01203e7188
The change in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24199 caused requests coming from a load balancer to arrive as 127.0.0.1 instead of the actual IP. `Rack::Request#ip` behaves slightly differently different than `ActionDispatch::Request#remote_ip`: the former will return the first X-Forwarded-For IP if all of the IPs are trusted proxies, while the second one filters out all proxies and falls back to REMOTE_ADDR, which is 127.0.0.1. For now, we can revert back to using `Rack::Request` because these middlewares don't manipulate parameters. The actual fix problem involves fixing Rails: https://github.com/rails/rails/issues/28436. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58573
86 lines
2.2 KiB
Ruby
86 lines
2.2 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Gitlab::Middleware::BasicHealthCheck do
|
|
let(:app) { double(:app) }
|
|
let(:middleware) { described_class.new(app) }
|
|
let(:env) { {} }
|
|
|
|
describe '#call' do
|
|
context 'outside IP' do
|
|
before do
|
|
env['REMOTE_ADDR'] = '8.8.8.8'
|
|
end
|
|
|
|
it 'returns a 404' do
|
|
env['PATH_INFO'] = described_class::HEALTH_PATH
|
|
|
|
response = middleware.call(env)
|
|
|
|
expect(response[0]).to eq(404)
|
|
end
|
|
|
|
it 'forwards the call for other paths' do
|
|
env['PATH_INFO'] = '/'
|
|
|
|
expect(app).to receive(:call)
|
|
|
|
middleware.call(env)
|
|
end
|
|
end
|
|
|
|
context 'with X-Forwarded-For headers' do
|
|
let(:load_balancer_ip) { '1.2.3.4' }
|
|
|
|
before do
|
|
env['HTTP_X_FORWARDED_FOR'] = "#{load_balancer_ip}, 127.0.0.1"
|
|
env['REMOTE_ADDR'] = '127.0.0.1'
|
|
env['PATH_INFO'] = described_class::HEALTH_PATH
|
|
end
|
|
|
|
it 'returns 200 response when endpoint is allowed' do
|
|
allow(Settings.monitoring).to receive(:ip_whitelist).and_return([load_balancer_ip])
|
|
expect(app).not_to receive(:call)
|
|
|
|
response = middleware.call(env)
|
|
|
|
expect(response[0]).to eq(200)
|
|
expect(response[1]).to eq({ 'Content-Type' => 'text/plain' })
|
|
expect(response[2]).to eq(['GitLab OK'])
|
|
end
|
|
|
|
it 'returns 404 when whitelist is not configured' do
|
|
allow(Settings.monitoring).to receive(:ip_whitelist).and_return([])
|
|
|
|
response = middleware.call(env)
|
|
|
|
expect(response[0]).to eq(404)
|
|
end
|
|
end
|
|
|
|
context 'whitelisted IP' do
|
|
before do
|
|
env['REMOTE_ADDR'] = '127.0.0.1'
|
|
end
|
|
|
|
it 'returns 200 response when endpoint is hit' do
|
|
env['PATH_INFO'] = described_class::HEALTH_PATH
|
|
|
|
expect(app).not_to receive(:call)
|
|
|
|
response = middleware.call(env)
|
|
|
|
expect(response[0]).to eq(200)
|
|
expect(response[1]).to eq({ 'Content-Type' => 'text/plain' })
|
|
expect(response[2]).to eq(['GitLab OK'])
|
|
end
|
|
|
|
it 'forwards the call for other paths' do
|
|
env['PATH_INFO'] = '/-/readiness'
|
|
|
|
expect(app).to receive(:call)
|
|
|
|
middleware.call(env)
|
|
end
|
|
end
|
|
end
|
|
end
|