209 lines
7.4 KiB
TypeScript
209 lines
7.4 KiB
TypeScript
import fs from 'node:fs/promises';
|
|
import os from 'node:os';
|
|
import path from 'node:path';
|
|
import request from 'supertest';
|
|
import { afterEach, describe, expect, it } from 'vitest';
|
|
import type { UpdateSystemInput } from '../src/shared/contracts';
|
|
import { createApp } from './app';
|
|
import { AuthService } from './lib/auth';
|
|
import type { RuntimeSnapshot } from './lib/config';
|
|
import type { RuntimeController } from './lib/runtime';
|
|
import { StateStore } from './lib/store';
|
|
|
|
class FakeRuntime implements RuntimeController {
|
|
private status: RuntimeSnapshot = {
|
|
status: 'idle' as const,
|
|
pid: null,
|
|
startedAt: null,
|
|
lastError: null,
|
|
};
|
|
|
|
getSnapshot() {
|
|
return { ...this.status };
|
|
}
|
|
|
|
async start() {
|
|
this.status = {
|
|
status: 'live',
|
|
pid: 999,
|
|
startedAt: new Date('2026-04-01T00:00:00.000Z').toISOString(),
|
|
lastError: null,
|
|
};
|
|
return this.getSnapshot();
|
|
}
|
|
|
|
async restart() {
|
|
return this.start();
|
|
}
|
|
|
|
async reload() {
|
|
return this.getSnapshot();
|
|
}
|
|
}
|
|
|
|
const cleanupDirs: string[] = [];
|
|
|
|
afterEach(async () => {
|
|
await Promise.all(cleanupDirs.splice(0).map((dir) => fs.rm(dir, { recursive: true, force: true })));
|
|
});
|
|
|
|
describe('panel api', () => {
|
|
it('rejects protected api access without a bearer token', async () => {
|
|
const app = await createTestApp();
|
|
const response = await request(app).get('/api/state');
|
|
|
|
expect(response.status).toBe(401);
|
|
expect(response.body.error).toMatch(/authorization required/i);
|
|
});
|
|
|
|
it('logs in and returns an expiring panel token', async () => {
|
|
const app = await createTestApp();
|
|
const response = await request(app).post('/api/auth/login').send({
|
|
login: 'admin',
|
|
password: 'proxy-ui-demo',
|
|
});
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(response.body.token).toMatch(/\./);
|
|
expect(response.body.ttlMs).toBe(24 * 60 * 60 * 1000);
|
|
expect(typeof response.body.expiresAt).toBe('string');
|
|
});
|
|
|
|
it('rejects user creation against a non-assignable service', async () => {
|
|
const app = await createTestApp();
|
|
const token = await authorize(app);
|
|
const response = await request(app).post('/api/users').set('Authorization', `Bearer ${token}`).send({
|
|
username: 'bad-admin-user',
|
|
password: 'secret123',
|
|
serviceId: 'admin',
|
|
quotaMb: 100,
|
|
});
|
|
|
|
expect(response.status).toBe(400);
|
|
expect(response.body.error).toMatch(/enabled assignable/i);
|
|
});
|
|
|
|
it('pauses and deletes a user through the api', async () => {
|
|
const app = await createTestApp();
|
|
const token = await authorize(app);
|
|
const initial = await request(app).get('/api/state').set('Authorization', `Bearer ${token}`);
|
|
const userId = initial.body.userRecords[0].id;
|
|
const username = initial.body.userRecords[0].username;
|
|
|
|
const paused = await request(app).post(`/api/users/${userId}/pause`).set('Authorization', `Bearer ${token}`);
|
|
expect(paused.status).toBe(200);
|
|
expect(paused.body.userRecords.find((entry: { id: string }) => entry.id === userId).paused).toBe(true);
|
|
|
|
const removed = await request(app).delete(`/api/users/${userId}`).set('Authorization', `Bearer ${token}`);
|
|
expect(removed.status).toBe(200);
|
|
expect(removed.body.userRecords.some((entry: { username: string }) => entry.username === username)).toBe(
|
|
false,
|
|
);
|
|
});
|
|
|
|
it('rejects system updates when two services reuse the same port', async () => {
|
|
const app = await createTestApp();
|
|
const token = await authorize(app);
|
|
const initial = await request(app).get('/api/state').set('Authorization', `Bearer ${token}`);
|
|
const system = createSystemPayload(initial.body);
|
|
|
|
system.services[1].port = system.services[0].port;
|
|
|
|
