NotAShelf
e567491856
Fuck em. Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I725b137678112580cd7445a8d12f52f56a6a6964
117 lines
2.8 KiB
Go
117 lines
2.8 KiB
Go
package mesh_test
|
|
|
|
import (
|
|
"net"
|
|
"testing"
|
|
"time"
|
|
|
|
"notashelf.dev/ncro/internal/cache"
|
|
"notashelf.dev/ncro/internal/mesh"
|
|
)
|
|
|
|
func freeUDPAddr(t *testing.T) string {
|
|
t.Helper()
|
|
conn, err := net.ListenPacket("udp", "127.0.0.1:0")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
addr := conn.LocalAddr().String()
|
|
conn.Close()
|
|
return addr
|
|
}
|
|
|
|
func TestAnnounceAndReceive(t *testing.T) {
|
|
store := mesh.NewRouteStore()
|
|
node, err := mesh.NewNode("", store)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
addr := freeUDPAddr(t)
|
|
// Allow messages from our own node (its public key is the only allowed key).
|
|
if err := mesh.ListenAndServe(addr, store, node.PublicKey()); err != nil {
|
|
t.Fatalf("ListenAndServe: %v", err)
|
|
}
|
|
|
|
routes := []cache.RouteEntry{
|
|
{
|
|
StorePath: "test-pkg-abc",
|
|
UpstreamURL: "https://cache.nixos.org",
|
|
LatencyEMA: 25,
|
|
TTL: time.Now().Add(time.Hour),
|
|
},
|
|
}
|
|
|
|
if err := mesh.Announce(addr, node, routes); err != nil {
|
|
t.Fatalf("Announce: %v", err)
|
|
}
|
|
|
|
time.Sleep(50 * time.Millisecond)
|
|
|
|
entry := store.Get("test-pkg-abc")
|
|
if entry == nil {
|
|
t.Fatal("route not merged into store after announce")
|
|
}
|
|
if entry.UpstreamURL != "https://cache.nixos.org" {
|
|
t.Errorf("UpstreamURL = %q", entry.UpstreamURL)
|
|
}
|
|
}
|
|
|
|
func TestRejectUnknownSender(t *testing.T) {
|
|
store := mesh.NewRouteStore()
|
|
|
|
// Listener node, this'll reject messages not from trusted
|
|
trusted, err := mesh.NewNode("", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// Untrusted sender
|
|
untrusted, err := mesh.NewNode("", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
addr := freeUDPAddr(t)
|
|
// Only allow trusted node's key.
|
|
if err := mesh.ListenAndServe(addr, store, trusted.PublicKey()); err != nil {
|
|
t.Fatalf("ListenAndServe: %v", err)
|
|
}
|
|
|
|
routes := []cache.RouteEntry{
|
|
{StorePath: "untrusted-pkg", UpstreamURL: "https://evil.example.com",
|
|
TTL: time.Now().Add(time.Hour)},
|
|
}
|
|
mesh.Announce(addr, untrusted, routes)
|
|
time.Sleep(50 * time.Millisecond)
|
|
|
|
if entry := store.Get("untrusted-pkg"); entry != nil {
|
|
t.Error("route from untrusted sender should have been rejected")
|
|
}
|
|
}
|
|
|
|
func TestRejectTamperedMessage(t *testing.T) {
|
|
// This is covered by TestVerifyFailsOnTamper the mesh tests on the crypto level.
|
|
// Here we verify the full pipeline rejects a re-signed-but-tampered body.
|
|
store := mesh.NewRouteStore()
|
|
node, err := mesh.NewNode("", store)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
addr := freeUDPAddr(t)
|
|
if err := mesh.ListenAndServe(addr, store, node.PublicKey()); err != nil {
|
|
t.Fatalf("ListenAndServe: %v", err)
|
|
}
|
|
|
|
// Send a valid message first to confirm it works.
|
|
routes := []cache.RouteEntry{
|
|
{StorePath: "legit-pkg", UpstreamURL: "https://cache.nixos.org",
|
|
TTL: time.Now().Add(time.Hour)},
|
|
}
|
|
mesh.Announce(addr, node, routes)
|
|
time.Sleep(50 * time.Millisecond)
|
|
|
|
if store.Get("legit-pkg") == nil {
|
|
t.Fatal("valid message should have been accepted")
|
|
}
|
|
}
|