RubyGems - itsi - Versions diffs - 0.1.20 → 0.2.2 - Mend

itsi 0.1.20 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (319) hide show

data/gems/server/test/middleware/proxy.rb ADDED Viewed

@@ -0,0 +1,415 @@
+require_relative "../helpers/test_helper"
+class TestProxy < Minitest::Test
+  def test_successful_forwarding
+    backend_bind = free_bind
+    server(
+      itsi_rb: lambda do
+        log_requests before: { format: "GET {path_and_query}", level: "INFO"}
+        get("/foo") { |r|
+          r.ok "backend success. #{r.query_params["bar"]}"
+        }
+      end,
+      bind: backend_bind
+    ) do
+      server(
+        itsi_rb: lambda do
+          proxy \
+            to: "#{backend_bind}{path_and_query}",
+            backends: ["#{backend_bind}"],
+            backend_priority: "round_robin",
+            headers: {},
+            verify_ssl: false,
+            timeout: 30,
+            tls_sni: false,
+            error_response: "internal_server_error"
+          get("/foo") { |r|
+            r.ok "should not get here"
+          }
+        end
+      ) do
+        res = get_resp("/foo?bar=baz")
+        # Expect that the proxy forwards the request to the backend.
+        assert_equal "200", res.code, "Expected success status from backend"
+        assert_equal "backend success. baz", res.body
+      end
+    end
+  end
+  # Test that an invalid target URL (i.e. an unparseable URL) yields an error response.
+  def test_invalid_target_url_returns_error
+    server(
+      itsi_rb: lambda do
+        proxy \
+          to: "not_a_valid_url",
+          backends: ["127.0.0.1:3001"],
+          backend_priority: "round_robin",
+          headers: {},
+          verify_ssl: false,
+          timeout: 30,
+          tls_sni: false,
+          error_response: "bad_gateway"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "502", res.code, "Expected error response code 502 for invalid URL"
+    end
+  end
+  def test_overriding_headers
+    backend_bind = free_bind
+    server(
+      itsi_rb: lambda do
+        log_requests before: { format: "GET {path_and_query}", level: "INFO"}
+        get("/header-test") do |r|
+          # Return the incoming header value.
+          r.ok r.header("X-Forwarded-For").first
+        end
+      end,
+      bind: backend_bind
+    ) do
+      # Start proxy server.
+      server(
+        itsi_rb: lambda do
+          proxy \
+            to: "#{backend_bind}{path}{query}",
+            backends: ["#{backend_bind}"],
+            backend_priority: "round_robin",
+            headers: { "X-Forwarded-For" => "{addr}" },
+            verify_ssl: false,
+            timeout: 30,
+            tls_sni: false,
+            error_response: "internal_server_error"
+          get("/header-test") { |r| r.ok "should not get here" }
+        end
+      ) do
+        res = get_resp("/header-test")
+        # Expect that the overriding header "X-Forwarded-For" is set to the client’s address.
+        assert_equal "127.0.0.1", res.body, "Expected the header to be set to the client address"
+      end
+    end
+  end
+  def test_proxy_with_static_to_only
+     backend_bind = free_bind
+     server(
+       itsi_rb: lambda do
+         get("/static") { |r| r.ok "static response" }
+       end,
+       bind: backend_bind
+     ) do
+       server(
+         itsi_rb: lambda do
+           proxy \
+             to: "#{backend_bind}{path}{query}",
+             backend_priority: "round_robin",
+             headers: {},
+             verify_ssl: false,
+             timeout: 30,
+             tls_sni: false,
+             error_response: "internal_server_error"
+           get("/static") { |r| r.ok "should not get here" }
+         end
+       ) do
+         res = get_resp("/static")
+         assert_equal "200", res.code, "Expected success status from static 'to' URL"
+         assert_equal "static response", res.body
+       end
+     end
+   end
+   def test_proxy_with_backend_host_override
+     backend_bind1 = free_bind
+     backend_bind2 = free_bind
+     # Start two dummy backends that respond with their Host header.
+     thread1 = Thread.new do
+       server(
+         itsi_rb: lambda do
+           get("/host-test") { |r| r.ok r.header("Host").first }
+         end,
+         bind: backend_bind1
+       ){ sleep 1 }
+     end
+     thread2 = Thread.new do
+       server(
+         itsi_rb: lambda do
+           get("/host-test") { |r| r.ok r.header("Host").first }
+         end,
+         bind: backend_bind2
+       ){ sleep 1 }
+     end
+     sleep 0.1
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "#{backend_bind1}{path}{query}",
+           backends: ["#{backend_bind1}", "#{backend_bind2}"],
+           backend_priority: "round_robin",
+           headers: { "Host" => "custom.backend.example.com" },
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: true,
+           error_response: "internal_server_error"
+         get("/host-test") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/host-test")
+       assert_equal "200", res.code, "Expected successful response with host override"
