akanealw
99819b70ff
Some checks failed
Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled
Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled
Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled
Tests / test (push) Has been cancelled
438 lines
14 KiB
TypeScript
Executable File
438 lines
14 KiB
TypeScript
Executable File
import { describe, it, expect, vi, beforeEach } from 'vitest';
|
|
|
|
vi.mock('@/src/lib/models/proxy-hosts', () => ({
|
|
listProxyHosts: vi.fn(),
|
|
createProxyHost: vi.fn(),
|
|
getProxyHost: vi.fn(),
|
|
updateProxyHost: vi.fn(),
|
|
deleteProxyHost: vi.fn(),
|
|
}));
|
|
|
|
vi.mock('@/src/lib/api-auth', () => {
|
|
const ApiAuthError = class extends Error {
|
|
status: number;
|
|
constructor(msg: string, status: number) { super(msg); this.status = status; this.name = 'ApiAuthError'; }
|
|
};
|
|
return {
|
|
requireApiAdmin: vi.fn().mockResolvedValue({ userId: 1, role: 'admin', authMethod: 'bearer' }),
|
|
requireApiUser: vi.fn().mockResolvedValue({ userId: 1, role: 'admin', authMethod: 'bearer' }),
|
|
apiErrorResponse: vi.fn((error: unknown) => {
|
|
const { NextResponse: NR } = require('next/server');
|
|
if (error instanceof ApiAuthError) {
|
|
return NR.json({ error: error.message }, { status: error.status });
|
|
}
|
|
return NR.json({ error: error instanceof Error ? error.message : 'Internal server error' }, { status: 500 });
|
|
}),
|
|
ApiAuthError,
|
|
};
|
|
});
|
|
|
|
import { GET as listGET, POST } from '@/app/api/v1/proxy-hosts/route';
|
|
import { GET as getGET, PUT, DELETE } from '@/app/api/v1/proxy-hosts/[id]/route';
|
|
import { listProxyHosts, createProxyHost, getProxyHost, updateProxyHost, deleteProxyHost } from '@/src/lib/models/proxy-hosts';
|
|
import { requireApiAdmin } from '@/src/lib/api-auth';
|
|
|
|
const mockListProxyHosts = vi.mocked(listProxyHosts);
|
|
const mockCreateProxyHost = vi.mocked(createProxyHost);
|
|
const mockGetProxyHost = vi.mocked(getProxyHost);
|
|
const mockUpdateProxyHost = vi.mocked(updateProxyHost);
|
|
const mockDeleteProxyHost = vi.mocked(deleteProxyHost);
|
|
const mockRequireApiAdmin = vi.mocked(requireApiAdmin);
|
|
|
|
function createMockRequest(options: { method?: string; body?: unknown } = {}): any {
|
|
return {
|
|
headers: { get: () => null },
|
|
method: options.method ?? 'GET',
|
|
nextUrl: { pathname: '/api/v1/proxy-hosts', searchParams: new URLSearchParams() },
|
|
json: async () => options.body ?? {},
|
|
};
|
|
}
|
|
|
|
const sampleHost = {
|
|
id: 1,
|
|
domains: ['example.com'],
|
|
forward_host: '10.0.0.1',
|
|
forward_port: 8080,
|
|
forward_scheme: 'http',
|
|
enabled: true,
|
|
created_at: '2026-01-01',
|
|
updated_at: '2026-01-01',
|
|
};
|
|
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
mockRequireApiAdmin.mockResolvedValue({ userId: 1, role: 'admin', authMethod: 'bearer' });
|
|
});
|
|
|
|
describe('GET /api/v1/proxy-hosts', () => {
|
|
it('returns list of proxy hosts', async () => {
|
|
mockListProxyHosts.mockResolvedValue([sampleHost] as any);
|
|
|
|
const response = await listGET(createMockRequest());
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(data).toEqual([sampleHost]);
|
|
});
|
|
|
|
it('returns 401 on auth failure', async () => {
|
|
const { ApiAuthError } = await import('@/src/lib/api-auth');
|
|
mockRequireApiAdmin.mockRejectedValue(new ApiAuthError('Unauthorized', 401));
|
|
|
|
const response = await listGET(createMockRequest());
|
|
expect(response.status).toBe(401);
|
|
});
|
|
});
|
|
