kopia lustrzana https://github.com/cloudflare/wildebeest
Refactoring + expanding tests for /api/v1/apps
rodzic
f633178e45
commit
f622c34891
|
@ -3,7 +3,6 @@ import type { JWK } from 'wildebeest/backend/src/webpush/jwk'
|
|||
import type { Env } from 'wildebeest/backend/src/types/env'
|
||||
import * as v1_instance from 'wildebeest/functions/api/v1/instance'
|
||||
import * as v2_instance from 'wildebeest/functions/api/v2/instance'
|
||||
import * as apps from 'wildebeest/functions/api/v1/apps'
|
||||
import * as custom_emojis from 'wildebeest/functions/api/v1/custom_emojis'
|
||||
import * as mutes from 'wildebeest/functions/api/v1/mutes'
|
||||
import * as blocks from 'wildebeest/functions/api/v1/blocks'
|
||||
|
@ -16,7 +15,7 @@ import { enrichStatus } from 'wildebeest/backend/src/mastodon/microformats'
|
|||
const userKEK = 'test_kek'
|
||||
const domain = 'cloudflare.com'
|
||||
|
||||
async function generateVAPIDKeys(): Promise<JWK> {
|
||||
export async function generateVAPIDKeys(): Promise<JWK> {
|
||||
const keyPair = (await crypto.subtle.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, [
|
||||
'sign',
|
||||
'verify',
|
||||
|
@ -100,51 +99,6 @@ describe('Mastodon APIs', () => {
|
|||
})
|
||||
})
|
||||
|
||||
describe('apps', () => {
|
||||
test('return the app infos', async () => {
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"mastodon://joinmastodon.org/oauth","website":"https://app.joinmastodon.org/ios","client_name":"Mastodon for iOS","scopes":"read write follow push"}',
|
||||
headers: {
|
||||
'content-type': 'application/json',
|
||||
},
|
||||
})
|
||||
|
||||
const res = await apps.handleRequest(db, request, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
assertCORS(res)
|
||||
assertJSON(res)
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
const { name, website, redirect_uri, client_id, client_secret, vapid_key, ...rest } = await res.json<
|
||||
Record<string, string>
|
||||
>()
|
||||
|
||||
assert.equal(name, 'Mastodon for iOS')
|
||||
assert.equal(website, 'https://app.joinmastodon.org/ios')
|
||||
assert.equal(redirect_uri, 'mastodon://joinmastodon.org/oauth')
|
||||
assert.deepEqual(rest, {})
|
||||
})
|
||||
|
||||
test('returns 404 for GET request', async () => {
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com')
|
||||
const ctx: any = {
|
||||
next: () => new Response(),
|
||||
data: null,
|
||||
env: {
|
||||
VAPID_JWK: JSON.stringify(vapidKeys),
|
||||
},
|
||||
request,
|
||||
}
|
||||
|
||||
const res = await apps.onRequest(ctx)
|
||||
assert.equal(res.status, 400)
|
||||
})
|
||||
})
|
||||
|
||||
describe('custom emojis', () => {
|
||||
test('returns an empty array', async () => {
|
||||
const res = await custom_emojis.onRequest()
|
||||
|
|
|
@ -0,0 +1,128 @@
|
|||
import { makeDB, assertCORS, assertJSON, createTestClient } from '../utils'
|
||||
import { TEST_JWT } from '../test-data'
|
||||
import { strict as assert } from 'node:assert/strict'
|
||||
import * as apps from 'wildebeest/functions/api/v1/apps'
|
||||
import * as verify_app from 'wildebeest/functions/api/v1/apps/verify_credentials'
|
||||
import { CredentialApp } from 'wildebeest/functions/api/v1/apps/verify_credentials'
|
||||
import { VAPIDPublicKey } from 'wildebeest/backend/src/mastodon/subscription'
|
||||
import { generateVAPIDKeys } from 'wildebeest/backend/test/mastodon.spec'
|
||||
|
||||
describe('Mastodon APIs', () => {
|
||||
describe('/apps', () => {
|
||||
test('POST /apps registers client', async () => {
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"mastodon://joinmastodon.org/oauth","website":"https://app.joinmastodon.org/ios","client_name":"Mastodon for iOS","scopes":"read write follow push"}',
|
||||
headers: {
|
||||
'content-type': 'application/json',
|
||||
},
|
||||
})
|
||||
|
||||
const res = await apps.handleRequest(db, request, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
