this repo has no description
lewis.moe
1mod common;
2
3use axum::{
4 routing::any,
5 Router,
6 extract::Request,
7 http::StatusCode,
8};
9use tokio::net::TcpListener;
10use reqwest::Client;
11use std::sync::Arc;
12use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
13
14async fn spawn_mock_upstream() -> (String, tokio::sync::mpsc::Receiver<(String, String, Option<String>)>) {
15 let (tx, rx) = tokio::sync::mpsc::channel(10);
16 let tx = Arc::new(tx);
17
18 let app = Router::new().fallback(any(move |req: Request| {
19 let tx = tx.clone();
20 async move {
21 let method = req.method().to_string();
22 let uri = req.uri().to_string();
23 let auth = req.headers().get("Authorization")
24 .and_then(|h| h.to_str().ok())
25 .map(|s| s.to_string());
26
27 let _ = tx.send((method, uri, auth)).await;
28 (StatusCode::OK, "Mock Response")
29 }
30 }));
31
32 let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
33 let addr = listener.local_addr().unwrap();
34
35 tokio::spawn(async move {
36 axum::serve(listener, app).await.unwrap();
37 });
38
39 (format!("http://{}", addr), rx)
40}
41
42#[tokio::test]
43async fn test_proxy_via_header() {
44 let app_url = common::base_url().await;
45 let (upstream_url, mut rx) = spawn_mock_upstream().await;
46 let client = Client::new();
47
48 let res = client.get(format!("{}/xrpc/com.example.test", app_url))
49 .header("atproto-proxy", &upstream_url)
50 .header("Authorization", "Bearer test-token")
51 .send()
52 .await
53 .unwrap();
54
55 assert_eq!(res.status(), StatusCode::OK);
56
57 let (method, uri, auth) = rx.recv().await.expect("Upstream should receive request");
58 assert_eq!(method, "GET");
59 assert_eq!(uri, "/xrpc/com.example.test");
60 assert_eq!(auth, Some("Bearer test-token".to_string()));
61}
62
63#[tokio::test]
64async fn test_proxy_via_env_var() {
65 let (upstream_url, mut rx) = spawn_mock_upstream().await;
66
67 unsafe { std::env::set_var("APPVIEW_URL", &upstream_url); }
68
69 let app_url = common::base_url().await;
70 let client = Client::new();
71
72 let res = client.get(format!("{}/xrpc/com.example.envtest", app_url))
73 .send()
74 .await
75 .unwrap();
76
77 assert_eq!(res.status(), StatusCode::OK);
78
79 let (method, uri, _) = rx.recv().await.expect("Upstream should receive request");
80 assert_eq!(method, "GET");
81 assert_eq!(uri, "/xrpc/com.example.envtest");
82}
83
84#[tokio::test]
85async fn test_proxy_missing_config() {
86 unsafe { std::env::remove_var("APPVIEW_URL"); }
87
88 let app_url = common::base_url().await;
89 let client = Client::new();
90
91 let res = client.get(format!("{}/xrpc/com.example.fail", app_url))
92 .send()
93 .await
94 .unwrap();
95
96 assert_eq!(res.status(), StatusCode::BAD_GATEWAY);
97}
98
99#[tokio::test]
100async fn test_proxy_auth_signing() {
101 let app_url = common::base_url().await;
102 let (upstream_url, mut rx) = spawn_mock_upstream().await;
103 let client = Client::new();
104
105 let (access_jwt, did) = common::create_account_and_login(&client).await;
106
107 let res = client.get(format!("{}/xrpc/com.example.signed", app_url))
108 .header("atproto-proxy", &upstream_url)
109 .header("Authorization", format!("Bearer {}", access_jwt))
110 .send()
111 .await
112 .unwrap();
113
114 assert_eq!(res.status(), StatusCode::OK);
115
116 let (method, uri, auth) = rx.recv().await.expect("Upstream receive");
117 assert_eq!(method, "GET");
118 assert_eq!(uri, "/xrpc/com.example.signed");
119
120 let received_token = auth.expect("No auth header").replace("Bearer ", "");
121 assert_ne!(received_token, access_jwt, "Token should be replaced");
122
123 let parts: Vec<&str> = received_token.split('.').collect();
124 assert_eq!(parts.len(), 3);
125
126 let payload_bytes = URL_SAFE_NO_PAD.decode(parts[1]).expect("payload b64");
127 let claims: serde_json::Value = serde_json::from_slice(&payload_bytes).expect("payload json");
128
129 assert_eq!(claims["iss"], did);
130 assert_eq!(claims["sub"], did);
131 assert_eq!(claims["aud"], upstream_url);
132 assert_eq!(claims["lxm"], "com.example.signed");
133}