292 lines
8.1 KiB
Erlang
292 lines
8.1 KiB
Erlang
%%--------------------------------------------------------------------
|
|
%% Copyright (c) 2020-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
|
%%
|
|
%% Licensed under the Apache License, Version 2.0 (the "License");
|
|
%% you may not use this file except in compliance with the License.
|
|
%% You may obtain a copy of the License at
|
|
%%
|
|
%% http://www.apache.org/licenses/LICENSE-2.0
|
|
%%
|
|
%% Unless required by applicable law or agreed to in writing, software
|
|
%% distributed under the License is distributed on an "AS IS" BASIS,
|
|
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
%% See the License for the specific language governing permissions and
|
|
%% limitations under the License.
|
|
%%--------------------------------------------------------------------
|
|
-module(emqx_mgmt_api_banned_SUITE).
|
|
|
|
-compile(export_all).
|
|
-compile(nowarn_export_all).
|
|
|
|
-include_lib("eunit/include/eunit.hrl").
|
|
|
|
-define(EXPIRATION_TIME, 31536000).
|
|
|
|
all() ->
|
|
emqx_common_test_helpers:all(?MODULE).
|
|
|
|
init_per_suite(Config) ->
|
|
emqx_mgmt_api_test_util:init_suite(),
|
|
Config.
|
|
|
|
end_per_suite(_) ->
|
|
emqx_mgmt_api_test_util:end_suite().
|
|
|
|
t_create(_Config) ->
|
|
Now = erlang:system_time(second),
|
|
At = emqx_banned:to_rfc3339(Now),
|
|
Until = emqx_banned:to_rfc3339(Now + 3),
|
|
ClientId = <<"TestClient测试"/utf8>>,
|
|
By = <<"banned suite测试组"/utf8>>,
|
|
Reason = <<"test测试"/utf8>>,
|
|
As = <<"clientid">>,
|
|
|
|
%% ban by clientid
|
|
ClientIdBanned = #{
|
|
as => As,
|
|
who => ClientId,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, ClientIdBannedRes} = create_banned(ClientIdBanned),
|
|
?assertEqual(
|
|
#{
|
|
<<"as">> => As,
|
|
<<"at">> => At,
|
|
<<"by">> => By,
|
|
<<"reason">> => Reason,
|
|
<<"until">> => Until,
|
|
<<"who">> => ClientId
|
|
},
|
|
ClientIdBannedRes
|
|
),
|
|
|
|
%% ban by peerhost
|
|
PeerHost = <<"192.168.2.13">>,
|
|
PeerHostBanned = #{
|
|
as => <<"peerhost">>,
|
|
who => PeerHost,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, PeerHostBannedRes} = create_banned(PeerHostBanned),
|
|
?assertEqual(
|
|
#{
|
|
<<"as">> => <<"peerhost">>,
|
|
<<"at">> => At,
|
|
<<"by">> => By,
|
|
<<"reason">> => Reason,
|
|
<<"until">> => Until,
|
|
<<"who">> => PeerHost
|
|
},
|
|
PeerHostBannedRes
|
|
),
|
|
|
|
%% ban by username RE
|
|
UsernameRE = <<"BannedUser.*">>,
|
|
UsernameREBanned = #{
|
|
as => <<"username_re">>,
|
|
who => UsernameRE,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, UsernameREBannedRes} = create_banned(UsernameREBanned),
|
|
?assertEqual(
|
|
#{
|
|
<<"as">> => <<"username_re">>,
|
|
<<"at">> => At,
|
|
<<"by">> => By,
|
|
<<"reason">> => Reason,
|
|
<<"until">> => Until,
|
|
<<"who">> => UsernameRE
|
|
},
|
|
UsernameREBannedRes
|
|
),
|
|
|
|
%% ban by clientid RE
|
|
ClientIdRE = <<"BannedClient.*">>,
|
|
ClientIdREBanned = #{
|
|
as => <<"clientid_re">>,
|
|
who => ClientIdRE,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, ClientIdREBannedRes} = create_banned(ClientIdREBanned),
|
|
?assertEqual(
|
|
#{
|
|
<<"as">> => <<"clientid_re">>,
|
|
<<"at">> => At,
|
|
<<"by">> => By,
|
|
<<"reason">> => Reason,
|
|
<<"until">> => Until,
|
|
<<"who">> => ClientIdRE
|
|
},
|
|
ClientIdREBannedRes
|
|
),
|
|
|
|
%% ban by CIDR
|
|
PeerHostNet = <<"192.168.0.0/24">>,
|
|
PeerHostNetBanned = #{
|
|
as => <<"peerhost_net">>,
|
|
who => PeerHostNet,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, PeerHostNetBannedRes} = create_banned(PeerHostNetBanned),
|
|
?assertEqual(
|
|
#{
|
|
<<"as">> => <<"peerhost_net">>,
|
|
<<"at">> => At,
|
|
<<"by">> => By,
|
|
<<"reason">> => Reason,
|
|
<<"until">> => Until,
|
|
<<"who">> => PeerHostNet
|
|
},
|
|
PeerHostNetBannedRes
|
|
),
|
|
|
|
{ok, #{<<"data">> := List}} = list_banned(),
|
|
Bans = lists:sort(lists:map(fun(#{<<"who">> := W, <<"as">> := A}) -> {A, W} end, List)),
|
|
?assertEqual(
|
|
[
|
|
{<<"clientid">>, ClientId},
|
|
{<<"clientid_re">>, ClientIdRE},
|
|
{<<"peerhost">>, PeerHost},
|
|
{<<"peerhost_net">>, PeerHostNet},
|
|
{<<"username_re">>, UsernameRE}
|
|
],
|
|
Bans
|
|
),
|
|
|
|
ClientId2 = <<"TestClient2"/utf8>>,
|
|
ClientIdBanned2 = #{
|
|
as => As,
|
|
who => ClientId2,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At
|
|
},
|
|
{ok, ClientIdBannedRes2} = create_banned(ClientIdBanned2),
|
|
Until2 = emqx_banned:to_rfc3339(Now + ?EXPIRATION_TIME),
|
|
?assertEqual(
|
|
#{
|
|
<<"as">> => As,
|
|
<<"at">> => At,
|
|
<<"by">> => By,
|
|
<<"reason">> => Reason,
|
|
<<"until">> => Until2,
|
|
<<"who">> => ClientId2
|
|
},
|
|
ClientIdBannedRes2
|
|
),
|
|
ok.
