"ddos challenge" style script #4
1 changed files with 26 additions and 57 deletions
|
|
@ -142,13 +142,10 @@ function TestDDoSProtectionChallenge:testValidTokenAllowsAccess()
|
|||
local test_token = 'valid_test_token_123'
|
||||
ngx.shared.aproxy_tokens:set(test_token, true, 86400)
|
||||
|
||||
-- Mock get_headers to return cookie
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers via ngx._headers (which our mock get_headers uses)
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=' .. test_token
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.1.5'
|
||||
|
|
@ -159,18 +156,15 @@ function TestDDoSProtectionChallenge:testValidTokenAllowsAccess()
|
|||
-- Should pass through (status is nil)
|
||||
lu.assertIsNil(ngx.status)
|
||||
|
||||
-- Restore original function
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallenge:testInvalidTokenShowsChallenge()
|
||||
-- Mock get_headers with invalid token
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers with invalid token
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=invalid_token'
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.1.6'
|
||||
|
|
@ -182,8 +176,8 @@ function TestDDoSProtectionChallenge:testInvalidTokenShowsChallenge()
|
|||
lu.assertEquals(ngx.status, 403)
|
||||
lu.assertStrContains(ngx._say, 'Security Check')
|
||||
|
||||
-- Restore original function
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
|
||||
|
|
@ -191,13 +185,10 @@ function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
|
|||
local test_token = 'expiring_token'
|
||||
ngx.shared.aproxy_tokens:set(test_token, true, -1) -- Already expired
|
||||
|
||||
-- Mock get_headers
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=' .. test_token
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.1.7'
|
||||
|
|
@ -209,8 +200,8 @@ function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
|
|||
lu.assertEquals(ngx.status, 403)
|
||||
lu.assertStrContains(ngx._say, 'Security Check')
|
||||
|
||||
-- Restore original function
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallenge:teardown()
|
||||
|
|
@ -339,12 +330,10 @@ function TestDDoSProtectionChallengePaths:testValidTokenAllowsAccessToProtectedP
|
|||
local test_token = 'valid_test_token_paths'
|
||||
ngx.shared.aproxy_tokens:set(test_token, true, 86400)
|
||||
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers via ngx._headers (which our mock get_headers uses)
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=' .. test_token
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/protected', {})
|
||||
ngx.var.remote_addr = '192.168.2.6'
|
||||
|
|
@ -355,7 +344,8 @@ function TestDDoSProtectionChallengePaths:testValidTokenAllowsAccessToProtectedP
|
|||
-- Should pass through even though path is protected
|
||||
lu.assertIsNil(ngx.status)
|
||||
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallengePaths:testBannedIPBlockedOnUnprotectedPath()
|
||||
|
|
@ -455,32 +445,11 @@ function TestDDoSProtectionChallengeQuestion:testQuestionChallengeShown()
|
|||
end
|
||||
|
||||
function TestDDoSProtectionChallengeQuestion:testCorrectAnswerPassesChallenge()
|
||||
-- First get the challenge page to extract challenge_id
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.3.2'
|
||||
ngx.var.request_method = 'GET'
|
||||
|
||||
onRequest()
|
||||
|
||||
-- Extract challenge_id from the response (in real test, we'd parse HTML)
|
||||
-- For now, we'll manually create a challenge
|
||||
-- Create a challenge with correct answer = 2
|
||||
local test_challenge_id = 'test_challenge_123'
|
||||
ngx.shared.aproxy_tokens:set('challenge:' .. test_challenge_id, 2, 300) -- Correct answer is 2
|
||||
|
||||
resetNgx()
|
||||
ngx.shared = {
|
||||
aproxy_bans = self.mod.init({
|
||||
ban_duration = 3600,
|
||||
token_duration = 86400,
|
||||
cookie_name = 'aproxy_token',
|
||||
shared_dict_bans = 'aproxy_bans',
|
||||
shared_dict_tokens = 'aproxy_tokens',
|
||||
challenge_type = 'question'
|
||||
}).bans_dict,
|
||||
aproxy_tokens = createMockSharedDict()
|
||||
}
|
||||
ngx.shared.aproxy_tokens:set('challenge:' .. test_challenge_id, 2, 300)
|
||||
|
||||
-- Simulate POST to verification endpoint with correct answer
|
||||
setupFakeRequest('/__aproxy_challenge_verify', {})
|
||||
ngx.var.remote_addr = '192.168.3.2'
|
||||
ngx.var.request_method = 'POST'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue