Files
2026-07-13 13:39:12 +08:00

223 lines
6.4 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
import http from "node:http";
import proxyFetch, {
runWithProxyContext,
runWithProxyContextOrDirect,
runWithTlsTracking,
isTlsFingerprintActive,
} from "../../open-sse/utils/proxyFetch.ts";
import { getDefaultDispatcher } from "../../open-sse/utils/proxyDispatcher.ts";
import tlsClient from "../../open-sse/utils/tlsClient.ts";
async function withEnv(overrides, fn) {
const previous = new Map();
for (const [key, value] of Object.entries(overrides)) {
previous.set(key, process.env[key]);
if (value === undefined) {
delete process.env[key];
} else {
process.env[key] = value;
}
}
try {
return await fn();
} finally {
for (const [key, value] of previous.entries()) {
if (value === undefined) {
delete process.env[key];
} else {
process.env[key] = value;
}
}
}
}
async function withHttpServer(handler, fn) {
const server = http.createServer(handler);
await new Promise((resolve, reject) => {
server.once("error", reject);
server.listen(0, "127.0.0.1", resolve);
});
const address = server.address();
assert.ok(address && typeof address === "object");
try {
return await fn(`http://127.0.0.1:${address.port}`);
} finally {
await new Promise((resolve, reject) => {
server.close((error) => {
if (error) reject(error);
else resolve();
});
});
}
}
const originalTlsFetch = tlsClient.fetch.bind(tlsClient);
// #3323 made `tlsClient.available` a computed getter (library availability +
// circuit breaker), so it can no longer be assigned. Tests stub it by shadowing
// the prototype getter with an own data property, then `delete` to restore.
function setTlsAvailable(value: boolean) {
Object.defineProperty(tlsClient, "available", { value, configurable: true, writable: true });
}
test.afterEach(() => {
delete (tlsClient as unknown as { available?: boolean }).available;
tlsClient.fetch = originalTlsFetch;
});
test("proxy fetch bypasses invalid environment proxies for local addresses", async () => {
await withHttpServer(
(_req, res) => {
res.writeHead(200, { "Content-Type": "text/plain" });
res.end("local-bypass-ok");
},
async (url) => {
await withEnv(
{
HTTP_PROXY: "http://127.0.0.1:9",
HTTPS_PROXY: undefined,
ALL_PROXY: undefined,
NO_PROXY: undefined,
},
async () => {
const response = await proxyFetch(url);
assert.equal(response.status, 200);
assert.equal(await response.text(), "local-bypass-ok");
}
);
}
);
});
test("runWithProxyContext requires a callback function", async () => {
await assert.rejects(
runWithProxyContext(null, null),
/runWithProxyContext requires a callback function/
);
});
test("runWithTlsTracking reports direct executions without TLS fingerprint usage", async () => {
await withEnv({ ENABLE_TLS_FINGERPRINT: undefined }, async () => {
const tracked = await runWithTlsTracking(async () => "ok");
assert.deepEqual(tracked, {
result: "ok",
tlsFingerprintUsed: false,
});
assert.equal(isTlsFingerprintActive(), false);
});
});
test("proxy fetch uses TLS fingerprint transport when enabled and available", async () => {
await withEnv(
{
ENABLE_TLS_FINGERPRINT: "true",
HTTP_PROXY: undefined,
HTTPS_PROXY: undefined,
ALL_PROXY: undefined,
NO_PROXY: undefined,
},
async () => {
setTlsAvailable(true);
tlsClient.fetch = async (url, options = {}) => {
assert.equal(url, "https://omniroute.example.test/hello");
assert.equal(options.method, "POST");
return Response.json({ via: "tls-client" });
};
const tracked = await runWithTlsTracking(() =>
proxyFetch("https://omniroute.example.test/hello", {
method: "POST",
headers: { "x-test": "1" },
})
);
assert.equal(isTlsFingerprintActive(), true);
assert.equal(tracked.tlsFingerprintUsed, true);
assert.deepEqual(await (tracked.result as any).json(), { via: "tls-client" });
}
);
});
test("runWithProxyContext accepts reachable HTTP proxy endpoints and returns callback result", async () => {
await withHttpServer(
(_req, res) => res.end("proxy-ok"),
async (url) => {
const parsed = new URL(url);
const result = await runWithProxyContext(
{
type: "http",
host: parsed.hostname,
port: parsed.port,
},
async () => "ok"
);
assert.equal(result, "ok");
}
);
});
test("runWithProxyContext throws PROXY_UNREACHABLE for an unreachable proxy by default", async () => {
// 127.0.0.1:9 (discard) refuses connections — the proxy is unreachable.
await assert.rejects(
runWithProxyContext({ type: "http", host: "127.0.0.1", port: "9" }, async () => "unreachable"),
/Proxy unreachable/
);
});
test("runWithProxyContext degrades to a direct connection when directFallbackOnUnreachable is set", async () => {
await withEnv({ OMNIROUTE_CONTROL_PLANE_PROXY_DIRECT_FALLBACK: "true" }, async () => {
let ran = false;
const result = await runWithProxyContext(
{ type: "http", host: "127.0.0.1", port: "9" },
async () => {
ran = true;
return "direct-ok";
},
{ directFallbackOnUnreachable: true }
);
assert.equal(ran, true, "callback must still run via a direct connection");
assert.equal(result, "direct-ok");
});
});
test("runWithProxyContext keeps strict pinning when the direct fallback feature flag is off", async () => {
await withEnv({ OMNIROUTE_CONTROL_PLANE_PROXY_DIRECT_FALLBACK: "false" }, async () => {
await assert.rejects(
runWithProxyContext(
{ type: "http", host: "127.0.0.1", port: "9" },
async () => "unreachable",
{ directFallbackOnUnreachable: true }
),
/Proxy unreachable/
);
});
});
test("runWithProxyContextOrDirect runs the callback directly when the proxy is unreachable", async () => {
await withEnv({ OMNIROUTE_CONTROL_PLANE_PROXY_DIRECT_FALLBACK: "true" }, async () => {
let ran = false;
const result = await runWithProxyContextOrDirect(
{ type: "http", host: "127.0.0.1", port: "9" },
async () => {
ran = true;
return "ok";
}
);
assert.equal(ran, true);
assert.equal(result, "ok");
});
});