jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

reverseproxy: use async exec

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-02-21 12:33:04 +01:00
parent 9b94cf18d0
commit c1bb4de6a3
5 changed files with 90 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
src/test/reverseproxy-test.js
View File

@@ -5,12 +5,14 @@
'use strict';
const common = require('./common.js'),
const BoxError = require('../boxerror.js'),
common = require('./common.js'),
domains = require('../domains.js'),
expect = require('expect.js'),
fs = require('fs'),
paths = require('../paths.js'),
reverseProxy = require('../reverseproxy.js');
reverseProxy = require('../reverseproxy.js'),
safe = require('safetydance');
describe('Reverse Proxy', function () {
const { setup, cleanup, domain, auditSource, app } = common;
@@ -58,59 +60,70 @@ describe('Reverse Proxy', function () {
const validCert3 = '-----BEGIN CERTIFICATE-----\nMIIC3DCCAcSgAwIBAgIJALcStAD5sDWEMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV\nBAMMDSouYW1hemluZy5jb20wHhcNMTgwMjA5MjIxMzM2WhcNMjgwMjA3MjIxMzM2\nWjAYMRYwFAYDVQQDDA0qLmFtYXppbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAvp8dk13u4vmAfKfRNOO8+rVQ8q+vyR8scc9Euj0pTodLBflM\n2K6Zk0isirRzCL/jd4n1A6QrPeJ+r2J4xtHk2j+pavt8Sa2Go2MzpAe3OTuIqYJf\nUt7Im3f2Lb67itTPrpA2TR3A/dDFlazju+eBd3t3496Do8aBPpXAdOabfPsrv3nE\nx97vrr4tzeK3kG9u7GYuod5gyiwF2t5wSeMWbFk2oqkOCtHRXE77JDKVxIGiepnU\nTnkW9b7jIkiBQ1x0xHG4soewV2ymGHS2XrUHZ45FFMG7yVYpytKT9Iz9ty/z5VcL\nZ6NzgU/pKfQaIe8MpoDpVf5UNeB2DOAAEoJKKwIDAQABoykwJzAlBgNVHREEHjAc\nggthbWF6aW5nLmNvbYINKi5hbWF6aW5nLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA\nMULk6B9XrVPAole8W66o3WUUOrC7NVjbwZjr+Kp5oQTSo84qacaZS2C3ox/j/TZY\nUuNvoE6gIOHi+inN+G4P76K7NEvm8+Y1CeAyaPq01H4Qy2lk9F5wFMtPqvBZnF9C\nx1MvV30FruHXe5pDfnG1npKECpn2SgE3k6FRHM55u8rTMEm/O4TtsDq+fPqUvyWa\nZuRjPv4qVGGkoPyxA6iffxclpOAXs3JUgLcYoM2vxKC0YSOjHEa0p4uffX063Jgg\nybuy3OKvm+8L6moycX7J+LZK81dDTFDtF7PwrnRbpS4re0i/LSk23jDQvDOLnrAa\nSawRR8+1QHTENBo7dnP+NA==\n-----END CERTIFICATE-----';
const validKey3 = '-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC+nx2TXe7i+YB8\np9E047z6tVDyr6/JHyxxz0S6PSlOh0sF+UzYrpmTSKyKtHMIv+N3ifUDpCs94n6v\nYnjG0eTaP6lq+3xJrYajYzOkB7c5O4ipgl9S3sibd/YtvruK1M+ukDZNHcD90MWV\nrOO754F3e3fj3oOjxoE+lcB05pt8+yu/ecTH3u+uvi3N4reQb27sZi6h3mDKLAXa\n3nBJ4xZsWTaiqQ4K0dFcTvskMpXEgaJ6mdROeRb1vuMiSIFDXHTEcbiyh7BXbKYY\ndLZetQdnjkUUwbvJVinK0pP0jP23L/PlVwtno3OBT+kp9Boh7wymgOlV/lQ14HYM\n4AASgkorAgMBAAECggEAdVSVLMcNqlGuv4vAHtDq2lpOaAKxrZbtkWPlxsisqzRl\nfljT7y+RQfHimkG16LXL+iFFWadsIlxOY/+1nZNGTPwQeNQwzVzs2ZbPC3DgW28E\nkGm56NVOHzu4oLGc2DhjWOxVMCRXTSN66sUPK/K0YunxgqXM2zrtBKvCWXI0VLlo\nN/UWAwHf4i0GWRl8u8PvxgMXlSW9p9l6gSsivWRMag9ADwRQ/NSKrRYkiOoRe3vz\nLxXARBvzeZXvOPVLGVRX4SIR7OmS8cC6Ol/rp1/ZFFID7aN+wdzphPSL1UNUriw4\nDv1mxz73SNakgeYSFBoWRS5BsJI01JoCoILsnhVCiQKBgQDyW+k5+j4K17fzwsmi\nyxZ0Nz/ncpkqxVrWYZM3pn7OVkb2NDArimEk53kmJ0hrT84kKJUYDx55R2TpnzpV\nMLmjxgs9TUrzZzsL/DP2ppkfE3OrPS+06OGa5GbURxD6KPvqDtOmU3oFyJ3f4YJR\nVK7RW+zO4sXEpHIxwdBXbYov1QKBgQDJWbt+W5M0sA2D5LrUBNMTvMdNnKH0syc2\nZlcIOdj6HuUIveYpBRq64Jn9VJpXMxQanwE+IUjCpPTa8wF0OA6MZPy6cfovqb8a\ni1/M/lvCoYVS3KHLcTOvTGD3xej0EUj13xWGNu8y3i7Z9/Bl21hEyjd0q0I5OqJx\no9Qa5TGR/wKBgBPfkYpdiMTe14i3ik09FgRFm4nhDcpCEKbPrYC8uF03Ge6KbQDF\nAh5ClN6aDggurRqt8Tvd0YPkZNP7aI8fxbk2PimystiuuFrNPX2WP6warjt2cvkE\nt6s522zAvxWkUrPor1ZONg1PXBLFrSf6J7OnNA3q7oina23FFM52fwRZAoGAZ7l7\nFffU2IKNI9HT0N7/YZ6RSVEUOXuFCsgjs5AhT5BUynERPTZs87I6gb9wltUwWRpq\nSHhbBDJ4FMa0jAtIq1hmvSF0EdOvJ9x+qJqr6JLOnMYd7zDMwFRna5yfigPRgx+9\n9dsc1CaTGiRYyg/5484MTWTgA51KC6Kq5IQHSj8CgYBr9rWgqM8hVCKSt1cMguQV\nTPaV97+u3kV2jFd/aVgDtCDIVvp5TPuqfskE1v3MsSjJ8hfHdYvyxZB8h8T4LlTD\n2HdxwCjVh2qirAvkar2b1mfA6R8msmVaIxBu4MqDcIPqR823klF7A8jSD3MGzYcU\nbnnxMdwgWQkmx0/6/90ZCg==\n-----END PRIVATE KEY-----\n';
