sinapse 0.1.0

data/test/channels_test.rb

@@ -0,0 +1,101 @@
+require 'test_helper'
+
+describe "Sinapse::Channels" do
+  include RedisTestHelper
+
+  before do
+    Sinapse.redis do |redis|
+      redis.sadd 'sinapse:channels:1', 'room:1'
+      redis.sadd 'sinapse:channels:1', 'room:83'
+    end
+  end
+
+  after do
+    Sinapse.redis { |redis| redis.del 'sinapse:channels:1' }
+  end
+
+  let(:user) { User.new(1) }
+  let(:room) { Room.new(1) }
+
+  it "key" do
+    assert_equal "sinapse:channels:1", User.new(1).sinapse.key
+    assert_equal "sinapse:channels:345", User.new(345).sinapse.key
+    assert_equal "sinapse:channels:345:add", User.new(345).sinapse.key(:add)
+    assert_equal "sinapse:channels:345:remove", User.new(345).sinapse.key(:remove)
+  end
+
+  describe "channel_for" do
+    it "accepts a string" do
+      assert_equal 'room:1', user.sinapse.channel_for('room:1')
+      assert_equal 'room:876', user.sinapse.channel_for('room:876')
+    end
+
+    it "accepts a record" do
+      assert_equal 'room:1', user.sinapse.channel_for(Room.new(1))
+      assert_equal 'room:4321', user.sinapse.channel_for(Room.new(4321))
+    end
+  end
+
+  it "channels" do
+    assert_equal ['room:1', 'room:83'], user.sinapse.channels.sort
+    assert_equal [], User.new(2).sinapse.channels
+  end
+
+  it "has_channel?" do
+    assert user.sinapse.has_channel?(room)
+    refute user.sinapse.has_channel?('room:2')
+    refute User.new(2).sinapse.has_channel?(room)
+  end
+
+  it "clear" do
+    user.sinapse.clear
+    assert_empty user.sinapse.channels
+  end
+
+  it "destroy" do
+    user.sinapse.destroy
+
+    Sinapse.redis do |redis|
+      assert_nil redis.get(user.sinapse.auth.key)
+      assert_nil redis.get(user.sinapse.auth.token_key('a1b2c3d4e5f6'))
+    end
+
+    assert_empty user.sinapse.channels
+  end
+
+  describe "add_channel" do
+    let(:room) { Room.new(12345) }
+
+    it "adds channel to the list" do
+      user.sinapse.add_channel(room)
+      assert user.sinapse.has_channel?(room)
+    end
+
+    it "publishes a message" do
+      EM.run do
+        wait_for_message('sinapse:channels:*') do |channel, message|
+          assert_equal user.sinapse.key(:add), channel
+          assert_equal room.sinapse_channel, message
+        end
+        publish_until_received { user.sinapse.add_channel(room) }
+      end
+    end
+  end
+
+  describe "remove_channel" do
+    it "removes channel from the list" do
+      user.sinapse.remove_channel(room)
+      refute user.sinapse.has_channel?(room)
+    end
+
+    it "publishes a message" do
+      EM.run do
+        wait_for_message('sinapse:channels:*') do |channel, message|
+          assert_equal user.sinapse.key(:remove), channel
+          assert_equal room.sinapse_channel, message
+        end
+        publish_until_received { user.sinapse.remove_channel(room) }
+      end
+    end
+  end
+end

