Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
oauth_reverse_proxy
Advanced tools
oauth_reverse_proxy - npm Package Compare versions
Comparing version 1.2.0 to 1.3.0
@@ -1,9 +0,5 @@ | ||
| var fs = require('fs'); | ||
| var path = require('path'); | ||
| var proxy_manager = require('./proxy_manager.js'); | ||
| var Proxy = require('./proxy'); | ||
| var ProxyConfig = require('./proxy/config.js'); | ||
| var logger = require('./logger.js').getLogger({'module': __filename}); | ||
| var logger = require('./logger.js').getLogger(); | ||
| /** | ||
@@ -17,94 +13,5 @@ * An oauth_reverse_proxy instance is initialized around a configuration directory. Each proxy | ||
| exports.init = function(config_dir, cb) { | ||
| if (!config_dir) return cb("Failed to open directory " + config_dir); | ||
| fs.stat(config_dir, function(err, stat) { | ||
| /* istanbul ignore next */ | ||
| if (err) return cb("Failed to open directory " + config_dir); | ||
| if (!stat.isDirectory()) return cb('oauth_reverse_proxy config dir is not a directory'); | ||
| // Load all proxy configurations. | ||
| loadConfigFiles(config_dir, cb); | ||
| }); | ||
| proxy_manager.init(config_dir, cb); | ||
| }; | ||
| /** | ||
| * Each proxy is defined by a JSON file that stores the configuration of the proxy. | ||
| */ | ||
| function loadConfigFiles(config_dir, cb) { | ||
| logger.info("Config dir is %s", config_dir); | ||
| // Stores all proxies created from configuration files in config_dir. If a proxy can not be loaded | ||
| // the config file name will map to the error message instead of a proxy object. | ||
| var proxies = {}; | ||
| fs.readdir(config_dir, function(err, files) { | ||
| /* istanbul ignore if */ | ||
| if (err) return cb(err); | ||
| // Fire a callback only once all config files have been processed. | ||
| var countdown = files.length; | ||
| var wrapped_cb = function() { | ||
| --countdown; | ||
| if (countdown <= 0) return cb(null, proxies); | ||
| }; | ||
| files.forEach(function(file) { | ||
| logger.info('Loading proxy configuration file %s', file); | ||
| fs.readFile(config_dir + path.sep + file, {'encoding':'utf8'}, function(err, data) { | ||
| try { | ||
| // Parse the configuration into an object, create a ProxyConfig around it, and validate | ||
| // that the configuration meets our viability requirements. | ||
| var config = JSON.parse(data); | ||
| var proxy_config = new ProxyConfig(config); | ||
| // If the proxy configuration is incorrect, consider the proxy failed. | ||
| // CONTROVERSIAL STATEMENT ALERT: we do not consider a configuration error with a | ||
| // proxy to be a fatal error for oauth_reverse_proxy. As long as at least 1 configuration | ||
| // file is valid, we will proceed with proxy creation. This is to prevent a single | ||
| // busted configuration file from DOSing any other proxies by preventing their startup. | ||
| var proxy_error = proxy_config.isInvalid(); | ||
| if (proxy_error) { | ||
| logger.error("Failed to load proxy %s due to %s", file, proxy_error); | ||
| proxies[file] = proxy_error; | ||
| return wrapped_cb(); | ||
| } | ||
| } catch(e) { | ||
| logger.error("Failed to load proxy %s due to %s", file, e); | ||
| proxies[file] = e.message; | ||
| return wrapped_cb(); | ||
| } | ||
| try { | ||
| // Create and start a proxy around a validated config. | ||
| var proxy = new Proxy(proxy_config); | ||
| proxy.start(function(err) { | ||
| /* istanbul ignore if */ | ||
| if (err) { | ||
| // CONTROVERSIAL STATEMENT ALERT: we do not consider a startup error with a | ||
| // proxy to be a fatal error for oauth_reverse_proxy. As long as at least 1 | ||
| // proxy starts properly, we will proceed with proxy creation. This is to prevent | ||
| // a single busted configuration file from DOSing any other proxies by preventing | ||
| // their startup. | ||
| proxies[file] = "Failed to start proxy " + proxy_config.service_name + " due to " + err; | ||
| return wrapped_cb(); | ||
| } | ||
| logger.info("Started proxy %s", proxy_config.service_name); | ||
| proxies[file] = proxy; | ||
| wrapped_cb(); | ||
| }); | ||