it('does not allow empty string for cert', function () {
expect(reverseProxy.validateCertificate('', foobarDomain, { cert: '', key: 'key' })).to.be.an(Error);
it('does not allow empty string for cert', async function () {
const [error] = await safe(reverseProxy.validateCertificate('', foobarDomain, { cert: '', key: 'key' }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
});
it('does not allow empty string for key', function () {
expect(reverseProxy.validateCertificate('', foobarDomain, { cert: 'cert', key: '' })).to.be.an(Error);
it('does not allow empty string for key', async function () {
const [error] = await safe(reverseProxy.validateCertificate('', foobarDomain, { cert: 'cert', key: '' }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
});
it('does not allow invalid cert', function () {
expect(reverseProxy.validateCertificate('', foobarDomain, { cert: 'someinvalidcert', key: validKey0 })).to.be.an(Error);
it('does not allow invalid cert', async function () {
const [error] = await safe(reverseProxy.validateCertificate('', foobarDomain, { cert: 'someinvalidcert', key: validKey0 }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
});
it('does not allow invalid key', function () {
expect(reverseProxy.validateCertificate('', foobarDomain, { cert: validCert0, key: 'invalidkey' })).to.be.an(Error);
it('does not allow invalid key', async function () {
const [error] = await safe(reverseProxy.validateCertificate('', foobarDomain, { cert: validCert0, key: 'invalidkey' }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
});
it('does not allow cert without matching domain', function () {
expect(reverseProxy.validateCertificate('', 'cloudron.io', { cert: validCert0, key: validKey0 })).to.be.an(Error);
expect(reverseProxy.validateCertificate('cloudron.io', foobarDomain, { cert: validCert0, key: validKey0 })).to.be.an(Error);
it('does not allow cert without matching domain', async function () {
const [error] = await safe(reverseProxy.validateCertificate('', 'cloudron.io', { cert: validCert0, key: validKey0 }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
const [error2] = await safe(reverseProxy.validateCertificate('cloudron.io', foobarDomain, { cert: validCert0, key: validKey0 }));
expect(error2.reason).to.be(BoxError.BAD_FIELD);
});
it('allows valid cert with matching domain', function () {
expect(reverseProxy.validateCertificate('', foobarDomain, { cert: validCert0, key: validKey0 })).to.be(null);
it('allows valid cert with matching domain', async function () {
await reverseProxy.validateCertificate('', foobarDomain, { cert: validCert0, key: validKey0 });
});
it('allows valid cert with matching domain (wildcard)', function () {
expect(reverseProxy.validateCertificate('abc', foobarDomain, { cert: validCert1, key: validKey1 })).to.be(null);
it('allows valid cert with matching domain (wildcard)', async function () {
