@openape/proxy 0.1.1 → 0.2.0

package/test/auth.test.ts

@@ -0,0 +1,57 @@
+import { describe, expect, it } from 'vitest'
+import { AuthError, verifyAgentAuth } from '../src/auth.js'
+
+describe('verifyAgentAuth', () => {
+  const idpUrl = 'https://id.example.com'
+
+  describe('non-mandatory mode', () => {
+    it('returns null when no header provided', async () => {
+      const result = await verifyAgentAuth(null, idpUrl, false)
+      expect(result).toBeNull()
+    })
+
+    it('returns null for invalid header format', async () => {
+      const result = await verifyAgentAuth('Basic abc123', idpUrl, false)
+      expect(result).toBeNull()
+    })
+
+    it('returns null for invalid JWT', async () => {
+      const result = await verifyAgentAuth('Bearer invalid.token.here', idpUrl, false)
+      expect(result).toBeNull()
+    })
+  })
+
+  describe('mandatory mode', () => {
+    it('throws AuthError when no header provided', async () => {
+      await expect(
+        verifyAgentAuth(null, idpUrl, true),
+      ).rejects.toThrow(AuthError)
+    })
+
+    it('throws AuthError with "JWT required" message', async () => {
+      await expect(
+        verifyAgentAuth(null, idpUrl, true),
+      ).rejects.toThrow('JWT required')
+    })
+
+    it('throws AuthError for invalid header format', async () => {
+      await expect(
+        verifyAgentAuth('Basic abc123', idpUrl, true),
+      ).rejects.toThrow(AuthError)
+    })
+
+    it('throws AuthError for invalid JWT token', async () => {
+      await expect(
+        verifyAgentAuth('Bearer invalid.token.here', idpUrl, true),
+      ).rejects.toThrow(AuthError)
+    })
+  })
+
+  describe('authError', () => {
+    it('is an instance of Error', () => {
+      const err = new AuthError('test')
+      expect(err).toBeInstanceOf(Error)
+      expect(err.name).toBe('AuthError')
+    })
+  })
+})

package/test/connect.test.ts

@@ -0,0 +1,131 @@
+import { createServer } from 'node:http'
+import { connect } from 'node:net'
+import { describe, expect, it, afterEach } from 'vitest'
+import type { MultiAgentProxyConfig } from '../src/types.js'
+import { handleConnect } from '../src/connect.js'
+
+function makeConfig(overrides?: Partial<MultiAgentProxyConfig['proxy']>): MultiAgentProxyConfig {
+  return {
+    proxy: {
+      listen: '127.0.0.1:0',
+      default_action: 'block',
+      mandatory_auth: true,
+      ...overrides,
+    },
+    agents: [{
+      email: 'bot@example.com',
+      idp_url: 'https://id.example.com',
+    }],
+  }
+}
+
+function startProxy(config: MultiAgentProxyConfig): Promise<{ port: number, close: () => Promise<void> }> {
+  return new Promise((resolve) => {
+    const server = createServer((_req, res) => {
+      res.writeHead(200)
+      res.end('ok')
+    })
+    server.on('connect', (req, socket, head) => {
+      handleConnect(config, req, socket, head)
+    })
+    server.listen(0, '127.0.0.1', () => {
+      const addr = server.address() as { port: number }
+      resolve({
+        port: addr.port,
+        close: () => new Promise<void>(r => server.close(() => r())),
+      })
+    })
+  })
+}
+
+function sendConnect(proxyPort: number, target: string, headers?: Record<string, string>): Promise<{ statusLine: string }> {
+  return new Promise((resolve, reject) => {
+    const socket = connect(proxyPort, '127.0.0.1', () => {
+      let headerStr = `CONNECT ${target} HTTP/1.1\r\nHost: ${target}\r\n`
+      if (headers) {
+        for (const [k, v] of Object.entries(headers)) {
+          headerStr += `${k}: ${v}\r\n`
+        }
+      }
+      headerStr += '\r\n'
+      socket.write(headerStr)
+    })
+
+    let data = ''
+    socket.on('data', (chunk) => {
+      data += chunk.toString()
+      if (data.includes('\r\n\r\n')) {
+        const statusLine = data.split('\r\n')[0]
+        socket.destroy()
+        resolve({ statusLine })
+      }
+    })
+
+    socket.on('error', reject)
+    socket.setTimeout(3000, () => {
+      socket.destroy()
+      reject(new Error('Timeout'))
+    })
+  })
+}
+
+describe('connect handler', () => {
+  let cleanup: (() => Promise<void>) | undefined
+
+  afterEach(async () => {
+    if (cleanup) {
+      await cleanup()
+      cleanup = undefined
+    }
+  })
+
+  it('blocks CONNECT to loopback IP (SSRF)', async () => {
+    const config = makeConfig({ mandatory_auth: false })
+    config.agents = [{ email: 'bot@example.com', idp_url: 'https://id.example.com' }]
+    const { port, close } = await startProxy(config)
+    cleanup = close
+
+    const { statusLine } = await sendConnect(port, '127.0.0.1:3000')
+    expect(statusLine).toContain('403')
+  })
+
+  it('blocks CONNECT to private IP (SSRF)', async () => {
+    const config = makeConfig({ mandatory_auth: false })
+    config.agents = [{ email: 'bot@example.com', idp_url: 'https://id.example.com' }]
+    const { port, close } = await startProxy(config)
+    cleanup = close
+
+    const { statusLine } = await sendConnect(port, '10.0.0.1:80')
+    expect(statusLine).toContain('403')
+  })
+
+  it('returns 401 without JWT when mandatory auth is enabled', async () => {
+    const config = makeConfig({ mandatory_auth: true })
+    const { port, close } = await startProxy(config)
+    cleanup = close
+
+    const { statusLine } = await sendConnect(port, 'httpbin.org:443')
+    expect(statusLine).toContain('401')
+  })
+
+  it('returns 401 with invalid JWT when mandatory auth is enabled', async () => {
+    const config = makeConfig({ mandatory_auth: true })
+    const { port, close } = await startProxy(config)
+    cleanup = close
+
+    const { statusLine } = await sendConnect(port, 'httpbin.org:443', {
+      'Proxy-Authorization': 'Bearer invalid.token.here',
+    })
+    expect(statusLine).toContain('401')
+  })
+
+  it('blocks malformed target (treated as SSRF)', async () => {
+    const config = makeConfig({ mandatory_auth: false })
+    config.agents = [{ email: 'bot@example.com', idp_url: 'https://id.example.com' }]
+    const { port, close } = await startProxy(config)
+    cleanup = close
+
+    const { statusLine } = await sendConnect(port, 'not-a-host')
+    expect(statusLine).toContain('403')
+  })
+})

