misc: add tests

Author: embbnux

README.md

@@ -133,7 +133,3 @@ With that, requests with path prefix `/api_v1` will be streamed to client 1, req
 ## Related
 
 A introduce article: [Building a HTTP Tunnel with WebSocket and Node.JS](https://medium.com/@embbnux/building-a-http-tunnel-with-websocket-and-node-js-98068b0225d3?source=friends_link&sk=985d90ec9f512928b34ed38b7ddcb378)
-
-## TODO
-
-- [ ] Add tests

jest.config.js

@@ -0,0 +1,9 @@
+/** @type {import('jest').Config} */
+module.exports = {
+  testEnvironment: 'node',
+  testMatch: ['**/tests/**/*.test.js'],
+  verbose: true,
+  testTimeout: 15000,
+  maxWorkers: 1,
+  globalTeardown: '<rootDir>/tests/globalTeardown.js',
+};

package-lock.json

@@ -11,7 +11,8 @@
   },
   "license": "GPL-3.0",
   "scripts": {
-    "start": "node server.js"
+    "start": "node server.js",
+    "test": "jest"
   },
   "dependencies": {
     "dotenv": "^16.0.0",
@@ -20,5 +21,11 @@
     "morgan": "^1.10.1",
     "socket.io": "^4.8.1",
     "uuid": "^8.3.2"
+  },
+  "devDependencies": {
+    "jest": "^29.7.0",
+    "supertest": "^6.3.3",
+    "socket.io-client": "^4.8.1",
+    "ws": "^8.18.0"
   }
 }

package.json

@@ -8,6 +8,8 @@ const jwt = require('jsonwebtoken');
 require('dotenv').config();
 
 const { TunnelRequest, TunnelResponse } = require('./lib');
+const { getTunnelSocket, setTunnelSocket, removeTunnelSocket, getAvailableTunnelSocket } = require('./utils/tunnels');
+const { getReqHeaders } = require('./utils/headers');
 
 const app = express();
 const httpServer = http.createServer(app);
@@ -16,52 +18,6 @@ const io = new Server(httpServer, {
   path: webTunnelPath,
 });
 
-let tunnelSockets = [];
-
-function getTunnelSocket(host, pathPrefix) {
-  return tunnelSockets.find((s) =>
-    s.host === host && s.pathPrefix === pathPrefix
-  );
-}
-
-function setTunnelSocket(host, pathPrefix, socket) {
-  tunnelSockets.push({
-    host,
-    pathPrefix,
-    socket,
-  });
-}
-
-function removeTunnelSocket(host, pathPrefix) {
-  tunnelSockets = tunnelSockets.filter((s) => 
-    !(s.host === host && s.pathPrefix === pathPrefix)
-  );
-  console.log('tunnelSockets: ', tunnelSockets);
-}
-
-function getAvailableTunnelSocket(host, url) {
-  const tunnels = tunnelSockets.filter((s) => {
-    if (s.host !== host) {
-      return false;
-    }
-    if (!s.pathPrefix) {
-      return true;
-    }
-    return url.indexOf(s.pathPrefix) === 0;
-  }).sort((a, b) => {
-    if (!a.pathPrefix) {
-      return 1;
-    }
-    if (!b.pathPrefix) {
-      return -1;
-    }
-    return b.pathPrefix.length - a.pathPrefix.length;
-  });
-  if (tunnels.length === 0) {
-    return null;
-  }
-  return tunnels[0].socket;
-}
 
 io.use((socket, next) => {
   const connectHost = socket.handshake.headers.host;
@@ -122,23 +78,7 @@ app.get('/tunnel_jwt_generator', (req, res) => {
   res.send('Forbidden');
 });
 
-function getReqHeaders(req) {
-  const encrypted = !!(req.isSpdy || req.connection.encrypted || req.connection.pair);
-  const headers = { ...req.headers };
-  const url = new URL(`${encrypted ? 'https' : 'http'}://${req.headers.host}`);
-  const forwardValues = {
-    for: req.connection.remoteAddress || req.socket.remoteAddress,
-    port: url.port || (encrypted ? 443 : 80),
-    proto: encrypted ? 'https' : 'http',
-  };
-  ['for', 'port', 'proto'].forEach((key) => {
-    const previousValue = req.headers[`x-forwarded-${key}`] || '';
-    headers[`x-forwarded-${key}`] =
-      `${previousValue || ''}${previousValue ? ',' : ''}${forwardValues[key]}`;
-  });
-  headers['x-forwarded-host'] = req.headers['x-forwarded-host'] || req.headers.host || '';
-  return headers;
-}
+// helpers moved to utils
 
 app.use('/', (req, res) => {
   const tunnelSocket = getAvailableTunnelSocket(req.headers.host, req.url);
@@ -283,5 +223,20 @@ httpServer.on('upgrade', (req, socket, head) => {
   tunnelResponse.once('response', onResponse);
 });
 
