Cete/sipher
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
sipher/tests/integration/README.md
Nixyan 660c17b319 feat: add client-side identity system, rate limiting, proxy hardening, and full test suite 
### Major changes

- **Client-side identity** — New session key store (`sessionKey.ts`) backed by
  `sessionStorage` with a module-level caching, a `crypto.subtle` cache, a `useIdentityLock`
  hook for decrypt-once signing, `followSignature.ts` for signed follows, and
  two new UI modals (`IdentityBackup.tsx`, `UnlockIdentityModal.tsx`).
  `CreateIdentity.tsx` is rewritten to generate BIP-39 mnemonics and encrypt the
  Ed25519 keypair with AES-256-GCM via PBKDF2 (600k iterations) before storing
  in IndexedDB.

- **Rate limiting** — New `rate-limit-config.ts` and `rate-limit.ts` provide a
  per-IP sliding-window rate limiter backed by Redis. All external-facing routes
  (`/discover`, `/discover/rotate/*`, `/proxy`, social API endpoints) now have
  conservative defaults wired into the custom HTTP server before requests reach
  Next.js handlers.

- **Proxy route hardening** — The `/proxy` route now enforces a 256 KB payload
  limit (HTTP 413), validates JSON before parsing, applies a per-origin rate
  limit (100 req/min), and imports the `blocks` table to reject requests from
  blocked servers.

- **Docker integration-test cluster** — New `Dockerfile`, `.dockerignore`, and
  `tests/docker-compose.yml` orchestrate three SiPher instances (A, B, C) plus
  shared PostgreSQL and Redis. Key generation (`generate-keys.ts`) and discovery
  setup (`setup-discovery.ts`) scripts automate cluster bootstrap. Three example
  env files document required per-instance configuration.

- **Full test suite overhaul** — Replaces the old attack/auth/discover/key/proxy
  tests with a structured suite:
  * `tests/federation/` — Keytools unit tests + key-rotation e2e test
  * `tests/proxy/` — Proxy relay e2e tests (single-server validation)
  * `tests/integration/` — Multi-instance integration tests for discover,
    proxy-chain relay, and federated post delivery via BullMQ
  * `tests/helpers/` — Reusable DB, identity, and auth-user utilities
  * Playwright config updated to match new file conventions
  * Unused helpers (`tests/helpers/queue.ts`) removed

- **Social plugin endpoints** — Rewritten `follows.ts`, `blocks.ts`, `mutes.ts`,
  and `posts.ts` with proper federation integration. `social.ts` gains helpers
  for looking up posts by federation URL.

### Minor changes

- **README** — Expanded from a 42-line stub to a full architecture guide with
  tables for every layer (auth, DB, queues, storage, real-time), API route
  documentation, setup instructions, environment variables, test coverage, and
  the updated roadmap.

- **Federation helpers** — `keytools.ts` refactors imports and cleans up the public surface.
  `fetch.ts`, `registry.ts`, and `proxy-helpers/federated-post.ts` pick up small
  improvements. `PostFederationSchema` simplifies its encryption type assertion.

- **Plugin infrastructure** — Oven plugin schema and server index gain minor
  refactors. Social client adds a `muteUser` method.

- **UI components** — `switch.tsx` and `tooltip.tsx` rewritten for Radix v2 /
  Tailwind 4; `accordion.tsx`, `dropdown-menu.tsx`, `form`, `button`, `card` get
  minor consistency fixes. `dialog.tsx` removes unused `DialogHeader`.

- **Server bootstrap** — `server.ts` imports DB schema before `instrumentation`
  for correct Drizzle initialization, rate-limiting routes are wired, and CORS
  allows federation origins. `auth.ts` regenerates Oven and social plugin schemas.

- **Dependencies** — Added `@noble/ciphers` and `@noble/hashes` (crypto
  primitives). Removed `@signalapp/libsignal-client`, `base58-js`, `nanostores`,
  `tweetnacl-util`, `dexie-react-hooks`, `socket.io-client`. Updated all Better
  Auth packages to 1.6.11, BullMQ to 5.76.10, and various dev deps across the
  board.

- **.gitignore** — Added `/audits` and `tests/docker/*.env` to prevent secret
  leakage.

- **DB schema** — `blocks` table imported in `src/lib/db/schema/index.ts`.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-18 09:48:42 -03:00

39 lines
2.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Manual federation integration scripts
These are **not** run by Playwright (`npm test`). They are Bun scripts that assume three live Sipher federation instances (A = local `.env.local`, B = proxy, C = target) with Redis, Postgres, workers, and completed mutual discovery.
## Scripts
| Script | npm shortcut |
| ---------------------------------------------------------- | ----------------------------------- |
| [discover.ts](discover.ts) | `npm run docker:test:discover` |
| [federation-post-delivery.ts](federation-post-delivery.ts) | `npm run docker:test:post-delivery` |
| [proxy-chain.ts](proxy-chain.ts) | `npm run docker:test:proxy-chain` |
### discover.ts
- Exercises **Server A**'s `/discover` endpoint (`GET`, `POST REGISTER`, `POST DISCOVER`) using **Server C** as the live remote peer — no stub layer.
- Covers: peer ordering / healthy filter, input validation, SSRF rejection, unreachable peers, key-mismatch & existing-registration conflicts, encrypted DISCOVER envelopes (decryption + fingerprint match), happy paths for both REGISTER and DISCOVER round-trips.
- Snapshots and restores A's `server_registry` so the mesh is intact for subsequent integration tests.
- **Flags**: `--peer` (default `http://sipher-c:3002`).
### federation-post-delivery.ts
- Exercises **Server A**: `POST /api/auth/social/posts` → BullMQ worker → `federationFetch` (direct or via proxy **B**) → **C**.
- **Requires**: `.env.local` with federation keys, `DATABASE_URL`, `REDIS_URL`, worker running; a Bearer token on **A**; accepted remote follower URLs pointing at **C**.
- **Flags**: `--proxy`, `--target`, `--bearer`, optional `--test-fallback`, `--test-no-remote-followers`.
### proxy-chain.ts
- Exercises **PROXY** and **TARGETED** RPC paths across **A → B → C**, sender-key rejection, unknown sender, and the real failover path `A → C (direct FAILS) → A → B → C` driven by `federationFetch`'s `proxyFallback` against a DNS-blocked target URL.
- **Requires**: three servers up; mutual discovery so **A** appears on **B**s and **C**s peer lists; for fallback tests, `--bearer` and `--user`.
## Prerequisites
- `.env.local` populated (`BETTER_AUTH_URL`, federation keys, DB, Redis, etc.).
- `bun` installed (scripts use `bun run`).
- Federation registry populated via discovery between instances before relay/post tests.
## Limitations
- Failures are often environmental (TLS, Docker networking, firewall, stale registry). Use worker logs with `DEBUG=app:federation:*` when jobs hang.
Reference in a new issue View git blame Copy permalink