| } catch(e) { | ||
| /* istanbul ignore next */ | ||
| proxies[file] = "Uncaught exception starting proxy " + proxy_config.service_name + ": " + e + "\n" + e.stack; | ||
| /* istanbul ignore next */ | ||
| wrapped_cb(); | ||
| } | ||
| }); | ||
| }); | ||
| }); | ||
| } | ||
| // Register the catch-all exception handler. We want to ignore this line for code coverage purposes, | ||
@@ -111,0 +18,0 @@ // which the instanbul ignore line accomplishes. |
@@ -33,2 +33,6 @@ var util = require('util'); | ||
| // If a module was provided, trim it down to just the relative path. | ||
| if (config && config.module) | ||
| config.module = getModulePath(config.module); | ||
| // If no logger config is provided, there's nothing more to do. We'll just continue using the | ||
@@ -40,1 +44,18 @@ // default logger. | ||
| }; | ||
| /** | ||
| * Convenience to get the relative path (that is lib/proxy/index.js or the like) from the full path | ||
| * (/Users/wrb/code/oauth_reverse_proxy/lib/proy/index.js). Tagging the logger with the current | ||
| * module is helpful for debugging. | ||
| */ | ||
| var getModulePath = module.exports.getModulePath = function(module_file) { | ||
| var dirs = module_file.split(path.sep); | ||
| var module_path = []; | ||
| for (var i = dirs.length-1; i >= 0; --i) { | ||
| module_path.unshift(dirs[i]); | ||
| if (dirs[i] === 'lib') break; | ||
| } | ||
| // We always assume Unix-style path delimiters just to keep the format consistent for logging. | ||
| return module_path.join('/'); | ||
| }; |
| var fs = require('fs'); | ||
| var util = require('util'); | ||
| var logger = require('../logger.js').getLogger(); | ||
| var _ = require('underscore'); | ||
@@ -16,6 +16,6 @@ /** | ||
| // set here is good for readability. | ||
| Object.defineProperty(this_obj, 'service_name', { 'value': config.service_name, writable: false }); | ||
| Object.defineProperty(this_obj, 'from_port', { 'value': config.from_port, writable: false }); | ||
| Object.defineProperty(this_obj, 'to_port', { 'value': config.to_port, writable: false }); | ||
| Object.defineProperty(this_obj, 'oauth_secret_dir', { 'value': config.oauth_secret_dir, writable: false }); | ||
| Object.defineProperty(this_obj, 'service_name', { 'value': config.service_name, writable: false, enumerable: true }); | ||
| Object.defineProperty(this_obj, 'from_port', { 'value': config.from_port, writable: false, enumerable: true }); | ||
| Object.defineProperty(this_obj, 'to_port', { 'value': config.to_port, writable: false, enumerable: true }); | ||
| Object.defineProperty(this_obj, 'oauth_secret_dir', { 'value': config.oauth_secret_dir, writable: false, enumerable: true }); | ||
@@ -25,14 +25,14 @@ // An optional list of allowed Host header or URI path parameters can be specified as environment | ||
| // substring is allowed. All others are rejected. Multiple of either setting can be provided. | ||
| Object.defineProperty(this_obj, 'required_uris', { 'value': config.required_uris, writable: false }); | ||
| Object.defineProperty(this_obj, 'required_hosts', { 'value': config.required_hosts, writable: false }); | ||
| Object.defineProperty(this_obj, 'required_uris', { 'value': config.required_uris, writable: false, enumerable: true }); | ||
| Object.defineProperty(this_obj, 'required_hosts', { 'value': config.required_hosts, writable: false, enumerable: true }); | ||
| // Whether this proxy listens on an HTTPS socket on from_port. Defaults to false. | ||
| Object.defineProperty(this_obj, 'https', { 'value': config.https != undefined || false, writable: false }); | ||
| Object.defineProperty(this_obj, 'https', { 'value': config.https != undefined || false, writable: false, enumerable: true }); | ||
| if (this_obj.https) { | ||
| Object.defineProperty(this_obj, 'https_key_file', { 'value': config.https.key, writable: false }); | ||
| Object.defineProperty(this_obj, 'https_cert_file', { 'value': config.https.cert, writable: false }); | ||
| Object.defineProperty(this_obj, 'https_key_file', { 'value': config.https.key, writable: false, enumerable: true }); | ||