assertCORS(res)
|
||||
assertJSON(res)
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
const { name, website, redirect_uri, client_id, client_secret, vapid_key, ...rest } = await res.json<
|
||||
Record<string, string>
|
||||
>()
|
||||
|
||||
assert.equal(name, 'Mastodon for iOS')
|
||||
assert.equal(website, 'https://app.joinmastodon.org/ios')
|
||||
assert.equal(redirect_uri, 'mastodon://joinmastodon.org/oauth')
|
||||
assert.deepEqual(rest, {})
|
||||
})
|
||||
|
||||
test('POST /apps returns 422 for malformed requests', async () => {
|
||||
// client_name and redirect_uris are required according to https://docs.joinmastodon.org/methods/apps/#form-data-parameters
|
||||
const db = await makeDB();
|
||||
const vapidKeys = await generateVAPIDKeys();
|
||||
const headers = { 'content-type': 'application/json' };
|
||||
|
||||
const validURIException = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"urn:ietf:wg:oauth:2.0:oob","client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
let res = await apps.handleRequest(db, validURIException, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
|
||||
const invalidURIRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"joinmastodon.org/oauth","client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, invalidURIRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
|
||||
const missingURIRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"client_name":"Mastodon for iOS"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, missingURIRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
|
||||
const missingClientNameRequest = new Request('https://example.com', {
|
||||
method: 'POST',
|
||||
body: '{"redirect_uris":"joinmastodon.org/oauth"}',
|
||||
headers: headers,
|
||||
})
|
||||
res = await apps.handleRequest(db, missingClientNameRequest, vapidKeys)
|
||||
assert.equal(res.status, 422)
|
||||
})
|
||||
|
||||
test('GET /apps is bad request', async () => {
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
const request = new Request('https://example.com')
|
||||
const ctx: any = {
|
||||
next: () => new Response(),
|
||||
data: null,
|
||||
env: {
|
||||
VAPID_JWK: JSON.stringify(vapidKeys),
|
||||
},
|
||||
request,
|
||||
}
|
||||
|
||||
const res = await apps.onRequest(ctx)
|
||||
assert.equal(res.status, 400)
|
||||
})
|
||||
|
||||
test('GET /verify_credentials returns public VAPID key for known clients', async () => {
|
||||
const db = await makeDB()
|
||||
const testScope = 'test abcd'
|
||||
const client = await createTestClient(db, 'https://localhost', testScope)
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
|
||||
const headers = { authorization: 'Bearer ' + client.id + '.' + TEST_JWT }
|
||||
|
||||
const req = new Request('https://example.com/api/v1/verify_credentials', { headers })
|
||||
|
||||
const res = await verify_app.handleRequest(db, req, vapidKeys)
|
||||
assert.equal(res.status, 200)
|
||||
assertCORS(res)
|
||||
assertJSON(res)
|
||||
|
||||
const jsonResponse: CredentialApp = await res.json();
|
||||
const publicVAPIDKey = VAPIDPublicKey(vapidKeys)
|
||||
assert.equal(jsonResponse.name, 'test client');
|
||||
assert.equal(jsonResponse.website, 'https://cloudflare.com');
|
||||
assert.equal(jsonResponse.vapid_key, publicVAPIDKey);
|
||||
})
|
||||
|
||||
test('GET /verify_credentials returns 403 for unauthorized clients', async () => {
|
||||
const db = await makeDB()
|
||||
const vapidKeys = await generateVAPIDKeys()
|
||||
|
||||
const headers = { authorization: 'Bearer APPID.' + TEST_JWT }
|
||||
|
||||
const req = new Request('https://example.com/api/v1/verify_credentials', { headers })
|
||||
|
||||
const res = await verify_app.handleRequest(db, req, vapidKeys)
|
||||
assert.equal(res.status, 403)
|
||||
})
|
||||
})
|
||||
})
|
Ładowanie…
Reference in New Issue