Interval: setting.CacheInternal,
Conn: setting.CacheConn,
}))
m.Use(captcha.Captchaer(captcha.Options{
SubURL: setting.AppSubUrl,
}))
m.Use(session.Sessioner(session.Options{
Provider: setting.SessionProvider,
Config: *setting.SessionConfig,
}))
m.Use(csrf.Generate(csrf.Options{
Secret: setting.SecretKey,
SetCookie: true,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubUrl,
}))
m.Use(toolbox.Toolboxer(m, toolbox.Options{
HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
&toolbox.HealthCheckFuncDesc{
Desc: "Database connection",
Func: models.Ping,
},
},
}))
m.Use(middleware.Contexter())
return m
}
func runWeb(c *cli.Context) {
m := macaron.New()
web.SetOCTMacaron(m)
listenaddr := fmt.Sprintf("%s:%d", c.String("address"), c.Int("port"))
fmt.Println("Start to listen ", listenaddr)
if err := http.ListenAndServe(listenaddr, m); err != nil {
fmt.Printf("start oct http service error: %v", err.Error())
}
}
func main() {
m := macaron.New()
m.Map(logger) // 映射全局服务
// 获取全局服务
m.Get("/logger", func(l *log.Logger) {
l.Println("我正在使用全局日志器")
})
m.Run()
}
func Test_Cacher(t *testing.T) {
Convey("Use cache middleware", t, func() {
m := macaron.New()
m.Use(Cacher())
m.Get("/", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
})
Convey("Register invalid adapter", t, func() {
Convey("Adatper not exists", func() {
defer func() {
So(recover(), ShouldNotBeNil)
}()
m := macaron.New()
m.Use(Cacher(Options{
Adapter: "fake",
}))
})
Convey("Provider value is nil", func() {
defer func() {
So(recover(), ShouldNotBeNil)
}()
Register("fake", nil)
})
Convey("Register twice", func() {
defer func() {
So(recover(), ShouldNotBeNil)
}()
Register("memory", &MemoryCacher{})
})
})
}
func main() {
m := macaron.New()
m.Get("/", myLogger, func(l *log.Logger) {
l.Println("这是默认日志器")
})
// 获取请求级别服务
m.Get("/logger", myLogger, func(l Logger) {
l.Println("我正在使用全局日志器")
})
m.Run()
}
func Test_Captcha(t *testing.T) {
Convey("Captch service", t, func() {
m := macaron.New()
m.Use(cache.Cacher())
m.Use(Captchaer())
m.Get("/", func() {
})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
})
}
func newMacaron() *macaron.Macaron {
m := macaron.New()
m.Use(macaron.Logger())
m.Use(macaron.Recovery())
m.Use(macaron.Static("static"))
m.Use(session.Sessioner(session.Options{
Provider: "mysql",
ProviderConfig: beego.AppConfig.String("mysqlstring"),
}))
m.Use(middleware.Contexter())
m.Use(pongo2.Pongoer(pongo2.Options{
Directory: "views",
}))
return m
}
func runWeb(c *cli.Context) {
m := macaron.New()
if err := db.InitDB(setting.DBURI, setting.DBPasswd, setting.DBDB); err != nil {
fmt.Printf("Connect Database Error %s", err.Error())
}
web.SetWharfMacaron(m)
dockyard.SetDockyardMacaron(m)
crew.SetCrewMacaron(m)
generator.SetGeneratorMacaron(m)
switch setting.ListenMode {
case "http":
listenaddr := fmt.Sprintf("%s:%d", c.String("address"), c.Int("port"))
if err := http.ListenAndServe(listenaddr, m); err != nil {
fmt.Printf("start wharf http service error: %v", err.Error())
}
break
case "https":
listenaddr := fmt.Sprintf("%s:443", c.String("address"))
server := &http.Server{Addr: listenaddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m}
if err := server.ListenAndServeTLS(setting.HttpsCertFile, setting.HttpsKeyFile); err != nil {
fmt.Printf("start wharf https service error: %v", err.Error())
}
break
case "unix":
listenaddr := fmt.Sprintf("%s", c.String("address"))
if utils.IsFileExist(listenaddr) {
os.Remove(listenaddr)
}
if listener, err := net.Listen("unix", listenaddr); err != nil {
fmt.Printf("start wharf unix socket error: %v", err.Error())
} else {
server := &http.Server{Handler: m}
if err := server.Serve(listener); err != nil {
fmt.Printf("start wharf unix socket error: %v", err.Error())
}
}
break
default:
break
}
}