| Object.defineProperty(this_obj, 'https_cert_file', { 'value': config.https.cert, writable: false, enumerable: true }); | ||
| } | ||
| // An optional object defining quotas to apply to inbound requests. | ||
| Object.defineProperty(this_obj, 'quotas', { 'value': (config.quotas || {thresholds:{}}), writable: false}); | ||
| Object.defineProperty(this_obj, 'quotas', { 'value': (config.quotas || {thresholds:{}}), writable: false, enumerable: true}); | ||
@@ -50,6 +50,13 @@ // Use a default whitelist config if none is provided. | ||
| Object.defineProperty(this_obj, 'whitelist', { 'value': whitelist, writable: false }); | ||
| Object.defineProperty(this_obj, 'whitelist', { 'value': whitelist, writable: false, enumerable: true }); | ||
| } | ||
| /** | ||
| * Performs a deep comparison of proxy configs and returns true iff configurations are identical. | ||
| */ | ||
| ProxyConfig.prototype.equals = function(other_proxy_config) { | ||
| return _.isEqual(this, other_proxy_config); | ||
| }; | ||
| /** | ||
| * Returns a string matching the first validation that failed when evaluating this proxy config or returns | ||
@@ -56,0 +63,0 @@ * undefined if the configuration is valid. |
@@ -11,2 +11,6 @@ var _ = require('underscore'); | ||
| var module_tag = { | ||
| module: require('../logger.js').getModulePath(__filename) | ||
| }; | ||
| // Increase the maxSockets managed by this process to ensure that we can keep up with many | ||
@@ -44,3 +48,3 @@ // concurrent connections under load. Also, node-http-proxy uses this agent to manage | ||
| this.logger.debug("Starting proxy on port %s", this.config.from_port); | ||
| this.logger.debug(module_tag, "Starting proxy on port %s", this.config.from_port); | ||
| } | ||
@@ -75,3 +79,3 @@ | ||
| proxy.on('error', function(err, req, res) { | ||
| this_obj.logger.info("Got error %s communicating with underlying server.", util.inspect(err)); | ||
| this_obj.logger.info(module_tag, "Got error %s communicating with underlying server.", util.inspect(err)); | ||
| res.writeHead(500, "Connection to " + this_obj.config.service_name + " failed"); | ||
@@ -147,11 +151,11 @@ res.end(); | ||
| // Begin listening for incoming requests | ||
| this_obj.logger.info("Listening on port %s", this_obj.config.from_port); | ||
| this_obj.logger.info(module_tag, "Listening on port %s", this_obj.config.from_port); | ||
| // If the proxy config specifically asks for https, use https. Otherwise, use http. | ||
| if (this_obj.config.https) { | ||
| var ipv4_server = https.createServer({ | ||
| this_obj.ipv4_server = https.createServer({ | ||
| key: fs.readFileSync(this_obj.config.https_key_file), | ||
| cert: fs.readFileSync(this_obj.config.https_cert_file) | ||
| }, app); | ||
| var ipv6_server = https.createServer({ | ||
| this_obj.ipv6_server = https.createServer({ | ||
| key: fs.readFileSync(this_obj.config.https_key_file), | ||
@@ -161,4 +165,4 @@ cert: fs.readFileSync(this_obj.config.https_cert_file) | ||
| } else { | ||
| var ipv4_server = http.createServer(app); | ||
| var ipv6_server = http.createServer(app); | ||
| this_obj.ipv4_server = http.createServer(app); | ||
| this_obj.ipv6_server = http.createServer(app); | ||
| } | ||
@@ -168,4 +172,4 @@ | ||
| // It works on node 0.10.30 but not on 0.10.35, for example. Separating the two servers appears to work everywhere. | ||
| ipv4_server.listen(this_obj.config.from_port, '0.0.0.0'); | ||
| ipv6_server.listen(this_obj.config.from_port, '::'); | ||
| this_obj.ipv4_server.listen(this_obj.config.from_port, '0.0.0.0'); | ||
| this_obj.ipv6_server.listen(this_obj.config.from_port, '::'); | ||
@@ -176,3 +180,18 @@ cb(null, this_obj); | ||
| /** | ||
| * Stop this proxy, shutting down its servers. Note that the servers will continue to hold existing connections until | ||
| * they complete: we make no effort to forcibly terminate connections. | ||
| */ | ||
| Proxy.prototype.stop = function() { | ||
| if (this.ipv4_server) { | ||
| this.ipv4_server.close(); | ||
| } | ||
| if (this.ipv6_server) { | ||
| this.ipv6_server.close(); | ||
| } | ||
| }; | ||
| // Expose Proxy class. | ||
| module.exports = Proxy; |
