storj/satellite/console/consolewasm/access_test.go

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.

package consolewasm_test

import (
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"net/http/cookiejar"
	"strings"
	"testing"

	"github.com/stretchr/testify/require"

	"storj.io/common/testcontext"
	"storj.io/storj/private/testplanet"
	console "storj.io/storj/satellite/console/consolewasm"
	"storj.io/uplink"
)

// TestGenerateAccessGrant confirms that the access grant produced by the wasm access code
// is the same as the code the uplink cli uses to create access grants.
func TestGenerateAccessGrant(t *testing.T) {
	testplanet.Run(t, testplanet.Config{
		SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
	}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
		client := newTestClient(t, ctx, planet)
		user := client.defaultUser()
		uplinkPeer := planet.Uplinks[0]
		projectID := uplinkPeer.Projects[0].ID

		client.login(user.email, user.password)

		resp, bodyString := client.request(http.MethodGet, fmt.Sprintf("/projects/%s/salt", projectID.String()), nil)
		require.Equal(t, http.StatusOK, resp.StatusCode)

		var b64Salt string
		require.NoError(t, json.Unmarshal([]byte(bodyString), &b64Salt))

		satellitePeer := planet.Satellites[0]
		satelliteNodeURL := satellitePeer.NodeURL().String()

		apiKeyString := uplinkPeer.Projects[0].APIKey

		passphrase := "supersecretpassphrase"

		wasmAccessString, err := console.GenAccessGrant(satelliteNodeURL, apiKeyString, passphrase, b64Salt)
		require.NoError(t, err)

		uplinkCliAccess, err := uplinkPeer.Config.RequestAccessWithPassphrase(ctx, satelliteNodeURL, apiKeyString, passphrase)
		require.NoError(t, err)
		uplinkCliAccessString, err := uplinkCliAccess.Serialize()
		require.NoError(t, err)
		require.Equal(t, wasmAccessString, uplinkCliAccessString)
	})
}

// TestDefaultAccess confirms that you can perform basic uplink operations with
// the default access grant created from wasm code.
func TestDefaultAccess(t *testing.T) {
	testplanet.Run(t, testplanet.Config{
		SatelliteCount: 1, StorageNodeCount: 10, UplinkCount: 1,
	}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
		satellitePeer := planet.Satellites[0]
		satelliteNodeURL := satellitePeer.NodeURL().String()
		uplinkPeer := planet.Uplinks[0]
		APIKey := uplinkPeer.APIKey[satellitePeer.ID()]
		projectID := uplinkPeer.Projects[0].ID
		require.Equal(t, 1, len(uplinkPeer.Projects))

		passphrase := "supersecretpassphrase"
		testbucket1 := "buckettest1"
		testfilename := "file.txt"
		testdata := []byte("fun data")

		client := newTestClient(t, ctx, planet)
		user := client.defaultUser()
		client.login(user.email, user.password)

		resp, bodyString := client.request(http.MethodGet, fmt.Sprintf("/projects/%s/salt", projectID.String()), nil)
		require.Equal(t, http.StatusOK, resp.StatusCode)

		var b64Salt string
		require.NoError(t, json.Unmarshal([]byte(bodyString), &b64Salt))

		// Create an access with the console access grant code that allows full access.
		access, err := console.GenAccessGrant(satelliteNodeURL, APIKey.Serialize(), passphrase, b64Salt)
		require.NoError(t, err)
		newAccess, err := uplink.ParseAccess(access)
		require.NoError(t, err)
		uplinkPeer.Access[satellitePeer.ID()] = newAccess

		// Confirm that we can create a bucket, upload/download/delete an object, and delete the bucket with the new access.
		require.NoError(t, uplinkPeer.CreateBucket(ctx, satellitePeer, testbucket1))
		err = uplinkPeer.Upload(ctx, satellitePeer, testbucket1, testfilename, testdata)
		require.NoError(t, err)
		data, err := uplinkPeer.Download(ctx, satellitePeer, testbucket1, testfilename)
		require.NoError(t, err)
		require.Equal(t, data, testdata)
		buckets, err := uplinkPeer.ListBuckets(ctx, satellitePeer)
		require.NoError(t, err)
		require.Equal(t, len(buckets), 1)
		err = uplinkPeer.DeleteObject(ctx, satellitePeer, testbucket1, testfilename)
		require.NoError(t, err)
		require.NoError(t, uplinkPeer.DeleteBucket(ctx, satellitePeer, testbucket1))
	})
}

