# Pleroma: A lightweight social networking server # Copyright © 2017-2020 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.RemoteIpTest do use ExUnit.Case use Plug.Test alias Pleroma.Web.Plugs.RemoteIp import Pleroma.Tests.Helpers, only: [clear_config: 2] setup do: clear_config(RemoteIp, enabled: true, headers: ["x-forwarded-for"], proxies: [], reserved: [ "127.0.0.0/8", "::1/128", "fc00::/7", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ] ) test "disabled" do Pleroma.Config.put(RemoteIp, enabled: false) %{remote_ip: remote_ip} = conn(:get, "/") conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "1.1.1.1") |> RemoteIp.call(nil) assert conn.remote_ip == remote_ip end test "enabled" do conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "1.1.1.1") |> RemoteIp.call(nil) assert conn.remote_ip == {1, 1, 1, 1} end test "custom headers" do Pleroma.Config.put(RemoteIp, enabled: true, headers: ["cf-connecting-ip"]) conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "1.1.1.1") |> RemoteIp.call(nil) refute conn.remote_ip == {1, 1, 1, 1} conn = conn(:get, "/") |> put_req_header("cf-connecting-ip", "1.1.1.1") |> RemoteIp.call(nil) assert conn.remote_ip == {1, 1, 1, 1} end test "custom proxies" do conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2") |> RemoteIp.call(nil) refute conn.remote_ip == {1, 1, 1, 1} Pleroma.Config.put([RemoteIp, :proxies], ["173.245.48.0/20"]) conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2") |> RemoteIp.call(nil) assert conn.remote_ip == {1, 1, 1, 1} end test "proxies set without CIDR format" do Pleroma.Config.put([RemoteIp, :proxies], ["173.245.48.1"]) conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1") |> RemoteIp.call(nil) assert conn.remote_ip == {1, 1, 1, 1} end test "proxies set `nonsensical` CIDR" do Pleroma.Config.put([RemoteIp, :reserved], ["127.0.0.0/8"]) Pleroma.Config.put([RemoteIp, :proxies], ["10.0.0.3/24"]) conn = conn(:get, "/") |> put_req_header("x-forwarded-for", "10.0.0.3, 1.1.1.1") |> RemoteIp.call(nil) assert conn.remote_ip == {1, 1, 1, 1} end end