data/test/cross_origin_resource_sharing_test.rb

@@ -0,0 +1,167 @@
+require 'test_helper'
+require 'sinapse/cross_origin_resource_sharing'
+
+describe "Sinapse::Rack::CrossOriginResourceSharing" do
+  let(:app) { Minitest::Mock.new }
+
+  describe "regular request" do
+    it "calls app" do
+      env = { 'REQUEST_METHOD' => 'POST' }
+      app.expect(:call, [200, {}, ''], [env])
+      assert_equal [200, {}, ''], cors(origin: '*').call(env)
+      app.verify
+    end
+  end
+
+  describe "preflight check" do
+    let(:env) do
+      { 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET', 'REQUEST_METHOD' => 'OPTIONS' }
+    end
+
+    describe "when domain is *" do
+      let(:domain) { %w(test.host example.com somewhere.org)[rand(0..2)] }
+
+      it "allows any domain" do
+        status, headers, body = cors(origin: '*')
+          .call(env.merge('HTTP_ORIGIN' => "http://#{domain}"))
+
+        assert_equal 200, status
+        assert_equal 'text/plain', headers['Content-Type']
+        assert_equal "http://#{domain}", headers['Access-Control-Allow-Origin']
+        assert_nil headers['Access-Control-Allow-Headers']
+        assert_empty body
+      end
+    end
+
+    describe "when origin is a domain" do
+      it "allows request for HTTP" do
+        status, headers, _ = cors(origin: 'example.com')
+          .call(env.merge('HTTP_ORIGIN' => 'http://example.com'))
+        assert_equal 200, status
+        assert_equal 'http://example.com', headers['Access-Control-Allow-Origin']
+      end
+
+      it "allows request for HTTPS" do
+        status, headers, _ = cors(origin: 'example.com')
+          .call(env.merge('HTTP_ORIGIN' => 'https://example.com'))
+        assert_equal 200, status
+        assert_equal 'https://example.com', headers['Access-Control-Allow-Origin']
+      end
+
+      it "refuses another domain" do
+        status, headers, _ = cors(origin: 'example.com')
+          .call(env.merge('HTTP_ORIGIN' => 'http://test.host'))
+        assert_equal 400, status
+        assert_nil headers['Access-Control-Allow-Origin']
+      end
+    end
+
+    describe "when origin is a string" do
+      it "allows specific origin" do
+        status, headers, _ = cors(origin: 'http://example.com')
+          .call(env.merge('HTTP_ORIGIN' => 'http://example.com'))
+        assert_equal 200, status
+        assert_equal 'http://example.com', headers['Access-Control-Allow-Origin']
+      end
+
+      it "refuses another origin" do
+        status, headers, _ = cors(origin: 'https://example.com')
+          .call(env.merge('HTTP_ORIGIN' => 'http://example.com'))
+        assert_equal 400, status
+        assert_nil headers['Access-Control-Allow-Origin']
+      end
+    end
+
+    describe "when origin is a regexp" do
+      let(:domain) { %w(example.com test.host)[rand(0..1)] }
+
+      it "allows matching origin" do
+        status, headers, _ = cors(origin: %r(^https?://(example\.com|test\.host)))
+          .call(env.merge('HTTP_ORIGIN' => "http://#{domain}"))
+        assert_equal 200, status
+        assert_equal "http://#{domain}", headers['Access-Control-Allow-Origin']
+      end
+
+      it "refuses an origin that doesn't match" do
+        status, headers, _ = cors(origin: %r(^http?://(example\.com|test\.host)))
+          .call(env.merge('HTTP_ORIGIN' => 'http://somewhere.org'))
+        assert_equal 400, status
+        assert_nil headers['Access-Control-Allow-Origin']
+      end
+    end
+
+    describe "methods" do
+      let(:methods) { %w(GET POST DELETE) }
+      let(:method) { methods[rand(0..2)] }
+
+      it "accepts method" do
+        status, headers, _ = cors(origin: '*', methods: methods).call(env.merge(
+          'HTTP_ORIGIN' => "http://test.host",
+          'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => method
+        ))
+        assert_equal 200, status
+        assert_equal "http://test.host", headers['Access-Control-Allow-Origin']
+        assert_equal 'GET, POST, DELETE', headers['Access-Control-Allow-Methods']
+      end
+
+      it "refuses method" do
+        status, headers, _ = cors(origin: '*', methods: methods).call(env.merge(
+          'HTTP_ORIGIN' => "http://test.host",
+          'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'PATCH'
+        ))
+        assert_equal 400, status
+        assert_nil headers['Access-Control-Allow-Origin']
+        assert_nil headers['Access-Control-Allow-Methods']
+      end
+    end
+  end
+
+  describe "actual request" do
+    it "adds headers when origin header is present" do
+      env = {
+        'HTTP_ORIGIN' => 'http://example.com',
+        'REQUEST_METHOD' => 'POST'
+      }
+      app.expect(:call, [200, {}, ''], [env])
+      status, headers, body = cors(origin: '*', methods: %w(POST)).call(env)
+      app.verify
+
+      assert_equal 200, status
+      assert_equal '', body
+      assert_equal 'http://example.com', headers['Access-Control-Allow-Origin']
+      assert_equal 'POST', headers['Access-Control-Allow-Methods']
+    end
+
+    it "skips headers when origin is refused" do
+      env = {
+        'HTTP_ORIGIN' => 'http://test.com',
+        'REQUEST_METHOD' => 'POST'
+      }
+      app.expect(:call, [200, {}, ''], [env])
+      status, headers, _ = cors(origin: 'example.com', methods: %w(POST)).call(env)
+      app.verify
+
+      assert_equal 200, status
+      assert_nil headers['Access-Control-Allow-Origin']
+      assert_nil headers['Access-Control-Allow-Methods']
+    end
+
+    it "skips headers when method is refused" do
+      env = {
+        'HTTP_ORIGIN' => 'http://test.host',
+        'REQUEST_METHOD' => 'GET'
+      }
+      app.expect(:call, [200, {}, ''], [env])
+      status, headers, _ = cors(origin: 'test.host', methods: %w(POST)).call(env)
+      app.verify
+
+      assert_equal 200, status
+      assert_nil headers['Access-Control-Allow-Origin']
+      assert_nil headers['Access-Control-Allow-Methods']
+    end
+  end
+
+  def cors(options = {})
+    Sinapse::Rack::CrossOriginResourceSharing.new(app, options)
+  end
+end

