mirror of
https://github.com/TecharoHQ/anubis.git
synced 2025-08-04 02:08:59 -04:00
e3826df3ab
* feat(internal): add Thoth client and simple ASN checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): cached ip to asn checker Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: go mod tidy Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(thoth): minor testing fixups, ensure ASNChecker is Checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): make ASNChecker instances Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): add GeoIP checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): store a thoth client in a context Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: refactor Checker type to its own package Signed-off-by: Xe Iaso <me@xeiaso.net> * test(thoth): add thoth mocking package, ignore context deadline exceeded errors Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): pre-cache private ranges Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib/policy/config): enable thoth ASNs and GeoIP checker parsing Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(thoth): refactor to move checker creation to the checker files Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(policy): enable thoth checks Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thothmock): test helper function for loading a mock thoth instance Signed-off-by: Xe Iaso <me@xeiaso.net> * feat: wire up Thoth, make thoth checks part of the default config Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(thoth): mend staticcheck errors Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(admin): add Thoth docs Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(policy): update Thoth links in error messages Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(docs/manifest): enable Thoth Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: add THOTH_INSECURE for contacting Thoth over plain TCP in extreme circumstances Signed-off-by: Xe Iaso <me@xeiaso.net> * test(thoth): use mock thoth when credentials aren't detected in the environment Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(cmd/anubis): better warnings for half-configured Thoth setups Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(botpolicies): link to Thoth geoip docs Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
82 lines
1.5 KiB
Go
82 lines
1.5 KiB
Go
package thoth_test
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/TecharoHQ/anubis/internal/thoth"
|
|
"github.com/TecharoHQ/anubis/lib/policy/checker"
|
|
iptoasnv1 "github.com/TecharoHQ/thoth-proto/gen/techaro/thoth/iptoasn/v1"
|
|
)
|
|
|
|
var _ checker.Impl = &thoth.ASNChecker{}
|
|
|
|
func TestASNChecker(t *testing.T) {
|
|
cli := loadSecrets(t)
|
|
|
|
asnc := cli.ASNCheckerFor([]uint32{13335})
|
|
|
|
for _, cs := range []struct {
|
|
ipAddress string
|
|
wantMatch bool
|
|
wantError bool
|
|
}{
|
|
{
|
|
ipAddress: "1.1.1.1",
|
|
wantMatch: true,
|
|
wantError: false,
|
|
},
|
|
{
|
|
ipAddress: "2.2.2.2",
|
|
wantMatch: false,
|
|
wantError: false,
|
|
},
|
|
{
|
|
ipAddress: "taco",
|
|
wantMatch: false,
|
|
wantError: false,
|
|
},
|
|
{
|
|
ipAddress: "127.0.0.1",
|
|
wantMatch: false,
|
|
wantError: false,
|
|
},
|
|
} {
|
|
t.Run(fmt.Sprintf("%v", cs), func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/", nil)
|
|
req.Header.Set("X-Real-Ip", cs.ipAddress)
|
|
|
|
match, err := asnc.Check(req)
|
|
|
|
if match != cs.wantMatch {
|
|
t.Errorf("Wanted match: %v, got: %v", cs.wantMatch, match)
|
|
}
|
|
|
|
switch {
|
|
case err != nil && !cs.wantError:
|
|
t.Errorf("Did not want error but got: %v", err)
|
|
case err == nil && cs.wantError:
|
|
t.Error("Wanted error but got none")
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func BenchmarkWithCache(b *testing.B) {
|
|
cli := loadSecrets(b)
|
|
req := &iptoasnv1.LookupRequest{IpAddress: "1.1.1.1"}
|
|
|
|
_, err := cli.IPToASN.Lookup(b.Context(), req)
|
|
if err != nil {
|
|
b.Error(err)
|
|
}
|
|
|
|
for b.Loop() {
|
|
_, err := cli.IPToASN.Lookup(b.Context(), req)
|
|
if err != nil {
|
|
b.Error(err)
|
|
}
|
|
}
|
|
}
|