type testClient struct {
	t      *testing.T
	ctx    *testcontext.Context
	planet *testplanet.Planet
	client *http.Client
}

func newTestClient(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) testClient {
	jar, err := cookiejar.New(nil)
	require.NoError(t, err)
	return testClient{t: t, ctx: ctx, planet: planet, client: &http.Client{Jar: jar}}
}

type registeredUser struct {
	email    string
	password string
}

func (testClient *testClient) request(method string, path string, data io.Reader) (resp Response, body string) {
	req, err := http.NewRequestWithContext(testClient.ctx, method, testClient.url(path), data)
	require.NoError(testClient.t, err)
	req.Header = map[string][]string{
		"sec-ch-ua":        {`" Not A;Brand";v="99"`, `"Chromium";v="90"`, `"Google Chrome";v="90"`},
		"sec-ch-ua-mobile": {"?0"},
		"User-Agent":       {"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"},
		"Content-Type":     {"application/json"},
		"Accept":           {"*/*"},
	}
	return testClient.do(req)
}

// Response is a wrapper for http.Request to prevent false-positive with bodyclose check.
type Response struct{ *http.Response }

func (testClient *testClient) do(req *http.Request) (_ Response, body string) {
	resp, err := testClient.client.Do(req)
	require.NoError(testClient.t, err)

	data, err := io.ReadAll(resp.Body)
	require.NoError(testClient.t, err)
	require.NoError(testClient.t, resp.Body.Close())
	return Response{resp}, string(data)
}

func (testClient *testClient) url(suffix string) string {
	return testClient.planet.Satellites[0].ConsoleURL() + "/api/v0" + suffix
}

func (testClient *testClient) toJSON(v interface{}) io.Reader {
	data, err := json.Marshal(v)
	require.NoError(testClient.t, err)
	return strings.NewReader(string(data))
}

func (testClient *testClient) defaultUser() registeredUser {
	user := testClient.planet.Uplinks[0].User[testClient.planet.Satellites[0].ID()]
	return registeredUser{
		email:    user.Email,
		password: user.Password,
	}
}

func (testClient *testClient) login(email, password string) Response {
	resp, body := testClient.request(
		http.MethodPost, "/auth/token",
		testClient.toJSON(map[string]string{
			"email":    email,
			"password": password,
		}))
	cookie := findCookie(resp, "_tokenKey")
	require.NotNil(testClient.t, cookie)

	var tokenInfo struct {
		Token string `json:"token"`
	}
	require.NoError(testClient.t, json.Unmarshal([]byte(body), &tokenInfo))
	require.Equal(testClient.t, http.StatusOK, resp.StatusCode)
	require.Equal(testClient.t, tokenInfo.Token, cookie.Value)

	return resp
}

func findCookie(response Response, name string) *http.Cookie {
	for _, c := range response.Cookies() {
		if c.Name == name {
			return c
		}
	}
	return nil
}
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`// Copyright (C) 2020 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

satellite/console/wasm: reduce size to <9MB Make changes so that we only import the necessary files from the console package so that the generated wasm code is as small as possible. This change gets the compiled wasm code down to 8.6MB uncompressed and 2MB when compressed with `gzip --best`. https://review.dev.storj.io/c/storj/storj/+/3396 Change-Id: Ifdd4be285810757b46bbbe43327c0d0139e5f8f7 2020-12-14 16:33:33 +00:00			`package consolewasm_test`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00
			`import (`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"net/http"`
			`"net/http/cookiejar"`
			`"strings"`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`"testing"`

			`"github.com/stretchr/testify/require"`

			`"storj.io/common/testcontext"`
			`"storj.io/storj/private/testplanet"`
satellite/console/wasm: reduce size to <9MB Make changes so that we only import the necessary files from the console package so that the generated wasm code is as small as possible. This change gets the compiled wasm code down to 8.6MB uncompressed and 2MB when compressed with `gzip --best`. https://review.dev.storj.io/c/storj/storj/+/3396 Change-Id: Ifdd4be285810757b46bbbe43327c0d0139e5f8f7 2020-12-14 16:33:33 +00:00			`console "storj.io/storj/satellite/console/consolewasm"`
satellite/console/wasm: add more unit tests Change-Id: Ie134f8a08d690ce013039ed1a4e484f8b6a1a6d5 2021-01-05 22:24:46 +00:00			`"storj.io/uplink"`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`)`

