haitham/claw3d
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac30f71db04ef3437a7713e1186e8e0e9ceb9482
claw3d/tests/unit/serverNetworkPolicy.test.ts
T
Luke The Dev 4fa4f13558 First Release of Claw3D (#11) 
Co-authored-by: iamlukethedev <iamlukethedev@users.noreply.github.com>
2026-03-19 23:14:04 -05:00

62 lines
2.6 KiB
TypeScript
Raw Blame History

// @vitest-environment node
import { describe, expect, it } from "vitest";
describe("server network policy", () => {
it("defaults to dual loopback hosts", async () => {
const { resolveHosts, resolveHost } = await import("../../server/network-policy");
expect(resolveHosts({} as unknown as NodeJS.ProcessEnv)).toEqual(["127.0.0.1", "::1"]);
expect(resolveHost({} as unknown as NodeJS.ProcessEnv)).toBe("127.0.0.1");
});
it("ignores HOSTNAME and uses only HOST for bind resolution", async () => {
const { resolveHosts, resolveHost } = await import("../../server/network-policy");
expect(resolveHosts({ HOSTNAME: "example-host" } as unknown as NodeJS.ProcessEnv)).toEqual([
"127.0.0.1",
"::1",
]);
expect(resolveHost({ HOSTNAME: "example-host" } as unknown as NodeJS.ProcessEnv)).toBe("127.0.0.1");
expect(
resolveHosts({ HOST: "0.0.0.0", HOSTNAME: "example-host" } as unknown as NodeJS.ProcessEnv)
).toEqual(["0.0.0.0"]);
expect(
resolveHost({ HOST: "0.0.0.0", HOSTNAME: "example-host" } as unknown as NodeJS.ProcessEnv)
).toBe("0.0.0.0");
});
it("classifies wildcard and non-loopback hosts as public", async () => {
const { isPublicHost } = await import("../../server/network-policy");
expect(isPublicHost("0.0.0.0")).toBe(true);
expect(isPublicHost("::")).toBe(true);
expect(isPublicHost("studio.example.com")).toBe(true);
});
it("classifies loopback hosts as non-public", async () => {
const { isPublicHost } = await import("../../server/network-policy");
expect(isPublicHost("127.0.0.1")).toBe(false);
expect(isPublicHost("::1")).toBe(false);
expect(isPublicHost("0:0:0:0:0:0:0:1")).toBe(false);
expect(isPublicHost("::ffff:127.0.0.1")).toBe(false);
expect(isPublicHost("[::1]:3000")).toBe(false);
expect(isPublicHost("localhost")).toBe(false);
});
it("classifies non-loopback IPv6 addresses as public", async () => {
const { isPublicHost } = await import("../../server/network-policy");
expect(isPublicHost("::ffff:192.168.1.10")).toBe(true);
});
it("rejects public bind without non-empty studio access token", async () => {
const { assertPublicHostAllowed } = await import("../../server/network-policy");
expect(() => assertPublicHostAllowed({ host: "0.0.0.0", studioAccessToken: "" })).toThrow(
/Refusing to bind Studio to public host/
);
expect(() => assertPublicHostAllowed({ host: "0.0.0.0", studioAccessToken: " " })).toThrow(
/Refusing to bind Studio to public host/
);
expect(() =>
assertPublicHostAllowed({ host: "0.0.0.0", studioAccessToken: "abc" })
).not.toThrow();
});
});
Reference in New Issue View Git Blame Copy Permalink