76 lines
2.7 KiB
TypeScript
76 lines
2.7 KiB
TypeScript
import { tap, expect } from '@git.zone/tstest/tapbundle';
|
|
import { ApiTokenManager } from '../ts/config/classes.api-token-manager.js';
|
|
import { DcRouterDb } from '../ts/db/index.js';
|
|
import * as plugins from '../ts/plugins.js';
|
|
|
|
const createTestDb = async () => {
|
|
const storagePath = plugins.path.join(
|
|
plugins.os.tmpdir(),
|
|
`dcrouter-api-token-manager-${Date.now()}-${Math.random().toString(16).slice(2)}`,
|
|
);
|
|
|
|
DcRouterDb.resetInstance();
|
|
const db = DcRouterDb.getInstance({
|
|
storagePath,
|
|
dbName: `dcrouter-api-token-manager-${Date.now()}-${Math.random().toString(16).slice(2)}`,
|
|
});
|
|
await db.start();
|
|
await db.getDb().mongoDb.createCollection('__test_init');
|
|
|
|
return {
|
|
async cleanup() {
|
|
await db.stop();
|
|
DcRouterDb.resetInstance();
|
|
await plugins.fs.promises.rm(storagePath, { recursive: true, force: true });
|
|
},
|
|
};
|
|
};
|
|
|
|
tap.test('ApiTokenManager seeds and rotates an env admin API token', async () => {
|
|
const previousToken = process.env.DCROUTER_ADMIN_API_TOKEN;
|
|
const previousName = process.env.DCROUTER_ADMIN_API_TOKEN_NAME;
|
|
const testDb = await createTestDb();
|
|
|
|
try {
|
|
const rawToken1 = `dcr_${plugins.crypto.randomBytes(32).toString('base64url')}`;
|
|
const rawToken2 = `dcr_${plugins.crypto.randomBytes(32).toString('base64url')}`;
|
|
process.env.DCROUTER_ADMIN_API_TOKEN = rawToken1;
|
|
process.env.DCROUTER_ADMIN_API_TOKEN_NAME = 'Onebox Managed Admin';
|
|
|
|
const manager = new ApiTokenManager();
|
|
await manager.initialize();
|
|
|
|
const token1 = await manager.validateToken(rawToken1);
|
|
expect(token1?.id).toEqual('env-admin-token');
|
|
expect(token1?.name).toEqual('Onebox Managed Admin');
|
|
expect(token1?.policy?.role).toEqual('admin');
|
|
expect(manager.hasScope(token1!, 'tokens:manage')).toEqual(true);
|
|
|
|
const listedToken = manager.listTokens().find((token) => token.id === 'env-admin-token') as any;
|
|
expect(listedToken.tokenHash).toBeUndefined();
|
|
|
|
process.env.DCROUTER_ADMIN_API_TOKEN = rawToken2;
|
|
const rotatedManager = new ApiTokenManager();
|
|
await rotatedManager.initialize();
|
|
|
|
expect(await rotatedManager.validateToken(rawToken1)).toBeNull();
|
|
const token2 = await rotatedManager.validateToken(rawToken2);
|
|
expect(token2?.id).toEqual('env-admin-token');
|
|
expect(token2?.policy?.role).toEqual('admin');
|
|
} finally {
|
|
if (previousToken === undefined) {
|
|
delete process.env.DCROUTER_ADMIN_API_TOKEN;
|
|
} else {
|
|
process.env.DCROUTER_ADMIN_API_TOKEN = previousToken;
|
|
}
|
|
if (previousName === undefined) {
|
|
delete process.env.DCROUTER_ADMIN_API_TOKEN_NAME;
|
|
} else {
|
|
process.env.DCROUTER_ADMIN_API_TOKEN_NAME = previousName;
|
|
}
|
|
await testDb.cleanup();
|
|
}
|
|
});
|
|
|
|
export default tap.start();
|