jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-08 04:17:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(wasm-go): add wasm go plugin unit test and ci workflow (#2809)

Browse Source
This commit is contained in:
Jingze
2025-08-28 20:02:03 +08:00
committed by GitHub
parent 3e0a5f02a7
commit a00b810be5
138 changed files with 27695 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/wasm-go/extensions/basic-auth/go.mod
View File

@@ -5,15 +5,21 @@ go 1.24.1
toolchain go1.24.4
require (
github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20250611100342-5654e89a7a80
github.com/higress-group/wasm-go v1.0.0
github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20250822030947-8345453fddd0
github.com/higress-group/wasm-go v1.0.2-0.20250821081215-b573359becf8
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.9.0
github.com/tidwall/gjson v1.18.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/tetratelabs/wazero v1.7.2 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
github.com/tidwall/resp v0.1.1 // indirect
github.com/tidwall/sjson v1.2.5 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

15
plugins/wasm-go/extensions/basic-auth/go.sum
View File

@@ -2,16 +2,19 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20250611100342-5654e89a7a80 h1:xqmtTZI0JQ2O+Lg9/CE6c+Tw9KD6FnvWw8EpLVuuvfg=
github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20250611100342-5654e89a7a80/go.mod h1:tRI2LfMudSkKHhyv1uex3BWzcice2s/l8Ah8axporfA=
github.com/higress-group/wasm-go v1.0.0 h1:4Ik5n3FsJ5+r13KLQl2ky+8NuAE8dfWQwoKxXYD2KAw=
github.com/higress-group/wasm-go v1.0.0/go.mod h1:ODBV27sjmhIW8Cqv3R74EUcTnbdkE69bmXBQFuRkY1M=
github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20250822030947-8345453fddd0 h1:YGdj8KBzVjabU3STUfwMZghB+VlX6YLfJtLbrsWaOD0=
github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20250822030947-8345453fddd0/go.mod h1:tRI2LfMudSkKHhyv1uex3BWzcice2s/l8Ah8axporfA=
github.com/higress-group/wasm-go v1.0.2-0.20250821081215-b573359becf8 h1:rs+AH1wfZy4swzuAyiRXT7xPUm8gycXt9Gwy0tqOq0o=
github.com/higress-group/wasm-go v1.0.2-0.20250821081215-b573359becf8/go.mod h1:9k7L730huS/q4V5iH9WLDgf5ZUHEtfhM/uXcegKDG/M=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tetratelabs/wazero v1.7.2 h1:1+z5nXJNwMLPAWaTePFi49SSTL0IMx/i3Fg8Yc25GDc=
github.com/tetratelabs/wazero v1.7.2/go.mod h1:ytl6Zuh20R/eROuyDaGPkp82O9C/DJfXAwJfQ3X6/7Y=
github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -21,5 +24,9 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tidwall/resp v0.1.1 h1:Ly20wkhqKTmDUPlyM1S7pWo5kk0tDu8OoC/vFArXmwE=
github.com/tidwall/resp v0.1.1/go.mod h1:3/FrruOBAxPTPtundW0VXgmsQ4ZBA0Aw714lVYgwFa0=
github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

871
plugins/wasm-go/extensions/basic-auth/main_test.go Normal file
View File

@@ -0,0 +1,871 @@
// Copyright (c) 2024 Alibaba Group Holding Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"encoding/base64"
"encoding/json"
"testing"
"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
"github.com/higress-group/wasm-go/pkg/test"
"github.com/stretchr/testify/require"
)
// 测试配置:基本全局配置
var basicGlobalConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
})
return data
}()
// 测试配置:全局认证开启配置
var globalAuthTrueConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": true,
})
return data
}()
// 测试配置:路由鉴权配置
var routeAuthConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"allow": []string{
"consumer1",
},
})
return data
}()
// 测试配置:域名鉴权配置
var domainAuthConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"allow": []string{
"consumer2",
},
})
return data
}()
// 测试配置:无效配置(缺少 consumers
var invalidConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(空的 consumers
var emptyConsumersConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{},
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(重复的 credential
var duplicateCredentialConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "admin:123456", // 重复的 credential
},
},
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(无效的 credential 格式)
var invalidCredentialFormatConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin", // 缺少密码部分
},
},
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(缺少 consumer name
var missingConsumerNameConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"credential": "admin:123456",
// 缺少 name
},
},
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(空的 consumer name
var emptyConsumerNameConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "",
"credential": "admin:123456",
},
},
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(空的 credential
var emptyCredentialConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "",
},
},
"global_auth": false,
})
return data
}()
// 测试配置:无效配置(空的 allow 列表)
var emptyAllowConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"allow": []string{},
})
return data
}()
// 测试配置:路由级别配置(使用 _rules_ 和 _match_route_
var routeLevelConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_route_": []string{"route-a", "route-b"},
"allow": []string{"consumer1"},
},
{
"_match_route_": []string{"route-c"},
"allow": []string{"consumer2"},
},
},
})
return data
}()
// 测试配置:域名级别配置(使用 _rules_ 和 _match_domain_
var domainLevelConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_domain_": []string{"*.example.com", "test.com"},
"allow": []string{"consumer2"},
},
{
"_match_domain_": []string{"api.example.com"},
"allow": []string{"consumer1"},
},
},
})
return data
}()
// 测试配置:服务级别配置(使用 _rules_ 和 _match_service_
var serviceLevelConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_service_": []string{"service-a:8080", "service-b"},
"allow": []string{"consumer1"},
},
{
"_match_service_": []string{"service-c:9090"},
"allow": []string{"consumer2"},
},
},
})
return data
}()
// 测试配置:路由前缀级别配置(使用 _rules_ 和 _match_route_prefix_
var routePrefixLevelConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_route_prefix_": []string{"api-", "web-"},
"allow": []string{"consumer1"},
},
{
"_match_route_prefix_": []string{"admin-", "internal-"},
"allow": []string{"consumer2"},
},
},
})
return data
}()
// 测试配置:路由和服务组合配置(使用 _rules_、_match_route_ 和 _match_service_
var routeAndServiceLevelConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_route_": []string{"route-a"},
"_match_service_": []string{"service-a:8080"},
"allow": []string{"consumer1"},
},
{
"_match_route_": []string{"route-b"},
"_match_service_": []string{"service-b:9090"},
"allow": []string{"consumer2"},
},
},
})
return data
}()
// 测试配置:混合级别配置
var mixedLevelConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
{
"name": "consumer2",
"credential": "guest:abc",
},
{
"name": "consumer3",
"credential": "user:def",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_route_": []string{"api-route"},
"allow": []string{"consumer1"},
},
{
"_match_domain_": []string{"*.example.com"},
"allow": []string{"consumer2"},
},
{
"_match_service_": []string{"internal-service:8080"},
"allow": []string{"consumer3"},
},
{
"_match_route_prefix_": []string{"web-"},
"allow": []string{"consumer1", "consumer2"},
},
},
})
return data
}()
// 测试配置:无效规则配置(缺少匹配条件)
var invalidRuleConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"allow": []string{"consumer1"},
// 缺少匹配条件
},
},
})
return data
}()
// 测试配置:无效规则配置(空的匹配条件)
var emptyMatchConfig = func() json.RawMessage {
data, _ := json.Marshal(map[string]interface{}{
"consumers": []map[string]interface{}{
{
"name": "consumer1",
"credential": "admin:123456",
},
},
"global_auth": false,
"_rules_": []map[string]interface{}{
{
"_match_route_": []string{},
"allow": []string{"consumer1"},
},
},
})
return data
}()
func TestParseGlobalConfig(t *testing.T) {
test.RunGoTest(t, func(t *testing.T) {
// 测试基本全局配置解析
t.Run("basic global config", func(t *testing.T) {
host, status := test.NewTestHost(basicGlobalConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试全局认证开启配置解析
t.Run("global auth true config", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试无效配置(缺少 consumers
t.Run("invalid config - missing consumers", func(t *testing.T) {
host, status := test.NewTestHost(invalidConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效配置(空的 consumers