+       assert_equal "custom.backend.example.com", res.body, "Expected the Host header to be overridden"
+     end
+     thread1.kill
+     thread2.kill
+   end
+   def test_proxy_timeout
+     backend_bind = free_bind
+     # Start a backend server that sleeps for 1 second before responding.
+     server(
+       itsi_rb: lambda do
+         get("/slow") do |r|
+           sleep 1
+           r.ok "delayed response"
+         end
+       end,
+       bind: backend_bind
+     ) do
+       server(
+         itsi_rb: lambda do
+           # Set a very short timeout (0 seconds) to force a timeout.
+           proxy \
+             to: "#{backend_bind}{path}{query}",
+             backends: ["#{backend_bind}"],
+             backend_priority: "round_robin",
+             headers: {},
+             verify_ssl: false,
+             timeout: 0,
+             tls_sni: false,
+             error_response: "gateway_timeout"
+           get("/slow") { |r| r.ok "should not get here" }
+         end
+       ) do
+         res = get_resp("/slow")
+         assert_equal "504", res.code, "Expected 504 Gateway Timeout when backend response exceeds timeout"
+       end
+     end
+   end
+   def test_error_response_internal_server_error
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "internal_server_error"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "500", res.code, "Expected error response code 500 for internal_server_error"
+     end
+   end
+   def test_error_response_not_found
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "not_found"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "404", res.code, "Expected error response code 404 for not_found"
+     end
+   end
+   def test_error_response_unauthorized
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "unauthorized"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "401", res.code, "Expected error response code 401 for unauthorized"
+     end
+   end
+   def test_error_response_forbidden
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "forbidden"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "403", res.code, "Expected error response code 403 for forbidden"
+     end
+   end
+   def test_error_response_payload_too_large
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "payload_too_large"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "413", res.code, "Expected error response code 413 for payload_too_large"
+     end
+   end
+   def test_error_response_too_many_requests
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "too_many_requests"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "429", res.code, "Expected error response code 429 for too_many_requests"
+     end
+   end
+   def test_error_response_service_unavailable
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "service_unavailable"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "503", res.code, "Expected error response code 503 for service_unavailable"
+     end
+   end
+   def test_error_response_gateway_timeout
+     server(
+       itsi_rb: lambda do
+         proxy \
+           to: "invalid_url",
+           backends: ["127.0.0.1:3001"],
+           backend_priority: "round_robin",
+           headers: {},
+           verify_ssl: false,
+           timeout: 30,
+           tls_sni: false,
+           error_response: "gateway_timeout"
+         get("/foo") { |r| r.ok "should not get here" }
+       end
+     ) do
+       res = get_resp("/foo")
+       assert_equal "504", res.code, "Expected error response code 504 for gateway_timeout"
+    end
+  end
+  def test_failover_behavior
+    # Obtain two free bind addresses for backend servers.
+    backend1_bind = free_bind
+    backend2_bind = free_bind
+    backend2_server = Itsi::Server.start_in_background_thread(binds: [backend2_bind]) do
+      get("/failover") { |r| r.ok "backend2" }
+    end
+    # backend2_server.stop
+    # # Allow the backend servers to start.
+    sleep 0.2
+    # Start the proxy server with an ordered backend selection.
+    server(
+      cleanup: false,
+      itsi_rb: lambda do
+        proxy \
+          to: "http://proxied_host.com{path}{query}",
+          backends:  [backend1_bind[/\/\/(.*)/,1], backend2_bind[/\/\/(.*)/,1]],
+          backend_priority: "ordered",
+          headers: {},
+          verify_ssl: false,
+          timeout: 30,
+          tls_sni: false,
+          error_response: "internal_server_error"
+        get("/failover") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/failover")
+      assert_equal "200", res.code, "Expected success when fallback backend is available"
+      assert_equal "backend2", res.body, "Expected response from backend2"
+      backend1_server = Itsi::Server.start_in_background_thread(binds: [backend1_bind]) do
+        get("/failover") { |r| r.ok "backend1" }
+      end
+      sleep 1
+      res = get_resp("/failover")
+      assert_equal "200", res.code, "Expected reversion when primary becomes available"
+      assert_equal "backend1", res.body, "Expected response from backend1 with ordered priority"
+    end
+    Itsi::Server.stop_background_threads
+  end
+end

