portok 1.0.0

package/test/proxy.test.mjs

@@ -0,0 +1,223 @@
+/**
+ * Proxy Core Tests
+ * Tests HTTP proxying, WebSocket upgrades, and streaming
+ */
+
+import { describe, it, before, after, beforeEach } from 'node:test';
+import assert from 'node:assert';
+import http from 'node:http';
+import { spawn } from 'node:child_process';
+import { createMockServer, getFreePort, waitFor } from './helpers/mock-server.mjs';
+import WebSocket from 'ws';
+
+describe('Proxy Core', () => {
+  let mockServer;
+  let proxyPort;
+  let daemonProcess;
+  const adminToken = 'test-token-proxy';
+
+  before(async () => {
+    // Create mock backend server
+    mockServer = await createMockServer({ port: 0 });
+
+    // Get a free port for the proxy
+    proxyPort = await getFreePort();
+
+    // Start the daemon as a subprocess
+    daemonProcess = spawn('node', ['portokd.mjs'], {
+      env: {
+        ...process.env,
+        LISTEN_PORT: String(proxyPort),
+        INITIAL_TARGET_PORT: String(mockServer.port),
+        ADMIN_TOKEN: adminToken,
+        STATE_FILE: `/tmp/portok-proxy-test-${Date.now()}.json`,
+        DRAIN_MS: '1000',
+        ROLLBACK_WINDOW_MS: '5000',
+        ROLLBACK_CHECK_EVERY_MS: '500',
+        ROLLBACK_FAIL_THRESHOLD: '3',
+        ADMIN_RATE_LIMIT: '1000',
+      },
+      stdio: 'pipe',
+    });
+
+    // Wait for daemon to start
+    await waitFor(async () => {
+      try {
+        const res = await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+          headers: { 'x-admin-token': adminToken },
+        });
+        return res.ok;
+      } catch {
+        return false;
+      }
+    }, 5000);
+  });
+
+  after(async () => {
+    if (daemonProcess) {
+      daemonProcess.kill('SIGTERM');
+    }
+    if (mockServer) {
+      await mockServer.close();
+    }
+  });
+
+  beforeEach(() => {
+    mockServer.clearRequests();
+  });
+
+  describe('HTTP Proxying', () => {
+    it('should proxy GET requests to backend', async () => {
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/`);
+      assert.strictEqual(response.status, 200);
+
+      const body = await response.text();
+      assert.strictEqual(body, 'OK');
+
+      const requests = mockServer.getRequests();
+      assert.strictEqual(requests.length, 1);
+      assert.strictEqual(requests[0].method, 'GET');
+    });
+
+    it('should proxy POST requests with body', async () => {
+      const testBody = JSON.stringify({ test: 'data' });
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/echo`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: testBody,
+      });
+
+      assert.strictEqual(response.status, 200);
+
+      const data = await response.json();
+      assert.strictEqual(data.method, 'POST');
+      assert.strictEqual(data.body, testBody);
+    });
+
+    it('should forward headers to backend', async () => {
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/echo`, {
+        headers: {
+          'X-Custom-Header': 'test-value',
+          'Accept': 'application/json',
+        },
+      });
+
+      assert.strictEqual(response.status, 200);
+
+      const data = await response.json();
+      assert.strictEqual(data.headers['x-custom-header'], 'test-value');
+      assert.strictEqual(data.headers['accept'], 'application/json');
+    });
+
+    it('should add X-Forwarded headers', async () => {
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/echo`);
+      const data = await response.json();
+
+      assert.ok(data.headers['x-forwarded-for']);
+      assert.ok(data.headers['x-forwarded-host']);
+    });
+
+    it('should handle backend errors', async () => {
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/error`);
+      assert.strictEqual(response.status, 500);
+    });
+  });
+
+  describe('Streaming', () => {
+    it('should proxy streamed responses', async () => {
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/stream`);
+      assert.strictEqual(response.status, 200);
+
+      const body = await response.text();
+      assert.ok(body.includes('chunk 0'));
+      assert.ok(body.includes('chunk 4'));
+    });
+  });
+
+  describe('WebSocket Proxying', () => {
+    it('should proxy WebSocket connections', async () => {
+      const ws = new WebSocket(`ws://127.0.0.1:${proxyPort}`);
+
+      const messages = [];
+      await new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => reject(new Error('WebSocket timeout')), 5000);
+
+        ws.on('open', () => {
+          // Wait for initial 'connected' message
+        });
