From 28bf2540fcfd876bb90e21c0f014ad01c88e1b4a Mon Sep 17 00:00:00 2001
From: Jamie Bliss <jamie@ivyleav.es>
Date: Thu, 11 Jan 2024 21:49:14 -0500
Subject: [PATCH] Add test for blocking localhost

---
 takahe/settings.py       | 26 ++++++++++++++------------
 tests/core/test_httpy.py |  9 +++++++--
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/takahe/settings.py b/takahe/settings.py
index 655644d..947aae7 100644
--- a/takahe/settings.py
+++ b/takahe/settings.py
@@ -477,18 +477,20 @@ TAKAHE_USER_AGENT = (
     f"(Takahe/{__version__}; +https://{SETUP.MAIN_DOMAIN}/)"
 )
 
-HTTP_BLOCKED_RANGES = map(
-    ipaddress.ip_network,
-    [
-        # All of these are RFC reserved ranges
-        # Pulled from Wikipedia
-        "0.0.0.0/8",  # Current network
-        "10.0.0.0/8",  # Private, local network
-        "100.64.0.0/10",  # Private, CGNAT
-        "127.0.0.0/8",  # Localhost
-        "169.254.0.0/16",  # Link-local address, zeroconf
-        "172.16.0.0/12",  # Private, local network
-    ],
+HTTP_BLOCKED_RANGES = list(
+    map(
+        ipaddress.ip_network,
+        [
+            # All of these are RFC reserved ranges
+            # Pulled from Wikipedia
+            "0.0.0.0/8",  # Current network
+            "10.0.0.0/8",  # Private, local network
+            "100.64.0.0/10",  # Private, CGNAT
+            "127.0.0.0/8",  # Localhost
+            "169.254.0.0/16",  # Link-local address, zeroconf
+            "172.16.0.0/12",  # Private, local network
+        ],
+    )
 )
 
 if SETUP.LOCAL_SETTINGS:
diff --git a/tests/core/test_httpy.py b/tests/core/test_httpy.py
index bf5053a..d8d5a98 100644
--- a/tests/core/test_httpy.py
+++ b/tests/core/test_httpy.py
@@ -3,7 +3,7 @@ import dataclasses
 
 import pytest
 
-from core.httpy import Client  # TODO: Test async client
+from core.httpy import BlockedIPError, Client  # TODO: Test async client
 
 
 @dataclasses.dataclass
@@ -28,9 +28,14 @@ def test_basics():
         assert resp.status_code == 200
 
 
-def test_signature(signing_actor):
+def test_signature_exists(signing_actor):
     with Client(actor=signing_actor) as client:
         resp = client.get("https://httpbin.org/headers")
         resp.raise_for_status()
         body = resp.json()
         assert "Signature" in body["headers"]
+
+
+def test_ip_block():
+    with pytest.raises(BlockedIPError), Client() as client:
+        client.get("http://localhost/")