http_acl/
lib.rs

1#![doc = include_str!("../README.md")]
2#![warn(missing_docs)]
3
4pub use ipnet::IpNet;
5
6pub mod acl;
7pub mod error;
8pub mod utils;
9
10pub use acl::{HttpAcl, HttpAclBuilder, HttpRequestMethod};
11pub use utils::IntoIpRange;
12
13#[cfg(test)]
14mod tests {
15    use super::HttpAclBuilder;
16    use ipnet::IpNet;
17
18    #[test]
19    fn acl() {
20        let acl = HttpAclBuilder::new()
21            .add_allowed_host("example.com".to_string())
22            .unwrap()
23            .add_allowed_host("example.org".to_string())
24            .unwrap()
25            .add_denied_host("example.net".to_string())
26            .unwrap()
27            .add_allowed_port_range(8080..=8080)
28            .unwrap()
29            .add_denied_port_range(8443..=8443)
30            .unwrap()
31            .add_allowed_ip_range("1.0.0.0/8".parse::<IpNet>().unwrap())
32            .unwrap()
33            .add_denied_ip_range("9.0.0.0/8".parse::<IpNet>().unwrap())
34            .unwrap()
35            .build();
36
37        assert!(acl.is_host_allowed("example.com").is_allowed());
38        assert!(acl.is_host_allowed("example.org").is_allowed());
39        assert!(!acl.is_host_allowed("example.net").is_allowed());
40        assert!(acl.is_port_allowed(8080).is_allowed());
41        assert!(!acl.is_port_allowed(8443).is_allowed());
42        assert!(acl.is_ip_allowed(&"1.1.1.1".parse().unwrap()).is_allowed());
43        assert!(acl.is_ip_allowed(&"9.9.9.9".parse().unwrap()).is_denied());
44        assert!(
45            acl.is_ip_allowed(&"192.168.1.1".parse().unwrap())
46                .is_denied()
47        );
48    }
49
50    #[test]
51    fn host_acl() {
52        let acl = HttpAclBuilder::new()
53            .add_allowed_host("example.com".to_string())
54            .unwrap()
55            .add_allowed_host("example.org".to_string())
56            .unwrap()
57            .add_denied_host("example.net".to_string())
58            .unwrap()
59            .build();
60
61        assert!(acl.is_host_allowed("example.com").is_allowed());
62        assert!(acl.is_host_allowed("example.org").is_allowed());
63        assert!(!acl.is_host_allowed("example.net").is_allowed());
64    }
65
66    #[test]
67    fn port_acl() {
68        let acl = HttpAclBuilder::new()
69            .clear_allowed_port_ranges()
70            .add_allowed_port_range(8080..=8080)
71            .unwrap()
72            .add_denied_port_range(8443..=8443)
73            .unwrap()
74            .build();
75
76        assert!(acl.is_port_allowed(8080).is_allowed());
77        assert!(!acl.is_port_allowed(8443).is_allowed());
78    }
79
80    #[test]
81    fn ip_acl() {
82        let acl = HttpAclBuilder::new()
83            .clear_allowed_ip_ranges()
84            .add_allowed_ip_range("1.0.0.0/8".parse::<IpNet>().unwrap())
85            .unwrap()
86            .add_denied_ip_range("9.0.0.0/8".parse::<IpNet>().unwrap())
87            .unwrap()
88            .build();
89
90        assert!(acl.is_ip_allowed(&"1.1.1.1".parse().unwrap()).is_allowed());
91        assert!(acl.is_ip_allowed(&"9.9.9.9".parse().unwrap()).is_denied());
92        assert!(
93            acl.is_ip_allowed(&"192.168.1.1".parse().unwrap())
94                .is_denied()
95        );
96    }
97
98    #[test]
99    fn private_ip_acl() {
100        let acl = HttpAclBuilder::new()
101            .private_ip_ranges(true)
102            .ip_acl_default(true)
103            .build();
104
105        assert!(
106            acl.is_ip_allowed(&"192.168.1.1".parse().unwrap())
107                .is_allowed()
108        );
109    }
110
111    #[test]
112    fn default_ip_acl() {
113        let acl = HttpAclBuilder::new().build();
114
115        assert!(
116            acl.is_ip_allowed(&"192.168.1.1".parse().unwrap())
117                .is_denied()
118        );
119        assert!(acl.is_ip_allowed(&"1.1.1.1".parse().unwrap()).is_denied());
120        assert!(!acl.is_port_allowed(8080).is_allowed());
121    }
122
123    #[test]
124    fn url_path_acl() {
125        let acl = HttpAclBuilder::new()
126            .add_allowed_url_path("/allowed".to_string())
127            .unwrap()
128            .add_allowed_url_path("/allowed/:id".to_string())
129            .unwrap()
130            .add_denied_url_path("/denied".to_string())
131            .unwrap()
132            .add_denied_url_path("/denied/{*path}".to_string())
133            .unwrap()
134            .build();
135
136        assert!(acl.is_url_path_allowed("/allowed").is_allowed());
137        assert!(acl.is_url_path_allowed("/allowed/allowed").is_allowed());
138        assert!(acl.is_url_path_allowed("/denied").is_denied());
139        assert!(acl.is_url_path_allowed("/denied/denied").is_denied());
140        assert!(acl.is_url_path_allowed("/denied/denied/denied").is_denied());
141    }
142
143    #[test]
144    fn header_acl() {
145        let acl = HttpAclBuilder::new()
146            .add_allowed_header("X-Allowed".to_string(), Some("true".to_string()))
147            .unwrap()
148            .add_allowed_header("X-Allowed2".to_string(), None)
149            .unwrap()
150            .add_denied_header("X-Denied".to_string(), Some("true".to_string()))
151            .unwrap()
152            .add_denied_header("X-Denied2".to_string(), None)
153            .unwrap()
154            .build();
155
156        assert!(acl.is_header_allowed("X-Allowed", "true").is_allowed());
157        assert!(acl.is_header_allowed("X-Allowed2", "false").is_allowed());
158        assert!(acl.is_header_allowed("X-Denied", "true").is_denied());
159        assert!(acl.is_header_allowed("X-Denied2", "false").is_denied());
160    }
161}
http_acl/lib.rs

http_acl/
lib.rs
