oasis/test/basic.js

// HACK: Prevent Oasis from opening the web browser.
process.argv.push("--no-open", "--offline");

const app = require("../src");
const supertest = require("supertest");
const tap = require("tap");

// TODO: Generate programmatically?
const paths = [
  "/inbox",
  "/mentions",
  "/profile",
  "/profile?gt=0",
  "/profile?lt=100",
  "/profile/edit",
  "/public/latest",
  "/public/latest/extended",
  // "/public/latest/summaries",
  "/public/latest/threads",
  "/public/latest/topics",
  "/public/popular/day",
  "/public/popular/week",
  "/publish",
  "/publish/custom",
  "/search",
  "/search?query=foo",
  "/settings",
  "/settings/readme",
];

tap.setTimeout(0);

tap.test("DNS rebind attack fails", (t) => {
  t.plan(1);
  supertest(app)
    .get("/inbox")
    .set("Host", "example.com")
    .expect(400)
    .end(t.error);
});

tap.test("CSRF attack should fail with no referer", (t) => {
  t.plan(1);
  supertest(app).post("/conn/settings/stop").expect(400).end(t.error);
});

tap.test("CSRF attack should fail with wrong referer", (t) => {
  t.plan(1);
  supertest(app)
    .post("/conn/settings/stop")
    .set("Host", "example.com")
    .expect(400)
    .end(t.error);
});

paths.forEach((path) => {
  tap.test(path, (t) => {
    t.plan(1);
    supertest(app)
      .get(path)
      .set("Host", "localhost")
      .expect(200)
      .end((err) => {
        console.log(path);
        t.error(err);
      });
  });
});

// HACK: This closes the database.
tap.teardown(() => {
  app.close();
  app._close();
});
Add very basic test suite Problem: ESLint and TypeScript help catch some types of regressions, but they don't protect us against obvious stuff like "the server won't start". This means that humans need to test a bunch of stuff manually, and that can be really tedious and exhausting. Solution: Yesterday someone invented this cool concept called "testing" where you write automated tests for your software to ensure it actually works the way you expect. It might have beeen invented before yesterday, I don't know. Anyway, this solution adds a bunch of tests that send HTTP GET requests to a bunch of endpoints to make sure the server is at least returning HTTP 200 responses. It also fixes a race condition where HTTP server was available before the readme / version strings were loaded. 2020-04-03 16:07:39 +00:00			`// HACK: Prevent Oasis from opening the web browser.`
Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`process.argv.push("--no-open", "--offline");`
Add very basic test suite Problem: ESLint and TypeScript help catch some types of regressions, but they don't protect us against obvious stuff like "the server won't start". This means that humans need to test a bunch of stuff manually, and that can be really tedious and exhausting. Solution: Yesterday someone invented this cool concept called "testing" where you write automated tests for your software to ensure it actually works the way you expect. It might have beeen invented before yesterday, I don't know. Anyway, this solution adds a bunch of tests that send HTTP GET requests to a bunch of endpoints to make sure the server is at least returning HTTP 200 responses. It also fixes a race condition where HTTP server was available before the readme / version strings were loaded. 2020-04-03 16:07:39 +00:00
			`const app = require("../src");`
			`const supertest = require("supertest");`
			`const tap = require("tap");`

			`// TODO: Generate programmatically?`
			`const paths = [`
			`"/inbox",`
			`"/mentions",`
			`"/profile",`
make the linters happy. this time they had a lot of opinions. :P 2020-05-23 18:48:43 +00:00			`"/profile?gt=0",`
			`"/profile?lt=100",`
Add very basic test suite Problem: ESLint and TypeScript help catch some types of regressions, but they don't protect us against obvious stuff like "the server won't start". This means that humans need to test a bunch of stuff manually, and that can be really tedious and exhausting. Solution: Yesterday someone invented this cool concept called "testing" where you write automated tests for your software to ensure it actually works the way you expect. It might have beeen invented before yesterday, I don't know. Anyway, this solution adds a bunch of tests that send HTTP GET requests to a bunch of endpoints to make sure the server is at least returning HTTP 200 responses. It also fixes a race condition where HTTP server was available before the readme / version strings were loaded. 2020-04-03 16:07:39 +00:00			`"/profile/edit",`
			`"/public/latest",`
			`"/public/latest/extended",`
try workaround 2020-11-11 14:19:05 +00:00			`// "/public/latest/summaries",`
Add very basic test suite Problem: ESLint and TypeScript help catch some types of regressions, but they don't protect us against obvious stuff like "the server won't start". This means that humans need to test a bunch of stuff manually, and that can be really tedious and exhausting. Solution: Yesterday someone invented this cool concept called "testing" where you write automated tests for your software to ensure it actually works the way you expect. It might have beeen invented before yesterday, I don't know. Anyway, this solution adds a bunch of tests that send HTTP GET requests to a bunch of endpoints to make sure the server is at least returning HTTP 200 responses. It also fixes a race condition where HTTP server was available before the readme / version strings were loaded. 2020-04-03 16:07:39 +00:00			`"/public/latest/threads",`
			`"/public/latest/topics",`
			`"/public/popular/day",`
			`"/public/popular/week",`
			`"/publish",`
			`"/publish/custom",`
			`"/search",`
			`"/search?query=foo",`
			`"/settings",`
			`"/settings/readme",`
			`];`

Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`tap.setTimeout(0);`
Add very basic test suite Problem: ESLint and TypeScript help catch some types of regressions, but they don't protect us against obvious stuff like "the server won't start". This means that humans need to test a bunch of stuff manually, and that can be really tedious and exhausting. Solution: Yesterday someone invented this cool concept called "testing" where you write automated tests for your software to ensure it actually works the way you expect. It might have beeen invented before yesterday, I don't know. Anyway, this solution adds a bunch of tests that send HTTP GET requests to a bunch of endpoints to make sure the server is at least returning HTTP 200 responses. It also fixes a race condition where HTTP server was available before the readme / version strings were loaded. 2020-04-03 16:07:39 +00:00
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`tap.test("DNS rebind attack fails", (t) => {`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`t.plan(1);`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`supertest(app)`
			`.get("/inbox")`
			`.set("Host", "example.com")`
			`.expect(400)`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`.end(t.error);`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`});`

			`tap.test("CSRF attack should fail with no referer", (t) => {`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`t.plan(1);`
			`supertest(app).post("/conn/settings/stop").expect(400).end(t.error);`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`});`

			`tap.test("CSRF attack should fail with wrong referer", (t) => {`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`t.plan(1);`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`supertest(app)`
			`.post("/conn/settings/stop")`
			`.set("Host", "example.com")`
			`.expect(400)`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`.end(t.error);`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`});`

Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`paths.forEach((path) => {`
			`tap.test(path, (t) => {`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`t.plan(1);`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`supertest(app)`
Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`.get(path)`
Add tests for CSRF and DNS rebind Problem: We had these problems in the past and we can't have them again. Solution: Tests make it really easy to double-check that we remain immune. 2020-04-10 19:33:22 +00:00			`.set("Host", "localhost")`
Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`.expect(200)`
			`.end((err) => {`
reset test/basic.js this time without cryptix's basic blob test (to see if CI completes) 2020-10-21 12:53:18 +00:00			`console.log(path);`
			`t.error(err);`
Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`});`
			`});`
Add very basic test suite Problem: ESLint and TypeScript help catch some types of regressions, but they don't protect us against obvious stuff like "the server won't start". This means that humans need to test a bunch of stuff manually, and that can be really tedious and exhausting. Solution: Yesterday someone invented this cool concept called "testing" where you write automated tests for your software to ensure it actually works the way you expect. It might have beeen invented before yesterday, I don't know. Anyway, this solution adds a bunch of tests that send HTTP GET requests to a bunch of endpoints to make sure the server is at least returning HTTP 200 responses. It also fixes a race condition where HTTP server was available before the readme / version strings were loaded. 2020-04-03 16:07:39 +00:00			`});`

Fix open sockets that weren't closing during tests Problem: The test suite isn't closing the database because `app.close()` only affects the HTTP server. This means that tests don't exit cleanly and sockets remain open and all sorts of really fun stuff that we don't want while writing tests. Solution: Refactor `src/ssb.js` so that we can exit cleanly and have less rope to hang ourselves with. Add a small lifecycle test that can help us ensure that the bare minimum lifecycle events are working correctly, plus now the previous tests are passing on my machine too. 2020-04-06 19:14:58 +00:00			`// HACK: This closes the database.`
			`tap.teardown(() => {`
			`app.close();`
			`app._close();`
			`});`