Exemplo n.º 1
0
func TestGzip(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)

	// Skip if no Accept-Encoding header
	h := Gzip()(func(c vodka.Context) error {
		c.Response().Write([]byte("test")) // For Content-Type sniffing
		return nil
	})
	h(c)
	assert.Equal(t, "test", rec.Body.String())

	req = test.NewRequest(vodka.GET, "/", nil)
	req.Header().Set(vodka.HeaderAcceptEncoding, "gzip")
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)

	// Gzip
	h(c)
	assert.Equal(t, "gzip", rec.Header().Get(vodka.HeaderContentEncoding))
	assert.Contains(t, rec.Header().Get(vodka.HeaderContentType), vodka.MIMETextPlain)
	r, err := gzip.NewReader(rec.Body)
	defer r.Close()
	if assert.NoError(t, err) {
		buf := new(bytes.Buffer)
		buf.ReadFrom(r)
		assert.Equal(t, "test", buf.String())
	}
}
Exemplo n.º 2
0
func TestSecure(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	}

	// Default
	Secure()(h)(c)
	assert.Equal(t, "1; mode=block", rec.Header().Get(vodka.HeaderXXSSProtection))
	assert.Equal(t, "nosniff", rec.Header().Get(vodka.HeaderXContentTypeOptions))
	assert.Equal(t, "SAMEORIGIN", rec.Header().Get(vodka.HeaderXFrameOptions))
	assert.Equal(t, "", rec.Header().Get(vodka.HeaderStrictTransportSecurity))
	assert.Equal(t, "", rec.Header().Get(vodka.HeaderContentSecurityPolicy))

	// Custom
	req.Header().Set(vodka.HeaderXForwardedProto, "https")
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	SecureWithConfig(SecureConfig{
		XSSProtection:         "",
		ContentTypeNosniff:    "",
		XFrameOptions:         "",
		HSTSMaxAge:            3600,
		ContentSecurityPolicy: "default-src 'self'",
	})(h)(c)
	assert.Equal(t, "", rec.Header().Get(vodka.HeaderXXSSProtection))
	assert.Equal(t, "", rec.Header().Get(vodka.HeaderXContentTypeOptions))
	assert.Equal(t, "", rec.Header().Get(vodka.HeaderXFrameOptions))
	assert.Equal(t, "max-age=3600; includeSubdomains", rec.Header().Get(vodka.HeaderStrictTransportSecurity))
	assert.Equal(t, "default-src 'self'", rec.Header().Get(vodka.HeaderContentSecurityPolicy))
}
Exemplo n.º 3
0
func TestContextServeContent(t *testing.T) {
	e := New()
	req := test.NewRequest(GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)

	fs := http.Dir("_fixture/images")
	f, err := fs.Open("walle.png")
	if assert.NoError(t, err) {
		fi, err := f.Stat()
		if assert.NoError(t, err) {
			// Not cached
			if assert.NoError(t, c.ServeContent(f, fi.Name(), fi.ModTime())) {
				assert.Equal(t, http.StatusOK, rec.Status())
			}

			// Cached
			rec = test.NewResponseRecorder()
			c = e.NewContext(req, rec)
			req.Header().Set(HeaderIfModifiedSince, fi.ModTime().UTC().Format(http.TimeFormat))
			if assert.NoError(t, c.ServeContent(f, fi.Name(), fi.ModTime())) {
				assert.Equal(t, http.StatusNotModified, rec.Status())
			}
		}
	}
}
Exemplo n.º 4
0
func TestCORS(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	cors := CORSWithConfig(CORSConfig{
		AllowCredentials: true,
	})
	h := cors(func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	})

	// No origin header
	h(c)
	assert.Equal(t, "", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))

	// Empty origin header
	req = test.NewRequest(vodka.GET, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	req.Header().Set(vodka.HeaderOrigin, "")
	h(c)
	assert.Equal(t, "*", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))

