From 040069ccf34d5ce0de940807928fb6fdbe640901 Mon Sep 17 00:00:00 2001
From: finn <fherzfeld@tbd.email>
Date: Wed, 8 Nov 2023 14:42:12 -0800
Subject: [PATCH] test websocket authz

---
 src/pow.ts             |  8 +++++++-
 tests/http-api.spec.ts | 28 ++--------------------------
 tests/utils.ts         | 26 ++++++++++++++++++++++++++
 tests/ws-api.spec.ts   | 10 +++++++++-
 4 files changed, 44 insertions(+), 28 deletions(-)

diff --git a/src/pow.ts b/src/pow.ts
index d3ae511..3f271a7 100644
--- a/src/pow.ts
+++ b/src/pow.ts
@@ -52,6 +52,13 @@ export class ProofOfWork {
     return result.length > 0;
   }
 
+  async authorizeTenant(tenant: string): Promise<void> {
+    await this.#db
+      .insertInto('authorizedTenants')
+      .values({ did: tenant })
+      .executeTakeFirst();
+  }
+
   private async getChallenge(_req: Request, res: Response): Promise<void> {
     const challenge = generateChallenge();
     recentChallenges[challenge] = Date.now();
@@ -74,7 +81,6 @@ export class ProofOfWork {
 
     const complexity = getComplexity();
     const digest = hash.digest('hex');
-    console.log('digest: ', digest);
     if (!digest.startsWith('0'.repeat(complexity))) {
       res.status(401).json({ success: false });
       return;
diff --git a/tests/http-api.spec.ts b/tests/http-api.spec.ts
index b14e9ae..8764ca1 100644
--- a/tests/http-api.spec.ts
+++ b/tests/http-api.spec.ts
@@ -7,7 +7,6 @@ import {
 } from '@tbd54566975/dwn-sdk-js';
 
 import { expect } from 'chai';
-import { createHash } from 'crypto';
 import type { Server } from 'http';
 import fetch from 'node-fetch';
 import { webcrypto } from 'node:crypto';
@@ -33,6 +32,8 @@ import {
   createRecordsWriteMessage,
   getFileAsReadStream,
   streamHttpRequest,
+  checkNonce,
+  generateNonce,
 } from './utils.js';
 
 if (!globalThis.crypto) {
@@ -633,28 +634,3 @@ describe('http api', function () {
     });
   });
 });
-
-const nonceChars =
-  'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-
-function generateNonce(size: number): string {
-  let challenge = '';
-  while (challenge.length < size) {
-    challenge += nonceChars.charAt(
-      Math.floor(Math.random() * nonceChars.length),
-    );
-  }
-  return challenge;
-}
-
-function checkNonce(
-  challenge: string,
-  nonce: string,
-  complexity: number,
-): boolean {
-  const hash = createHash('sha256');
-  hash.update(challenge);
-  hash.update(nonce);
-
-  return hash.digest('hex').startsWith('0'.repeat(complexity));
-}
diff --git a/tests/utils.ts b/tests/utils.ts
index 703a76c..9991203 100644
--- a/tests/utils.ts
+++ b/tests/utils.ts
@@ -7,6 +7,7 @@ import {
   RecordsWrite,
 } from '@tbd54566975/dwn-sdk-js';
 
+import { createHash } from 'crypto';
 import type { ReadStream } from 'node:fs';
 import fs from 'node:fs';
 import http from 'node:http';
@@ -188,3 +189,28 @@ export async function sendWsMessage(
     };
   });
 }
+
+const nonceChars =
+  'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+
+export function generateNonce(size: number): string {
+  let challenge = '';
+  while (challenge.length < size) {
+    challenge += nonceChars.charAt(
+      Math.floor(Math.random() * nonceChars.length),
+    );
+  }
+  return challenge;
+}
+
+export function checkNonce(
+  challenge: string,
+  nonce: string,
+  complexity: number,
+): boolean {
+  const hash = createHash('sha256');
+  hash.update(challenge);
+  hash.update(nonce);
+
+  return hash.digest('hex').startsWith('0'.repeat(complexity));
+}
diff --git a/tests/ws-api.spec.ts b/tests/ws-api.spec.ts
index 6e836aa..bd3986f 100644
--- a/tests/ws-api.spec.ts
+++ b/tests/ws-api.spec.ts
@@ -10,6 +10,8 @@ import {
   createJsonRpcRequest,
   JsonRpcErrorCodes,
 } from '../src/lib/json-rpc.js';
+import { ProofOfWork } from '../src/pow.js';
+import { getDialectFromURI } from '../src/storage.js';
 import { WsApi } from '../src/ws-api.js';
 import { clear as clearDwn, dwn } from './test-dwn.js';
 import {
@@ -20,14 +22,17 @@ import {
 
 let server: http.Server;
 let wsServer: WebSocketServer;
+let pow: ProofOfWork;
 
 describe('websocket api', function () {
   before(async function () {
     server = http.createServer();
     server.listen(9002, '127.0.0.1');
 
-    const wsApi = new WsApi(server, dwn);
+    pow = new ProofOfWork(getDialectFromURI(new URL('sqlite://')));
+    const wsApi = new WsApi(server, dwn, pow);
     wsServer = wsApi.start();
+    await pow.initialize();
   });
 
   afterEach(async function () {
@@ -61,6 +66,8 @@ describe('websocket api', function () {
 
   it('handles RecordsWrite messages', async function () {
     const alice = await createProfile();
+    pow.authorizeTenant(alice.did);
+
     const { recordsWrite, dataStream } = await createRecordsWriteMessage(alice);
     const dataBytes = await DataStream.toBytes(dataStream);
     const encodedData = base64url.baseEncode(dataBytes);
@@ -78,6 +85,7 @@ describe('websocket api', function () {
     );
     const resp = JSON.parse(data.toString());
     expect(resp.id).to.equal(requestId);
+    console.log(resp.error);
     expect(resp.error).to.not.exist;
 
     const { reply } = resp.result;