steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity
Files
dc8999730773c584c7f074f489bcc2826f6a6cd2
restic-manager/internal/server/config/config_test.go
T
steve 41a4043af3 server: drop in-process TLS — HTTP-only behind reverse proxy 
Self-hosted deployments already terminate TLS at Caddy/Traefik/nginx;
making the server do TLS too means double cert config, dual ACME
plumbing, and an untested code path. Drop RM_TLS_CERT/RM_TLS_KEY,
remove TLSEnabled() and the ListenAndServeTLS branch.

Replace the cookie's "Secure if TLS-in-process" check with a new
RM_COOKIE_SECURE flag (default true). Local HTTP-only testing sets
RM_COOKIE_SECURE=false; production is always behind a TLS proxy and
the cookie stays Secure.

Default port :8443 → :8080. docker-compose binds 127.0.0.1 only and
populates RM_TRUSTED_PROXY. spec.md §4.1/§10.1 rewritten with a
Caddyfile snippet and a hard "do not expose RM_LISTEN publicly"
warning. enrollResponse keeps cert_pin_sha256 in the shape but the
server can't introspect a cert it doesn't terminate — operator
pastes the proxy's hash into -cert-pin at install time.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 11:20:41 +01:00

104 lines
2.3 KiB
Go
Raw Blame History

package config
import (
"path/filepath"
"testing"
)
func TestDefaultsValid(t *testing.T) {
t.Setenv("RM_LISTEN", ":8080")
t.Setenv("RM_DATA_DIR", "/tmp/rm-test")
c, err := Load("")
if err != nil {
t.Fatalf("load: %v", err)
}
if c.Listen != ":8080" {
t.Errorf("listen: %q", c.Listen)
}
if c.SecretKeyFile != "/tmp/rm-test/secret.key" {
t.Errorf("secret_key_file default: %q", c.SecretKeyFile)
}
}
func TestEnvOverridesYAML(t *testing.T) {
dir := t.TempDir()
yamlPath := filepath.Join(dir, "rm.yaml")
body := []byte(`listen: ":7000"` + "\n" +
`data_dir: "/var/lib/rm"` + "\n" +
`base_url: "https://yaml.example"` + "\n")
if err := writeFile(yamlPath, body); err != nil {
t.Fatal(err)
}
t.Setenv("RM_LISTEN", ":9999")
t.Setenv("RM_BASE_URL", "https://env.example")
c, err := Load(yamlPath)
if err != nil {
t.Fatalf("load: %v", err)
}
if c.Listen != ":9999" {
t.Errorf("env should win: %q", c.Listen)
}
if c.BaseURL != "https://env.example" {
t.Errorf("env should win: %q", c.BaseURL)
}
if c.DataDir != "/var/lib/rm" {
t.Errorf("yaml should fill: %q", c.DataDir)
}
}
func TestTrustedProxyParsing(t *testing.T) {
t.Setenv("RM_LISTEN", ":8080")
t.Setenv("RM_DATA_DIR", "/tmp/x")
t.Setenv("RM_TRUSTED_PROXY", "10.0.0.0/8, 192.168.1.0/24")
c, err := Load("")
if err != nil {
t.Fatalf("load: %v", err)
}
if len(c.TrustedProxies) != 2 {
t.Fatalf("want 2 proxies, got %v", c.TrustedProxies)
}
if c.TrustedProxies[0] != "10.0.0.0/8" || c.TrustedProxies[1] != "192.168.1.0/24" {
t.Errorf("parsed: %v", c.TrustedProxies)
}
}
func TestTrustedProxyRejectsGarbage(t *testing.T) {
t.Setenv("RM_LISTEN", ":8080")
t.Setenv("RM_DATA_DIR", "/tmp/x")
t.Setenv("RM_TRUSTED_PROXY", "not-a-cidr")
if _, err := Load(""); err == nil {
t.Fatal("expected validation error, got nil")
}
}
func TestCookieSecureDefaultAndOverride(t *testing.T) {
t.Setenv("RM_LISTEN", ":8080")
t.Setenv("RM_DATA_DIR", "/tmp/x")
c, err := Load("")
if err != nil {
t.Fatalf("load: %v", err)
}
if !c.CookieSecure {
t.Errorf("CookieSecure should default to true")
}
t.Setenv("RM_COOKIE_SECURE", "false")
c, err = Load("")
if err != nil {
t.Fatalf("load: %v", err)
}
if c.CookieSecure {
t.Errorf("CookieSecure should be false when RM_COOKIE_SECURE=false")
}
}
func writeFile(path string, body []byte) error {
return writeFileImpl(path, body)
}
Reference in New Issue View Git Blame Copy Permalink