	// Wildcard origin
	req = test.NewRequest(vodka.GET, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	req.Header().Set(vodka.HeaderOrigin, "localhost")
	h(c)
	assert.Equal(t, "*", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))

	// Simple request
	req = test.NewRequest(vodka.GET, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	req.Header().Set(vodka.HeaderOrigin, "localhost")
	cors = CORSWithConfig(CORSConfig{
		AllowOrigins:     []string{"localhost"},
		AllowCredentials: true,
		MaxAge:           3600,
	})
	h = cors(func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	})
	h(c)
	assert.Equal(t, "localhost", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))

	// Preflight request
	req = test.NewRequest(vodka.OPTIONS, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	req.Header().Set(vodka.HeaderOrigin, "localhost")
	req.Header().Set(vodka.HeaderContentType, vodka.MIMEApplicationJSON)
	h(c)
	assert.Equal(t, "localhost", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))
	assert.NotEmpty(t, rec.Header().Get(vodka.HeaderAccessControlAllowMethods))
	assert.Equal(t, "true", rec.Header().Get(vodka.HeaderAccessControlAllowCredentials))
	assert.Equal(t, "3600", rec.Header().Get(vodka.HeaderAccessControlMaxAge))
}
Exemplo n.º 5
0
func TestRemoveTrailingSlash(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/remove-slash/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := RemoveTrailingSlash()(func(c vodka.Context) error {
		return nil
	})
	h(c)
	assert.Equal(t, "/remove-slash", req.URL().Path())
	assert.Equal(t, "/remove-slash", req.URI())

	// With config
	req = test.NewRequest(vodka.GET, "/remove-slash/?key=value", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	h = RemoveTrailingSlashWithConfig(TrailingSlashConfig{
		RedirectCode: http.StatusMovedPermanently,
	})(func(c vodka.Context) error {
		return nil
	})
	h(c)
	assert.Equal(t, http.StatusMovedPermanently, rec.Status())
	assert.Equal(t, "/remove-slash?key=value", rec.Header().Get(vodka.HeaderLocation))

	// With bare URL
	req = test.NewRequest(vodka.GET, "http://localhost", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	h = RemoveTrailingSlash()(func(c vodka.Context) error {
		return nil
	})
	h(c)
	assert.Equal(t, "", req.URL().Path())
}
Exemplo n.º 6
0
func TestStatic(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := Static("../_fixture")(func(c vodka.Context) error {
		return vodka.ErrNotFound
	})

	// Directory
	if assert.NoError(t, h(c)) {
		assert.Contains(t, rec.Body.String(), "Vodka")
	}

	// HTML5 mode
	req = test.NewRequest(vodka.GET, "/client", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	static := StaticWithConfig(StaticConfig{
		Root:  "../_fixture",
		HTML5: true,
	})
	h = static(func(c vodka.Context) error {
		return vodka.ErrNotFound
	})
	if assert.NoError(t, h(c)) {
		assert.Equal(t, http.StatusOK, rec.Status())
	}

	// Browse
	req = test.NewRequest(vodka.GET, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	static = StaticWithConfig(StaticConfig{
		Root:   "../_fixture/images",
		Browse: true,
	})
	h = static(func(c vodka.Context) error {
		return vodka.ErrNotFound
	})
	if assert.NoError(t, h(c)) {
		assert.Contains(t, rec.Body.String(), "walle")
	}

	// Not found
	req = test.NewRequest(vodka.GET, "/not-found", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	static = StaticWithConfig(StaticConfig{
		Root: "../_fixture/images",
	})
	h = static(func(c vodka.Context) error {
		return vodka.ErrNotFound
	})
	assert.Error(t, h(c))
}
Exemplo n.º 7
0
func TestVodkaNotFound(t *testing.T) {
	e := New()
	req := test.NewRequest(GET, "/files", nil)
	rec := test.NewResponseRecorder()
	e.ServeHTTP(req, rec)
	assert.Equal(t, http.StatusNotFound, rec.Status())
}
Exemplo n.º 8
0
func TestLoggerIPAddress(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	buf := new(bytes.Buffer)
	e.Logger().SetOutput(buf)
	ip := "127.0.0.1"
	h := Logger()(func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	})

