lqb
/
imgproxy
mirror of https://github.com/imgproxy/imgproxy.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512
							package stream

import (
	"context"
	"fmt"
	"io"
	"net/http"
	"net/http/httptest"
	"os"
	"path/filepath"
	"strconv"
	"testing"
	"time"

	"github.com/sirupsen/logrus"
	"github.com/stretchr/testify/suite"

	"github.com/imgproxy/imgproxy/v3/config"
	"github.com/imgproxy/imgproxy/v3/headerwriter"
	"github.com/imgproxy/imgproxy/v3/httpheaders"
	"github.com/imgproxy/imgproxy/v3/imagefetcher"
	"github.com/imgproxy/imgproxy/v3/options"
	"github.com/imgproxy/imgproxy/v3/transport"
)

const (
	testDataPath = "../../testdata"
)

type HandlerTestSuite struct {
	suite.Suite
	handler *Handler
}

func (s *HandlerTestSuite) SetupSuite() {
	config.Reset()
	config.AllowLoopbackSourceAddresses = true

	// Silence logs during tests
	logrus.SetOutput(io.Discard)
}

func (s *HandlerTestSuite) TearDownSuite() {
	config.Reset()
	logrus.SetOutput(os.Stdout)
}

func (s *HandlerTestSuite) SetupTest() {
	config.Reset()
	config.AllowLoopbackSourceAddresses = true

	tr, err := transport.NewTransport()
	s.Require().NoError(err)

	fetcher, err := imagefetcher.NewFetcher(tr, imagefetcher.NewConfigFromEnv())
	s.Require().NoError(err)

	s.handler = New(NewConfigFromEnv(), headerwriter.NewConfigFromEnv(), fetcher)
}

func (s *HandlerTestSuite) readTestFile(name string) []byte {
	data, err := os.ReadFile(filepath.Join(testDataPath, name))
	s.Require().NoError(err)
	return data
}

// TestHandlerBasicRequest checks basic streaming request
func (s *HandlerTestSuite) TestHandlerBasicRequest() {
	data := s.readTestFile("test1.png")

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set(httpheaders.ContentType, "image/png")
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{}

	err := s.handler.Execute(context.Background(), req, ts.URL, "request-1", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(200, res.StatusCode)
	s.Require().Equal("image/png", res.Header.Get(httpheaders.ContentType))

	// Verify we get the original image data
	actual := rw.Body.Bytes()
	s.Require().Equal(data, actual)
}

// TestHandlerResponseHeadersPassthrough checks that original response headers are
// passed through to the client
func (s *HandlerTestSuite) TestHandlerResponseHeadersPassthrough() {
	data := s.readTestFile("test1.png")
	contentLength := len(data)

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set(httpheaders.ContentType, "image/png")
		w.Header().Set(httpheaders.ContentLength, strconv.Itoa(contentLength))
		w.Header().Set(httpheaders.AcceptRanges, "bytes")
		w.Header().Set(httpheaders.Etag, "etag")
		w.Header().Set(httpheaders.LastModified, "Wed, 21 Oct 2015 07:28:00 GMT")
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{}

	err := s.handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(200, res.StatusCode)
	s.Require().Equal("image/png", res.Header.Get(httpheaders.ContentType))
	s.Require().Equal(strconv.Itoa(contentLength), res.Header.Get(httpheaders.ContentLength))
	s.Require().Equal("bytes", res.Header.Get(httpheaders.AcceptRanges))
	s.Require().Equal("etag", res.Header.Get(httpheaders.Etag))
	s.Require().Equal("Wed, 21 Oct 2015 07:28:00 GMT", res.Header.Get(httpheaders.LastModified))
}

// TestHandlerRequestHeadersPassthrough checks that original request headers are passed through
// to the server
func (s *HandlerTestSuite) TestHandlerRequestHeadersPassthrough() {
	etag := `"test-etag-123"`
	data := s.readTestFile("test1.png")

