diff options
Diffstat (limited to 'service/http')
-rw-r--r-- | service/http/config.go | 31 | ||||
-rw-r--r-- | service/http/config_test.go | 80 | ||||
-rw-r--r-- | service/http/ssl_test.go | 215 |
3 files changed, 312 insertions, 14 deletions
diff --git a/service/http/config.go b/service/http/config.go index d9adf727..54380d11 100644 --- a/service/http/config.go +++ b/service/http/config.go @@ -15,19 +15,7 @@ type Config struct { Address string // SSL defines https server options. - SSL struct { - // Port to listen as HTTPS server, defaults to 443. - Port int - - // Redirect when enabled forces all http connections to switch to https. - Redirect bool - - // Key defined private server key. - Key string - - // Cert is https certificate. - Cert string - } + SSL SSLConfig // MaxRequest specified max size for payload body in megabytes, set 0 to unlimited. MaxRequest int64 @@ -39,6 +27,21 @@ type Config struct { Workers *roadrunner.ServerConfig } +// SSLConfig defines https server configuration. +type SSLConfig struct { + // Port to listen as HTTPS server, defaults to 443. + Port int + + // Redirect when enabled forces all http connections to switch to https. + Redirect bool + + // Key defined private server key. + Key string + + // Cert is https certificate. + Cert string +} + // EnableTLS returns true if rr must listen TLS connections. func (c *Config) EnableTLS() bool { return c.SSL.Key != "" || c.SSL.Cert != "" @@ -107,7 +110,7 @@ func (c *Config) Valid() error { if _, err := os.Stat(c.SSL.Cert); err != nil { if os.IsNotExist(err) { - return fmt.Errorf("cert file '%s' does not exists", c.SSL.Key) + return fmt.Errorf("cert file '%s' does not exists", c.SSL.Cert) } return err diff --git a/service/http/config_test.go b/service/http/config_test.go index 823efb32..07901cb6 100644 --- a/service/http/config_test.go +++ b/service/http/config_test.go @@ -51,6 +51,86 @@ func Test_Config_Valid(t *testing.T) { assert.NoError(t, cfg.Valid()) } +func Test_Config_Valid_SSL(t *testing.T) { + cfg := &Config{ + Address: ":8080", + SSL: SSLConfig{ + Cert: "fixtures/server.crt", + Key: "fixtures/server.key", + }, + MaxRequest: 1024, + Uploads: &UploadsConfig{ + Dir: os.TempDir(), + Forbid: []string{".go"}, + }, + Workers: &roadrunner.ServerConfig{ + Command: "php tests/client.php echo pipes", + Relay: "pipes", + Pool: &roadrunner.Config{ + NumWorkers: 1, + AllocateTimeout: time.Second, + DestroyTimeout: time.Second, + }, + }, + } + + assert.Error(t, cfg.Hydrate(&testCfg{httpCfg: "{}"})) + + assert.NoError(t, cfg.Valid()) + assert.True(t, cfg.EnableTLS()) + assert.Equal(t, 443, cfg.SSL.Port) +} + +func Test_Config_SSL_No_key(t *testing.T) { + cfg := &Config{ + Address: ":8080", + SSL: SSLConfig{ + Cert: "fixtures/server.crt", + }, + MaxRequest: 1024, + Uploads: &UploadsConfig{ + Dir: os.TempDir(), + Forbid: []string{".go"}, + }, + Workers: &roadrunner.ServerConfig{ + Command: "php tests/client.php echo pipes", + Relay: "pipes", + Pool: &roadrunner.Config{ + NumWorkers: 1, + AllocateTimeout: time.Second, + DestroyTimeout: time.Second, + }, + }, + } + + assert.Error(t, cfg.Valid()) +} + +func Test_Config_SSL_No_Cert(t *testing.T) { + cfg := &Config{ + Address: ":8080", + SSL: SSLConfig{ + Key: "fixtures/server.key", + }, + MaxRequest: 1024, + Uploads: &UploadsConfig{ + Dir: os.TempDir(), + Forbid: []string{".go"}, + }, + Workers: &roadrunner.ServerConfig{ + Command: "php tests/client.php echo pipes", + Relay: "pipes", + Pool: &roadrunner.Config{ + NumWorkers: 1, + AllocateTimeout: time.Second, + DestroyTimeout: time.Second, + }, + }, + } + + assert.Error(t, cfg.Valid()) +} + func Test_Config_NoUploads(t *testing.T) { cfg := &Config{ Address: ":8080", diff --git a/service/http/ssl_test.go b/service/http/ssl_test.go new file mode 100644 index 00000000..5fcd19ce --- /dev/null +++ b/service/http/ssl_test.go @@ -0,0 +1,215 @@ +package http + +import ( + "testing" + "github.com/sirupsen/logrus/hooks/test" + "github.com/sirupsen/logrus" + "github.com/spiral/roadrunner/service" + "github.com/stretchr/testify/assert" + "time" + "net/http" + "io/ioutil" + "crypto/tls" +) + +var sslClient = &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, +} + +func Test_SSL_Service_Echo(t *testing.T) { + logger, _ := test.NewNullLogger() + logger.SetLevel(logrus.DebugLevel) + + c := service.NewContainer(logger) + c.Register(ID, &Service{}) + + assert.NoError(t, c.Init(&testCfg{httpCfg: `{ + "address": ":6029", + "ssl": { + "port": 6900, + "key": "fixtures/server.key", + "cert": "fixtures/server.crt" + }, + "workers":{ + "command": "php ../../tests/http/client.php echo pipes", + "pool": {"numWorkers": 1} + } + }`})) + + s, st := c.Get(ID) + assert.NotNil(t, s) + assert.Equal(t, service.StatusOK, st) + + // should do nothing + s.