	// With X-Real-IP
	req.Header().Add(vodka.HeaderXRealIP, ip)
	h(c)
	assert.Contains(t, ip, buf.String())

	// With X-Forwarded-For
	buf.Reset()
	req.Header().Del(vodka.HeaderXRealIP)
	req.Header().Add(vodka.HeaderXForwardedFor, ip)
	h(c)
	assert.Contains(t, ip, buf.String())

	buf.Reset()
	h(c)
	assert.Contains(t, ip, buf.String())
}
Exemplo n.º 9
0
func TestVodkaMethodNotAllowed(t *testing.T) {
	e := New()
	e.GET("/", func(c Context) error {
		return c.String(http.StatusOK, "Vodka!")
	})
	req := test.NewRequest(POST, "/", nil)
	rec := test.NewResponseRecorder()
	e.ServeHTTP(req, rec)
	assert.Equal(t, http.StatusMethodNotAllowed, rec.Status())
}
Exemplo n.º 10
0
func TestContextRedirect(t *testing.T) {
	e := New()
	req := test.NewRequest(GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	assert.Equal(t, nil, c.Redirect(http.StatusMovedPermanently, "http://insionng.github.io/vodka"))
	assert.Equal(t, http.StatusMovedPermanently, rec.Status())
	assert.Equal(t, "http://insionng.github.io/vodka", rec.Header().Get(HeaderLocation))
	assert.Error(t, c.Redirect(310, "http://insionng.github.io/vodka"))
}
Exemplo n.º 11
0
func TestBinderQueryParams(t *testing.T) {
	e := New()
	req := test.NewRequest(GET, "/?id=1&name=Jon Snow", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	u := new(user)
	err := c.Bind(u)
	if assert.NoError(t, err) {
		assert.Equal(t, 1, u.ID)
		assert.Equal(t, "Jon Snow", u.Name)
	}
}
Exemplo n.º 12
0
func TestBinderForm(t *testing.T) {
	testBinderOkay(t, strings.NewReader(userForm), MIMEApplicationForm)
	testBinderError(t, nil, MIMEApplicationForm)
	e := New()
	req := test.NewRequest(POST, "/", strings.NewReader(userForm))
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	req.Header().Set(HeaderContentType, MIMEApplicationForm)
	var obj = make([]struct{ Field string }, 0)
	err := c.Bind(&obj)
	assert.Error(t, err)
}
Exemplo n.º 13
0
func TestGzipErrorReturned(t *testing.T) {
	e := vodka.New()
	e.Use(Gzip())
	e.GET("/", func(c vodka.Context) error {
		return vodka.NewHTTPError(http.StatusInternalServerError, "error")
	})
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	e.ServeHTTP(req, rec)
	assert.Empty(t, rec.Header().Get(vodka.HeaderContentEncoding))
	assert.Equal(t, "error", rec.Body.String())
}
Exemplo n.º 14
0
func TestNonWWWRedirect(t *testing.T) {
	e := vodka.New()
	next := func(c vodka.Context) (err error) {
		return c.NoContent(http.StatusOK)
	}
	req := test.NewRequest(vodka.GET, "http://www.insionng.com", nil)
	res := test.NewResponseRecorder()
	c := e.NewContext(req, res)
	NonWWWRedirect()(next)(c)
	assert.Equal(t, http.StatusMovedPermanently, res.Status())
	assert.Equal(t, "http://insionng.com", res.Header().Get(vodka.HeaderLocation))
}
Exemplo n.º 15
0
func TestBodyLimit(t *testing.T) {
	e := vodka.New()
	hw := []byte("Hello, World!")
	req := test.NewRequest(vodka.POST, "/", bytes.NewReader(hw))
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := func(c vodka.Context) error {
		body, err := ioutil.ReadAll(c.Request().Body())
		if err != nil {
			return err
		}
		return c.String(http.StatusOK, string(body))
	}

