btdt-server 0.3.2

Server component for "been there, done that" - a tool for flexible CI caching
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

use biscuit_auth::KeyPair;
use btdt_server_lib::test_server::BtdtTestServer;
use reqwest::StatusCode;
use serial_test::serial;
use std::collections::BTreeMap;
use std::fs::File;
use std::io::Read;
use std::os::unix::fs::PermissionsExt;
use tempfile::NamedTempFile;
use zeroize::Zeroizing;

#[test]
#[serial]
fn test_api_docs_enabled_by_default() {
    let server = BtdtTestServer::default().wait_until_ready().unwrap();
    let response = server.get("/docs").send().unwrap();
    assert!(response.status().is_success());
}

#[test]
#[serial]
fn test_disable_api_docs() {
    let server = BtdtTestServer::new(&BTreeMap::from([(
        "BTDT_ENABLE_API_DOCS".to_string(),
        "false".to_string(),
    )]))
    .wait_until_ready()
    .unwrap();
    let response = server.get("/docs").send().unwrap();
    assert_eq!(response.status(), StatusCode::NOT_FOUND);
}

#[test]
#[serial]
fn test_will_not_start_with_lenient_permission_on_auth_private_key() {
    let private_key_file = NamedTempFile::new().unwrap();
    std::fs::set_permissions(
        private_key_file.path(),
        std::fs::Permissions::from_mode(0o644),
    )
    .unwrap();

    let server = BtdtTestServer::new(&BTreeMap::from([(
        "BTDT_AUTH_PRIVATE_KEY".to_string(),
        private_key_file
            .path()
            .to_str()
            .expect("path not convertible to str")
            .to_string(),
    )]));

    let result = server.wait_for_shutdown().unwrap().unwrap();
    assert!(result.code().is_some_and(|code| code != 0));
}

#[test]
#[serial]
fn test_creates_private_key_file_with_strict_permissions_if_missing() {
    let temp_dir = tempfile::tempdir().unwrap();
    let private_key_path = temp_dir.path().join("private_key.pem");

    let server = BtdtTestServer::new(&BTreeMap::from([(
        "BTDT_AUTH_PRIVATE_KEY".to_string(),
        private_key_path
            .to_str()
            .expect("path not convertible to str")
            .to_string(),
    )]));
    server.wait_until_ready().unwrap();

    let metadata = std::fs::metadata(&private_key_path).unwrap();
    let mode = metadata.permissions().mode() & 0o777;
    assert_eq!(
        mode, 0o600,
        "expected private key file to have 0o600 permissions, got {:o}",
        mode
    );

    let mut key_pem = Zeroizing::new(String::new());
    let mut keyfile = File::open(&private_key_path).unwrap();
    keyfile.read_to_string(&mut key_pem).unwrap();
    assert!(KeyPair::from_private_key_pem(&key_pem).is_ok());
}