package cliutil

import (

"context"

"net/http"

"net/http/httptest"

"net/netip"

"testing"

"github.com/stretchr/testify/require"

"github.com/coder/coder/v2/coderd/httpapi"

"github.com/coder/coder/v2/testutil"

)

func TestIPV4Check(t *testing.T) {

t.Parallel()

srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

httpapi.Write(context.Background(), w, http.StatusOK, awsIPRangesResponse{

IPV4Prefixes: []awsIPv4Prefix{

{

Prefix: "3.24.0.0/14",

},

{

Prefix: "15.230.15.29/32",

},

{

Prefix: "47.128.82.100/31",

},

},

IPV6Prefixes: []awsIPv6Prefix{

{

Prefix: "2600:9000:5206::/48",

},

{

Prefix: "2406:da70:8800::/40",

},

{

Prefix: "2600:1f68:5000::/40",

},

},

})

}))

t.Cleanup(srv.Close)

ctx := testutil.Context(t, testutil.WaitShort)

ranges, err := FetchAWSIPRanges(ctx, srv.URL)

require.NoError(t, err)

t.Run("Private/IPV4", func(t *testing.T) {

t.Parallel()

ip, err := netip.ParseAddr("192.168.0.1")

require.NoError(t, err)

isAws := ranges.CheckIP(ip)

require.False(t, isAws)

})

t.Run("AWS/IPV4", func(t *testing.T) {

t.Parallel()

ip, err := netip.ParseAddr("3.25.61.113")

require.NoError(t, err)

isAws := ranges.CheckIP(ip)

require.True(t, isAws)

})

t.Run("NonAWS/IPV4", func(t *testing.T) {

t.Parallel()

ip, err := netip.ParseAddr("159.196.123.40")

require.NoError(t, err)

isAws := ranges.CheckIP(ip)

require.False(t, isAws)

})

t.Run("Private/IPV6", func(t *testing.T) {

t.Parallel()

ip, err := netip.ParseAddr("::1")

require.NoError(t, err)

isAws := ranges.CheckIP(ip)

require.False(t, isAws)

})

t.Run("AWS/IPV6", func(t *testing.T) {

t.Parallel()

ip, err := netip.ParseAddr("2600:9000:5206:0001:0000:0000:0000:0001")

require.NoError(t, err)

isAws := ranges.CheckIP(ip)

require.True(t, isAws)

})

t.Run("NonAWS/IPV6", func(t *testing.T) {

t.Parallel()

ip, err := netip.ParseAddr("2403:5807:885f:0:a544:49d4:58f8:aedf")

require.NoError(t, err)

isAws := ranges.CheckIP(ip)

require.False(t, isAws)

})

}