Spaces:

Ac66
/

W

Sleeping

App Files Files Community

W / test /dashboard-api.test.js

Ac66's picture

Upload folder using huggingface_hub

2b64d42 verified 10 days ago

history blame contribute delete

2.39 kB

	import { afterEach, describe, it } from 'node:test';
	import assert from 'node:assert/strict';
	import { config } from '../src/config.js';
	import { configureBindHost } from '../src/auth.js';
	import { buildBatchProxyBinding, handleDashboardApi } from '../src/dashboard/api.js';

	const originalDashboardPassword = config.dashboardPassword;
	const originalApiKey = config.apiKey;

	afterEach(() => {
	config.dashboardPassword = originalDashboardPassword;
	config.apiKey = originalApiKey;
	configureBindHost('0.0.0.0');
	});

	function fakeRes() {
	return {
	statusCode: 0,
	body: '',
	writeHead(status) { this.statusCode = status; },
	end(chunk) { this.body += chunk ? String(chunk) : ''; },
	json() { return this.body ? JSON.parse(this.body) : null; },
	};
	}

	describe('dashboard batch import proxy binding', () => {
	it('uses nested result.account.id from processWindsurfLogin output', () => {
	const binding = buildBatchProxyBinding(
	{ success: true, account: { id: 'acct_123' } },
	'socks5://user:pass@proxy.example.com:1080'
	);
	assert.equal(binding.accountId, 'acct_123');
	assert.deepEqual(binding.proxy, {
	type: 'socks5',
	host: 'proxy.example.com',
	port: 1080,
	username: 'user',
	password: 'pass',
	});
	});

	it('fails closed for dashboard write APIs without auth on non-localhost binds', async () => {
	config.dashboardPassword = '';
	config.apiKey = '';
	configureBindHost('0.0.0.0');

	const res = fakeRes();
	await handleDashboardApi('DELETE', '/cache', {}, { headers: {} }, res);

	assert.equal(res.statusCode, 401);
	assert.match(res.json().error, /Unauthorized/);
	});

	it('allows unauthenticated dashboard writes only on localhost binds', async () => {
	config.dashboardPassword = '';
	config.apiKey = '';
	configureBindHost('127.0.0.1');

	const res = fakeRes();
	await handleDashboardApi('GET', '/cache', {}, { headers: {} }, res);

	assert.equal(res.statusCode, 200);
	});

	it('accepts dashboard auth headers with timing-safe configured secrets', async () => {
	config.dashboardPassword = 'dash-secret';
	config.apiKey = '';
	configureBindHost('0.0.0.0');

	const res = fakeRes();
	await handleDashboardApi('GET', '/cache', {}, { headers: { 'x-dashboard-password': 'dash-secret' } }, res);

	assert.equal(res.statusCode, 200);
	});
	});