package/test/matcher.test.ts

@@ -0,0 +1,46 @@
+import { describe, expect, it } from 'vitest'
+import { evaluateRules } from '../src/matcher.js'
+import type { ProxyConfig } from '../src/types.js'
+
+const baseConfig: ProxyConfig = {
+  proxy: {
+    listen: '127.0.0.1:9090',
+    idp_url: 'https://id.example.com',
+    agent_email: 'agent@example.com',
+    default_action: 'block',
+  },
+  allow: [],
+  deny: [],
+  grant_required: [],
+}
+
+describe('evaluateRules', () => {
+  it('prefers deny over allow', () => {
+    const action = evaluateRules(
+      {
+        ...baseConfig,
+        deny: [{ domain: 'api.example.com' }],
+        allow: [{ domain: 'api.example.com' }],
+      },
+      'api.example.com',
+      'GET',
+      '/v1',
+    )
+
+    expect(action.type).toBe('deny')
+  })
+
+  it('returns grant_required when matching grant rule', () => {
+    const action = evaluateRules(
+      {
+        ...baseConfig,
+        grant_required: [{ domain: 'api.example.com', grant_type: 'once' }],
+      },
+      'api.example.com',
+      'POST',
+      '/v1',
+    )
+
+    expect(action.type).toBe('grant_required')
+  })
+})

