mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 10:16:49 +00:00
93 lines
2.9 KiB
TypeScript
93 lines
2.9 KiB
TypeScript
import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it } from 'bun:test';
|
|
import express from 'express';
|
|
import * as fs from 'fs';
|
|
import * as os from 'os';
|
|
import * as path from 'path';
|
|
import type { Server } from 'http';
|
|
import { usageRoutes } from '../../../src/web-server/usage/routes';
|
|
|
|
describe('usage-routes remote write guard', () => {
|
|
let server: Server;
|
|
let baseUrl = '';
|
|
let forcedRemoteAddress = '127.0.0.1';
|
|
let tempHome = '';
|
|
let originalDashboardAuthEnabled: string | undefined;
|
|
let originalCcsHome: string | undefined;
|
|
|
|
beforeAll(async () => {
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use((req, _res, next) => {
|
|
Object.defineProperty(req.socket, 'remoteAddress', {
|
|
value: forcedRemoteAddress,
|
|
configurable: true,
|
|
});
|
|
next();
|
|
});
|
|
app.use('/api/usage', usageRoutes);
|
|
|
|
await new Promise<void>((resolve, reject) => {
|
|
server = app.listen(0, '127.0.0.1');
|
|
server.once('error', reject);
|
|
server.once('listening', () => resolve());
|
|
});
|
|
|
|
const address = server.address();
|
|
if (!address || typeof address === 'string') {
|
|
throw new Error('Unable to resolve test server port');
|
|
}
|
|
baseUrl = `http://127.0.0.1:${address.port}`;
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await new Promise<void>((resolve) => server.close(() => resolve()));
|
|
});
|
|
|
|
beforeEach(() => {
|
|
originalDashboardAuthEnabled = process.env.CCS_DASHBOARD_AUTH_ENABLED;
|
|
originalCcsHome = process.env.CCS_HOME;
|
|
tempHome = fs.mkdtempSync(path.join(os.tmpdir(), 'ccs-usage-routes-auth-'));
|
|
process.env.CCS_HOME = tempHome;
|
|
process.env.CCS_DASHBOARD_AUTH_ENABLED = 'false';
|
|
forcedRemoteAddress = '10.10.0.24';
|
|
});
|
|
|
|
afterEach(() => {
|
|
if (originalDashboardAuthEnabled !== undefined) {
|
|
process.env.CCS_DASHBOARD_AUTH_ENABLED = originalDashboardAuthEnabled;
|
|
} else {
|
|
delete process.env.CCS_DASHBOARD_AUTH_ENABLED;
|
|
}
|
|
|
|
if (originalCcsHome !== undefined) {
|
|
process.env.CCS_HOME = originalCcsHome;
|
|
} else {
|
|
delete process.env.CCS_HOME;
|
|
}
|
|
|
|
if (tempHome && fs.existsSync(tempHome)) {
|
|
fs.rmSync(tempHome, { recursive: true, force: true });
|
|
tempHome = '';
|
|
}
|
|
});
|
|
|
|
it('allows remote read-only usage status requests when dashboard auth is disabled', async () => {
|
|
const response = await fetch(`${baseUrl}/api/usage/status`);
|
|
|
|
expect(response.status).toBe(200);
|
|
});
|
|
|
|
it('blocks remote usage refresh when dashboard auth is disabled', async () => {
|
|
const response = await fetch(`${baseUrl}/api/usage/refresh`, {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({}),
|
|
});
|
|
|
|
expect(response.status).toBe(403);
|
|
expect(await response.json()).toEqual({
|
|
error: 'Usage refresh requires localhost access when dashboard auth is disabled.',
|
|
});
|
|
});
|
|
});
|