Refactor installation and runner scripts for enhanced usability and security
- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing. - Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`. - Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback. - Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users. - Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
This commit is contained in:
@@ -4,15 +4,22 @@ import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"jiggablend/internal/config"
|
||||
"jiggablend/internal/storage"
|
||||
)
|
||||
|
||||
func TestCheckWebSocketOrigin_DevelopmentAllowsOrigin(t *testing.T) {
|
||||
t.Setenv("PRODUCTION", "false")
|
||||
t.Setenv("PRODUCTION", "")
|
||||
s := &Manager{cfg: &config.Config{}}
|
||||
req := httptest.NewRequest("GET", "http://localhost/ws", nil)
|
||||
req.Host = "localhost:8080"
|
||||
req.Header.Set("Origin", "http://example.com")
|
||||
if !checkWebSocketOrigin(req) {
|
||||
if !s.checkWebSocketOrigin(req) {
|
||||
t.Fatal("expected development mode to allow origin")
|
||||
}
|
||||
}
|
||||
@@ -20,10 +27,11 @@ func TestCheckWebSocketOrigin_DevelopmentAllowsOrigin(t *testing.T) {
|
||||
func TestCheckWebSocketOrigin_ProductionSameHostAllowed(t *testing.T) {
|
||||
t.Setenv("PRODUCTION", "true")
|
||||
t.Setenv("ALLOWED_ORIGINS", "")
|
||||
s := &Manager{cfg: &config.Config{}}
|
||||
req := httptest.NewRequest("GET", "http://localhost/ws", nil)
|
||||
req.Host = "localhost:8080"
|
||||
req.Header.Set("Origin", "http://localhost:8080")
|
||||
if !checkWebSocketOrigin(req) {
|
||||
if !s.checkWebSocketOrigin(req) {
|
||||
t.Fatal("expected same-host origin to be allowed")
|
||||
}
|
||||
}
|
||||
@@ -48,3 +56,65 @@ func TestRespondErrorWithCode_IncludesCodeField(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestSecurityHeadersMiddleware_SetsBaselineHeaders(t *testing.T) {
|
||||
h := securityHeadersMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
rr := httptest.NewRecorder()
|
||||
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
h.ServeHTTP(rr, req)
|
||||
if rr.Header().Get("X-Content-Type-Options") != "nosniff" {
|
||||
t.Fatalf("missing nosniff, got %q", rr.Header().Get("X-Content-Type-Options"))
|
||||
}
|
||||
if rr.Header().Get("X-Frame-Options") != "DENY" {
|
||||
t.Fatalf("missing frame deny")
|
||||
}
|
||||
if rr.Header().Get("Content-Security-Policy") == "" {
|
||||
t.Fatal("missing CSP")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCleanupOldTempDirectories_SkipsActiveSessionTempDir(t *testing.T) {
|
||||
base := t.TempDir()
|
||||
st, err := storage.NewStorage(base)
|
||||
if err != nil {
|
||||
t.Fatalf("NewStorage: %v", err)
|
||||
}
|
||||
tempPath := filepath.Join(base, "temp")
|
||||
activeDir, err := os.MkdirTemp(tempPath, "jiggablend-upload-*")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
oldTime := time.Now().Add(-2 * time.Hour)
|
||||
_ = os.Chtimes(activeDir, oldTime, oldTime)
|
||||
|
||||
staleDir := filepath.Join(tempPath, "stale-old-dir")
|
||||
if err := os.MkdirAll(staleDir, 0755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_ = os.Chtimes(staleDir, oldTime, oldTime)
|
||||
|
||||
s := &Manager{
|
||||
storage: st,
|
||||
uploadSessions: map[string]*UploadSession{
|
||||
"active": {SessionID: "active", TempDir: activeDir},
|
||||
},
|
||||
}
|
||||
s.cleanupOldTempDirectoriesOnce()
|
||||
|
||||
if _, err := os.Stat(activeDir); err != nil {
|
||||
t.Fatalf("active session temp dir was deleted: %v", err)
|
||||
}
|
||||
if _, err := os.Stat(staleDir); !os.IsNotExist(err) {
|
||||
t.Fatalf("stale temp dir should have been removed, stat err=%v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCreateSessionCookie_UsesConfigProductionMode(t *testing.T) {
|
||||
t.Setenv("PRODUCTION", "true")
|
||||
s := &Manager{cfg: &config.Config{}, sessionCookieMaxAge: 3600}
|
||||
cookie := s.createSessionCookie("sid")
|
||||
if !cookie.Secure {
|
||||
t.Fatal("expected Secure cookie when production mode is on via env")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user