pyrox.dev
1{ pkgs, ... }:
2{
3 name = "rmfakecloud";
4 meta = with pkgs.lib.maintainers; {
5 maintainers = [ martinetd ];
6 };
7
8 nodes.machine = {
9 services.rmfakecloud = {
10 enable = true;
11 storageUrl = "https://local.appspot.com";
12 };
13 };
14
15 testScript = ''
16 machine.wait_for_unit("rmfakecloud.service")
17 machine.wait_for_open_port(3000)
18
19 # first login creates user
20 login_token = machine.succeed("""
21 curl -sSf -b cookie -c cookie -H "Content-Type: application/json" \
22 -d'{"email":"test","password":"test"}' -X POST \
23 http://localhost:3000/ui/api/login
24 """)
25
26 # subsequent different pass or mail should fail, but same login works
27 machine.fail("""
28 curl -sSf -H "Content-Type: application/json" \
29 -d'{"email":"test","password":"test2"}' -X POST \
30 http://localhost:3000/ui/api/login
31 """)
32 machine.fail("""
33 curl -sSf -H "Content-Type: application/json" \
34 -d'{"email":"test2","password":"test"}' -X POST
35 http://localhost:3000/ui/api/login
36 """)
37 machine.succeed("""
38 curl -sSf -H "Content-Type: application/json" \
39 -d'{"email":"test","password":"test"}' -X POST \
40 http://localhost:3000/ui/api/login
41 """)
42
43 # can get code from cookie or bearer
44 machine.succeed("""
45 curl -sSf -b cookie -c cookie http://localhost:3000/ui/api/newcode
46 """)
47 newcode = machine.succeed(f"""
48 curl -sSf -H "Authorization: Bearer {login_token}" \
49 http://localhost:3000/ui/api/newcode
50 """).strip('"')
51
52 # ... but not junk
53 machine.fail(f"""
54 curl -sSf -H "Authorization: Bearer abc{login_token}" \
55 http://localhost:3000/ui/api/newcode
56 """)
57
58 # can connect "device" with said code
59 machine.succeed(f"""
60 curl -sSf -d '{{"code":"{newcode}", "deviceDesc": "desc", "deviceID":"rm100-123"}}' \
61 http://localhost:3000/token/json/2/device/new
62 """)
63
64 # for future improvements
65 machine.log(machine.execute("systemd-analyze security rmfakecloud.service")[1])
66 '';
67}