tep 0.11.0

data/test/test_identity.rb

@@ -0,0 +1,165 @@
+require_relative "helper"
+
+# Tep::Identity + Tep::AgentDelegation: the principal+delegate
+# identity types Auth issues and Broadcast/Presence/LiveView consume.
+# See docs/BATTERIES-DESIGN.md for the broader Auth design.
+class TestIdentity < TepTest
+  app_source <<~RB
+    require 'sinatra'
+
+    HUMAN_CAPS = [:read, :write]
+    AGENT_CAPS = [:read]
+
+    HUMAN = Tep::Identity.new("user:42", nil, HUMAN_CAPS)
+
+    BOT_DELEGATION = Tep::AgentDelegation.new(
+      "summarizer-bot", 1000, 2000, :token)
+    AGENT = Tep::Identity.new("user:42", BOT_DELEGATION, AGENT_CAPS)
+
+    # Plain-text helper so every route returns the answer directly.
+    before do
+      res.headers["Content-Type"] = "text/plain"
+    end
+
+    get '/human/subject' do
+      HUMAN.subject
+    end
+
+    get '/human/is_human' do
+      HUMAN.human? ? "yes" : "no"
+    end
+
+    get '/human/is_agent' do
+      HUMAN.agent? ? "yes" : "no"
+    end
+
+    get '/human/may_read' do
+      HUMAN.may?(:read) ? "yes" : "no"
+    end
+
+    get '/human/may_post_summary' do
+      HUMAN.may?(:post_summary) ? "yes" : "no"
+    end
+
+    get '/agent/subject' do
+      AGENT.subject
+    end
+
+    get '/agent/is_human' do
+      AGENT.human? ? "yes" : "no"
+    end
+
+    get '/agent/is_agent' do
+      AGENT.agent? ? "yes" : "no"
+    end
+
+    get '/agent/may_read' do
+      AGENT.may?(:read) ? "yes" : "no"
+    end
+
+    get '/agent/may_write' do
+      AGENT.may?(:write) ? "yes" : "no"
+    end
+
+    get '/agent/agent_id' do
+      AGENT.acting_via.agent_id
+    end
+
+    get '/agent/origin' do
+      AGENT.acting_via.origin.to_s
+    end
+
+    get '/agent/expired_before' do
+      AGENT.acting_via.expired?(1500) ? "yes" : "no"
+    end
+
+    get '/agent/expired_after' do
+      AGENT.acting_via.expired?(2500) ? "yes" : "no"
+    end
+
+    get '/anonymous/subject' do
+      Tep::Identity.anonymous.subject
+    end
+
+    get '/anonymous/may_read' do
+      Tep::Identity.anonymous.may?(:read) ? "yes" : "no"
+    end
+
+    get '/anonymous/is_human' do
+      Tep::Identity.anonymous.human? ? "yes" : "no"
+    end
+  RB
+
+  def test_human_subject_format
+    assert_equal "user:user:42", get("/human/subject").body
+  end
+
+  def test_human_is_human
+    assert_equal "yes", get("/human/is_human").body
+  end
+
+  def test_human_is_not_agent
+    assert_equal "no", get("/human/is_agent").body
+  end
+
+  def test_human_has_granted_cap
+    assert_equal "yes", get("/human/may_read").body
+  end
+
+  def test_human_lacks_ungranted_cap
+    assert_equal "no", get("/human/may_post_summary").body
+  end
+
+  def test_agent_subject_format
+    assert_equal "agent:summarizer-bot/user:42", get("/agent/subject").body
+  end
+
+  def test_agent_is_not_human
+    assert_equal "no", get("/agent/is_human").body
+  end
+
+  def test_agent_is_agent
+    assert_equal "yes", get("/agent/is_agent").body
+  end
+
+  def test_agent_has_granted_cap
+    assert_equal "yes", get("/agent/may_read").body
+  end
+
+  def test_agent_lacks_principal_cap
+    # Principal HUMAN has :write; AGENT was granted only :read.
+    # Cap subset not superset.
+    assert_equal "no", get("/agent/may_write").body
+  end
+
+  def test_agent_delegation_exposes_agent_id
+    assert_equal "summarizer-bot", get("/agent/agent_id").body
+  end
+
+  def test_agent_delegation_exposes_origin
+    assert_equal "token", get("/agent/origin").body
+  end
+
+  def test_delegation_not_expired_before_window
+    assert_equal "no", get("/agent/expired_before").body
+  end
+
+  def test_delegation_expired_after_window
+    assert_equal "yes", get("/agent/expired_after").body
+  end
+
+  def test_anonymous_subject_is_empty_principal
+    assert_equal "user:", get("/anonymous/subject").body
+  end
+
+  def test_anonymous_has_no_capabilities
+    assert_equal "no", get("/anonymous/may_read").body
+  end
+
+  def test_anonymous_is_human
+    # Without a delegation, anonymous is technically "human" per the
+    # acting_via shape. Apps gating routes by anonymous-vs-not check
+    # principal_id == "" or use a wrapping helper.
+    assert_equal "yes", get("/anonymous/is_human").body
+  end
+end

