refactor(api): remove newTestServerWithOptions and spoofed IP rejection test

- Simplified test server initialization by removing `newTestServerWithOptions`. - Deleted `TestManagementLocalPasswordRejectsSpoofedForwardedFor` as spoofed IP handling is no longer applicable. - Removed trusted proxy configuration from Gin engine setup.
2026-05-18 11:01:10 +08:00
parent 605adaa3c2
commit 66c5d60b3d
2 changed files with 1 additions and 29 deletions
@@ -217,9 +217,6 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk

 	// Create gin engine
 	engine := gin.New()
-	if errSetTrustedProxies := engine.SetTrustedProxies(nil); errSetTrustedProxies != nil {
-		log.Warnf("failed to disable trusted proxy headers: %v", errSetTrustedProxies)
-	}
 	if optionState.engineConfigurator != nil {
 		optionState.engineConfigurator(engine)
 	}
@@ -6,7 +6,6 @@ import (
 	"net/http/httptest"
 	"os"
 	"path/filepath"
-	"strings"
 	"testing"
 	"time"

@@ -21,10 +20,6 @@ import (
 )

 func newTestServer(t *testing.T) *Server {
-	return newTestServerWithOptions(t)
-}
-
-func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server {
 	t.Helper()

 	gin.SetMode(gin.TestMode)
@@ -50,7 +45,7 @@ func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server {
 	accessManager := sdkaccess.NewManager()

 	configPath := filepath.Join(tmpDir, "config.yaml")
-	return NewServer(cfg, authManager, accessManager, configPath, opts...)
+	return NewServer(cfg, authManager, accessManager, configPath)
 }

 func TestHealthz(t *testing.T) {
@@ -152,26 +147,6 @@ func TestManagementUsageRequiresManagementAuthAndPopsArray(t *testing.T) {
 	}
 }

-func TestManagementLocalPasswordRejectsSpoofedForwardedFor(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-
-	server := newTestServerWithOptions(t, WithLocalManagementPassword("test-local-key"))
-
-	req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil)
-	req.RemoteAddr = "203.0.113.10:45678"
-	req.Header.Set("X-Forwarded-For", "127.0.0.1")
-	req.Header.Set("Authorization", "Bearer test-local-key")
-
-	rr := httptest.NewRecorder()
-	server.engine.ServeHTTP(rr, req)
-	if rr.Code != http.StatusForbidden {
-		t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusForbidden, rr.Body.String())
-	}
-	if body := rr.Body.String(); !strings.Contains(body, "remote management disabled") {
-		t.Fatalf("body = %q, want remote management disabled", body)
-	}
-}
-
 func TestHomeEnabledHidesManagementEndpointsAndControlPanel(t *testing.T) {
 	t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")