	// Based on content length (within limit)
	if assert.NoError(t, BodyLimit("2M")(h)(c)) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, hw, rec.Body.Bytes())
	}

	// Based on content read (overlimit)
	he := BodyLimit("2B")(h)(c).(*vodka.HTTPError)
	assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)

	// Based on content read (within limit)
	req = test.NewRequest(vodka.POST, "/", bytes.NewReader(hw))
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	if assert.NoError(t, BodyLimit("2M")(h)(c)) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, "Hello, World!", rec.Body.String())
	}

	// Based on content read (overlimit)
	req = test.NewRequest(vodka.POST, "/", bytes.NewReader(hw))
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	he = BodyLimit("2B")(h)(c).(*vodka.HTTPError)
	assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)
}
Exemplo n.º 16
0
func testBinderOkay(t *testing.T, r io.Reader, ctype string) {
	e := New()
	req := test.NewRequest(POST, "/", r)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	req.Header().Set(HeaderContentType, ctype)
	u := new(user)
	err := c.Bind(u)
	if assert.NoError(t, err) {
		assert.Equal(t, 1, u.ID)
		assert.Equal(t, "Jon Snow", u.Name)
	}
}
Exemplo n.º 17
0
func TestLogger(t *testing.T) {
	// Note: Just for the test coverage, not a real test.
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := Logger()(func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	})

	// Status 2xx
	h(c)

	// Status 3xx
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	h = Logger()(func(c vodka.Context) error {
		return c.String(http.StatusTemporaryRedirect, "test")
	})
	h(c)

	// Status 4xx
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	h = Logger()(func(c vodka.Context) error {
		return c.String(http.StatusNotFound, "test")
	})
	h(c)

	// Status 5xx with empty path
	req = test.NewRequest(vodka.GET, "", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	h = Logger()(func(c vodka.Context) error {
		return errors.New("error")
	})
	h(c)
}
Exemplo n.º 18
0
func TestGzipNoContent(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := Gzip()(func(c vodka.Context) error {
		return c.NoContent(http.StatusOK)
	})
	if assert.NoError(t, h(c)) {
		assert.Empty(t, rec.Header().Get(vodka.HeaderContentEncoding))
		assert.Empty(t, rec.Header().Get(vodka.HeaderContentType))
		assert.Equal(t, 0, len(rec.Body.Bytes()))
	}
}
Exemplo n.º 19
0
func TestRecover(t *testing.T) {
	e := vodka.New()
	buf := new(bytes.Buffer)
	e.SetLogOutput(buf)
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	h := Recover()(vodka.HandlerFunc(func(c vodka.Context) error {
		panic("test")
	}))
	h(c)
	assert.Equal(t, http.StatusInternalServerError, rec.Status())
	assert.Contains(t, buf.String(), "PANIC RECOVER")
}
Exemplo n.º 20
0
func TestMethodOverride(t *testing.T) {
	e := vodka.New()
	m := MethodOverride()
	h := func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	}

	// Override with http header
	req := test.NewRequest(vodka.POST, "/", nil)
	rec := test.NewResponseRecorder()
	req.Header().Set(vodka.HeaderXHTTPMethodOverride, vodka.DELETE)
	c := e.NewContext(req, rec)
	m(h)(c)
	assert.Equal(t, vodka.DELETE, req.Method())

	// Override with form parameter
	m = MethodOverrideWithConfig(MethodOverrideConfig{Getter: MethodFromForm("_method")})
	req = test.NewRequest(vodka.POST, "/", bytes.NewReader([]byte("_method="+vodka.DELETE)))
	rec = test.NewResponseRecorder()
	req.Header().Set(vodka.HeaderContentType, vodka.MIMEApplicationForm)
	c = e.NewContext(req, rec)
	m(h)(c)
	assert.Equal(t, vodka.DELETE, req.Method())

