Add a CORS vtc

8d87ecbc · Nils Goroll · 279f2dcb · 8d87ecbc · 8d87ecbc
Unverified Commit 8d87ecbc authored Mar 23, 2021 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 544 additions and 0 deletions

Makefile.am src/Makefile.am +1 -0

plain_cors.vtc src/vtc/plain_cors.vtc +543 -0

No files found.
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,6 +12,7 @@ vmod_get_h_LDADD = -ldl

 TESTS = \
 	vtc/plain.vtc \
+	vtc/plain_cors.vtc \
 	vtc/name_hash.vtc \
 	vtc/expires.vtc \
 	vtc/done.vtc

--- a/src/vtc/plain_cors.vtc
+++ b/src/vtc/plain_cors.vtc
+varnishtest "plain.vtc but with Origin header"
+
+barrier b1 cond 2
+barrier b2 cond 2
+
+server s1 {
+	rxreq
+	txresp
+	expect req.method == PUT
+	expect req.bodylen == 100
+} -start
+
+server s2 {
+	rxreq
+	txresp
+	expect req.method == PUT
+	expect req.url == /vtc
+	expect req.bodylen == 100
+} -start
+
+server s3 {
+	rxreq
+	txresp
+	expect req.method == PUT
+	expect req.url == /concat
+	expect req.bodylen == 200
+} -start
+
+server s4 {
+	rxreq
+	txresp
+	expect req.method == PUT
+	expect req.url == /empty-single
+	expect req.bodylen == 0
+} -start
+
+varnish v1 -vcl+backend {
+	import tus;
+
+	sub vcl_init {
+	    new tmp = tus.server("http://localhost",
+		basedir="/tmp/tus_plain_origin", max = 3145B);
+	}
+	sub vcl_backend_fetch {
+		if (bereq.url ~ "^/tus") {
+			set bereq.backend = s1;
+		} else if (bereq.url == "/vtc") {
+			set bereq.backend = s2;
+		} else if (bereq.url == "/concat") {
+			set bereq.backend = s3;
+		} else if (bereq.url == "/empty-single") {
+			set bereq.backend = s4;
+		} else {
+			return (abandon);
+		}
+	}
+	sub vcl_recv {
+	    if (tmp.recv(id=req.http.id)) {
+		return(pass);
+	    } else {
+		return(synth(4200));
+	    }
+	}
+	sub meta {
+	    set resp.http.has-filename = tmp.has_metadata("filename");
+	    set resp.http.has-is_confidential =
+		tmp.has_metadata("is_confidential");
+	    set resp.http.has-filenamee = tmp.has_metadata("filenamee");
+	    set resp.http.has-filenam = tmp.has_metadata("filenam");
+	}
+	sub vcl_synth {
+	    if (resp.status == 4200) {
+		call meta;
+		tmp.synth();
+		tmp.sync();
+		return (deliver);
+	    }
+	}
+	sub vcl_deliver {
+	    call meta;
+	    tmp.deliver();
+	}
+} -start
+
+# dynamic file name complete post
+client c1 {
+	txreq	-method POST \
+		-hdr "Upload-Length: 100" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-bodylen 100
+	rxresp
+	expect resp.status == 201
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 100
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Location ~ "^http://localhost/tus"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# POST/PATCH test with vtc-provided ID
+client c2 {
+	# clean out
+	txreq	-url "/vtc" \
+		-method DELETE \
+		-hdr "Content-Length: 0" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	# partial Upload with create
+	txreq	-method POST \
+		-hdr "Upload-Metadata: filename d29ybGRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential" \
+		-hdr "Upload-Length: 100" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Id: vtc" \
+		-bodylen 40
+	rxresp
+	expect resp.status == 201
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 40
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+	## XXX only for HEAD?
+	expect resp.http.Upload-Metadata == "filename d29ybGRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential"
+	expect resp.http.Location == "http://localhost/vtc"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	expect resp.http.has-filename == true
+	expect resp.http.has-is_confidential == true
+	expect resp.http.has-filenamee == false
+	expect resp.http.has-filenam == false
+
+	# finish upload
+	txreq	-method PATCH -url "/vtc" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Upload-Length: 100" \
+		-hdr "Upload-Offset: 40" \
+		-bodylen 60
+	rxresp
+	expect resp.status == 204
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 100
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+	## XXX only for HEAD?
+	expect resp.http.Upload-Metadata == "filename d29ybGRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	expect resp.http.has-filename == true
+	expect resp.http.has-is_confidential == true
+	expect resp.http.has-filenamee == false
+	expect resp.http.has-filenam == false
+} -start
+
+# part1
+client c3 {
+	# clean out
+	txreq	-url "/part1" \
+		-method DELETE \
+		-hdr "Content-Length: 0" \
+		-hdr "Tus-Resumable: 1.0.0"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == <undef>
+
+	txreq	-method POST \
+		-hdr "Upload-Length: 100" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Id: part1" \
+		-hdr "Upload-Concat: partial" \
+		-bodylen 40
+	rxresp
+
+	barrier b1 sync
+
+	expect resp.status == 201
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 40
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Location == "http://localhost/part1"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	txreq	-method HEAD -url "/part1" \
+		-hdr "Upload-Length: 100" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	expect resp.status == 200
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 40
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+
+	# finish upload
+	txreq	-method PATCH -url "/part1" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Upload-Length: 100" \
+		-hdr "Upload-Offset: 40" \
+		-bodylen 60
+	rxresp
+	expect resp.status == 204
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 100
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# part2
+client c4 {
+	# clean out
+	txreq	-url "/part2" \
+		-method DELETE \
+		-hdr "Content-Length: 0" \
+		-hdr "Tus-Resumable: 1.0.0"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == <undef>
+
+	txreq	-method POST \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Id: part2" \
+		-hdr "Upload-Defer-Length: 1" \
+		-hdr "Upload-Concat: partial"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	barrier b2 sync
+
