Add tests for request validation, responses, and auth

Test validate_grpc_request (method and content-type checks),
grpc_error_response/grpc_response structure, GrpcBody poll
sequences (Unary and Empty), all ldk_error_to_grpc_status
variants, and auth edge cases (timestamp boundaries, future
timestamps, malformed HMACs, empty API key).

Also make validate_grpc_request generic over body type since
it only inspects headers — this enabled testing without needing
to construct hyper::body::Incoming.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: benthecarman

ldk-server/src/grpc.rs

@@ -16,7 +16,7 @@ use std::pin::Pin;
 use std::task::{Context, Poll};
 
 use bytes::{BufMut, Bytes, BytesMut};
-use hyper::body::{Frame, Incoming};
+use hyper::body::Frame;
 use hyper::header::HeaderValue;
 use hyper::http::HeaderMap;
 use hyper::{Request, Response};
@@ -255,7 +255,7 @@ pub(crate) fn grpc_response(body: GrpcBody) -> Response<GrpcBody> {
 }
 
 /// Validate that the request looks like a gRPC call.
-pub(crate) fn validate_grpc_request(req: &Request<Incoming>) -> Result<(), GrpcStatus> {
+pub(crate) fn validate_grpc_request<B>(req: &Request<B>) -> Result<(), GrpcStatus> {
 	if req.method() != hyper::Method::POST {
 		return Err(GrpcStatus::new(GRPC_STATUS_UNIMPLEMENTED, "gRPC requires POST method"));
 	}
@@ -445,4 +445,174 @@ mod tests {
 		assert_eq!(parse_grpc_timeout("S"), None);
 		assert_eq!(parse_grpc_timeout("5x"), None);
 	}
+
+	#[test]
+	fn test_validate_grpc_request_valid() {
+		let req = Request::builder()
+			.method("POST")
+			.header("content-type", "application/grpc")
+			.body(())
+			.unwrap();
+		assert!(validate_grpc_request(&req).is_ok());
+
+		let req = Request::builder()
+			.method("POST")
+			.header("content-type", "application/grpc+proto")
+			.body(())
+			.unwrap();
+		assert!(validate_grpc_request(&req).is_ok());
+	}
+
+	#[test]
+	fn test_validate_grpc_request_wrong_method() {
+		let req = Request::builder()
+			.method("GET")
+			.header("content-type", "application/grpc")
+			.body(())
+			.unwrap();
+		let err = validate_grpc_request(&req).unwrap_err();
+		assert_eq!(err.code, GRPC_STATUS_UNIMPLEMENTED);
+	}
+
+	#[test]
+	fn test_validate_grpc_request_wrong_content_type() {
+		let cases =
+			["application/json", "application/grpc+json", "application/grpcfoo", "text/plain", ""];
+		for ct in &cases {
+			let req =
+				Request::builder().method("POST").header("content-type", *ct).body(()).unwrap();
+			let err = validate_grpc_request(&req).unwrap_err();
+			assert_eq!(err.code, GRPC_STATUS_INVALID_ARGUMENT, "should reject content-type {ct:?}");
+		}
+	}
+
+	#[test]
+	fn test_validate_grpc_request_missing_content_type() {
+		let req = Request::builder().method("POST").body(()).unwrap();
+		let err = validate_grpc_request(&req).unwrap_err();
+		assert_eq!(err.code, GRPC_STATUS_INVALID_ARGUMENT);
+	}
+
+	#[test]
+	fn test_ldk_error_to_grpc_status_all_variants() {
+		let cases = [
+			(LdkServerErrorCode::InvalidRequestError, GRPC_STATUS_INVALID_ARGUMENT),
+			(LdkServerErrorCode::AuthError, GRPC_STATUS_UNAUTHENTICATED),
+			(LdkServerErrorCode::LightningError, GRPC_STATUS_FAILED_PRECONDITION),
+			(LdkServerErrorCode::InternalServerError, GRPC_STATUS_INTERNAL),
+		];
+		for (error_code, expected_grpc_code) in cases {
+			let e = LdkServerError::new(error_code, "test message");
+			let s = ldk_error_to_grpc_status(e);
+			assert_eq!(s.code, expected_grpc_code);
+			assert_eq!(s.message, "test message");
+		}
+	}
+
+	#[test]