	// Override with query paramter
	m = MethodOverrideWithConfig(MethodOverrideConfig{Getter: MethodFromQuery("_method")})
	req = test.NewRequest(vodka.POST, "/?_method="+vodka.DELETE, nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	m(h)(c)
	assert.Equal(t, vodka.DELETE, req.Method())

	// Ignore `GET`
	req = test.NewRequest(vodka.GET, "/", nil)
	req.Header().Set(vodka.HeaderXHTTPMethodOverride, vodka.DELETE)
	assert.Equal(t, vodka.GET, req.Method())
}
Exemplo n.º 21
0
func TestCSRF(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	csrf := CSRFWithConfig(CSRFConfig{
		TokenLength: 16,
	})
	h := csrf(func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	})

	// Generate CSRF token
	h(c)
	assert.Contains(t, rec.Header().Get(vodka.HeaderSetCookie), "_csrf")

	// Without CSRF cookie
	req = test.NewRequest(vodka.POST, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	assert.Error(t, h(c))

	// Empty/invalid CSRF token
	req = test.NewRequest(vodka.POST, "/", nil)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec)
	req.Header().Set(vodka.HeaderXCSRFToken, "")
	assert.Error(t, h(c))

	// Valid CSRF token
	token := random.String(16)
	req.Header().Set(vodka.HeaderCookie, "_csrf="+token)
	req.Header().Set(vodka.HeaderXCSRFToken, token)
	if assert.NoError(t, h(c)) {
		assert.Equal(t, http.StatusOK, rec.Status())
	}
}
Exemplo n.º 22
0
func TestContextMultipartForm(t *testing.T) {
	e := New()
	buf := new(bytes.Buffer)
	mw := multipart.NewWriter(buf)
	mw.WriteField("name", "Jon Snow")
	mw.Close()
	req := test.NewRequest(POST, "/", buf)
	req.Header().Set(HeaderContentType, mw.FormDataContentType())
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	f, err := c.MultipartForm()
	if assert.NoError(t, err) {
		assert.NotNil(t, f)
	}
}
Exemplo n.º 23
0
func TestVodka(t *testing.T) {
	e := New()
	req := test.NewRequest(GET, "/", nil)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)

	// Router
	assert.NotNil(t, e.Router())

	// Debug
	e.SetDebug(true)
	assert.True(t, e.debug)

	// DefaultHTTPErrorHandler
	e.DefaultHTTPErrorHandler(errors.New("error"), c)
	assert.Equal(t, http.StatusInternalServerError, rec.Status())
}
Exemplo n.º 24
0
func TestContextFormFile(t *testing.T) {
	e := New()
	buf := new(bytes.Buffer)
	mr := multipart.NewWriter(buf)
	w, err := mr.CreateFormFile("file", "test")
	if assert.NoError(t, err) {
		w.Write([]byte("test"))
	}
	mr.Close()
	req := test.NewRequest(POST, "/", buf)
	req.Header().Set(HeaderContentType, mr.FormDataContentType())
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	f, err := c.FormFile("file")
	if assert.NoError(t, err) {
		assert.Equal(t, "test", f.Filename)
	}
}
Exemplo n.º 25
0
func TestContextCookie(t *testing.T) {
	e := New()
	req := test.NewRequest(GET, "/", nil)
	theme := "theme=light"
	user := "******"
	req.Header().Add(HeaderCookie, theme)
	req.Header().Add(HeaderCookie, user)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec).(*context)

	// Read single
	cookie, err := c.Cookie("theme")
	if assert.NoError(t, err) {
		assert.Equal(t, "theme", cookie.Name())
		assert.Equal(t, "light", cookie.Value())
	}