data/test/test_inbound_tls.rb

@@ -0,0 +1,101 @@
+require_relative "helper"
+require "openssl"
+require "socket"
+require "timeout"
+
+# Inbound server TLS (#148 phase 2): Tep::Server terminates HTTPS when
+# Tep.tls_cert / Tep.tls_key are set. Boots a tep binary with a
+# self-signed cert and drives it with a TLS client.
+class TestInboundTls < TepTest
+  # Per-process cert paths (unique under the parallel runner). Baked
+  # into app_source at class load; generated before the binary boots.
+  CERT = "/tmp/tep_tls_test_#{Process.pid}.crt"
+  KEY  = "/tmp/tep_tls_test_#{Process.pid}.key"
+
+  app_source <<~RB
+    require 'sinatra'
+    Tep.tls_cert = "#{CERT}"
+    Tep.tls_key  = "#{KEY}"
+
+    get '/hello' do
+      "tls-ok"
+    end
+  RB
+
+  def self.gen_cert
+    return if File.exist?(CERT) && File.exist?(KEY)
+    key  = OpenSSL::PKey::RSA.new(2048)
+    cert = OpenSSL::X509::Certificate.new
+    cert.version    = 2
+    cert.serial     = 1
+    cert.subject    = OpenSSL::X509::Name.parse("/CN=localhost")
+    cert.issuer     = cert.subject
+    cert.public_key = key.public_key
+    cert.not_before = Time.now - 60
+    cert.not_after  = Time.now + 3600
+    cert.sign(key, OpenSSL::Digest::SHA256.new)
+    File.write(CERT, cert.to_pem)
+    File.write(KEY,  key.to_pem)
+  end
+
+  def setup
+    self.class.gen_cert    # must exist before the spawned binary boots
+    super
+  end
+
+  def tls_get(path)
+    # Timeout-wrapped so a server-side handshake/read hang fails the
+    # test fast instead of wedging forever.
+    Timeout.timeout(15) do
+      sock = TCPSocket.new("127.0.0.1", @port)
+      ctx  = OpenSSL::SSL::SSLContext.new
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE   # self-signed
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.connect
+      ssl.write("GET #{path} HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n")
+      out = ssl.read.to_s
+      ssl.close rescue nil
+      sock.close rescue nil
+      out
+    end
+  end
+
+  def test_serves_a_request_over_tls
+    resp = tls_get("/hello")
+    assert_match(/200/, resp)
+    assert_match(/tls-ok/, resp)
+  end
+
+  def test_presents_the_configured_certificate
+    cn = Timeout.timeout(15) do
+      sock = TCPSocket.new("127.0.0.1", @port)
+      ctx  = OpenSSL::SSL::SSLContext.new
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.connect
+      subj = ssl.peer_cert.subject.to_s
+      ssl.close rescue nil
+      sock.close rescue nil
+      subj
+    end
+    assert_match(/CN=localhost/, cn)
+  end
+
+  def test_plaintext_request_to_tls_port_is_dropped
+    # A plain-HTTP request to the TLS port: SSL_accept fails on the
+    # non-TLS bytes, the server drops the connection -> no HTTP reply.
+    sock = TCPSocket.new("127.0.0.1", @port)
+    sock.write("GET /hello HTTP/1.0\r\nConnection: close\r\n\r\n")
+    data = ""
+    begin
+      data = sock.read_nonblock(64)
+    rescue IO::WaitReadable
+      IO.select([sock], nil, nil, 1.0)
+      data = (sock.read_nonblock(64) rescue "")
+    rescue
+      data = ""
+    end
+    sock.close rescue nil
+    refute_match(/HTTP\//, data.to_s)   # no plaintext HTTP response
+  end
+end