@@ -6,3 +6,3 @@ var _ = require('underscore'); | ||
| var encoding = require('../encoding.js'); | ||
| var logger = require('../logger.js').getLogger(); | ||
| var logger = require('../logger.js').getLogger({'module': __filename}); | ||
@@ -145,3 +145,3 @@ var ProxyQuotas = require('./quotas.js'); | ||
| setTimeout(function() { | ||
| // Once the settimeout has fired, allow keystore reloads to be queued again. | ||
| // Once the setTimeout has fired, allow keystore reloads to be queued again. | ||
| keystore_reload_pending = false; | ||
@@ -148,0 +148,0 @@ // We don't care what type of event happened in the key directory. We do a full |
@@ -0,1 +1,6 @@ | ||
| var module_tag = { | ||
| module: require('../../logger.js').getModulePath(__filename) | ||
| }; | ||
| /** | ||
@@ -6,5 +11,5 @@ * Utility method for returning a bad request failure message. | ||
| if (req && req.headers) { | ||
| logger.info("Rejecting %s %s%s, error %s", req.method, req.headers.host, req.url, message); | ||
| logger.info(module_tag, "Rejecting %s %s%s, error %s", req.method, req.headers.host, req.url, message); | ||
| } else { | ||
| logger.warn('Rejecting malformed request'); | ||
| logger.warn(module_tag, 'Rejecting malformed request'); | ||
| } | ||
@@ -11,0 +16,0 @@ |
@@ -0,1 +1,6 @@ | ||
| var module_tag = { | ||
| module: require('../../logger.js').getModulePath(__filename) | ||
| }; | ||
| /** | ||
@@ -5,3 +10,3 @@ * Utility method for returning an authentication failure message. | ||
| module.exports = function(logger, req, res, message) { | ||
| logger.info("Rejecting %s %s%s, error %s", req.method, req.headers.host, req.url, message); | ||
| logger.info(module_tag, "Rejecting %s %s%s, error %s", req.method, req.headers.host, req.url, message); | ||
| process.nextTick(function() { | ||
@@ -8,0 +13,0 @@ res.writeHead(401, message); |
@@ -15,2 +15,6 @@ var util = require('util'); | ||
| var module_tag = { | ||
| module: require('../../logger.js').getModulePath(__filename) | ||
| }; | ||
| /** | ||
@@ -100,6 +104,6 @@ * Sorts the encoded key value pairs by encoded name, then encoded value | ||
| proxy.logger.trace("req.body:\n%s", util.inspect(req.body)); | ||
| proxy.logger.trace("req.headers:\n%s", util.inspect(req.headers)); | ||
| proxy.logger.trace(module_tag, "req.body:\n%s", util.inspect(req.body)); | ||
| proxy.logger.trace(module_tag, "req.headers:\n%s", util.inspect(req.headers)); | ||
| proxy.logger.trace("Parsed auth header into:\n%s", util.inspect(req.oauth_params)); | ||
| proxy.logger.trace(module_tag, "Parsed auth header into:\n%s", util.inspect(req.oauth_params)); | ||
@@ -120,8 +124,8 @@ // Append & to consumer secret since we'll always have an empty string as the token secret | ||
| var signature_base = signature_bases.shift(); | ||
| proxy.logger.debug("Got signature_base\n%s", signature_base); | ||
| proxy.logger.debug(module_tag, "Got signature_base\n%s", signature_base); | ||
| var hash = crypto.createHmac("sha1", consumer_secret).update(signature_base).digest("base64"); | ||
| proxy.logger.trace("Hash\t%s", hash); | ||
| proxy.logger.trace("Sig\t%s", req.oauth_params[OAUTH_SIGNATURE]); | ||
| proxy.logger.trace(module_tag, "Hash\t%s", hash); | ||
| proxy.logger.trace(module_tag, "Sig\t%s", req.oauth_params[OAUTH_SIGNATURE]); | ||
@@ -132,3 +136,3 @@ if (req.oauth_params[OAUTH_SIGNATURE] === hash) { | ||
| req.headers[CONSUMER_KEY_HEADER] = consumer_key; | ||
| proxy.logger.info("Proxying %s %s%s, consumer key %s", req.method, req.headers.host, req.url, consumer_key); | ||
| proxy.logger.info(module_tag, "Proxying %s %s%s, consumer key %s", req.method, req.headers.host, req.url, consumer_key); | ||
| return next(); | ||
@@ -142,3 +146,4 @@ } | ||
| /* istanbul ignore else */ | ||
| if (proxy && proxy.logger) proxy.logger.error("Failed to handle request %s %s%s due to %s:\n%s", req.method, req.headers.host, req.url, e, e.stack); | ||
| if (proxy && proxy.logger) | ||
| proxy.logger.error(module_tag, "Failed to handle request %s %s%s due to %s:\n%s", req.method, req.headers.host, req.url, e, e.stack); | ||
