import { describe, expect, it, vi } from 'vitest'; import { AppserviceDaemon } from '../server.js'; import type { DaemonConfig, DaemonRequest } from '../server.js'; const cfg: DaemonConfig = { homeserverUrl: 'https://hs.example', domain: 'hs.example', asToken: 'as-secret', hsToken: 'hs-secret', bridgeTokens: ['bridge-secret'], }; const jsonResponse = (status: number, body: unknown): Response => new Response(JSON.stringify(body), { status, headers: { 'Content-Type': 'application/json' } }); const request = (overrides: Partial): DaemonRequest => ({ method: 'GET', path: '/', searchParams: new URLSearchParams(), body: undefined, ...overrides, }); const makeDaemon = () => { const fetchMock = vi.fn(async (_input: URL | string) => jsonResponse(200, { event_id: '$sent' })); const daemon = new AppserviceDaemon(cfg, fetchMock as unknown as typeof fetch, () => {}); return { daemon, fetchMock }; }; describe('AppserviceDaemon routing', () => { it('serves health unauthenticated', async () => { const { daemon } = makeDaemon(); expect((await daemon.handle(request({ path: '/health' }))).status).toBe(200); }); it('404s unknown paths', async () => { const { daemon } = makeDaemon(); expect((await daemon.handle(request({ path: '/nope' }))).status).toBe(404); }); it('transactions require the hs_token', async () => { const { daemon } = makeDaemon(); const bad = await daemon.handle( request({ method: 'PUT', path: '/_matrix/app/v1/transactions/t1', authorizationHeader: 'Bearer wrong', body: { events: [] }, }), ); expect(bad.status).toBe(403); const ok = await daemon.handle( request({ method: 'PUT', path: '/_matrix/app/v1/transactions/t1', authorizationHeader: 'Bearer hs-secret', body: { events: [{ type: 'm.room.message', event_id: '$e' }] }, }), ); expect(ok.status).toBe(200); }); it('bridge requires a bridge token (hs/as tokens do not work)', async () => { const { daemon } = makeDaemon(); for (const token of [undefined, 'Bearer hs-secret', 'Bearer as-secret', 'Bearer nope']) { const res = await daemon.handle( request({ method: 'POST', path: '/bridge/v1/messages', authorizationHeader: token, body: {}, }), ); expect(res.status).toBe(403); } }); it('bridge message sends as the agent and returns the event id', async () => { const { daemon, fetchMock } = makeDaemon(); const res = await daemon.handle( request({ method: 'POST', path: '/bridge/v1/messages', authorizationHeader: 'Bearer bridge-secret', body: { room_id: '!r:hs.example', agent: 'pi0-web1', body: 'hi', thread_root: '$req' }, }), ); expect(res.status).toBe(200); expect(res.body.event_id).toBe('$sent'); const sendCall = fetchMock.mock.calls .map((c) => new URL(String(c[0]))) .find((u) => u.pathname.includes('/send/m.room.message/')); expect(sendCall).toBeDefined(); expect(sendCall!.searchParams.get('user_id')).toBe('@agent-pi0-web1:hs.example'); }); it('bridge rejects invalid payloads with 400', async () => { const { daemon } = makeDaemon(); const res = await daemon.handle( request({ method: 'POST', path: '/bridge/v1/messages', authorizationHeader: 'Bearer bridge-secret', body: { room_id: 'bad', agent: 'pi0', body: 'x' }, }), ); expect(res.status).toBe(400); }); it('bridge typing endpoint works', async () => { const { daemon, fetchMock } = makeDaemon(); const res = await daemon.handle( request({ method: 'POST', path: '/bridge/v1/typing', authorizationHeader: 'Bearer bridge-secret', body: { room_id: '!r:hs.example', agent: 'pi0-web1', typing: true }, }), ); expect(res.status).toBe(200); const typingCall = fetchMock.mock.calls .map((c) => new URL(String(c[0]))) .find((u) => u.pathname.includes('/typing/')); expect(typingCall).toBeDefined(); }); it('authenticated unknown bridge sub-paths return 405, never fall through', async () => { const { daemon } = makeDaemon(); const res = await daemon.handle( request({ method: 'GET', path: '/bridge/v1/unknown', authorizationHeader: 'Bearer bridge-secret', }), ); expect(res.status).toBe(405); }); it('empty bridge token list denies everything', async () => { const daemon = new AppserviceDaemon({ ...cfg, bridgeTokens: [] }, undefined, () => {}); const res = await daemon.handle( request({ method: 'POST', path: '/bridge/v1/typing', authorizationHeader: 'Bearer bridge-secret', body: {}, }), ); expect(res.status).toBe(403); }); });