+	expect resp.status == 201
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Defer-Length == 1
+	expect resp.http.Upload-Length == <undef>
+	expect resp.http.Upload-Offset == 0
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Location == "http://localhost/part2"
+
+	txreq	-method HEAD -url "/part2" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+
+	expect resp.status == 200
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Defer-Length == 1
+	expect resp.http.Upload-Length == <undef>
+	expect resp.http.Upload-Offset == 0
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Upload-Concat == partial
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	# upload
+	txreq	-method PATCH -url "/part2" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Upload-Length: 100" \
+		-hdr "Upload-Offset: 0" \
+		-bodylen 100
+	rxresp
+	expect resp.status == 204
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 100
+	expect resp.http.Upload-Length == 100
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# concat
+client c5 {
+	# clean out
+	txreq	-url "/concat" \
+		-method DELETE \
+		-hdr "Content-Length: 0" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	barrier b1 sync
+	barrier b2 sync
+
+	txreq	-url / \
+		-method POST \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Id: concat" \
+		-hdr "Upload-Concat: final;   /part1  /part2"
+	rxresp
+	expect resp.status == 201
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 200
+	expect resp.http.Upload-Length == 200
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Location == "http://localhost/concat"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	txreq	-url /concat \
+		-method HEAD \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 200
+	expect resp.http.Upload-Length == 200
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Upload-Concat == "final;http://localhost/part1 http://localhost/part2"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	# fail patch on concat
+	txreq	-url /concat \
+		-method PATCH \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.status == 403
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Upload-Offset == <undef>
+	expect resp.http.Upload-Length == <undef>
+	expect resp.http.Upload-Expires == <undef>
+	expect resp.http.Location == <undef>
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# bad concat
+client c6 {
+	txreq	-url / \
+		-method POST \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Id:badconcat" \
+		-hdr "Upload-Concat: final;/foo"
+	rxresp
+	expect resp.status == 400
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == <undef>
+	expect resp.http.Upload-Length == <undef>
+	expect resp.http.Upload-Expires == <undef>
+	expect resp.http.Location == <undef>
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	txreq	-url / \
+		-method POST \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Id:badconcat2" \
+		-hdr "Upload-Concat: final;"
+	rxresp
+	expect resp.status == 400
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == <undef>
+	expect resp.http.Upload-Length == <undef>
+	expect resp.http.Upload-Expires == <undef>
+	expect resp.http.Location == <undef>
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# exceeding max size
+client c7 {
+	txreq	-method POST \
+		-hdr "Upload-Length: 3146" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-bodylen 3146
+	rxresp
+	expect resp.status == 413
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	## XXX correct?
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == <undef>
+	expect resp.http.Upload-Length == <undef>
+	expect resp.http.Upload-Expires == <undef>
+	expect resp.http.Location == <undef>
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# checksum despite not supported
+client c8 {
+	txreq	-method POST \
+		-hdr "Upload-Length: 100" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Upload-Checksum: md5 ABCD" \
+		-bodylen 100
+	rxresp
+	expect resp.status == 400
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+client c9 {
+	# clean out
+	txreq	-url "/empty-single" \
+		-method DELETE \
+		-hdr "Content-Length: 0" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	txreq	-method POST \
+		-hdr "Upload-Length: 0" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Id: empty-single" \
+		-hdr "Content-Type: application/offset+octet-stream" \
+		-hdr "Content-Length: 0"
+	rxresp
+	expect resp.status == 201
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Tus-Checksum-Algorithm == <undef>
+	expect resp.http.Tus-Max-Size == 3145
+	expect resp.http.Upload-Offset == 0
+	expect resp.http.Upload-Length == 0
+	expect resp.http.Upload-Expires ~ "GMT$"
+	expect resp.http.Location ~ "^http://localhost/empty-single"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# bad metadata fmt
+client c10 {
+	txreq	-method POST \
+		-hdr "Upload-Metadata: filename d29y!GRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream"
+	rxresp
+	expect resp.status == 400
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	txreq	-method POST \
+		-hdr "Upload-Metadata: filename,filename" \
+		-hdr "Tus-Resumable: 1.0.0" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream"
+	rxresp
+	expect resp.status == 400
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+# missing / bad version
+client c11 {
+	txreq	-method POST \
+		-hdr "Tus-Resumable: 1.0.1" \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream"
+	rxresp
+	expect resp.status == 412
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+
+	txreq	-method POST \
+		-hdr "Origin: http://my-cors-origin" \
+		-hdr "Content-Type: application/offset+octet-stream"
+	rxresp
+	expect resp.status == 412
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+} -start
+
+client c1 -wait
+client c2 -wait
+client c3 -wait
+client c4 -wait
+client c5 -wait
+client c6 -wait
+client c7 -wait
+client c8 -wait
+client c9 -wait
+client c10 -wait
+client c11 -wait