eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

test(auth): cover widget-agent fallback cleanup (#2354)

Browse Source
This commit is contained in:
Elie Habib
2026-03-27 11:49:01 +04:00
committed by GitHub
parent 9480b547d5
commit 906c5c3f18
3 changed files with 40 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/widget-agent.ts
View File

@@ -24,11 +24,15 @@ import { validateBearerToken } from '../server/auth-session';
const RELAY_BASE = 'https://proxy.worldmonitor.app'; const RELAY_BASE = 'https://proxy.worldmonitor.app';
const WIDGET_AGENT_KEY = process.env.WIDGET_AGENT_KEY ?? ''; const WIDGET_AGENT_KEY = process.env.WIDGET_AGENT_KEY ?? '';
const PRO_WIDGET_KEY = process.env.PRO_WIDGET_KEY ?? ''; const PRO_WIDGET_KEY = process.env.PRO_WIDGET_KEY ?? '';
const WORLDMONITOR_VALID_KEY_SET = new Set(
(process.env.WORLDMONITOR_VALID_KEYS ?? '')
.split(',')
.map((v) => v.trim())
.filter(Boolean),
);
function hasValidWorldMonitorKey(key: string): boolean { function hasValidWorldMonitorKey(key: string): boolean {
if (!key) return false; return Boolean(key) && WORLDMONITOR_VALID_KEY_SET.has(key);
const validKeys = (process.env.WORLDMONITOR_VALID_KEYS ?? '').split(',').map((v) => v.trim()).filter(Boolean);
return validKeys.includes(key);
} }
function json(body: unknown, status: number, cors: Record<string, string>): Response { function json(body: unknown, status: number, cors: Record<string, string>): Response {

10
src/components/McpDataPanel.ts
View File

@@ -176,11 +176,11 @@ export class McpDataPanel extends Panel {
try { try {
const testerKey = getBrowserTesterKey(); const testerKey = getBrowserTesterKey();
const headers: Record<string, string> = { const widgetKey = getWidgetAgentKey();
'Content-Type': 'application/json', const proKey = getProWidgetKey();
'X-Widget-Key': getWidgetAgentKey(), const headers: Record<string, string> = { 'Content-Type': 'application/json' };
'X-Pro-Key': getProWidgetKey(), if (widgetKey) headers['X-Widget-Key'] = widgetKey;
}; if (proKey) headers['X-Pro-Key'] = proKey;
if (testerKey) headers['X-WorldMonitor-Key'] = testerKey; if (testerKey) headers['X-WorldMonitor-Key'] = testerKey;
const res = await fetch(widgetAgentUrl(), { const res = await fetch(widgetAgentUrl(), {
method: 'POST', method: 'POST',

28
tests/widget-agent-auth.test.mts
View File

@@ -77,6 +77,34 @@ describe('widget-agent unified tester key auth', () => {
}); });
}); });
it('falls back to legacy tester keys when X-WorldMonitor-Key is invalid', async () => {
const res = await handler(new Request('https://www.worldmonitor.app/api/widget-agent', {
method: 'POST',
headers: {
Origin: 'https://www.worldmonitor.app',
'Content-Type': 'application/json',
'X-WorldMonitor-Key': 'wrong-key',
'X-Pro-Key': 'server-pro-key',
},
body: JSON.stringify({ prompt: 'Build a widget', mode: 'create', tier: 'basic' }),
}));
assert.equal(res.status, 200);
assert.equal(fetchMock.mock.calls.length, 1);
const call = fetchMock.mock.calls[0];
const init = call.arguments[1] as RequestInit;
const headers = new Headers(init.headers);
assert.equal(headers.get('X-Widget-Key'), 'server-widget-key');
assert.equal(headers.get('X-Pro-Key'), 'server-pro-key');
assert.deepEqual(JSON.parse(String(init.body)), {
prompt: 'Build a widget',
mode: 'create',
tier: 'pro',
});
});
it('rejects invalid X-WorldMonitor-Key before relay fetch', async () => { it('rejects invalid X-WorldMonitor-Key before relay fetch', async () => {
const res = await handler(new Request('https://www.worldmonitor.app/api/widget-agent', { const res = await handler(new Request('https://www.worldmonitor.app/api/widget-agent', {
method: 'POST', method: 'POST',