|
|
|
|
t_create_failed(_Config) ->
|
|
Now = erlang:system_time(second),
|
|
At = emqx_banned:to_rfc3339(Now),
|
|
Until = emqx_banned:to_rfc3339(Now + 10),
|
|
Who = <<"BadHost"/utf8>>,
|
|
By = <<"banned suite测试组"/utf8>>,
|
|
Reason = <<"test测试"/utf8>>,
|
|
As = <<"peerhost">>,
|
|
BadPeerHost = #{
|
|
as => As,
|
|
who => Who,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
BadRequest = {error, {"HTTP/1.1", 400, "Bad Request"}},
|
|
?assertEqual(BadRequest, create_banned(BadPeerHost)),
|
|
Expired = BadPeerHost#{
|
|
until => emqx_banned:to_rfc3339(Now - 1),
|
|
who => <<"127.0.0.1">>
|
|
},
|
|
?assertEqual(BadRequest, create_banned(Expired)),
|
|
ok.
|
|
|
|
t_delete(_Config) ->
|
|
Now = erlang:system_time(second),
|
|
At = emqx_banned:to_rfc3339(Now),
|
|
Until = emqx_banned:to_rfc3339(Now + 3),
|
|
Who = <<"TestClient-"/utf8>>,
|
|
By = <<"banned suite 中"/utf8>>,
|
|
Reason = <<"test测试"/utf8>>,
|
|
As = <<"clientid">>,
|
|
Banned = #{
|
|
as => clientid,
|
|
who => Who,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, _} = create_banned(Banned),
|
|
?assertMatch({ok, _}, delete_banned(binary_to_list(As), binary_to_list(Who))),
|
|
?assertMatch(
|
|
{error, {"HTTP/1.1", 404, "Not Found"}},
|
|
delete_banned(binary_to_list(As), binary_to_list(Who))
|
|
),
|
|
ok.
|
|
|
|
t_clear(_Config) ->
|
|
Now = erlang:system_time(second),
|
|
At = emqx_banned:to_rfc3339(Now),
|
|
Until = emqx_banned:to_rfc3339(Now + 3),
|
|
Who = <<"TestClient-"/utf8>>,
|
|
By = <<"banned suite 中"/utf8>>,
|
|
Reason = <<"test测试"/utf8>>,
|
|
As = <<"clientid">>,
|
|
Banned = #{
|
|
as => clientid,
|
|
who => Who,
|
|
by => By,
|
|
reason => Reason,
|
|
at => At,
|
|
until => Until
|
|
},
|
|
{ok, _} = create_banned(Banned),
|
|
?assertMatch({ok, _}, clear_banned()),
|
|
?assertMatch(
|
|
{error, {"HTTP/1.1", 404, "Not Found"}},
|
|
delete_banned(binary_to_list(As), binary_to_list(Who))
|
|
),
|
|
ok.
|
|
|
|
list_banned() ->
|
|
Path = emqx_mgmt_api_test_util:api_path(["banned"]),
|
|
case emqx_mgmt_api_test_util:request_api(get, Path) of
|
|
{ok, Apps} -> {ok, emqx_utils_json:decode(Apps, [return_maps])};
|
|
Error -> Error
|
|
end.
|
|
|
|
create_banned(Banned) ->
|
|
AuthHeader = emqx_mgmt_api_test_util:auth_header_(),
|
|
Path = emqx_mgmt_api_test_util:api_path(["banned"]),
|
|
case emqx_mgmt_api_test_util:request_api(post, Path, "", AuthHeader, Banned) of
|
|
{ok, Res} -> {ok, emqx_utils_json:decode(Res, [return_maps])};
|
|
Error -> Error
|
|
end.
|
|
|
|
delete_banned(As, Who) ->
|
|
DeletePath = emqx_mgmt_api_test_util:api_path(["banned", As, Who]),
|
|
emqx_mgmt_api_test_util:request_api(delete, DeletePath).
|
|
|
|
clear_banned() ->
|
|
ClearPath = emqx_mgmt_api_test_util:api_path(["banned"]),
|
|
emqx_mgmt_api_test_util:request_api(delete, ClearPath).
|
|
|
|
to_rfc3339(Sec) ->
|
|
list_to_binary(calendar:system_time_to_rfc3339(Sec)).
|