UNPKG

flaks

Version:

reverse http/https proxy optimized for edge/outgoing traffic

291 lines (256 loc) 7.26 kB
const should = require("should"); const _ = require("lodash"); const request = require("supertest"); const express = require("express"); const https = require("https"); const fs = require("fs"); const bodyParser = require("body-parser"); const flaks = require("../uber-app"); function _get_me_an_app() { const app = express(); app.use( bodyParser.urlencoded({ extended: true }) ); app.use(bodyParser.json()); app.use(bodyParser.text()); app.all("*", (req, res) => { res.send({ q: req.query, h: req.headers, u: req.url, b: req.body, c: req.socket.getPeerCertificate().subject, a: req.client.authorized }); }); return app; } function _get_me_an_https_server() { const opts = { key: fs.readFileSync("./test/certs/server-key.pem"), cert: fs.readFileSync("./test/certs/server-crt.pem"), ca: [fs.readFileSync("./test/certs/server-crt.pem")], requestCert: false, rejectUnauthorized: false }; const svr = https.createServer(opts, _get_me_an_app()); svr.listen(28090); return svr; } function _get_me_an_https_server_with_client_cert(hard) { const opts = { key: fs.readFileSync("./test/certs/server-key.pem"), cert: fs.readFileSync("./test/certs/server-crt.pem"), ca: [fs.readFileSync("./test/certs/server-crt.pem"), fs.readFileSync('./test/certs/ca/ca-crt.pem')], requestCert: true, rejectUnauthorized: (hard ? true : false) }; const svr = https.createServer(opts, _get_me_an_app()); svr.listen(28090); return svr; } function _get_me_an_https_server_with_client_cert_short_ca(hard) { const opts = { key: fs.readFileSync("./test/certs/server-key.pem"), cert: fs.readFileSync("./test/certs/server-crt.pem"), ca: [fs.readFileSync("./test/certs/server-crt.pem")], requestCert: true, rejectUnauthorized: (hard ? true : false) }; const svr = https.createServer(opts, _get_me_an_app()); svr.listen(28090); return svr; } const config = { agents: { https: { dolkaren: { keepAlive: true, keepAliveMsecs: 10000, maxSockets: 1024, maxFreeSockets: 256, timeout: 120000, key: fs.readFileSync('./test/certs/ca/client1-key.pem'), cert: fs.readFileSync('./test/certs/ca/client1-crt.pem'), rejectUnauthorized: false, } } }, vhosts: { default: { http: { routes: { "/(.*)": { target: "https://localhost:28090/$1", agent: "default", secure: false }, '/s/(.*)' : { target: 'https://localhost:28090/aadvark/$1', agent: 'dolkaren' } } }, net: { incoming_timeout: 3000, outgoing_timeout: 2000 } } } }; describe("HTTPS upstream", () => { before(done => { done(); }); after(done => { done(); }); describe("plain https, no agent", () => { it("proxies to https ok", done => { flaks(config, (err, context) => { if (err) return done(err); let tserv = _get_me_an_https_server(); request(context.app) .post("/a/hilfe") .query({ a: 1, b: "666" }) .send("ddfgdgdgdgdf") .set({ "x-request-id": "qwertyuiop" }) .type("text") .expect(200) .end((err, res) => { if (err) return done (err); res.body.should.match({ q: { a: "1", b: "666" }, h: { "x-forwarded-host": /.+/, "x-forwarded-proto": "http", "x-forwarded-port": /.+/, "x-forwarded-for": /.+/, connection: "close", "content-length": "12", "x-request-id": "qwertyuiop", "content-type": "text/plain", "accept-encoding": /.+/, host: "localhost:28090" }, u: "/a/hilfe?a=1&b=666", b: "ddfgdgdgdgdf", a: false }); tserv.close(); context.shutdown(false, done); }); }); }); it("fails controlled on http call with no client cert if it's required", done => { flaks(config, (err, context) => { if (err) return done(err); let tserv = _get_me_an_https_server_with_client_cert (true); request(context.app) .post("/a/hilfe") .query({ a: 1, b: "666" }) .send("ddfgdgdgdgdf") .set({ "x-request-id": "qwertyuiop" }) .type("text") .expect(503) .end(err => { tserv.close(); context.shutdown(false, done); }); }); }); }); describe ('with agent', () => { it("calls ok with required client cert", done => { flaks(config, (err, context) => { if (err) return done(err); let tserv = _get_me_an_https_server_with_client_cert (); request(context.app) .post("/s/hilfe") .query({ a: 1, b: "666" }) .send("ddfgdgdgdgdf") .set({ "x-request-id": "qwertyuiop", Connection: "keep-alive" }) .type("text") .expect(200) .end((err, res) => { if (err) return done (err); res.body.should.match({ q: { a: "1", b: "666" }, h: { "x-forwarded-host": /.+/, "x-forwarded-proto": "http", "x-forwarded-port": /.+/, "x-forwarded-for": /.+/, connection: "keep-alive", "content-length": "12", "x-request-id": "qwertyuiop", "content-type": "text/plain", "accept-encoding": /.+/, host: "localhost:28090" }, u: '/aadvark/hilfe?a=1&b=666', b: 'ddfgdgdgdgdf', c: { C: 'ES', ST: 'AS', L: 'Siero', O: 'Example Co', OU: 'techops', CN: 'client1', emailAddress: 'certs@example.com' }, a: true }); tserv.close(); context.shutdown(false, done); }); }); }); it("fails controlled on http call with unknown client cert if it's required", done => { flaks(config, (err, context) => { if (err) return done(err); let tserv = _get_me_an_https_server_with_client_cert_short_ca (true); request(context.app) .post("/s/hilfe") .query({ a: 1, b: "666" }) .send("ddfgdgdgdgdf") .set({ "x-request-id": "qwertyuiop" }) .type("text") .expect(504) .end((err, res) => { tserv.close(); context.shutdown(false, done); }); }); }); }); });