|
|
describe('POST /api/v1/proxy-hosts', () => {
|
|
it('creates a proxy host and returns 201', async () => {
|
|
const body = { domains: ['new.example.com'], forward_host: '10.0.0.2', forward_port: 3000 };
|
|
mockCreateProxyHost.mockResolvedValue({ id: 2, ...body } as any);
|
|
|
|
const response = await POST(createMockRequest({ method: 'POST', body }));
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(201);
|
|
expect(data.id).toBe(2);
|
|
expect(mockCreateProxyHost).toHaveBeenCalledWith(body, 1);
|
|
});
|
|
});
|
|
|
|
describe('GET /api/v1/proxy-hosts/[id]', () => {
|
|
it('returns a proxy host by id', async () => {
|
|
mockGetProxyHost.mockResolvedValue(sampleHost as any);
|
|
|
|
const response = await getGET(createMockRequest(), { params: Promise.resolve({ id: '1' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(data).toEqual(sampleHost);
|
|
expect(mockGetProxyHost).toHaveBeenCalledWith(1);
|
|
});
|
|
|
|
it('returns 404 for non-existent host', async () => {
|
|
mockGetProxyHost.mockResolvedValue(null as any);
|
|
|
|
const response = await getGET(createMockRequest(), { params: Promise.resolve({ id: '999' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(404);
|
|
expect(data.error).toBe('Not found');
|
|
});
|
|
});
|
|
|
|
describe('PUT /api/v1/proxy-hosts/[id]', () => {
|
|
it('updates a proxy host', async () => {
|
|
const body = { forward_port: 9090 };
|
|
const updated = { ...sampleHost, forward_port: 9090 };
|
|
mockUpdateProxyHost.mockResolvedValue(updated as any);
|
|
|
|
const response = await PUT(createMockRequest({ method: 'PUT', body }), { params: Promise.resolve({ id: '1' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(data.forward_port).toBe(9090);
|
|
expect(mockUpdateProxyHost).toHaveBeenCalledWith(1, body, 1);
|
|
});
|
|
|
|
it('returns 500 when host not found', async () => {
|
|
mockUpdateProxyHost.mockRejectedValue(new Error('not found'));
|
|
|
|
const response = await PUT(createMockRequest({ method: 'PUT', body: { forward_port: 9090 } }), { params: Promise.resolve({ id: '999' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(500);
|
|
expect(data.error).toBe('not found');
|
|
});
|
|
});
|
|
|
|
describe('DELETE /api/v1/proxy-hosts/[id]', () => {
|
|
it('deletes a proxy host', async () => {
|
|
mockDeleteProxyHost.mockResolvedValue(undefined as any);
|
|
|
|
const response = await DELETE(createMockRequest({ method: 'DELETE' }), { params: Promise.resolve({ id: '1' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(data).toEqual({ ok: true });
|
|
expect(mockDeleteProxyHost).toHaveBeenCalledWith(1, 1);
|
|
});
|
|
|
|
it('returns 500 when host not found', async () => {
|
|
mockDeleteProxyHost.mockRejectedValue(new Error('not found'));
|
|
|
|
const response = await DELETE(createMockRequest({ method: 'DELETE' }), { params: Promise.resolve({ id: '999' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(500);
|
|
expect(data.error).toBe('not found');
|
|
});
|
|
});
|
|
|
|
describe('POST /api/v1/proxy-hosts (all optional fields)', () => {
|
|
it('creates proxy host with all optional fields', async () => {
|
|
const fullBody = {
|
|
name: "Full Featured Host",
|
|
domains: ["app.example.com", "www.example.com"],
|
|
upstreams: ["10.0.0.1:8080", "10.0.0.2:8080"],
|
|
certificate_id: 5,
|
|
access_list_id: 2,
|
|
ssl_forced: true,
|
|
hsts_enabled: true,
|
|
hsts_subdomains: true,
|
|
allow_websocket: true,
|
|
preserve_host_header: true,
|
|
skip_https_hostname_validation: false,
|
|
