c5c1179e9d
The SvelteKit proxy was only stripping host + content-length; the rest of RFC 7230 §6.1 (connection, keep-alive, proxy-authenticate, proxy-authorization, te, trailer, transfer-encoding, upgrade) leaked through to axum. Axum doesn't emit them so the impact is theoretical, but the proxy should be RFC-conformant. Also adds an AbortController with a configurable 60s timeout (BACKEND_PROXY_TIMEOUT_MS) so a wedged backend can't hang the browser request indefinitely — failures surface as the standard 502 upstream_unavailable envelope. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
195 lines
7.5 KiB
TypeScript
195 lines
7.5 KiB
TypeScript
import {
|
|
describe,
|
|
it,
|
|
expect,
|
|
vi,
|
|
beforeEach,
|
|
afterEach,
|
|
type MockInstance
|
|
} from 'vitest';
|
|
import { handle } from './hooks.server';
|
|
|
|
// `BACKEND_URL` is read at module load time, so the values used in the
|
|
// asserts below assume the test env didn't set it. `?? 'http://localhost:8080'`
|
|
// is the default.
|
|
const DEFAULT_BACKEND = 'http://localhost:8080';
|
|
|
|
function makeEvent(path: string, init?: RequestInit) {
|
|
const url = new URL(`http://app.example.com${path}`);
|
|
const request = new Request(url, init);
|
|
return { url, request } as Parameters<typeof handle>[0]['event'];
|
|
}
|
|
|
|
describe('hooks.server proxy', () => {
|
|
let fetchSpy: MockInstance<typeof globalThis.fetch>;
|
|
|
|
beforeEach(() => {
|
|
fetchSpy = vi.spyOn(globalThis, 'fetch');
|
|
});
|
|
afterEach(() => {
|
|
vi.restoreAllMocks();
|
|
});
|
|
|
|
it('forwards /api/* requests to the backend, preserving status', async () => {
|
|
fetchSpy.mockResolvedValueOnce(
|
|
new Response(JSON.stringify({ status: 'ok' }), {
|
|
status: 200,
|
|
headers: { 'content-type': 'application/json' }
|
|
})
|
|
);
|
|
const resolve = vi.fn();
|
|
|
|
const event = makeEvent('/api/v1/health');
|
|
const resp = await handle({ event, resolve });
|
|
|
|
expect(resolve).not.toHaveBeenCalled();
|
|
expect(fetchSpy).toHaveBeenCalledTimes(1);
|
|
expect(fetchSpy.mock.calls[0][0]).toBe(`${DEFAULT_BACKEND}/api/v1/health`);
|
|
expect(resp.status).toBe(200);
|
|
expect(await resp.json()).toEqual({ status: 'ok' });
|
|
});
|
|
|
|
it('passes through the query string', async () => {
|
|
fetchSpy.mockResolvedValueOnce(new Response('[]', { status: 200 }));
|
|
const resolve = vi.fn();
|
|
await handle({
|
|
event: makeEvent('/api/v1/mangas?search=narto&limit=10'),
|
|
resolve
|
|
});
|
|
expect(fetchSpy.mock.calls[0][0]).toBe(
|
|
`${DEFAULT_BACKEND}/api/v1/mangas?search=narto&limit=10`
|
|
);
|
|
});
|
|
|
|
it('strips the host header so the backend sees its own origin', async () => {
|
|
fetchSpy.mockResolvedValueOnce(new Response('[]', { status: 200 }));
|
|
const resolve = vi.fn();
|
|
await handle({
|
|
event: makeEvent('/api/v1/health', {
|
|
headers: { host: 'app.example.com', cookie: 'mangalord_session=abc' }
|
|
}),
|
|
resolve
|
|
});
|
|
const init = fetchSpy.mock.calls[0][1] as RequestInit;
|
|
const headers = init.headers as Headers;
|
|
expect(headers.get('host')).toBeNull();
|
|
// Cookies must still be forwarded — that's how the session reaches axum.
|
|
expect(headers.get('cookie')).toBe('mangalord_session=abc');
|
|
});
|
|
|
|
it('forwards request bodies on POST', async () => {
|
|
fetchSpy.mockResolvedValueOnce(new Response('{}', { status: 201 }));
|
|
const resolve = vi.fn();
|
|
await handle({
|
|
event: makeEvent('/api/v1/auth/login', {
|
|
method: 'POST',
|
|
headers: { 'content-type': 'application/json' },
|
|
body: JSON.stringify({ username: 'alice', password: 'hunter2hunter2' })
|
|
}),
|
|
resolve
|
|
});
|
|
const init = fetchSpy.mock.calls[0][1] as RequestInit;
|
|
expect(init.method).toBe('POST');
|
|
expect(init.body).toBeDefined();
|
|
});
|
|
|
|
it('delegates non-/api requests to SvelteKit', async () => {
|
|
const resolve = vi.fn().mockResolvedValue(new Response('page', { status: 200 }));
|
|
|
|
await handle({ event: makeEvent('/manga/abc'), resolve });
|
|
|
|
expect(fetchSpy).not.toHaveBeenCalled();
|
|
expect(resolve).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
it('returns 502 with the standard error envelope when the upstream is unreachable', async () => {
|
|
// Silence the console.error the handler emits on failure so
|
|
// the test output stays clean.