const response = await request(app).put('/api/system').set('Authorization', `Bearer ${token}`).send(system);
|
|
|
|
expect(response.status).toBe(400);
|
|
expect(response.body.error).toMatch(/cannot share port/i);
|
|
});
|
|
|
|
it('rejects system updates that strand existing users on a disabled service', async () => {
|
|
const app = await createTestApp();
|
|
const token = await authorize(app);
|
|
const initial = await request(app).get('/api/state').set('Authorization', `Bearer ${token}`);
|
|
const system = createSystemPayload(initial.body);
|
|
|
|
system.services = system.services.map((service) =>
|
|
service.id === 'socks-main' ? { ...service, enabled: false } : service,
|
|
);
|
|
|
|
const response = await request(app).put('/api/system').set('Authorization', `Bearer ${token}`).send(system);
|
|
|
|
expect(response.status).toBe(400);
|
|
expect(response.body.error).toMatch(/enabled assignable service/i);
|
|
expect(response.body.error).toMatch(/night-shift/i);
|
|
});
|
|
|
|
it('updates system settings and regenerates the rendered config', async () => {
|
|
const app = await createTestApp();
|
|
const token = await authorize(app);
|
|
const initial = await request(app).get('/api/state').set('Authorization', `Bearer ${token}`);
|
|
const system = createSystemPayload(initial.body);
|
|
|
|
system.publicHost = 'ops-gateway.example.net';
|
|
system.services = system.services.map((service) =>
|
|
service.id === 'socks-main' ? { ...service, port: 1180 } : service,
|
|
);
|
|
|
|
const response = await request(app).put('/api/system').set('Authorization', `Bearer ${token}`).send(system);
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(response.body.system.publicHost).toBe('ops-gateway.example.net');
|
|
expect(response.body.system.services.find((service: { id: string }) => service.id === 'socks-main').port).toBe(
|
|
1180,
|
|
);
|
|
expect(response.body.system.previewConfig).toContain('socks -p1180 -u2');
|
|
expect(response.body.service.lastEvent).toBe('System configuration updated from panel');
|
|
});
|
|
|
|
it('removes linked users when a service is deleted from settings', async () => {
|
|
const app = await createTestApp();
|
|
const token = await authorize(app);
|
|
const initial = await request(app).get('/api/state').set('Authorization', `Bearer ${token}`);
|
|
const system = createSystemPayload(initial.body);
|
|
|
|
system.services = system.services.filter((service) => service.id !== 'socks-main');
|
|
|
|
const response = await request(app).put('/api/system').set('Authorization', `Bearer ${token}`).send(system);
|
|
|
|
expect(response.status).toBe(200);
|
|
expect(response.body.userRecords.some((user: { username: string }) => user.username === 'night-shift')).toBe(
|
|
false,
|
|
);
|
|
expect(response.body.userRecords.some((user: { username: string }) => user.username === 'ops-east')).toBe(false);
|
|
expect(response.body.service.lastEvent).toMatch(/removed 2 linked users/i);
|
|
});
|
|
});
|
|
|
|
async function createTestApp() {
|
|
const dir = await fs.mkdtemp(path.join(os.tmpdir(), '3proxy-ui-'));
|
|
cleanupDirs.push(dir);
|
|
|
|
const runtime = new FakeRuntime();
|
|
const store = new StateStore(path.join(dir, 'state', 'panel-state.json'));
|
|
const auth = new AuthService({
|
|
login: 'admin',
|
|
password: 'proxy-ui-demo',
|
|
ttlMs: 24 * 60 * 60 * 1000,
|
|
});
|
|
|
|
return createApp({
|
|
store,
|
|
runtime,
|
|
runtimeRootDir: dir,
|
|
auth,
|
|
});
|
|
}
|
|
|
|
function createSystemPayload(body: { system: Record<string, unknown> }): UpdateSystemInput {
|
|
const { previewConfig: _previewConfig, ...system } = body.system;
|
|
return structuredClone(system) as unknown as UpdateSystemInput;
|
|
}
|
|
|
|
async function authorize(app: Awaited<ReturnType<typeof createTestApp>>) {
|
|
const response = await request(app).post('/api/auth/login').send({
|
|
login: 'admin',
|
|
password: 'proxy-ui-demo',
|
|
});
|
|
|
|
return response.body.token as string;
|
|
}
|