	// Read multiple
	for _, cookie := range c.Cookies() {
		switch cookie.Name() {
		case "theme":
			assert.Equal(t, "light", cookie.Value())
		case "user":
			assert.Equal(t, "Jon Snow", cookie.Value())
		}
	}

	// Write
	cookie = &test.Cookie{Cookie: &http.Cookie{
		Name:     "SSID",
		Value:    "Ap4PGTEq",
		Domain:   "insionng.com",
		Path:     "/",
		Expires:  time.Now(),
		Secure:   true,
		HttpOnly: true,
	}}
	c.SetCookie(cookie)
	assert.Contains(t, rec.Header().Get(HeaderSetCookie), "SSID")
	assert.Contains(t, rec.Header().Get(HeaderSetCookie), "Ap4PGTEq")
	assert.Contains(t, rec.Header().Get(HeaderSetCookie), "insionng.com")
	assert.Contains(t, rec.Header().Get(HeaderSetCookie), "Secure")
	assert.Contains(t, rec.Header().Get(HeaderSetCookie), "HttpOnly")
}
Exemplo n.º 26
0
func testBinderError(t *testing.T, r io.Reader, ctype string) {
	e := New()
	req := test.NewRequest(POST, "/", r)
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec)
	req.Header().Set(HeaderContentType, ctype)
	u := new(user)
	err := c.Bind(u)

	switch {
	case strings.HasPrefix(ctype, MIMEApplicationJSON), strings.HasPrefix(ctype, MIMEApplicationXML),
		strings.HasPrefix(ctype, MIMEApplicationForm), strings.HasPrefix(ctype, MIMEMultipartForm):
		if assert.IsType(t, new(HTTPError), err) {
			assert.Equal(t, http.StatusBadRequest, err.(*HTTPError).Code)
		}
	default:
		if assert.IsType(t, new(HTTPError), err) {
			assert.Equal(t, ErrUnsupportedMediaType, err)
		}
	}
}
Exemplo n.º 27
0
func TestBasicAuth(t *testing.T) {
	e := vodka.New()
	req := test.NewRequest(vodka.GET, "/", nil)
	res := test.NewResponseRecorder()
	c := e.NewContext(req, res)
	f := func(u, p string) bool {
		if u == "joe" && p == "secret" {
			return true
		}
		return false
	}
	h := BasicAuth(f)(func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	})

	// Valid credentials
	auth := basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
	req.Header().Set(vodka.HeaderAuthorization, auth)
	assert.NoError(t, h(c))

	// Incorrect password
	auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:password"))
	req.Header().Set(vodka.HeaderAuthorization, auth)
	he := h(c).(*vodka.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)
	assert.Equal(t, basic+" realm=Restricted", res.Header().Get(vodka.HeaderWWWAuthenticate))

	// Empty Authorization header
	req.Header().Set(vodka.HeaderAuthorization, "")
	he = h(c).(*vodka.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)

	// Invalid Authorization header
	auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
	req.Header().Set(vodka.HeaderAuthorization, auth)
	he = h(c).(*vodka.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)
}
Exemplo n.º 28
0
func TestContext(t *testing.T) {
	e := New()
	req := test.NewRequest(POST, "/", strings.NewReader(userJSON))
	rec := test.NewResponseRecorder()
	c := e.NewContext(req, rec).(*context)

	// Vodka
	assert.Equal(t, e, c.Vodka())

	// Request
	assert.Equal(t, req, c.Request())

	// Response
	assert.Equal(t, rec, c.Response())

	// Logger
	assert.Equal(t, e.logger, c.Logger())

	//--------
	// Render
	//--------

	tpl := &Template{
		templates: template.Must(template.New("hello").Parse("Hello, {{.name}}!")),
	}
	c.vodka.SetRenderer(tpl)
	c.Set("name", "Jon Snow")
	err := c.Render(http.StatusOK, "hello")
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, "Hello, Jon Snow!", rec.Body.String())
	}

	c.vodka.renderer = nil
	c.Set("name", "Jon Snow")
	err = c.Render(http.StatusOK, "hello")
	assert.Error(t, err)

