mirror of
https://github.com/ggml-org/llama.cpp.git
synced 2026-06-30 17:47:40 +02:00
Matti4
e27f308597
* server: avoid forwarding auth headers in CORS proxy * format * fix test * fix e2e test --------- Co-authored-by: Xuan Son Nguyen <son@huggingface.co>
74 lines
2.8 KiB
TypeScript
74 lines
2.8 KiB
TypeScript
import { describe, expect, it } from 'vitest';
|
|
import { sanitizeHeaders } from '$lib/utils/api-headers';
|
|
import { CORS_PROXY_HEADER_PREFIX } from '$lib/constants';
|
|
|
|
describe('sanitizeHeaders', () => {
|
|
it('returns empty object for undefined input', () => {
|
|
expect(sanitizeHeaders()).toEqual({});
|
|
});
|
|
|
|
it('passes through non-sensitive headers', () => {
|
|
const headers = new Headers({ 'content-type': 'application/json', accept: 'text/html' });
|
|
expect(sanitizeHeaders(headers)).toEqual({
|
|
'content-type': 'application/json',
|
|
accept: 'text/html'
|
|
});
|
|
});
|
|
|
|
it('redacts known sensitive headers', () => {
|
|
const headers = new Headers({
|
|
authorization: 'Bearer secret',
|
|
'x-api-key': 'key-123',
|
|
'content-type': 'application/json'
|
|
});
|
|
const result = sanitizeHeaders(headers);
|
|
expect(result.authorization).toBe('[redacted]');
|
|
expect(result['x-api-key']).toBe('[redacted]');
|
|
expect(result['content-type']).toBe('application/json');
|
|
});
|
|
|
|
it('partially redacts headers specified in partialRedactHeaders', () => {
|
|
const headers = new Headers({ 'mcp-session-id': 'session-12345' });
|
|
const partial = new Map([['mcp-session-id', 5]]);
|
|
expect(sanitizeHeaders(headers, undefined, partial)['mcp-session-id']).toBe('....12345');
|
|
});
|
|
|
|
it('fully redacts mcp-session-id when no partialRedactHeaders is given', () => {
|
|
const headers = new Headers({ 'mcp-session-id': 'session-12345' });
|
|
expect(sanitizeHeaders(headers)['mcp-session-id']).toBe('[redacted]');
|
|
});
|
|
|
|
it('redacts extra headers provided by the caller', () => {
|
|
const headers = new Headers({
|
|
'x-vendor-key': 'vendor-secret',
|
|
'content-type': 'application/json'
|
|
});
|
|
const result = sanitizeHeaders(headers, ['x-vendor-key']);
|
|
expect(result['x-vendor-key']).toBe('[redacted]');
|
|
expect(result['content-type']).toBe('application/json');
|
|
});
|
|
|
|
it('handles case-insensitive extra header names', () => {
|
|
const headers = new Headers({ 'X-Custom-Token': 'token-value' });
|
|
const result = sanitizeHeaders(headers, ['X-CUSTOM-TOKEN']);
|
|
expect(result['x-custom-token']).toBe('[redacted]');
|
|
});
|
|
|
|
it('redacts proxied sensitive and custom target headers', () => {
|
|
const proxiedAuthorization = `${CORS_PROXY_HEADER_PREFIX}authorization`;
|
|
const proxiedSessionId = `${CORS_PROXY_HEADER_PREFIX}mcp-session-id`;
|
|
const proxiedVendorKey = `${CORS_PROXY_HEADER_PREFIX}x-vendor-key`;
|
|
const headers = new Headers({
|
|
[proxiedAuthorization]: 'Bearer secret',
|
|
[proxiedSessionId]: 'session-12345',
|
|
[proxiedVendorKey]: 'vendor-secret'
|
|
});
|
|
const partial = new Map([['mcp-session-id', 5]]);
|
|
const result = sanitizeHeaders(headers, ['x-vendor-key'], partial);
|
|
|
|
expect(result[proxiedAuthorization]).toBe('[redacted]');
|
|
expect(result[proxiedSessionId]).toBe('....12345');
|
|
expect(result[proxiedVendorKey]).toBe('[redacted]');
|
|
});
|
|
});
|