t.Run("invalid config - empty consumers", func(t *testing.T) {
host, status := test.NewTestHost(emptyConsumersConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效配置(重复的 credential
t.Run("invalid config - duplicate credential", func(t *testing.T) {
host, status := test.NewTestHost(duplicateCredentialConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效配置(无效的 credential 格式)
t.Run("invalid config - invalid credential format", func(t *testing.T) {
host, status := test.NewTestHost(invalidCredentialFormatConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效配置(缺少 consumer name
t.Run("invalid config - missing consumer name", func(t *testing.T) {
host, status := test.NewTestHost(missingConsumerNameConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效配置(空的 consumer name
t.Run("invalid config - empty consumer name", func(t *testing.T) {
host, status := test.NewTestHost(emptyConsumerNameConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效配置(空的 credential
t.Run("invalid config - empty credential", func(t *testing.T) {
host, status := test.NewTestHost(emptyCredentialConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
})
}
func TestParseOverrideRuleConfig(t *testing.T) {
test.RunGoTest(t, func(t *testing.T) {
// 测试路由鉴权配置解析
t.Run("route auth config", func(t *testing.T) {
host, status := test.NewTestHost(routeAuthConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试域名鉴权配置解析
t.Run("domain auth config", func(t *testing.T) {
host, status := test.NewTestHost(domainAuthConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试无效配置(空的 allow 列表)
t.Run("invalid config - empty allow list", func(t *testing.T) {
host, status := test.NewTestHost(emptyAllowConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
})
}
func TestParseRuleConfig(t *testing.T) {
test.RunGoTest(t, func(t *testing.T) {
// 测试路由级别配置解析
t.Run("route level config", func(t *testing.T) {
host, status := test.NewTestHost(routeLevelConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试域名级别配置解析
t.Run("domain level config", func(t *testing.T) {
host, status := test.NewTestHost(domainLevelConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试服务级别配置解析
t.Run("service level config", func(t *testing.T) {
host, status := test.NewTestHost(serviceLevelConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试路由前缀级别配置解析
t.Run("route prefix level config", func(t *testing.T) {
host, status := test.NewTestHost(routePrefixLevelConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试路由和服务组合配置解析
t.Run("route and service level config", func(t *testing.T) {
host, status := test.NewTestHost(routeAndServiceLevelConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试混合级别配置解析
t.Run("mixed level config", func(t *testing.T) {
host, status := test.NewTestHost(mixedLevelConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
config, err := host.GetMatchConfig()
require.NoError(t, err)
require.NotNil(t, config)
})
// 测试无效规则配置(缺少匹配条件)
t.Run("invalid rule config - missing match conditions", func(t *testing.T) {
host, status := test.NewTestHost(invalidRuleConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
// 测试无效规则配置(空的匹配条件)
t.Run("invalid rule config - empty match conditions", func(t *testing.T) {
host, status := test.NewTestHost(emptyMatchConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusFailed, status)
})
})
}
func TestOnHttpRequestHeaders(t *testing.T) {
test.RunTest(t, func(t *testing.T) {
// 测试缺少 Authorization 头的情况
t.Run("missing authorization header", func(t *testing.T) {
host, status := test.NewTestHost(basicGlobalConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,不包含 Authorization
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
})
// 应该返回 ActionContinue因为 global_auth 为 false 且没有配置 allow
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试空的 Authorization 头的情况
t.Run("empty authorization header", func(t *testing.T) {
host, status := test.NewTestHost(basicGlobalConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含空的 Authorization
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", ""},
})
// 应该返回 ActionContinue因为 global_auth 为 false 且没有配置 allow
