balena-supervisor/test/integration/device-api/middleware.spec.ts

import * as express from 'express';
import * as request from 'supertest';

import * as config from '~/src/config';
import * as testDb from '~/src/db';
import * as deviceApi from '~/src/device-api';
import * as middleware from '~/src/device-api/middleware';

describe('device-api/middleware', () => {
	let app: express.Application;

	before(async () => {
		await config.initialized();
	});

	describe('auth', () => {
		const INVALID_KEY = 'bad_api_secret';

		before(() => {
			app = express();
			app.use(middleware.auth);
			app.get('/', (_req, res) => res.sendStatus(200));
		});

		afterEach(async () => {
			// Delete all API keys between calls to prevent leaking tests
			await testDb.models('apiSecret').del();
			// Reset local mode to default
			await config.set({ localMode: false });
		});

		it('responds with 401 if no API key', async () => {
			await request(app).get('/').expect(401);
		});

		it('validates API key from request query', async () => {
			await request(app)
				.get(`/?apikey=${await deviceApi.getGlobalApiKey()}`)
				.expect(200);

			await request(app).get(`/?apikey=${INVALID_KEY}`).expect(401);

			// Should not accept case insensitive scheme
			const cases = ['ApiKey', 'apiKey', 'APIKEY', 'ApIKeY'];
			for (const query of cases) {
				await request(app)
					.get(`/?${query}=${await deviceApi.getGlobalApiKey()}`)
					.expect(401);
			}
		});

		it('validates API key from Authorization header with ApiKey scheme', async () => {
			// Should accept case insensitive scheme
			const cases = ['ApiKey', 'apikey', 'APIKEY', 'ApIKeY'];
			for (const scheme of cases) {
				await request(app)
					.get('/')
					.set(
						'Authorization',
						`${scheme} ${await deviceApi.getGlobalApiKey()}`,
					)
					.expect(200);

				await request(app)
					.get('/')
					.set('Authorization', `${scheme} ${INVALID_KEY}`)
					.expect(401);
			}
		});

		it('finds API key from Authorization header with Bearer scheme', async () => {
			// Should accept case insensitive scheme
			const cases: string[] = ['Bearer', 'bearer', 'BEARER', 'BeAReR'];
			for (const scheme of cases) {
				await request(app)
					.get('/')
					.set(
						'Authorization',
						`${scheme} ${await deviceApi.getGlobalApiKey()}`,
					)
					.expect(200);

				await request(app)
					.get('/')
					.set('Authorization', `${scheme} ${INVALID_KEY}`)
					.expect(401);
			}
		});

		it("doesn't validate auth in local mode", async () => {
			const testRequest = async (code: number) =>
				await request(app)
					.get('/')
					.set('Authorization', `Bearer ${INVALID_KEY}`)
					.expect(code);

			await testRequest(401);
			await config.set({ localMode: true });
			await testRequest(200);
		});
	});
});
Migrate API tests to unit/integration This excludes route tests or refactoring. Also, created tests for API middleware. Change-type: patch Signed-off-by: Christina Ying Wang <christina@balena.io> 2022-10-25 02:03:48 +00:00			`import * as express from 'express';`
			`import * as request from 'supertest';`

			`import * as config from '~/src/config';`
			`import * as testDb from '~/src/db';`
			`import * as deviceApi from '~/src/device-api';`
			`import * as middleware from '~/src/device-api/middleware';`

			`describe('device-api/middleware', () => {`
			`let app: express.Application;`

			`before(async () => {`
			`await config.initialized();`
			`});`

			`describe('auth', () => {`
			`const INVALID_KEY = 'bad_api_secret';`

			`before(() => {`
			`app = express();`
			`app.use(middleware.auth);`
			`app.get('/', (_req, res) => res.sendStatus(200));`
			`});`

			`afterEach(async () => {`
			`// Delete all API keys between calls to prevent leaking tests`
			`await testDb.models('apiSecret').del();`
			`// Reset local mode to default`
			`await config.set({ localMode: false });`
			`});`

			`it('responds with 401 if no API key', async () => {`
			`await request(app).get('/').expect(401);`
			`});`

			`it('validates API key from request query', async () => {`
			`await request(app)`
			.get(`/?apikey=${await deviceApi.getGlobalApiKey()}`)
			`.expect(200);`

			await request(app).get(`/?apikey=${INVALID_KEY}`).expect(401);

			`// Should not accept case insensitive scheme`
			`const cases = ['ApiKey', 'apiKey', 'APIKEY', 'ApIKeY'];`
			`for (const query of cases) {`
			`await request(app)`
			.get(`/?${query}=${await deviceApi.getGlobalApiKey()}`)
			`.expect(401);`
			`}`
			`});`

			`it('validates API key from Authorization header with ApiKey scheme', async () => {`
			`// Should accept case insensitive scheme`
			`const cases = ['ApiKey', 'apikey', 'APIKEY', 'ApIKeY'];`
			`for (const scheme of cases) {`
			`await request(app)`
			`.get('/')`
			`.set(`
			`'Authorization',`
			`${scheme} ${await deviceApi.getGlobalApiKey()}`,
			`)`
			`.expect(200);`

			`await request(app)`
			`.get('/')`
			.set('Authorization', `${scheme} ${INVALID_KEY}`)
			`.expect(401);`
			`}`
			`});`

			`it('finds API key from Authorization header with Bearer scheme', async () => {`
			`// Should accept case insensitive scheme`
			`const cases: string[] = ['Bearer', 'bearer', 'BEARER', 'BeAReR'];`
			`for (const scheme of cases) {`
			`await request(app)`
			`.get('/')`
			`.set(`
			`'Authorization',`
			`${scheme} ${await deviceApi.getGlobalApiKey()}`,
			`)`
			`.expect(200);`

			`await request(app)`
			`.get('/')`
			.set('Authorization', `${scheme} ${INVALID_KEY}`)
			`.expect(401);`
			`}`
			`});`

			`it("doesn't validate auth in local mode", async () => {`
			`const testRequest = async (code: number) =>`
			`await request(app)`
			`.get('/')`
			.set('Authorization', `Bearer ${INVALID_KEY}`)
			`.expect(code);`

			`await testRequest(401);`
			`await config.set({ localMode: true });`
			`await testRequest(200);`
			`});`
			`});`
			`});`