-
Notifications
You must be signed in to change notification settings - Fork 158
Expand file tree
/
Copy pathtestProxyRoute.test.js
More file actions
464 lines (400 loc) · 14.5 KB
/
testProxyRoute.test.js
File metadata and controls
464 lines (400 loc) · 14.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
const { handleMessage, validGitRequest } = require('../src/proxy/routes');
const chai = require('chai');
const chaiHttp = require('chai-http');
chai.use(chaiHttp);
chai.should();
const expect = chai.expect;
const sinon = require('sinon');
const express = require('express');
const getRouter = require('../src/proxy/routes').getRouter;
const chain = require('../src/proxy/chain');
const proxyquire = require('proxyquire');
const { Action, Step } = require('../src/proxy/actions');
const service = require('../src/service');
const db = require('../src/db');
import Proxy from '../src/proxy';
const TEST_DEFAULT_REPO = {
url: 'https://github.com/finos/git-proxy.git',
name: 'git-proxy',
project: 'finos/gitproxy',
host: 'github.com',
};
const TEST_GITLAB_REPO = {
url: 'https://gitlab.com/gitlab-community/meta.git',
name: 'gitlab',
project: 'gitlab-community/meta',
host: 'gitlab.com',
proxyUrlPrefix: 'gitlab.com/gitlab-community/meta.git',
};
describe('proxy route filter middleware', () => {
let app;
beforeEach(async () => {
app = express();
app.use('/', await getRouter());
});
afterEach(() => {
sinon.restore();
});
it('should reject invalid git requests with 400', async () => {
const res = await chai
.request(app)
.get('/owner/repo.git/invalid/path')
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request');
expect(res).to.have.status(400);
expect(res.text).to.equal('Invalid request received');
});
it('should handle blocked requests and return custom packet message', async () => {
sinon.stub(chain, 'executeChain').resolves({
blocked: true,
blockedMessage: 'You shall not push!',
error: true,
});
const res = await chai
.request(app)
.post('/owner/repo.git/git-upload-pack')
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.send(Buffer.from('0000'))
.buffer();
expect(res.status).to.equal(200);
expect(res.text).to.contain('You shall not push!');
expect(res.headers['content-type']).to.include('application/x-git-receive-pack-result');
expect(res.headers['x-frame-options']).to.equal('DENY');
});
describe('when request is valid and not blocked', () => {
it('should return error if repo is not found', async () => {
sinon.stub(chain, 'executeChain').resolves({
blocked: false,
blockedMessage: '',
error: false,
});
const res = await chai
.request(app)
.get('/owner/repo.git/info/refs?service=git-upload-pack')
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.buffer();
expect(res.status).to.equal(401);
expect(res.text).to.equal('Repository not found.');
});
it('should pass through if repo is found', async () => {
sinon.stub(chain, 'executeChain').resolves({
blocked: false,
blockedMessage: '',
error: false,
});
const res = await chai
.request(app)
.get('/finos/git-proxy.git/info/refs?service=git-upload-pack')
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.buffer();
expect(res.status).to.equal(200);
expect(res.text).to.contain('git-upload-pack');
});
});
});
describe('proxy route helpers', () => {
describe('handleMessage', async () => {
it('should handle short messages', async function () {
const res = await handleMessage('one');
expect(res).to.contain('one');
});
it('should handle emoji messages', async function () {
const res = await handleMessage('❌ push failed: too many errors');
expect(res).to.contain('❌');
});
});
describe('validGitRequest', () => {
it('should return true for /info/refs?service=git-upload-pack with valid user-agent', () => {
const res = validGitRequest('/info/refs?service=git-upload-pack', {
'user-agent': 'git/2.30.1',
});
expect(res).to.be.true;
});
it('should return true for /info/refs?service=git-receive-pack with valid user-agent', () => {
const res = validGitRequest('/info/refs?service=git-receive-pack', {
'user-agent': 'git/1.9.1',
});
expect(res).to.be.true;
});
it('should return false for /info/refs?service=git-upload-pack with missing user-agent', () => {
const res = validGitRequest('/info/refs?service=git-upload-pack', {});
expect(res).to.be.false;
});
it('should return false for /info/refs?service=git-upload-pack with non-git user-agent', () => {