data/test/test_inbound_tls_scheduled.rb

@@ -0,0 +1,101 @@
+require_relative "helper"
+require "openssl"
+require "socket"
+require "timeout"
+
+# Scheduled-server inbound TLS (#148 phase 2, scheduled variant):
+# Tep::Server::Scheduled terminates HTTPS with a NON-BLOCKING SSL_accept
+# (sphttp_tls_accept_start + handshake_step parked on the scheduler).
+# Mirrors test_inbound_tls.rb but with `set :scheduler, :scheduled`, so
+# it exercises the cooperative handshake + want-aware recv path.
+class TestInboundTlsScheduled < TepTest
+  CERT = "/tmp/tep_tls_sched_test_#{Process.pid}.crt"
+  KEY  = "/tmp/tep_tls_sched_test_#{Process.pid}.key"
+
+  app_source <<~RB
+    require 'sinatra'
+    set :scheduler, :scheduled
+    Tep.tls_cert = "#{CERT}"
+    Tep.tls_key  = "#{KEY}"
+
+    get '/hello' do
+      "tls-sched-ok"
+    end
+
+    post '/echo' do
+      "echo:" + request.body.read
+    end
+  RB
+
+  def self.gen_cert
+    return if File.exist?(CERT) && File.exist?(KEY)
+    key  = OpenSSL::PKey::RSA.new(2048)
+    cert = OpenSSL::X509::Certificate.new
+    cert.version    = 2
+    cert.serial     = 1
+    cert.subject    = OpenSSL::X509::Name.parse("/CN=localhost")
+    cert.issuer     = cert.subject
+    cert.public_key = key.public_key
+    cert.not_before = Time.now - 60
+    cert.not_after  = Time.now + 3600
+    cert.sign(key, OpenSSL::Digest::SHA256.new)
+    File.write(CERT, cert.to_pem)
+    File.write(KEY,  key.to_pem)
+  end
+
+  def setup
+    self.class.gen_cert    # must exist before the spawned binary boots
+    super
+  end
+
+  def tls_socket
+    sock = TCPSocket.new("127.0.0.1", @port)
+    ctx  = OpenSSL::SSL::SSLContext.new
+    ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE   # self-signed
+    ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+    ssl.connect
+    [ssl, sock]
+  end
+
+  def tls_get(path)
+    Timeout.timeout(15) do
+      ssl, sock = tls_socket
+      ssl.write("GET #{path} HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n")
+      out = ssl.read.to_s
+      ssl.close rescue nil
+      sock.close rescue nil
+      out
+    end
+  end
+
+  def test_serves_a_request_over_tls_under_scheduler
+    resp = tls_get("/hello")
+    assert_match(/200/, resp)
+    assert_match(/tls-sched-ok/, resp)
+  end
+
+  def test_post_body_over_tls_under_scheduler
+    # Drives the want-aware body drain (consume_body_via_scheduler) over
+    # TLS -- a partial SSL record must not truncate the body.
+    resp = Timeout.timeout(15) do
+      ssl, sock = tls_socket
+      body = "hello-tls-body"
+      ssl.write("POST /echo HTTP/1.0\r\nHost: localhost\r\n" \
+                "Content-Type: text/plain\r\nContent-Length: #{body.bytesize}\r\n" \
+                "Connection: close\r\n\r\n#{body}")
+      out = ssl.read.to_s
+      ssl.close rescue nil
+      sock.close rescue nil
+      out
+    end
+    assert_match(/200/, resp)
+    assert_match(/echo:hello-tls-body/, resp)
+  end
+
+  def test_two_sequential_tls_connections
+    # A second connection must hand-shake cleanly after the first closed
+    # (server CTX reused across connections / fibers).
+    assert_match(/tls-sched-ok/, tls_get("/hello"))
+    assert_match(/tls-sched-ok/, tls_get("/hello"))
+  end
+end

