kopia lustrzana https://github.com/cloudflare/wildebeest
prettier
rodzic
9392e2595c
commit
7c8216281e
|
@ -9,93 +9,93 @@ import { generateVAPIDKeys } from 'wildebeest/backend/test/mastodon.spec'
|
|||
|
||||
describe('Mastodon APIs', () => {
|
||||
describe('/apps', () => {
|
||||
test('POST /apps registers client', async () => {
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"mastodon://joinmastodon.org/oauth","website":"https://app.joinmastodon.org/ios","client_name":"Mastodon for iOS","scopes":"read write follow push"}',
|
||||
headers: {
|
||||
'content-type': 'application/json',
|
||||
},
|
||||
})
|
||||
test('POST /apps registers client', async () => {
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"mastodon://joinmastodon.org/oauth","website":"https://app.joinmastodon.org/ios","client_name":"Mastodon for iOS","scopes":"read write follow push"}',
|
||||
headers: {
|
||||
'content-type': 'application/json',
|
||||
},
|
||||
})
|
||||
|
||||
const res = await apps.handleRequest(db, request, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
assertCORS(res)
|
||||
assertJSON(res)
|
||||
const res = await apps.handleRequest(db, request, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
assertCORS(res)
|
||||
assertJSON(res)
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
const { name, website, redirect_uri, client_id, client_secret, vapid_key, ...rest } = await res.json<
|
||||
Record<string, string>
|
||||
>()
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
const { name, website, redirect_uri, client_id, client_secret, vapid_key, ...rest } = await res.json<
|
||||
Record<string, string>
|
||||
>()
|
||||
|
||||
assert.equal(name, 'Mastodon for iOS')
|
||||
assert.equal(website, 'https://app.joinmastodon.org/ios')
|
||||
assert.equal(redirect_uri, 'mastodon://joinmastodon.org/oauth')
|
||||
assert.deepEqual(rest, {})
|
||||
})
|
||||
|
||||
test('POST /apps returns 422 for malformed requests', async () => {
|
||||
// client_name and redirect_uris are required according to https://docs.joinmastodon.org/methods/apps/#form-data-parameters
|
||||
const db = await makeDB();
|
||||
const vapidKeys = await generateVAPIDKeys();
|
||||
const headers = { 'content-type': 'application/json' };
|
||||
assert.equal(name, 'Mastodon for iOS')
|
||||
assert.equal(website, 'https://app.joinmastodon.org/ios')
|
||||
assert.equal(redirect_uri, 'mastodon://joinmastodon.org/oauth')
|
||||
assert.deepEqual(rest, {})
|
||||
})
|
||||
|
||||
const validURIException = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"urn:ietf:wg:oauth:2.0:oob","client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
let res = await apps.handleRequest(db, validURIException, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
test('POST /apps returns 422 for malformed requests', async () => {
|
||||
// client_name and redirect_uris are required according to https://docs.joinmastodon.org/methods/apps/#form-data-parameters
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const headers = { 'content-type': 'application/json' }
|
||||
|
||||
const invalidURIRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"joinmastodon.org/oauth","client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, invalidURIRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
const validURIException = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"urn:ietf:wg:oauth:2.0:oob","client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
let res = await apps.handleRequest(db, validURIException, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
|
||||
const missingURIRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, missingURIRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
const invalidURIRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"joinmastodon.org/oauth","client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, invalidURIRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
|
||||
const missingClientNameRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"joinmastodon.org/oauth"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, missingClientNameRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
