mirror of
https://github.com/DeBrosOfficial/network.git
synced 2026-01-30 03:43:04 +00:00
102 lines
3.2 KiB
Go
102 lines
3.2 KiB
Go
//go:build e2e && production
|
|
|
|
package production
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/DeBrosOfficial/network/e2e"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// TestMiddleware_NonExistentDeployment verifies that requests to a non-existent
|
|
// deployment return 404 (not 502 or hang).
|
|
func TestMiddleware_NonExistentDeployment(t *testing.T) {
|
|
e2e.SkipIfLocal(t)
|
|
|
|
env, err := e2e.LoadTestEnv()
|
|
require.NoError(t, err)
|
|
|
|
domain := fmt.Sprintf("does-not-exist-%d.%s", time.Now().Unix(), env.BaseDomain)
|
|
|
|
req, _ := http.NewRequest("GET", fmt.Sprintf("http://%s:6001/", env.Config.Servers[0].IP), nil)
|
|
req.Host = domain
|
|
|
|
start := time.Now()
|
|
resp, err := env.HTTPClient.Do(req)
|
|
elapsed := time.Since(start)
|
|
|
|
if err != nil {
|
|
t.Logf("Request failed in %v: %v", elapsed, err)
|
|
// Connection refused or timeout is acceptable
|
|
assert.Less(t, elapsed.Seconds(), 15.0, "Should fail fast")
|
|
return
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
body, _ := io.ReadAll(resp.Body)
|
|
t.Logf("Status: %d, elapsed: %v, body: %s", resp.StatusCode, elapsed, string(body))
|
|
|
|
// Should be 404 or 502, not 200
|
|
assert.NotEqual(t, http.StatusOK, resp.StatusCode,
|
|
"Non-existent deployment should not return 200")
|
|
assert.Less(t, elapsed.Seconds(), 15.0, "Should respond fast")
|
|
}
|
|
|
|
// TestMiddleware_InternalAPIAuthRejection verifies that internal replica API
|
|
// endpoints reject requests without the proper internal auth header.
|
|
func TestMiddleware_InternalAPIAuthRejection(t *testing.T) {
|
|
e2e.SkipIfLocal(t)
|
|
|
|
env, err := e2e.LoadTestEnv()
|
|
require.NoError(t, err)
|
|
|
|
serverIP := env.Config.Servers[0].IP
|
|
|
|
t.Run("No auth header rejected", func(t *testing.T) {
|
|
req, _ := http.NewRequest("POST",
|
|
fmt.Sprintf("http://%s:6001/v1/internal/deployments/replica/setup", serverIP), nil)
|
|
|
|
resp, err := env.HTTPClient.Do(req)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Should be rejected (401 or 403)
|
|
assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden,
|
|
"Internal API without auth should be rejected (got %d)", resp.StatusCode)
|
|
})
|
|
|
|
t.Run("Wrong auth header rejected", func(t *testing.T) {
|
|
req, _ := http.NewRequest("POST",
|
|
fmt.Sprintf("http://%s:6001/v1/internal/deployments/replica/setup", serverIP), nil)
|
|
req.Header.Set("X-Orama-Internal-Auth", "wrong-token")
|
|
|
|
resp, err := env.HTTPClient.Do(req)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusBadRequest,
|
|
"Internal API with wrong auth should be rejected (got %d)", resp.StatusCode)
|
|
})
|
|
|
|
t.Run("Regular API key does not grant internal access", func(t *testing.T) {
|
|
req, _ := http.NewRequest("POST",
|
|
fmt.Sprintf("http://%s:6001/v1/internal/deployments/replica/setup", serverIP), nil)
|
|
req.Header.Set("Authorization", "Bearer "+env.APIKey)
|
|
|
|
resp, err := env.HTTPClient.Do(req)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// The request may pass auth but fail on bad body — 400 is acceptable
|
|
// But it should NOT succeed with 200
|
|
assert.NotEqual(t, http.StatusOK, resp.StatusCode,
|
|
"Regular API key should not fully authenticate internal endpoints")
|
|
})
|
|
}
|