func loadMacaronSingle(method, path string, handler interface{}) http.Handler {
m := macaron.New()
switch method {
case "GET":
m.Get(path, handler)
case "POST":
m.Post(path, handler)
case "PUT":
m.Put(path, handler)
case "PATCH":
m.Patch(path, handler)
case "DELETE":
m.Delete(path, handler)
default:
panic("Unknow HTTP method: " + method)
}
return m
}
func loadMacaron(routes []route) http.Handler {
m := macaron.New()
for _, route := range routes {
switch route.method {
case "GET":
m.Get(route.path, martiniHandler)
case "POST":
m.Post(route.path, martiniHandler)
case "PUT":
m.Put(route.path, martiniHandler)
case "PATCH":
m.Patch(route.path, martiniHandler)
case "DELETE":
m.Delete(route.path, martiniHandler)
default:
panic("Unknow HTTP method: " + route.method)
}
}
return m
}
func runWeb(c *cli.Context) {
m := macaron.New()
//Set Macaron Web Middleware And Routers
web.SetDockyardMacaron(m)
switch setting.ListenMode {
case "http":
listenaddr := fmt.Sprintf("%s:%d", c.String("address"), c.Int("port"))
if err := http.ListenAndServe(listenaddr, m); err != nil {
fmt.Printf("启动 dockyard 的 HTTP 服务错误: %v", err)
}
break
case "https":
//HTTPS 强制使用 443 端口
listenaddr := fmt.Sprintf("%s:443", c.String("address"))
server := &http.Server{Addr: listenaddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m}
if err := server.ListenAndServeTLS(setting.HttpsCertFile, setting.HttpsKeyFile); err != nil {
fmt.Printf("启动 dockyard 的 HTTPS 服务错误: %v", err)
}
break
case "unix":
listenaddr := fmt.Sprintf("%s", c.String("address"))
//如果存在 Unix Socket 文件就删除
if utils.Exist(listenaddr) {
os.Remove(listenaddr)
}
if listener, err := net.Listen("unix", listenaddr); err != nil {
fmt.Printf("启动 dockyard 的 Unix Socket 监听错误: %v", err)
} else {
server := &http.Server{Handler: m}
if err := server.Serve(listener); err != nil {
fmt.Printf("启动 dockyard 的 Unix Socket 监听错误: %v", err)
}
}
break
default:
break
}
}
func Test_ParamenterOverride(t *testing.T) {
for _, test := range tests {
w := httptest.NewRecorder()
m := macaron.New()
m.Before(Override())
m.Use(func(w http.ResponseWriter, r *http.Request) {
if r.Method != test.ExpectedMethod {
t.Errorf("Expected %s, got %s", test.ExpectedMethod, r.Method)
}
})
query := "_method=" + test.OverrideMethod
r, err := http.NewRequest(test.Method, "/?"+query, nil)
if err != nil {
t.Fatal(err)
}
m.ServeHTTP(w, r)
}
}
func Test_In(t *testing.T) {
for _, test := range tests {
w := httptest.NewRecorder()
m := macaron.New()
m.Before(Override())
m.Use(func(w http.ResponseWriter, r *http.Request) {
if r.Method != test.ExpectedMethod {
t.Errorf("Expected %s, got %s", test.ExpectedMethod, r.Method)
}
})
r, err := http.NewRequest(test.Method, "/", nil)
if err != nil {
t.Fatal(err)
}
OverrideRequestMethod(r, test.OverrideMethod)
m.ServeHTTP(w, r)
}
}
func newMacaron() *macaron.Macaron {
macaron.Env = setting.Env
m := macaron.New()
m.Use(middleware.Logger())
m.Use(macaron.Recovery())
m.Use(toolbox.Toolboxer(m))
m.Use(func(ctx *macaron.Context) {
if ctx.Req.URL.Path == "/debug/vars" {
http.DefaultServeMux.ServeHTTP(ctx.Resp, ctx.Req.Request)
}
})
if setting.EnableGzip {
m.Use(middleware.Gziper())
}
mapStatic(m, "", "public")
mapStatic(m, "app", "app")
mapStatic(m, "css", "css")
mapStatic(m, "img", "img")
mapStatic(m, "fonts", "fonts")
mapStatic(m, "plugins", "plugins")
mapStatic(m, "robots.txt", "robots.txxt")
m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: path.Join(setting.StaticRootPath, "views"),
IndentJSON: macaron.Env != macaron.PROD,
Delims: macaron.Delims{Left: "[[", Right: "]]"},
}))
if setting.EnforceDomain {
m.Use(middleware.ValidateHostHeader(setting.Domain))
}
m.Use(middleware.GetContextHandler())
m.Use(middleware.Sessioner(&setting.SessionOptions))
return m
}
// newMacaron initializes Macaron instance.
