e4dcfc49aa
Tests / Import Check (Python 3.13) (push) Has been cancelled
Tests / Import Check (Python 3.14) (push) Has been cancelled
Tests / Python Tests (Python 3.11) (push) Has been cancelled
Tests / Python Tests (Python 3.12) (push) Has been cancelled
Tests / Python Tests (Python 3.14) (push) Has been cancelled
Tests / Test Summary (push) Has been cancelled
Tests / Lint and Format (push) Has been cancelled
Tests / Web Node Tests (push) Has been cancelled
Tests / Import Check (Python 3.11) (push) Has been cancelled
Tests / Import Check (Python 3.12) (push) Has been cancelled
Tests / Python Tests (Python 3.13) (push) Has been cancelled
75 lines
3.1 KiB
TypeScript
75 lines
3.1 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
|
|
// Unit tests for the pure middleware routing policy (web/lib/proxy-policy.ts).
|
|
// The policy is deliberately decoupled from `next/server`, so it can be
|
|
// exercised here without booting the Next runtime. proxy.ts itself is a thin
|
|
// adapter that maps these decisions onto NextResponse.
|
|
|
|
import {
|
|
classifyToken,
|
|
isAuthExempt,
|
|
isBackendPath,
|
|
} from "../lib/proxy-policy";
|
|
|
|
function makeToken(payload: Record<string, unknown>): string {
|
|
const encode = (value: unknown) =>
|
|
Buffer.from(JSON.stringify(value)).toString("base64url");
|
|
return `${encode({ alg: "HS256" })}.${encode(payload)}.signature`;
|
|
}
|
|
|
|
test("isBackendPath matches /api and /ws paths only", () => {
|
|
assert.equal(isBackendPath("/api/v1/knowledge/list"), true);
|
|
assert.equal(isBackendPath("/ws/chat"), true);
|
|
assert.equal(isBackendPath("/home"), false);
|
|
assert.equal(isBackendPath("/apidocs"), false); // no trailing slash → not backend
|
|
assert.equal(isBackendPath("/logo.png"), false);
|
|
});
|
|
|
|
test("isAuthExempt allows public static assets through the auth gate (issue #599)", () => {
|
|
// The Next image optimizer re-fetches these over a cookie-less loopback; if
|
|
// the gate blocked them the sidebar logo/banner would render broken.
|
|
assert.equal(isAuthExempt("/logo.png"), true);
|
|
assert.equal(isAuthExempt("/banner.png"), true);
|
|
assert.equal(isAuthExempt("/logo_black.png"), true);
|
|
assert.equal(isAuthExempt("/apple-touch-icon.png"), true);
|
|
assert.equal(isAuthExempt("/provider-icons/openai.svg"), true);
|
|
});
|
|
|
|
test("isAuthExempt allows auth pages and Next internals", () => {
|
|
assert.equal(isAuthExempt("/login"), true);
|
|
assert.equal(isAuthExempt("/register"), true);
|
|
assert.equal(isAuthExempt("/_next/data/build/home.json"), true);
|
|
assert.equal(isAuthExempt("/favicon-32x32.png"), true);
|
|
});
|
|
|
|
test("isAuthExempt does NOT exempt protected app routes", () => {
|
|
assert.equal(isAuthExempt("/home"), false);
|
|
assert.equal(isAuthExempt("/dashboard"), false);
|
|
assert.equal(isAuthExempt("/space/agents"), false);
|
|
assert.equal(isAuthExempt("/knowledge"), false);
|
|
});
|
|
|
|
test("classifyToken reports missing for absent or empty cookie", () => {
|
|
const now = 1_000_000_000_000;
|
|
assert.equal(classifyToken(undefined, now), "missing");
|
|
assert.equal(classifyToken("", now), "missing");
|
|
});
|
|
|
|
test("classifyToken reports malformed for non-JWT shapes", () => {
|
|
const now = 1_000_000_000_000;
|
|
assert.equal(classifyToken("a.b", now), "malformed"); // 2 segments
|
|
assert.equal(classifyToken("a.b.c.d", now), "malformed"); // 4 segments
|
|
// Valid 3-segment shape but the payload is not JSON → malformed.
|
|
const notJson = `h.${Buffer.from("not-json").toString("base64url")}.s`;
|
|
assert.equal(classifyToken(notJson, now), "malformed");
|
|
});
|
|
|
|
test("classifyToken honors expiry and accepts unexpired / expiry-less tokens", () => {
|
|
const now = 1_000_000_000_000; // ms
|
|
const nowSec = now / 1000;
|
|
assert.equal(classifyToken(makeToken({ exp: nowSec + 3600 }), now), "valid");
|
|
assert.equal(classifyToken(makeToken({ exp: nowSec - 1 }), now), "expired");
|
|
assert.equal(classifyToken(makeToken({}), now), "valid"); // no exp claim
|
|
});
|