await reverseProxy.validateCertificate('abc', foobarDomain, { cert: validCert1, key: validKey1 });
});
it('does now allow cert without matching domain (wildcard)', function () {
expect(reverseProxy.validateCertificate('', foobarDomain, { cert: validCert1, key: validKey1 })).to.be.an(Error);
expect(reverseProxy.validateCertificate('bar.abc', foobarDomain, { cert: validCert1, key: validKey1 })).to.be.an(Error);
it('does now allow cert without matching domain (wildcard)', async function () {
const [error] = await safe(reverseProxy.validateCertificate('', foobarDomain, { cert: validCert1, key: validKey1 }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
const [error2] = await safe(reverseProxy.validateCertificate('bar.abc', foobarDomain, { cert: validCert1, key: validKey1 }));
expect(error2.reason).to.be(BoxError.BAD_FIELD);
});
it('allows valid cert with matching domain (subdomain)', function () {
expect(reverseProxy.validateCertificate('baz', foobarDomain, { cert: validCert2, key: validKey2 })).to.be(null);
it('allows valid cert with matching domain (subdomain)', async function () {
await reverseProxy.validateCertificate('baz', foobarDomain, { cert: validCert2, key: validKey2 });
});
it('does not allow cert without matching domain (subdomain)', function () {
expect(reverseProxy.validateCertificate('baz', foobarDomain, { cert: validCert0, key: validKey0 })).to.be.an(Error);
it('does not allow cert without matching domain (subdomain)', async function () {
const [error] = await safe(reverseProxy.validateCertificate('baz', foobarDomain, { cert: validCert0, key: validKey0 }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
});
it('does not allow invalid cert/key tuple', function () {
it('does not allow invalid cert/key tuple', async function () {
//expect(reverseProxy.validateCertificate('', foobarDomain, { cert: validCert0, key: validKey1 })).to.be.an(Error);
});
it('picks certificate in SAN', function () {
expect(reverseProxy.validateCertificate('', amazingDomain, { cert: validCert3, key: validKey3 })).to.be(null);
expect(reverseProxy.validateCertificate('subdomain', amazingDomain, { cert: validCert3, key: validKey3 })).to.be(null);
it('picks certificate in SAN', async function () {
await reverseProxy.validateCertificate('', amazingDomain, { cert: validCert3, key: validKey3 });
await reverseProxy.validateCertificate('subdomain', amazingDomain, { cert: validCert3, key: validKey3 });
});
it('allows valid cert with matching domain (subdomain) - ecdsa', function () {
expect(reverseProxy.validateCertificate('baz', foobarDomain, { cert: validCert4, key: validKey4 })).to.be(null);
it('allows valid cert with matching domain (subdomain) - ecdsa', async function () {
reverseProxy.validateCertificate('baz', foobarDomain, { cert: validCert4, key: validKey4 });
});
});
@@ -123,9 +136,9 @@ describe('Reverse Proxy', function () {
expect(result).to.be.ok();
});
it('can validate the certs', function () {
expect(reverseProxy.validateCertificate('foo', domain, result)).to.be(null);
expect(reverseProxy.validateCertificate('', domain, result)).to.be(null);
it('can validate the certs', async function () {
await reverseProxy.validateCertificate('foo', domain, result);
await reverseProxy.validateCertificate('', domain, result);
});
});