	// JSON
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	err = c.JSON(http.StatusOK, user{1, "Jon Snow"})
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, MIMEApplicationJSONCharsetUTF8, rec.Header().Get(HeaderContentType))
		assert.Equal(t, userJSON, rec.Body.String())
	}

	// JSON (error)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	err = c.JSON(http.StatusOK, make(chan bool))
	assert.Error(t, err)

	// JSONP
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	callback := "callback"
	err = c.JSONP(http.StatusOK, callback, user{1, "Jon Snow"})
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, MIMEApplicationJavaScriptCharsetUTF8, rec.Header().Get(HeaderContentType))
		assert.Equal(t, callback+"("+userJSON+");", rec.Body.String())
	}

	// XML
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	err = c.XML(http.StatusCreated, user{1, "Jon Snow"})
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusCreated, rec.Status())
		assert.Equal(t, MIMEApplicationXMLCharsetUTF8, rec.Header().Get(HeaderContentType))
		assert.Equal(t, xml.Header+userXML, rec.Body.String())
	}

	// XML (error)
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	err = c.XML(http.StatusOK, make(chan bool))
	assert.Error(t, err)

	// String
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	err = c.String(http.StatusOK, "Hello, World!")
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, MIMETextPlainCharsetUTF8, rec.Header().Get(HeaderContentType))
		assert.Equal(t, "Hello, World!", rec.Body.String())
	}

	// HTML
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	err = c.HTML(http.StatusOK, "Hello, <strong>World!</strong>")
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, MIMETextHTMLCharsetUTF8, rec.Header().Get(HeaderContentType))
		assert.Equal(t, "Hello, <strong>World!</strong>", rec.Body.String())
	}

	// Stream
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	r := strings.NewReader("response from a stream")
	err = c.Stream(http.StatusOK, "application/octet-stream", r)
	if assert.NoError(t, err) {
		assert.Equal(t, http.StatusOK, rec.Status())
		assert.Equal(t, "application/octet-stream", rec.Header().Get(HeaderContentType))
		assert.Equal(t, "response from a stream", rec.Body.String())
	}

	// Attachment
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	file, err := os.Open("_fixture/images/walle.png")
	if assert.NoError(t, err) {
		err = c.Attachment(file, "walle.png")
		if assert.NoError(t, err) {
			assert.Equal(t, http.StatusOK, rec.Status())
			assert.Equal(t, "attachment; filename=walle.png", rec.Header().Get(HeaderContentDisposition))
			assert.Equal(t, 219885, rec.Body.Len())
		}
	}

	// Inline
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	file, err = os.Open("_fixture/images/walle.png")
	if assert.NoError(t, err) {
		err = c.Inline(file, "walle.png")
		if assert.NoError(t, err) {
			assert.Equal(t, http.StatusOK, rec.Status())
			assert.Equal(t, "inline; filename=walle.png", rec.Header().Get(HeaderContentDisposition))
			assert.Equal(t, 219885, rec.Body.Len())
		}
	}

	// NoContent
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	c.NoContent(http.StatusOK)
	assert.Equal(t, http.StatusOK, rec.Status())

	// Error
	rec = test.NewResponseRecorder()
	c = e.NewContext(req, rec).(*context)
	c.Error(errors.New("error"))
	assert.Equal(t, http.StatusInternalServerError, rec.Status())

