diff --git a/src/gateway/auth.test.ts b/src/gateway/auth.test.ts index bd075ddfd76..f6525d502a5 100644 --- a/src/gateway/auth.test.ts +++ b/src/gateway/auth.test.ts @@ -27,6 +27,24 @@ function createLimiterSpy(): AuthRateLimiter & { }; } +function createTailscaleForwardedReq(): never { + return { + socket: { remoteAddress: "127.0.0.1" }, + headers: { + host: "gateway.local", + "x-forwarded-for": "100.64.0.1", + "x-forwarded-proto": "https", + "x-forwarded-host": "ai-hub.bone-egret.ts.net", + "tailscale-user-login": "peter", + "tailscale-user-name": "Peter", + }, + } as never; +} + +function createTailscaleWhois() { + return async () => ({ login: "peter", name: "Peter" }); +} + describe("gateway auth", () => { it("resolves token/password from OPENCLAW gateway env vars", () => { expect( @@ -197,18 +215,8 @@ describe("gateway auth", () => { const res = await authorizeGatewayConnect({ auth: { mode: "token", token: "secret", allowTailscale: true }, connectAuth: null, - tailscaleWhois: async () => ({ login: "peter", name: "Peter" }), - req: { - socket: { remoteAddress: "127.0.0.1" }, - headers: { - host: "gateway.local", - "x-forwarded-for": "100.64.0.1", - "x-forwarded-proto": "https", - "x-forwarded-host": "ai-hub.bone-egret.ts.net", - "tailscale-user-login": "peter", - "tailscale-user-name": "Peter", - }, - } as never, + tailscaleWhois: createTailscaleWhois(), + req: createTailscaleForwardedReq(), }); expect(res.ok).toBe(false); @@ -219,19 +227,9 @@ describe("gateway auth", () => { const res = await authorizeGatewayConnect({ auth: { mode: "token", token: "secret", allowTailscale: true }, connectAuth: null, - tailscaleWhois: async () => ({ login: "peter", name: "Peter" }), + tailscaleWhois: createTailscaleWhois(), authSurface: "ws-control-ui", - req: { - socket: { remoteAddress: "127.0.0.1" }, - headers: { - host: "gateway.local", - "x-forwarded-for": "100.64.0.1", - "x-forwarded-proto": "https", - "x-forwarded-host": "ai-hub.bone-egret.ts.net", - "tailscale-user-login": "peter", - "tailscale-user-name": "Peter", - }, - } as never, + req: createTailscaleForwardedReq(), }); expect(res.ok).toBe(true); @@ -243,18 +241,8 @@ describe("gateway auth", () => { const res = await authorizeHttpGatewayConnect({ auth: { mode: "token", token: "secret", allowTailscale: true }, connectAuth: null, - tailscaleWhois: async () => ({ login: "peter", name: "Peter" }), - req: { - socket: { remoteAddress: "127.0.0.1" }, - headers: { - host: "gateway.local", - "x-forwarded-for": "100.64.0.1", - "x-forwarded-proto": "https", - "x-forwarded-host": "ai-hub.bone-egret.ts.net", - "tailscale-user-login": "peter", - "tailscale-user-name": "Peter", - }, - } as never, + tailscaleWhois: createTailscaleWhois(), + req: createTailscaleForwardedReq(), }); expect(res.ok).toBe(false); expect(res.reason).toBe("token_missing"); @@ -264,18 +252,8 @@ describe("gateway auth", () => { const res = await authorizeWsControlUiGatewayConnect({ auth: { mode: "token", token: "secret", allowTailscale: true }, connectAuth: null, - tailscaleWhois: async () => ({ login: "peter", name: "Peter" }), - req: { - socket: { remoteAddress: "127.0.0.1" }, - headers: { - host: "gateway.local", - "x-forwarded-for": "100.64.0.1", - "x-forwarded-proto": "https", - "x-forwarded-host": "ai-hub.bone-egret.ts.net", - "tailscale-user-login": "peter", - "tailscale-user-name": "Peter", - }, - } as never, + tailscaleWhois: createTailscaleWhois(), + req: createTailscaleForwardedReq(), }); expect(res.ok).toBe(true); expect(res.method).toBe("tailscale");