2014-11-16 20:13:20 +00:00
|
|
|
// Copyright (C) 2014 The Syncthing Authors.
|
2014-10-06 10:03:49 +00:00
|
|
|
//
|
2015-03-07 20:36:35 +00:00
|
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
2017-02-09 06:52:18 +00:00
|
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
2014-10-06 10:03:49 +00:00
|
|
|
|
2021-08-17 08:10:41 +00:00
|
|
|
//go:build integration
|
2014-10-06 10:03:49 +00:00
|
|
|
// +build integration
|
|
|
|
|
2014-12-17 11:31:03 +00:00
|
|
|
package integration
|
2014-10-06 10:03:49 +00:00
|
|
|
|
|
|
|
import (
|
2015-04-04 17:06:20 +00:00
|
|
|
"bytes"
|
2021-11-22 07:59:47 +00:00
|
|
|
"io"
|
2014-10-06 10:03:49 +00:00
|
|
|
"net/http"
|
2021-11-22 07:59:47 +00:00
|
|
|
"os"
|
2014-10-06 10:03:49 +00:00
|
|
|
"strings"
|
|
|
|
"testing"
|
2015-05-23 18:15:54 +00:00
|
|
|
|
2015-09-22 17:38:46 +00:00
|
|
|
"github.com/syncthing/syncthing/lib/protocol"
|
2015-08-06 09:29:25 +00:00
|
|
|
"github.com/syncthing/syncthing/lib/rc"
|
2014-10-06 10:03:49 +00:00
|
|
|
)
|
|
|
|
|
2017-11-13 00:00:06 +00:00
|
|
|
func TestHTTPGetIndex(t *testing.T) {
|
2015-06-18 13:22:45 +00:00
|
|
|
p := startInstance(t, 2)
|
|
|
|
defer checkedStop(t, p)
|
2014-10-06 10:03:49 +00:00
|
|
|
|
2015-11-12 02:20:34 +00:00
|
|
|
// Check for explicit index.html
|
2015-06-18 13:22:45 +00:00
|
|
|
|
|
|
|
res, err := http.Get("http://localhost:8082/index.html")
|
2014-10-06 10:03:49 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
t.Errorf("Status %d != 200", res.StatusCode)
|
|
|
|
}
|
2021-11-22 07:59:47 +00:00
|
|
|
bs, err := io.ReadAll(res.Body)
|
2015-04-04 17:06:20 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if len(bs) < 1024 {
|
|
|
|
t.Errorf("Length %d < 1024", len(bs))
|
|
|
|
}
|
|
|
|
if !bytes.Contains(bs, []byte("</html>")) {
|
|
|
|
t.Error("Incorrect response")
|
2014-10-06 10:03:49 +00:00
|
|
|
}
|
|
|
|
if res.Header.Get("Set-Cookie") == "" {
|
|
|
|
t.Error("No set-cookie header")
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
|
2015-06-18 13:22:45 +00:00
|
|
|
// Check for implicit index.html
|
|
|
|
|
|
|
|
res, err = http.Get("http://localhost:8082/")
|
2014-10-06 10:03:49 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
t.Errorf("Status %d != 200", res.StatusCode)
|
|
|
|
}
|
2021-11-22 07:59:47 +00:00
|
|
|
bs, err = io.ReadAll(res.Body)
|
2015-04-04 17:06:20 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if len(bs) < 1024 {
|
|
|
|
t.Errorf("Length %d < 1024", len(bs))
|
|
|
|
}
|
|
|
|
if !bytes.Contains(bs, []byte("</html>")) {
|
|
|
|
t.Error("Incorrect response")
|
2014-10-06 10:03:49 +00:00
|
|
|
}
|
|
|
|
if res.Header.Get("Set-Cookie") == "" {
|
|
|
|
t.Error("No set-cookie header")
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
}
|
|
|
|
|
2017-11-13 00:00:06 +00:00
|
|
|
func TestHTTPGetIndexAuth(t *testing.T) {
|
2015-06-18 13:22:45 +00:00
|
|
|
p := startInstance(t, 1)
|
|
|
|
defer checkedStop(t, p)
|
2014-10-06 10:03:49 +00:00
|
|
|
|
|
|
|
// Without auth should give 401
|
|
|
|
|
|
|
|
res, err := http.Get("http://127.0.0.1:8081/")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 401 {
|
|
|
|
t.Errorf("Status %d != 401", res.StatusCode)
|
|
|
|
}
|
|
|
|
|
|
|
|
// With wrong username/password should give 401
|
|
|
|
|
|
|
|
req, err := http.NewRequest("GET", "http://127.0.0.1:8081/", nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
req.SetBasicAuth("testuser", "wrongpass")
|
|
|
|
|
|
|
|
res, err = http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 401 {
|
|
|
|
t.Fatalf("Status %d != 401", res.StatusCode)
|
|
|
|
}
|
|
|
|
|
|
|
|
// With correct username/password should succeed
|
|
|
|
|
|
|
|
req, err = http.NewRequest("GET", "http://127.0.0.1:8081/", nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
req.SetBasicAuth("testuser", "testpass")
|
|
|
|
|
|
|
|
res, err = http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
t.Fatalf("Status %d != 200", res.StatusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-13 00:00:06 +00:00
|
|
|
func TestHTTPOptions(t *testing.T) {
|
2016-01-26 07:05:24 +00:00
|
|
|
p := startInstance(t, 2)
|
|
|
|
defer checkedStop(t, p)
|
|
|
|
|
|
|
|
req, err := http.NewRequest("OPTIONS", "http://127.0.0.1:8082/rest/system/error/clear", nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res, err := http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 204 {
|
|
|
|