data/test/test_job.rb

@@ -0,0 +1,108 @@
+require_relative "helper"
+
+# Tep::Job -- SQLite-backed sidekiq-shaped queue. The app declares
+# job classes, enqueues from one handler, then drains via fetch_next
+# from another. Dispatch is user-side (spinel can't carry cls_id
+# through PtrArray<Tep::Job>), so the worker handler has an explicit
+# `if name == "..."` ladder.
+class TestJob < TepTest
+  app_source <<~RB
+    require 'sinatra'
+
+    DB_PATH = "/tmp/tep_job_test.db"
+
+    on_start do
+      Tep::Shell.run("rm -f " + DB_PATH)
+      Tep::Job.init_schema(DB_PATH)
+    end
+
+    class UpcaseJob < Tep::Job
+      def perform(arg)
+        arg.upcase
+      end
+    end
+
+    class ReverseJob < Tep::Job
+      def perform(arg)
+        out = ""
+        i = arg.length - 1
+        while i >= 0
+          out = out + arg[i]
+          i -= 1
+        end
+        out
+      end
+    end
+
+    get '/enqueue/:name/:arg' do
+      id = Tep::Job.enqueue(params[:name], params[:arg], DB_PATH)
+      "id=" + id.to_s
+    end
+
+    get '/process' do
+      claim = Tep::Job.fetch_next(DB_PATH)
+      if claim.length == 0
+        "ran=0"
+      else
+        parts  = claim.split("|", 3)
+        row_id = parts[0].to_i
+        name   = parts[1]
+        arg    = parts[2]
+        result = ""
+        if name == "UpcaseJob"
+          result = UpcaseJob.new.perform(arg)
+        elsif name == "ReverseJob"
+          result = ReverseJob.new.perform(arg)
+        end
+        Tep::Job.mark_done(DB_PATH, row_id, result)
+        "ran=1"
+      end
+    end
+
+    get '/result/:id' do
+      db = Tep::SQLite.new
+      db.open(DB_PATH)
+      st   = db.first_str("SELECT status FROM tep_jobs WHERE id = ?", params[:id])
+      body = db.first_str("SELECT result FROM tep_jobs WHERE id = ?", params[:id])
+      db.close
+      st + "/" + body
+    end
+  RB
+
+  def test_upcase_job_round_trip
+    enq = get("/enqueue/UpcaseJob/hello")
+    assert_match(/id=\d+/, enq.body)
+    id = enq.body.split("=")[1]
+
+    pr = get("/process")
+    assert_equal "ran=1", pr.body
+
+    rr = get("/result/#{id}")
+    assert_equal "done/HELLO", rr.body
+  end
+
+  def test_reverse_job_round_trip
+    enq = get("/enqueue/ReverseJob/tepworks")
+    id  = enq.body.split("=")[1]
+    get("/process")
+    rr = get("/result/#{id}")
+    assert_equal "done/skrowpet", rr.body
+  end
+
+  def test_process_returns_zero_on_empty_queue
+    20.times { get("/process") }
+    res = get("/process")
+    assert_equal "ran=0", res.body
+  end
+
+  def test_fifo_order
+    a = get("/enqueue/UpcaseJob/aaa").body.split("=")[1]
+    b = get("/enqueue/UpcaseJob/bbb").body.split("=")[1]
+    get("/process")
+    get("/process")
+    ra = get("/result/#{a}").body
+    rb = get("/result/#{b}").body
+    assert_equal "done/AAA", ra
+    assert_equal "done/BBB", rb
+  end
+end