+
+        ws.on('message', (data) => {
+          messages.push(data.toString());
+          if (messages.length === 1 && messages[0] === 'connected') {
+            ws.send('hello');
+          } else if (messages.length === 2) {
+            clearTimeout(timeout);
+            ws.close();
+            resolve();
+          }
+        });
+
+        ws.on('error', (err) => {
+          clearTimeout(timeout);
+          reject(err);
+        });
+      });
+
+      assert.strictEqual(messages[0], 'connected');
+      assert.strictEqual(messages[1], 'echo: hello');
+    });
+
+    it('should handle WebSocket close properly', async () => {
+      const ws = new WebSocket(`ws://127.0.0.1:${proxyPort}`);
+
+      await new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => reject(new Error('WebSocket timeout')), 5000);
+
+        ws.on('open', () => {
+          setTimeout(() => ws.close(), 100);
+        });
+
+        ws.on('close', () => {
+          clearTimeout(timeout);
+          resolve();
+        });
+
+        ws.on('error', reject);
+      });
+
+      // Connection should be closed cleanly
+      assert.strictEqual(ws.readyState, WebSocket.CLOSED);
+    });
+  });
+
+  describe('Target Host Security', () => {
+    it('should only proxy to localhost', async () => {
+      // The proxy should always target 127.0.0.1
+      // This is verified by checking that requests reach the mock server
+      const response = await fetch(`http://127.0.0.1:${proxyPort}/echo`);
+      const data = await response.json();
+
+      // Host header should show the proxy received the request
+      assert.ok(data.headers.host.includes('127.0.0.1'));
+    });
+  });
+
+  describe('Concurrent Requests', () => {
+    it('should handle multiple concurrent requests', async () => {
+      const promises = [];
+      for (let i = 0; i < 10; i++) {
+        promises.push(fetch(`http://127.0.0.1:${proxyPort}/`));
+      }
+
+      const responses = await Promise.all(promises);
+
+      for (const response of responses) {
+        assert.strictEqual(response.status, 200);
+      }
+
+      const requests = mockServer.getRequests();
+      assert.strictEqual(requests.length, 10);
+    });
+  });
+});
+

package/test/rollback.test.mjs

@@ -0,0 +1,344 @@
+/**
+ * Auto-Rollback Tests
+ * Tests automatic rollback when health checks fail consecutively
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import { spawn } from 'node:child_process';
+import { createMockServer, getFreePort, waitFor } from './helpers/mock-server.mjs';
+
+describe('Auto Rollback', () => {
+  const adminToken = 'test-token-rollback';
+
+  describe('Rollback Trigger', () => {
+    let mockServer1;
+    let mockServer2;
+    let proxyPort;
+    let daemonProcess;
+
+    before(async () => {
+      mockServer1 = await createMockServer({ port: 0, responseBody: 'SERVER1' });
+      mockServer2 = await createMockServer({ port: 0, responseBody: 'SERVER2' });
+
+      proxyPort = await getFreePort();
+
+      // Start daemon with aggressive rollback settings for testing
+      daemonProcess = spawn('node', ['portokd.mjs'], {
+        env: {
+          ...process.env,
+          LISTEN_PORT: String(proxyPort),
+          INITIAL_TARGET_PORT: String(mockServer1.port),
+          ADMIN_TOKEN: adminToken,
+          STATE_FILE: `/tmp/portok-rollback-test-${Date.now()}.json`,
+          DRAIN_MS: '500',
+          ROLLBACK_WINDOW_MS: '10000',
+          ROLLBACK_CHECK_EVERY_MS: '200', // Check every 200ms
+          ROLLBACK_FAIL_THRESHOLD: '2',
+        ADMIN_RATE_LIMIT: '1000', // Rollback after 2 failures
+        },
+        stdio: 'pipe',
+      });
+
+      await waitFor(async () => {
+        try {
+          const res = await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+            headers: { 'x-admin-token': adminToken },
+          });
+          return res.ok;
+        } catch {
+          return false;
+        }
+      }, 5000);
+    });
+
+    after(async () => {
+      if (daemonProcess) {
+        daemonProcess.kill('SIGTERM');
+      }
+      if (mockServer1) await mockServer1.close();
+      if (mockServer2) await mockServer2.close();
+    });
+
+    it('should rollback when new port becomes unhealthy', async () => {
+      // Switch to server2
+      const switchRes = await fetch(`http://127.0.0.1:${proxyPort}/__switch?port=${mockServer2.port}`, {
+        method: 'POST',
+        headers: { 'x-admin-token': adminToken },
+      });
+      assert.strictEqual(switchRes.status, 200);
