|
| 1 | +import { describe, expect, it } from "@effect/vitest"; |
| 2 | + |
| 3 | +import { browserTracesResponse } from "./browser-traces"; |
| 4 | + |
| 5 | +const makeRequest = (init?: RequestInit & { path?: string }) => |
| 6 | + new Request(`https://executor.sh${init?.path ?? "/v1/traces"}`, { |
| 7 | + method: "POST", |
| 8 | + body: "{}", |
| 9 | + ...init, |
| 10 | + }); |
| 11 | + |
| 12 | +const baseEnv = { |
| 13 | + AXIOM_TOKEN: "axiom-secret", |
| 14 | + AXIOM_DATASET: "executor-cloud", |
| 15 | +} as Env; |
| 16 | + |
| 17 | +describe("browserTracesResponse", () => { |
| 18 | + it("ignores non-/v1/traces requests entirely", () => { |
| 19 | + expect(browserTracesResponse(makeRequest({ path: "/api/tools" }), baseEnv)).toBeNull(); |
| 20 | + }); |
| 21 | + |
| 22 | + it("drops batches silently when Axiom is not configured", async () => { |
| 23 | + const response = await browserTracesResponse( |
| 24 | + makeRequest({ headers: { cookie: "wos-session=abc" } }), |
| 25 | + {} as Env, |
| 26 | + ); |
| 27 | + expect(response?.status).toBe(204); |
| 28 | + }); |
| 29 | + |
| 30 | + it("rejects anonymous posts", async () => { |
| 31 | + const response = await browserTracesResponse(makeRequest(), baseEnv); |
| 32 | + expect(response?.status).toBe(401); |
| 33 | + }); |
| 34 | + |
| 35 | + it("forwards to Axiom with server-held credentials and hides the upstream body", async () => { |
| 36 | + let seen: { url: string; auth: string | null; dataset: string | null } | undefined; |
| 37 | + const response = await browserTracesResponse( |
| 38 | + makeRequest({ headers: { cookie: "wos-session=abc" } }), |
| 39 | + baseEnv, |
| 40 | + (async (url: RequestInfo | URL, init?: RequestInit) => { |
| 41 | + seen = { |
| 42 | + url: String(url), |
| 43 | + auth: new Headers(init?.headers).get("authorization"), |
| 44 | + dataset: new Headers(init?.headers).get("x-axiom-dataset"), |
| 45 | + }; |
| 46 | + return new Response("axiom-internals", { status: 200 }); |
| 47 | + }) as typeof fetch, |
| 48 | + ); |
| 49 | + expect(seen?.url).toBe("https://api.axiom.co/v1/traces"); |
| 50 | + expect(seen?.auth).toBe("Bearer axiom-secret"); |
| 51 | + expect(seen?.dataset).toBe("executor-cloud"); |
| 52 | + expect(response?.status).toBe(204); |
| 53 | + expect(await response?.text()).toBe(""); |
| 54 | + }); |
| 55 | + |
| 56 | + it("reports upstream failure as 502 without leaking detail", async () => { |
| 57 | + const response = await browserTracesResponse( |
| 58 | + makeRequest({ headers: { cookie: "wos-session=abc" } }), |
| 59 | + baseEnv, |
| 60 | + (async () => new Response("denied", { status: 403 })) as typeof fetch, |
| 61 | + ); |
| 62 | + expect(response?.status).toBe(502); |
| 63 | + }); |
| 64 | + |
| 65 | + it("refuses oversized batches", async () => { |
| 66 | + const response = await browserTracesResponse( |
| 67 | + makeRequest({ |
| 68 | + headers: { |
| 69 | + cookie: "wos-session=abc", |
| 70 | + "content-length": String(3_000_000), |
| 71 | + }, |
| 72 | + }), |
| 73 | + baseEnv, |
| 74 | + ); |
| 75 | + expect(response?.status).toBe(413); |
| 76 | + }); |
| 77 | + |
| 78 | + it("only accepts POST", async () => { |
| 79 | + const response = await browserTracesResponse( |
| 80 | + new Request("https://executor.sh/v1/traces", { method: "GET" }), |
| 81 | + baseEnv, |
| 82 | + ); |
| 83 | + expect(response?.status).toBe(405); |
| 84 | + }); |
| 85 | +}); |
0 commit comments