1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.RemoteIpTest do
9 alias Pleroma.Web.Plugs.RemoteIp
11 import Pleroma.Tests.Helpers, only: [clear_config: 2]
14 clear_config([RemoteIp, :enabled], true)
15 clear_config([RemoteIp, :headers], ["x-forwarded-for"])
16 clear_config([RemoteIp, :proxies], [])
19 [RemoteIp, :reserved],
32 clear_config([RemoteIp, :enabled], false)
34 %{remote_ip: remote_ip} = conn(:get, "/")
39 |> put_req_header("x-forwarded-for", "1.1.1.1")
42 assert conn.remote_ip == remote_ip
49 |> put_req_header("x-forwarded-for", "1.1.1.1")
52 assert conn.remote_ip == {1, 1, 1, 1}
55 test "custom headers" do
56 clear_config([RemoteIp, :enabled], true)
57 clear_config([RemoteIp, :headers], ["cf-connecting-ip"])
62 |> put_req_header("x-forwarded-for", "1.1.1.1")
65 refute conn.remote_ip == {1, 1, 1, 1}
70 |> put_req_header("cf-connecting-ip", "1.1.1.1")
73 assert conn.remote_ip == {1, 1, 1, 1}
76 test "custom proxies" do
80 |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
83 refute conn.remote_ip == {1, 1, 1, 1}
85 clear_config([RemoteIp, :proxies], ["173.245.48.0/20"])
90 |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
93 assert conn.remote_ip == {1, 1, 1, 1}
96 test "proxies set without CIDR format" do
97 clear_config([RemoteIp, :proxies], ["173.245.48.1"])
102 |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1")
103 |> RemoteIp.call(nil)
105 assert conn.remote_ip == {1, 1, 1, 1}
108 test "proxies set `nonsensical` CIDR" do
109 clear_config([RemoteIp, :reserved], ["127.0.0.0/8"])
110 clear_config([RemoteIp, :proxies], ["10.0.0.3/24"])
115 |> put_req_header("x-forwarded-for", "10.0.0.3, 1.1.1.1")
116 |> RemoteIp.call(nil)
118 assert conn.remote_ip == {1, 1, 1, 1}