diff --git a/lib/anubis_test.go b/lib/anubis_test.go index 35faa163..4d5415e8 100644 --- a/lib/anubis_test.go +++ b/lib/anubis_test.go @@ -13,6 +13,7 @@ import ( "github.com/TecharoHQ/anubis/data" "github.com/TecharoHQ/anubis/internal" "github.com/TecharoHQ/anubis/lib/policy" + "github.com/TecharoHQ/anubis/lib/policy/config" ) func loadPolicies(t *testing.T, fname string) *policy.ParsedConfig { @@ -393,3 +394,42 @@ func TestBasePrefix(t *testing.T) { }) } } + +func TestCloudflareWorkersRule(t *testing.T) { + for _, variant := range []string{"cel", "header"} { + t.Run(variant, func(t *testing.T) { + pol := loadPolicies(t, "./testdata/cloudflare-workers-"+variant+".yaml") + + h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintln(w, "OK") + }) + + s, err := New(Options{ + Next: h, + Policy: pol, + ServeRobotsTXT: true, + }) + if err != nil { + t.Fatalf("can't construct libanubis.Server: %v", err) + } + + t.Run("no-cf-worker-header", func(t *testing.T) { + req, err := http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatal(err) + } + + req.Header.Add("X-Real-Ip", "127.0.0.1") + + cr, _, err := s.check(req) + if err != nil { + t.Fatal(err) + } + + if cr.Rule != config.RuleAllow { + t.Errorf("rule is wrong, wanted %s, got: %s", config.RuleAllow, cr.Rule) + } + }) + }) + } +} diff --git a/lib/testdata/cloudflare-workers-cel.yaml b/lib/testdata/cloudflare-workers-cel.yaml new file mode 100644 index 00000000..123b634d --- /dev/null +++ b/lib/testdata/cloudflare-workers-cel.yaml @@ -0,0 +1,4 @@ +bots: +- name: cloudflare-workers + expression: '"Cf-Worker" in headers' + action: DENY \ No newline at end of file diff --git a/lib/testdata/cloudflare-workers-header.yaml b/lib/testdata/cloudflare-workers-header.yaml new file mode 100644 index 00000000..89bc069d --- /dev/null +++ b/lib/testdata/cloudflare-workers-header.yaml @@ -0,0 +1,5 @@ +bots: +- name: cloudflare-workers + headers_regex: + CF-Worker: .* + action: DENY \ No newline at end of file