mirror of
https://github.com/ipfs/kubo.git
synced 2026-02-22 02:47:48 +08:00
9386fdcdfb
* fix(cli): support HTTPS in ipfs --api
Closes #10539
* chore: go-ipfs-cmds v0.14.1
https://github.com/ipfs/go-ipfs-cmds/releases/tag/v0.14.1
* docs: ipfs --api example
* test(cli): https rpc support
makes sure we dont have regression where HTTPS endpoint
starts getting cleartext requests
(cherry picked from commit 3b098b969a)
47 lines
1.3 KiB
Go
47 lines
1.3 KiB
Go
package cli
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/ipfs/kubo/test/cli/harness"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestCLIWithRemoteHTTPS(t *testing.T) {
|
|
tests := []struct{ addrSuffix string }{{"https"}, {"tls/http"}}
|
|
for _, tt := range tests {
|
|
t.Run("with "+tt.addrSuffix+" multiaddr", func(t *testing.T) {
|
|
|
|
// Create HTTPS test server
|
|
server := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.TLS == nil {
|
|
t.Error("Mocked Kubo RPC received plain HTTP request instead of HTTPS TLS Handshake")
|
|
}
|
|
_, _ = w.Write([]byte("OK"))
|
|
}))
|
|
defer server.Close()
|
|
|
|
serverURL, _ := url.Parse(server.URL)
|
|
_, port, _ := net.SplitHostPort(serverURL.Host)
|
|
|
|
// Create Kubo repo
|
|
node := harness.NewT(t).NewNode().Init()
|
|
|
|
// Attempt to talk to remote Kubo RPC endpoint over HTTPS
|
|
resp := node.RunIPFS("id", "--api", fmt.Sprintf("/ip4/127.0.0.1/tcp/%s/%s", port, tt.addrSuffix))
|
|
|
|
// Expect HTTPS error (confirming TLS and https:// were used, and not Cleartext HTTP)
|
|
require.Error(t, resp.Err)
|
|
require.Contains(t, resp.Stderr.String(), "Error: tls: failed to verify certificate: x509: certificate signed by unknown authority")
|
|
|
|
node.StopDaemon()
|
|
|
|
})
|
|
}
|
|
}
|