n8n-nodes-dominusnode 1.0.0

package/tests/DominusNodeProxy.test.ts

@@ -0,0 +1,281 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+
+// ---------------------------------------------------------------------------
+// Mock n8n-workflow before importing the node
+// ---------------------------------------------------------------------------
+
+vi.mock("n8n-workflow", () => ({
+  NodeOperationError: class NodeOperationError extends Error {
+    constructor(node: unknown, message: string, extra?: unknown) {
+      super(message);
+      this.name = "NodeOperationError";
+    }
+  },
+}));
+
+// Mock dns/promises for DNS rebinding tests
+vi.mock("dns/promises", () => ({
+  default: {
+    resolve4: vi.fn().mockResolvedValue(["93.184.216.34"]),
+    resolve6: vi.fn().mockRejectedValue(new Error("no AAAA")),
+  },
+}));
+
+import { DominusNodeProxy } from "../src/nodes/DominusNodeProxy/DominusNodeProxy.node";
+
+// ---------------------------------------------------------------------------
+// Helpers — mock IExecuteFunctions
+// ---------------------------------------------------------------------------
+
+function createMockExecuteFunctions(overrides: {
+  operation: string;
+  params?: Record<string, unknown>;
+  credentials?: Record<string, unknown>;
+  continueOnFail?: boolean;
+}) {
+  const params: Record<string, unknown> = {
+    operation: overrides.operation,
+    method: "GET",
+    proxyType: "dc",
+    country: "",
+    headers: {},
+    ...overrides.params,
+  };
+
+  const creds = {
+    apiKey: "dn_test_abc123",
+    baseUrl: "https://api.dominusnode.com",
+    proxyHost: "proxy.dominusnode.com",
+    proxyPort: 8080,
+    ...overrides.credentials,
+  };
+
+  return {
+    getInputData: () => [{ json: {} }],
+    getNodeParameter: (name: string, _index: number, fallback?: unknown) => {
+      return params[name] ?? fallback;
+    },
+    getCredentials: vi.fn().mockResolvedValue(creds),
+    getNode: () => ({ name: "DomiNode Proxy" }),
+    continueOnFail: () => overrides.continueOnFail ?? false,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("DominusNodeProxy", () => {
+  const node = new DominusNodeProxy();
+
+  it("has correct description metadata", () => {
+    expect(node.description.name).toBe("dominusNodeProxy");
+    expect(node.description.displayName).toBe("DomiNode Proxy");
+    expect(node.description.credentials).toEqual([
+      { name: "dominusNodeApi", required: true },
+    ]);
+  });
+
+  it("has three operations", () => {
+    const opProp = node.description.properties.find((p) => p.name === "operation");
+    expect(opProp).toBeDefined();
+    expect((opProp as any).options).toHaveLength(3);
+  });
+});
+
+describe("DominusNodeProxy.execute - proxied fetch validation", () => {
+  let node: DominusNodeProxy;
+  let originalFetch: typeof globalThis.fetch;
+
+  beforeEach(() => {
+    node = new DominusNodeProxy();
+    originalFetch = globalThis.fetch;
+  });
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  it("rejects empty URL", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/URL is required/);
+  });
+
+  it("rejects localhost URL (SSRF)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://localhost/admin" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/localhost/);
+  });
+
+  it("rejects private IP (192.168.x.x)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://192.168.1.1/admin" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/private/i);
+  });
+
+  it("rejects cloud metadata endpoint (169.254.169.254)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://169.254.169.254/latest/meta-data/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/blocked/i);
+  });
+
+  it("rejects hex-encoded loopback (0x7f000001)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://0x7f000001/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/private/i);
+  });
+
+  it("rejects decimal-encoded loopback (2130706433)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://2130706433/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/private/i);
+  });
+
+  it("rejects .localhost TLD", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://evil.localhost/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/localhost/);
+  });
+
+  it("rejects .internal hostname", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://db.internal/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/internal/);
+  });
+
+  it("rejects embedded credentials in URL", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "http://user:pass@example.com/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/credentials/);
+  });
+
+  it("rejects file:// protocol", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "file:///etc/passwd" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/protocols/);
+  });
+
+  it("rejects OFAC sanctioned country (IR)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "https://example.com", country: "IR" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/OFAC/);
+  });
+
+  it("rejects OFAC sanctioned country (KP)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "https://example.com", country: "KP" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/OFAC/);
