refactor: share plugin node auth test helpers

2026-06-08 21:32:57 +00:00 · 2026-06-01 19:20:43 +02:00
parent 83cd3cbe2a
commit d767e296e2
1 changed files with 56 additions and 56 deletions
--- a/src/gateway/server.plugin-node-capability-auth.test.ts
+++ b/src/gateway/server.plugin-node-capability-auth.test.ts
@@ -218,6 +218,49 @@ async function sendRawHttpRequest(params: {
  });
 }

+type CanvasGatewayListener = Awaited<ReturnType<typeof listen>>;
+
+function canvasUrl(listener: CanvasGatewayListener, path = CANVAS_HOST_PATH): string {
+  return `http://127.0.0.1:${listener.port}${path}`;
+}
+
+async function fetchCanvasHost(
+  listener: CanvasGatewayListener,
+  init?: RequestInit,
+): Promise<Response> {
+  return await fetchCanvas(canvasUrl(listener), init);
+}
+
+async function expectMalformedRequestTargetsRejected(params: {
+  listener: CanvasGatewayListener;
+  headers?: readonly string[];
+}): Promise<void> {
+  for (const requestTarget of ["//", "///", "//${jndi:ldap://example}.action"]) {
+    const response = await sendRawHttpRequest({
+      host: "127.0.0.1",
+      port: params.listener.port,
+      requestTarget,
+      ...(params.headers ? { headers: params.headers } : {}),
+    });
+    expect(response).toMatch(/^HTTP\/1\.1 401 /);
+  }
+
+  const res = await fetchCanvasHost(params.listener);
+  expect(res.status).toBe(401);
+}
+
+async function expectRepeatedCanvasAuthAttemptsRateLimited(
+  listener: CanvasGatewayListener,
+  headers: Record<string, string>,
+): Promise<Response> {
+  const first = await fetchCanvasHost(listener, { headers });
+  expect(first.status).toBe(401);
+
+  const second = await fetchCanvasHost(listener, { headers });
+  expect(second.status).toBe(429);
+  return second;
+}
+
 function makeWsClient(params: {
  connId: string;
  clientIp: string;
@@ -463,17 +506,7 @@ describe("gateway plugin node capability auth", () => {
      resolvedAuth: tokenResolvedAuth,
      handleHttpRequest: allowCanvasHostHttp,
      run: async ({ listener }) => {
-        for (const requestTarget of ["//", "///", "//${jndi:ldap://example}.action"]) {
-          const response = await sendRawHttpRequest({
-            host: "127.0.0.1",
-            port: listener.port,
-            requestTarget,
-          });
-          expect(response).toMatch(/^HTTP\/1\.1 401 /);
-        }
-
-        const res = await fetchCanvas(`http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`);
-        expect(res.status).toBe(401);
+        await expectMalformedRequestTargetsRejected({ listener });
      },
    });
  }, 60_000);
@@ -483,24 +516,16 @@ describe("gateway plugin node capability auth", () => {
      resolvedAuth: tokenResolvedAuth,
      handleHttpRequest: allowCanvasHostHttp,
      run: async ({ listener }) => {
-        for (const requestTarget of ["//", "///", "//${jndi:ldap://example}.action"]) {
-          const response = await sendRawHttpRequest({
-            host: "127.0.0.1",
-            port: listener.port,
-            requestTarget,
-            headers: [
-              "Host: localhost",
-              "Upgrade: websocket",
-              "Connection: Upgrade",
-              "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==",
-              "Sec-WebSocket-Version: 13",
-            ],
-          });
-          expect(response).toMatch(/^HTTP\/1\.1 401 /);
-        }
-
-        const res = await fetchCanvas(`http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`);
-        expect(res.status).toBe(401);
+        await expectMalformedRequestTargetsRejected({
+          listener,
+          headers: [
+            "Host: localhost",
+            "Upgrade: websocket",
+            "Connection: Upgrade",
+            "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==",
+            "Sec-WebSocket-Version: 13",
+          ],
+        });
      },
    });
  }, 60_000);
@@ -638,18 +663,7 @@ describe("gateway plugin node capability auth", () => {
            authorization: "Bearer wrong",
            "x-forwarded-for": "203.0.113.99",
          };
-          const first = await fetchCanvas(`http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`, {
-            headers,
-          });
-          expect(first.status).toBe(401);
-
-          const second = await fetchCanvas(
-            `http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`,
-            {
-              headers,
-            },
-          );
-          expect(second.status).toBe(429);
+          const second = await expectRepeatedCanvasAuthAttemptsRateLimited(listener, headers);
          expect(second.headers.get("retry-after")).toMatch(/^\d+$/);

          await expectWsRejected(`ws://127.0.0.1:${listener.port}${CANVAS_WS_PATH}`, headers, 429);
@@ -683,21 +697,7 @@ describe("gateway plugin node capability auth", () => {
              host: "localhost",
              "x-forwarded-for": "127.0.0.1, 203.0.113.24",
            };
-            const first = await fetchCanvas(
-              `http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`,
-              {
-                headers,
-              },
-            );
-            expect(first.status).toBe(401);
-
-            const second = await fetchCanvas(
-              `http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`,
-              {
-                headers,
-              },
-            );
-            expect(second.status).toBe(429);
+            await expectRepeatedCanvasAuthAttemptsRateLimited(listener, headers);
          },
        });
      },