Luis Pater
2c626efc59
- Added IP ban logic to `AuthenticateManagementKey` and Redis protocol handlers, blocking requests after multiple failed attempts. - Introduced unit tests to validate IP ban behavior across localhost and remote clients. - Synchronized Redis protocol's authentication policy with management key validation.
39 lines
1.2 KiB
Go
39 lines
1.2 KiB
Go
package management
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
|
|
)
|
|
|
|
func TestAuthenticateManagementKey_LocalhostIPBan_BlocksCorrectKeyDuringBan(t *testing.T) {
|
|
h := &Handler{
|
|
cfg: &config.Config{},
|
|
failedAttempts: make(map[string]*attemptInfo),
|
|
envSecret: "test-secret",
|
|
}
|
|
|
|
for i := 0; i < 5; i++ {
|
|
allowed, statusCode, errMsg := h.AuthenticateManagementKey("127.0.0.1", true, "wrong-secret")
|
|
if allowed {
|
|
t.Fatalf("expected auth to be denied at attempt %d", i+1)
|
|
}
|
|
if statusCode != http.StatusUnauthorized || errMsg != "invalid management key" {
|
|
t.Fatalf("unexpected auth failure at attempt %d: status=%d msg=%q", i+1, statusCode, errMsg)
|
|
}
|
|
}
|
|
|
|
allowed, statusCode, errMsg := h.AuthenticateManagementKey("127.0.0.1", true, "test-secret")
|
|
if allowed {
|
|
t.Fatalf("expected correct key to be denied while banned")
|
|
}
|
|
if statusCode != http.StatusForbidden {
|
|
t.Fatalf("expected forbidden status while banned, got %d", statusCode)
|
|
}
|
|
if !strings.HasPrefix(errMsg, "IP banned due to too many failed attempts. Try again in") {
|
|
t.Fatalf("unexpected banned message: %q", errMsg)
|
|
}
|
|
}
|