+	fn test_grpc_error_response_structure() {
+		let status = GrpcStatus::new(GRPC_STATUS_INTERNAL, "something broke");
+		let resp = grpc_error_response(status);
+
+		assert_eq!(resp.status(), 200);
+		assert_eq!(resp.headers().get("content-type").unwrap(), GRPC_CONTENT_TYPE);
+		assert_eq!(
+			resp.headers().get(GRPC_ACCEPT_ENCODING_HEADER).unwrap(),
+			GRPC_ENCODING_IDENTITY
+		);
+		assert_eq!(
+			resp.headers().get(GRPC_STATUS_HEADER).unwrap(),
+			&GRPC_STATUS_INTERNAL.to_string()
+		);
+		assert_eq!(resp.headers().get(GRPC_MESSAGE_HEADER).unwrap(), "something broke");
+	}
+
+	#[test]
+	fn test_grpc_error_response_empty_message_omits_grpc_message() {
+		let status = GrpcStatus::new(GRPC_STATUS_UNAUTHENTICATED, "");
+		let resp = grpc_error_response(status);
+
+		assert_eq!(resp.headers().get(GRPC_STATUS_HEADER).unwrap(), "16");
+		assert!(resp.headers().get(GRPC_MESSAGE_HEADER).is_none());
+	}
+
+	#[test]
+	fn test_grpc_response_headers() {
+		let body = GrpcBody::Unary { data: Some(Bytes::new()), trailers_sent: false };
+		let resp = grpc_response(body);
+
+		assert_eq!(resp.status(), 200);
+		assert_eq!(resp.headers().get("content-type").unwrap(), GRPC_CONTENT_TYPE);
+		assert_eq!(
+			resp.headers().get(GRPC_ACCEPT_ENCODING_HEADER).unwrap(),
+			GRPC_ENCODING_IDENTITY
+		);
+	}
+
+	#[test]
+	fn test_grpc_body_unary_poll_sequence() {
+		use hyper::body::Body;
+		use std::task::{Context, Poll, RawWaker, RawWakerVTable, Waker};
+
+		fn noop_waker() -> Waker {
+			fn no_op(_: *const ()) {}
+			fn clone(p: *const ()) -> RawWaker {
+				RawWaker::new(p, &VTABLE)
+			}
+			static VTABLE: RawWakerVTable = RawWakerVTable::new(clone, no_op, no_op, no_op);
+			unsafe { Waker::from_raw(RawWaker::new(std::ptr::null(), &VTABLE)) }
+		}
+
+		let payload = encode_grpc_frame(b"test");
+		let mut body = GrpcBody::Unary { data: Some(payload.clone()), trailers_sent: false };
+
+		let waker = noop_waker();
+		let mut cx = Context::from_waker(&waker);
+
+		// First poll: data frame
+		let frame = Pin::new(&mut body).poll_frame(&mut cx);
+		match frame {
+			Poll::Ready(Some(Ok(ref f))) => assert!(f.is_data()),
+			ref other => panic!("expected data frame, got {other:?}"),
+		}
+
+		// Second poll: trailers
+		let frame = Pin::new(&mut body).poll_frame(&mut cx);
+		match frame {
+			Poll::Ready(Some(Ok(f))) => {
+				let trailers = f.into_trailers().expect("expected trailers");
+				assert_eq!(trailers.get(GRPC_STATUS_HEADER).unwrap(), "0");
+			},
+			ref other => panic!("expected trailers frame, got {other:?}"),
+		}
+
+		// Third poll: end of stream
+		let frame: Poll<Option<Result<hyper::body::Frame<Bytes>, hyper::Error>>> =
+			Pin::new(&mut body).poll_frame(&mut cx);
+		assert!(matches!(frame, Poll::Ready(None)));
+	}
+
+	#[test]
+	fn test_grpc_body_empty_poll() {
+		use hyper::body::Body;
+		use std::task::{Context, Poll, RawWaker, RawWakerVTable, Waker};
+
+		fn noop_waker() -> Waker {
+			fn no_op(_: *const ()) {}
+			fn clone(p: *const ()) -> RawWaker {
+				RawWaker::new(p, &VTABLE)
+			}
+			static VTABLE: RawWakerVTable = RawWakerVTable::new(clone, no_op, no_op, no_op);
+			unsafe { Waker::from_raw(RawWaker::new(std::ptr::null(), &VTABLE)) }
+		}
+
+		let mut body = GrpcBody::Empty;
+		let waker = noop_waker();
+		let mut cx = Context::from_waker(&waker);
+
+		// Empty body returns None immediately
+		let frame: Poll<Option<Result<hyper::body::Frame<Bytes>, hyper::Error>>> =
+			Pin::new(&mut body).poll_frame(&mut cx);
+		assert!(matches!(frame, Poll::Ready(None)));
+	}
 }

