project-violet · violet-dev · Sep 8, 2024 · Sep 8, 2024 · Sep 8, 2024
diff --git a/violet-server/package-lock.json b/violet-server/package-lock.json
diff --git a/violet-server/package.json b/violet-server/package.json
@@ -20,6 +20,7 @@
     "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
+    "@golevelup/ts-jest": "^0.5.5",
     "@nestjs/common": "^10.0.0",
     "@nestjs/config": "^3.1.1",
     "@nestjs/core": "^10.0.0",

diff --git a/violet-server/src/auth/guards/hmac.guard.ts b/violet-server/src/auth/guards/hmac.guard.ts
@@ -44,14 +44,13 @@ export class HmacAuthGuard implements CanActivate {
       throw new BadRequestException();
     }
 
-    return this.authTest(token, valid, this.configService.get<string>('SALT'));
+    return this.buildHmac(token) == valid;
   }
 
-  authTest(token, valid, salt) {
+  buildHmac(token: string): string {
     const mac = crypto.createHash('sha512');
+    const salt = this.configService.get<string>('SALT');
     const hmac = mac.update(token + salt);
-    const hash = hmac.digest('hex').substr(0, 7);
-
-    return hash == valid;
+    return hmac.digest('hex').slice(0, 7);
   }
 }
diff --git a/violet-server/src/auth/guards/hmac.spec.ts b/violet-server/src/auth/guards/hmac.spec.ts
@@ -0,0 +1,65 @@
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { HmacAuthGuard } from './hmac.guard';
+import { Test, TestingModule } from '@nestjs/testing';
+import { envValidationSchema } from 'src/app.module';
+import { createMock } from '@golevelup/ts-jest';
+import { BadRequestException, ExecutionContext } from '@nestjs/common';
+
+describe('HmacAuthGuard', () => {
+  let guard: HmacAuthGuard;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      imports: [
+        ConfigModule.forRoot({
+          isGlobal: true,
+          envFilePath: '.test.env',
+          validationSchema: envValidationSchema,
+        }),
+      ],
+      providers: [HmacAuthGuard],
+    }).compile();
+
+    guard = module.get<HmacAuthGuard>(HmacAuthGuard);
+  });
+
+  it('should be defined', () => {
+    expect(guard).toBeDefined();
+  });
+
+  function mockContext(token: string, valid: string) {
+    return createMock<ExecutionContext>({
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            'v-token': token,
+            'v-valid': valid,
+          },
+        }),
+      }),
+    });
+  }
+
+  it('hmac success', () => {
+    const token = new Date().getTime().toString();
+    const context = mockContext(token, guard.buildHmac(token));
+    expect(guard.canActivate(context)).toBeTruthy();
+  });
+
+  it('hmac fail timestamp invalid format', () => {
+    const context = mockContext('abcd', 'edfg');
+    expect(() => guard.canActivate(context)).toThrow(BadRequestException);
+  });
+
+  it('hmac fail timestamp diff less', () => {
+    const token = (new Date().getTime() - 40000).toString();
+    const context = mockContext(token, guard.buildHmac(token));
+    expect(() => guard.canActivate(context)).toThrow(BadRequestException);
+  });
+
+  it('hmac fail timestamp diff greater', () => {
+    const token = (new Date().getTime() + 40000).toString();
+    const context = mockContext(token, guard.buildHmac(token));
+    expect(() => guard.canActivate(context)).toThrow(BadRequestException);
+  });
+});