fix(fetch.proxy) fix proxy authentication (#2554)

* fix proxy authentication * add auth tests * remove unused
author: Ciro Spaciari <ciro.spaciari@gmail.com> 2023-04-05 21:48:18 -0300
committer: GitHub <noreply@github.com> 2023-04-05 17:48:18 -0700
commit: d8c467be42427e1b52647cbbfd1974b887e17b35 (patch)
tree: f6c1ddb8a2dccdebbc2fc121d06b4247c9df0677 /test
parent: fd680d6c1d88caeb56f9d2280d28251eb9c64a93 (diff)
download: bun-d8c467be42427e1b52647cbbfd1974b887e17b35.tar.gz
bun-d8c467be42427e1b52647cbbfd1974b887e17b35.tar.zst
bun-d8c467be42427e1b52647cbbfd1974b887e17b35.zip
1 files changed, 84 insertions, 17 deletions
diff --git a/test/js/bun/http/proxy.test.js b/test/js/bun/http/proxy.test.js
index abe05133d..203cbc294 100644
--- a/test/js/bun/http/proxy.test.js
+++ b/test/js/bun/http/proxy.test.js
@@ -1,12 +1,13 @@
 import { afterAll, beforeAll, describe, expect, it } from "bun:test";
 import { gc } from "harness";
 
-let proxy, server;
+let proxy, auth_proxy, server;
 
 // TODO: Proxy with TLS requests
 
 beforeAll(() => {
   proxy = Bun.serve({
+    port: 0,
     async fetch(request) {
       // if is not an proxy connection just drop it
       if (!request.headers.has("proxy-connection")) {
@@ -24,9 +25,41 @@ beforeAll(() => {
       // no TLS support here
       return new Response("Bad Request", { status: 400 });
     },
-    port: 54312,
+  });
+  auth_proxy = Bun.serve({
+    port: 0,
+    async fetch(request) {
+      // if is not an proxy connection just drop it
+      if (!request.headers.has("proxy-connection")) {
+        return new Response("Bad Request", { status: 400 });
+      }
+
+      if (!request.headers.has("proxy-authorization")) {
+        return new Response("Proxy Authentication Required", { status: 407 });
+      }
+
+      const auth = Buffer.from(
+        request.headers.get("proxy-authorization").replace("Basic ", "").trim(),
+        "base64",
+      ).toString("utf8");
+      if (auth !== "squid_user:ASD123@123asd") {
+        return new Response("Forbidden", { status: 403 });
+      }
+
+      // simple http proxy
+      if (request.url.startsWith("http://")) {
+        return await fetch(request.url, {
+          method: request.method,
+          body: await request.text(),
+        });
+      }
+
+      // no TLS support here
+      return new Response("Bad Request", { status: 400 });
+    },
   });
   server = Bun.serve({
+    port: 0,
     async fetch(request) {
       if (request.method === "POST") {
         const text = await request.text();
@@ -34,36 +67,70 @@ beforeAll(() => {
       }
       return new Response("Hello, World", { status: 200 });
     },
-    port: 54322,
   });
 });
 
 afterAll(() => {
   server.stop();
   proxy.stop();
+  auth_proxy.stop();
 });
 
-describe("proxy", () => {
+it("proxy non-TLS", async () => {
+  const url = `http://localhost:${server.port}`;
+  const auth_proxy_url = `http://squid_user:ASD123%40123asd@localhost:${auth_proxy.port}`;
+  const proxy_url = `localhost:${proxy.port}`;
   const requests = [
-    [new Request("http://localhost:54322"), "fetch() GET with non-TLS Proxy", "http://localhost:54312"],
+    [new Request(url), auth_proxy_url],
+    [
+      new Request(url, {
+        method: "POST",
+        body: "Hello, World",
+      }),
+      auth_proxy_url,
+    ],
+    [url, auth_proxy_url],
+    [new Request(url), proxy_url],
     [
-      new Request("http://localhost:54322", {
+      new Request(url, {
         method: "POST",
         body: "Hello, World",
       }),
-      "fetch() POST with non-TLS Proxy",
-      "http://localhost:54312",
+      proxy_url,
     ],
+    [url, proxy_url],
   ];
-  for (let [request, name, proxy] of requests) {
+  for (let [request, proxy] of requests) {
     gc();
-    it(name, async () => {
-      gc();
-      const response = await fetch(request, { verbose: true, proxy });
-      gc();
-      const text = await response.text();
-      gc();
-      expect(text).toBe("Hello, World");
-    });
+    const response = await fetch(request, { verbose: true, proxy });
+    gc();
+    const text = await response.text();
+    gc();
+    expect(text).toBe("Hello, World");
+  }
+});
+
+it("proxy non-TLS auth can fail", async () => {
+  const url = `http://localhost:${server.port}`;
+
+  {
+    try {
+      const response = await fetch(url, { verbose: true, proxy: `http://localhost:${auth_proxy.port}` });
+      expect(response.statusText).toBe("Proxy Authentication Required");
+    } catch (err) {
+      expect(err).toBe("Proxy Authentication Required");
+    }
+  }
+
+  {
+    try {
+      const response = await fetch(url, {
+        verbose: true,
+        proxy: `http://squid_user:asdf123@localhost:${auth_proxy.port}`,
+      });
+      expect(response.statusText).toBe("Forbidden");
+    } catch (err) {
+      expect(err).toBe("Forbidden");
+    }
   }
 });
author	Ciro Spaciari <ciro.spaciari@gmail.com>	2023-04-05 21:48:18 -0300
committer	GitHub <noreply@github.com>	2023-04-05 17:48:18 -0700
commit	d8c467be42427e1b52647cbbfd1974b887e17b35 (patch)
tree	f6c1ddb8a2dccdebbc2fc121d06b4247c9df0677 /test
parent	fd680d6c1d88caeb56f9d2280d28251eb9c64a93 (diff)
download	bun-d8c467be42427e1b52647cbbfd1974b887e17b35.tar.gz bun-d8c467be42427e1b52647cbbfd1974b887e17b35.tar.zst bun-d8c467be42427e1b52647cbbfd1974b887e17b35.zip