})
|
||||
const missingURIRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, missingURIRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
|
||||
test('GET /apps is bad request', async () => {
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com')
|
||||
const ctx: any = {
|
||||
next: () => new Response(),
|
||||
data: null,
|
||||
env: {
|
||||
VAPID_JWK: JSON.stringify(vapidKeys),
|
||||
},
|
||||
request,
|
||||
}
|
||||
const missingClientNameRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"joinmastodon.org/oauth"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, missingClientNameRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
})
|
||||
|
||||
const res = await apps.onRequest(ctx)
|
||||
assert.equal(res.status, 400)
|
||||
})
|
||||
test('GET /apps is bad request', async () => {
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com')
|
||||
const ctx: any = {
|
||||
next: () => new Response(),
|
||||
data: null,
|
||||
env: {
|
||||
VAPID_JWK: JSON.stringify(vapidKeys),
|
||||
},
|
||||
request,
|
||||
}
|
||||
|
||||
const res = await apps.onRequest(ctx)
|
||||
assert.equal(res.status, 400)
|
||||
})
|
||||
|
||||
test('GET /verify_credentials returns public VAPID key for known clients', async () => {
|
||||
const db = await makeDB()
|
||||
const testScope = 'test abcd'
|
||||
const client = await createTestClient(db, 'https://localhost', testScope)
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
|
||||
const headers = { authorization: 'Bearer ' + client.id + '.' + TEST_JWT }
|
||||
|
||||
|
@ -106,16 +106,16 @@ describe('Mastodon APIs', () => {
|
|||
assertCORS(res)
|
||||
assertJSON(res)
|
||||
|
||||
const jsonResponse: CredentialApp = await res.json();
|
||||
const publicVAPIDKey = VAPIDPublicKey(vapidKeys)
|
||||
assert.equal(jsonResponse.name, 'test client');
|
||||
assert.equal(jsonResponse.website, 'https://cloudflare.com');
|
||||
assert.equal(jsonResponse.vapid_key, publicVAPIDKey);
|
||||
const jsonResponse: CredentialApp = await res.json()
|
||||
const publicVAPIDKey = VAPIDPublicKey(vapidKeys)
|
||||
assert.equal(jsonResponse.name, 'test client')
|
||||
assert.equal(jsonResponse.website, 'https://cloudflare.com')
|
||||
assert.equal(jsonResponse.vapid_key, publicVAPIDKey)
|
||||
})
|
||||
|
||||
test('GET /verify_credentials returns 403 for unauthorized clients', async () => {
|
||||
test('GET /verify_credentials returns 403 for unauthorized clients', async () => {
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
|
||||
const headers = { authorization: 'Bearer APPID.' + TEST_JWT }
|
||||
|
||||
|
|
|
@ -20,7 +20,6 @@ const headers = {
|
|||
'content-type': 'application/json; charset=utf-8',
|
||||
}
|
||||
|
||||
|
||||
export const onRequest: PagesFunction<Env, any, ContextData> = async ({ request, env }) => {
|
||||
return handleRequest(env.DATABASE, request, getVAPIDKeys(env))
|
||||
}
|
||||
|
@ -29,22 +28,22 @@ export async function handleRequest(db: D1Database, request: Request, vapidKeys:
|
|||
if (request.method !== 'GET') {
|
||||
return new Response('', { status: 400 })
|
||||
}
|
||||
|
||||
const authHeader = request.headers.get('Authorization')?.replace('Bearer ', '');
|
||||
const parts = authHeader?.split('.') ?? ''
|
||||
|
||||
const authHeader = request.headers.get('Authorization')?.replace('Bearer ', '')
|
||||
const parts = authHeader?.split('.') ?? ''
|
||||
const clientId = parts[0]
|
||||
|
||||
const client = await getClientById(db, clientId)
|
||||
|
||||
const client = await getClientById(db, clientId)
|
||||
if (client === null) {
|
||||
return errors.clientUnknown()
|
||||
}
|
||||
const vapidKey = VAPIDPublicKey(vapidKeys)
|
||||
const vapidKey = VAPIDPublicKey(vapidKeys)
|
||||
|
||||
const res = {
|
||||
name: client.name,
|
||||
website: client.website,
|
||||
vapid_key: vapidKey,
|
||||
}
|
||||
|
||||
|
||||
return new Response(JSON.stringify(res), { headers })
|
||||
}
|
||||
|
|
Ładowanie…
Reference in New Issue