| res.writeHead(500, 'Internal error'); | ||
@@ -145,0 +150,0 @@ return res.end(); |
@@ -5,2 +5,6 @@ var oauth_constants = require('../oauth_constants.js'); | ||
| var module_tag = { | ||
| module: require('../../logger.js').getModulePath(__filename) | ||
| }; | ||
| /** | ||
@@ -25,3 +29,3 @@ * Create a quota validator. If the request does not exceed our requests per second threshold, allow the request | ||
| if (key.threshold && key.hits > key.threshold) { | ||
| proxy.logger.error("%s had %s hits in the current interval, greater than the threshold of %s", key_name, key.hits, key.threshold); | ||
| proxy.logger.error(module_tag, "%s had %s hits in the current interval, greater than the threshold of %s", key_name, key.hits, key.threshold); | ||
| } | ||
@@ -28,0 +32,0 @@ |
@@ -5,3 +5,3 @@ var _ = require('underscore'); | ||
| var sprintf = require('../sprintf.js').sprintf; | ||
| var logger = require('../logger.js').getLogger(); | ||
| var logger = require('../logger.js').getLogger({'module': __filename}); | ||
@@ -8,0 +8,0 @@ /** |
| { | ||
| "name": "oauth_reverse_proxy", | ||
| "description": "An OAuth 1.0a authenticating reverse proxy", | ||
| "version": "1.2.0", | ||
| "version": "1.3.0", | ||
| "contributors": [ | ||
@@ -6,0 +6,0 @@ { |
@@ -5,3 +5,3 @@ oauth_reverse_proxy is an authenticating service proxy that fronts any web server and enforces that callers present the correct OAuth credentials. | ||
| Authenticaton for web applications, particularly applications created for machine-to-machine use, is often an afterthought or implemented in an insecure or incompatible fashion. We want a robust implementation of OAuth that can run on Windows or Unix systems in front of any HTTP-serving application and negotiated by clients written in any language. These are two-party connections, so we can use the simplest form of OAuth: zero-legged OAuth 1.0a. | ||
| Authenticaton for web applications, particularly applications created for machine-to-machine use, is often an afterthought or implemented in an insecure or incompatible fashion. We want a robust implementation of OAuth that can run on Windows or Unix systems in front of any HTTP-serving application and support clients written in any language. These are two-party connections, so we can use the simplest form of OAuth: zero-legged OAuth 1.0a. | ||
@@ -19,3 +19,3 @@ ##### Installation | ||
| * Faithfully implements the OAuth spec: This means that any client OAuth library you wish to use will work fine with `oauth_reverse_proxy`. The [test/clients](https://github.com/Cimpress-MCP/oauth_reverse_proxy/tree/master/test/clients) directory has sample code in 9 languages, and more test clients are always welcome. | ||
| * Built to perform: A single node can authenticate around 10k requests per second on reasonable hardware. | ||
| * Built to perform: A single node can authenticate around 10k requests per second on reasonable hardware. When Node.js' Cluster API leaves the experimental stage, we will investigate supporting multicore to scale even further. | ||
| * Supports inbound requests over http and https. | ||
@@ -63,2 +63,6 @@ * Is flexible enough to front multiple services: If you run more than one HTTP server per system, as is common in the case of an nginx-fronted application, you can put an instance of `oauth_reverse_proxy` either in front of or behind nginx. A single instance of `oauth_reverse_proxy` can bind a separate proxy to any number of inbound ports. | ||
| }] | ||
| }, | ||
| "https": { | ||
| "key": "/var/lib/ssl/key.pem", | ||
| "cert": "/var/lib/ssl/cert.pem" | ||
| } | ||
@@ -71,5 +75,5 @@ } | ||
| **from_port** - The port this proxy will open to the outside world. All inbound traffic to your service should be directed to this port to ensure that only authenticated requests reach your application. | ||
| **from_port** - The port this proxy will open to the outside world. All inbound traffic to your service should be directed to this port to ensure that only authenticated requests reach your application. Note that only one proxy can be bound to any given `from_port`. | ||