const res = validGitRequest('/info/refs?service=git-upload-pack', {
'user-agent': 'curl/7.79.1',
});
expect(res).to.be.false;
});
it('should return true for /git-upload-pack with valid user-agent and accept', () => {
const res = validGitRequest('/git-upload-pack', {
'user-agent': 'git/2.40.0',
accept: 'application/x-git-upload-pack-request',
});
expect(res).to.be.true;
});
it('should return false for /git-upload-pack with missing accept header', () => {
const res = validGitRequest('/git-upload-pack', {
'user-agent': 'git/2.40.0',
});
expect(res).to.be.false;
});
it('should return false for /git-upload-pack with wrong accept header', () => {
const res = validGitRequest('/git-upload-pack', {
'user-agent': 'git/2.40.0',
accept: 'application/json',
});
expect(res).to.be.false;
});
it('should return false for unknown paths', () => {
const res = validGitRequest('/not-a-valid-git-path', {
'user-agent': 'git/2.40.0',
accept: 'application/x-git-upload-pack-request',
});
expect(res).to.be.false;
});
});
});
describe('proxyFilter function', async () => {
let proxyRoutes;
let req;
let res;
let actionToReturn;
let executeChainStub;
beforeEach(async () => {
executeChainStub = sinon.stub();
// Re-import the proxy routes module and stub executeChain
proxyRoutes = proxyquire('../src/proxy/routes', {
'../chain': { executeChain: executeChainStub },
});
req = {
url: '/github.com/finos/git-proxy.git/info/refs?service=git-receive-pack',
headers: {
host: 'dummyHost',
'user-agent': 'git/dummy-git-client',
accept: 'application/x-git-receive-pack-request',
},
};
res = {
set: () => {},
status: () => {
return {
send: () => {},
};
},
};
});
afterEach(() => {
sinon.restore();
});
it('should return false for push requests that should be blocked', async function () {
// mock the executeChain function
actionToReturn = new Action(
1234,
'dummy',
'dummy',
Date.now(),
'/github.com/finos/git-proxy.git',
);
const step = new Step('dummy', false, null, true, 'test block', null);
actionToReturn.addStep(step);
executeChainStub.returns(actionToReturn);
const result = await proxyRoutes.proxyFilter(req, res);
expect(result).to.be.false;
});
it('should return false for push requests that produced errors', async function () {
// mock the executeChain function
actionToReturn = new Action(
1234,
'dummy',
'dummy',
Date.now(),
'/github.com/finos/git-proxy.git',
);
const step = new Step('dummy', true, 'test error', false, null, null);
actionToReturn.addStep(step);
executeChainStub.returns(actionToReturn);
const result = await proxyRoutes.proxyFilter(req, res);
expect(result).to.be.false;
});
it('should return false for invalid push requests', async function () {
// mock the executeChain function
actionToReturn = new Action(
1234,
'dummy',
'dummy',
Date.now(),
'/github.com/finos/git-proxy.git',
);
const step = new Step('dummy', true, 'test error', false, null, null);
actionToReturn.addStep(step);
executeChainStub.returns(actionToReturn);
// create an invalid request
req = {
url: '/github.com/finos/git-proxy.git/invalidPath',
headers: {
host: 'dummyHost',
'user-agent': 'git/dummy-git-client',
accept: 'application/x-git-receive-pack-request',
},
};
const result = await proxyRoutes.proxyFilter(req, res);
expect(result).to.be.false;
});
it('should return true for push requests that are valid and pass the chain', async function () {
// mock the executeChain function
actionToReturn = new Action(
1234,
'dummy',
'dummy',
Date.now(),
'/github.com/finos/git-proxy.git',
);
const step = new Step('dummy', false, null, false, null, null);
actionToReturn.addStep(step);
executeChainStub.returns(actionToReturn);
const result = await proxyRoutes.proxyFilter(req, res);
expect(result).to.be.true;
});
});
describe('proxy express application', async () => {
let apiApp;
let cookie;
let proxy;
const setCookie = function (res) {
res.headers['set-cookie'].forEach((x) => {
if (x.startsWith('connect')) {
const value = x.split(';')[0];
cookie = value;
}
});
};
const cleanupRepo = async (url) => {
const repo = await db.getRepoByUrl(url);
if (repo) {
await db.deleteRepo(repo._id);
}
};
before(async () => {
// pass through requests
sinon.stub(chain, 'executeChain').resolves({
blocked: false,
blockedMessage: '',
error: false,
});
// start the API and proxy
proxy = new Proxy();
apiApp = await service.start(proxy);
await proxy.start();