func newMacaron() *macaron.Macaron {
m := macaron.New()
m.Use(macaron.Logger())
m.Use(macaron.Recovery())
m.Use(macaron.Static("public",
macaron.StaticOptions{
SkipLogging: setting.ProdMode,
},
))
m.Use(macaron.Static("raw",
macaron.StaticOptions{
Prefix: "raw",
SkipLogging: setting.ProdMode,
}))
m.Use(pongo2.Pongoer(pongo2.Options{
IndentJSON: !setting.ProdMode,
}))
m.Use(i18n.I18n())
m.Use(session.Sessioner())
m.Use(middleware.Contexter())
return m
}
func newMacaron() *macaron.Macaron {
macaron.Env = setting.Env
m := macaron.New()
m.Use(middleware.Logger())
m.Use(macaron.Recovery())
if setting.EnableGzip {
m.Use(middleware.Gziper())
}
for _, route := range plugins.StaticRoutes {
pluginRoute := path.Join("/public/plugins/", route.Url)
log.Info("Plugin: Adding static route %s -> %s", pluginRoute, route.Path)
mapStatic(m, route.Path, "", pluginRoute)
}
mapStatic(m, setting.StaticRootPath, "", "public")
mapStatic(m, setting.StaticRootPath, "app", "app")
mapStatic(m, setting.StaticRootPath, "css", "css")
mapStatic(m, setting.StaticRootPath, "img", "img")
mapStatic(m, setting.StaticRootPath, "fonts", "fonts")
mapStatic(m, setting.StaticRootPath, "robots.txt", "robots.txt")
m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: path.Join(setting.StaticRootPath, "views"),
IndentJSON: macaron.Env != macaron.PROD,
Delims: macaron.Delims{Left: "[[", Right: "]]"},
}))
if setting.EnforceDomain {
m.Use(middleware.ValidateHostHeader(setting.Domain))
}
m.Use(middleware.GetContextHandler())
m.Use(middleware.Sessioner(&setting.SessionOptions))
return m
}
func Test_Bindata(t *testing.T) {
Convey("Bindata service", t, func() {
m := macaron.New()
m.Use(macaron.Static("",
macaron.StaticOptions{
SkipLogging: false,
FileSystem: Static(Options{
Asset: testdata.Asset,
AssetDir: testdata.AssetDir,
AssetNames: testdata.AssetNames,
Prefix: "",
}),
},
))
m.Use(macaron.Renderer(macaron.RenderOptions{
TemplateFileSystem: Templates(Options{
Asset: testdata.Asset,
AssetDir: testdata.AssetDir,
AssetNames: testdata.AssetNames,
Prefix: "",
}),
}))
m.Get("/", func(ctx *macaron.Context) {
ctx.HTML(200, "templates/hello", "Joe")
})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/static/hello.css", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
So(resp.Body.String(), ShouldEqual, ".hello.world {\n\tfont-size: 1px;\n}")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
So(resp.Body.String(), ShouldEqual, "Hello, Joe!")
})
}
func Test_Validate(t *testing.T) {
Convey("Validate token", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer())
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", 123456)
})
// Generate token.
m.Get("/private", func(x CSRF) string {
return x.GetToken()
})
m.Post("/private", Validate, func() {})
// Login to set session.
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
// Get a new token.
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
token := resp.Body.String()
// Post using _csrf form value.
data := url.Values{}
data.Set("_csrf", token)
resp = httptest.NewRecorder()
req, err = http.NewRequest("POST", "/private", bytes.NewBufferString(data.Encode()))
So(err, ShouldBeNil)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Length", com.ToStr(len(data.Encode())))
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldNotEqual, http.StatusBadRequest)
// Post using X-CSRFToken HTTP header.
resp = httptest.NewRecorder()
req, err = http.NewRequest("POST", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("X-CSRFToken", token)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldNotEqual, http.StatusBadRequest)
})
Convey("Validate custom token", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
Header: "X-Custom",
Form: "_custom",
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", 123456)
})
// Generate token.
m.Get("/private", func(x CSRF) string {
return x.GetToken()
})
m.Post("/private", Validate, func() {})
// Login to set session.
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
// Get a new token.
