hash-of-wisdom/test/integration/slowloris_test.go

package integration

import (
	"net"
	"testing"
	"time"

	"hash-of-wisdom/internal/server"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestSlowlorisProtection_SlowReader(t *testing.T) {
	// Setup server with very short read timeout for testing
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       100 * time.Millisecond,
			Write:      5 * time.Second,
			Connection: 15 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Connect to server
	conn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer conn.Close()

	// Send partial message header very slowly (slowloris attack)
	_, err = conn.Write([]byte{0x01}) // Challenge request type
	require.NoError(t, err)

	// Wait longer than read timeout before sending length
	time.Sleep(200 * time.Millisecond)

	// Try to send more data - connection should be timed out
	_, err = conn.Write([]byte{0x00, 0x00, 0x00, 0x00}) // Payload length

	// Verify connection is closed by trying to read
	buffer := make([]byte, 1024)
	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
	_, err = conn.Read(buffer)
	assert.Error(t, err, "Connection should be closed due to slow reading")
}


func TestSlowlorisProtection_SlowConnectionTimeout(t *testing.T) {
	// Setup server with very short connection timeout for testing
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       5 * time.Second,
			Write:      5 * time.Second,
			Connection: 200 * time.Millisecond,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Connect to server but do nothing
	conn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer conn.Close()

	// Wait longer than connection timeout
	time.Sleep(300 * time.Millisecond)

	// Try to read - connection should be closed
	buffer := make([]byte, 1024)
	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
	_, err = conn.Read(buffer)
	assert.Error(t, err, "Connection should be closed due to connection timeout")
}

func TestSlowlorisProtection_MultipleSlowClients(t *testing.T) {
	// Setup server with short timeouts
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       1 * time.Second,
			Write:      1 * time.Second,
			Connection: 2 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Create multiple slow connections
	var connections []net.Conn
	for i := 0; i < 5; i++ {
		conn, err := net.Dial("tcp", srv.Address())
		require.NoError(t, err)
		connections = append(connections, conn)
		// Send partial data on each connection
		conn.Write([]byte{0x01}) // Challenge request type only
	}

	// Wait for timeouts to kick in
	time.Sleep(1500 * time.Millisecond)

	// All connections should be closed
	buffer := make([]byte, 1024)
	for i, conn := range connections {
		conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
		_, err := conn.Read(buffer)
		assert.Error(t, err, "Connection %d should be closed", i)
		conn.Close()
	}
}