| **to_port** - The port to which this proxy will route authenticated traffic. This should be a port exposed by your application on the localhost interface so that unauthenticated traffic can not reach your application. | ||
| **to_port** - The port to which this proxy will route authenticated traffic. This should be a port exposed by your application on the localhost interface so that unauthenticated traffic can not reach your application. Unlike `from_port`, multiple proxies can forward traffic to the same `to_port`. This may be useful if you wish to expose your proxy over both HTTP and HTTPS. | ||
@@ -96,2 +100,4 @@ **oauth_secret_dir** - The directory in which consumer key / consumer secret pairs live. The name of each file in this directory is the consumer key, and the trimmed contents are the consumer secret. Consumer secrets must satisfy this regular expression: `/^[-_.=a-zA-Z0-9]+$/`. That is, the consumer secret must be alphanumeric or contain the characters `-`, `_`, `.`, or `=`. Any secret that does not match this pattern will not be loaded by `oauth_reverse_proxy`. A warning will be logged, but proxy startup will continue normally. | ||
| **https** The default behavior of `oauth_reverse_proxy` is to listen on an HTTP socket. If you wish to use HTTPS instead, you must specify an `https` object in the configuration for the proxy, providing a path to both a key and certificate pem file. Note that both a key and cert must be provided or the proxy will not be created. | ||
| #### Planned Features #### | ||
@@ -98,0 +104,0 @@ |
@@ -34,21 +34,15 @@ var fs = require('fs'); | ||
| it ('should reject an attempt to init oauth_reverse_proxy with an unset config_dir parameter', function(done) { | ||
| oauth_reverse_proxy.init(null, function(err, proxy) { | ||
| err.should.equal('Failed to open directory ' + null); | ||
| done(); | ||
| }); | ||
| it ('should reject an attempt to init oauth_reverse_proxy with an unset config_dir parameter', function() { | ||
| (function() { oauth_reverse_proxy.init(null, function() {}) }). | ||
| should.throw('config_directory invalid'); | ||
| }); | ||
| it ('should reject an attempt to init oauth_reverse_proxy with a config_dir referencing a nonexistent directory', function(done) { | ||
| oauth_reverse_proxy.init('./test/keys', function(err, proxy) { | ||
| err.should.equal('Failed to open directory ./test/keys'); | ||
| done(); | ||
| }); | ||
| it ('should reject an attempt to init oauth_reverse_proxy with a config_dir referencing a nonexistent directory', function() { | ||
| (function() { oauth_reverse_proxy.init('./test/keys', function() {}) }). | ||
| should.throw("ENOENT, no such file or directory './test/keys'"); | ||
| }); | ||
| it ('should reject an attempt to init oauth_reverse_proxy with a config_dir referencing a non-directory inode', function(done) { | ||
| oauth_reverse_proxy.init('./test/auth_proxy_abnormal_config.js', function(err, proxy) { | ||
| err.should.equal('oauth_reverse_proxy config dir is not a directory'); | ||
| done(); | ||
| }); | ||
| it ('should reject an attempt to init oauth_reverse_proxy with a config_dir referencing a non-directory inode', function() { | ||
| (function() { oauth_reverse_proxy.init('./test/auth_proxy_abnormal_config.js', function() {}) }). | ||
| should.throw("oauth_reverse_proxy config dir is not a directory"); | ||
| }); | ||
@@ -55,0 +49,0 @@ }); |
@@ -33,27 +33,31 @@ var should = require('should'); | ||
| before(function(done) { | ||
| rimraf('./test/keys/8008/8080', function(err) { | ||
| mkdirp('./test/keys/8008/8080', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'bash-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'dotnet-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'restsharp-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'java-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'node-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'perl-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'powershell-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'python-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'ruby-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'golang-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'mocha-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'quota-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'allowedsymbols-test-key', 'abc.def-ghi_jkl=', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'base64-test-key', 'helloworld========', function(err) { | ||