data/gems/server/test/middleware/rate_limit.rb ADDED Viewed

@@ -0,0 +1,211 @@
+require_relative "../helpers/test_helper"
+require "redis"
+class TestRateLimit < Minitest::Test
+  # 1. In‑memory: allow up to N requests, then 429
+  def test_in_memory_limit
+    server(
+      itsi_rb: lambda do
+        rate_limit requests: 3, seconds: 2
+        get("/foo") { |r| r.ok "ok" }
+      end
+    ) do
+      3.times do
+        res = get_resp("/foo")
+        assert_equal "200", res.code
+        assert_equal "ok",  res.body
+      end
+      # Next one should be rate‑limited
+      res = get_resp("/foo")
+      assert_equal "429", res.code
+      # default error_response body is the standard message
+      assert_match /Slow down!/, res.body
+      assert_match /429/, res.body
+      assert_equal 3.to_s,   res["X-RateLimit-Limit"]
+      assert_equal "0",                     res["X-RateLimit-Remaining"]
+      assert_match  /\d+/,                  res["X-RateLimit-Reset"]
+      assert_equal res["X-RateLimit-Reset"], res["Retry-After"]
+    end
+  end
+  # 2. Time window resets after `seconds`
+  def test_window_reset
+    server(
+      itsi_rb: lambda do
+        rate_limit requests: 1, seconds: 1
+        get("/bar") { |r| r.ok "bar" }
+      end
+    ) do
+      res1 = get_resp("/bar")
+      assert_equal "200", res1.code
+      res2 = get_resp("/bar")
+      assert_equal "429", res2.code
+      sleep 1.1
+      res3 = get_resp("/bar")
+      assert_equal "200", res3.code
+    end
+  end
+  # 3. Key by header
+  def test_key_by_header
+    server(
+      itsi_rb: lambda do
+        rate_limit \
+          requests: 1,
+          seconds: 60,
+          key: { parameter: { header: { name: "X-Client-Id" } } }
+        get("/h") { |r| r.ok r.header("X-Client-Id").first }
+      end
+    ) do
+      h1 = { "X-Client-Id" => "A" }
+      h2 = { "X-Client-Id" => "B" }
+      # A once OK, then limited
+      res1 = get_resp("/h", h1)
+      assert_equal "200", res1.code
+      assert_equal "A",   res1.body
+      res2 = get_resp("/h", h1)
+      assert_equal "429", res2.code
+      # B independent count
+      res3 = get_resp("/h", h2)
+      assert_equal "200", res3.code
+      assert_equal "B",   res3.body
+    end
+  end
+  # 4. Key by query
+  def test_key_by_query
+    server(
+      itsi_rb: lambda do
+        rate_limit \
+          requests: 1,
+          seconds: 60,
+          key: { parameter: { query: "user" } }
+        get("/q") { |r| r.ok r.query_params["user"] }
+      end
+    ) do
+      res1 = get_resp("/q?user=foo")
+      assert_equal "200", res1.code
+      assert_equal "foo", res1.body
+      res2 = get_resp("/q?user=foo")
+      assert_equal "429", res2.code
+    end
+  end
+  # 5. Custom error_response
+  def test_custom_error_response
+    server(
+      itsi_rb: lambda do
+        rate_limit \
+          requests: 1,
+          seconds: 60,
+          error_response: {
+            code: 429,
+            plaintext: { inline: "Slow down" },
+            default:   "plaintext"
+          }
+        get("/") { |r| r.ok "never" }
+      end
+    ) do
+      res = 5.times.map{ get_resp("/") }.last
+      assert_equal "429", res.code
+      assert_equal "Slow down", res.body
+    end
+  end
+  # 6. Skip Redis tests if Redis not available
+  def test_redis_store_unavailable_skips
+    skip "Redis not running" unless begin
+      Redis.new(url: ENV.fetch("REDIS_URL","redis://localhost:6379/15")).ping == "PONG"
+    rescue
+      false
+    end
+  end
+  # 7. Redis‑backed limiting
+  def test_redis_backed_limit
+    redis_url = ENV.fetch("REDIS_URL","redis://localhost:6379/15")
+    ENV["REDIS_URL"] = redis_url
+    server(
+      itsi_rb: lambda do
+        rate_limit \
+          requests: 2,
+          seconds: 60,
+          store_config: { redis: { connection_url: ENV["REDIS_URL"] } }
+        get("/r") { |r| r.ok "ok" }
+      end
+    ) do
+      client = Redis.new(url: redis_url)
+      client.flushdb
+      2.times do
+        res = get_resp("/r")
+        assert_equal "200", res.code
+        assert_equal "ok",  res.body
+      end
+      # Third hit is rate‑limited
+      res3 = get_resp("/r")
+      assert_equal "429", res3.code
+      client.flushdb
+    end
+  end
+  # 8. Trusted proxy: forwarded IP is used for rate limit key
+  def test_trusted_proxy_respects_forwarded_ip
+    server(
+      itsi_rb: lambda do
+        rate_limit \
+          requests: 1,
+          seconds: 60,
+          trusted_proxies: {
+            "127.0.0.1" => { header: { name: "X-Forwarded-For" } }
+          }
+        get("/ip") { |r| r.ok "ok" }
+      end
+    ) do
+      # First IP: allowed
+      res1 = get_resp("/ip", { "X-Forwarded-For" => "198.51.100.1" })
+      assert_equal "200", res1.code
+      # Second hit from same client IP: blocked
+      res2 = get_resp("/ip", { "X-Forwarded-For" => "198.51.100.1" })
+      assert_equal "429", res2.code
+      # Third hit from *different* IP: allowed
+      res3 = get_resp("/ip", { "X-Forwarded-For" => "198.51.100.2" })
+      assert_equal "200", res3.code
+    end
+  end
+  # 9. Untrusted proxy: forwarded header is ignored
+  def test_untrusted_proxy_ignores_forwarded_ip
+    server(
+      itsi_rb: lambda do
+        rate_limit \
+          requests: 1,
+          seconds: 60,
+          trusted_proxies: {
+            "10.0.0.1" => { header: { name: "X-Forwarded-For" } }
+          }
+        get("/untrusted") { |r| r.ok "ok" }
+      end
+    ) do
+      # Even though header says different IP, it’s ignored (127.0.0.1 is used)
+      res1 = get_resp("/untrusted", { "X-Forwarded-For" => "198.51.100.1" })
+      assert_equal "200", res1.code
+      # Still treated as same client (127.0.0.1), so next request is blocked
+      res2 = get_resp("/untrusted", { "X-Forwarded-For" => "198.51.100.2" })
+      assert_equal "429", res2.code
+    end
+  end
+end