data/test/publishable_test.rb

@@ -0,0 +1,32 @@
+require 'test_helper'
+
+describe "Sinapse::Publishable" do
+  include RedisTestHelper
+
+  let(:room) { Room.new(1) }
+
+  it "sinapse_channel" do
+    assert_equal 'room:1', Room.new(1).sinapse_channel
+    assert_equal 'room:83', Room.new(83).sinapse_channel
+  end
+
+  it "publish" do
+    EM.run do
+      wait_for_message('room:*') do |channel, message|
+        assert_equal room.sinapse_channel, channel
+        assert_equal 'hello room 1', message
+      end
+      publish_until_received { room.publish('hello room 1') }
+    end
+  end
+
+  it "publish with event type" do
+    EM.run do
+      wait_for_message('room:*') do |channel, message|
+        assert_equal room.sinapse_channel, channel
+        assert_equal ['hello', 'hello room 1'], message
+      end
+      publish_until_received { room.publish('hello room 1', event: 'hello') }
+    end
+  end
+end

data/test/server_test.rb

@@ -0,0 +1,189 @@
+require 'test_helper'
+require 'sinapse/server'
+
+describe Sinapse::Server do
+  include Goliath::TestHelper
+  include RedisTestHelper
+
+  before do
+    EM.synchrony do
+      redis.set('sinapse:tokens:valid', '1')
+      redis.set('sinapse:tokens:empty', '2')
+      redis.sadd('sinapse:channels:1', 'user:1')
+      redis.sadd('sinapse:channels:1', 'room:2')
+      redis.sadd('sinapse:channels:1', 'room:4')
+      EM.stop_event_loop
+    end
+  end
+
+  after do
+    EM.synchrony do
+      redis.del('sinapse:tokens:valid')
+      redis.del('sinapse:tokens:empty')
+      redis.del('sinapse:channels:1')
+      EM.stop_event_loop
+    end
+  end
+
+  describe "authentication" do
+    it "returns an event-stream on success" do
+      sse_connect do |client|
+        assert_equal 'close', client.headers['CONNECTION']
+        assert_equal 'text/event-stream', client.headers['CONTENT_TYPE']
+        assert_equal "retry: 5000\nevent: authentication\ndata: ok\n\n", client.receive
+      end
+    end
+
+    it "won't authenticate without token" do
+      connect(query: { access_token: '' }) do |client|
+        assert_equal 400, client.response_header.status
+      end
+    end
+
+    it "won't authenticate with unknown token" do
+      connect(query: { access_token: 'invalid' }) do |client|
+        assert_equal 401, client.response_header.status
+      end rescue LocalJumpError
+    end
+
+    it "won't authenticate when user has no channels" do
+      connect(query: { access_token: 'empty' }) do |client|
+        assert_equal 401, client.response_header.status
+      end rescue LocalJumpError
+    end
+  end
+
+  describe "cross origin resource sharing (when requested)" do
+    it "returns CORS headers on auth success" do
+      sse_connect(head: { origin: 'http://example.com' }) do |client|
+        assert_equal 'text/event-stream', client.headers['CONTENT_TYPE']
+        assert_equal 'http://example.com', client.headers['ACCESS_CONTROL_ALLOW_ORIGIN']
+        refute_nil client.headers['ACCESS_CONTROL_ALLOW_METHODS']
+      end
+    end
+
+    it "skips CORS headers when configured origin doesn't match" do
+      stub_origin('test.host') do
+        sse_connect(head: { origin: "http://example.com" }) do |client|
+          assert_nil client.headers['ACCESS_CONTROL_ALLOW_ORIGIN']
+          assert_nil client.headers['ACCESS_CONTROL_ALLOW_METHODS']
+        end
+      end
+    end
+
+    def stub_origin(forced)
+      Sinapse::Server.middlewares.each do |middleware, params, _|
+        next unless middleware == Sinapse::Rack::CrossOriginResourceSharing
+        options = params.first
