Reject recovery via untrusted XFF

2026-02-18 00:17:39 +01:00 · 2026-02-04 15:01:09 +00:00
parent b35de694bb
commit d257815564
1 changed files with 25 additions and 0 deletions
--- a/internal/api/recovery_proxy_bypass_test.go
+++ b/internal/api/recovery_proxy_bypass_test.go
@@ -0,0 +1,25 @@
+package api
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestRecoveryEndpointRejectsForwardedLoopbackFromUntrustedProxy(t *testing.T) {
+	router := newRecoveryRouter(t)
+
+	// No trusted proxies configured; forwarded loopback should be rejected.
+	req := httptest.NewRequest(http.MethodPost, "/api/security/recovery", strings.NewReader(`{"action":"status"}`))
+	req.RemoteAddr = "203.0.113.77:12345"
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("X-Forwarded-For", "127.0.0.1")
+	rec := httptest.NewRecorder()
+
+	router.mux.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusForbidden {
+		t.Fatalf("expected 403 for forwarded loopback from untrusted proxy, got %d", rec.Code)
+	}
+}