tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-06-19 12:18:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

add a security module (#628) (#629)

Browse Source 
* Add security mechanisms, IP whitelists, blacklists, and extended security interfaces.

* Optimized configuration name

* Fix IP Security Bug

* Repair Security Protection Module Bug

* Add security module unit test

* Optimize log prompts
This commit is contained in:
阿凌
2018-09-26 01:29:38 +08:00
committed by Tom Pallister
parent aa14b2f877
commit 4a8f4c2e03
18 changed files with 526 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
test/Ocelot.UnitTests/Security/IPSecurityPolicyTests.cs Normal file
View File

@ -0,0 +1,117 @@
using Microsoft.AspNetCore.Http;
using Ocelot.Configuration;
using Ocelot.Configuration.Builder;
using Ocelot.Middleware;
using Ocelot.Request.Middleware;
using Ocelot.Responses;
using Ocelot.Security.IPSecurity;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Text;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.Security
{
public class IPSecurityPolicyTests
{
private readonly DownstreamContext _downstreamContext;
private readonly DownstreamReRouteBuilder _downstreamReRouteBuilder;
private readonly IPSecurityPolicy _ipSecurityPolicy;
private Response response;
public IPSecurityPolicyTests()
{
_downstreamContext = new DownstreamContext(new DefaultHttpContext());
_downstreamContext.DownstreamRequest = new DownstreamRequest(new HttpRequestMessage(HttpMethod.Get, "http://test.com"));
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.1")[0];
_downstreamReRouteBuilder = new DownstreamReRouteBuilder();
_ipSecurityPolicy = new IPSecurityPolicy();
}
[Fact]
private void should_No_blocked_Ip_and_allowed_Ip()
{
this.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenSecurityPassing())
.BDDfy();
}
[Fact]
private void should_blockedIp_clientIp_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.1")[0];
this.Given(x => x.GivenSetBlockedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenNotSecurityPassing())
.BDDfy();
}
[Fact]
private void should_blockedIp_clientIp_Not_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.2")[0];
this.Given(x => x.GivenSetBlockedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenSecurityPassing())
.BDDfy();
}
[Fact]
private void should_allowedIp_clientIp_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.1")[0];
this.Given(x => x.GivenSetAllowedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenSecurityPassing())
.BDDfy();
}
[Fact]
private void should_allowedIp_clientIp_Not_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.2")[0];
this.Given(x => x.GivenSetAllowedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenNotSecurityPassing())
.BDDfy();
}
private void GivenSetAllowedIP()
{
_downstreamReRouteBuilder.WithSecurityOptions(new SecurityOptions(new List<string> { "192.168.1.1" }, new List<string>()));
}
private void GivenSetBlockedIP()
{
_downstreamReRouteBuilder.WithSecurityOptions(new SecurityOptions(new List<string>(), new List<string> { "192.168.1.1" }));
}
private void GivenSetDownstreamReRoute()
{
_downstreamContext.DownstreamReRoute = _downstreamReRouteBuilder.Build();
}
private void WhenTheSecurityPolicy()
{
response = this._ipSecurityPolicy.Security(_downstreamContext).GetAwaiter().GetResult();
}
private void ThenSecurityPassing()
{
Assert.False(response.IsError);
}
private void ThenNotSecurityPassing()
{
Assert.True(response.IsError);
}
}
}