mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-05-08 14:36:13 +00:00
c394938f01
Move per-connection lifecycle out of the controller and into a new service.WebSocketService. The controller is now HTTP-layer only: authenticate, validate origin, upgrade, and hand the connection off. - web/service/websocket.go (new): owns the read/write pumps, hub registration, and connection lifetime. Pump constants are prefixed (wsWriteWait, wsPongWait, wsPingPeriod, wsClientReadLimit) to avoid collisions in the larger service package namespace. - web/controller/websocket.go: trimmed to the upgrader, same-origin check, auth gate, and hand-off to the service. - web/web.go: wires controller.NewWebSocketController(service.NewWebSocketService(hub)). The hub package (web/websocket) stays as low-level fan-out infrastructure. Behavior is unchanged — this is a structural cleanup to align with the rest of the codebase's controller/service split. Also includes a small range-int modernization in login_limiter_test.go that gopls flagged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
75 lines
2.3 KiB
Go
75 lines
2.3 KiB
Go
package controller
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestLoginLimiterBlocksAfterConfiguredFailures(t *testing.T) {
|
|
now := time.Date(2026, 5, 6, 12, 0, 0, 0, time.UTC)
|
|
limiter := newLoginLimiter(5, 5*time.Minute, 15*time.Minute)
|
|
limiter.now = func() time.Time { return now }
|
|
|
|
for i := range 4 {
|
|
if _, blocked := limiter.registerFailure("192.0.2.10", "Admin"); blocked {
|
|
t.Fatalf("failure %d should not block yet", i+1)
|
|
}
|
|
if _, ok := limiter.allow("192.0.2.10", "admin"); !ok {
|
|
t.Fatalf("failure %d should still allow login attempts", i+1)
|
|
}
|
|
}
|
|
|
|
blockedUntil, blocked := limiter.registerFailure("192.0.2.10", "ADMIN")
|
|
if !blocked {
|
|
t.Fatal("fifth failure should start cooldown")
|
|
}
|
|
if want := now.Add(15 * time.Minute); !blockedUntil.Equal(want) {
|
|
t.Fatalf("blocked until %s, want %s", blockedUntil, want)
|
|
}
|
|
if _, ok := limiter.allow("192.0.2.10", "admin"); ok {
|
|
t.Fatal("login should be blocked during cooldown")
|
|
}
|
|
|
|
now = blockedUntil
|
|
if _, ok := limiter.allow("192.0.2.10", "admin"); !ok {
|
|
t.Fatal("login should be allowed after cooldown")
|
|
}
|
|
}
|
|
|
|
func TestLoginLimiterPrunesOldFailuresAndResetsOnSuccess(t *testing.T) {
|
|
now := time.Date(2026, 5, 6, 12, 0, 0, 0, time.UTC)
|
|
limiter := newLoginLimiter(5, 5*time.Minute, 15*time.Minute)
|
|
limiter.now = func() time.Time { return now }
|
|
|
|
for range 4 {
|
|
limiter.registerFailure("192.0.2.10", "admin")
|
|
}
|
|
now = now.Add(6 * time.Minute)
|
|
if _, blocked := limiter.registerFailure("192.0.2.10", "admin"); blocked {
|
|
t.Fatal("old failures should be pruned outside the rolling window")
|
|
}
|
|
|
|
limiter.registerSuccess("192.0.2.10", "admin")
|
|
for i := range 4 {
|
|
if _, blocked := limiter.registerFailure("192.0.2.10", "admin"); blocked {
|
|
t.Fatalf("success should reset previous failures; failure %d blocked", i+1)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestLoginLimiterSeparatesIPAndUsername(t *testing.T) {
|
|
now := time.Date(2026, 5, 6, 12, 0, 0, 0, time.UTC)
|
|
limiter := newLoginLimiter(5, 5*time.Minute, 15*time.Minute)
|
|
limiter.now = func() time.Time { return now }
|
|
|
|
for range 5 {
|
|
limiter.registerFailure("192.0.2.10", "admin")
|
|
}
|
|
if _, ok := limiter.allow("192.0.2.11", "admin"); !ok {
|
|
t.Fatal("different IP should not be blocked")
|
|
}
|
|
if _, ok := limiter.allow("192.0.2.10", "other-admin"); !ok {
|
|
t.Fatal("different username should not be blocked")
|
|
}
|
|
}
|