Revert "fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2)"
Some checks failed
lint.yml / Revert "fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2)" (push) Failing after 0s
Some checks failed
lint.yml / Revert "fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2)" (push) Failing after 0s
This reverts commit66026ab. Closes #2 as resolved by switching the dev LNbits to TLS (self-signed cert) instead of carving out plain HTTP for RFC1918 hosts. With HTTPS the producer-side python-lnurl validation accepts any host, AND the lnbits-core consumer-side `lnurlscan` accepts it too — the symmetric problem the carve-out couldn't solve on its own. `create_lnurl_from_baseurl` (#1, `e9d911e`) is kept — it's orthogonal to the transport scheme and still wanted for the nostr-transport `lnurl=null` fix.
This commit is contained in:
parent
0e06ab2087
commit
2877cf6b20
3 changed files with 5 additions and 107 deletions
|
|
@ -1,67 +0,0 @@
|
|||
"""
|
||||
Unit tests for the private-network HTTP detector that gates the
|
||||
plain-HTTP carve-out in `create_lnurl_from_baseurl`. See #2.
|
||||
|
||||
The full encode path is exercised end-to-end during regtest smoke;
|
||||
these tests cover the pure host-classification logic so changes to
|
||||
the carve-out boundary (e.g., adding `.onion`) can be regression-tested
|
||||
without spinning up a wallet/settings fixture.
|
||||
"""
|
||||
|
||||
import pytest
|
||||
|
||||
from ..helpers import _is_private_network_http
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"url",
|
||||
[
|
||||
"http://localhost/withdraw/api/v1/lnurl/abc",
|
||||
"http://localhost:5000/withdraw/api/v1/lnurl/abc",
|
||||
"http://127.0.0.1/withdraw/api/v1/lnurl/abc",
|
||||
"http://127.0.0.1:5000/withdraw/api/v1/lnurl/abc",
|
||||
"http://10.0.0.5:5000/withdraw/api/v1/lnurl/abc",
|
||||
"http://172.16.0.5:5000/withdraw/api/v1/lnurl/abc",
|
||||
"http://172.31.255.255:5000/withdraw/api/v1/lnurl/abc",
|
||||
"http://192.168.0.32:5001/withdraw/api/v1/lnurl/abc",
|
||||
"http://192.168.255.255/withdraw/api/v1/lnurl/abc",
|
||||
],
|
||||
)
|
||||
def test_is_private_network_http_accepts_loopback_and_rfc1918(url):
|
||||
assert _is_private_network_http(url) is True
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"url",
|
||||
[
|
||||
# Public IPv4
|
||||
"http://8.8.8.8/withdraw/api/v1/lnurl/abc",
|
||||
"http://1.1.1.1/withdraw/api/v1/lnurl/abc",
|
||||
# Just-outside RFC1918
|
||||
"http://11.0.0.1/withdraw/api/v1/lnurl/abc",
|
||||
"http://172.15.0.1/withdraw/api/v1/lnurl/abc",
|
||||
"http://172.32.0.1/withdraw/api/v1/lnurl/abc",
|
||||
"http://192.167.0.1/withdraw/api/v1/lnurl/abc",
|
||||
"http://192.169.0.1/withdraw/api/v1/lnurl/abc",
|
||||
# Public hostnames (not an IP literal, not localhost)
|
||||
"http://example.com/withdraw/api/v1/lnurl/abc",
|
||||
"http://lnbits.example.com/withdraw/api/v1/lnurl/abc",
|
||||
],
|
||||
)
|
||||
def test_is_private_network_http_rejects_public_hosts(url):
|
||||
assert _is_private_network_http(url) is False
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"url",
|
||||
[
|
||||
"https://localhost/withdraw/api/v1/lnurl/abc",
|
||||
"https://127.0.0.1/withdraw/api/v1/lnurl/abc",
|
||||
"https://192.168.0.32/withdraw/api/v1/lnurl/abc",
|
||||
"https://example.com/withdraw/api/v1/lnurl/abc",
|
||||
],
|
||||
)
|
||||
def test_is_private_network_http_rejects_https_scheme(url):
|
||||
"""Detector only fires for `http://`. `https://` always takes the
|
||||
validated `lnurl_encode` path (which accepts any host)."""
|
||||
assert _is_private_network_http(url) is False
|
||||
Loading…
Add table
Add a link
Reference in a new issue