this repo has no description
lewis.moe
1mod common;
2
3use axum::{
4 routing::any,
5 Router,
6 extract::Request,
7 http::StatusCode,
8};
9use tokio::net::TcpListener;
10use reqwest::Client;
11use std::sync::Arc;
12use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
13
14async fn spawn_mock_upstream() -> (String, tokio::sync::mpsc::Receiver<(String, String, Option<String>)>) {
15 let (tx, rx) = tokio::sync::mpsc::channel(10);
16 let tx = Arc::new(tx);
17
18 let app = Router::new().fallback(any(move |req: Request| {
19 let tx = tx.clone();
20 async move {
21 let method = req.method().to_string();
22 let uri = req.uri().to_string();
23 let auth = req.headers().get("Authorization")
24 .and_then(|h| h.to_str().ok())
25 .map(|s| s.to_string());
26
27 let _ = tx.send((method, uri, auth)).await;
28 (StatusCode::OK, "Mock Response")
29 }
30 }));
31
32 let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
33 let addr = listener.local_addr().unwrap();
34
35 tokio::spawn(async move {
36 axum::serve(listener, app).await.unwrap();
37 });
38
39 (format!("http://{}", addr), rx)
40}
41
42#[tokio::test]
43async fn test_proxy_via_header() {
44 let app_url = common::base_url().await;
45 let (upstream_url, mut rx) = spawn_mock_upstream().await;
46 let client = Client::new();
47
48 let res = client.get(format!("{}/xrpc/com.example.test", app_url))
49 .header("atproto-proxy", &upstream_url)
50 .header("Authorization", "Bearer test-token")
51 .send()
52 .await
53 .unwrap();
54
55 assert_eq!(res.status(), StatusCode::OK);
56
57 let (method, uri, auth) = rx.recv().await.expect("Upstream should receive request");
58 assert_eq!(method, "GET");
59 assert_eq!(uri, "/xrpc/com.example.test");
60 assert_eq!(auth, Some("Bearer test-token".to_string()));
61}
62
63#[tokio::test]
64#[ignore]
65async fn test_proxy_via_env_var() {
66 let (upstream_url, mut rx) = spawn_mock_upstream().await;
67
68 unsafe { std::env::set_var("APPVIEW_URL", &upstream_url); }
69
70 let app_url = common::base_url().await;
71 let client = Client::new();
72
73 let res = client.get(format!("{}/xrpc/com.example.envtest", app_url))
74 .send()
75 .await
76 .unwrap();
77
78 assert_eq!(res.status(), StatusCode::OK);
79
80 let (method, uri, _) = rx.recv().await.expect("Upstream should receive request");
81 assert_eq!(method, "GET");
82 assert_eq!(uri, "/xrpc/com.example.envtest");
83}
84
85#[tokio::test]
86#[ignore]
87async fn test_proxy_missing_config() {
88 unsafe { std::env::remove_var("APPVIEW_URL"); }
89
90 let app_url = common::base_url().await;
91 let client = Client::new();
92
93 let res = client.get(format!("{}/xrpc/com.example.fail", app_url))
94 .send()
95 .await
96 .unwrap();
97
98 assert_eq!(res.status(), StatusCode::BAD_GATEWAY);
99}
100
101#[tokio::test]
102async fn test_proxy_auth_signing() {
103 let app_url = common::base_url().await;
104 let (upstream_url, mut rx) = spawn_mock_upstream().await;
105 let client = Client::new();
106
107 let (access_jwt, did) = common::create_account_and_login(&client).await;
108
109 let res = client.get(format!("{}/xrpc/com.example.signed", app_url))
110 .header("atproto-proxy", &upstream_url)
111 .header("Authorization", format!("Bearer {}", access_jwt))
112 .send()
113 .await
114 .unwrap();
115
116 assert_eq!(res.status(), StatusCode::OK);
117
118 let (method, uri, auth) = rx.recv().await.expect("Upstream receive");
119 assert_eq!(method, "GET");
120 assert_eq!(uri, "/xrpc/com.example.signed");
121
122 let received_token = auth.expect("No auth header").replace("Bearer ", "");
123 assert_ne!(received_token, access_jwt, "Token should be replaced");
124
125 let parts: Vec<&str> = received_token.split('.').collect();
126 assert_eq!(parts.len(), 3);
127
128 let payload_bytes = URL_SAFE_NO_PAD.decode(parts[1]).expect("payload b64");
129 let claims: serde_json::Value = serde_json::from_slice(&payload_bytes).expect("payload json");
130
131 assert_eq!(claims["iss"], did);
132 assert_eq!(claims["sub"], did);
133 assert_eq!(claims["aud"], upstream_url);
134 assert_eq!(claims["lxm"], "com.example.signed");
135}