tests: gen jwt token for auth test (#1585)

2025-06-01 15:42:44 +00:00 · 2024-07-22 11:07:47 -04:00
parent 60f9ca302c
commit 3e219998ce
3 changed files with 45 additions and 24 deletions
--- a/libsql-server/src/auth/user_auth_strategies/jwt.rs
+++ b/libsql-server/src/auth/user_auth_strategies/jwt.rs
@ -45,8 +45,8 @@ impl Jwt {
    }
 }

-#[derive(serde::Deserialize, serde::Serialize, Debug)]
-pub(crate) struct Token {
+#[derive(serde::Deserialize, serde::Serialize, Debug, Default)]
+pub struct Token {
    #[serde(default)]
    id: Option<NamespaceName>,
    #[serde(default)]
--- a/libsql-server/tests/auth/jwt_key.pem
+++ b/libsql-server/tests/auth/jwt_key.pem
@ -1,3 +0,0 @@
-----BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEAbz/oEg1rMRGY12X4Q0GXioX1hXaM69o9kp7h0eCLD/E=
-----END PUBLIC KEY-----
--- a/libsql-server/tests/auth/mod.rs
+++ b/libsql-server/tests/auth/mod.rs
@ -2,11 +2,16 @@
 #![allow(deprecated)]

 use futures::SinkExt as _;
+use jsonwebtoken::{DecodingKey, EncodingKey};
 use libsql::Database;
 use libsql_server::{
-    auth::{user_auth_strategies, Auth},
+    auth::{
+        user_auth_strategies::{self, jwt::Token},
+        Auth,
+    },
    config::UserApiConfig,
 };
+use ring::signature::{Ed25519KeyPair, KeyPair};
 use tempfile::tempdir;
 use tokio_stream::StreamExt;
 use tokio_tungstenite::{
@ -17,19 +22,14 @@ use turmoil::net::TcpStream;

 use crate::common::net::{init_tracing, SimServer, TestServer, TurmoilConnector};

-const TEST_JWT_KEY: &str = "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjE2NTIwNTB9.5XhUDHQhtShszTssjjUzVuJA3r-031mT4inVkvYEYz64sOCxnNpZUZdVF-CmZ4t-JTSXFlm8ddscBgkhccBxDg";
-
-async fn make_standalone_server() -> Result<(), Box<dyn std::error::Error>> {
-    let jwt_pem = include_bytes!("jwt_key.pem");
-    let jwt_keys = vec![jsonwebtoken::DecodingKey::from_ed_pem(jwt_pem).unwrap()];
-
+async fn make_standalone_server(auth_strategy: Auth) -> Result<(), Box<dyn std::error::Error>> {
    init_tracing();
    let tmp = tempdir()?;
    let server = TestServer {
        path: tmp.path().to_owned().into(),
        user_api_config: UserApiConfig {
            hrana_ws_acceptor: None,
-            auth_strategy: Auth::new(user_auth_strategies::Jwt::new(jwt_keys)),
+            auth_strategy,
            ..Default::default()
        },
        ..Default::default()
@ -40,16 +40,34 @@ async fn make_standalone_server() -> Result<(), Box<dyn std::error::Error>> {
    Ok(())
 }

+fn gen_test_jwt_auth() -> (Auth, String) {
+    let doc = Ed25519KeyPair::generate_pkcs8(&ring::rand::SystemRandom::new()).unwrap();
+    let encoding_key = EncodingKey::from_ed_der(doc.as_ref());
+
+    let pair = Ed25519KeyPair::from_pkcs8(doc.as_ref()).unwrap();
+    let decoding_key = DecodingKey::from_ed_der(pair.public_key().as_ref());
+
+    let claims = Token::default();
+
+    let header = jsonwebtoken::Header::new(jsonwebtoken::Algorithm::EdDSA);
+    let token = jsonwebtoken::encode(&header, &claims, &encoding_key).unwrap();
+
+    let jwt_keys = vec![decoding_key];
+
+    let auth = Auth::new(user_auth_strategies::Jwt::new(jwt_keys));
+
+    (auth, token)
+}
+
 #[test]
 fn http_hrana() {
+    let (auth, token) = gen_test_jwt_auth();
+
    let mut sim = turmoil::Builder::new().build();
-    sim.host("primary", make_standalone_server);
+    sim.host("primary", move || make_standalone_server(auth.clone()));
    sim.client("client", async {
-        let db = Database::open_remote_with_connector(
-            "http://primary:8080",
-            TEST_JWT_KEY,
-            TurmoilConnector,
-        )?;
+        let db =
+            Database::open_remote_with_connector("http://primary:8080", token, TurmoilConnector)?;
        let conn = db.connect()?;

        conn.execute("create table t(x text)", ()).await?;
@ -65,15 +83,18 @@ fn embedded_replica() {
    let tmp_embedded = tempdir().unwrap();
    let tmp_embedded_path = tmp_embedded.path().to_owned();

+    let (auth, token) = gen_test_jwt_auth();
+
    let mut sim = turmoil::Builder::new().build();
-    sim.host("primary", make_standalone_server);
+    sim.host("primary", move || make_standalone_server(auth.clone()));
+
    sim.client("client", async move {
        let path = tmp_embedded_path.join("embedded");

        let db = Database::open_with_remote_sync_connector(
            path.to_str().unwrap(),
            "http://primary:8080",
-            TEST_JWT_KEY,
+            token,
            TurmoilConnector,
            false,
            None,
@ -92,9 +113,12 @@ fn embedded_replica() {

 #[test]
 fn ws_hrana() {
+    let (auth, token) = gen_test_jwt_auth();
+
    let mut sim = turmoil::Builder::new().build();
-    sim.host("primary", make_standalone_server);
-    sim.client("client", async {
+    sim.host("primary", move || make_standalone_server(auth.clone()));
+
+    sim.client("client", async move {
        let url = "ws://primary:8080";

        let req = url.into_client_request().unwrap();
@ -116,7 +140,7 @@ fn ws_hrana() {
        }

        let msg = ClientMsg::Hello {
-            jwt: Some(TEST_JWT_KEY.to_string()),
+            jwt: Some(token.to_string()),
        };

        let msg_data = serde_json::to_string(&msg).unwrap();