			`// TestGenerateAccessGrant confirms that the access grant produced by the wasm access code`
			`// is the same as the code the uplink cli uses to create access grants.`
			`func TestGenerateAccessGrant(t *testing.T) {`
			`testplanet.Run(t, testplanet.Config{`
			`SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,`
			`}, func(t testing.T, ctx testcontext.Context, planet *testplanet.Planet) {`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`client := newTestClient(t, ctx, planet)`
			`user := client.defaultUser()`
			`uplinkPeer := planet.Uplinks[0]`
			`projectID := uplinkPeer.Projects[0].ID`

			`client.login(user.email, user.password)`

			`resp, bodyString := client.request(http.MethodGet, fmt.Sprintf("/projects/%s/salt", projectID.String()), nil)`
			`require.Equal(t, http.StatusOK, resp.StatusCode)`

			`var b64Salt string`
			`require.NoError(t, json.Unmarshal([]byte(bodyString), &b64Salt))`

satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`satellitePeer := planet.Satellites[0]`
			`satelliteNodeURL := satellitePeer.NodeURL().String()`

			`apiKeyString := uplinkPeer.Projects[0].APIKey`

			`passphrase := "supersecretpassphrase"`

{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`wasmAccessString, err := console.GenAccessGrant(satelliteNodeURL, apiKeyString, passphrase, b64Salt)`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`require.NoError(t, err)`

			`uplinkCliAccess, err := uplinkPeer.Config.RequestAccessWithPassphrase(ctx, satelliteNodeURL, apiKeyString, passphrase)`
			`require.NoError(t, err)`
			`uplinkCliAccessString, err := uplinkCliAccess.Serialize()`
			`require.NoError(t, err)`
			`require.Equal(t, wasmAccessString, uplinkCliAccessString)`
			`})`
			`}`
satellite/console/wasm: add more unit tests Change-Id: Ie134f8a08d690ce013039ed1a4e484f8b6a1a6d5 2021-01-05 22:24:46 +00:00
			`// TestDefaultAccess confirms that you can perform basic uplink operations with`
			`// the default access grant created from wasm code.`
			`func TestDefaultAccess(t *testing.T) {`
			`testplanet.Run(t, testplanet.Config{`
			`SatelliteCount: 1, StorageNodeCount: 10, UplinkCount: 1,`
			`}, func(t testing.T, ctx testcontext.Context, planet *testplanet.Planet) {`
			`satellitePeer := planet.Satellites[0]`
			`satelliteNodeURL := satellitePeer.NodeURL().String()`
			`uplinkPeer := planet.Uplinks[0]`
			`APIKey := uplinkPeer.APIKey[satellitePeer.ID()]`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`projectID := uplinkPeer.Projects[0].ID`
satellite/console/wasm: add more unit tests Change-Id: Ie134f8a08d690ce013039ed1a4e484f8b6a1a6d5 2021-01-05 22:24:46 +00:00			`require.Equal(t, 1, len(uplinkPeer.Projects))`

			`passphrase := "supersecretpassphrase"`
			`testbucket1 := "buckettest1"`
			`testfilename := "file.txt"`
			`testdata := []byte("fun data")`

{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`client := newTestClient(t, ctx, planet)`
			`user := client.defaultUser()`
			`client.login(user.email, user.password)`

			`resp, bodyString := client.request(http.MethodGet, fmt.Sprintf("/projects/%s/salt", projectID.String()), nil)`
			`require.Equal(t, http.StatusOK, resp.StatusCode)`

			`var b64Salt string`
			`require.NoError(t, json.Unmarshal([]byte(bodyString), &b64Salt))`

satellite/console/wasm: add more unit tests Change-Id: Ie134f8a08d690ce013039ed1a4e484f8b6a1a6d5 2021-01-05 22:24:46 +00:00			`// Create an access with the console access grant code that allows full access.`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`access, err := console.GenAccessGrant(satelliteNodeURL, APIKey.Serialize(), passphrase, b64Salt)`
satellite/console/wasm: add more unit tests Change-Id: Ie134f8a08d690ce013039ed1a4e484f8b6a1a6d5 2021-01-05 22:24:46 +00:00			`require.NoError(t, err)`
			`newAccess, err := uplink.ParseAccess(access)`
			`require.NoError(t, err)`
			`uplinkPeer.Access[satellitePeer.ID()] = newAccess`