t.Fatalf("Status %d != 204 for OPTIONS", res.StatusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-13 00:00:06 +00:00
|
|
|
func TestHTTPPOSTWithoutCSRF(t *testing.T) {
|
2015-06-18 13:22:45 +00:00
|
|
|
p := startInstance(t, 2)
|
|
|
|
defer checkedStop(t, p)
|
2014-10-06 10:03:49 +00:00
|
|
|
|
|
|
|
// Should fail without CSRF
|
|
|
|
|
2015-04-06 08:23:27 +00:00
|
|
|
req, err := http.NewRequest("POST", "http://127.0.0.1:8082/rest/system/error/clear", nil)
|
2014-10-06 10:03:49 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res, err := http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 403 {
|
|
|
|
t.Fatalf("Status %d != 403 for POST", res.StatusCode)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get CSRF
|
|
|
|
|
|
|
|
req, err = http.NewRequest("GET", "http://127.0.0.1:8082/", nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res, err = http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
hdr := res.Header.Get("Set-Cookie")
|
2023-11-14 10:57:39 +00:00
|
|
|
id := res.Header.Get("X-Syncthing-ID")[:protocol.ShortIDStringLength]
|
2014-10-06 10:03:49 +00:00
|
|
|
if !strings.Contains(hdr, "CSRF-Token") {
|
|
|
|
t.Error("Missing CSRF-Token in", hdr)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should succeed with CSRF
|
|
|
|
|
2015-04-09 15:16:39 +00:00
|
|
|
req, err = http.NewRequest("POST", "http://127.0.0.1:8082/rest/system/error/clear", nil)
|
2014-10-06 10:03:49 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2015-06-30 18:38:27 +00:00
|
|
|
|
|
|
|
req.Header.Set("X-CSRF-Token-"+id, hdr[len("CSRF-Token-"+id+"="):])
|
2014-10-06 10:03:49 +00:00
|
|
|
res, err = http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
t.Fatalf("Status %d != 200 for POST", res.StatusCode)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should fail with incorrect CSRF
|
|
|
|
|
2015-04-06 08:23:27 +00:00
|
|
|
req, err = http.NewRequest("POST", "http://127.0.0.1:8082/rest/system/error/clear", nil)
|
2014-10-06 10:03:49 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2015-06-30 18:38:27 +00:00
|
|
|
req.Header.Set("X-CSRF-Token-"+id, hdr[len("CSRF-Token-"+id+"="):]+"X")
|
2014-10-06 10:03:49 +00:00
|
|
|
res, err = http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
res.Body.Close()
|
|
|
|
if res.StatusCode != 403 {
|
|
|
|
t.Fatalf("Status %d != 403 for POST", res.StatusCode)
|
|
|
|
}
|
|
|
|
}
|
2015-05-23 18:15:54 +00:00
|
|
|
|
2015-06-18 13:22:45 +00:00
|
|
|
func setupAPIBench() *rc.Process {
|
2015-05-23 18:15:54 +00:00
|
|
|
err := removeAll("s1", "s2", "h1/index*", "h2/index*")
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = generateFiles("s1", 25000, 20, "../LICENSE")
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2024-11-19 10:32:56 +00:00
|
|
|
err = os.WriteFile("s1/knownfile", []byte("somedatahere"), 0o644)
|
2015-05-23 18:15:54 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2015-06-18 13:22:45 +00:00
|
|
|
// This will panic if there is an actual failure to start, when we try to
|
|
|
|
// call nil.Fatal(...)
|
|
|
|
return startInstance(nil, 1)
|
2015-05-23 18:15:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func benchmarkURL(b *testing.B, url string) {
|
2015-06-18 13:22:45 +00:00
|
|
|
p := setupAPIBench()
|
|
|
|
defer p.Stop()
|
2015-05-23 18:15:54 +00:00
|
|
|
b.ResetTimer()
|
|
|
|
for i := 0; i < b.N; i++ {
|
2015-06-18 13:22:45 +00:00
|
|
|
_, err := p.Get(url)
|
2015-05-23 18:15:54 +00:00
|
|
|
if err != nil {
|
|
|
|
b.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkAPI_db_completion(b *testing.B) {
|
|
|
|
benchmarkURL(b, "/rest/db/completion?folder=default&device="+protocol.LocalDeviceID.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkAPI_db_file(b *testing.B) {
|
|
|
|
benchmarkURL(b, "/rest/db/file?folder=default&file=knownfile")
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkAPI_db_ignores(b *testing.B) {
|
|
|
|
benchmarkURL(b, "/rest/db/ignores?folder=default")
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkAPI_db_need(b *testing.B) {
|
|
|
|
benchmarkURL(b, "/rest/db/need?folder=default")
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkAPI_db_status(b *testing.B) {
|
|
|
|
benchmarkURL(b, "/rest/db/status?folder=default")
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkAPI_db_browse_dirsonly(b *testing.B) {
|
|
|
|
benchmarkURL(b, "/rest/db/browse?folder=default&dirsonly=true")
|
|
|
|
}
|