data/gems/server/test/middleware/redirect.rb ADDED Viewed

@@ -0,0 +1,85 @@
+require_relative "../helpers/test_helper"
+class TestRedirect < Minitest::Test
+  def test_permanent_redirect
+    server(
+      itsi_rb: lambda do
+        redirect to: "https://example.com/new", type: "moved_permanently"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "301", res.code, "Expected status 301 for permanent redirect"
+      assert_equal "https://example.com/new", res["Location"]
+    end
+  end
+  def test_temporary_redirect
+    server(
+      itsi_rb: lambda do
+        redirect to: "https://example.com/new", type: "temporary"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "307", res.code, "Expected status 307 for temporary redirect"
+      assert_equal "https://example.com/new", res["Location"]
+    end
+  end
+  def test_found_redirect
+    server(
+      itsi_rb: lambda do
+        redirect to: "https://example.com/new", type: "found"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "302", res.code, "Expected status 302 for found redirect"
+      assert_equal "https://example.com/new", res["Location"]
+    end
+  end
+  def test_moved_permanently_redirect
+    server(
+      itsi_rb: lambda do
+        redirect to: "https://example.com/new", type: "permanent"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "308", res.code, "Expected status 308 for moved permanently redirect"
+      assert_equal "https://example.com/new", res["Location"]
+    end
+  end
+  def test_relative_redirect
+    server(
+      itsi_rb: lambda do
+        # Use a relative URL as the target
+        redirect to: "/new/path", type: "permanent"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "308", res.code, "Expected status 308 for permanent redirect"
+      # For a relative URL, the Location header should match exactly
+      assert_equal "/new/path", res["Location"]
+    end
+  end
+  def test_relative_redirect_with_placeholder
+    server(
+      itsi_rb: lambda do
+        # Use a template that interpolates the request path into a relative URL.
+        # For a request to "/foo", the resulting Location should be "/new/foo".
+        redirect to: "/new{path}", type: "temporary"
+        get("/foo") { |r| r.ok "should not get here" }
+      end
+    ) do
+      res = get_resp("/foo")
+      assert_equal "307", res.code, "Expected status 307 for temporary redirect"
+      assert_equal "/new/foo", res["Location"]
+    end
+  end
+end