cloudreve/middleware/session_test.go

package middleware

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
	"github.com/cloudreve/Cloudreve/v3/pkg/util"
	"github.com/gin-gonic/gin"
	"github.com/stretchr/testify/assert"
)

func TestSession(t *testing.T) {
	asserts := assert.New(t)

	{
		handler := Session("2333")
		asserts.NotNil(handler)
		asserts.NotNil(Store)
		asserts.IsType(emptyFunc(), handler)
	}
	{
		conf.RedisConfig.Server = "123"
		asserts.Panics(func() {
			Session("2333")
		})
		conf.RedisConfig.Server = ""
	}

}

func emptyFunc() gin.HandlerFunc {
	return func(c *gin.Context) {}
}

func TestCSRFInit(t *testing.T) {
	asserts := assert.New(t)
	rec := httptest.NewRecorder()
	sessionFunc := Session("233")
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request, _ = http.NewRequest("GET", "/test", nil)
		sessionFunc(c)
		CSRFInit()(c)
		asserts.True(util.GetSession(c, "CSRF").(bool))
	}
}

func TestCSRFCheck(t *testing.T) {
	asserts := assert.New(t)
	rec := httptest.NewRecorder()
	sessionFunc := Session("233")

	// 通过检查
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request, _ = http.NewRequest("GET", "/test", nil)
		sessionFunc(c)
		CSRFInit()(c)
		CSRFCheck()(c)
		asserts.False(c.IsAborted())
	}

	// 未通过检查
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request, _ = http.NewRequest("GET", "/test", nil)
		sessionFunc(c)
		CSRFCheck()(c)
		asserts.True(c.IsAborted())
	}
}
Feat: User/Me 5 years ago			`package middleware`

			`import (`
Fix: file preview URL in share page should not be accessed directly 5 years ago			`"net/http"`
			`"net/http/httptest"`
Feat: User/Me 5 years ago			`"testing"`
Comply with Golang semantic import versioning (#630) * Code: compatible with semantic import versioning * Tools & Docs: compatible with semantic import versioning * Clean go.mod & go.sum 4 years ago
			`"github.com/cloudreve/Cloudreve/v3/pkg/conf"`
			`"github.com/cloudreve/Cloudreve/v3/pkg/util"`
			`"github.com/gin-gonic/gin"`
			`"github.com/stretchr/testify/assert"`
Feat: User/Me 5 years ago			`)`

			`func TestSession(t *testing.T) {`
			`asserts := assert.New(t)`

Test: moveOrCopyFolder / File 5 years ago			`{`
			`handler := Session("2333")`
			`asserts.NotNil(handler)`
			`asserts.NotNil(Store)`
			`asserts.IsType(emptyFunc(), handler)`
			`}`
			`{`
			`conf.RedisConfig.Server = "123"`
			`asserts.Panics(func() {`
			`Session("2333")`
			`})`
Fix: failed test due to policy cache 5 years ago			`conf.RedisConfig.Server = ""`
Test: moveOrCopyFolder / File 5 years ago			`}`

Feat: User/Me 5 years ago			`}`

			`func emptyFunc() gin.HandlerFunc {`
			`return func(c *gin.Context) {}`
			`}`
Fix: file preview URL in share page should not be accessed directly 5 years ago
			`func TestCSRFInit(t *testing.T) {`
			`asserts := assert.New(t)`
			`rec := httptest.NewRecorder()`
			`sessionFunc := Session("233")`
			`{`
			`c, _ := gin.CreateTestContext(rec)`
			`c.Request, _ = http.NewRequest("GET", "/test", nil)`
			`sessionFunc(c)`
			`CSRFInit()(c)`
			`asserts.True(util.GetSession(c, "CSRF").(bool))`
			`}`
			`}`

			`func TestCSRFCheck(t *testing.T) {`
			`asserts := assert.New(t)`
			`rec := httptest.NewRecorder()`
			`sessionFunc := Session("233")`

			`// 通过检查`
			`{`
			`c, _ := gin.CreateTestContext(rec)`
			`c.Request, _ = http.NewRequest("GET", "/test", nil)`
			`sessionFunc(c)`
			`CSRFInit()(c)`
			`CSRFCheck()(c)`
			`asserts.False(c.IsAborted())`
			`}`

			`// 未通过检查`
			`{`
			`c, _ := gin.CreateTestContext(rec)`
			`c.Request, _ = http.NewRequest("GET", "/test", nil)`
			`sessionFunc(c)`
			`CSRFCheck()(c)`
			`asserts.True(c.IsAborted())`
			`}`
			`}`