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Verify that If-None-Match header is passed through
		s.Equal(etag, r.Header.Get(httpheaders.IfNoneMatch))
		s.Equal("gzip", r.Header.Get(httpheaders.AcceptEncoding))
		s.Equal("bytes=*", r.Header.Get(httpheaders.Range))

		w.Header().Set(httpheaders.Etag, etag)
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	req.Header.Set(httpheaders.IfNoneMatch, etag)
	req.Header.Set(httpheaders.AcceptEncoding, "gzip")
	req.Header.Set(httpheaders.Range, "bytes=*")

	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{}

	err := s.handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(200, res.StatusCode)
	s.Require().Equal(etag, res.Header.Get(httpheaders.Etag))
}

// TestHandlerContentDisposition checks that Content-Disposition header is set correctly
func (s *HandlerTestSuite) TestHandlerContentDisposition() {
	data := s.readTestFile("test1.png")

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set(httpheaders.ContentType, "image/png")
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{
		Filename:         "custom_name",
		ReturnAttachment: true,
	}

	// Use a URL with a .png extension to help content disposition logic
	imageURL := ts.URL + "/test.png"
	err := s.handler.Execute(context.Background(), req, imageURL, "test-req-id", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(200, res.StatusCode)
	s.Require().Contains(res.Header.Get(httpheaders.ContentDisposition), "custom_name.png")
	s.Require().Contains(res.Header.Get(httpheaders.ContentDisposition), "attachment")
}

// TestHandlerCacheControl checks that Cache-Control header is set correctly in different cases
func (s *HandlerTestSuite) TestHandlerCacheControl() {
	type testCase struct {
		name                    string
		cacheControlPassthrough bool
		setupOriginHeaders      func(http.ResponseWriter)
		timestampOffset         *time.Duration // nil for no timestamp, otherwise the offset from now
		expectedStatusCode      int
		validate                func(*testing.T, *http.Response)
	}

	// Duration variables for test cases
	var (
		oneHour          = time.Hour
		thirtyMinutes    = 30 * time.Minute
		fortyFiveMinutes = 45 * time.Minute
		twoHours         = time.Hour * 2
		oneMinuteDelta   = float64(time.Minute)
	)