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
token := resp.Body.String()
// Post using _csrf form value.
data := url.Values{}
data.Set("_custom", token)
resp = httptest.NewRecorder()
req, err = http.NewRequest("POST", "/private", bytes.NewBufferString(data.Encode()))
So(err, ShouldBeNil)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Length", com.ToStr(len(data.Encode())))
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldNotEqual, http.StatusBadRequest)
// Post using X-Custom HTTP header.
resp = httptest.NewRecorder()
req, err = http.NewRequest("POST", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("X-Custom", token)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldNotEqual, http.StatusBadRequest)
})
Convey("Validate token with custom error func", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
ErrorFunc: func(w http.ResponseWriter) {
http.Error(w, "custom error", 422)
},
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", 123456)
})
// Generate token.
m.Get("/private", func(x CSRF) string {
return x.GetToken()
})
m.Post("/private", Validate, func() {})
// Login to set session.
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
// Get a new token.
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
// Post using _csrf form value.
data := url.Values{}
data.Set("_csrf", "invalid")
resp = httptest.NewRecorder()
req, err = http.NewRequest("POST", "/private", bytes.NewBufferString(data.Encode()))
So(err, ShouldBeNil)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Length", com.ToStr(len(data.Encode())))
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldEqual, 422)
So(resp.Body.String(), ShouldEqual, "custom error\n")
// Post using X-CSRFToken HTTP header.
resp = httptest.NewRecorder()
req, err = http.NewRequest("POST", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("X-CSRFToken", "invalid")
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldEqual, 422)
So(resp.Body.String(), ShouldEqual, "custom error\n")
})
}
func Test_GenerateHeader(t *testing.T) {
Convey("Generate token to header", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
SetHeader: true,
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", "123456")
})
// Generate HTTP header.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Header().Get("X-CSRFToken"), ShouldNotBeEmpty)
})
Convey("Generate token to header with origin", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
SetHeader: true,
Origin: true,
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", "123456")
})
// Generate HTTP header.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
req.Header.Set("Origin", "https://www.example.com")
m.ServeHTTP(resp, req)
So(resp.Header().Get("X-CSRFToken"), ShouldBeEmpty)
})
Convey("Generate token to custom header", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
Header: "X-Custom",
SetHeader: true,
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", "123456")
})
// Generate HTTP header.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Header().Get("X-Custom"), ShouldNotBeEmpty)
})
}
func Test_Invalid(t *testing.T) {
Convey("Invalid session data type", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer())
// Simulate login.
m.Get("/login", func(sess session.Store, x CSRF) {
sess.Set("uid", true)
})
// Generate token.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
})
Convey("Invalid request", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer())
// Simulate login.
m.Get("/login", Validate, func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
So(resp.Code, ShouldEqual, http.StatusBadRequest)
})
Convey("Invalid token", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer())
// Simulate login.
m.Get("/login", Validate, func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
req.Header.Set("X-CSRFToken", "invalid")
m.ServeHTTP(resp, req)
So(resp.Code, ShouldEqual, http.StatusBadRequest)
})
}
func testAdapter(opt Options) {
Convey("Basic operations", func() {
m := macaron.New()
m.Use(Cacher(opt))
m.Get("/", func(c Cache) {
So(c.Put("uname", "unknwon", 1), ShouldBeNil)
So(c.Put("uname2", "unknwon2", 1), ShouldBeNil)
So(c.IsExist("uname"), ShouldBeTrue)
So(c.Get("404"), ShouldBeNil)
So(c.Get("uname").(string), ShouldEqual, "unknwon")
time.Sleep(1 * time.Second)
So(c.Get("uname"), ShouldBeNil)
time.Sleep(1 * time.Second)
