Add browser-friendly remote token bootstrap

This commit is contained in:
Dymas
2026-05-17 14:59:48 +02:00
parent c91db90c1b
commit 47480efa30
6 changed files with 130 additions and 4 deletions
+51
View File
@@ -51,6 +51,9 @@ class DummyHandler:
self.error_status = None
self.error_message = None
self.file_path = None
self.response_status = None
self.response_headers = []
self.wfile = io.BytesIO()
def ensure_client_access(self):
return APP.Handler.ensure_client_access(self)
@@ -75,6 +78,15 @@ class DummyHandler:
def exception(self, exc):
return APP.Handler.exception(self, exc)
def send_response(self, status):
self.response_status = status
def send_header(self, key, value):
self.response_headers.append((key, value))
def end_headers(self):
return None
class NetworkGuardTests(unittest.TestCase):
def test_runtime_bootstrap_is_deferred_until_initialize(self):
@@ -111,6 +123,45 @@ class NetworkGuardTests(unittest.TestCase):
):
APP.Handler.ensure_client_access(handler)
def test_remote_access_accepts_valid_cookie_token_for_non_local_clients(self):
handler = DummyHandler("/api/config")
handler.client_address = ("192.168.1.25", 8421)
handler.headers["Cookie"] = "ani_cli_web_token=secret-token"
with mock.patch.dict(
os.environ,
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
clear=False,
):
APP.Handler.ensure_client_access(handler)
def test_remote_access_accepts_valid_query_token_for_non_local_clients(self):
handler = DummyHandler("/api/config?token=secret-token")
handler.client_address = ("192.168.1.25", 8421)
with mock.patch.dict(
os.environ,
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
clear=False,
):
APP.Handler.ensure_client_access(handler)
def test_remote_get_bootstraps_cookie_and_redirects_when_query_token_valid(self):
handler = DummyHandler("/?token=secret-token")
handler.client_address = ("192.168.1.25", 8421)
with mock.patch.dict(
os.environ,
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
clear=False,
):
APP.Handler.do_GET(handler)
headers = dict(handler.response_headers)
self.assertEqual(handler.response_status, HTTPStatus.SEE_OTHER)
self.assertEqual(headers.get("Location"), "/")
self.assertIn("ani_cli_web_token=secret-token", headers.get("Set-Cookie", ""))
def test_loopback_proxy_with_forwarded_remote_ip_requires_token(self):
handler = DummyHandler("/api/config")
handler.client_address = ("127.0.0.1", 8421)