senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/middleware/metrics_protection_test.go
senke b6c004319c
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
v0.9.2
2026-03-05 19:27:34 +01:00

95 lines
2.4 KiB
Go
Raw Blame History

package middleware
import (
"net/http"
"net/http/httptest"
"os"
"testing"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
)
func TestMetricsProtection_DeniesWithoutAuth(t *testing.T) {
// Clear metrics env so access is denied (no bearer, no IP whitelist)
defer func() {
os.Unsetenv("METRICS_BEARER_TOKEN")
os.Unsetenv("METRICS_ALLOWED_IPS")
os.Unsetenv("METRICS_PUBLIC_IN_DEV")
os.Unsetenv("APP_ENV")
}()
os.Unsetenv("METRICS_BEARER_TOKEN")
os.Unsetenv("METRICS_ALLOWED_IPS")
os.Unsetenv("METRICS_PUBLIC_IN_DEV")
os.Setenv("APP_ENV", "production")
gin.SetMode(gin.TestMode)
router := gin.New()
logger := zap.NewNop()
router.Use(MetricsProtection(logger))
router.GET("/metrics", func(c *gin.Context) {
c.String(200, "metrics")
})
w := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/metrics", nil)
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusForbidden, w.Code)
assert.Contains(t, w.Body.String(), "Access denied")
}
func TestMetricsProtection_AllowsWithBearerToken(t *testing.T) {
defer func() {
os.Unsetenv("METRICS_BEARER_TOKEN")
os.Unsetenv("METRICS_ALLOWED_IPS")
os.Unsetenv("APP_ENV")
}()
os.Setenv("METRICS_BEARER_TOKEN", "secret-token")
os.Unsetenv("METRICS_ALLOWED_IPS")
os.Setenv("APP_ENV", "production")
gin.SetMode(gin.TestMode)
router := gin.New()
logger := zap.NewNop()
router.Use(MetricsProtection(logger))
router.GET("/metrics", func(c *gin.Context) {
c.String(200, "metrics")
})
w := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/metrics", nil)
req.Header.Set("Authorization", "Bearer secret-token")
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusOK, w.Code)
assert.Contains(t, w.Body.String(), "metrics")
}
func TestMetricsProtection_AllowsWithWhitelistedIP(t *testing.T) {
defer func() {
os.Unsetenv("METRICS_BEARER_TOKEN")
os.Unsetenv("METRICS_ALLOWED_IPS")
os.Unsetenv("APP_ENV")
}()
os.Unsetenv("METRICS_BEARER_TOKEN")
os.Setenv("METRICS_ALLOWED_IPS", "127.0.0.1")
os.Setenv("APP_ENV", "production")
gin.SetMode(gin.TestMode)
router := gin.New()
logger := zap.NewNop()
router.Use(MetricsProtection(logger))
router.GET("/metrics", func(c *gin.Context) {
c.String(200, "metrics")
})
w := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/metrics", nil)
req.RemoteAddr = "127.0.0.1:12345"
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusOK, w.Code)
assert.Contains(t, w.Body.String(), "metrics")
}
Reference in a new issue View git blame Copy permalink