Add test for blocking localhost

takahe/settings.py

@@ -477,18 +477,20 @@ TAKAHE_USER_AGENT = (
     f"(Takahe/{__version__}; +https://{SETUP.MAIN_DOMAIN}/)"
 )
 
-HTTP_BLOCKED_RANGES = map(
-    ipaddress.ip_network,
-    [
-        # All of these are RFC reserved ranges
-        # Pulled from Wikipedia
-        "0.0.0.0/8",  # Current network
-        "10.0.0.0/8",  # Private, local network
-        "100.64.0.0/10",  # Private, CGNAT
-        "127.0.0.0/8",  # Localhost
-        "169.254.0.0/16",  # Link-local address, zeroconf
-        "172.16.0.0/12",  # Private, local network
-    ],
+HTTP_BLOCKED_RANGES = list(
+    map(
+        ipaddress.ip_network,
+        [
+            # All of these are RFC reserved ranges
+            # Pulled from Wikipedia
+            "0.0.0.0/8",  # Current network
+            "10.0.0.0/8",  # Private, local network
+            "100.64.0.0/10",  # Private, CGNAT
+            "127.0.0.0/8",  # Localhost
+            "169.254.0.0/16",  # Link-local address, zeroconf
+            "172.16.0.0/12",  # Private, local network
+        ],
+    )
 )
 
 if SETUP.LOCAL_SETTINGS:

tests/core/test_httpy.py

@@ -3,7 +3,7 @@ import dataclasses
 
 import pytest
 
-from core.httpy import Client  # TODO: Test async client
+from core.httpy import BlockedIPError, Client  # TODO: Test async client
 
 
 @dataclasses.dataclass
@@ -28,9 +28,14 @@ def test_basics():
         assert resp.status_code == 200
 
 
-def test_signature(signing_actor):
+def test_signature_exists(signing_actor):
     with Client(actor=signing_actor) as client:
         resp = client.get("https://httpbin.org/headers")
         resp.raise_for_status()
         body = resp.json()
         assert "Signature" in body["headers"]
+
+
+def test_ip_block():
+    with pytest.raises(BlockedIPError), Client() as client:
+        client.get("http://localhost/")