+
+      // Verify we switched
+      let status = await (await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+        headers: { 'x-admin-token': adminToken },
+      })).json();
+      assert.strictEqual(status.activePort, mockServer2.port);
+
+      // Make server2 unhealthy
+      mockServer2.setHealthy(false);
+
+      // Wait for rollback to happen (2 failures * 200ms check interval + buffer)
+      await new Promise(resolve => setTimeout(resolve, 1000));
+
+      // Should have rolled back to server1
+      status = await (await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+        headers: { 'x-admin-token': adminToken },
+      })).json();
+      assert.strictEqual(status.activePort, mockServer1.port);
+      assert.strictEqual(status.lastSwitch.reason, 'auto-rollback');
+    });
+
+    it('should not rollback if health recovers', async () => {
+      // Make sure server2 is healthy first
+      mockServer2.setHealthy(true);
+
+      // Switch to server2
+      await fetch(`http://127.0.0.1:${proxyPort}/__switch?port=${mockServer2.port}`, {
+        method: 'POST',
+        headers: { 'x-admin-token': adminToken },
+      });
+
+      // Make server2 unhealthy for just 1 check (below threshold)
+      mockServer2.setHealthy(false);
+      await new Promise(resolve => setTimeout(resolve, 250));
+
+      // Make it healthy again before threshold reached
+      mockServer2.setHealthy(true);
+      await new Promise(resolve => setTimeout(resolve, 500));
+
+      // Should still be on server2
+      const status = await (await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+        headers: { 'x-admin-token': adminToken },
+      })).json();
+      assert.strictEqual(status.activePort, mockServer2.port);
+    });
+  });
+
+  describe('Rollback Loop Prevention', () => {
+    let mockServer1;
+    let mockServer2;
+    let proxyPort;
+    let daemonProcess;
+
+    before(async () => {
+      mockServer1 = await createMockServer({ port: 0, responseBody: 'SERVER1' });
+      mockServer2 = await createMockServer({ port: 0, responseBody: 'SERVER2' });
+
+      proxyPort = await getFreePort();
+
+      daemonProcess = spawn('node', ['portokd.mjs'], {
+        env: {
+          ...process.env,
+          LISTEN_PORT: String(proxyPort),
+          INITIAL_TARGET_PORT: String(mockServer1.port),
+          ADMIN_TOKEN: adminToken,
+          STATE_FILE: `/tmp/portok-rollback-loop-test-${Date.now()}.json`,
+          DRAIN_MS: '200',
+          ROLLBACK_WINDOW_MS: '5000',
+          ROLLBACK_CHECK_EVERY_MS: '100',
+          ROLLBACK_FAIL_THRESHOLD: '2',
+        ADMIN_RATE_LIMIT: '1000',
+        },
+        stdio: 'pipe',
+      });
+
+      await waitFor(async () => {
+        try {
+          const res = await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+            headers: { 'x-admin-token': adminToken },
+          });
+          return res.ok;
+        } catch {
+          return false;
+        }
+      }, 5000);
+    });
+
+    after(async () => {
+      if (daemonProcess) {
+        daemonProcess.kill('SIGTERM');
+      }
+      if (mockServer1) await mockServer1.close();
+      if (mockServer2) await mockServer2.close();
+    });
+
+    it('should not start rollback monitor for rollback operation', async () => {
+      // Switch to server2
+      await fetch(`http://127.0.0.1:${proxyPort}/__switch?port=${mockServer2.port}`, {
+        method: 'POST',
+        headers: { 'x-admin-token': adminToken },
+      });
+
+      // Make server2 unhealthy to trigger rollback
+      mockServer2.setHealthy(false);
+
+      // Wait for rollback
+      await new Promise(resolve => setTimeout(resolve, 500));
+
+      // Verify rolled back to server1
+      let status = await (await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+        headers: { 'x-admin-token': adminToken },
+      })).json();
+      assert.strictEqual(status.activePort, mockServer1.port);
+
+      // Now make server1 unhealthy too
+      mockServer1.setHealthy(false);
+
+      // Wait - should NOT trigger another rollback to server2
+      // because rollback operations don't start monitors
+      await new Promise(resolve => setTimeout(resolve, 500));
+
+      // Should still be on server1
+      status = await (await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+        headers: { 'x-admin-token': adminToken },
+      })).json();
+      assert.strictEqual(status.activePort, mockServer1.port);
+    });
+  });
+
+  describe('Rollback Window', () => {
