Add integrated tests (#10)

+ Use pebble for integrated testing Bugs found during integ testing: + Use subjectAltName as commonName is actually deprecated + Prepare for asynchronous let's encrypt finalize order flow
willnode · Apr 9, 2024 · da05080 · da05080
1 parent 4df8f9a
commit da05080
Show file tree

Hide file tree

Showing 26 changed files with 504 additions and 3,766 deletions.
diff --git a/.env.test b/.env.test
@@ -0,0 +1,8 @@
+HTTP_PORT=8880
+HTTPS_PORT=8843
+STAT_PORT=8081
+WHITELIST_HOSTS=
+BLACKLIST_HOSTS="bad.example,evil.example"
+BLACKLIST_REDIRECT="https://forwarddomain.net/blacklisted"
+NODE_ENV=test
+NODE_TLS_REJECT_UNAUTHORIZED=0
diff --git a/.gitattributes b/.gitattributes
@@ -1,2 +1,6 @@
 # Auto detect text files and perform LF normalization
 * text=auto
+go.mod eol=lf text=auto
+go.sum eol=lf text=auto
+package.json eol=lf text=auto
+*.lockb binary diff=lockb
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,25 @@
+
+on:
+  push:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: 20
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: '^1.22.1'
+    - name: Install pebble
+      run: go install github.com/letsencrypt/pebble/v2/cmd/[email protected]
+    - name: Install dnsserver
+      run: go install github.com/dlorch/dnsserver@latest
+    - name: Install deps
+      run: npm install 
+    - name: Test
+      run: env PATH=${PATH}:`go env GOPATH`/bin npm test
diff --git a/HOSTING.md b/HOSTING.md
@@ -4,8 +4,11 @@ This guide will walk you through the process of setting up your own instance of
 
 ## Prerequisites
 
-- [Node.js](https://nodejs.org/en/) (version 16 or higher).
-- A machine with public IP address installed.
+- `node` LTS node (20.x or Higher)
+- `openssl` required for signing certs
+- `go` (>= 1.22) for running tests
+- `find`, `grep`, `wc` (linux standard tools) for running stats
+- A machine with public IP address installed
 
 ## Installation
 
@@ -26,6 +29,7 @@ This guide will walk you through the process of setting up your own instance of
 `WHITELIST_HOSTS` | A comma-separated list of root domains to whitelist
 `BLACKLIST_HOSTS` | A comma-separated list of root domains to blacklist
 `BLACKLIST_REDIRECT` | The URL to redirect to when a blacklisted host is accessed
+`OPENSSL_BIN` | (used by `pem` package) Path to `openssl` to override from PATH
 
 If `WHITELIST_HOSTS` is set, `BLACKLIST_HOSTS` is ignored. Both is mutually exclusive.
 
@@ -45,10 +49,12 @@ SSL certificates is saved in `./.certs` directory. No additional configuration i
 
 `sudo npm start` is recommended to run the app. This is because the app needs to listen to port 80 and 443 directly, which requires root access.
 
-If you want to run the app without root access, or wanted to filter some domains for other services, you have to use NGINX with stream plugin 
+If you want to run the app without root access, or wanted to filter some domains for other services, you have to use NGINX with stream plugin.
 
 ## NGINX + Stream Plugin
 
+You cannot run this server via regular NGINX's `server` directive because that's mean you won't get benefited from automatic HTTPS cert installation and only-DNS-needed setup approach.
+
 [NGINX Stream plugin](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) is used to filter some domain while still be able forwards HTTPS connection directly. It has to be that way since NGINX doesn't handle HTTPS certificates.
 
 This configuration below, setups the following:

diff --git a/app.js b/app.js
@@ -1,8 +1,7 @@
-import "dotenv/config.js";
 import {plainServer, secureServer} from "./index.js";
 
-const port80 = parseInt(process.env.HTTP_PORT || "80");
-const port443 = parseInt(process.env.HTTPS_PORT || "443");
-
+const port80 = parseInt(process.env.HTTP_PORT || "8080");
+const port443 = parseInt(process.env.HTTPS_PORT || "8443");
+console.log("Forward Domain running with env", process.env.NODE_ENV);
 plainServer.listen(port80, () => console.log(`HTTP server start at port ${port80}`));
 secureServer.listen(port443, () => console.log(`HTTPS server start at port ${port443}`));
diff --git a/index.js b/index.js
@@ -13,16 +13,12 @@ const secureServer = https.createServer({
 secureServer.on('listening', SniPrepare);
 
 if (isMainProcess(import.meta.url)) {
-    import ("dotenv/config.js");
     const port = parseInt(process.env.HTTP_PORT || "3000");
     plainServer.listen(port, function () {
         console.log(`HTTP server start at port ${port}`);
     });
 }
 
-// default export is to be deprecated
-export default plainServer;
-
 export {
     plainServer,
     secureServer