Add a smoketest

Added a smoketest that publishes a module with some routes,
then makes requests against those routes and makes some simple assertions about the responses.

This revealed a bug introduced by the previous commit in the `/v1/database PUT` route,
which was incorrectly not getting the `anon_auth_middleware` applied.

Author: gefjon

Cargo.lock

@@ -266,7 +266,7 @@ async fn handle_http_route_impl<S: ControlStateDelegate + NodeDelegate>(
     let module_def = &module.info().module_def;
 
     let Some((handler_id, _handler_def, _route_def)) = module_def.match_http_route(&st_method, &handler_path) else {
-        return Ok(StatusCode::NOT_FOUND.into_response());
+        return Ok((StatusCode::NOT_FOUND, NO_SUCH_ROUTE).into_response());
     };
 
     let body = body.collect().await.map_err(log_and_500)?.to_bytes();
@@ -1399,7 +1399,15 @@ where
             .route("/pre_publish", self.pre_publish)
             .route("/reset", self.db_reset);
 
-        let authed_router = axum::Router::new()
+        let authed_root_router = axum::Router::new().route(
+            "/",
+            self.root_post.layer(axum::middleware::from_fn_with_state(
+                ctx.clone(),
+                anon_auth_middleware::<S>,
+            )),
+        );
+
+        let authed_named_router = axum::Router::new()
             .nest("/:name_or_identity", db_router)
             .route_layer(axum::middleware::from_fn_with_state(ctx, anon_auth_middleware::<S>));
 
@@ -1413,8 +1421,8 @@ where
             .route("/:name_or_identity/route/*path", any(handle_http_route::<S>));
 
         axum::Router::new()
-            .route("/", self.root_post)
-            .merge(authed_router)
+            .merge(authed_root_router)
+            .merge(authed_named_router)
             .merge(http_route_router)
     }
 }
@@ -1658,21 +1666,21 @@ mod tests {
     }
 
     impl Authorization for DummyState {
-        fn authorize_action(
+        async fn authorize_action(
             &self,
             _subject: Identity,
             _database: Identity,
             _action: Action,
-        ) -> impl std::future::Future<Output = Result<(), Unauthorized>> + Send {
-            async { Err(Unauthorized::InternalError(anyhow::anyhow!("unused"))) }
+        ) -> Result<(), Unauthorized> {
+            Err(Unauthorized::InternalError(anyhow::anyhow!("unused")))
         }
 
-        fn authorize_sql(
+        async fn authorize_sql(
             &self,
             _subject: Identity,
             _database: Identity,
-        ) -> impl std::future::Future<Output = Result<AuthCtx, Unauthorized>> + Send {
-            async { Err(Unauthorized::InternalError(anyhow::anyhow!("unused"))) }
+        ) -> Result<AuthCtx, Unauthorized> {
+            Err(Unauthorized::InternalError(anyhow::anyhow!("unused")))
         }
     }
 

crates/client-api/src/routes/database.rs

@@ -21,6 +21,7 @@ assert_cmd = "2"
 predicates = "3"
 tokio.workspace = true
 tokio-postgres.workspace = true
+reqwest = { workspace = true, features = ["blocking"] }
 