package/test/multi-agent.test.ts

@@ -0,0 +1,122 @@
+import { mkdtempSync, writeFileSync } from 'node:fs'
+import { join } from 'node:path'
+import { tmpdir } from 'node:os'
+import { describe, expect, it } from 'vitest'
+import { loadMultiAgentConfig } from '../src/config.js'
+
+function tmpFile(name: string, content: string): string {
+  const dir = mkdtempSync(join(tmpdir(), 'proxy-test-'))
+  const path = join(dir, name)
+  writeFileSync(path, content)
+  return path
+}
+
+describe('loadMultiAgentConfig', () => {
+  it('loads multi-agent TOML config', () => {
+    const path = tmpFile('proxy.toml', `
+[proxy]
+listen = "127.0.0.1:9090"
+default_action = "block"
+mandatory_auth = true
+
+[[agents]]
+email = "bot1@example.com"
+idp_url = "https://id1.example.com"
+
+[[agents.allow]]
+domain = "api.github.com"
+
+[[agents]]
+email = "bot2@example.com"
+idp_url = "https://id2.example.com"
+`)
+
+    const config = loadMultiAgentConfig(path)
+
+    expect(config.proxy.listen).toBe('127.0.0.1:9090')
+    expect(config.proxy.default_action).toBe('block')
+    expect(config.proxy.mandatory_auth).toBe(true)
+    expect(config.agents).toHaveLength(2)
+    expect(config.agents[0].email).toBe('bot1@example.com')
+    expect(config.agents[0].idp_url).toBe('https://id1.example.com')
+    expect(config.agents[0].allow).toHaveLength(1)
+    expect(config.agents[0].allow![0].domain).toBe('api.github.com')
+    expect(config.agents[1].email).toBe('bot2@example.com')
+  })
+
+  it('converts single-agent config to multi-agent format', () => {
+    const path = tmpFile('legacy.toml', `
+[proxy]
+listen = "127.0.0.1:9090"
+idp_url = "https://id.example.com"
+agent_email = "agent@example.com"
+default_action = "request-async"
+
+[[allow]]
+domain = "*.github.com"
+
+[[deny]]
+domain = "evil.com"
+
+[[grant_required]]
+domain = "api.openai.com"
+grant_type = "once"
+`)
+
+    const config = loadMultiAgentConfig(path)
+
+    expect(config.proxy.listen).toBe('127.0.0.1:9090')
+    expect(config.proxy.default_action).toBe('request-async')
+    expect(config.agents).toHaveLength(1)
+    expect(config.agents[0].email).toBe('agent@example.com')
+    expect(config.agents[0].idp_url).toBe('https://id.example.com')
+    expect(config.agents[0].allow).toHaveLength(1)
+    expect(config.agents[0].deny).toHaveLength(1)
+    expect(config.agents[0].grant_required).toHaveLength(1)
+  })
+
+  it('applies mandatory-auth override', () => {
+    const path = tmpFile('override.toml', `
+[proxy]
+listen = "127.0.0.1:9090"
+idp_url = "https://id.example.com"
+agent_email = "agent@example.com"
+`)
+
+    const config = loadMultiAgentConfig(path, { mandatoryAuth: true })
+    expect(config.proxy.mandatory_auth).toBe(true)
+  })
+
+  it('loads multi-agent JSON config', () => {
+    const path = tmpFile('proxy.json', JSON.stringify({
+      proxy: {
+        listen: '127.0.0.1:9090',
+        default_action: 'block',
+      },
+      agents: [
+        { email: 'a@b.com', idp_url: 'https://id.example.com' },
+      ],
+    }))
+
+    const config = loadMultiAgentConfig(path)
+    expect(config.agents).toHaveLength(1)
+    expect(config.agents[0].email).toBe('a@b.com')
+  })
+
+  it('throws on missing listen', () => {
+    const path = tmpFile('bad.toml', `
+[proxy]
+default_action = "block"
+`)
+    expect(() => loadMultiAgentConfig(path)).toThrow('listen')
+  })
+
+  it('throws on single-agent without idp_url', () => {
+    const path = tmpFile('bad2.toml', `
+[proxy]
+listen = "127.0.0.1:9090"
+agent_email = "agent@example.com"
+`)
+    expect(() => loadMultiAgentConfig(path)).toThrow('idp_url')
+  })
+})

package/test/ssrf.test.ts

@@ -0,0 +1,73 @@
+import { describe, expect, it } from 'vitest'
+import { isPrivateOrLoopback } from '../src/ssrf.js'
+
+describe('isPrivateOrLoopback', () => {
+  // IPv4 loopback
+  it('blocks 127.0.0.1', async () => {
+    expect(await isPrivateOrLoopback('127.0.0.1')).toBe(true)
+  })
+
+  it('blocks 127.255.255.255', async () => {
+    expect(await isPrivateOrLoopback('127.255.255.255')).toBe(true)
+  })
+
+  // RFC 1918
+  it('blocks 10.0.0.1', async () => {
+    expect(await isPrivateOrLoopback('10.0.0.1')).toBe(true)
+  })
+
+  it('blocks 172.16.0.1', async () => {
+    expect(await isPrivateOrLoopback('172.16.0.1')).toBe(true)
+  })
+
+  it('blocks 172.31.255.255', async () => {
+    expect(await isPrivateOrLoopback('172.31.255.255')).toBe(true)
+  })
+
+  it('blocks 192.168.1.1', async () => {
+    expect(await isPrivateOrLoopback('192.168.1.1')).toBe(true)
+  })
+
+  // Link-local
+  it('blocks 169.254.0.1', async () => {
+    expect(await isPrivateOrLoopback('169.254.0.1')).toBe(true)
+  })
+
+  // Unspecified
+  it('blocks 0.0.0.0', async () => {
+    expect(await isPrivateOrLoopback('0.0.0.0')).toBe(true)
+  })
+
+  // IPv6
+  it('blocks ::1', async () => {
+    expect(await isPrivateOrLoopback('::1')).toBe(true)
+  })
+
+  it('blocks ::', async () => {
+    expect(await isPrivateOrLoopback('::')).toBe(true)
+  })
+
+  // localhost
+  it('blocks localhost', async () => {
+    expect(await isPrivateOrLoopback('localhost')).toBe(true)
+  })
+
+  // Public IPs — should NOT be blocked
+  it('allows 8.8.8.8', async () => {
+    expect(await isPrivateOrLoopback('8.8.8.8')).toBe(false)
+  })
+
+  it('allows 1.1.1.1', async () => {
+    expect(await isPrivateOrLoopback('1.1.1.1')).toBe(false)
+  })
+
+  // 172.15.x.x is NOT in 172.16.0.0/12
+  it('allows 172.15.255.255', async () => {
+    expect(await isPrivateOrLoopback('172.15.255.255')).toBe(false)
+  })
+
+  // 172.32.x.x is NOT in 172.16.0.0/12
+  it('allows 172.32.0.1', async () => {
+    expect(await isPrivateOrLoopback('172.32.0.1')).toBe(false)
+  })
+})

package/vitest.config.ts

@@ -0,0 +1,7 @@
+import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    environment: 'node',
+  },
+})