feat: add integration tests for blocking

storacha · Aug 9, 2023 · 98f6a6b · 98f6a6b
1 parent e105fd2
commit 98f6a6b
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 6 deletions.
diff --git a/test/helpers/up-client.js b/test/helpers/up-client.js
@@ -31,17 +31,21 @@ async function createMailSlurpInbox() {
   }
 }
 
-export async function setupNewClient (uploadServiceUrl, options = {}) {
-  // create an inbox
-  const { mailslurp, id: inboxId, email } = await createMailSlurpInbox()
+export async function createNewClient(uploadServiceUrl) {
   const principal = await Signer.generate()
   const data = await AgentData.create({ principal })
-  const client = new Client(data, {
+  return new Client(data, {
     serviceConf: {
       upload: getUploadServiceConnection(uploadServiceUrl),
       access: getAccessServiceConnection(uploadServiceUrl)
     },
   })
+}
+
+export async function setupNewClient (uploadServiceUrl, options = {}) {
+  // create an inbox
+  const { mailslurp, id: inboxId, email } = await createMailSlurpInbox()
+  const client = await createNewClient(uploadServiceUrl)
 
   const timeoutMs = process.env.MAILSLURP_TIMEOUT ? parseInt(process.env.MAILSLURP_TIMEOUT) : 60_000
   const authorizePromise = client.authorize(email)

diff --git a/test/integration.test.js b/test/integration.test.js
@@ -2,6 +2,10 @@ import { fetch } from '@web-std/fetch'
 import git from 'git-rev-sync'
 import pWaitFor from 'p-wait-for'
 import { HeadObjectCommand } from '@aws-sdk/client-s3'
+import {
+  PutItemCommand
+} from '@aws-sdk/client-dynamodb'
+import { marshall } from '@aws-sdk/util-dynamodb'
 
 import { METRICS_NAMES, SPACE_METRICS_NAMES } from '../ucan-invocation/constants.js'
 import { test } from './helpers/context.js'
@@ -14,15 +18,16 @@ import {
   getCarparkBucketInfo,
   getDynamoDb
 } from './helpers/deployment.js'
-import { setupNewClient } from './helpers/up-client.js'
+import { createNewClient, setupNewClient } from './helpers/up-client.js'
 import { randomFile } from './helpers/random.js'
 import { getTableItem, getAllTableRows } from './helpers/table.js'
 
 test.before(t => {
   t.context = {
     apiEndpoint: getApiEndpoint(),
     metricsDynamo: getDynamoDb('admin-metrics'),
-    spaceMetricsDynamo: getDynamoDb('space-metrics')
+    spaceMetricsDynamo: getDynamoDb('space-metrics'),
+    rateLimitsDynamo: getDynamoDb('rate-limit')
   }
 })
 
@@ -65,6 +70,48 @@ test('upload-api /metrics', async t => {
   t.is((body.match(/w3up_invocations_total/g) || []).length, 6)
 })
 
+test('authorizations can be blocked by email or domain', async t => {
+  const client = await createNewClient(t.context.apiEndpoint)
+
+  // test email blocking
+  await t.context.rateLimitsDynamo.client.send(new PutItemCommand({
+    TableName: t.context.rateLimitsDynamo.tableName,
+    Item: marshall({
+      id: Math.random().toString(10),
+      subject: '[email protected]',
+      rate: 0
+    })
+  }))
+
+  // it would be nice to use t.throwsAsync here, but that doesn't work with errors that aren't exceptions: https://github.com/avajs/ava/issues/2517
+  try {
+    await client.authorize('[email protected]')
+    t.fail('authorize should fail with a blocked email address')
+  } catch (e) {
+    t.is(e.name, 'AccountBlocked')
+    t.is(e.message, 'Account identified by did:mailto:example.com:travis is blocked')
+  }
+
+  // test domain blocking
+  await t.context.rateLimitsDynamo.client.send(new PutItemCommand({
+    TableName: t.context.rateLimitsDynamo.tableName,
+    Item: marshall({
+      id: Math.random().toString(10),
+      subject: 'example2.com',
+      rate: 0
+    })
+  }))
+
+  // it would be nice to use t.throwsAsync here, but that doesn't work with errors that aren't exceptions: https://github.com/avajs/ava/issues/2517
+  try {
+    await client.authorize('[email protected]')
+    t.fail('authorize should fail with a blocked domain')
+  } catch (e) {
+    t.is(e.name, 'AccountBlocked')
+    t.is(e.message, 'Account identified by did:mailto:example2.com:travis is blocked')
+  }
+})
+
 // Integration test for all flow from uploading a file to Kinesis events consumers and replicator
 test('w3infra integration flow', async t => {
   const client = await setupNewClient(t.context.apiEndpoint)
@@ -222,6 +269,21 @@ test('w3infra integration flow', async t => {
       )
     })
   }
+
+  // verify that blocking a space makes it impossible to upload a file to it
+  await t.context.rateLimitsDynamo.client.send(new PutItemCommand({
+    TableName: t.context.rateLimitsDynamo.tableName,
+    Item: marshall({
+      id: Math.random().toString(10),
+      subject: client.currentSpace().did(),
+      rate: 0
+    })
+  }))
+  const uploadError = await t.throwsAsync(async () => {
+    await client.uploadFile(await randomFile(100))
+  })
+
+  t.is(uploadError.message, 'failed store/add invocation')
 })
 
 /**