# vi: set ft=conf

# Test SSRF protection in webhook creation

# start soft serve
exec soft serve &
# wait for SSH server to start
ensureserverrunning SSH_PORT

# create a repo
soft repo create test-repo
stderr 'Created repository test-repo.*'

# Try to create webhook with localhost - should fail
! soft repo webhook create test-repo http://localhost:8080/webhook -e push

# Try to create webhook with 127.0.0.1 - should fail
! soft repo webhook create test-repo http://127.0.0.1:8080/webhook -e push

# Try to create webhook with AWS metadata service - should fail
! soft repo webhook create test-repo http://169.254.169.254/latest/meta-data/ -e push

# Try to create webhook with private network - should fail
! soft repo webhook create test-repo http://192.168.1.1/webhook -e push

# Try to create webhook with private 10.x network - should fail
! soft repo webhook create test-repo http://10.0.0.1/webhook -e push

# Create webhook with valid public IP - should succeed
new-webhook WH_PUBLIC
soft repo webhook create test-repo $WH_PUBLIC -e push

# List webhooks - should show only the valid one
soft repo webhook list test-repo
stdout 'webhook.site'

# Try to update webhook to localhost - should fail
! soft repo webhook update test-repo 1 --url http://localhost:9090/hook

# stop the server
[windows] stopserver
[windows] ! stderr .