diff --git a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index-test.ts b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index-test.ts new file mode 100644 index 0000000000..c9f874671e --- /dev/null +++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index-test.ts @@ -0,0 +1,10 @@ +// Imports +import {GithubPullRequests} from '../common/github-pull-requests'; +import {BuildVerifier} from './build-verifier'; + +// Run +// TODO(gkalpak): Add e2e tests to cover these interactions as well. +GithubPullRequests.prototype.addComment = () => Promise.resolve(); +BuildVerifier.prototype.verify = () => Promise.resolve(); +// tslint:disable-next-line: no-var-requires +require('./index'); diff --git a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts index bc1b66df40..8a05706914 100644 --- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts +++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts @@ -166,7 +166,7 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`nginx (on ${scheme.toUpp it('should pass requests through to the upload server', done => { h.runCmd(`curl -iLX POST ${scheme}://${host}/create-build/${pr}/${sha9}`). - then(h.verifyResponse(400, /Missing or empty 'X-FILE' header/)). + then(h.verifyResponse(401, /Missing or empty 'AUTHORIZATION' header/)). then(done); }); @@ -196,11 +196,11 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`nginx (on ${scheme.toUpp it('should accept SHAs with leading zeros (but not ignore them)', done => { const cmdPrefix = `curl -iLX POST ${scheme}://${host}/create-build/${pr}`; - const bodyRegex = /Missing or empty 'X-FILE' header/; + const bodyRegex = /Missing or empty 'AUTHORIZATION' header/; Promise.all([ h.runCmd(`${cmdPrefix}/0${sha9}`).then(h.verifyResponse(404)), - h.runCmd(`${cmdPrefix}/${sha0}`).then(h.verifyResponse(400, bodyRegex)), + h.runCmd(`${cmdPrefix}/${sha0}`).then(h.verifyResponse(401, bodyRegex)), ]).then(done); }); diff --git a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts index e368a4c752..93ad1fcb88 100644 --- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts +++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts @@ -13,8 +13,10 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`integration (on ${scheme const getFile = (pr: string, sha: string, file: string) => h.runCmd(`curl -iL ${scheme}://pr${pr}-${sha}.${host}/${file}`); - const uploadBuild = (pr: string, sha: string, archive: string) => - h.runCmd(`curl -iLX POST --data-binary "@${archive}" ${scheme}://${host}/create-build/${pr}/${sha}`); + const uploadBuild = (pr: string, sha: string, archive: string) => { + const curlPost = 'curl -iLX POST --header "Authorization: Token FOO"'; + return h.runCmd(`${curlPost} --data-binary "@${archive}" ${scheme}://${host}/create-build/${pr}/${sha}`); + }; beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 10000); afterEach(() => { diff --git a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts index 244e9670ca..627d4dd766 100644 --- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts +++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts @@ -17,7 +17,9 @@ describe('upload-server (on HTTP)', () => { describe(`${host}/create-build//`, () => { - const curl = `curl -iL --header "X-FILE: ${h.buildsDir}/snapshot.tar.gz"`; + const authorizationHeader = `--header "Authorization: Token FOO"`; + const xFileHeader = `--header "X-File: ${h.buildsDir}/snapshot.tar.gz"`; + const curl = `curl -iL ${authorizationHeader} ${xFileHeader}`; it('should disallow non-GET requests', done => { @@ -33,14 +35,28 @@ describe('upload-server (on HTTP)', () => { }); + it('should reject requests without an \'AUTHORIZATION\' header', done => { + const headers1 = ''; + const headers2 = '--header "AUTHORIXATION: "'; + const url = `http://${host}/create-build/${pr}/${sha9}`; + const bodyRegex = /^Missing or empty 'AUTHORIZATION' header/; + + Promise.all([ + h.runCmd(`curl -iL ${headers1} ${url}`).then(h.verifyResponse(401, bodyRegex)), + h.runCmd(`curl -iL ${headers2} ${url}`).then(h.verifyResponse(401, bodyRegex)), + ]).then(done); + }); + + it('should reject requests without an \'X-FILE\' header', done => { - const headers = '--header "X-FILE: "'; + const headers1 = authorizationHeader; + const headers2 = `${authorizationHeader} --header "X-FILE: "`; const url = `http://${host}/create-build/${pr}/${sha9}`; const bodyRegex = /^Missing or empty 'X-FILE' header/; Promise.all([ - h.runCmd(`curl -iL ${url}`).then(h.verifyResponse(400, bodyRegex)), - h.runCmd(`curl -iL ${headers} ${url}`).then(h.verifyResponse(400, bodyRegex)), + h.runCmd(`curl -iL ${headers1} ${url}`).then(h.verifyResponse(400, bodyRegex)), + h.runCmd(`curl -iL ${headers2} ${url}`).then(h.verifyResponse(400, bodyRegex)), ]).then(done); }); diff --git a/aio/aio-builds-setup/dockerbuild/scripts-sh/upload-server-test.sh b/aio/aio-builds-setup/dockerbuild/scripts-sh/upload-server-test.sh index b9a0303df7..33cd3975ac 100644 --- a/aio/aio-builds-setup/dockerbuild/scripts-sh/upload-server-test.sh +++ b/aio/aio-builds-setup/dockerbuild/scripts-sh/upload-server-test.sh @@ -11,8 +11,8 @@ export AIO_REPO_SLUG=$TEST_AIO_REPO_SLUG export AIO_UPLOAD_HOSTNAME=$TEST_AIO_UPLOAD_HOSTNAME export AIO_UPLOAD_PORT=$TEST_AIO_UPLOAD_PORT -export AIO_GITHUB_TOKEN=$(head -c -1 /aio-secrets/TEST_GITHUB_TOKEN 2>/dev/null) -export AIO_PREVIEW_DEPLOYMENT_TOKEN=$(head -c -1 /aio-secrets/TEST_PREVIEW_DEPLOYMENT_TOKEN 2>/dev/null) +export AIO_GITHUB_TOKEN=$(head -c -1 /aio-secrets/TEST_GITHUB_TOKEN 2>/dev/null || echo "TEST_GITHUB_TOKEN") +export AIO_PREVIEW_DEPLOYMENT_TOKEN=$(head -c -1 /aio-secrets/TEST_PREVIEW_DEPLOYMENT_TOKEN 2>/dev/null || echo "TEST_PREVIEW_DEPLOYMENT_TOKEN") # Start the upload-server instance # TODO(gkalpak): Ideally, the upload server should be run as a non-privileged user. @@ -21,7 +21,7 @@ appName=aio-upload-server-test if [[ "$1" == "stop" ]]; then pm2 delete $appName else - pm2 start $AIO_SCRIPTS_JS_DIR/dist/lib/upload-server \ + pm2 start $AIO_SCRIPTS_JS_DIR/dist/lib/upload-server/index-test.js \ --log /var/log/aio/upload-server-test.log \ --name $appName \ --no-autorestart \