@@ -75,6 +75,107 @@ async fn auth_rejects_open_endpoint_when_token_set() {
7575 assert_eq ! ( resp. status( ) , StatusCode :: UNAUTHORIZED ) ;
7676}
7777
78+ /// Token-protected proxy accepts requests on open endpoint with valid Bearer header.
79+ #[ tokio:: test]
80+ async fn auth_accepts_bearer_header_on_open_endpoint ( ) {
81+ let server = MockServer :: start ( ) . await ;
82+ Mock :: given ( method ( "POST" ) )
83+ . respond_with ( ResponseTemplate :: new ( 200 ) . set_body_json ( ok_response ( "0xabc" ) ) )
84+ . mount ( & server)
85+ . await ;
86+
87+ let app = setup ( & server. uri ( ) , Some ( "secret" ) ) . await ;
88+
89+ let resp = app
90+ . oneshot (
91+ Request :: builder ( )
92+ . method ( "POST" )
93+ . uri ( "/" )
94+ . header ( "content-type" , "application/json" )
95+ . header ( "authorization" , "Bearer secret" )
96+ . body ( Body :: from (
97+ r#"{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}"# ,
98+ ) )
99+ . unwrap ( ) ,
100+ )
101+ . await
102+ . unwrap ( ) ;
103+
104+ assert_eq ! ( resp. status( ) , StatusCode :: OK ) ;
105+ let body: serde_json:: Value = serde_json:: from_slice (
106+ & axum:: body:: to_bytes ( resp. into_body ( ) , usize:: MAX )
107+ . await
108+ . unwrap ( ) ,
109+ )
110+ . unwrap ( ) ;
111+ assert_eq ! ( body[ "result" ] , "0xabc" ) ;
112+ }
113+
114+ /// Token-protected proxy rejects open endpoint with wrong Bearer header.
115+ #[ tokio:: test]
116+ async fn auth_rejects_wrong_bearer_header_on_open_endpoint ( ) {
117+ let server = MockServer :: start ( ) . await ;
118+ Mock :: given ( method ( "POST" ) )
119+ . respond_with ( ResponseTemplate :: new ( 200 ) . set_body_json ( ok_response ( "0x1" ) ) )
120+ . mount ( & server)
121+ . await ;
122+
123+ let app = setup ( & server. uri ( ) , Some ( "secret" ) ) . await ;
124+
125+ let resp = app
126+ . oneshot (
127+ Request :: builder ( )
128+ . method ( "POST" )
129+ . uri ( "/" )
130+ . header ( "content-type" , "application/json" )
131+ . header ( "authorization" , "Bearer wrong" )
132+ . body ( Body :: from (
133+ r#"{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}"# ,
134+ ) )
135+ . unwrap ( ) ,
136+ )
137+ . await
138+ . unwrap ( ) ;
139+
140+ assert_eq ! ( resp. status( ) , StatusCode :: UNAUTHORIZED ) ;
141+ }
142+
143+ /// Token-protected proxy accepts requests on token path with valid Bearer header (even if path token is wrong).
144+ #[ tokio:: test]
145+ async fn auth_accepts_bearer_header_on_token_path ( ) {
146+ let server = MockServer :: start ( ) . await ;
147+ Mock :: given ( method ( "POST" ) )
148+ . respond_with ( ResponseTemplate :: new ( 200 ) . set_body_json ( ok_response ( "0xdef" ) ) )
149+ . mount ( & server)
150+ . await ;
151+
152+ let app = setup ( & server. uri ( ) , Some ( "secret" ) ) . await ;
153+
154+ let resp = app
155+ . oneshot (
156+ Request :: builder ( )
157+ . method ( "POST" )
158+ . uri ( "/wrong-token" )
159+ . header ( "content-type" , "application/json" )
160+ . header ( "authorization" , "Bearer secret" )
161+ . body ( Body :: from (
162+ r#"{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}"# ,
163+ ) )
164+ . unwrap ( ) ,
165+ )
166+ . await
167+ . unwrap ( ) ;
168+
169+ assert_eq ! ( resp. status( ) , StatusCode :: OK ) ;
170+ let body: serde_json:: Value = serde_json:: from_slice (
171+ & axum:: body:: to_bytes ( resp. into_body ( ) , usize:: MAX )
172+ . await
173+ . unwrap ( ) ,
174+ )
175+ . unwrap ( ) ;
176+ assert_eq ! ( body[ "result" ] , "0xdef" ) ;
177+ }
178+
78179/// Token-protected proxy rejects requests with wrong token path.
79180#[ tokio:: test]
80181async fn auth_rejects_wrong_token_path ( ) {
0 commit comments