	// Set this explicitly for testing purposes
	config.TTL = 4242

	testCases := []testCase{
		{
			name:                    "Passthrough",
			cacheControlPassthrough: true,
			setupOriginHeaders: func(w http.ResponseWriter) {
				w.Header().Set(httpheaders.CacheControl, "max-age=3600, public")
			},
			timestampOffset:    nil,
			expectedStatusCode: 200,
			validate: func(t *testing.T, res *http.Response) {
				s.Require().Equal("max-age=3600, public", res.Header.Get(httpheaders.CacheControl))
			},
		},
		// Checks that expires gets convert to cache-control
		{
			name:                    "ExpiresPassthrough",
			cacheControlPassthrough: true,
			setupOriginHeaders: func(w http.ResponseWriter) {
				w.Header().Set(httpheaders.Expires, time.Now().Add(oneHour).UTC().Format(http.TimeFormat))
			},
			timestampOffset:    nil,
			expectedStatusCode: 200,
			validate: func(t *testing.T, res *http.Response) {
				// When expires is converted to cache-control, the expires header should be empty
				s.Require().Empty(res.Header.Get(httpheaders.Expires))
				s.Require().InDelta(oneHour, s.maxAgeValue(res), oneMinuteDelta)
			},
		},
		// It would be set to something like default ttl
		{
			name:                    "PassthroughDisabled",
			cacheControlPassthrough: false,
			setupOriginHeaders: func(w http.ResponseWriter) {
				w.Header().Set(httpheaders.CacheControl, "max-age=3600, public")
			},
			timestampOffset:    nil,
			expectedStatusCode: 200,
			validate: func(t *testing.T, res *http.Response) {
				s.Require().Equal(s.maxAgeValue(res), time.Duration(config.TTL)*time.Second)
			},
		},
		// When expires is set in processing options, but not present in the response
		{
			name:                    "WithProcessingOptionsExpires",
			cacheControlPassthrough: false,
			setupOriginHeaders:      func(w http.ResponseWriter) {}, // No origin headers
			timestampOffset:         &oneHour,
			expectedStatusCode:      200,
			validate: func(t *testing.T, res *http.Response) {
				s.Require().InDelta(oneHour, s.maxAgeValue(res), oneMinuteDelta)
			},
		},
		// When expires is set in processing options, and is present in the response,
		// and passthrough is enabled
		{
			name:                    "ProcessingOptionsOverridesOrigin",
			cacheControlPassthrough: true,
			setupOriginHeaders: func(w http.ResponseWriter) {
				// Origin has a longer cache time
				w.Header().Set(httpheaders.CacheControl, "max-age=7200, public")
			},
			timestampOffset:    &thirtyMinutes,
			expectedStatusCode: 200,
			validate: func(t *testing.T, res *http.Response) {
				s.Require().InDelta(thirtyMinutes, s.maxAgeValue(res), oneMinuteDelta)
			},
		},
		// When expires is not set in po, but both expires and cc are present in response,
		// and passthrough is enabled
		{
			name:                    "BothHeadersPassthroughEnabled",
			cacheControlPassthrough: true,
			setupOriginHeaders: func(w http.ResponseWriter) {
				// Origin has both Cache-Control and Expires headers
				w.Header().Set(httpheaders.CacheControl, "max-age=1800, public")
				w.Header().Set(httpheaders.Expires, time.Now().Add(oneHour).UTC().Format(http.TimeFormat))
			},
			timestampOffset:    nil,
			expectedStatusCode: 200,
			validate: func(t *testing.T, res *http.Response) {
				// Cache-Control should take precedence over Expires when both are present
				s.Require().InDelta(thirtyMinutes, s.maxAgeValue(res), oneMinuteDelta)
				s.Require().Empty(res.Header.Get(httpheaders.Expires))
			},
		},
		// When expires is set in PO AND both cache-control and expires are present in response,
		// and passthrough is enabled
		{
			name:                    "ProcessingOptionsOverridesBothOriginHeaders",
			cacheControlPassthrough: true,
			setupOriginHeaders: func(w http.ResponseWriter) {
				// Origin has both Cache-Control and Expires headers with longer cache times
				w.Header().Set(httpheaders.CacheControl, "max-age=7200, public")
				w.Header().Set(httpheaders.Expires, time.Now().Add(twoHours).UTC().Format(http.TimeFormat))
			},
			timestampOffset:    &fortyFiveMinutes, // Shorter than origin headers
			expectedStatusCode: 200,
			validate: func(t *testing.T, res *http.Response) {
				s.Require().InDelta(fortyFiveMinutes, s.maxAgeValue(res), oneMinuteDelta)
				s.Require().Empty(res.Header.Get(httpheaders.Expires))
			},
		},
		// No headers set
		{
			name:                    "NoOriginHeaders",
			cacheControlPassthrough: false,
			setupOriginHeaders:      func(w http.ResponseWriter) {}, // Origin has no cache headers
			timestampOffset:         nil,
			expectedStatusCode:      200,
			validate: func(t *testing.T, res *http.Response) {
				s.Require().Equal(s.maxAgeValue(res), time.Duration(config.TTL)*time.Second)
			},
		},
	}

	for _, tc := range testCases {
		s.Run(tc.name, func() {
			// Set config values for this test
			config.CacheControlPassthrough = tc.cacheControlPassthrough
			config.TTL = 4242 // Set consistent TTL for testing

			data := s.readTestFile("test1.png")

			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
				tc.setupOriginHeaders(w)
				w.Header().Set(httpheaders.ContentType, "image/png")
				w.WriteHeader(200)
				w.Write(data)
			}))
			defer ts.Close()

			// Create new handler with updated config for each test
			tr, err := transport.NewTransport()
			s.Require().NoError(err)

			fetcher, err := imagefetcher.NewFetcher(tr, imagefetcher.NewConfigFromEnv())
			s.Require().NoError(err)

			handler := New(NewConfigFromEnv(), headerwriter.NewConfigFromEnv(), fetcher)

			req := httptest.NewRequest("GET", "/", nil)
			rw := httptest.NewRecorder()
			po := &options.ProcessingOptions{}

			if tc.timestampOffset != nil {
				expires := time.Now().Add(*tc.timestampOffset)
				po.Expires = &expires
			}

			err = handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
			s.Require().NoError(err)

			res := rw.Result()
			s.Require().Equal(tc.expectedStatusCode, res.StatusCode)
			tc.validate(s.T(), res)
		})
	}
}

