test(gateway): share node bootstrap auth setup

2026-05-06 13:10:43 +00:00 · 2026-04-12 04:58:10 +01:00
parent 8cba14241c
commit c42fcf5f7b
1 changed files with 25 additions and 28 deletions
--- a/src/gateway/server/ws-connection/auth-context.test.ts
+++ b/src/gateway/server/ws-connection/auth-context.test.ts
@@ -62,6 +62,29 @@ async function resolveDeviceTokenDecision(params: {
  });
 }

+async function resolveSuccessfulNodeBootstrapDecision(params: {
+  verifyBootstrapToken: VerifyBootstrapTokenFn;
+  verifyDeviceToken: VerifyDeviceTokenFn;
+}) {
+  return await resolveConnectAuthDecision({
+    state: createBaseState({
+      authResult: { ok: true, method: "tailscale" },
+      authOk: true,
+      authMethod: "tailscale",
+      bootstrapTokenCandidate: "bootstrap-token",
+      deviceTokenCandidate: undefined,
+      deviceTokenCandidateSource: undefined,
+    }),
+    hasDeviceIdentity: true,
+    deviceId: "dev-1",
+    publicKey: "pub-1",
+    role: "node",
+    scopes: [],
+    verifyBootstrapToken: params.verifyBootstrapToken,
+    verifyDeviceToken: params.verifyDeviceToken,
+  });
+}
+
 describe("resolveConnectAuthDecision", () => {
  it("keeps shared-secret mismatch when fallback device-token check fails", async () => {
    const verifyDeviceToken = vi.fn<VerifyDeviceTokenFn>(async () => ({ ok: false }));
@@ -190,20 +213,7 @@ describe("resolveConnectAuthDecision", () => {
  it("prefers a valid bootstrap token over an already successful shared auth path", async () => {
    const verifyBootstrapToken = vi.fn<VerifyBootstrapTokenFn>(async () => ({ ok: true }));
    const verifyDeviceToken = vi.fn<VerifyDeviceTokenFn>(async () => ({ ok: true }));
-    const decision = await resolveConnectAuthDecision({
-      state: createBaseState({
-        authResult: { ok: true, method: "tailscale" },
-        authOk: true,
-        authMethod: "tailscale",
-        bootstrapTokenCandidate: "bootstrap-token",
-        deviceTokenCandidate: undefined,
-        deviceTokenCandidateSource: undefined,
-      }),
-      hasDeviceIdentity: true,
-      deviceId: "dev-1",
-      publicKey: "pub-1",
-      role: "node",
-      scopes: [],
+    const decision = await resolveSuccessfulNodeBootstrapDecision({
      verifyBootstrapToken,
      verifyDeviceToken,
    });
@@ -219,20 +229,7 @@ describe("resolveConnectAuthDecision", () => {
      reason: "bootstrap_token_invalid",
    }));
    const verifyDeviceToken = vi.fn<VerifyDeviceTokenFn>(async () => ({ ok: true }));
-    const decision = await resolveConnectAuthDecision({
-      state: createBaseState({
-        authResult: { ok: true, method: "tailscale" },
-        authOk: true,
-        authMethod: "tailscale",
-        bootstrapTokenCandidate: "bootstrap-token",
-        deviceTokenCandidate: undefined,
-        deviceTokenCandidateSource: undefined,
-      }),
-      hasDeviceIdentity: true,
-      deviceId: "dev-1",
-      publicKey: "pub-1",
-      role: "node",
-      scopes: [],
+    const decision = await resolveSuccessfulNodeBootstrapDecision({
      verifyBootstrapToken,
      verifyDeviceToken,
    });