const res = await chai.request(apiApp).post('/api/auth/login').send({
username: 'admin',
password: 'admin',
});
expect(res).to.have.cookie('connect.sid');
setCookie(res);
// if our default repo is not set-up, create it
const repo = await db.getRepoByUrl(TEST_DEFAULT_REPO.url);
if (!repo) {
const res2 = await chai
.request(apiApp)
.post('/api/v1/repo')
.set('Cookie', `${cookie}`)
.send(TEST_DEFAULT_REPO);
res2.should.have.status(200);
}
});
after(async () => {
sinon.restore();
await service.stop();
await proxy.stop();
await cleanupRepo(TEST_DEFAULT_REPO.url);
await cleanupRepo(TEST_GITLAB_REPO.url);
});
it('should proxy requests for the default GitHub repository', async function () {
// proxy a fetch request
const res = await chai
.request(proxy.getExpressApp())
.get('/github.com/finos/git-proxy.git/info/refs?service=git-upload-pack')
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.buffer();
expect(res.status).to.equal(200);
expect(res.text).to.contain('git-upload-pack');
});
it('should proxy requests for the default GitHub repository using the backwards compatibility URL', async function () {
// proxy a fetch request using a fallback URL
const res = await chai
.request(proxy.getExpressApp())
.get('/finos/git-proxy.git/info/refs?service=git-upload-pack')
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.buffer();
expect(res.status).to.equal(200);
expect(res.text).to.contain('git-upload-pack');
});
it('should be restarted by the api and proxy requests for a new host (e.g. gitlab.com) when a project at that host is ADDED via the API', async function () {
// Tests that the proxy restarts properly after a project with a URL at a new host is added
// check that we don't have *any* repos at gitlab.com setup
const numExistingGitlabRepos = (await db.getRepos({ url: /https:\/\/gitlab\.com/ })).length;
expect(
numExistingGitlabRepos,
'There is a GitLab that exists in the database already, which is NOT expected when running this test',
).to.be.equal(0);
// create the repo through the API, which should force the proxy to restart to handle the new domain
const res = await chai
.request(apiApp)
.post('/api/v1/repo')
.set('Cookie', `${cookie}`)
.send(TEST_GITLAB_REPO);
res.should.have.status(200);
// confirm that the repo was created in the DB
const repo = await db.getRepoByUrl(TEST_GITLAB_REPO.url);
expect(repo).to.not.be.null;
// and that our initial query for repos would have picked it up
const numCurrentGitlabRepos = (await db.getRepos({ url: /https:\/\/gitlab\.com/ })).length;
expect(numCurrentGitlabRepos).to.be.equal(1);
// proxy a request to the new repo
const res2 = await chai
.request(proxy.getExpressApp())
.get(`/${TEST_GITLAB_REPO.proxyUrlPrefix}/info/refs?service=git-upload-pack`)
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.buffer();
res2.should.have.status(200);
expect(res2.text).to.contain('git-upload-pack');
}).timeout(5000);
it('should be restarted by the api and stop proxying requests for a host (e.g. gitlab.com) when the last project at that host is DELETED via the API', async function () {
// We are testing that the proxy stops proxying requests for a particular origin
// The chain is stubbed and will always passthrough requests, hence, we are only checking what hosts are proxied.
// the gitlab test repo should already exist
let repo = await db.getRepoByUrl(TEST_GITLAB_REPO.url);
expect(repo).to.not.be.null;
// delete the gitlab test repo, which should force the proxy to restart and stop proxying gitlab.com
// We assume that there are no other gitlab.com repos present
const res = await chai
.request(apiApp)
.delete('/api/v1/repo/' + repo._id + '/delete')
.set('Cookie', `${cookie}`)
.send();
res.should.have.status(200);
// confirm that its gone from the DB
repo = await db.getRepoByUrl(
TEST_GITLAB_REPO.url,
'The GitLab repo still existed in the database after it should have been deleted...',
);
expect(repo).to.be.null;
// give the proxy half a second to restart
await new Promise((resolve) => setTimeout(resolve, 500));
// try (and fail) to proxy a request to gitlab.com
const res2 = await chai
.request(proxy.getExpressApp())
.get(`/${TEST_GITLAB_REPO.proxyUrlPrefix}/info/refs?service=git-upload-pack`)
.set('user-agent', 'git/2.42.0')
.set('accept', 'application/x-git-upload-pack-request')
.buffer();
res2.should.have.status(404);
}).timeout(5000);
});