(*Service).Stop() + + go func() { c.Serve() }() + time.Sleep(time.Millisecond * 100) + defer c.Stop() + + req, err := http.NewRequest("GET", "https://localhost:6900?hello=world", nil) + assert.NoError(t, err) + + r, err := sslClient.Do(req) + assert.NoError(t, err) + defer r.Body.Close() + + b, err := ioutil.ReadAll(r.Body) + assert.NoError(t, err) + + assert.NoError(t, err) + assert.Equal(t, 201, r.StatusCode) + assert.Equal(t, "WORLD", string(b)) +} + +func Test_SSL_Service_NoRedirect(t *testing.T) { + logger, _ := test.NewNullLogger() + logger.SetLevel(logrus.DebugLevel) + + c := service.NewContainer(logger) + c.Register(ID, &Service{}) + + assert.NoError(t, c.Init(&testCfg{httpCfg: `{ + "address": ":6029", + "ssl": { + "port": 6900, + "key": "fixtures/server.key", + "cert": "fixtures/server.crt" + }, + "workers":{ + "command": "php ../../tests/http/client.php echo pipes", + "pool": {"numWorkers": 1} + } + }`})) + + s, st := c.Get(ID) + assert.NotNil(t, s) + assert.Equal(t, service.StatusOK, st) + + // should do nothing + s.(*Service).Stop() + + go func() { c.Serve() }() + time.Sleep(time.Millisecond * 100) + defer c.Stop() + + req, err := http.NewRequest("GET", "http://localhost:6029?hello=world", nil) + assert.NoError(t, err) + + r, err := sslClient.Do(req) + assert.NoError(t, err) + defer r.Body.Close() + + assert.Nil(t, r.TLS) + + b, err := ioutil.ReadAll(r.Body) + assert.NoError(t, err) + + assert.NoError(t, err) + assert.Equal(t, 201, r.StatusCode) + assert.Equal(t, "WORLD", string(b)) +} + +func Test_SSL_Service_Redirect(t *testing.T) { + logger, _ := test.NewNullLogger() + logger.SetLevel(logrus.DebugLevel) + + c := service.NewContainer(logger) + c.Register(ID, &Service{}) + + assert.NoError(t, c.Init(&testCfg{httpCfg: `{ + "address": ":6029", + "ssl": { + "port": 6900, + "redirect": true, + "key": "fixtures/server.key", + "cert": "fixtures/server.crt" + }, + "workers":{ + "command": "php ../../tests/http/client.php echo pipes", + "pool": {"numWorkers": 1} + } + }`})) + + s, st := c.Get(ID) + assert.NotNil(t, s) + assert.Equal(t, service.StatusOK, st) + + // should do nothing + s.(*Service).Stop() + + go func() { c.Serve() }() + time.Sleep(time.Millisecond * 100) + defer c.Stop() + + req, err := http.NewRequest("GET", "http://localhost:6029?hello=world", nil) + assert.NoError(t, err) + + r, err := sslClient.Do(req) + assert.NoError(t, err) + defer r.Body.Close() + + assert.NotNil(t, r.TLS) + + b, err := ioutil.ReadAll(r.Body) + assert.NoError(t, err) + + assert.NoError(t, err) + assert.Equal(t, 201, r.StatusCode) + assert.Equal(t, "WORLD", string(b)) +} + +func Test_SSL_Service_Push(t *testing.T) { + logger, _ := test.NewNullLogger() + logger.SetLevel(logrus.DebugLevel) + + c := service.NewContainer(logger) + c.Register(ID, &Service{}) + + assert.NoError(t, c.Init(&testCfg{httpCfg: `{ + "address": ":6029", + "ssl": { + "port": 6900, + "redirect": true, + "key": "fixtures/server.key", + "cert": "fixtures/server.crt" + }, + "workers":{ + "command": "php ../../tests/http/client.php push pipes", + "pool": {"numWorkers": 1} + } + }`})) + + s, st := c.Get(ID) + assert.NotNil(t, s) + assert.Equal(t, service.StatusOK, st) + + // should do nothing + s.(*Service).Stop() + + go func() { c.Serve() }() + time.Sleep(time.Millisecond * 100) + defer c.Stop() + + req, err := http.NewRequest("GET", "https://localhost:6900?hello=world", nil) + assert.NoError(t, err) + + r, err := sslClient.Do(req) + assert.NoError(t, err) + defer r.Body.Close() + + assert.NotNil(t, r.TLS) + + b, err := ioutil.ReadAll(r.Body) + assert.NoError(t, err) + + assert.Equal(t, "", r.Header.Get("http2-push")) + + assert.NoError(t, err) + assert.Equal(t, 201, r.StatusCode) + assert.Equal(t, "WORLD", string(b)) +} |