|
| 1 | +import 'should'; |
| 2 | +import { AppMode, MasterExpressConfig, TlsMode } from '../../../shared/types'; |
| 3 | +import { |
| 4 | + createAwmClient, |
| 5 | + createAwmBackupClient, |
| 6 | +} from '../../../masterBitgoExpress/clients/advancedWalletManagerClient'; |
| 7 | + |
| 8 | +describe('AWM Backup Client', () => { |
| 9 | + const baseConfig: MasterExpressConfig = { |
| 10 | + appMode: AppMode.MASTER_EXPRESS, |
| 11 | + port: 3081, |
| 12 | + bind: 'localhost', |
| 13 | + timeout: 60000, |
| 14 | + httpLoggerFile: '', |
| 15 | + env: 'test', |
| 16 | + disableEnvCheck: true, |
| 17 | + authVersion: 2, |
| 18 | + advancedWalletManagerUrl: 'http://primary-awm.invalid', |
| 19 | + awmServerCaCert: 'dummy-cert', |
| 20 | + tlsMode: TlsMode.DISABLED, |
| 21 | + clientCertAllowSelfSigned: true, |
| 22 | + }; |
| 23 | + |
| 24 | + describe('createAwmBackupClient', () => { |
| 25 | + it('should return undefined when no backup URL is configured', () => { |
| 26 | + const result = createAwmBackupClient(baseConfig, 'tbtc'); |
| 27 | + (result === undefined).should.be.true(); |
| 28 | + }); |
| 29 | + |
| 30 | + it('should create a client when backup URL is configured', () => { |
| 31 | + const config: MasterExpressConfig = { |
| 32 | + ...baseConfig, |
| 33 | + advancedWalletManagerBackupUrl: 'http://backup-awm.invalid', |
| 34 | + }; |
| 35 | + const result = createAwmBackupClient(config, 'tbtc'); |
| 36 | + (result !== undefined).should.be.true(); |
| 37 | + }); |
| 38 | + |
| 39 | + it('should create a client pointing to the backup URL, not the primary', () => { |
| 40 | + const config: MasterExpressConfig = { |
| 41 | + ...baseConfig, |
| 42 | + advancedWalletManagerBackupUrl: 'http://backup-awm.invalid', |
| 43 | + }; |
| 44 | + const backupClient = createAwmBackupClient(config, 'tbtc'); |
| 45 | + const primaryClient = createAwmClient(config, 'tbtc'); |
| 46 | + |
| 47 | + // Both clients should exist |
| 48 | + (backupClient !== undefined).should.be.true(); |
| 49 | + (primaryClient !== undefined).should.be.true(); |
| 50 | + |
| 51 | + // They should be different instances |
| 52 | + (backupClient !== primaryClient).should.be.true(); |
| 53 | + }); |
| 54 | + |
| 55 | + it('should throw when backup URL is set with mTLS but backup server CA cert is missing', () => { |
| 56 | + const config: MasterExpressConfig = { |
| 57 | + ...baseConfig, |
| 58 | + tlsMode: TlsMode.MTLS, |
| 59 | + advancedWalletManagerBackupUrl: 'https://backup-awm.invalid', |
| 60 | + awmServerCaCert: 'primary-ca-cert', |
| 61 | + awmClientTlsKey: 'primary-client-key', |
| 62 | + awmClientTlsCert: 'primary-client-cert', |
| 63 | + // No backup-specific certs — should NOT fall back to primary |
| 64 | + }; |
| 65 | + (() => createAwmBackupClient(config, 'tbtc')).should.throw( |
| 66 | + /awmBackupServerCaCert is required/, |
| 67 | + ); |
| 68 | + }); |
| 69 | + |
| 70 | + it('should throw when backup URL is set with mTLS but backup client certs are missing', () => { |
| 71 | + const config: MasterExpressConfig = { |
| 72 | + ...baseConfig, |
| 73 | + tlsMode: TlsMode.MTLS, |
| 74 | + advancedWalletManagerBackupUrl: 'https://backup-awm.invalid', |
| 75 | + awmBackupServerCaCert: 'backup-ca-cert', |
| 76 | + // No backup client certs |
| 77 | + }; |
| 78 | + (() => createAwmBackupClient(config, 'tbtc')).should.throw( |
| 79 | + /awmBackupClientTlsKey and awmBackupClientTlsCert are required/, |
| 80 | + ); |
| 81 | + }); |
| 82 | + |
| 83 | + it('should create a client when all backup-specific certs are provided with mTLS', () => { |
| 84 | + const config: MasterExpressConfig = { |
| 85 | + ...baseConfig, |
| 86 | + tlsMode: TlsMode.MTLS, |
| 87 | + advancedWalletManagerBackupUrl: 'https://backup-awm.invalid', |
| 88 | + awmServerCaCert: 'primary-ca-cert', |
| 89 | + awmClientTlsKey: 'primary-client-key', |
| 90 | + awmClientTlsCert: 'primary-client-cert', |
| 91 | + awmBackupServerCaCert: 'backup-ca-cert', |
| 92 | + awmBackupClientTlsKey: 'backup-client-key', |
| 93 | + awmBackupClientTlsCert: 'backup-client-cert', |
| 94 | + }; |
| 95 | + const result = createAwmBackupClient(config, 'tbtc'); |
| 96 | + (result !== undefined).should.be.true(); |
| 97 | + }); |
| 98 | + }); |
| 99 | + |
| 100 | + describe('fallback behavior in middleware', () => { |
| 101 | + it('should use primary client for both user and backup when no backup URL is set', () => { |
| 102 | + const primaryClient = createAwmClient(baseConfig, 'tbtc'); |
| 103 | + const backupClient = createAwmBackupClient(baseConfig, 'tbtc'); |
| 104 | + |
| 105 | + (primaryClient !== undefined).should.be.true(); |
| 106 | + // No backup URL → backup client is undefined → middleware falls back to primary |
| 107 | + (backupClient === undefined).should.be.true(); |
| 108 | + |
| 109 | + // Middleware would do: awmBackupClient = backupClient ?? primaryClient |
| 110 | + const effectiveBackupClient = backupClient ?? primaryClient; |
| 111 | + (effectiveBackupClient === primaryClient).should.be.true(); |
| 112 | + }); |
| 113 | + |
| 114 | + it('should use separate client for backup when backup URL is set', () => { |
| 115 | + const config: MasterExpressConfig = { |
| 116 | + ...baseConfig, |
| 117 | + advancedWalletManagerBackupUrl: 'http://backup-awm.invalid', |
| 118 | + }; |
| 119 | + const primaryClient = createAwmClient(config, 'tbtc'); |
| 120 | + const backupClient = createAwmBackupClient(config, 'tbtc'); |
| 121 | + |
| 122 | + (primaryClient !== undefined).should.be.true(); |
| 123 | + (backupClient !== undefined).should.be.true(); |
| 124 | + |
| 125 | + // Middleware would do: awmBackupClient = backupClient ?? primaryClient |
| 126 | + const effectiveBackupClient = backupClient ?? primaryClient; |
| 127 | + (effectiveBackupClient === backupClient).should.be.true(); |
| 128 | + (effectiveBackupClient !== primaryClient).should.be.true(); |
| 129 | + }); |
| 130 | + }); |
| 131 | +}); |
0 commit comments