data/test/test_json.rb

@@ -0,0 +1,168 @@
+require_relative "helper"
+
+# Tep::Json -- pure-Ruby JSON encode primitives + flat-key decode.
+class TestJson < TepTest
+  app_source <<~RB
+    require 'sinatra'
+
+    # ---- encode side ----
+    get '/escape' do
+      res.headers["Content-Type"] = "application/json"
+      Tep::Json.quote("a\\"b\\nc")
+    end
+
+    get '/object' do
+      res.headers["Content-Type"] = "application/json"
+      "{" + Tep::Json.encode_pair_str("name", "alice") + "," +
+            Tep::Json.encode_pair_int("age", 30) + "}"
+    end
+
+    get '/array' do
+      res.headers["Content-Type"] = "application/json"
+      Tep::Json.from_str_array(["a", "b", "c"])
+    end
+
+    get '/int_array' do
+      res.headers["Content-Type"] = "application/json"
+      Tep::Json.from_int_array([1, 2, 3])
+    end
+
+    get '/echo_html' do
+      res.headers["Content-Type"] = "application/json"
+      "{" + Tep::Json.encode_pair_str("payload", "<script>alert(1)</script>") + "}"
+    end
+
+    # ---- decode side ----
+    post '/parse_str' do
+      res.headers["Content-Type"] = "text/plain"
+      Tep::Json.get_str(req.raw_body, "name")
+    end
+
+    post '/parse_int' do
+      res.headers["Content-Type"] = "text/plain"
+      Tep::Json.get_int(req.raw_body, "n").to_s
+    end
+
+    post '/has_key' do
+      res.headers["Content-Type"] = "text/plain"
+      Tep::Json.has_key?(req.raw_body, "x") ? "yes" : "no"
+    end
+
+    post '/skip_nested' do
+      # Read a top-level key past a nested object (skip_value should
+      # walk the nested object correctly).
+      res.headers["Content-Type"] = "text/plain"
+      Tep::Json.get_str(req.raw_body, "after")
+    end
+
+    post '/parse_float' do
+      res.headers["Content-Type"] = "text/plain"
+      Tep::Json.get_float(req.raw_body, "x").to_s
+    end
+  RB
+
+  def test_quote_escapes
+    res = get("/escape")
+    # The route quoted the string `a"b\nc`; the escape should turn
+    # the quote and newline into \" and \n. The HTTP body is JSON,
+    # so the client sees: "a\"b\nc"
+    assert_match(/"a\\"b\\nc"/, res.body)
+  end
+
+  def test_encode_pair_str_and_int
+    res = get("/object")
+    assert_equal '{"name":"alice","age":30}', res.body.strip
+  end
+
+  def test_from_str_array
+    res = get("/array")
+    assert_equal '["a","b","c"]', res.body.strip
+  end
+
+  def test_from_int_array
+    res = get("/int_array")
+    assert_equal "[1,2,3]", res.body.strip
+  end
+
+  def test_html_chars_are_escaped_in_strings
+    # JSON escape includes backslash + quote; tag chars (< > /) pass
+    # through as-is (legal JSON, the client does its own HTML escape
+    # if it embeds the value).
+    res = get("/echo_html")
+    assert_match(/"payload":"<script>alert\(1\)<\\\/script>"|"payload":"<script>alert\(1\)<\/script>"/, res.body)
+  end
+
+  def test_get_str
+    res = post("/parse_str", '{"name":"alice","age":30}')
+    assert_equal "alice", res.body.strip
+  end
+
+  def test_get_str_missing_returns_empty
+    res = post("/parse_str", '{"other":"value"}')
+    assert_equal "", res.body.strip
+  end
+
+  def test_get_int
+    res = post("/parse_int", '{"n":42}')
+    assert_equal "42", res.body.strip
+  end
+
+  def test_get_int_negative
+    res = post("/parse_int", '{"n":-7}')
+    assert_equal "-7", res.body.strip
+  end
+
+  def test_has_key
+    res = post("/has_key", '{"x":1}')
+    assert_equal "yes", res.body.strip
+    res = post("/has_key", '{"y":1}')
+    assert_equal "no", res.body.strip
+  end
+
+  def test_skips_nested_objects
+    body = '{"first":{"a":1,"b":{"c":2}},"after":"target"}'
+    res = post("/skip_nested", body)
+    assert_equal "target", res.body.strip
+  end
+
+  def test_skips_strings_with_braces
+    # The skip-string walker should ignore { / } inside string values.
+    body = '{"first":"has{}braces","after":"target"}'
+    res = post("/skip_nested", body)
+    assert_equal "target", res.body.strip
+  end
+
+  def test_handles_escaped_quote_in_string
+    # \" inside a value-string must not terminate the string and
+    # corrupt the walk.
+    body = '{"first":"has \\"quote\\" inside","after":"target"}'
+    res = post("/skip_nested", body)
+    assert_equal "target", res.body.strip
+  end
+
+  def test_get_float_decimal
+    res = post("/parse_float", '{"x":3.14}')
+    assert_equal "3.14", res.body.strip
+  end
+
+  def test_get_float_negative
+    res = post("/parse_float", '{"x":-0.5}')
+    assert_equal "-0.5", res.body.strip
+  end
+
+  def test_get_float_integer_literal
+    # JSON integer 42 read as float -> 42.0
+    res = post("/parse_float", '{"x":42}')
+    assert_equal "42.0", res.body.strip
+  end
+
+  def test_get_float_exponent
+    res = post("/parse_float", '{"x":1.5e2}')
+    assert_equal "150.0", res.body.strip
+  end
+
+  def test_get_float_missing_key_returns_zero
+    res = post("/parse_float", '{"other":42}')
+    assert_equal "0.0", res.body.strip
+  end
+end