+        original = options[:origin]
+        options[:origin] = forced
+        yield
+        options[:origin] = original
+        return
+      end
+    end
+  end
+
+  describe "pub/sub" do
+    let(:channel_name) { 'user:1' }
+
+    # waits for server to be listening
+    def wait
+      sleep 0.001 until redis.publish('sinapse:channels:1:wait', nil) == 1
+    end
+
+    it "proxies published messages" do
+      sse_connect do |client|
+        client.receive # skips authentication message
+        wait
+
+        assert_equal 1, publish(channel_name, "payload message")
+        #assert_equal "event: #{channel_name}\ndata: payload message\n\n", client.receive
+        assert_equal "data: payload message\n\n", client.receive
+
+        assert_equal 1, publish(channel_name, "another message")
+        #assert_equal "event: #{channel_name}\ndata: another message\n\n", client.receive
+        assert_equal "data: another message\n\n", client.receive
+      end
+    end
+
+    it "disconnects from server on connection close" do
+      sse_connect do |client|
+        client.close
+        EM.synchrony { assert_equal 0, redis.publish(channel_name, "message") }
+      end
+    end
+
+    it "updates subscriptions when the list changes" do
+      sse_connect do |client|
+        client.receive
+
+        redis.srem('sinapse:channels:1', 'room:2')
+        redis.publish('sinapse:channels:1:remove', 'room:2')
+
+        redis.sadd('sinapse:channels:1', 'room:5')
+        redis.publish('sinapse:channels:1:add', 'room:5')
+
+        assert_equal 1, publish('room:4', "message for room 4")
+        #assert_equal "event: room:4\ndata: message for room 4\n\n", client.receive
+        assert_equal "data: message for room 4\n\n", client.receive
+
+        assert_equal 1, publish('room:5', "message for room 5")
+        #assert_equal "event: room:5\ndata: message for room 5\n\n", client.receive
+        assert_equal "data: message for room 5\n\n", client.receive
+
+        assert_equal 0, publish('room:2', "message for room 2")
+      end
+    end
+
+    it "sets channel name as event type" do
+      Sinapse::Config.stub(:channel_event, true) do
+        sse_connect do |client|
+          client.receive; wait
+
+          assert_equal 1, publish(channel_name, "payload message")
+          assert_equal "event: #{channel_name}\ndata: payload message\n\n", client.receive
+        end
+      end
+    end
+
+    it "publishes with event type" do
+      Sinapse::Config.stub(:channel_event, true) do
+        sse_connect do |client|
+          client.receive; wait
+
+          assert_equal 1, publish(channel_name, "payload message", "hello:world")
+          assert_equal "event: hello:world\ndata: payload message\n\n", client.receive
+        end
+      end
+    end
+  end
+
+  describe "retry" do
+    it "uses configured value" do
+      Sinapse::Config.stub(:retry, 12000) do
+        sse_connect(head: { origin: 'http://example.com' }) do |client|
+          assert_match(/retry: 12000\n/, client.receive)
+        end
+      end
+    end
+  end
+
+  describe "keep alive" do
+    it "periodically sends a comment" do
+      Sinapse::Config.stub(:keep_alive, 0.001) do
+        sse_connect do |client|
+          client.receive # skips authentication message
+          assert_equal ":\n", client.receive
+          assert_equal ":\n", client.receive
+          assert_equal ":\n", client.receive
+        end
+      end
+    end
+  end
+
+  def publish(channel, message, event = nil)
+    data = MessagePack.pack(event ? [event, message] : message)
+    redis.publish(channel, data)
+  end
+end