Files
simstudioai--sim/apps/sim/tools/agiloft/utils.server.test.ts
T
wehub-resource-sync d25d482dc2
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:20:55 +08:00

159 lines
5.2 KiB
TypeScript

/**
* @vitest-environment node
*/
import { beforeEach, describe, expect, it, vi } from 'vitest'
const { mockValidateUrlWithDNS, mockSecureFetch } = vi.hoisted(() => ({
mockValidateUrlWithDNS: vi.fn(),
mockSecureFetch: vi.fn(),
}))
vi.mock('@/lib/core/security/input-validation.server', () => ({
validateUrlWithDNS: mockValidateUrlWithDNS,
secureFetchWithPinnedIP: mockSecureFetch,
}))
import { executeAgiloftRequest } from '@/tools/agiloft/utils.server'
const baseParams = {
instanceUrl: 'https://example.agiloft.com',
knowledgeBase: 'demo',
login: 'admin',
password: 'secret',
table: 'contracts',
}
function mockResponse(body: { ok?: boolean; status?: number; json?: unknown; text?: string }) {
return {
ok: body.ok ?? true,
status: body.status ?? 200,
statusText: '',
headers: { get: () => null, getSetCookie: () => [], toRecord: () => ({}) },
body: null,
text: async () => body.text ?? '',
json: async () => body.json ?? {},
arrayBuffer: async () => new ArrayBuffer(0),
}
}
beforeEach(() => {
mockValidateUrlWithDNS.mockReset()
mockSecureFetch.mockReset()
mockValidateUrlWithDNS.mockResolvedValue({ isValid: true, resolvedIP: '203.0.113.10' })
})
describe('executeAgiloftRequest', () => {
it('resolves DNS once, logs in, runs the operation with the bearer token, then logs out — all pinned', async () => {
mockSecureFetch
.mockResolvedValueOnce(mockResponse({ json: { access_token: 'tok-1' } }))
.mockResolvedValueOnce(mockResponse({ json: { id: 42, fields: { name: 'foo' } } }))
.mockResolvedValueOnce(mockResponse({}))
const result = await executeAgiloftRequest(
baseParams,
(base) => ({
url: `${base}/ewws/REST/demo/contracts/42`,
method: 'GET',
headers: { Accept: 'application/json' },
}),
async (response) => {
const data = (await response.json()) as { id: number; fields: Record<string, unknown> }
return {
success: response.ok,
output: { id: String(data.id), fields: data.fields },
}
}
)
expect(result).toEqual({ success: true, output: { id: '42', fields: { name: 'foo' } } })
expect(mockValidateUrlWithDNS).toHaveBeenCalledWith(
'https://example.agiloft.com',
'instanceUrl'
)
const calls = mockSecureFetch.mock.calls
expect(calls).toHaveLength(3)
expect(calls[0][0]).toBe(
'https://example.agiloft.com/ewws/EWLogin?$KB=demo&$login=admin&$password=secret'
)
expect(calls[1][0]).toBe('https://example.agiloft.com/ewws/REST/demo/contracts/42')
expect(calls[2][0]).toBe('https://example.agiloft.com/ewws/EWLogout?$KB=demo')
for (const call of calls) {
expect(call[1]).toBe('203.0.113.10')
}
expect(calls[1][2]).toMatchObject({
method: 'GET',
headers: { Accept: 'application/json', Authorization: 'Bearer tok-1' },
})
})
it('still logs out when the operation throws', async () => {
mockSecureFetch
.mockResolvedValueOnce(mockResponse({ json: { access_token: 'tok-2' } }))
.mockResolvedValueOnce(mockResponse({ ok: false, status: 500 }))
.mockResolvedValueOnce(mockResponse({}))
await expect(
executeAgiloftRequest(
baseParams,
(base) => ({ url: `${base}/ewws/REST/demo/contracts/42`, method: 'GET' }),
async (response) => {
if (!response.ok) throw new Error('operation failed')
return { success: true, output: {} }
}
)
).rejects.toThrow('operation failed')
expect(mockSecureFetch).toHaveBeenCalledTimes(3)
expect(mockSecureFetch.mock.calls[2][0]).toContain('/ewws/EWLogout')
})
it('swallows logout failures (best-effort)', async () => {
mockSecureFetch
.mockResolvedValueOnce(mockResponse({ json: { access_token: 'tok-3' } }))
.mockResolvedValueOnce(mockResponse({ json: { ok: true } }))
.mockRejectedValueOnce(new Error('logout network error'))
const result = await executeAgiloftRequest(
baseParams,
(base) => ({ url: `${base}/ewws/REST/demo/contracts/42`, method: 'GET' }),
async () => ({ success: true, output: {} })
)
expect(result.success).toBe(true)
})
it('throws when login does not return an access token', async () => {
mockSecureFetch.mockResolvedValueOnce(mockResponse({ json: {} }))
await expect(
executeAgiloftRequest(
baseParams,
(base) => ({ url: `${base}/ewws/REST/demo/contracts/42`, method: 'GET' }),
async () => ({ success: true, output: {} })
)
).rejects.toThrow('Agiloft login did not return an access token')
expect(mockSecureFetch).toHaveBeenCalledTimes(1)
})
it('rejects an instance URL that resolves to a blocked IP without issuing any request', async () => {
mockValidateUrlWithDNS.mockResolvedValue({
isValid: false,
error: 'instanceUrl resolves to a blocked IP address',
})
await expect(
executeAgiloftRequest(
{ ...baseParams, instanceUrl: 'https://internal.attacker.com' },
(base) => ({ url: `${base}/ewws/REST/demo/contracts/42`, method: 'GET' }),
async () => ({ success: true, output: {} })
)
).rejects.toThrow(/blocked IP address/)
expect(mockSecureFetch).not.toHaveBeenCalled()
})
})