+  });
+
+  it("rejects OFAC sanctioned country (RU)", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "https://example.com", country: "RU" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/OFAC/);
+  });
+
+  it("sanitizes credentials in error messages with continueOnFail", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "" },
+      continueOnFail: true,
+    });
+
+    const result = await node.execute.call(mockFns as any);
+    // Should not throw, but return error in json
+    expect(result[0][0].json).toHaveProperty("error");
+    // Make sure no raw API key appears
+    const errorMsg = result[0][0].json.error as string;
+    expect(errorMsg).not.toContain("dn_test_abc123");
+  });
+
+  it("rejects missing API key", async () => {
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "https://example.com" },
+      credentials: { apiKey: "" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/API Key is required/);
+  });
+});
+
+describe("DominusNodeProxy.execute - DNS rebinding protection", () => {
+  let node: DominusNodeProxy;
+  let originalFetch: typeof globalThis.fetch;
+
+  beforeEach(() => {
+    node = new DominusNodeProxy();
+    originalFetch = globalThis.fetch;
+  });
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    vi.restoreAllMocks();
+  });
+
+  it("blocks hostname resolving to private IP", async () => {
+    // Override the dns mock for this test
+    const dnsModule = await import("dns/promises");
+    vi.mocked(dnsModule.default.resolve4).mockResolvedValueOnce(["127.0.0.1"]);
+
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "https://evil-rebind.example.com/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/private IP/);
+  });
+
+  it("blocks hostname resolving to private IPv6", async () => {
+    const dnsModule = await import("dns/promises");
+    vi.mocked(dnsModule.default.resolve4).mockResolvedValueOnce(["93.184.216.34"]);
+    vi.mocked(dnsModule.default.resolve6).mockResolvedValueOnce(["::1"]);
+
+    const mockFns = createMockExecuteFunctions({
+      operation: "proxiedFetch",
+      params: { url: "https://evil-rebind6.example.com/" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/private IPv6/);
+  });
+});

package/tests/DominusNodeUsage.test.ts

@@ -0,0 +1,250 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+
+// ---------------------------------------------------------------------------
+// Mock n8n-workflow
+// ---------------------------------------------------------------------------
+
+vi.mock("n8n-workflow", () => ({
+  NodeOperationError: class NodeOperationError extends Error {
+    constructor(node: unknown, message: string, extra?: unknown) {
+      super(message);
+      this.name = "NodeOperationError";
+    }
+  },
+}));
+
+import { DominusNodeUsage } from "../src/nodes/DominusNodeUsage/DominusNodeUsage.node";
+
+// ---------------------------------------------------------------------------
+// Helpers — mock IExecuteFunctions
+// ---------------------------------------------------------------------------
+
+function createMockExecuteFunctions(overrides: {
+  operation: string;
+  params?: Record<string, unknown>;
+  credentials?: Record<string, unknown>;
+  continueOnFail?: boolean;
+}) {
+  const params: Record<string, unknown> = {
+    operation: overrides.operation,
+    ...overrides.params,
+  };
+
+  const creds = {
+    apiKey: "dn_test_abc123",
+    baseUrl: "http://localhost:3000",
+    ...overrides.credentials,
+  };
+
+  return {
+    getInputData: () => [{ json: {} }],
+    getNodeParameter: (name: string, _index: number, fallback?: unknown) => {
+      return params[name] ?? fallback;
+    },
+    getCredentials: vi.fn().mockResolvedValue(creds),
+    getNode: () => ({ name: "DomiNode Usage" }),
+    continueOnFail: () => overrides.continueOnFail ?? false,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Mocked fetch for API calls
+// ---------------------------------------------------------------------------
+
+let originalFetch: typeof globalThis.fetch;
+
+beforeEach(() => {
+  originalFetch = globalThis.fetch;
+  globalThis.fetch = vi.fn().mockImplementation((url: string) => {
+    if (typeof url === "string" && url.includes("/api/auth/verify-key")) {
+      return Promise.resolve({
+        ok: true,
+        status: 200,
+        text: () => Promise.resolve('{"token": "jwt-mock-token"}'),
+        headers: new Headers({ "content-length": "30" }),
+      });
+    }
+    // Default: mock API call success with usage data
+    return Promise.resolve({
+      ok: true,
+      status: 200,
+      text: () =>
+        Promise.resolve(
+          '{"totalBytes": 1073741824, "totalCostCents": 300, "records": []}',
+        ),
+      headers: new Headers({ "content-length": "60" }),
+    });
+  });
+});
+
+afterEach(() => {
+  globalThis.fetch = originalFetch;
+});
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("DominusNodeUsage - metadata", () => {
+  it("has correct description metadata", () => {
+    const node = new DominusNodeUsage();
+    expect(node.description.name).toBe("dominusNodeUsage");
