tests/proxy.rs at 0d4328cd6ea2cd929d35e9555558d4a94b238c19 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / tests / proxy.rs
at 0d4328cd6ea2cd929d35e9555558d4a94b238c19 5.2 kB view raw
  1mod common;
  2
  3use axum::{Router, extract::Request, http::StatusCode, routing::any};
  4use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
  5use reqwest::Client;
  6use std::sync::Arc;
  7use tokio::net::TcpListener;
  8
  9async fn spawn_mock_upstream() -> (
 10    String,
 11    tokio::sync::mpsc::Receiver<(String, String, Option<String>)>,
 12) {
 13    let (tx, rx) = tokio::sync::mpsc::channel(10);
 14    let tx = Arc::new(tx);
 15
 16    let app = Router::new().fallback(any(move |req: Request| {
 17        let tx = tx.clone();
 18        async move {
 19            let method = req.method().to_string();
 20            let uri = req.uri().to_string();
 21            let auth = req
 22                .headers()
 23                .get("Authorization")
 24                .and_then(|h| h.to_str().ok())
 25                .map(|s| s.to_string());
 26
 27            let _ = tx.send((method, uri, auth)).await;
 28            (StatusCode::OK, "Mock Response")
 29        }
 30    }));
 31
 32    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
 33    let addr = listener.local_addr().unwrap();
 34
 35    tokio::spawn(async move {
 36        axum::serve(listener, app).await.unwrap();
 37    });
 38
 39    (format!("http://{}", addr), rx)
 40}
 41
 42#[tokio::test]
 43async fn test_proxy_via_header() {
 44    let app_url = common::base_url().await;
 45    let (upstream_url, mut rx) = spawn_mock_upstream().await;
 46    let client = Client::new();
 47
 48    let res = client
 49        .get(format!("{}/xrpc/com.example.test", app_url))
 50        .header("atproto-proxy", &upstream_url)
 51        .header("Authorization", "Bearer test-token")
 52        .send()
 53        .await
 54        .unwrap();
 55
 56    assert_eq!(res.status(), StatusCode::OK);
 57
 58    let (method, uri, auth) = rx.recv().await.expect("Upstream should receive request");
 59    assert_eq!(method, "GET");
 60    assert_eq!(uri, "/xrpc/com.example.test");
 61    assert_eq!(auth, Some("Bearer test-token".to_string()));
 62}
 63
 64
 65#[tokio::test]
 66async fn test_proxy_auth_signing() {
 67    let app_url = common::base_url().await;
 68    let (upstream_url, mut rx) = spawn_mock_upstream().await;
 69    let client = Client::new();
 70
 71    let (access_jwt, did) = common::create_account_and_login(&client).await;
 72
 73    let res = client
 74        .get(format!("{}/xrpc/com.example.signed", app_url))
 75        .header("atproto-proxy", &upstream_url)
 76        .header("Authorization", format!("Bearer {}", access_jwt))
 77        .send()
 78        .await
 79        .unwrap();
 80
 81    assert_eq!(res.status(), StatusCode::OK);
 82
 83    let (method, uri, auth) = rx.recv().await.expect("Upstream receive");
 84    assert_eq!(method, "GET");
 85    assert_eq!(uri, "/xrpc/com.example.signed");
 86
 87    let received_token = auth.expect("No auth header").replace("Bearer ", "");
 88    assert_ne!(received_token, access_jwt, "Token should be replaced");
 89
 90    let parts: Vec<&str> = received_token.split('.').collect();
 91    assert_eq!(parts.len(), 3);
 92
 93    let payload_bytes = URL_SAFE_NO_PAD.decode(parts[1]).expect("payload b64");
 94    let claims: serde_json::Value = serde_json::from_slice(&payload_bytes).expect("payload json");
 95
 96    assert_eq!(claims["iss"], did);
 97    assert_eq!(claims["sub"], did);
 98    assert_eq!(claims["aud"], upstream_url);
 99    assert_eq!(claims["lxm"], "com.example.signed");
100}
101
102#[tokio::test]
103async fn test_proxy_post_with_body() {
104    let app_url = common::base_url().await;
105    let (upstream_url, mut rx) = spawn_mock_upstream().await;
106    let client = Client::new();
107
108    let payload = serde_json::json!({
109        "text": "Hello from proxy test",
110        "createdAt": "2024-01-01T00:00:00Z"
111    });
112
113    let res = client
114        .post(format!("{}/xrpc/com.example.postMethod", app_url))
115        .header("atproto-proxy", &upstream_url)
116        .header("Authorization", "Bearer test-token")
117        .json(&payload)
118        .send()
119        .await
120        .unwrap();
121
122    assert_eq!(res.status(), StatusCode::OK);
123
124    let (method, uri, auth) = rx.recv().await.expect("Upstream should receive request");
125    assert_eq!(method, "POST");
126    assert_eq!(uri, "/xrpc/com.example.postMethod");
127    assert_eq!(auth, Some("Bearer test-token".to_string()));
128}
129
130#[tokio::test]
131async fn test_proxy_with_query_params() {
132    let app_url = common::base_url().await;
133    let (upstream_url, mut rx) = spawn_mock_upstream().await;
134    let client = Client::new();
135
136    let res = client
137        .get(format!(
138            "{}/xrpc/com.example.query?repo=did:plc:test&collection=app.bsky.feed.post&limit=50",
139            app_url
140        ))
141        .header("atproto-proxy", &upstream_url)
142        .header("Authorization", "Bearer test-token")
143        .send()
144        .await
145        .unwrap();
146
147    assert_eq!(res.status(), StatusCode::OK);
148
149    let (method, uri, _auth) = rx.recv().await.expect("Upstream should receive request");
150    assert_eq!(method, "GET");
151    assert!(
152        uri.contains("repo=did") || uri.contains("repo=did%3Aplc%3Atest"),
153        "URI should contain repo param, got: {}",
154        uri
155    );
156    assert!(
157        uri.contains("collection=app.bsky.feed.post") || uri.contains("collection=app.bsky"),
158        "URI should contain collection param, got: {}",
159        uri
160    );
161    assert!(
162        uri.contains("limit=50"),
163        "URI should contain limit param, got: {}",
164        uri
165    );
166}