feat: prevent outbound network requests (#113)

Co-authored-by: Nishant Arora <[email protected]>

.aegir.js

@@ -1,3 +1,6 @@
+import http from 'node:http'
+import fs from 'node:fs'
+
 export default {
   tsRepo: false,
   dependencyCheck: {
@@ -20,14 +23,40 @@ export default {
     }
   },
   test: {
-    before: (...args) => {
-      if (args[0].runner === 'node') {
-        return {
-          env: {
-            NODE_OPTIONS: '--loader=esmock'
-          }
+    before: async (...args) => {
+      // set up a server to serve the fixtures
+      const server = http.createServer((req, res) => {
+        const cidString = req.url.replace('/ipfs/', '').split('?')[0]
+        const mockBlock = fs.readFileSync(`./test/fixtures/${cidString}.raw.bin`, null)
+
+        res.writeHead(200, {
+          'access-control-allow-origin': '*', // allow CORS requests
+          'Content-Type': 'application/vnd.ipld.raw',
+          'Content-Length': mockBlock.length
+        })
+        res.end(mockBlock)
+      })
+      let gwUrl = process.env.IPFS_GATEWAY
+      if (!gwUrl) {
+        // no gateway specified, start the server
+        await new Promise((resolve, _reject) => {
+          server.listen(0, () => {
+            gwUrl = `http://localhost:${server.address().port}`
+            console.log(`server listening at ${gwUrl}`)
+            resolve()
+          })
+        })
+      }
+
+      return {
+        server,
+        env: {
+          IPFS_GATEWAY: gwUrl,
         }
       }
+    },
+    after: (_, before) => {
+      before.server.close()
     }
   }
 }

.eslintrc

@@ -7,5 +7,11 @@
   "parserOptions": {
     "sourceType": "module",
     "allowImportExportEverywhere": true
-  }
+  },
+  "ignorePatterns": [
+    "**/bin/load-fixtures.sh", 
+    "**/dist/**", 
+    "**/node_modules/**",
+    "**/test/fixtures/**"
+  ],
 }

DEVELOPER-NOTES.md

@@ -0,0 +1,9 @@
+# Load fixtures
+
+We need to load a fixture with the following command:
+
+```bash
+./bin/load-fixtures.sh bafyreif3tfdpr5n4jdrbielmcapwvbpcthepfkwq2vwonmlhirbjmotedi
+```
+
+then, we can do `npm run test:node -- -g 'lookup via HTTP Gateway'` to run a test that will tell us of any subsequent fixtures we need to load, and replace the CID in the above command with the CID that the test hangs on, and repeat.

bin/load-fixtures.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+function main() {
+  local CID="$1"
+  curl -H "Accept: application/vnd.ipld.raw" "https://ipfs.io/ipfs/$CID?format=raw" > test/fixtures/$CID.raw.bin
+}
+
+main "$@"

package.json

@@ -40,7 +40,7 @@
     "chai-as-promised": "^7.1.1",
     "cross-fetch": "^3.1.5",
     "csv-parse": "^5.3.0",
-    "esmock": "^2.0.6",
+    "esmock": "^2.6.0",
     "gauge": "^4.0.4",
     "ip": "^2.0.0",
     "it-concat": "^2.0.0",

test/.eslintrc

@@ -1,5 +1,6 @@
 {
   "rules": {
     "no-undef": 0
-  }
+  },
+  "ignorePatterns": ["**/fixtures/**"],
 }

test/lookupMultiple.node.spec.js

@@ -1,30 +1,60 @@
-import { decode as dagCborDecode } from '@ipld/dag-cbor'
-import esmock from 'esmock'
 import { expect } from 'chai'
+import { MAX_LOOKUP_RETRIES } from '../src/constants.js'
+import fetch from 'cross-fetch'
+import esmock from 'esmock'
 
 describe('[Runner Node]: lookup via HTTP Gateway supporting application/vnd.ipld.raw responses', function () {
   const ipfsGW = process?.env?.IPFS_GATEWAY || 'https://ipfs.io'
 
+  let rewiredGeoIp
+  let failedCalls = 0
+
+  beforeEach(async () => {
+    failedCalls = 0
+  })
+  afterEach(() => {
+    rewiredGeoIp = null
+  })
+
   it('looks up multiple times before failing', async () => {
-    let decodeCallCount = 0
-    const rewiredGeoIp = await esmock('../src/index.js', {}, {
-      '@ipld/dag-cbor': {
-        decode: (...args) => {
-          decodeCallCount += 1
-          if (decodeCallCount === 1) {
-            throw new Error('Decode Failed')
+    rewiredGeoIp = await esmock('../src/index.js', {}, {
+      'cross-fetch': {
+        default: (gwUrl, options) => {
+          failedCalls++
+          throw new Error('mock failure')
+        }
+      }
+    })
+
+    try {
+      await rewiredGeoIp.lookup(ipfsGW, '66.6.44.45') // use a different IP to avoid the cache
+      // should not reach here
+      expect.fail('should have thrown')
+    } catch (err) {
+      expect(err).to.have.property('message').to.contain('unable to fetch raw block for CID')
+    } finally {
+      expect(failedCalls).to.equal(MAX_LOOKUP_RETRIES)
+    }
+  })
+
+  it('returns successfully if MAX_LOOKUP_RETRIES is not reached', async () => {
+    rewiredGeoIp = await esmock('../src/index.js', {}, {
+      'cross-fetch': {
+        default: (gwUrl, options) => {
+          if (failedCalls < MAX_LOOKUP_RETRIES - 1) {
+            failedCalls++
+            throw new Error('mock failure')
           }
-          return dagCborDecode(...args)
+          return fetch(gwUrl, options)
         }
       }
     })
 
-    const result = await rewiredGeoIp.lookup(ipfsGW, '66.6.44.4')
-    expect(decodeCallCount).to.be.greaterThan(1)
+    const result = await rewiredGeoIp.lookup(ipfsGW, '66.6.44.44') // use a different IP to avoid the cache
+    expect(failedCalls).to.be.greaterThan(1)
     expect(
       result
     ).to.be.eql({
-      formatted: 'Ashburn, VA, USA, Earth',
       country_name: 'USA',
       country_code: 'US',
       region_code: 'VA',