Use CIDR notation for admin and secure_gateway

2025-12-06 17:27:55 +00:00 · 2022-01-26 19:08:25 -08:00
parent dc213a4fab
commit 8f82b62e0d
11 changed files with 241 additions and 83 deletions
--- a/src/test/core/Config_test.cpp
+++ b/src/test/core/Config_test.cpp
@@ -810,11 +810,11 @@ trustthesevalidators.gov
        ParsedPort rpc;
        if (!unexcept([&]() { parse_Port(rpc, conf["port_rpc"], log); }))
            return;
-        BEAST_EXPECT(rpc.admin_ip && (rpc.admin_ip.value().size() == 2));
+        BEAST_EXPECT(rpc.admin_nets_v4.size() + rpc.admin_nets_v6.size() == 2);
        ParsedPort wss;
        if (!unexcept([&]() { parse_Port(wss, conf["port_wss_admin"], log); }))
            return;
-        BEAST_EXPECT(wss.admin_ip && (wss.admin_ip.value().size() == 1));
+        BEAST_EXPECT(wss.admin_nets_v4.size() + wss.admin_nets_v6.size() == 1);
    }

    void
--- a/src/test/jtx/envconfig.h
+++ b/src/test/jtx/envconfig.h
@@ -84,6 +84,10 @@ std::unique_ptr<Config> no_admin(std::unique_ptr<Config>);

 std::unique_ptr<Config> secure_gateway(std::unique_ptr<Config>);

+std::unique_ptr<Config> admin_localnet(std::unique_ptr<Config>);
+
+std::unique_ptr<Config> secure_gateway_localnet(std::unique_ptr<Config>);
+
 /// @brief adjust configuration with params needed to be a validator
 ///
 /// this is intended for use with envconfig, as in
--- a/src/test/jtx/impl/envconfig.cpp
+++ b/src/test/jtx/impl/envconfig.cpp
@@ -83,6 +83,24 @@ secure_gateway(std::unique_ptr<Config> cfg)
    return cfg;
 }

+std::unique_ptr<Config>
+admin_localnet(std::unique_ptr<Config> cfg)
+{
+    (*cfg)["port_rpc"].set("admin", "127.0.0.0/8");
+    (*cfg)["port_ws"].set("admin", "127.0.0.0/8");
+    return cfg;
+}
+
+std::unique_ptr<Config>
+secure_gateway_localnet(std::unique_ptr<Config> cfg)
+{
+    (*cfg)["port_rpc"].set("admin", "");
+    (*cfg)["port_ws"].set("admin", "");
+    (*cfg)["port_rpc"].set("secure_gateway", "127.0.0.0/8");
+    (*cfg)["port_ws"].set("secure_gateway", "127.0.0.0/8");
+    return cfg;
+}
+
 auto constexpr defaultseed = "shUwVw52ofnCUX5m7kPTKzJdr4HEH";

 std::unique_ptr<Config>
--- a/src/test/rpc/Roles_test.cpp
+++ b/src/test/rpc/Roles_test.cpp
@@ -269,6 +269,30 @@ class Roles_test : public beast::unit_test::suite
            BEAST_EXPECT(rpcRes["ip"] == "::11:22:33:44:45.55.65.75");
            BEAST_EXPECT(isValidIpAddress(rpcRes["ip"].asString()));
        }
+
+        {
+            Env env{*this, envconfig(admin_localnet)};
+            BEAST_EXPECT(env.rpc("ping")["result"]["role"] == "admin");
+            BEAST_EXPECT(makeWSClient(env.app().config())
+                             ->invoke("ping")["result"]["unlimited"]
+                             .asBool());
+        }
+
+        {
+            Env env{*this, envconfig(secure_gateway_localnet)};
+            BEAST_EXPECT(env.rpc("ping")["result"]["role"] == "proxied");
+            auto wsRes =
+                makeWSClient(env.app().config())->invoke("ping")["result"];
+            BEAST_EXPECT(
+                !wsRes.isMember("unlimited") || !wsRes["unlimited"].asBool());
+
+            std::unordered_map<std::string, std::string> headers;
+            headers["X-Forwarded-For"] = "12.34.56.78";
+            Json::Value rpcRes = env.rpc(headers, "ping")["result"];
+            BEAST_EXPECT(rpcRes["role"] == "proxied");
+            BEAST_EXPECT(rpcRes["ip"] == "12.34.56.78");
+            BEAST_EXPECT(isValidIpAddress(rpcRes["ip"].asString()));
+        }
    }

    void