-httpServer.listen(process.env.PORT || 3000);
-console.log(`app start at http://localhost:${process.env.PORT || 3000}`);
+const PORT = process.env.PORT || 3000;
+if (require.main === module) {
+  httpServer.listen(PORT);
+  console.log(`app start at http://localhost:${PORT}`);
+}
+
+// Export helpers for testing and embedding
+module.exports = {
+  app,
+  httpServer,
+  io,
+  getAvailableTunnelSocket,
+  // Internal utilities exposed for tests
+  setTunnelSocket,
+  removeTunnelSocket,
+  getReqHeaders,
+};

server.js

@@ -0,0 +1,62 @@
+const { io } = require('socket.io-client');
+const jwt = require('jsonwebtoken');
+const { httpServer } = require('../server');
+
+function ensureProxyListening() {
+  return new Promise((resolve) => {
+    if (httpServer.listening) return resolve(httpServer.address().port);
+    httpServer.listen(0, () => resolve(httpServer.address().port));
+  });
+}
+
+describe('Auth: invalid JWT is rejected', () => {
+  let proxyPort;
+
+  beforeAll(async () => {
+    process.env.SECRET_KEY = 'SECRET';
+    process.env.VERIFY_TOKEN = 'VERIFY';
+    proxyPort = await ensureProxyListening();
+  });
+
+  afterAll(async () => {
+    if (httpServer.listening) {
+      await new Promise((r) => httpServer.close(() => r()));
+    }
+  });
+
+  test('token signed with correct secret but wrong payload is rejected', async () => {
+    const socket = io(`http://localhost:${proxyPort}`, {
+      path: '/$web_tunnel',
+      transports: ['websocket'],
+      reconnection: false,
+      auth: { token: jwt.sign({ token: 'WRONG' }, 'SECRET') },
+      autoConnect: false,
+    });
+    const err = await new Promise((resolve) => {
+      socket.on('connect', () => resolve(new Error('should not connect')));
+      socket.on('connect_error', (e) => resolve(e));
+      socket.connect();
+    });
+    socket.close();
+    expect(err).toBeTruthy();
+    expect(err.message).toMatch(/Authentication error/i);
+  });
+
+  test('token signed with wrong secret is rejected', async () => {
+    const socket = io(`http://localhost:${proxyPort}`, {
+      path: '/$web_tunnel',
+      transports: ['websocket'],
+      reconnection: false,
+      auth: { token: jwt.sign({ token: 'VERIFY' }, 'BADSECRET') },
+      autoConnect: false,
+    });
+    const err = await new Promise((resolve) => {
+      socket.on('connect', () => resolve(new Error('should not connect')));
+      socket.on('connect_error', (e) => resolve(e));
+      socket.connect();
+    });
+    socket.close();
+    expect(err).toBeTruthy();
+    expect(err.message).toMatch(/Authentication error/i);
+  });
+});

tests/auth.invalidJwt.test.js

@@ -0,0 +1,5 @@
+module.exports = async () => {
+  // Jest sometimes leaves open timers from socket.io keep-alives.
+  // Force process exit after small delay allowing disconnect handlers to run.
+  await new Promise((r) => setTimeout(r, 200));
+};

tests/globalTeardown.js

@@ -0,0 +1,29 @@
+const { getReqHeaders } = require('../utils/headers');
+
+function makeReq({ host = 'example.com', encrypted = false, remoteAddress = '1.2.3.4', xff } = {}) {
+  return {
+    isSpdy: false,
+    connection: { encrypted, pair: undefined, remoteAddress },
+    socket: { remoteAddress },
+    headers: Object.assign({ host }, xff ? { 'x-forwarded-for': xff } : {}),
+  };
+}
+
+describe('getReqHeaders', () => {
+  test('adds x-forwarded-* when none exist over http', () => {
+    const req = makeReq();
+    const headers = getReqHeaders(req);
+    expect(headers['x-forwarded-for']).toBe('1.2.3.4');
+    expect(headers['x-forwarded-port']).toBe('80');
+    expect(headers['x-forwarded-proto']).toBe('http');
+    expect(headers['x-forwarded-host']).toBe('example.com');
+  });
+
+  test('appends to existing x-forwarded-for and sets https/443 when encrypted', () => {
+    const req = makeReq({ encrypted: true, xff: '2.2.2.2' });
+    const headers = getReqHeaders(req);
+    expect(headers['x-forwarded-for']).toBe('2.2.2.2,1.2.3.4');
+    expect(headers['x-forwarded-port']).toBe('443');
+    expect(headers['x-forwarded-proto']).toBe('https');
+  });
+});

