package restapi import ( "context" "io" "net/http" "net/http/httptest" "strings" "sync/atomic" "testing" "time" "galaxy/gateway/internal/config" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) // proxyRequest builds a test request whose context carries a cancellation // signal. A real http.Server always supplies one; httptest.NewRequest does not, // and without it httputil.ReverseProxy falls back to the legacy CloseNotifier // path, which panics under gin's ResponseWriter wrapping an // httptest.ResponseRecorder. Cancelling at test cleanup keeps the context live // for the synchronous ServeHTTP call. func proxyRequest(t *testing.T, method, target string, body io.Reader) *http.Request { t.Helper() req := httptest.NewRequest(method, target, body) ctx, cancel := context.WithCancel(req.Context()) t.Cleanup(cancel) return req.WithContext(ctx) } func TestAdminConsoleProxyForwardsToBackend(t *testing.T) { var gotPath, gotHost, gotAuth string backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gotPath = r.URL.Path gotHost = r.Host gotAuth = r.Header.Get("Authorization") w.Header().Set("Content-Type", "text/html; charset=utf-8") _, _ = w.Write([]byte("

Dashboard

")) })) defer backend.Close() proxy, err := NewBackendConsoleProxy(backend.URL, nil) require.NoError(t, err) handler := newPublicHandlerWithConfig(config.DefaultPublicHTTPConfig(), ServerDependencies{AdminConsoleProxy: proxy}) req := proxyRequest(t, http.MethodGet, "http://galaxy.lan/_gm/", nil) req.SetBasicAuth("ops", "secret") rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) require.Equal(t, http.StatusOK, rec.Code) assert.Contains(t, rec.Body.String(), "Dashboard") assert.Equal(t, "/_gm/", gotPath) assert.Equal(t, "galaxy.lan", gotHost, "inbound Host must be preserved for same-origin CSRF checks") assert.True(t, strings.HasPrefix(gotAuth, "Basic "), "Authorization header must be forwarded to the backend") } func TestAdminConsoleProxyForwardsFormPost(t *testing.T) { var gotPath, gotBody, gotContentType string backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gotPath = r.URL.Path gotContentType = r.Header.Get("Content-Type") body, _ := io.ReadAll(r.Body) gotBody = string(body) w.WriteHeader(http.StatusSeeOther) })) defer backend.Close() proxy, err := NewBackendConsoleProxy(backend.URL, nil) require.NoError(t, err) handler := newPublicHandlerWithConfig(config.DefaultPublicHTTPConfig(), ServerDependencies{AdminConsoleProxy: proxy}) const form = "_csrf=token&reason=spam" req := proxyRequest(t, http.MethodPost, "http://galaxy.lan/_gm/users/1/sanctions", strings.NewReader(form)) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.SetBasicAuth("ops", "secret") rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) require.Equal(t, http.StatusSeeOther, rec.Code) assert.Equal(t, "/_gm/users/1/sanctions", gotPath) assert.Equal(t, form, gotBody, "request body must reach the backend intact through the anti-abuse buffer") assert.Contains(t, gotContentType, "x-www-form-urlencoded") } func TestAdminConsoleProxyRelaysAuthChallenge(t *testing.T) { backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { w.Header().Set("WWW-Authenticate", `Basic realm="galaxy-admin"`) w.WriteHeader(http.StatusUnauthorized) })) defer backend.Close() proxy, err := NewBackendConsoleProxy(backend.URL, nil) require.NoError(t, err) handler := newPublicHandlerWithConfig(config.DefaultPublicHTTPConfig(), ServerDependencies{AdminConsoleProxy: proxy}) req := proxyRequest(t, http.MethodGet, "http://galaxy.lan/_gm/", nil) rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) require.Equal(t, http.StatusUnauthorized, rec.Code) assert.Contains(t, rec.Header().Get("WWW-Authenticate"), "Basic") } func TestAdminConsoleProxyRejectsDisallowedMethod(t *testing.T) { var hits int32 backend := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) { atomic.AddInt32(&hits, 1) })) defer backend.Close() proxy, err := NewBackendConsoleProxy(backend.URL, nil) require.NoError(t, err) handler := newPublicHandlerWithConfig(config.DefaultPublicHTTPConfig(), ServerDependencies{AdminConsoleProxy: proxy}) req := proxyRequest(t, http.MethodDelete, "http://galaxy.lan/_gm/users/1", nil) rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) assert.Equal(t, http.StatusMethodNotAllowed, rec.Code) assert.Equal(t, int32(0), atomic.LoadInt32(&hits), "backend must not be reached for a rejected method") } func TestAdminConsoleProxyRejectsOversizedBody(t *testing.T) { backend := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {})) defer backend.Close() proxy, err := NewBackendConsoleProxy(backend.URL, nil) require.NoError(t, err) cfg := config.DefaultPublicHTTPConfig() cfg.AntiAbuse.Admin.MaxBodyBytes = 8 handler := newPublicHandlerWithConfig(cfg, ServerDependencies{AdminConsoleProxy: proxy}) req := proxyRequest(t, http.MethodPost, "http://galaxy.lan/_gm/users/1/sanctions", strings.NewReader("this body is well beyond eight bytes")) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) assert.Equal(t, http.StatusRequestEntityTooLarge, rec.Code) } func TestAdminConsoleProxyRateLimitsPerIP(t *testing.T) { backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusOK) })) defer backend.Close() proxy, err := NewBackendConsoleProxy(backend.URL, nil) require.NoError(t, err) cfg := config.DefaultPublicHTTPConfig() cfg.AntiAbuse.Admin.RateLimit = config.PublicRateLimitConfig{Requests: 1, Window: time.Minute, Burst: 1} handler := newPublicHandlerWithConfig(cfg, ServerDependencies{AdminConsoleProxy: proxy}) do := func() int { req := proxyRequest(t, http.MethodGet, "http://galaxy.lan/_gm/", nil) req.RemoteAddr = "203.0.113.7:5555" rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) return rec.Code } assert.Equal(t, http.StatusOK, do(), "first request within budget") assert.Equal(t, http.StatusTooManyRequests, do(), "second request exhausts the per-IP admin budget") } func TestAdminConsoleProxyReturns502WhenBackendUnreachable(t *testing.T) { backend := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {})) backendURL := backend.URL backend.Close() // close immediately so the next dial is refused proxy, err := NewBackendConsoleProxy(backendURL, nil) require.NoError(t, err) handler := newPublicHandlerWithConfig(config.DefaultPublicHTTPConfig(), ServerDependencies{AdminConsoleProxy: proxy}) req := proxyRequest(t, http.MethodGet, "http://galaxy.lan/_gm/", nil) rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) assert.Equal(t, http.StatusBadGateway, rec.Code) } func TestAdminConsoleNotMountedWhenProxyNil(t *testing.T) { handler := newPublicHandler(ServerDependencies{}) req := proxyRequest(t, http.MethodGet, "http://galaxy.lan/_gm/", nil) rec := httptest.NewRecorder() handler.ServeHTTP(rec, req) assert.Equal(t, http.StatusNotFound, rec.Code) } func TestNewBackendConsoleProxyRejectsRelativeURL(t *testing.T) { _, err := NewBackendConsoleProxy("/not-absolute", nil) assert.Error(t, err) }