| // Keys that are expected to be rejected | ||
| keygen.createKey('./test/keys', 8008, 8080, 'escapechars-test-key', ';!@#$%^', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'bytes-test-key', crypto.randomBytes(256), function(err) { | ||
| // This is the secret we'll use for signing ad hoc requests for test cases. | ||
| request_sender.keys['mocha-test-key'] = fs.readFileSync('./test/keys/8008/8080/mocha-test-key') + '&'; | ||
| // This is the secret we'll use for testing higher quotas. This key is allowed to make 5 requests | ||
| // per second to the proxy defined in quota_service.json. | ||
| request_sender.keys['quota-test-key'] = fs.readFileSync('./test/keys/8008/8080/quota-test-key') + '&'; | ||
| done(err); | ||
| rimraf('./test/config.d/dynamic_config_service.json', function(err) { | ||
| rimraf('./test/config.d/dynamic_whitelist_config_service.json', function(err) { | ||
| rimraf('./test/keys/8008/8080', function(err) { | ||
| mkdirp('./test/keys/8008/8080', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'bash-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'dotnet-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'restsharp-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'java-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'node-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'perl-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'powershell-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'python-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'ruby-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'golang-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'mocha-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'quota-test-key', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'allowedsymbols-test-key', 'abc.def-ghi_jkl=', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'base64-test-key', 'helloworld========', function(err) { | ||
| // Keys that are expected to be rejected | ||
| keygen.createKey('./test/keys', 8008, 8080, 'escapechars-test-key', ';!@#$%^', function(err) { | ||
| keygen.createKey('./test/keys', 8008, 8080, 'bytes-test-key', crypto.randomBytes(256), function(err) { | ||
| // This is the secret we'll use for signing ad hoc requests for test cases. | ||
| request_sender.keys['mocha-test-key'] = fs.readFileSync('./test/keys/8008/8080/mocha-test-key') + '&'; | ||
| // This is the secret we'll use for testing higher quotas. This key is allowed to make 5 requests | ||
| // per second to the proxy defined in quota_service.json. | ||
| request_sender.keys['quota-test-key'] = fs.readFileSync('./test/keys/8008/8080/quota-test-key') + '&'; | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
@@ -83,4 +87,4 @@ }); | ||
| if (err) done('oauth_reverse_proxy startup failed: ' + err); | ||
| exports.proxies = proxies; | ||
| exports.proxy = proxies["jobs_service.json"]; | ||
| exports.proxies = require('../lib/proxy_manager.js').proxies; | ||
| exports.proxy = exports.proxies["jobs_service.json"]; | ||
@@ -87,0 +91,0 @@ if (typeof exports.proxy === 'string') { |
@@ -59,2 +59,2 @@ var fs = require('fs'); | ||
| }); | ||
| }); | ||
| }); |
@@ -6,2 +6,3 @@ Future Items: | ||
| - [x] Add support for per-key rate-limit quotas | ||
| - [x] Gracefully start, stop, and reload proxies if the configuration changes | ||
| - [ ] Add data collection via statsd |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.1%
16178297
- Number of package files
- increased by5.83%
127
- Lines of code
- increased by8.15%
4019
- Number of lines in readme file
- increased by5.88%
108
Worsened metrics
- Number of low supply chain risk alerts
- increased by4.17%
25
No dependency changes