akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

test: comprehensive API test coverage with full input variations

Browse Source 
- OpenAPI endpoint: 5 tests (spec structure, paths, headers, schemas)
- Proxy hosts: POST/PUT/GET with all nested fields (authentik, load_balancer,
  dns_resolver, geoblock, waf, mtls, redirects, rewrite) + error cases
- L4 proxy hosts: TCP+TLS, UDP, matcher/protocol variations + error cases
- Certificates: managed with provider_options, imported with PEM fields
- Client certificates: all required fields, revoke with revoked_at
- Access lists: seed users, entry add with username/password + error cases
- Settings: GET+PUT for all 11 groups (was 3), full data shapes
- API auth: empty Bearer, CSRF session vs Bearer, apiErrorResponse variants
- API tokens integration: cross-user isolation, admin visibility, inactive user
- CA certificates: PUT/DELETE error cases

646 tests total (54 new)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
fuomag9
2026-03-26 10:15:22 +01:00
parent de28478a42
commit 28f61082ce
10 changed files with 1199 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/unit/api-routes/proxy-hosts.test.ts
+287
View File
@@ -134,6 +134,16 @@ describe('PUT /api/v1/proxy-hosts/[id]', () => {
expect(data.forward_port).toBe(9090);
expect(mockUpdateProxyHost).toHaveBeenCalledWith(1, body, 1);
});
it('returns 500 when host not found', async () => {
mockUpdateProxyHost.mockRejectedValue(new Error('not found'));
const response = await PUT(createMockRequest({ method: 'PUT', body: { forward_port: 9090 } }), { params: Promise.resolve({ id: '999' }) });
const data = await response.json();
expect(response.status).toBe(500);
expect(data.error).toBe('not found');
});
});
describe('DELETE /api/v1/proxy-hosts/[id]', () => {
@@ -147,4 +157,281 @@ describe('DELETE /api/v1/proxy-hosts/[id]', () => {
expect(data).toEqual({ ok: true });
expect(mockDeleteProxyHost).toHaveBeenCalledWith(1, 1);
});
it('returns 500 when host not found', async () => {
mockDeleteProxyHost.mockRejectedValue(new Error('not found'));
const response = await DELETE(createMockRequest({ method: 'DELETE' }), { params: Promise.resolve({ id: '999' }) });
const data = await response.json();
expect(response.status).toBe(500);
expect(data.error).toBe('not found');
});
});
describe('POST /api/v1/proxy-hosts (all optional fields)', () => {
it('creates proxy host with all optional fields', async () => {
const fullBody = {
name: "Full Featured Host",
domains: ["app.example.com", "www.example.com"],
upstreams: ["10.0.0.1:8080", "10.0.0.2:8080"],
certificate_id: 5,
access_list_id: 2,
ssl_forced: true,
hsts_enabled: true,
hsts_subdomains: true,
allow_websocket: true,
preserve_host_header: true,
skip_https_hostname_validation: false,
enabled: true,
custom_reverse_proxy_json: '{"flush_interval": -1}',
custom_pre_handlers_json: null,
authentik: {
enabled: true,
outpostDomain: "auth.example.com",
outpostUpstream: "http://authentik:9000",
authEndpoint: null,
copyHeaders: ["X-Authentik-Username", "X-Authentik-Email"],
trustedProxies: ["private_ranges"],
setOutpostHostHeader: true,
protectedPaths: null,
},
load_balancer: {
enabled: true,
policy: "round_robin",
policyHeaderField: null,
policyCookieName: null,
policyCookieSecret: null,
tryDuration: "5s",
tryInterval: "250ms",
retries: 3,
activeHealthCheck: {
enabled: true,
uri: "/health",
port: null,
interval: "30s",
timeout: "5s",
status: 200,
body: null,
},
passiveHealthCheck: {
enabled: true,
failDuration: "30s",
maxFails: 5,
unhealthyStatus: [502, 503],
unhealthyLatency: "10s",
},
},
dns_resolver: {
enabled: true,
resolvers: ["1.1.1.1", "8.8.8.8"],
fallbacks: ["9.9.9.9"],
timeout: "5s",
},
upstream_dns_resolution: {
enabled: true,
family: "ipv4",
},
geoblock: {
enabled: true,
block_countries: ["CN", "RU"],
block_continents: [],
block_asns: [12345],
block_cidrs: [],
block_ips: [],
allow_countries: ["US", "FI"],
allow_continents: [],
allow_asns: [],
allow_cidrs: ["10.0.0.0/8"],
allow_ips: [],
trusted_proxies: ["private_ranges"],
fail_closed: false,
response_status: 403,
response_body: "Access denied",
response_headers: {},
redirect_url: "",
},
geoblock_mode: "merge",
waf: {
enabled: true,
mode: "On",
load_owasp_crs: true,
custom_directives: 'SecRule REQUEST_URI "@contains /admin" "id:1001,deny,status:403"',
excluded_rule_ids: [920350, 942100],
waf_mode: "merge",
},
mtls: {
enabled: true,
ca_certificate_ids: [1, 3],
