codeburn/tests/sharing/pairing.test.ts
Resham Joshi 887374de2c
feat(sharing): securely combine usage across your own devices (#532)
* feat(sharing): pairing, token, and device-identity core

First piece of local device sharing: self-cert fingerprint identity
(trust-on-first-use), a one-time expiring pairing PIN, fingerprint-bound
tokens, and a peer store that authorizes a pull only when both the token
and the TLS peer fingerprint match the same paired device. Pure logic,
fully unit-tested; the TLS share server and host pull build on this.

* feat(sharing): secure mutual-TLS transport + pairing handshake

Add device identity (self-signed cert, persisted; fingerprint = sha256 of
the cert DER), an HTTPS share server (mutual TLS: presents its cert, reads
the client's, and serves /api/usage only when the bearer token AND the
client fingerprint match the same paired peer), a one-time-PIN pairing
endpoint, and a fingerprint-pinning client. Verified end to end on
loopback: PIN pairing, pinned authed pull, and rejection of a wrong PIN,
a token replayed from another device, and a mismatched server
fingerprint. Adds the selfsigned dep (Node cannot generate certs natively).

* feat(sharing): share + devices CLI (pair, pull, combine)

Phase 3 terminal flow: codeburn share runs the secure server on-demand
(stops after 10 min idle; --always to persist, --pair to add a device),
and codeburn devices add <host> --pin <pin> pairs and pins a remote.
codeburn devices pulls this machine plus every paired device, keeps each
separate, and prints a per-device table with a simple summed Combined
row (no server-side merge). Persists identity and peers under the config
dir. Host pair-and-pull flow covered by a loopback integration test.

* feat(sharing): mDNS discovery + approve-style (no-PIN) pairing

Add bonjour-service discovery (advertise/browse over the LAN), a short
confirmation code derived from both cert fingerprints (Bluetooth-style
'do these match?' check), and an approve-style pairing endpoint that
prompts the owner instead of requiring a typed PIN. Loopback-tested:
approved device gets a working token with a matching code on both sides,
declined device is rejected.

* feat(sharing): AirDrop-style discover + approve UX

codeburn share now advertises on the LAN and approves incoming devices
interactively (confirm the matching code, no typed PIN). codeburn devices
add (no args) discovers nearby devices, lets you pick one, shows the
confirmation code, and waits for the owner to approve. Manual
add <host> --pin stays as a fallback for networks that block mDNS.

* feat(sharing): share only aggregates, never project names or paths

Sanitize each device's payload before it leaves the machine: drop
topProjects and topSessions (project names + session detail) and send
only aggregate numbers (cost, tokens, models, tools, activities, daily).
What you are working on stays local; only the totals travel.
2026-06-20 16:24:53 +02:00

104 lines
3.3 KiB
TypeScript

import { describe, it, expect } from 'vitest'
import {
certFingerprint,
generatePin,
constantTimeEqual,
mintToken,
PairingWindow,
PeerStore,
} from '../../src/sharing/pairing.js'
describe('certFingerprint', () => {
it('is a deterministic 64-char hex digest', () => {
const fp = certFingerprint('cert-bytes')
expect(fp).toMatch(/^[0-9a-f]{64}$/)
expect(certFingerprint('cert-bytes')).toBe(fp)
})
it('differs for different certs', () => {
expect(certFingerprint('a')).not.toBe(certFingerprint('b'))
})
})
describe('generatePin', () => {
it('is always 6 digits', () => {
for (let i = 0; i < 200; i++) expect(generatePin()).toMatch(/^\d{6}$/)
})
it('varies', () => {
const pins = new Set(Array.from({ length: 50 }, () => generatePin()))
expect(pins.size).toBeGreaterThan(1)
})
})
describe('constantTimeEqual', () => {
it('matches equal strings and rejects different ones', () => {
expect(constantTimeEqual('abc', 'abc')).toBe(true)
expect(constantTimeEqual('abc', 'abd')).toBe(false)
expect(constantTimeEqual('abc', 'abcd')).toBe(false)
})
})
describe('mintToken', () => {
it('is url-safe and unique', () => {
const a = mintToken()
const b = mintToken()
expect(a).toMatch(/^[A-Za-z0-9_-]+$/)
expect(a).not.toBe(b)
})
})
describe('PairingWindow', () => {
it('accepts the correct PIN within the window', () => {
const w = new PairingWindow(1000, 1000, '123456')
expect(w.verify('123456', 1500)).toBe(true)
})
it('rejects a wrong PIN', () => {
const w = new PairingWindow(1000, 1000, '123456')
expect(w.verify('000000', 1200)).toBe(false)
})
it('rejects after the window expires', () => {
const w = new PairingWindow(1000, 1000, '123456')
expect(w.isOpen(3000)).toBe(false)
expect(w.verify('123456', 3000)).toBe(false)
})
it('is one-time: a consumed PIN cannot be reused', () => {
const w = new PairingWindow(10_000, 1000, '123456')
expect(w.verify('123456', 1100)).toBe(true)
expect(w.verify('123456', 1200)).toBe(false)
})
})
describe('PeerStore', () => {
it('authorizes only when token AND fingerprint both match the same peer', () => {
const store = new PeerStore()
const a = store.pair('fp-aaa', 'MacBook')
const b = store.pair('fp-bbb', 'Mac Studio')
// correct pairing
expect(store.authorize(a.token, 'fp-aaa')).toBe(true)
// right token, wrong device fingerprint -> denied (stolen-token defense)
expect(store.authorize(a.token, 'fp-bbb')).toBe(false)
// wrong token on the right device -> denied
expect(store.authorize('not-the-token', 'fp-aaa')).toBe(false)
// unknown device -> denied
expect(store.authorize(a.token, 'fp-ccc')).toBe(false)
expect(store.authorize(b.token, 'fp-bbb')).toBe(true)
})
it('revokes a peer on unpair', () => {
const store = new PeerStore()
const p = store.pair('fp-x', 'Laptop')
expect(store.authorize(p.token, 'fp-x')).toBe(true)
expect(store.unpair('fp-x')).toBe(true)
expect(store.authorize(p.token, 'fp-x')).toBe(false)
expect(store.list()).toHaveLength(0)
})
it('round-trips through serializable peer records', () => {
const store = new PeerStore()
store.pair('fp-1', 'A')
const restored = new PeerStore(store.list())
const peer = restored.list()[0]!
expect(restored.authorize(peer.token, 'fp-1')).toBe(true)
})
})