	// Reset
	c.Reset(req, test.NewResponseRecorder())
}
Exemplo n.º 29
0
func TestJWT(t *testing.T) {
	e := vodka.New()
	handler := func(c vodka.Context) error {
		return c.String(http.StatusOK, "test")
	}
	token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
	validKey := []byte("secret")
	invalidKey := []byte("invalid-key")
	validAuth := bearer + " " + token

	for _, tc := range []struct {
		expPanic   bool
		expErrCode int // 0 for Success
		config     JWTConfig
		reqURL     string // "/" if empty
		hdrAuth    string
		hdrCookie  string // test.Request doesn't provide SetCookie(); use name=val
		info       string
	}{
		{
			expPanic: true,
			info:     "No signing key provided",
		},
		{
			expErrCode: http.StatusBadRequest,
			config: JWTConfig{
				SigningKey:    validKey,
				SigningMethod: "RS256",
			},
			info: "Unexpected signing method",
		},
		{
			expErrCode: http.StatusUnauthorized,
			hdrAuth:    validAuth,
			config:     JWTConfig{SigningKey: invalidKey},
			info:       "Invalid key",
		},
		{
			hdrAuth: validAuth,
			config:  JWTConfig{SigningKey: validKey},
			info:    "Valid JWT",
		},
		{
			hdrAuth: validAuth,
			config: JWTConfig{
				Claims:     &jwtCustomClaims{},
				SigningKey: []byte("secret"),
			},
			info: "Valid JWT with custom claims",
		},
		{
			hdrAuth:    "invalid-auth",
			expErrCode: http.StatusBadRequest,
			config:     JWTConfig{SigningKey: validKey},
			info:       "Invalid Authorization header",
		},
		{
			config:     JWTConfig{SigningKey: validKey},
			expErrCode: http.StatusBadRequest,
			info:       "Empty header auth field",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL: "/?a=b&jwt=" + token,
			info:   "Valid query method",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL:     "/?a=b&jwtxyz=" + token,
			expErrCode: http.StatusBadRequest,
			info:       "Invalid query param name",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL:     "/?a=b&jwt=invalid-token",
			expErrCode: http.StatusUnauthorized,
			info:       "Invalid query param value",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL:     "/?a=b",
			expErrCode: http.StatusBadRequest,
			info:       "Empty query",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "cookie:jwt",
			},
			hdrCookie: "jwt=" + token,
			info:      "Valid cookie method",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "cookie:jwt",
			},
			expErrCode: http.StatusUnauthorized,
			hdrCookie:  "jwt=invalid",
			info:       "Invalid token with cookie method",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "cookie:jwt",
			},
			expErrCode: http.StatusBadRequest,
			info:       "Empty cookie",
		},
	} {
		if tc.reqURL == "" {
			tc.reqURL = "/"
		}

		req := test.NewRequest(vodka.GET, tc.reqURL, nil)
		res := test.NewResponseRecorder()
		req.Header().Set(vodka.HeaderAuthorization, tc.hdrAuth)
		req.Header().Set(vodka.HeaderCookie, tc.hdrCookie)
		c := e.NewContext(req, res)

		if tc.expPanic {
			assert.Panics(t, func() {
				JWTWithConfig(tc.config)
			}, tc.info)
			continue
		}

		if tc.expErrCode != 0 {
			h := JWTWithConfig(tc.config)(handler)
			he := h(c).(*vodka.HTTPError)
			assert.Equal(t, tc.expErrCode, he.Code, tc.info)
			continue
		}

		h := JWTWithConfig(tc.config)(handler)
		if assert.NoError(t, h(c), tc.info) {
			user := c.Get("user").(*jwt.Token)
			switch claims := user.Claims.(type) {
			case jwt.MapClaims:
				assert.Equal(t, claims["name"], "John Doe", tc.info)
			case *jwtCustomClaims:
				assert.Equal(t, claims.Name, "John Doe", tc.info)
				assert.Equal(t, claims.Admin, true, tc.info)
			default:
				panic("unexpected type of claims")
			}
		}
	}
}
Exemplo n.º 30
0
func request(method, path string, e *Vodka) (int, string) {
	req := test.NewRequest(method, path, nil)
	rec := test.NewResponseRecorder()
	e.ServeHTTP(req, rec)
	return rec.Status(), rec.Body.String()
}