Add lots more httpbin endpoints

Author: pimterry

src/endpoints/groups.ts

@@ -43,6 +43,21 @@ export const httpTlsMetadata: EndpointGroup = {
     name: 'TLS Metadata'
 };
 
+export const httpRedirects: EndpointGroup = {
+    id: 'redirects',
+    name: 'Redirects'
+};
+
+export const httpResponseInspection: EndpointGroup = {
+    id: 'response-inspection',
+    name: 'Response Inspection'
+};
+
+export const httpDynamicData: EndpointGroup = {
+    id: 'dynamic-data',
+    name: 'Dynamic Data'
+};
+
 // WebSocket endpoint groups
 export const wsMessaging: EndpointGroup = {
     id: 'messaging',

src/endpoints/http-index.ts

@@ -35,7 +35,7 @@ export * from './http/user-agent.js';
 export * from './http/robots.txt.js';
 export * from './http/delay.js';
 export * from './http/cookies.js'
-export * from './http/basic-auth.js';
+export { basicAuth } from './http/basic-auth.js';
 export * from './http/json.js';
 export * from './http/xml.js';
 export * from './http/trailers.js';
@@ -49,4 +49,12 @@ export * from './http/encoding/zstd.js';
 export * from './http/encoding/brotli.js';
 export * from './http/encoding/identity.js';
 export * from './http/tls-fingerprint.js';
-export * from './http/tls-client-hello.js';
+export * from './http/tls-client-hello.js';
+export * from './http/uuid.js';
+export * from './http/deny.js';
+export * from './http/html.js';
+export * from './http/encoding/utf8.js';
+export * from './http/bearer.js';
+export * from './http/hidden-basic-auth.js';
+export * from './http/response-headers.js';
+export * from './http/base64.js';

src/endpoints/http/base64.ts

@@ -0,0 +1,32 @@
+import { HttpEndpoint } from '../http-index.js';
+import { httpDynamicData } from '../groups.js';
+
+export const base64Decode: HttpEndpoint = {
+    matchPath: (path) => path.startsWith('/base64/') && path.length > '/base64/'.length,
+    handle: (_req, res, { path }) => {
+        const encoded = path.slice('/base64/'.length);
+
+        const normalized = encoded.replace(/-/g, '+').replace(/_/g, '/');
+
+        try {
+            const decoded = Buffer.from(normalized, 'base64');
+
+            // Verify validity by round-tripping, since Buffer.from silently ignores invalid chars
+            if (decoded.toString('base64').replace(/=+$/, '') !== normalized.replace(/=+$/, '')) {
+                throw new Error('Invalid base64');
+            }
+
+            res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+            res.end(decoded);
+        } catch {
+            res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+            res.end('Incorrect Base64 data try: SGVsbG8gd29ybGQ= which decodes to: Hello world');
+        }
+    },
+    meta: {
+        path: '/base64/{value}',
+        description: 'Decodes a base64url-encoded string and returns the decoded value.',
+        examples: ['/base64/SGVsbG8gd29ybGQ='],
+        group: httpDynamicData
+    }
+};

src/endpoints/http/basic-auth.ts

@@ -1,24 +1,30 @@
 import { serializeJson } from '../../util.js';
-import { HttpEndpoint, HttpHandler } from '../http-index.js';
+import { HttpEndpoint, HttpHandler, HttpRequest } from '../http-index.js';
 import { httpAuthentication } from '../groups.js';
 
+export const checkBasicAuth = (req: HttpRequest, username: string, password: string): boolean => {
+    const authHeader = req.headers['authorization'];
+    if (!authHeader) return false;
+
+    const expectedAuth = Buffer.from(`${username}:${password}`).toString('base64');
+    const [authType, authValue] = authHeader.split(' ');
+    return authType === 'Basic' && authValue === expectedAuth;
+};
+
 const matchPath = (path: string) =>
     !!path.match(/^\/basic-auth\/([^\/]+)\/([^\/]+)$/);
 
 const handle: HttpHandler = (req, res, { path }) => {
     const [username, password] = path.split('/').slice(2);
-    const authHeader = req.headers['authorization'];
 
-    if (authHeader === undefined) {
+    if (!req.headers['authorization']) {
         res.writeHead(401, {
             'www-authenticate': 'Basic realm="Fake Realm"'
         }).end();
         return;
     }
 
-    const expectedAuth = Buffer.from(`${username}:${password}`).toString('base64');
-    const [authType, authValue] = authHeader.split(' ');
-    if (authType === 'Basic' && authValue === expectedAuth) {
+    if (checkBasicAuth(req, username, password)) {
         res.writeHead(200, {
             'content-type': 'application/json'
         });
@@ -42,4 +48,4 @@ export const basicAuth: HttpEndpoint = {
         examples: ['/basic-auth/admin/secret'],
         group: httpAuthentication
     }
-};
+};

src/endpoints/http/bearer.ts

@@ -0,0 +1,33 @@
+import { serializeJson } from '../../util.js';
+import { HttpEndpoint } from '../http-index.js';
+import { httpAuthentication } from '../groups.js';
+
+export const bearer: HttpEndpoint = {
+    matchPath: (path) => path === '/bearer',
+    handle: (req, res) => {
+        const authHeader = req.headers['authorization'];
+
+        const token = authHeader?.startsWith('Bearer ')
+            ? authHeader.slice('Bearer '.length)
+            : undefined;
+
+        if (token) {
+            res.writeHead(200, { 'content-type': 'application/json' });
+            res.end(serializeJson({
+                authenticated: true,
+                token
+            }));
+            return;
+        }
+
+        res.writeHead(401, {
+            'www-authenticate': 'Bearer'
+        }).end();
+    },
+    meta: {
+        path: '/bearer',
+        description: 'Checks for a Bearer token in the Authorization header. Returns 200 with token info on success, 401 if missing.',
+        examples: ['/bearer'],
+        group: httpAuthentication
+    }
+};

src/endpoints/http/deny.ts

@@ -0,0 +1,29 @@
+import { HttpEndpoint } from '../http-index.js';
+import { httpContentExamples } from '../groups.js';
+
+const DENY_TEXT = `
+          .-''''''-.
+        .' _      _ '.
+       /   O      O   \\
+      :                :
+      |                |
+      :       __       :
+       \\  .-"\`  \`"-.  /
+        '.          .'
+          '-......-'
+     YOU SHOULDN'T BE HERE
+`;
+
+export const deny: HttpEndpoint = {
+    matchPath: (path) => path === '/deny',
+    handle: (_req, res) => {
+        res.writeHead(200, { 'content-type': 'text/plain' });
+        res.end(DENY_TEXT);
+    },
+    meta: {
+        path: '/deny',
+        description: 'Returns a page denied by robots.txt.',
+        examples: ['/deny'],
+        group: httpContentExamples
+    }
+};