enabled: true,
|
|
custom_reverse_proxy_json: '{"flush_interval": -1}',
|
|
custom_pre_handlers_json: null,
|
|
authentik: {
|
|
enabled: true,
|
|
outpostDomain: "auth.example.com",
|
|
outpostUpstream: "http://authentik:9000",
|
|
authEndpoint: null,
|
|
copyHeaders: ["X-Authentik-Username", "X-Authentik-Email"],
|
|
trustedProxies: ["private_ranges"],
|
|
setOutpostHostHeader: true,
|
|
protectedPaths: null,
|
|
},
|
|
load_balancer: {
|
|
enabled: true,
|
|
policy: "round_robin",
|
|
policyHeaderField: null,
|
|
policyCookieName: null,
|
|
policyCookieSecret: null,
|
|
tryDuration: "5s",
|
|
tryInterval: "250ms",
|
|
retries: 3,
|
|
activeHealthCheck: {
|
|
enabled: true,
|
|
uri: "/health",
|
|
port: null,
|
|
interval: "30s",
|
|
timeout: "5s",
|
|
status: 200,
|
|
body: null,
|
|
},
|
|
passiveHealthCheck: {
|
|
enabled: true,
|
|
failDuration: "30s",
|
|
maxFails: 5,
|
|
unhealthyStatus: [502, 503],
|
|
unhealthyLatency: "10s",
|
|
},
|
|
},
|
|
dns_resolver: {
|
|
enabled: true,
|
|
resolvers: ["1.1.1.1", "8.8.8.8"],
|
|
fallbacks: ["9.9.9.9"],
|
|
timeout: "5s",
|
|
},
|
|
upstream_dns_resolution: {
|
|
enabled: true,
|
|
family: "ipv4",
|
|
},
|
|
geoblock: {
|
|
enabled: true,
|
|
block_countries: ["CN", "RU"],
|
|
block_continents: [],
|
|
block_asns: [12345],
|
|
block_cidrs: [],
|
|
block_ips: [],
|
|
allow_countries: ["US", "FI"],
|
|
allow_continents: [],
|
|
allow_asns: [],
|
|
allow_cidrs: ["10.0.0.0/8"],
|
|
allow_ips: [],
|
|
trusted_proxies: ["private_ranges"],
|
|
fail_closed: false,
|
|
response_status: 403,
|
|
response_body: "Access denied",
|
|
response_headers: {},
|
|
redirect_url: "",
|
|
},
|
|
geoblock_mode: "merge",
|
|
waf: {
|
|
enabled: true,
|
|
mode: "On",
|
|
load_owasp_crs: true,
|
|
custom_directives: 'SecRule REQUEST_URI "@contains /admin" "id:1001,deny,status:403"',
|
|
excluded_rule_ids: [920350, 942100],
|
|
waf_mode: "merge",
|
|
},
|
|
mtls: {
|
|
enabled: true,
|
|
ca_certificate_ids: [1, 3],
|
|
},
|
|
redirects: [
|
|
{ from: "/.well-known/carddav", to: "/remote.php/dav/", status: 301 },
|
|
{ from: "/old-path", to: "/new-path", status: 308 },
|
|
],
|
|
rewrite: {
|
|
path_prefix: "/api",
|
|
},
|
|
};
|
|
|
|
const returnValue = { id: 99, ...fullBody, created_at: '2026-03-26T00:00:00Z', updated_at: '2026-03-26T00:00:00Z' };
|
|
mockCreateProxyHost.mockResolvedValue(returnValue as any);
|
|
|
|
const response = await POST(createMockRequest({ method: 'POST', body: fullBody }));
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(201);
|
|
expect(data.id).toBe(99);
|
|
expect(mockCreateProxyHost).toHaveBeenCalledWith(fullBody, 1);
|
|
});
|
|
});
|
|
|
|
describe('PUT /api/v1/proxy-hosts/[id] (partial fields)', () => {
|
|
it('updates proxy host with partial fields', async () => {
|
|
const partialBody = {
|
|
ssl_forced: false,
|
|
waf: { enabled: false, mode: "Off", load_owasp_crs: false, custom_directives: "", excluded_rule_ids: [] },
|
|
redirects: [],
|
|
};
|
|
|
|
const updated = { ...sampleHost, ...partialBody };
|
|
mockUpdateProxyHost.mockResolvedValue(updated as any);
|
|
|
|
const response = await PUT(createMockRequest({ method: 'PUT', body: partialBody }), { params: Promise.resolve({ id: '1' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(mockUpdateProxyHost).toHaveBeenCalledWith(1, partialBody, 1);
|
|
expect(data.ssl_forced).toBe(false);
|
|
expect(data.waf).toEqual(partialBody.waf);
|
|
expect(data.redirects).toEqual([]);
|
|
});
|
|
});
|
|
|
|
