test embedded replication auth

Author: MarinPostma

libsql-server/src/auth/mod.rs

@@ -15,7 +15,7 @@ pub use parsers::{parse_http_auth_header, parse_http_basic_auth_arg, parse_jwt_k
 pub use permission::Permission;
 pub use user_auth_strategies::{Disabled, HttpBasic, Jwt, UserAuthContext, UserAuthStrategy};
 
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct Auth {
     pub user_strategy: Arc<dyn UserAuthStrategy + Send + Sync>,
 }

libsql-server/src/auth/user_auth_strategies/disabled.rs

@@ -1,6 +1,7 @@
 use super::{UserAuthContext, UserAuthStrategy};
 use crate::auth::{AuthError, Authenticated};
 
+#[derive(Debug)]
 pub struct Disabled {}
 
 impl UserAuthStrategy for Disabled {

libsql-server/src/auth/user_auth_strategies/http_basic.rs

@@ -5,6 +5,7 @@ use crate::auth::{
 
 use super::{UserAuthContext, UserAuthStrategy};
 
+#[derive(Debug)]
 pub struct HttpBasic {
     credential: String,
 }

libsql-server/src/auth/user_auth_strategies/jwt.rs

@@ -1,3 +1,5 @@
+use std::fmt::{self, Debug, Formatter};
+
 use chrono::{DateTime, Utc};
 
 use crate::{
@@ -15,6 +17,12 @@ pub struct Jwt {
     keys: Vec<jsonwebtoken::DecodingKey>,
 }
 
+impl Debug for Jwt {
+    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+        f.debug_struct("Jwt").finish()
+    }
+}
+
 impl UserAuthStrategy for Jwt {
     fn authenticate(&self, ctx: UserAuthContext) -> Result<Authenticated, AuthError> {
         tracing::trace!("executing jwt auth");

libsql-server/src/auth/user_auth_strategies/mod.rs

@@ -55,7 +55,7 @@ impl UserAuthContext {
     }
 }
 
-pub trait UserAuthStrategy: Sync + Send {
+pub trait UserAuthStrategy: Sync + Send + std::fmt::Debug {
     /// Returns a list of fields required by the stragegy.
     /// Every strategy implementation should override this function if it requires input to work.
     /// Strategy implementations should validate the content of provided fields.

libsql-server/tests/embedded_replica/mod.rs

@@ -6,11 +6,15 @@ use std::path::PathBuf;
 use std::sync::Arc;
 use std::time::{Duration, Instant};
 
+use crate::common::auth::encode;
 use crate::common::http::Client;
 use crate::common::net::{init_tracing, SimServer, TestServer, TurmoilAcceptor, TurmoilConnector};
-use crate::common::snapshot_metrics;
+use crate::common::{self, snapshot_metrics};
 use libsql::Database;
-use libsql_server::config::{AdminApiConfig, DbConfig, RpcServerConfig, UserApiConfig};
+use libsql_server::auth::{user_auth_strategies, Auth};
+use libsql_server::config::{
+    AdminApiConfig, DbConfig, RpcClientConfig, RpcServerConfig, UserApiConfig,
+};
 use serde_json::json;
 use tempfile::tempdir;
 use tokio::sync::Notify;
@@ -1362,3 +1366,149 @@ fn replicated_return() {
 
     sim.run().unwrap();
 }
+
+#[test]
+fn replicate_auth() {
+    init_tracing();
+    let mut sim = Builder::new()
+        .simulation_duration(Duration::from_secs(1000))
+        .build();
+
+    let (encoding, decoding) = common::auth::key_pair();
+    sim.host("primary", {
+        let decoding = decoding.clone();
+        move || {
+            let decoding = decoding.clone();
+            async move {
+                let tmp = tempdir()?;
+                let jwt_keys =
+                    vec![jsonwebtoken::DecodingKey::from_ed_components(&decoding).unwrap()];
+                let auth = Auth::new(user_auth_strategies::Jwt::new(jwt_keys));
+                let server = TestServer {
+                    path: tmp.path().to_owned().into(),
+                    user_api_config: UserApiConfig {
+                        hrana_ws_acceptor: None,
+                        auth_strategy: auth,
+                        ..Default::default()
+                    },
+                    admin_api_config: Some(AdminApiConfig {
+                        acceptor: TurmoilAcceptor::bind(([0, 0, 0, 0], 9090)).await?,
+                        connector: TurmoilConnector,
+                        disable_metrics: true,
+                    }),
+                    rpc_server_config: Some(RpcServerConfig {
+                        acceptor: TurmoilAcceptor::bind(([0, 0, 0, 0], 4567)).await?,
+                        tls_config: None,
+                    }),
+                    ..Default::default()
+                };
+
+                server.start_sim(8080).await?;
+
+                Ok(())
+            }
+        }
+    });
+
+    sim.host("replica", {
+        let decoding = decoding.clone();
+        move || {
+            let decoding = decoding.clone();
+            async move {
+                let tmp = tempdir()?;
+                let jwt_keys =
+                    vec![jsonwebtoken::DecodingKey::from_ed_components(&decoding).unwrap()];
+                let auth = Auth::new(user_auth_strategies::Jwt::new(jwt_keys));
+                let server = TestServer {
+                    path: tmp.path().to_owned().into(),
+                    user_api_config: UserApiConfig {
+                        hrana_ws_acceptor: None,
+                        auth_strategy: auth,
+                        ..Default::default()
+                    },
+                    admin_api_config: Some(AdminApiConfig {
+                        acceptor: TurmoilAcceptor::bind(([0, 0, 0, 0], 9090)).await?,
+                        connector: TurmoilConnector,
+                        disable_metrics: true,
+                    }),
+                    rpc_client_config: Some(RpcClientConfig {
+                        remote_url: "http://primary:4567".into(),
+                        connector: TurmoilConnector,
+                        tls_config: None,
+                    }),
+                    ..Default::default()
+                };
+
+                server.start_sim(8080).await?;
+
+                Ok(())
+            }
+        }
+    });
+
+    sim.client("client", async move {
+        let token = encode(
+            &serde_json::json!({
+                "id": "default",
+            }),
+            &encoding,
+        );
+
+        // no auth
+        let tmp = tempdir().unwrap();
+        let db = Database::open_with_remote_sync_connector(
+            tmp.path().join("embedded").to_str().unwrap(),
+            "http://primary:8080",
+            "",
+            TurmoilConnector,
+            false,
+            None,
+        )
+        .await?;
+
+        assert!(db.sync().await.is_err());
+
+        let tmp = tempdir().unwrap();
+        let db = Database::open_with_remote_sync_connector(
+            tmp.path().join("embedded").to_str().unwrap(),
+            "http://replica:8080",
+            "",
+            TurmoilConnector,
+            false,
+            None,
+        )
+        .await?;
+
+        assert!(db.sync().await.is_err());
+
+        // auth 
+        let tmp = tempdir().unwrap();
+        let db = Database::open_with_remote_sync_connector(
+            tmp.path().join("embedded").to_str().unwrap(),
+            "http://primary:8080",
+            token.clone(),
+            TurmoilConnector,
+            false,
+            None,
+        )
+        .await?;
+
+        assert!(db.sync().await.is_ok());
+
+        let tmp = tempdir().unwrap();
+        let db = Database::open_with_remote_sync_connector(
+            tmp.path().join("embedded").to_str().unwrap(),
+            "http://replica:8080",
+            token.clone(),
+            TurmoilConnector,
+            false,
+            None,
+        )
+        .await?;
+
+        assert!(db.sync().await.is_ok());
+        Ok(())
+    });
+
+    sim.run().unwrap();
+}