1 files changed, 179 insertions, 0 deletions

diff --git a/web/server/h2o/libh2o/t/00unit.mruby/acl.rb b/web/server/h2o/libh2o/t/00unit.mruby/acl.rb
new file mode 100644
index 00000000..771047da
--- /dev/null
+++ b/web/server/h2o/libh2o/t/00unit.mruby/acl.rb
@@ -0,0 +1,179 @@
+$LOAD_PATH << 'share/h2o/mruby'
+require 'misc/mruby-mtest/mrblib/mtest_unit.rb'
+require 'acl.rb'
+
+class ACLTest < MTest::Unit::TestCase
+    include H2O::ACL
+    def setup
+        H2O::ConfigurationContext.reset
+    end
+
+    def test_use
+        act = acl {
+            use proc {|env| [200, {}, ["hello test_use"]]}
+        }.call({})
+        assert_equal([200, {}, ["hello test_use"]], act)
+    end
+
+    def test_respond
+        act = acl {
+            respond(409, {"custom" => "header"}, ["Conflict"])
+        }.call({})
+        assert_equal([409, {"custom" => "header"}, ["Conflict"]], act)
+    end
+
+    def test_deny
+        act = acl {
+            deny
+        }.call({})
+        assert_equal([403, {}, ["Forbidden"]], act)
+    end
+
+    def test_allow
+        act = acl {
+            allow
+        }.call({})
+        assert_equal([399, {}, []], act)
+    end
+
+    def test_redirect
+        act = acl {
+            redirect("https://h2o.examp1e.net/", 301)
+        }.call({})
+        assert_equal([301, {"Location" => "https://h2o.examp1e.net/"}, []], act)
+    end
+
+    ##### tests for condition block
+
+    def test_conditional_true
+        act = acl {
+            respond(200) { true }
+        }.call({})
+        assert_equal([200, {}, []], act)
+    end
+
+    def test_conditional_false
+        act = acl {
+            respond(200) { false }
+        }.call({})
+        assert_equal([399, {}, []], act)
+    end
+
+    ##### tests for acl block
+
+    def test_empty
+        act = acl {
+        }.call({})[0]
+        assert_equal(399, act)
+    end
+
+    def test_multiple1
+        act = acl {
+            respond(201) { true }
+            respond(202) { true }
+        }.call({})[0]
+        assert_equal(201, act)
+    end
+
+    def test_multiple2
+        act = acl {
+            respond(201) { false }
+            respond(202) { true }
+        }.call({})[0]
+        assert_equal(202, act)
+    end
+
+    def test_multiple3
+        act = acl {
+            respond(201) { false }
+            respond(202) { false }
+        }.call({})[0]
+        assert_equal(399, act)
+    end
+
+    def test_acl_restriction1
+        acl { respond(200) }
+        assert_raise(RuntimeError, "must raise exception if acl method is called more than once") {
+            acl { respond(200) }
+        }
+    end
+
+    ##### tests for matcher
+
+    def test_addr
+        handler = acl {
+            respond(200) { addr.match(/^192\.168\./) }
+            respond(403) { addr.match(/^200\./) }
+            respond(503) { addr.match(/^201\./) }
+        }
+        assert_equal(200, handler.call({ "REMOTE_ADDR" => "192.168.0.1"})[0])
+        assert_equal(403, handler.call({ "REMOTE_ADDR" => "200.0.0.1"})[0])
+        assert_equal(503, handler.call({ "REMOTE_ADDR" => "201.0.0.1"})[0])
+        assert_equal(399, handler.call({ "REMOTE_ADDR" => "127.0.0.1"})[0])
+        assert_equal(200, handler.call({ "HTTP_X_FORWARDED_FOR" => "192.168.0.1"})[0])
+    end
+
+    def test_addr_not_forwarded
+        handler = acl {
+            respond(200) { addr(false).match(/^192\.168\./) }
+            respond(403)
+        }
+        assert_equal(200, handler.call({ "REMOTE_ADDR" => "192.168.0.1"})[0])
+        assert_equal(403, handler.call({ "HTTP_X_FORWARDED_FOR" => "192.168.0.1"})[0])
+    end
+
+    def test_path
+        handler = acl {
+            respond(200) { path == "/foo" }
+            respond(404)
+        }
+        assert_equal(200, handler.call({ "PATH_INFO" => "/foo"})[0])
+        assert_equal(404, handler.call({ "PATH_INFO" => "/bar"})[0])
+    end
+
+    def test_method
+        handler = acl {
+            allow { method.match(/^(GET|HEAD)$/) }
+            respond(405)
+        }
+        assert_equal(399, handler.call({ "REQUEST_METHOD" => "GET"})[0])
+        assert_equal(405, handler.call({ "REQUEST_METHOD" => "POST"})[0])
+    end
+
+    def test_method
+        handler = acl {
+            allow { method.match(/^(GET|HEAD)$/) }
+            respond(405)
+        }
+        assert_equal(399, handler.call({ "REQUEST_METHOD" => "GET"})[0])
+        assert_equal(405, handler.call({ "REQUEST_METHOD" => "POST"})[0])
+    end
+
+    def test_header
+        handler = acl {
+            respond(400, {}, ["authorization header missing"]) { header("Authorization").empty? }
+        }
+        assert_equal(400, handler.call({})[0])
+        assert_equal(399, handler.call({ "HTTP_AUTHORIZATION" => "Bearer xyz"})[0])
+    end
+
+    def test_user_agent
+        handler = acl {
+            respond(200, {}, ["hello googlebot!"]) { user_agent.match(/Googlebot/i) }
+        }
+        assert_equal(200, handler.call({ "HTTP_USER_AGENT" => "i'm Googlebot"})[0])
+        assert_equal(399, handler.call({})[0])
+    end
+
+    def test_multiple_matchers
+        handler = acl {
+            respond(403, {}, []) { ! addr.start_with?("192.168.") && user_agent.match(/curl/i) }
+        }
+        assert_equal(399, handler.call({ "REMOTE_ADDR" => "192.168.100.100", "HTTP_USER_AGENT" => "i'm firefox"})[0])
+        assert_equal(399, handler.call({ "REMOTE_ADDR" => "192.168.100.100", "HTTP_USER_AGENT" => "i'm curl"})[0])
+        assert_equal(399, handler.call({ "REMOTE_ADDR" => "222.222.222.222", "HTTP_USER_AGENT" => "i'm firefox"})[0])
+        assert_equal(403, handler.call({ "REMOTE_ADDR" => "222.222.222.222", "HTTP_USER_AGENT" => "i'm curl"})[0])
+    end
+end
+
+MTest::Unit.new.run