135 lines
3.3 KiB
Go
135 lines
3.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// TestCORS_Headers 测试CORS中间件设置的响应头
|
|
func TestCORS_Headers(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
|
|
router := gin.New()
|
|
router.Use(CORS())
|
|
router.GET("/test", func(c *gin.Context) {
|
|
c.JSON(http.StatusOK, gin.H{"message": "success"})
|
|
})
|
|
|
|
req, _ := http.NewRequest("GET", "/test", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(w, req)
|
|
|
|
// 验证CORS响应头
|
|
expectedHeaders := map[string]string{
|
|
"Access-Control-Allow-Origin": "*",
|
|
"Access-Control-Allow-Credentials": "true",
|
|
"Access-Control-Allow-Methods": "POST, OPTIONS, GET, PUT, DELETE",
|
|
}
|
|
|
|
for header, expectedValue := range expectedHeaders {
|
|
actualValue := w.Header().Get(header)
|
|
if actualValue != expectedValue {
|
|
t.Errorf("Header %s = %q, want %q", header, actualValue, expectedValue)
|
|
}
|
|
}
|
|
|
|
// 验证Access-Control-Allow-Headers包含必要字段
|
|
allowHeaders := w.Header().Get("Access-Control-Allow-Headers")
|
|
if allowHeaders == "" {
|
|
t.Error("Access-Control-Allow-Headers 不应为空")
|
|
}
|
|
}
|
|
|
|
// TestCORS_OPTIONS 测试OPTIONS请求处理
|
|
func TestCORS_OPTIONS(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
|
|
router := gin.New()
|
|
router.Use(CORS())
|
|
router.GET("/test", func(c *gin.Context) {
|
|
c.JSON(http.StatusOK, gin.H{"message": "success"})
|
|
})
|
|
|
|
req, _ := http.NewRequest("OPTIONS", "/test", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(w, req)
|
|
|
|
// OPTIONS请求应该返回204状态码
|
|
if w.Code != http.StatusNoContent {
|
|
t.Errorf("OPTIONS请求状态码 = %d, want %d", w.Code, http.StatusNoContent)
|
|
}
|
|
}
|
|
|
|
// TestCORS_AllowMethods 测试允许的HTTP方法
|
|
func TestCORS_AllowMethods(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
|
|
router := gin.New()
|
|
router.Use(CORS())
|
|
router.GET("/test", func(c *gin.Context) {
|
|
c.JSON(http.StatusOK, gin.H{"message": "success"})
|
|
})
|
|
|
|
methods := []string{"GET", "POST", "PUT", "DELETE"}
|
|
for _, method := range methods {
|
|
t.Run(method, func(t *testing.T) {
|
|
req, _ := http.NewRequest(method, "/test", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(w, req)
|
|
|
|
// 验证允许的方法头包含该方法
|
|
allowMethods := w.Header().Get("Access-Control-Allow-Methods")
|
|
if allowMethods == "" {
|
|
t.Error("Access-Control-Allow-Methods 不应为空")
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestCORS_AllowHeaders 测试允许的请求头
|
|
func TestCORS_AllowHeaders(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
|
|
router := gin.New()
|
|
router.Use(CORS())
|
|
router.GET("/test", func(c *gin.Context) {
|
|
c.JSON(http.StatusOK, gin.H{"message": "success"})
|
|
})
|
|
|
|
req, _ := http.NewRequest("GET", "/test", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(w, req)
|
|
|
|
allowHeaders := w.Header().Get("Access-Control-Allow-Headers")
|
|
expectedHeaders := []string{"Content-Type", "Authorization", "Accept"}
|
|
|
|
for _, expectedHeader := range expectedHeaders {
|
|
if !contains(allowHeaders, expectedHeader) {
|
|
t.Errorf("Access-Control-Allow-Headers 应包含 %s", expectedHeader)
|
|
}
|
|
}
|
|
}
|
|
|
|
// 辅助函数:检查字符串是否包含子字符串(简单实现)
|
|
func contains(s, substr string) bool {
|
|
if len(substr) == 0 {
|
|
return true
|
|
}
|
|
if len(s) < len(substr) {
|
|
return false
|
|
}
|
|
for i := 0; i <= len(s)-len(substr); i++ {
|
|
if s[i:i+len(substr)] == substr {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|