So(c.Get("uname2"), ShouldBeNil)
So(c.Put("uname", "unknwon", 0), ShouldBeNil)
So(c.Delete("uname"), ShouldBeNil)
So(c.Get("uname"), ShouldBeNil)
So(c.Put("uname", "unknwon", 0), ShouldBeNil)
So(c.Flush(), ShouldBeNil)
So(c.Get("uname"), ShouldBeNil)
gob.Register(opt)
So(c.Put("struct", opt, 0), ShouldBeNil)
})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
})
Convey("Increase and decrease operations", func() {
m := macaron.New()
m.Use(Cacher(opt))
m.Get("/", func(c Cache) {
So(c.Incr("404"), ShouldNotBeNil)
So(c.Decr("404"), ShouldNotBeNil)
So(c.Put("int", 0, 0), ShouldBeNil)
So(c.Put("int32", int32(0), 0), ShouldBeNil)
So(c.Put("int64", int64(0), 0), ShouldBeNil)
So(c.Put("uint", uint(0), 0), ShouldBeNil)
So(c.Put("uint32", uint32(0), 0), ShouldBeNil)
So(c.Put("uint64", uint64(0), 0), ShouldBeNil)
So(c.Put("string", "hi", 0), ShouldBeNil)
So(c.Decr("uint"), ShouldNotBeNil)
So(c.Decr("uint32"), ShouldNotBeNil)
So(c.Decr("uint64"), ShouldNotBeNil)
So(c.Incr("int"), ShouldBeNil)
So(c.Incr("int32"), ShouldBeNil)
So(c.Incr("int64"), ShouldBeNil)
So(c.Incr("uint"), ShouldBeNil)
So(c.Incr("uint32"), ShouldBeNil)
So(c.Incr("uint64"), ShouldBeNil)
So(c.Decr("int"), ShouldBeNil)
So(c.Decr("int32"), ShouldBeNil)
So(c.Decr("int64"), ShouldBeNil)
So(c.Decr("uint"), ShouldBeNil)
So(c.Decr("uint32"), ShouldBeNil)
So(c.Decr("uint64"), ShouldBeNil)
So(c.Incr("string"), ShouldNotBeNil)
So(c.Decr("string"), ShouldNotBeNil)
So(c.Get("int"), ShouldEqual, 0)
So(c.Get("int32"), ShouldEqual, 0)
So(c.Get("int64"), ShouldEqual, 0)
So(c.Get("uint"), ShouldEqual, 0)
So(c.Get("uint32"), ShouldEqual, 0)
So(c.Get("uint64"), ShouldEqual, 0)
})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
})
}
func Test_GenerateCookie(t *testing.T) {
Convey("Generate token to Cookie", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
SetCookie: true,
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", 123456)
})
// Generate cookie.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Header().Get("Set-Cookie"), ShouldContainSubstring, "_csrf")
})
Convey("Generate token to custom Cookie", t, func() {
m := macaron.New()
m.Use(session.Sessioner())
m.Use(Csrfer(Options{
Cookie: "custom",
SetCookie: true,
}))
// Simulate login.
m.Get("/login", func(sess session.Store) {
sess.Set("uid", int64(123456))
})
// Generate cookie.
m.Get("/private", func() {})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/login", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/private", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
So(resp.Header().Get("Set-Cookie"), ShouldContainSubstring, "custom")
})
}
func Test_LedisProvider(t *testing.T) {
Convey("Test ledis session provider", t, func() {
opt := session.Options{
Provider: "ledis",
ProviderConfig: "data_dir=./tmp.db",
}
Convey("Basic operation", func() {
m := macaron.New()
m.Use(session.Sessioner(opt))
m.Get("/", func(ctx *macaron.Context, sess session.Store) {
sess.Set("uname", "unknwon")
})
m.Get("/reg", func(ctx *macaron.Context, sess session.Store) {
raw, err := sess.RegenerateId(ctx)
So(err, ShouldBeNil)
So(raw, ShouldNotBeNil)
uname := raw.Get("uname")
So(uname, ShouldNotBeNil)
So(uname, ShouldEqual, "unknwon")
})
m.Get("/get", func(ctx *macaron.Context, sess session.Store) {
sid := sess.ID()
So(sid, ShouldNotBeEmpty)
raw, err := sess.Read(sid)
So(err, ShouldBeNil)
So(raw, ShouldNotBeNil)
uname := sess.Get("uname")
So(uname, ShouldNotBeNil)
So(uname, ShouldEqual, "unknwon")
So(sess.Delete("uname"), ShouldBeNil)
So(sess.Get("uname"), ShouldBeNil)
So(sess.Destory(ctx), ShouldBeNil)
})
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", "/", nil)
So(err, ShouldBeNil)
m.ServeHTTP(resp, req)
cookie := resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/reg", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
cookie = resp.Header().Get("Set-Cookie")
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/get", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", cookie)
m.ServeHTTP(resp, req)
Convey("Regenrate empty session", func() {
m.Get("/empty", func(ctx *macaron.Context, sess session.Store) {
raw, err := sess.RegenerateId(ctx)
So(err, ShouldBeNil)
So(raw, ShouldNotBeNil)
})
resp = httptest.NewRecorder()
req, err = http.NewRequest("GET", "/empty", nil)
So(err, ShouldBeNil)
req.Header.Set("Cookie", "MacaronSession=ad2c7e3cbecfcf486; Path=/;")
m.ServeHTTP(resp, req)
})
})
})
}