Gitly


1 // vtest build: !windows // fasthttp.Server.run is not implemented on windows yet
2 import veb
3 import net.http
4 import time
5 import os
6 
7 const base_port = 13013
8 const exit_after = time.second * 10
9 const allowed_origin = 'https://vlang.io'
10 
11 fn get_port_and_url(test_number int) (int, string) {
12     p := base_port + test_number
13     return p, 'http://127.0.0.1:${p}'
14 }
15 
16 pub struct Context {
17     veb.Context
18 }
19 
20 pub struct App {
21     veb.Middleware[Context]
22 mut:
23     started chan bool
24 }
25 
26 pub fn (mut app App) before_accept_loop() {
27     app.started <- true
28 }
29 
30 pub fn (app &App) index(mut ctx Context) veb.Result {
31     return ctx.text('index')
32 }
33 
34 fn setup(port int, o veb.CorsOptions) ! {
35     os.chdir(os.dir(@FILE))!
36     go fn () {
37         time.sleep(exit_after)
38         assert false, 'timeout reached!'
39         exit(1)
40     }()
41 
42     mut app := &App{}
43     app.use(veb.cors[Context](o))
44 
45     go veb.run_at[App, Context](mut app, port: port, timeout_in_seconds: 2, family: .ip)
46     // app startup time
47     _ := <-app.started
48 }
49 
50 fn test_no_user_provided_allowed_headers() {
51     port, localserver := get_port_and_url(1)
52     setup(port, veb.CorsOptions{
53         origins: [allowed_origin]
54     })!
55 
56     x := http.fetch(http.FetchConfig{
57         url:    localserver
58         method: http.Method.options
59         header: http.new_header_from_map({
60             http.CommonHeader.origin: allowed_origin
61         })
62     })!
63 
64     assert x.status() == http.Status.ok
65     if header := x.header.get(.access_control_allow_headers) {
66         assert false, 'Header should not be set'
67     }
68 }
69 
70 fn test_user_provided_allowed_header() {
71     port, localserver := get_port_and_url(2)
72     setup(port, veb.CorsOptions{
73         origins:         [allowed_origin]
74         allowed_headers: ['content-type']
75     })!
76 
77     x := http.fetch(http.FetchConfig{
78         url:    localserver
79         method: http.Method.options
80         header: http.new_header_from_map({
81             http.CommonHeader.origin: allowed_origin
82         })
83     })!
84 
85     assert x.status() == http.Status.ok
86     if header := x.header.get(.access_control_allow_headers) {
87         assert header == 'content-type'
88     } else {
89         assert false, 'Header not set'
90     }
91 }
92 
93 fn test_user_provided_allowed_header_wildcard() {
94     port, localserver := get_port_and_url(3)
95     setup(port, veb.CorsOptions{
96         origins:         [allowed_origin]
97         allowed_headers: ['*']
98     })!
99 
100     x := http.fetch(http.FetchConfig{
101         url:    localserver
102         method: http.Method.options
103         header: http.new_header_from_map({
104             http.CommonHeader.origin: allowed_origin
105         })
106     })!
107 
108     assert x.status() == http.Status.ok
109     if header := x.header.get(.access_control_allow_headers) {
110         assert header == '*'
111     } else {
112         assert false, 'Header not set'
113     }
114 }
115 
116 fn test_request_has_access_control_request_headers() {
117     port, localserver := get_port_and_url(4)
118     setup(port, veb.CorsOptions{
119         origins: [allowed_origin]
120     })!
121 
122     x := http.fetch(http.FetchConfig{
123         url:    localserver
124         method: http.Method.options
125         header: http.new_header_from_map({
126             http.CommonHeader.origin:                         allowed_origin
127             http.CommonHeader.access_control_request_headers: 'any-value'
128         })
129     })!
130 
131     assert x.status() == http.Status.ok
132     if header := x.header.get(http.CommonHeader.access_control_allow_headers) {
133         assert header == veb.cors_safelisted_response_headers
134     } else {
135         assert false, 'Header not set'
136     }
137 }
138 
139 fn test_allow_credentials_non_preflight() {
140     port, localserver := get_port_and_url(5)
141     setup(port, veb.CorsOptions{
142         origins:           [allowed_origin]
143         allowed_methods:   [http.Method.get]
144         allow_credentials: true
145     })!
146 
147     x := http.fetch(http.FetchConfig{
148         url:    localserver
149         header: http.new_header_from_map({
150             http.CommonHeader.origin: allowed_origin
151         })
152     })!