describe('GET /api/v1/proxy-hosts/[id] (all nested fields)', () => {
|
|
it('returns proxy host with all nested fields', async () => {
|
|
const fullHost = {
|
|
id: 42,
|
|
name: "Full Host",
|
|
domains: ["app.example.com"],
|
|
upstreams: ["10.0.0.1:8080"],
|
|
certificate_id: 5,
|
|
access_list_id: 2,
|
|
ssl_forced: true,
|
|
hsts_enabled: true,
|
|
hsts_subdomains: true,
|
|
allow_websocket: true,
|
|
preserve_host_header: true,
|
|
skip_https_hostname_validation: false,
|
|
enabled: true,
|
|
custom_reverse_proxy_json: '{"flush_interval": -1}',
|
|
custom_pre_handlers_json: null,
|
|
created_at: '2026-01-01',
|
|
updated_at: '2026-01-01',
|
|
authentik: {
|
|
enabled: true,
|
|
outpostDomain: "auth.example.com",
|
|
outpostUpstream: "http://authentik:9000",
|
|
authEndpoint: null,
|
|
copyHeaders: ["X-Authentik-Username"],
|
|
trustedProxies: ["private_ranges"],
|
|
setOutpostHostHeader: true,
|
|
protectedPaths: null,
|
|
},
|
|
load_balancer: {
|
|
enabled: true,
|
|
policy: "round_robin",
|
|
policyHeaderField: null,
|
|
policyCookieName: null,
|
|
policyCookieSecret: null,
|
|
tryDuration: "5s",
|
|
tryInterval: "250ms",
|
|
retries: 3,
|
|
activeHealthCheck: {
|
|
enabled: true,
|
|
uri: "/health",
|
|
port: null,
|
|
interval: "30s",
|
|
timeout: "5s",
|
|
status: 200,
|
|
body: null,
|
|
},
|
|
passiveHealthCheck: {
|
|
enabled: true,
|
|
failDuration: "30s",
|
|
maxFails: 5,
|
|
unhealthyStatus: [502, 503],
|
|
unhealthyLatency: "10s",
|
|
},
|
|
},
|
|
dns_resolver: {
|
|
enabled: true,
|
|
resolvers: ["1.1.1.1"],
|
|
fallbacks: [],
|
|
timeout: "5s",
|
|
},
|
|
upstream_dns_resolution: {
|
|
enabled: true,
|
|
family: "ipv4",
|
|
},
|
|
geoblock: {
|
|
enabled: true,
|
|
block_countries: ["CN"],
|
|
block_continents: [],
|
|
block_asns: [],
|
|
block_cidrs: [],
|
|
block_ips: [],
|
|
allow_countries: ["FI"],
|
|
allow_continents: [],
|
|
allow_asns: [],
|
|
allow_cidrs: [],
|
|
allow_ips: [],
|
|
trusted_proxies: ["private_ranges"],
|
|
fail_closed: false,
|
|
response_status: 403,
|
|
response_body: "Blocked",
|
|
response_headers: {},
|
|
redirect_url: "",
|
|
},
|
|
geoblock_mode: "merge",
|
|
waf: {
|
|
enabled: true,
|
|
mode: "On",
|
|
load_owasp_crs: true,
|
|
custom_directives: "",
|
|
excluded_rule_ids: [],
|
|
waf_mode: "merge",
|
|
},
|
|
mtls: {
|
|
enabled: true,
|
|
ca_certificate_ids: [1],
|
|
},
|
|
redirects: [
|
|
{ from: "/old", to: "/new", status: 301 },
|
|
],
|
|
rewrite: {
|
|
path_prefix: "/api",
|
|
},
|
|
};
|
|
|
|
mockGetProxyHost.mockResolvedValue(fullHost as any);
|
|
|
|
const response = await getGET(createMockRequest(), { params: Promise.resolve({ id: '42' }) });
|
|
const data = await response.json();
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(data).toEqual(fullHost);
|
|
expect(data.authentik.enabled).toBe(true);
|
|
expect(data.authentik.outpostDomain).toBe("auth.example.com");
|
|
expect(data.load_balancer.policy).toBe("round_robin");
|
|
expect(data.load_balancer.activeHealthCheck.uri).toBe("/health");
|
|
expect(data.load_balancer.passiveHealthCheck.maxFails).toBe(5);
|
|
expect(data.dns_resolver.resolvers).toEqual(["1.1.1.1"]);
|
|
expect(data.upstream_dns_resolution.family).toBe("ipv4");
|
|
expect(data.geoblock.block_countries).toEqual(["CN"]);
|
|
expect(data.waf.mode).toBe("On");
|
|
expect(data.mtls.ca_certificate_ids).toEqual([1]);
|
|
expect(data.redirects).toHaveLength(1);
|
|
expect(data.rewrite.path_prefix).toBe("/api");
|
|
expect(mockGetProxyHost).toHaveBeenCalledWith(42);
|
|
});
|
|
});
|