test: upd geoIP test

2025-12-23 22:27:46 -05:00 · 2025-10-12 14:20:43 +03:00
parent 2e6aa32858
commit 1e5d6d9e3d
2 changed files with 29 additions and 15 deletions
--- a/common_test.go
+++ b/common_test.go
@@ -4,8 +4,9 @@ import "net/http"

 const (
 	geoIPdata  = "GeoLite2-Country.mmdb"
-	googleUSIP = "74.125.131.105"
 	localIP    = "127.0.0.1"
+	aliCNIP    = "47.88.198.38"
+	googleUSIP = "74.125.131.105"
 	testURL    = "http://example.com"
 	torListURL = "https://cdn.nws.neurodyne.pro/nws-cdn-ut8hw561/waf/torbulkexitlist" // custom TOR list URL for testing
 )
--- a/handler_test.go
+++ b/handler_test.go
@@ -66,31 +66,44 @@ func TestBlockedRequestPhase1_GeoIPBlocking(t *testing.T) {
 	geoIPBlock, err := geoIPHandler.LoadGeoIPDatabase(geoIPdata)
 	assert.NoError(t, err)

+	state := &WAFState{}
+
 	middleware := &Middleware{
 		logger:       logger,
+		ipBlacklist:  iptrie.NewTrie(),
 		geoIPHandler: geoIPHandler,
 		CountryBlock: CountryAccessFilter{
 			Enabled:     true,
-			CountryList: []string{"US"},
+			CountryList: []string{"US", "RU"},
 			GeoIPDBPath: geoIPdata, // Path to a test GeoIP database
 			geoIP:       geoIPBlock,
 		},
 		CustomResponses: customResponse,
 	}

-	// Simulate a request from a blocked country (US)
-	req := httptest.NewRequest("GET", testURL, nil)
-	req.RemoteAddr = googleUSIP
 	w := httptest.NewRecorder()
-	state := &WAFState{}

-	// Process the request in Phase 1
-	middleware.handlePhase(w, req, 1, state)
+	t.Run("Allow unblocked CN by GeoIP", func(t *testing.T) {
+		req := httptest.NewRequest("GET", testURL, nil)
+		req.RemoteAddr = aliCNIP

-	// Verify that the request was blocked
-	assert.True(t, state.Blocked, "Request should be blocked")
-	assert.Equal(t, http.StatusForbidden, w.Code, "Expected status code 403")
-	assert.Contains(t, w.Body.String(), "Access Denied", "Response body should contain 'Access Denied'")
+		// Process the request in Phase 1
+		middleware.handlePhase(w, req, 1, state)
+		assert.False(t, state.Blocked, "Request should be allowed")
+	})
+
+	t.Run("Block US IP by GeoIP", func(t *testing.T) {
+		req := httptest.NewRequest("GET", testURL, nil)
+		req.RemoteAddr = googleUSIP
+
+		// Process the request in Phase 1
+		middleware.handlePhase(w, req, 1, state)
+
+		// Verify that the request was blocked
+		assert.True(t, state.Blocked, "Request should be blocked")
+		assert.Equal(t, http.StatusForbidden, w.Code, "Expected status code 403")
+		assert.Contains(t, w.Body.String(), "Access Denied", "Response body should contain 'Access Denied'")
+	})
 }

 func TestBlockedRequestPhase1_IPBlocking(t *testing.T) {
@@ -133,11 +146,11 @@ func TestBlockedRequestPhase1_IPBlocking(t *testing.T) {
 			CustomResponses: customResponse,
 		}

-		req0 := httptest.NewRequest("GET", testURL, nil)
-		req0.RemoteAddr = "192.168.1.1"
+		req := httptest.NewRequest("GET", testURL, nil)
+		req.RemoteAddr = "192.168.1.1"

 		// Process the request in Phase 1
-		middleware.handlePhase(w, req0, 1, state)
+		middleware.handlePhase(w, req, 1, state)

 		// Verify that the request was blocked
 		assert.True(t, state.Blocked, "Request should be blocked")