negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
bfa59bd22e1702fd545168cbaef4fe67f8c8e5a3
openclaw/src/gateway/http-auth-helpers.test.ts
Peter Steinberger 36a0df423d refactor(gateway): make ws and http auth surfaces explicit
2026-02-21 13:33:09 +01:00

78 lines
2.4 KiB
TypeScript
Raw Blame History

import type { IncomingMessage, ServerResponse } from "node:http";
import { beforeEach, describe, expect, it, vi } from "vitest";
import type { ResolvedGatewayAuth } from "./auth.js";
import { authorizeGatewayBearerRequestOrReply } from "./http-auth-helpers.js";
vi.mock("./auth.js", () => ({
authorizeHttpGatewayConnect: vi.fn(),
}));
vi.mock("./http-common.js", () => ({
sendGatewayAuthFailure: vi.fn(),
}));
vi.mock("./http-utils.js", () => ({
getBearerToken: vi.fn(),
}));
const { authorizeHttpGatewayConnect } = await import("./auth.js");
const { sendGatewayAuthFailure } = await import("./http-common.js");
const { getBearerToken } = await import("./http-utils.js");
describe("authorizeGatewayBearerRequestOrReply", () => {
beforeEach(() => {
vi.clearAllMocks();
});
it("disables tailscale header auth for HTTP bearer checks", async () => {
vi.mocked(getBearerToken).mockReturnValue(undefined);
vi.mocked(authorizeHttpGatewayConnect).mockResolvedValue({
ok: false,
reason: "token_missing",
});
const ok = await authorizeGatewayBearerRequestOrReply({
req: {} as IncomingMessage,
res: {} as ServerResponse,
auth: {
mode: "token",
token: "secret",
password: undefined,
allowTailscale: true,
} satisfies ResolvedGatewayAuth,
});
expect(ok).toBe(false);
expect(vi.mocked(authorizeHttpGatewayConnect)).toHaveBeenCalledWith(
expect.objectContaining({
connectAuth: null,
}),
);
expect(vi.mocked(sendGatewayAuthFailure)).toHaveBeenCalledTimes(1);
});
it("forwards bearer token and returns true on successful auth", async () => {
vi.mocked(getBearerToken).mockReturnValue("abc");
vi.mocked(authorizeHttpGatewayConnect).mockResolvedValue({ ok: true, method: "token" });
const ok = await authorizeGatewayBearerRequestOrReply({
req: {} as IncomingMessage,
res: {} as ServerResponse,
auth: {
mode: "token",
token: "secret",
password: undefined,
allowTailscale: true,
} satisfies ResolvedGatewayAuth,
});
expect(ok).toBe(true);
expect(vi.mocked(authorizeHttpGatewayConnect)).toHaveBeenCalledWith(
expect.objectContaining({
connectAuth: { token: "abc", password: "abc" },
}),
);
expect(vi.mocked(sendGatewayAuthFailure)).not.toHaveBeenCalled();
});
});
Reference in New Issue View Git Blame Copy Permalink