			`// Confirm that we can create a bucket, upload/download/delete an object, and delete the bucket with the new access.`
			`require.NoError(t, uplinkPeer.CreateBucket(ctx, satellitePeer, testbucket1))`
			`err = uplinkPeer.Upload(ctx, satellitePeer, testbucket1, testfilename, testdata)`
			`require.NoError(t, err)`
			`data, err := uplinkPeer.Download(ctx, satellitePeer, testbucket1, testfilename)`
			`require.NoError(t, err)`
			`require.Equal(t, data, testdata)`
			`buckets, err := uplinkPeer.ListBuckets(ctx, satellitePeer)`
			`require.NoError(t, err)`
			`require.Equal(t, len(buckets), 1)`
			`err = uplinkPeer.DeleteObject(ctx, satellitePeer, testbucket1, testfilename)`
			`require.NoError(t, err)`
			`require.NoError(t, uplinkPeer.DeleteBucket(ctx, satellitePeer, testbucket1))`
			`})`
			`}`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00
			`type testClient struct {`
			`t *testing.T`
			`ctx *testcontext.Context`
			`planet *testplanet.Planet`
			`client *http.Client`
			`}`

			`func newTestClient(t testing.T, ctx testcontext.Context, planet *testplanet.Planet) testClient {`
			`jar, err := cookiejar.New(nil)`
			`require.NoError(t, err)`
			`return testClient{t: t, ctx: ctx, planet: planet, client: &http.Client{Jar: jar}}`
			`}`

			`type registeredUser struct {`
			`email string`
			`password string`
			`}`

			`func (testClient *testClient) request(method string, path string, data io.Reader) (resp Response, body string) {`
			`req, err := http.NewRequestWithContext(testClient.ctx, method, testClient.url(path), data)`
			`require.NoError(testClient.t, err)`
			`req.Header = map[string][]string{`
			"sec-ch-ua": {`" Not A;Brand";v="99"`, `"Chromium";v="90"`, `"Google Chrome";v="90"`},
			`"sec-ch-ua-mobile": {"?0"},`
			`"User-Agent": {"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"},`
			`"Content-Type": {"application/json"},`
			`"Accept": {"/"},`
			`}`
			`return testClient.do(req)`
			`}`

			`// Response is a wrapper for http.Request to prevent false-positive with bodyclose check.`
			`type Response struct{ *http.Response }`

			`func (testClient testClient) do(req http.Request) (_ Response, body string) {`
			`resp, err := testClient.client.Do(req)`
			`require.NoError(testClient.t, err)`

all: replace deprecated ioutil Change-Id: I60b0bbf5b68b066e2d44b8b99438594d600a3c2d 2022-10-31 15:12:17 +00:00			`data, err := io.ReadAll(resp.Body)`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`require.NoError(testClient.t, err)`
			`require.NoError(testClient.t, resp.Body.Close())`
			`return Response{resp}, string(data)`
			`}`

			`func (testClient *testClient) url(suffix string) string {`
			`return testClient.planet.Satellites[0].ConsoleURL() + "/api/v0" + suffix`
			`}`

			`func (testClient *testClient) toJSON(v interface{}) io.Reader {`
			`data, err := json.Marshal(v)`
			`require.NoError(testClient.t, err)`
			`return strings.NewReader(string(data))`
			`}`

			`func (testClient *testClient) defaultUser() registeredUser {`
			`user := testClient.planet.Uplinks[0].User[testClient.planet.Satellites[0].ID()]`
			`return registeredUser{`
			`email: user.Email,`
			`password: user.Password,`
			`}`
			`}`

			`func (testClient *testClient) login(email, password string) Response {`
			`resp, body := testClient.request(`
			`http.MethodPost, "/auth/token",`
			`testClient.toJSON(map[string]string{`
			`"email": email,`
			`"password": password,`
			`}))`
			`cookie := findCookie(resp, "_tokenKey")`
			`require.NotNil(testClient.t, cookie)`

			`var tokenInfo struct {`
			Token string `json:"token"`
			`}`
			`require.NoError(testClient.t, json.Unmarshal([]byte(body), &tokenInfo))`
			`require.Equal(testClient.t, http.StatusOK, resp.StatusCode)`
			`require.Equal(testClient.t, tokenInfo.Token, cookie.Value)`

			`return resp`
			`}`

			`func findCookie(response Response, name string) *http.Cookie {`
			`for _, c := range response.Cookies() {`
			`if c.Name == name {`
			`return c`
			`}`
			`}`
			`return nil`
			`}`