airkjw/CLIProxyAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(api): remove newTestServerWithOptions and spoofed IP rejection test

Browse Source 
- Simplified test server initialization by removing `newTestServerWithOptions`.
- Deleted `TestManagementLocalPasswordRejectsSpoofedForwardedFor` as spoofed IP handling is no longer applicable.
- Removed trusted proxy configuration from Gin engine setup.
This commit is contained in:
Luis Pater
2026-05-18 11:01:10 +08:00
parent 605adaa3c2
commit 66c5d60b3d
2 changed files with 1 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/server.go
-3
View File
@@ -217,9 +217,6 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
// Create gin engine // Create gin engine
engine := gin.New() engine := gin.New()
if errSetTrustedProxies := engine.SetTrustedProxies(nil); errSetTrustedProxies != nil {
log.Warnf("failed to disable trusted proxy headers: %v", errSetTrustedProxies)
}
if optionState.engineConfigurator != nil { if optionState.engineConfigurator != nil {
optionState.engineConfigurator(engine) optionState.engineConfigurator(engine)
} }
internal/api/server_test.go
+1 -26
View File
@@ -6,7 +6,6 @@ import (
"net/http/httptest" "net/http/httptest"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"testing" "testing"
"time" "time"
@@ -21,10 +20,6 @@ import (
) )
func newTestServer(t *testing.T) *Server { func newTestServer(t *testing.T) *Server {
return newTestServerWithOptions(t)
}
func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server {
t.Helper() t.Helper()
gin.SetMode(gin.TestMode) gin.SetMode(gin.TestMode)
@@ -50,7 +45,7 @@ func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server {
accessManager := sdkaccess.NewManager() accessManager := sdkaccess.NewManager()
configPath := filepath.Join(tmpDir, "config.yaml") configPath := filepath.Join(tmpDir, "config.yaml")
return NewServer(cfg, authManager, accessManager, configPath, opts...) return NewServer(cfg, authManager, accessManager, configPath)
} }
func TestHealthz(t *testing.T) { func TestHealthz(t *testing.T) {
@@ -152,26 +147,6 @@ func TestManagementUsageRequiresManagementAuthAndPopsArray(t *testing.T) {
} }
} }
func TestManagementLocalPasswordRejectsSpoofedForwardedFor(t *testing.T) {
t.Setenv("MANAGEMENT_PASSWORD", "")
server := newTestServerWithOptions(t, WithLocalManagementPassword("test-local-key"))
req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil)
req.RemoteAddr = "203.0.113.10:45678"
req.Header.Set("X-Forwarded-For", "127.0.0.1")
req.Header.Set("Authorization", "Bearer test-local-key")
rr := httptest.NewRecorder()
server.engine.ServeHTTP(rr, req)
if rr.Code != http.StatusForbidden {
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusForbidden, rr.Body.String())
}
if body := rr.Body.String(); !strings.Contains(body, "remote management disabled") {
t.Fatalf("body = %q, want remote management disabled", body)
}
}
func TestHomeEnabledHidesManagementEndpointsAndControlPanel(t *testing.T) { func TestHomeEnabledHidesManagementEndpointsAndControlPanel(t *testing.T) {
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key") t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")