|
|
const errSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
|
|
fetchSpy.mockRejectedValueOnce(new TypeError('fetch failed'));
|
|
|
|
const resolve = vi.fn();
|
|
const resp = await handle({ event: makeEvent('/api/v1/health'), resolve });
|
|
|
|
expect(resolve).not.toHaveBeenCalled();
|
|
expect(resp.status).toBe(502);
|
|
expect(resp.headers.get('content-type')).toContain('application/json');
|
|
const body = await resp.json();
|
|
expect(body.error.code).toBe('upstream_unavailable');
|
|
expect(errSpy).toHaveBeenCalled();
|
|
});
|
|
|
|
it('strips every hop-by-hop header listed in RFC 7230 §6.1', async () => {
|
|
// Defence in depth: axum doesn't emit these, but a future
|
|
// middleware that did would otherwise leak per-connection
|
|
// state across the proxy boundary.
|
|
fetchSpy.mockResolvedValueOnce(new Response('[]', { status: 200 }));
|
|
const resolve = vi.fn();
|
|
await handle({
|
|
event: makeEvent('/api/v1/health', {
|
|
headers: {
|
|
host: 'app.example.com',
|
|
'content-length': '0',
|
|
connection: 'keep-alive',
|
|
'keep-alive': 'timeout=5',
|
|
'proxy-authenticate': 'Basic realm=x',
|
|
'proxy-authorization': 'Basic xyz',
|
|
te: 'trailers',
|
|
trailer: 'Expires',
|
|
'transfer-encoding': 'chunked',
|
|
upgrade: 'websocket',
|
|
// A non-hop-by-hop header to ensure non-targets
|
|
// aren't accidentally stripped.
|
|
'x-custom': 'pass-through'
|
|
}
|
|
}),
|
|
resolve
|
|
});
|
|
const init = fetchSpy.mock.calls[0][1] as RequestInit;
|
|
const headers = init.headers as Headers;
|
|
for (const h of [
|
|
'host',
|
|
'content-length',
|
|
'connection',
|
|
'keep-alive',
|
|
'proxy-authenticate',
|
|
'proxy-authorization',
|
|
'te',
|
|
'trailer',
|
|
'transfer-encoding',
|
|
'upgrade'
|
|
]) {
|
|
expect(headers.get(h), `${h} should be stripped`).toBeNull();
|
|
}
|
|
expect(headers.get('x-custom')).toBe('pass-through');
|
|
});
|
|
|
|
it('aborts and returns 502 when the upstream stalls past the timeout', async () => {
|
|
const errSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
|
|
// Simulate an aborted fetch (AbortController.abort() raises a
|
|
// DOMException with name 'AbortError' on Node's fetch). The
|
|
// handler should treat it as the same upstream_unavailable
|
|
// 502 it uses for any other network failure.
|
|
const abortErr = new DOMException('aborted', 'AbortError');
|
|
fetchSpy.mockRejectedValueOnce(abortErr);
|
|
|
|
const resolve = vi.fn();
|
|
const resp = await handle({ event: makeEvent('/api/v1/slow'), resolve });
|
|
expect(resp.status).toBe(502);
|
|
const body = await resp.json();
|
|
expect(body.error.code).toBe('upstream_unavailable');
|
|
expect(errSpy).toHaveBeenCalled();
|
|
});
|
|
|
|
it('attaches an AbortSignal to the upstream fetch so it can time out', async () => {
|
|
fetchSpy.mockResolvedValueOnce(new Response('[]', { status: 200 }));
|
|
const resolve = vi.fn();
|
|
await handle({ event: makeEvent('/api/v1/health'), resolve });
|
|
const init = fetchSpy.mock.calls[0][1] as RequestInit;
|
|
expect(init.signal).toBeInstanceOf(AbortSignal);
|
|
// The signal hasn't fired (handler returned in time), but its
|
|
// presence is the contract this test is pinning.
|
|
expect(init.signal?.aborted).toBe(false);
|
|
});
|
|
});
|