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试无效的 Authorization 头格式(缺少 Basic 前缀)
t.Run("invalid authorization format - missing basic prefix", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含无效的 Authorization 格式
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Bearer token123"},
})
// 应该返回 ActionContinue因为 global_auth 为 true
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试无效的 Authorization 头格式(无效的 base64
t.Run("invalid authorization format - invalid base64", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含无效的 base64 编码
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic invalid-base64"},
})
// 应该返回 ActionContinue因为 global_auth 为 true
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试无效的凭证格式(缺少密码部分)
t.Run("invalid credential format - missing password", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含无效的凭证格式
encodedCredential := base64.StdEncoding.EncodeToString([]byte("admin"))
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为 global_auth 为 true
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试无效的用户名(未配置的用户名)
t.Run("invalid username - not configured", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含未配置的用户名
encodedCredential := base64.StdEncoding.EncodeToString([]byte("unknown:password"))
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为 global_auth 为 true
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试无效的密码(错误的密码)
t.Run("invalid password - wrong password", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含错误的密码
encodedCredential := base64.StdEncoding.EncodeToString([]byte("admin:wrongpassword"))
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为 global_auth 为 true
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试有效的凭证(全局认证开启,无 allow 配置)
t.Run("valid credentials - global auth true, no allow config", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含有效的凭证
encodedCredential := base64.StdEncoding.EncodeToString([]byte("admin:123456"))
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为凭证有效
require.Equal(t, types.ActionContinue, action)
// 注意在测试框架中proxywasm.AddHttpRequestHeader 可能不会立即反映在 host.GetRequestHeaders() 中
// 这是因为测试框架可能没有完全模拟插件的执行环境
// 我们主要验证插件的行为逻辑,而不是具体的请求头修改
host.CompleteHttp()
})
// 测试有效的凭证(全局认证关闭,有 allow 配置)
t.Run("valid credentials - global auth false, with allow config", func(t *testing.T) {
// 这里需要先设置全局配置,然后设置路由配置
// 由于测试框架的限制,我们直接测试路由配置
host, status := test.NewTestHost(routeAuthConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含有效的凭证
encodedCredential := base64.StdEncoding.EncodeToString([]byte("admin:123456"))
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为凭证有效且在 allow 列表中
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
// 测试有效的凭证但不在 allow 列表中的情况
t.Run("valid credentials but not in allow list", func(t *testing.T) {
host, status := test.NewTestHost(routeAuthConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 设置请求头,包含有效的凭证但不在 allow 列表中
encodedCredential := base64.StdEncoding.EncodeToString([]byte("guest:abc"))
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为凭证有效但不在 allow 列表中
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
})
})
}
func TestCompleteFlow(t *testing.T) {
test.RunTest(t, func(t *testing.T) {
t.Run("complete basic auth flow", func(t *testing.T) {
host, status := test.NewTestHost(globalAuthTrueConfig)
defer host.Reset()
require.Equal(t, types.OnPluginStartStatusOK, status)
// 1. 测试缺少认证信息的情况
action := host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
})
// 应该返回 ActionContinue因为 global_auth 为 true
require.Equal(t, types.ActionContinue, action)
host.CompleteHttp()
// 2. 测试有效认证的情况
encodedCredential := base64.StdEncoding.EncodeToString([]byte("admin:123456"))
action = host.CallOnHttpRequestHeaders([][2]string{
{":authority", "example.com"},
{":path", "/api/test"},
{":method", "GET"},
{"authorization", "Basic " + encodedCredential},
})
// 应该返回 ActionContinue因为凭证有效
require.Equal(t, types.ActionContinue, action)
// 验证是否添加了 X-Mse-Consumer 请求头
requestHeaders := host.GetRequestHeaders()
require.True(t, test.HasHeaderWithValue(requestHeaders, "X-Mse-Consumer", "consumer1"))
host.CompleteHttp()
})
})
}