 [lints]
 workspace = true

crates/smoketests/Cargo.toml

@@ -0,0 +1,164 @@
+use spacetimedb_smoketests::Smoketest;
+
+const MODULE_CODE: &str = r#"
+use spacetimedb::http::{Body, Request, Response, Router};
+use spacetimedb::HandlerContext;
+use spacetimedb::Table;
+
+#[spacetimedb::table(accessor = entries, public)]
+pub struct Entry {
+    id: u64,
+    value: String,
+}
+
+#[spacetimedb::http::handler]
+fn get_simple(_ctx: &mut HandlerContext, _req: Request) -> Response {
+    Response::new(Body::from_bytes("ok"))
+}
+
+#[spacetimedb::http::handler]
+fn post_insert(ctx: &mut HandlerContext, _req: Request) -> Response {
+    ctx.with_tx(|tx| {
+        let id = tx.db.entries().iter().count() as u64;
+        tx.db.entries().insert(Entry {
+            id,
+            value: "posted".to_string(),
+        });
+    });
+    Response::new(Body::from_bytes("inserted"))
+}
+
+#[spacetimedb::http::handler]
+fn get_count(ctx: &mut HandlerContext, _req: Request) -> Response {
+    let count = ctx.with_tx(|tx| tx.db.entries().iter().count());
+    Response::new(Body::from_bytes(count.to_string()))
+}
+
+#[spacetimedb::http::handler]
+fn any_handler(_ctx: &mut HandlerContext, _req: Request) -> Response {
+    Response::new(Body::from_bytes("any"))
+}
+
+#[spacetimedb::http::handler]
+fn header_echo(_ctx: &mut HandlerContext, req: Request) -> Response {
+    let value = req
+        .headers()
+        .get("x-echo")
+        .and_then(|value| value.to_str().ok())
+        .unwrap_or("");
+    Response::new(Body::from_bytes(value.to_string()))
+}
+
+#[spacetimedb::http::handler]
+fn set_response_header(_ctx: &mut HandlerContext, _req: Request) -> Response {
+    Response::builder()
+        .header("x-response", "set")
+        .body(Body::from_bytes("header-set"))
+        .expect("response builder should not fail")
+}
+
+#[spacetimedb::http::handler]
+fn body_handler(_ctx: &mut HandlerContext, _req: Request) -> Response {
+    Response::new(Body::from_bytes("non-empty"))
+}
+
+#[spacetimedb::http::handler]
+fn teapot(_ctx: &mut HandlerContext, _req: Request) -> Response {
+    Response::builder()
+        .status(418)
+        .body(Body::from_bytes("teapot"))
+        .expect("response builder should not fail")
+}
+
+#[spacetimedb::http::router]
+fn router() -> Router {
+    Router::new()
+        .get("/get", get_simple)
+        .post("/post", post_insert)
+        .get("/count", get_count)
+        .any("/any", any_handler)
+        .get("/header", header_echo)
+        .get("/set-header", set_response_header)
+        .get("/body", body_handler)
+        .get("/teapot", teapot)
+}
+"#;
+
+const NO_SUCH_ROUTE_BODY: &str = "Database has not registered a handler for this route";
+
+#[test]
+fn http_routes_end_to_end() {
+    let test = Smoketest::builder().module_code(MODULE_CODE).build();
+    let identity = test.database_identity.as_ref().expect("database identity missing");
+
+    let base = format!("{}/v1/database/{}/route", test.server_url, identity);
+    let client = reqwest::blocking::Client::new();
+
+    let resp = client.get(format!("{base}/get")).send().expect("get failed");
+    assert!(resp.status().is_success());
+    assert_eq!(resp.text().expect("get body"), "ok");
+
+    let resp = client
+        .post(format!("{base}/post"))
+        .body("payload")
+        .send()
+        .expect("post failed");
+    assert!(resp.status().is_success());
+
+    let resp = client.get(format!("{base}/count")).send().expect("count failed");
+    assert!(resp.status().is_success());
+    assert_eq!(resp.text().expect("count body"), "1");
+
+    let resp = client.put(format!("{base}/any")).send().expect("any failed");
+    assert!(resp.status().is_success());
+    assert_eq!(resp.text().expect("any body"), "any");
+
+    let resp = client
+        .get(format!("{base}/header"))
+        .header("x-echo", "hello")
+        .send()
+        .expect("header echo failed");
+    assert!(resp.status().is_success());
+    assert_eq!(resp.text().expect("header body"), "hello");
+
+    let resp = client
+        .get(format!("{base}/set-header"))
+        .send()
+        .expect("set-header failed");
+    assert!(resp.status().is_success());
+    assert_eq!(
+        resp.headers().get("x-response").and_then(|value| value.to_str().ok()),
+        Some("set")
+    );
+
+    let resp = client.get(format!("{base}/body")).send().expect("body failed");
+    assert!(resp.status().is_success());
+    assert_eq!(resp.text().expect("body text"), "non-empty");
+
+    let resp = client.get(format!("{base}/teapot")).send().expect("teapot failed");
+    assert_eq!(resp.status().as_u16(), 418);
+
+    let resp = client
+        .get(format!("{base}/missing"))
+        .send()
+        .expect("missing route failed");
+    assert_eq!(resp.status().as_u16(), 404);
+    assert_eq!(resp.text().expect("missing route body"), NO_SUCH_ROUTE_BODY);
+
+    let resp = client
+        .get(format!(
+            "{}/v1/database/{}/schema?version=10",
+            test.server_url, identity
+        ))
+        .header("authorization", "Bearer not-a-jwt")
+        .send()
+        .expect("schema request failed");
+    assert!(resp.status().is_client_error());
+
+    let resp = client
+        .get(format!("{base}/get"))
+        .header("authorization", "Bearer not-a-jwt")
+        .send()
+        .expect("route request failed");
+    assert!(resp.status().is_success());
+}

crates/smoketests/tests/smoketests/http_routes.rs

@@ -19,6 +19,7 @@ mod domains;
 mod fail_initial_publish;
 mod filtering;
 mod http_egress;
+mod http_routes;
 mod logs_level_filter;
 mod module_nested_op;
 mod modules;