+    expect(node.description.displayName).toBe("DomiNode Usage");
+    expect(node.description.credentials).toEqual([
+      { name: "dominusNodeApi", required: true },
+    ]);
+  });
+
+  it("has one operation", () => {
+    const node = new DominusNodeUsage();
+    const opProp = node.description.properties.find((p) => p.name === "operation");
+    expect(opProp).toBeDefined();
+    expect((opProp as any).options).toHaveLength(1);
+  });
+
+  it("has period options: day, week, month", () => {
+    const node = new DominusNodeUsage();
+    const periodProp = node.description.properties.find((p) => p.name === "period");
+    expect(periodProp).toBeDefined();
+    const values = (periodProp as any).options.map((o: any) => o.value);
+    expect(values).toEqual(["day", "week", "month"]);
+  });
+});
+
+describe("DominusNodeUsage.execute - checkUsage", () => {
+  it("returns usage data for month period", async () => {
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "month" },
+    });
+
+    const result = await node.execute.call(mockFns as any);
+    expect(result[0]).toHaveLength(1);
+    expect(result[0][0].json).toHaveProperty("totalBytes", 1073741824);
+    expect(result[0][0].json).toHaveProperty("totalCostCents", 300);
+  });
+
+  it("returns usage data for day period", async () => {
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "day" },
+    });
+
+    const result = await node.execute.call(mockFns as any);
+    expect(result[0]).toHaveLength(1);
+    expect(result[0][0].json).toHaveProperty("totalBytes");
+  });
+
+  it("returns usage data for week period", async () => {
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "week" },
+    });
+
+    const result = await node.execute.call(mockFns as any);
+    expect(result[0]).toHaveLength(1);
+    expect(result[0][0].json).toHaveProperty("totalBytes");
+  });
+
+  it("passes since/until ISO dates (not days integer)", async () => {
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "week" },
+    });
+
+    await node.execute.call(mockFns as any);
+
+    // Verify that the fetch call included since/until params
+    const fetchCalls = (globalThis.fetch as any).mock.calls;
+    const usageCall = fetchCalls.find(
+      (call: any) => typeof call[0] === "string" && call[0].includes("/api/usage"),
+    );
+    expect(usageCall).toBeDefined();
+    const url = usageCall[0] as string;
+    expect(url).toContain("since=");
+    expect(url).toContain("until=");
+    // Verify ISO date format
+    const params = new URLSearchParams(url.split("?")[1]);
+    const since = params.get("since");
+    expect(since).toMatch(/^\d{4}-\d{2}-\d{2}T/);
+  });
+
+  it("rejects missing API key", async () => {
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "month" },
+      credentials: { apiKey: "" },
+    });
+
+    await expect(node.execute.call(mockFns as any)).rejects.toThrow(/API Key is required/);
+  });
+
+  it("returns error in json when continueOnFail is true", async () => {
+    // Make the API call fail
+    globalThis.fetch = vi.fn().mockImplementation((url: string) => {
+      if (typeof url === "string" && url.includes("/api/auth/verify-key")) {
+        return Promise.resolve({
+          ok: false,
+          status: 401,
+          text: () => Promise.resolve('{"error": "Invalid API key dn_live_secret123"}'),
+          headers: new Headers({ "content-length": "50" }),
+        });
+      }
+      return Promise.resolve({
+        ok: false,
+        status: 500,
+        text: () => Promise.resolve('{"error": "Internal error"}'),
+        headers: new Headers({ "content-length": "30" }),
+      });
+    });
+
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "month" },
+      continueOnFail: true,
+    });
+
+    const result = await node.execute.call(mockFns as any);
+    expect(result[0][0].json).toHaveProperty("error");
+    // Ensure credentials are sanitized
+    const errorMsg = result[0][0].json.error as string;
+    expect(errorMsg).not.toContain("dn_live_secret123");
+  });
+
+  it("handles API error with credential sanitization", async () => {
+    globalThis.fetch = vi.fn().mockImplementation((url: string) => {
+      if (typeof url === "string" && url.includes("/api/auth/verify-key")) {
+        return Promise.resolve({
+          ok: true,
+          status: 200,
+          text: () => Promise.resolve('{"token": "jwt-mock-token"}'),
+          headers: new Headers({ "content-length": "30" }),
+        });
+      }
+      return Promise.resolve({
+        ok: false,
+        status: 500,
+        text: () => Promise.resolve('{"error": "dn_live_abc123 unauthorized"}'),
+        headers: new Headers({ "content-length": "50" }),
+      });
+    });
+
+    const node = new DominusNodeUsage();
+    const mockFns = createMockExecuteFunctions({
+      operation: "checkUsage",
+      params: { period: "month" },
+      continueOnFail: true,
+    });
+
+    const result = await node.execute.call(mockFns as any);
+    const errorMsg = result[0][0].json.error as string;
+    expect(errorMsg).not.toContain("dn_live_abc123");
+    expect(errorMsg).toContain("***");
+  });
+});