+    let mockServer1;
+    let mockServer2;
+    let proxyPort;
+    let daemonProcess;
+
+    before(async () => {
+      mockServer1 = await createMockServer({ port: 0 });
+      mockServer2 = await createMockServer({ port: 0 });
+
+      proxyPort = await getFreePort();
+
+      daemonProcess = spawn('node', ['portokd.mjs'], {
+        env: {
+          ...process.env,
+          LISTEN_PORT: String(proxyPort),
+          INITIAL_TARGET_PORT: String(mockServer1.port),
+          ADMIN_TOKEN: adminToken,
+          STATE_FILE: `/tmp/portok-rollback-window-test-${Date.now()}.json`,
+          DRAIN_MS: '100',
+          ROLLBACK_WINDOW_MS: '500', // Short window for testing
+          ROLLBACK_CHECK_EVERY_MS: '100',
+          ROLLBACK_FAIL_THRESHOLD: '2',
+        ADMIN_RATE_LIMIT: '1000',
+        },
+        stdio: 'pipe',
+      });
+
+      await waitFor(async () => {
+        try {
+          const res = await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+            headers: { 'x-admin-token': adminToken },
+          });
+          return res.ok;
+        } catch {
+          return false;
+        }
+      }, 5000);
+    });
+
+    after(async () => {
+      if (daemonProcess) {
+        daemonProcess.kill('SIGTERM');
+      }
+      if (mockServer1) await mockServer1.close();
+      if (mockServer2) await mockServer2.close();
+    });
+
+    it('should not rollback after window expires', async () => {
+      // Switch to server2
+      await fetch(`http://127.0.0.1:${proxyPort}/__switch?port=${mockServer2.port}`, {
+        method: 'POST',
+        headers: { 'x-admin-token': adminToken },
+      });
+
+      // Wait for rollback window to expire
+      await new Promise(resolve => setTimeout(resolve, 700));
+
+      // Now make server2 unhealthy
+      mockServer2.setHealthy(false);
+
+      // Wait some more - should NOT rollback because window expired
+      await new Promise(resolve => setTimeout(resolve, 500));
+
+      // Should still be on server2
+      const status = await (await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+        headers: { 'x-admin-token': adminToken },
+      })).json();
+      assert.strictEqual(status.activePort, mockServer2.port);
+    });
+  });
+
+  describe('Health Metrics During Rollback', () => {
+    let mockServer1;
+    let mockServer2;
+    let proxyPort;
+    let daemonProcess;
+
+    before(async () => {
+      mockServer1 = await createMockServer({ port: 0 });
+      mockServer2 = await createMockServer({ port: 0 });
+
+      proxyPort = await getFreePort();
+
+      daemonProcess = spawn('node', ['portokd.mjs'], {
+        env: {
+          ...process.env,
+          LISTEN_PORT: String(proxyPort),
+          INITIAL_TARGET_PORT: String(mockServer1.port),
+          ADMIN_TOKEN: adminToken,
+          STATE_FILE: `/tmp/portok-rollback-metrics-test-${Date.now()}.json`,
+          DRAIN_MS: '100',
+          ROLLBACK_WINDOW_MS: '10000',
+          ROLLBACK_CHECK_EVERY_MS: '100',
+          ROLLBACK_FAIL_THRESHOLD: '3',
+        ADMIN_RATE_LIMIT: '1000',
+        },
+        stdio: 'pipe',
+      });
+
+      await waitFor(async () => {
+        try {
+          const res = await fetch(`http://127.0.0.1:${proxyPort}/__status`, {
+            headers: { 'x-admin-token': adminToken },
+          });
+          return res.ok;
+        } catch {
+          return false;
+        }
+      }, 5000);
+    });
+
+    after(async () => {
+      if (daemonProcess) {
+        daemonProcess.kill('SIGTERM');
+      }
+      if (mockServer1) await mockServer1.close();
+      if (mockServer2) await mockServer2.close();
+    });
+
+    it('should track consecutive fails in metrics', async () => {
+      // Switch to server2
+      await fetch(`http://127.0.0.1:${proxyPort}/__switch?port=${mockServer2.port}`, {
+        method: 'POST',
+        headers: { 'x-admin-token': adminToken },
+      });
+
+      // Make server2 unhealthy
+      mockServer2.setHealthy(false);
+
+      // Wait for some health checks
+      await new Promise(resolve => setTimeout(resolve, 350));
+
+      // Check metrics
+      const metricsRes = await fetch(`http://127.0.0.1:${proxyPort}/__metrics`, {
+        headers: { 'x-admin-token': adminToken },
+      });
+      const metrics = await metricsRes.json();
+
+      assert.ok(metrics.health.consecutiveFails > 0);
+      assert.strictEqual(metrics.health.activePortOk, false);
+      assert.ok(metrics.health.lastCheckedAt);
+    });
+  });
+});
+