1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#[cfg(test)]
mod tests {
use crate::support::factory_bot::*;
use authzd::CheckService;
use envoy_types::ext_authz::v3::pb::Authorization;
use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest;
use std::sync::Arc;
fn subject() -> CheckService {
CheckService::new(Arc::new(build_cedar_authorizer(
cedar_policy::Entities::empty(),
)))
}
#[tokio::test]
async fn test_no_headers() {
let request = tonic::Request::new(build_request(|_http| {}));
let response = subject().check(request).await;
assert!(response.is_ok());
let check_response = response.unwrap().into_inner();
assert!(check_response.status.is_some());
let status = check_response.status.unwrap();
assert_eq!(
tonic::Code::from_i32(status.code),
tonic::Code::Unauthenticated
);
}
#[tokio::test]
async fn test_static_assets() {
let routes = vec![
("GET", "/app.js", tonic::Code::Ok),
("GET", "/application.js", tonic::Code::Ok),
("GET", "/favicon.ico", tonic::Code::Ok),
("GET", "/favicon.png", tonic::Code::Ok),
("GET", "/image.jpg", tonic::Code::Ok),
("GET", "/assets/image.jpg", tonic::Code::Ok),
("GET", "/assets/style.css", tonic::Code::Ok),
("GET", "/assets/application.js", tonic::Code::Ok),
("GET", "/htmx.js", tonic::Code::Ok),
("GET", "/index.html", tonic::Code::Ok),
("GET", "/logo.png", tonic::Code::Ok),
("GET", "/pico.min.css", tonic::Code::Ok),
("GET", "/vue.global.js", tonic::Code::Ok),
];
for (method, path, expected_status_code) in &routes {
let request = tonic::Request::new(build_request(|item: &mut HttpRequest| {
item.method = method.to_string();
item.path = path.to_string();
item.host = "localhost:3000".to_string();
item.headers = build_headers(vec![
(String::from(":path"), item.path.to_string()),
(String::from(":method"), item.method.to_string()),
(String::from(":authority"), item.host.to_string()),
]);
}));
let response = subject().check(request).await;
assert!(response.is_ok());
let check_response = response.unwrap().into_inner();
assert!(check_response.status.is_some());
let status = check_response.status.unwrap();
assert_eq!(tonic::Code::from_i32(status.code), *expected_status_code);
}
}
#[tokio::test]
async fn test_public_sparkle_endpoints() {
let hosts = vec![
"localhost:10000",
"sparkle.runway.gitlab.net",
"sparkle.staging.runway.gitlab.net",
];
let routes = vec![
("GET", "/", tonic::Code::Ok),
("GET", "/callback", tonic::Code::Ok),
("GET", "/dashboard/nav", tonic::Code::Ok),
("GET", "/health", tonic::Code::Ok),
("GET", "/signout", tonic::Code::Ok),
("GET", "/sparkles", tonic::Code::Ok),
("POST", "/sparkles/restore", tonic::Code::Ok),
("GET", "/dashboard", tonic::Code::Unauthenticated),
("POST", "/sparkles", tonic::Code::Unauthenticated),
];
for host in hosts {
for (method, path, expected_status_code) in &routes {
let request = tonic::Request::new(build_request(|item: &mut HttpRequest| {
item.method = method.to_string();
item.path = path.to_string();
item.host = host.to_string();
item.headers = build_headers(vec![
(String::from(":path"), path.to_string()),
(String::from(":method"), method.to_string()),
(String::from(":authority"), host.to_string()),
]);
}));
let response = subject().check(request).await;
assert!(response.is_ok());
let check_response = response.unwrap().into_inner();
assert!(check_response.status.is_some());
let status = check_response.status.unwrap();
assert_eq!(
tonic::Code::from_i32(status.code),
*expected_status_code,
"{} {}",
method,
path
);
}
}
}
}
|