ldk-server/src/service.rs

@@ -539,4 +539,74 @@ mod tests {
 		assert!(result.is_err());
 		assert_eq!(result.unwrap_err().error_code, LdkServerErrorCode::AuthError);
 	}
+
+	#[test]
+	fn test_validate_auth_timestamp_at_tolerance_boundary() {
+		let api_key = "test_api_key";
+		// Exactly at the boundary (60 seconds ago) should still be accepted
+		let now =
+			std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
+		let timestamp = now - AUTH_TIMESTAMP_TOLERANCE_SECS;
+		let hmac = compute_hmac(api_key, timestamp);
+		let req = create_test_request(Some(format!("HMAC {timestamp}:{hmac}")));
+		assert!(validate_auth(&req, api_key).is_ok());
+
+		// One second past the boundary should be rejected
+		let timestamp = now - AUTH_TIMESTAMP_TOLERANCE_SECS - 1;
+		let hmac = compute_hmac(api_key, timestamp);
+		let req = create_test_request(Some(format!("HMAC {timestamp}:{hmac}")));
+		assert!(validate_auth(&req, api_key).is_err());
+	}
+
+	#[test]
+	fn test_validate_auth_future_timestamp() {
+		let api_key = "test_api_key";
+		// Slightly in the future should be accepted (clock skew)
+		let now =
+			std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
+		let timestamp = now + 30;
+		let hmac = compute_hmac(api_key, timestamp);
+		let req = create_test_request(Some(format!("HMAC {timestamp}:{hmac}")));
+		assert!(validate_auth(&req, api_key).is_ok());
+
+		// Far future should be rejected
+		let timestamp = now + AUTH_TIMESTAMP_TOLERANCE_SECS + 1;
+		let hmac = compute_hmac(api_key, timestamp);
+		let req = create_test_request(Some(format!("HMAC {timestamp}:{hmac}")));
+		assert!(validate_auth(&req, api_key).is_err());
+	}
+
+	#[test]
+	fn test_validate_auth_malformed_hmac() {
+		let now =
+			std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
+		// Truncated HMAC
+		let req = create_test_request(Some(format!("HMAC {now}:deadbeef")));
+		let result = validate_auth(&req, "test_key");
+		assert!(result.is_err());
+		assert_eq!(result.unwrap_err().error_code, LdkServerErrorCode::AuthError);
+
+		// Non-hex HMAC
+		let req = create_test_request(Some(format!("HMAC {now}:not-hex-at-all!")));
+		let result = validate_auth(&req, "test_key");
+		assert!(result.is_err());
+		assert_eq!(result.unwrap_err().error_code, LdkServerErrorCode::AuthError);
+
+		// Empty HMAC
+		let req = create_test_request(Some(format!("HMAC {now}:")));
+		let result = validate_auth(&req, "test_key");
+		assert!(result.is_err());
+		assert_eq!(result.unwrap_err().error_code, LdkServerErrorCode::AuthError);
+	}
+
+	#[test]
+	fn test_validate_auth_empty_api_key() {
+		let api_key = "";
+		let timestamp =
+			std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
+		let hmac = compute_hmac(api_key, timestamp);
+		let req = create_test_request(Some(format!("HMAC {timestamp}:{hmac}")));
+		// Empty key should still work (HMAC is well-defined for empty keys)
+		assert!(validate_auth(&req, api_key).is_ok());
+	}
 }