serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(config): add reusable security profiles and network targets with route reference resolution

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-02 15:44:36 +00:00
parent 6344c2deae
commit 55699f6618
31 changed files with 2845 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
test/test.security-profiles-api.ts Normal file
View File

@@ -0,0 +1,208 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { DcRouter } from '../ts/index.js';
import { TypedRequest } from '@api.global/typedrequest';
import * as interfaces from '../ts_interfaces/index.js';
const TEST_PORT = 3200;
const TEST_URL = `http://localhost:${TEST_PORT}/typedrequest`;
let testDcRouter: DcRouter;
let adminIdentity: interfaces.data.IIdentity;
// ============================================================================
// Setup — db disabled, handlers return graceful fallbacks
// ============================================================================
tap.test('should start DCRouter with OpsServer', async () => {
testDcRouter = new DcRouter({
opsServerPort: TEST_PORT,
dbConfig: { enabled: false },
});
await testDcRouter.start();
expect(testDcRouter.opsServer).toBeInstanceOf(Object);
});
tap.test('should login as admin', async () => {
const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
TEST_URL,
'adminLoginWithUsernameAndPassword'
);
const response = await loginRequest.fire({
username: 'admin',
password: 'admin',
});
expect(response).toHaveProperty('identity');
adminIdentity = response.identity;
});
// ============================================================================
// Security Profile endpoints (graceful fallbacks when resolver unavailable)
// ============================================================================
tap.test('should return empty profiles list when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetSecurityProfiles>(
TEST_URL,
'getSecurityProfiles'
);
const response = await req.fire({
identity: adminIdentity,
});
expect(response.profiles).toBeArray();
expect(response.profiles.length).toEqual(0);
});
tap.test('should return null for single profile when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetSecurityProfile>(
TEST_URL,
'getSecurityProfile'
);
const response = await req.fire({
identity: adminIdentity,
id: 'nonexistent',
});
expect(response.profile).toEqual(null);
});
tap.test('should return failure for create profile when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_CreateSecurityProfile>(
TEST_URL,
'createSecurityProfile'
);
const response = await req.fire({
identity: adminIdentity,
name: 'TEST',
security: { ipAllowList: ['*'] },
});
expect(response.success).toBeFalse();
expect(response.message).toBeTruthy();
});
tap.test('should return empty profile usage when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetSecurityProfileUsage>(
TEST_URL,
'getSecurityProfileUsage'
);
const response = await req.fire({
identity: adminIdentity,
id: 'nonexistent',
});
expect(response.routes).toBeArray();
expect(response.routes.length).toEqual(0);
});
// ============================================================================
// Network Target endpoints (graceful fallbacks when resolver unavailable)
// ============================================================================
tap.test('should return empty targets list when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetNetworkTargets>(
TEST_URL,
'getNetworkTargets'
);
const response = await req.fire({
identity: adminIdentity,
});
expect(response.targets).toBeArray();
expect(response.targets.length).toEqual(0);
});
tap.test('should return null for single target when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetNetworkTarget>(
TEST_URL,
'getNetworkTarget'
);
const response = await req.fire({
identity: adminIdentity,
id: 'nonexistent',
});
expect(response.target).toEqual(null);
});
tap.test('should return failure for create target when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_CreateNetworkTarget>(
TEST_URL,
'createNetworkTarget'
);
const response = await req.fire({
identity: adminIdentity,
name: 'TEST',
host: '127.0.0.1',
port: 443,
});
expect(response.success).toBeFalse();
expect(response.message).toBeTruthy();
});
tap.test('should return empty target usage when resolver not initialized', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetNetworkTargetUsage>(
TEST_URL,
'getNetworkTargetUsage'
);
const response = await req.fire({
identity: adminIdentity,
id: 'nonexistent',
});
expect(response.routes).toBeArray();
expect(response.routes.length).toEqual(0);
});
// ============================================================================
// Auth rejection
// ============================================================================
tap.test('should reject unauthenticated profile requests', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetSecurityProfiles>(
TEST_URL,
'getSecurityProfiles'
);
try {
await req.fire({} as any);
expect(true).toBeFalse();
} catch (error) {
expect(error).toBeTruthy();
}
});
tap.test('should reject unauthenticated target requests', async () => {
const req = new TypedRequest<interfaces.requests.IReq_GetNetworkTargets>(
TEST_URL,
'getNetworkTargets'
);
try {
await req.fire({} as any);
expect(true).toBeFalse();
} catch (error) {
expect(error).toBeTruthy();
}
});
// ============================================================================
// Cleanup
// ============================================================================
tap.test('should stop DCRouter', async () => {
await testDcRouter.stop();
});
export default tap.start();