test(lib): add a test for the X-Forwarded-For middleware

Previously the X-Forwarded-For middleware could return two commas in a
row. This is a regression test to make sure that doesn't happen again.

Imports a patch previously exclusive to Botstopper.

Signed-off-by: Xe Iaso <me@xeiaso.net>

lib/anubis_test.go

@@ -926,3 +926,42 @@ func TestPassChallengeXSS(t *testing.T) {
 		}
 	})
 }
+
+func TestXForwardedForNoDoubleComma(t *testing.T) {
+	var h http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("X-Forwarded-For", r.Header.Get("X-Forwarded-For"))
+		fmt.Fprintln(w, "OK")
+	})
+
+	h = internal.XForwardedForToXRealIP(h)
+	h = internal.XForwardedForUpdate(false, h)
+
+	pol := loadPolicies(t, "testdata/permissive.yaml", 4)
+
+	srv := spawnAnubis(t, Options{
+		Next:   h,
+		Policy: pol,
+	})
+	ts := httptest.NewServer(srv)
+	t.Cleanup(ts.Close)
+
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req.Header.Set("X-Real-Ip", "10.0.0.1")
+
+	resp, err := ts.Client().Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("response status is wrong, wanted %d but got: %s", http.StatusOK, resp.Status)
+	}
+
+	if xff := resp.Header.Get("X-Forwarded-For"); strings.HasPrefix(xff, ",,") {
+		t.Errorf("X-Forwarded-For has two leading commas: %q", xff)
+	}
+}

lib/testdata/permissive.yaml

@@ -0,0 +1,4 @@
+bots:
+  - import: (data)/common/allow-private-addresses.yaml
+
+dnsbl: false