},
redirects: [
{ from: "/.well-known/carddav", to: "/remote.php/dav/", status: 301 },
{ from: "/old-path", to: "/new-path", status: 308 },
],
rewrite: {
path_prefix: "/api",
},
};
const returnValue = { id: 99, ...fullBody, created_at: '2026-03-26T00:00:00Z', updated_at: '2026-03-26T00:00:00Z' };
mockCreateProxyHost.mockResolvedValue(returnValue as any);
const response = await POST(createMockRequest({ method: 'POST', body: fullBody }));
const data = await response.json();
expect(response.status).toBe(201);
expect(data.id).toBe(99);
expect(mockCreateProxyHost).toHaveBeenCalledWith(fullBody, 1);
});
});
describe('PUT /api/v1/proxy-hosts/[id] (partial fields)', () => {
it('updates proxy host with partial fields', async () => {
const partialBody = {
ssl_forced: false,
waf: { enabled: false, mode: "Off", load_owasp_crs: false, custom_directives: "", excluded_rule_ids: [] },
redirects: [],
};
const updated = { ...sampleHost, ...partialBody };
mockUpdateProxyHost.mockResolvedValue(updated as any);
const response = await PUT(createMockRequest({ method: 'PUT', body: partialBody }), { params: Promise.resolve({ id: '1' }) });
const data = await response.json();
expect(response.status).toBe(200);
expect(mockUpdateProxyHost).toHaveBeenCalledWith(1, partialBody, 1);
expect(data.ssl_forced).toBe(false);
expect(data.waf).toEqual(partialBody.waf);
expect(data.redirects).toEqual([]);
});
});
describe('GET /api/v1/proxy-hosts/[id] (all nested fields)', () => {
it('returns proxy host with all nested fields', async () => {
const fullHost = {
id: 42,
name: "Full Host",
domains: ["app.example.com"],
upstreams: ["10.0.0.1:8080"],
certificate_id: 5,
access_list_id: 2,
ssl_forced: true,
hsts_enabled: true,
hsts_subdomains: true,
allow_websocket: true,
preserve_host_header: true,
skip_https_hostname_validation: false,
enabled: true,
custom_reverse_proxy_json: '{"flush_interval": -1}',
custom_pre_handlers_json: null,
created_at: '2026-01-01',
updated_at: '2026-01-01',
authentik: {
enabled: true,
outpostDomain: "auth.example.com",
outpostUpstream: "http://authentik:9000",
authEndpoint: null,
copyHeaders: ["X-Authentik-Username"],
trustedProxies: ["private_ranges"],
setOutpostHostHeader: true,
protectedPaths: null,
},
load_balancer: {
enabled: true,
policy: "round_robin",
policyHeaderField: null,
policyCookieName: null,
policyCookieSecret: null,
tryDuration: "5s",
tryInterval: "250ms",
retries: 3,
activeHealthCheck: {
enabled: true,
uri: "/health",
port: null,
interval: "30s",
timeout: "5s",
status: 200,
body: null,
},
passiveHealthCheck: {
enabled: true,
failDuration: "30s",
maxFails: 5,
unhealthyStatus: [502, 503],
unhealthyLatency: "10s",
},
},
dns_resolver: {
enabled: true,
resolvers: ["1.1.1.1"],
fallbacks: [],
timeout: "5s",
},
upstream_dns_resolution: {
enabled: true,
family: "ipv4",
},
geoblock: {
enabled: true,
block_countries: ["CN"],
block_continents: [],
block_asns: [],
block_cidrs: [],
block_ips: [],
allow_countries: ["FI"],
allow_continents: [],
allow_asns: [],
allow_cidrs: [],
allow_ips: [],
trusted_proxies: ["private_ranges"],
fail_closed: false,
response_status: 403,
response_body: "Blocked",
response_headers: {},
redirect_url: "",
},
geoblock_mode: "merge",
waf: {
enabled: true,
mode: "On",
load_owasp_crs: true,
custom_directives: "",
excluded_rule_ids: [],
waf_mode: "merge",
},
mtls: {
enabled: true,
ca_certificate_ids: [1],
},
redirects: [
{ from: "/old", to: "/new", status: 301 },
],
rewrite: {
path_prefix: "/api",
},
};
mockGetProxyHost.mockResolvedValue(fullHost as any);
const response = await getGET(createMockRequest(), { params: Promise.resolve({ id: '42' }) });
const data = await response.json();
expect(response.status).toBe(200);
expect(data).toEqual(fullHost);
expect(data.authentik.enabled).toBe(true);
expect(data.authentik.outpostDomain).toBe("auth.example.com");
expect(data.load_balancer.policy).toBe("round_robin");
expect(data.load_balancer.activeHealthCheck.uri).toBe("/health");
expect(data.load_balancer.passiveHealthCheck.maxFails).toBe(5);
expect(data.dns_resolver.resolvers).toEqual(["1.1.1.1"]);
expect(data.upstream_dns_resolution.family).toBe("ipv4");
expect(data.geoblock.block_countries).toEqual(["CN"]);
expect(data.waf.mode).toBe("On");
expect(data.mtls.ca_certificate_ids).toEqual([1]);
expect(data.redirects).toHaveLength(1);
expect(data.rewrite.path_prefix).toBe("/api");
expect(mockGetProxyHost).toHaveBeenCalledWith(42);
});
});