serve.zone/onebox
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

fix(external-gateway): derive gateway client identity from the dcrouter token and make the settings UI read-only

Browse Source
This commit is contained in:
Jürgen Kunz
2026-05-09 22:36:26 +00:00
parent b9c90eca3d
commit 15574b8629
7 changed files with 135 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/external_gateway_test.ts
+18 -5
View File
@@ -62,8 +62,6 @@ class FakeDatabase {
const makeOneboxRef = () => {
const database = new FakeDatabase();
database.settings.set('dcrouterGatewayUrl', 'https://edge.example.com');
database.settings.set('dcrouterGatewayClientId', 'onebox-1');
database.settings.set('dcrouterWorkHosterId', 'onebox-1');
database.secretSettings.set('dcrouterGatewayApiToken', 'dcr-token');
let reloadCount = 0;
@@ -94,8 +92,11 @@ Deno.test('ExternalGatewayManager syncs dcrouter domains into Onebox domains', a
const manager = new ExternalGatewayManager(oneboxRef as any);
(manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
if (method === 'getGatewayClientContext') {
return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
}
assertEquals(method, 'getGatewayClientDomains');
assertEquals(requestData.gatewayClientId, 'onebox-1');
assertEquals(requestData.gatewayClientId, 'onebox-token');
return {
domains: [
{
@@ -139,6 +140,9 @@ Deno.test('ExternalGatewayManager syncs service routes to dcrouter gatewayClient
const requests: Array<{ method: string; requestData: Record<string, unknown> }> = [];
const manager = new ExternalGatewayManager(oneboxRef as any);
(manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
if (method === 'getGatewayClientContext') {
return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
}
requests.push({ method, requestData });
if (method === 'exportCertificate') {
return { success: false };
@@ -154,7 +158,7 @@ Deno.test('ExternalGatewayManager syncs service routes to dcrouter gatewayClient
assertEquals(ownership, {
gatewayClientType: 'onebox',
gatewayClientId: 'onebox-1',
gatewayClientId: 'onebox-token',
appId: 'hello',
hostname: 'hello.example.com',
});
@@ -189,6 +193,9 @@ Deno.test('ExternalGatewayManager uses managed dcrouter local target in managed
let syncRequest: Record<string, unknown> | null = null;
const manager = new ExternalGatewayManager(oneboxRef as any);
(manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>, config: any) => {
if (method === 'getGatewayClientContext') {
return { context: { role: 'admin' } };
}
if (method === 'exportCertificate') {
return { success: false };
}
@@ -213,6 +220,9 @@ Deno.test('ExternalGatewayManager deletes service routes through dcrouter gatewa
let deleteRequest: Record<string, unknown> | null = null;
(manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
if (method === 'getGatewayClientContext') {
return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
}
assertEquals(method, 'syncGatewayClientRoute');
deleteRequest = requestData;
return { success: true, action: 'deleted', routeId: 'route-1' };
@@ -227,7 +237,7 @@ Deno.test('ExternalGatewayManager deletes service routes through dcrouter gatewa
assert(deleteRequest);
const capturedDeleteRequest = deleteRequest as Record<string, unknown>;
assertEquals(capturedDeleteRequest.delete, true);
assertEquals((capturedDeleteRequest.ownership as any).gatewayClientId, 'onebox-1');
assertEquals((capturedDeleteRequest.ownership as any).gatewayClientId, 'onebox-token');
assertEquals((capturedDeleteRequest.ownership as any).hostname, 'hello.example.com');
});
@@ -235,6 +245,9 @@ Deno.test('ExternalGatewayManager imports exported dcrouter certificates into On
const oneboxRef = makeOneboxRef();
const manager = new ExternalGatewayManager(oneboxRef as any);
(manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
if (method === 'getGatewayClientContext') {
return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
}
assertEquals(method, 'exportCertificate');
assertEquals(requestData.domain, 'hello.example.com');
return {