mirror of
https://github.com/yusing/godoxy.git
synced 2026-04-27 11:17:29 +02:00
c8d7d4f7d3
Replace the xsync map plus manual expiry on checkCache with cache.NewKeyFunc(evaluateIP).WithTTL. Move deny/allow/default logic into evaluateIP; wire getCachedCity and IPAllowed through the cache API. Refresh README security notes and add tests showing cached decisions persist across in-memory rule changes until TTL expires.
62 lines
1.2 KiB
Go
62 lines
1.2 KiB
Go
package acl
|
|
|
|
import (
|
|
"net"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestIPAllowedCachesDecision(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
testIP := net.ParseIP("8.8.8.8")
|
|
require.NotNil(t, testIP)
|
|
|
|
t.Run("cached allow survives rule changes", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cfg := &Config{
|
|
Default: ACLDeny,
|
|
AllowLocal: new(false),
|
|
Allow: mustMatchers(t, "ip:8.8.8.8"),
|
|
}
|
|
require.NoError(t, cfg.Validate())
|
|
|
|
require.True(t, cfg.IPAllowed(testIP))
|
|
|
|
cfg.Allow = nil
|
|
cfg.Deny = mustMatchers(t, "ip:8.8.8.8")
|
|
|
|
require.True(t, cfg.IPAllowed(testIP))
|
|
})
|
|
|
|
t.Run("cached deny survives rule changes", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cfg := &Config{
|
|
Default: ACLAllow,
|
|
AllowLocal: new(false),
|
|
Deny: mustMatchers(t, "ip:8.8.8.8"),
|
|
}
|
|
require.NoError(t, cfg.Validate())
|
|
|
|
require.False(t, cfg.IPAllowed(testIP))
|
|
|
|
cfg.Deny = nil
|
|
cfg.Allow = mustMatchers(t, "ip:8.8.8.8")
|
|
|
|
require.False(t, cfg.IPAllowed(testIP))
|
|
})
|
|
}
|
|
|
|
func mustMatchers(t *testing.T, rules ...string) Matchers {
|
|
t.Helper()
|
|
|
|
matchers := make(Matchers, len(rules))
|
|
for i, rule := range rules {
|
|
require.NoError(t, matchers[i].Parse(rule))
|
|
}
|
|
return matchers
|
|
}
|