serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(gateway-clients): add policy-based gateway client tokens and gateway client route and DNS management endpoints

Browse Source
This commit is contained in:
Jürgen Kunz
2026-05-09 11:53:45 +00:00
parent 7e3b89d9b4
commit 97505935bb
15 changed files with 604 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/test.workhoster-handler.node.ts
+18 -4
View File
@@ -35,7 +35,16 @@ const makeApiTokenManager = (scopes: TScope[]) => {
return {
validateToken: async (rawToken: string) => rawToken === 'valid-token' ? token : null,
hasScope: (storedToken: interfaces.data.IStoredApiToken, scope: TScope) => storedToken.scopes.includes(scope),
hasScope: (storedToken: interfaces.data.IStoredApiToken, scope: TScope) => {
const scopes = new Set(storedToken.scopes);
const compatibilityAliases: Partial<Record<TScope, TScope[]>> = {
'gateway-clients:read': ['workhosters:read'],
'gateway-clients:write': ['workhosters:write'],
'workhosters:read': ['gateway-clients:read'],
'workhosters:write': ['gateway-clients:write'],
};
return scopes.has(scope) || Boolean(compatibilityAliases[scope]?.some((alias) => scopes.has(alias)));
},
};
};
@@ -132,7 +141,9 @@ tap.test('WorkHosterHandler exposes capabilities and managed domains with workho
dnsScopes: ['example.com'],
http3: { enabled: false },
},
routeConfigManager: {},
routeConfigManager: {
getMergedRoutes: () => ({ routes: [] }),
},
smartProxy: {},
emailDomainManager: {},
emailServer: {},
@@ -209,9 +220,12 @@ tap.test('WorkHosterHandler syncs WorkApp routes idempotently with workhosters:w
const createdRoute = routeConfig.routes.get('route-1')!;
expect(createdRoute.createdBy).toEqual('token-user');
expect(createdRoute.route.name?.startsWith('workapp-onebox-box-1-app-1-app-example-com')).toEqual(true);
expect(createdRoute.route.name?.startsWith('gateway-client-onebox-box-1-app-1-app-example-com')).toEqual(true);
expect(createdRoute.metadata).toEqual({
ownerType: 'workhoster',
ownerType: 'gatewayClient',
gatewayClientType: 'onebox',
gatewayClientId: 'box-1',
gatewayClientAppId: 'app-1',
workHosterType: 'onebox',
workHosterId: 'box-1',
workAppId: 'app-1',