153 
154     assert x.status() == http.Status.ok
155     if header := x.header.get(http.CommonHeader.access_control_allow_credentials) {
156         assert header == 'true'
157     } else {
158         assert false, 'Header not set'
159     }
160 }
161

1	// vtest build: !windows // fasthttp.Server.run is not implemented on windows yet
2	import veb
3	import net.http
4	import time
5	import os
6
7	const base_port = 13013
8	const exit_after = time.second * 10
9	const allowed_origin = 'https://vlang.io'
10
11	fn get_port_and_url(test_number int) (int, string) {
12	p := base_port + test_number
13	return p, 'http://127.0.0.1:${p}'
14	}
15
16	pub struct Context {
17	veb.Context
18	}
19
20	pub struct App {
21	veb.Middleware[Context]
22	mut:
23	started chan bool
24	}
25
26	pub fn (mut app App) before_accept_loop() {
27	app.started <- true
28	}
29
30	pub fn (app &App) index(mut ctx Context) veb.Result {
31	return ctx.text('index')
32	}
33
34	fn setup(port int, o veb.CorsOptions) ! {
35	os.chdir(os.dir(@FILE))!
36	go fn () {
37	time.sleep(exit_after)
38	assert false, 'timeout reached!'
39	exit(1)
40	}()
41
42	mut app := &App{}
43	app.use(veb.cors[Context](o))
44
45	go veb.run_at[App, Context](mut app, port: port, timeout_in_seconds: 2, family: .ip)
46	// app startup time
47	_ := <-app.started
48	}
49
50	fn test_no_user_provided_allowed_headers() {
51	port, localserver := get_port_and_url(1)
52	setup(port, veb.CorsOptions{
53	origins: [allowed_origin]
54	})!
55
56	x := http.fetch(http.FetchConfig{
57	url: localserver
58	method: http.Method.options
59	header: http.new_header_from_map({
60	http.CommonHeader.origin: allowed_origin
61	})
62	})!
63
64	assert x.status() == http.Status.ok
65	if header := x.header.get(.access_control_allow_headers) {
66	assert false, 'Header should not be set'
67	}
68	}
69
70	fn test_user_provided_allowed_header() {
71	port, localserver := get_port_and_url(2)
72	setup(port, veb.CorsOptions{
73	origins: [allowed_origin]
74	allowed_headers: ['content-type']
75	})!
76
77	x := http.fetch(http.FetchConfig{
78	url: localserver
79	method: http.Method.options
80	header: http.new_header_from_map({
81	http.CommonHeader.origin: allowed_origin
82	})
83	})!
84
85	assert x.status() == http.Status.ok
86	if header := x.header.get(.access_control_allow_headers) {
87	assert header == 'content-type'
88	} else {
89	assert false, 'Header not set'
90	}
91	}
92
93	fn test_user_provided_allowed_header_wildcard() {
94	port, localserver := get_port_and_url(3)
95	setup(port, veb.CorsOptions{
96	origins: [allowed_origin]
97	allowed_headers: ['*']
98	})!
99
100	x := http.fetch(http.FetchConfig{
101	url: localserver
102	method: http.Method.options
103	header: http.new_header_from_map({
104	http.CommonHeader.origin: allowed_origin
105	})
106	})!
107
108	assert x.status() == http.Status.ok
109	if header := x.header.get(.access_control_allow_headers) {
110	assert header == '*'
111	} else {
112	assert false, 'Header not set'
113	}
114	}
115
116	fn test_request_has_access_control_request_headers() {
117	port, localserver := get_port_and_url(4)
118	setup(port, veb.CorsOptions{
119	origins: [allowed_origin]
120	})!
121
122	x := http.fetch(http.FetchConfig{
123	url: localserver
124	method: http.Method.options
125	header: http.new_header_from_map({
126	http.CommonHeader.origin: allowed_origin
127	http.CommonHeader.access_control_request_headers: 'any-value'
128	})
129	})!
130
131	assert x.status() == http.Status.ok
132	if header := x.header.get(http.CommonHeader.access_control_allow_headers) {
133	assert header == veb.cors_safelisted_response_headers
134	} else {
135	assert false, 'Header not set'
136	}
137	}
138
139	fn test_allow_credentials_non_preflight() {
140	port, localserver := get_port_and_url(5)
141	setup(port, veb.CorsOptions{
142	origins: [allowed_origin]
143	allowed_methods: [http.Method.get]
144	allow_credentials: true
145	})!
146
147	x := http.fetch(http.FetchConfig{
148	url: localserver
149	header: http.new_header_from_map({
150	http.CommonHeader.origin: allowed_origin
151	})
152	})!
153
154	assert x.status() == http.Status.ok
155	if header := x.header.get(http.CommonHeader.access_control_allow_credentials) {
156	assert header == 'true'
157	} else {
158	assert false, 'Header not set'
159	}
160	}
161