// maxAgeValue parses max-age from cache-control
func (s *HandlerTestSuite) maxAgeValue(res *http.Response) time.Duration {
	cacheControl := res.Header.Get(httpheaders.CacheControl)
	if cacheControl == "" {
		return 0
	}
	var maxAge int
	fmt.Sscanf(cacheControl, "max-age=%d", &maxAge)
	return time.Duration(maxAge) * time.Second
}

// TestHandlerSecurityHeaders tests the security headers set by the streaming service.
func (s *HandlerTestSuite) TestHandlerSecurityHeaders() {
	data := s.readTestFile("test1.png")

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set(httpheaders.ContentType, "image/png")
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{}

	err := s.handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(200, res.StatusCode)
	s.Require().Equal("script-src 'none'", res.Header.Get(httpheaders.ContentSecurityPolicy))
}

// TestHandlerErrorResponse tests the error responses from the streaming service.
func (s *HandlerTestSuite) TestHandlerErrorResponse() {
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(404)
		w.Write([]byte("Not Found"))
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{}

	err := s.handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(404, res.StatusCode)
}

// TestHandlerCookiePassthrough tests the cookie passthrough behavior of the streaming service.
func (s *HandlerTestSuite) TestHandlerCookiePassthrough() {
	// Enable cookie passthrough for this test
	config.CookiePassthrough = true
	defer func() {
		config.CookiePassthrough = false // Reset after test
	}()

	// Create new handler with updated config
	tr, err := transport.NewTransport()
	s.Require().NoError(err)

	fetcher, err := imagefetcher.NewFetcher(tr, imagefetcher.NewConfigFromEnv())
	s.Require().NoError(err)

	handler := New(NewConfigFromEnv(), headerwriter.NewConfigFromEnv(), fetcher)

	data := s.readTestFile("test1.png")

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Verify cookies are passed through
		cookie, cerr := r.Cookie("test_cookie")
		if cerr == nil {
			s.Equal("test_value", cookie.Value)
		}

		w.Header().Set(httpheaders.ContentType, "image/png")
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	req := httptest.NewRequest("GET", "/", nil)
	req.Header.Set(httpheaders.Cookie, "test_cookie=test_value")
	rw := httptest.NewRecorder()
	po := &options.ProcessingOptions{}

	err = handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
	s.Require().NoError(err)

	res := rw.Result()
	s.Require().Equal(200, res.StatusCode)
}

// TestHandlerCanonicalHeader tests that the canonical header is set correctly
func (s *HandlerTestSuite) TestHandlerCanonicalHeader() {
	data := s.readTestFile("test1.png")

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set(httpheaders.ContentType, "image/png")
		w.WriteHeader(200)
		w.Write(data)
	}))
	defer ts.Close()

	for _, sc := range []bool{true, false} {
		config.SetCanonicalHeader = sc

		// Create new handler with updated config
		tr, err := transport.NewTransport()
		s.Require().NoError(err)

		fetcher, err := imagefetcher.NewFetcher(tr, imagefetcher.NewConfigFromEnv())
		s.Require().NoError(err)

		handler := New(NewConfigFromEnv(), headerwriter.NewConfigFromEnv(), fetcher)

		req := httptest.NewRequest("GET", "/", nil)
		rw := httptest.NewRecorder()
		po := &options.ProcessingOptions{}

		err = handler.Execute(context.Background(), req, ts.URL, "test-req-id", po, rw)
		s.Require().NoError(err)

		res := rw.Result()
		s.Require().Equal(200, res.StatusCode)

		if sc {
			s.Require().Contains(res.Header.Get(httpheaders.Link), fmt.Sprintf(`<%s>; rel="canonical"`, ts.URL))
		} else {
			s.Require().Empty(res.Header.Get(httpheaders.Link))
		}
	}
}

func TestHandler(t *testing.T) {
	suite.Run(t, new(HandlerTestSuite))
}