tests/headers.test.js

@@ -0,0 +1,116 @@
+const http = require('http');
+const { io } = require('socket.io-client');
+const jwt = require('jsonwebtoken');
+
+// Import server pieces
+const { httpServer } = require('../server');
+// Use the client-side tunnel classes for the simulated client
+const { TunnelRequest, TunnelResponse } = require('../../proxy-client/lib');
+
+// Helper to create a local target HTTP server
+function createLocalTarget(handler) {
+  return new Promise((resolve) => {
+    const server = http.createServer(handler);
+    server.listen(0, () => {
+      const { port } = server.address();
+      resolve({ server, port });
+    });
+  });
+}
+
+// Start the proxy server on ephemeral port
+function ensureProxyListening() {
+  return new Promise((resolve) => {
+    if (httpServer.listening) {
+      return resolve(httpServer.address().port);
+    }
+    httpServer.listen(0, () => {
+      resolve(httpServer.address().port);
+    });
+  });
+}
+
+describe('Integration: HTTP tunnel flow', () => {
+  let localTarget;
+  let proxyPort;
+  let clientSocket;
+
+  beforeAll(async () => {
+    // Create a simple echo JSON endpoint
+    localTarget = await createLocalTarget((req, res) => {
+      if (req.url === '/ping' && req.method === 'GET') {
+        res.writeHead(200, { 'content-type': 'application/json' });
+        res.end(JSON.stringify({ ok: true }));
+        return;
+      }
+      res.writeHead(404);
+      res.end('NF');
+    });
+    proxyPort = await ensureProxyListening();
+
+    // Set auth envs expected by the server for Socket.IO auth middleware
+    process.env.SECRET_KEY = 'SECRET';
+    process.env.VERIFY_TOKEN = 'VERIFY';
+
+    // Fake client socket to receive tunneled requests (simulate real tunnel client logic minimal subset)
+    clientSocket = io(`http://localhost:${proxyPort}`, {
+      path: '/$web_tunnel',
+      transports: ['websocket'],
+      auth: { token: jwt.sign({ token: 'VERIFY' }, 'SECRET') },
+      autoConnect: false,
+    });
+    await new Promise((resolve, reject) => {
+      clientSocket.on('connect_error', reject);
+      clientSocket.on('connect', resolve);
+      clientSocket.connect();
+    });
+  });
+
+  afterAll(async () => {
+    if (clientSocket && clientSocket.connected) clientSocket.disconnect();
+    await new Promise((r) => httpServer.close(() => r()));
+    await new Promise((r) => localTarget.server.close(() => r()));
+  });
+
+  test('GET /ping proxied successfully', async () => {
+    // Implement minimal client-side handling of tunnel events
+    clientSocket.on('request', (requestId, request) => {
+      // rewrite target
+      request.port = localTarget.port;
+      request.hostname = 'localhost';
+      const localReq = http.request(request, (localRes) => {
+        const tunnelResponse = new TunnelResponse({ socket: clientSocket, responseId: requestId });
+        tunnelResponse.writeHead(localRes.statusCode, localRes.statusMessage, localRes.headers, localRes.httpVersion);
+        localRes.pipe(tunnelResponse);
+      });
+      const tunnelRequest = new TunnelRequest({ socket: clientSocket, requestId });
+      tunnelRequest.pipe(localReq);
+    });
+
+    const body = await new Promise((resolve, reject) => {
+      const req = http.request({
+        host: 'localhost',
+        port: proxyPort,
+        path: '/ping',
+        method: 'GET',
+        headers: { Host: `localhost:${proxyPort}` },
+      }, (res) => {
+        let data = '';
+        res.setEncoding('utf8');
+        res.on('data', (chunk) => (data += chunk));
+        res.on('end', () => {
+          try {
+            resolve({ status: res.statusCode, json: JSON.parse(data) });
+          } catch (e) {
+            reject(e);
+          }
+        });
+      });
+      req.on('error', reject);
+      req.end();
+    });
+
+    expect(body.status).toBe(200);
+    expect(body.json).toEqual({ ok: true });
+  });
+});