mirror of
https://github.com/navidrome/navidrome.git
synced 2026-04-26 10:30:46 +00:00
64c8d3f4c5
Some checks are pending
Pipeline: Test, Lint, Build / Get version info (push) Waiting to run
Pipeline: Test, Lint, Build / Lint Go code (push) Waiting to run
Pipeline: Test, Lint, Build / Test Go code (push) Waiting to run
Pipeline: Test, Lint, Build / Test Go code (Windows) (push) Waiting to run
Pipeline: Test, Lint, Build / Test JS code (push) Waiting to run
Pipeline: Test, Lint, Build / Lint i18n files (push) Waiting to run
Pipeline: Test, Lint, Build / Check Docker configuration (push) Waiting to run
Pipeline: Test, Lint, Build / Build (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-1 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-2 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-3 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-4 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-5 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-6 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-7 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-8 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-9 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build-10 (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Push to GHCR (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Push to Docker Hub (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Cleanup digest artifacts (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Build Windows installers (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Package/Release (push) Blocked by required conditions
Pipeline: Test, Lint, Build / Upload Linux PKG (push) Blocked by required conditions
* ci(windows): add skeleton go-windows job (compile-only smoke test)
* ci(windows): fix comment to reference Task 7 not Task 6
* ci(windows): harden PATH visibility and set explicit bash shell
* ci(windows): enable full go test suite and ndpgen check
* test(gotaglib): skip Unix-only permission tests on Windows
* test(lyrics): skip Windows-incompatible tests
* test(utils): skip Windows-incompatible tests
* test(mpv): skip Windows-incompatible playback tests
Skip 3 subprocess-execution tests that rely on Unix-style mpv
invocation; .bat output includes \r-terminated lines that break
argument parsing (#TBD-mpv-windows).
* test(storage): skip Windows-incompatible tests
Skip relative-path test where filepath.Join uses backslash but the
storage implementation returns a forward-slash URL path
(#TBD-path-sep-storage).
* test(storage/local): skip Windows-incompatible tests
Skip 13 tests that fail because url.Parse("file://" + windowsPath)
treats the drive letter colon as an invalid port; also skip the
Windows drive-letter path test that exposes a backslash vs
forward-slash normalisation bug (#TBD-path-sep-storage-local).
* test(playlists): skip Windows-incompatible tests
* test(model): skip Windows-incompatible tests
* test(model/metadata): skip Windows-incompatible tests
* test(core): skip Windows-incompatible tests
AbsolutePath uses filepath.Join which produces OS-native path separators;
skip the assertion test on Windows until the production code is fixed
(#TBD-path-sep-core).
* test(artwork): skip Windows-incompatible tests
Artwork readers produce OS-native path separators on Windows while tests
assert forward-slash paths; skip 11 affected tests pending a fix in
production code (#TBD-path-sep-artwork).
* test(persistence): skip Windows-incompatible tests
Skip flaky timestamp comparison (#TBD-flake-persistence) and path-separator
real-bugs (#TBD-path-sep-persistence) in FolderRepository.GetFolderUpdateInfo
which uses filepath.Clean/os.PathSeparator converting stored forward-slash paths
to backslashes on Windows.
* test(scanner): skip Windows-incompatible tests
Skip symlink tests (Unix-assumption), ndignore path-separator bugs
(#TBD-path-sep-scanner) in processLibraryEvents/resolveFolderPath where
filepath.Rel/filepath.Split return backslash paths incompatible with fs.FS
forward-slash expectations, error message mismatch on Windows, and file
format upgrade detection (#TBD-path-sep-scanner).
* test(plugins): skip Windows-incompatible tests
Add //go:build !windows tags to test files that reference the suite
bootstrap (testManager, testdataDir, createTestManager) which is only
compiled on non-Windows. Add a Windows-only suite stub that skips all
specs via BeforeEach to prevent [build failed] on Windows CI.
* test(server): skip Windows-incompatible tests
Skip createUnixSocketFile tests that rely on Unix file permission bits
(chmod/fchmod) which are not supported on Windows.
* test(nativeapi): skip Windows-incompatible tests
Skip the i18n JSON validation test that uses filepath.Join to build
embedded-FS paths; filepath.Join produces backslashes on Windows which
breaks fs.Open (embedded FS always uses forward slashes).
* test(e2e): skip Windows-incompatible tests
On Windows, SQLite holds file locks that prevent the Ginkgo TempDir
DeferCleanup from deleting the DB file. Register an explicit db.Close
DeferCleanup (LIFO before TempDir cleanup) on Windows so the file lock
is released before the temp directory is removed.
* test(windows): fix e2e AfterSuite and skip remaining scanner path test
* test(scanner): skip another Windows path-sep test (#TBD-path-sep-scanner)
* test(subsonic): skip timing-flaky test on Windows (#TBD-flake-time-resolution-subsonic)
* test(scanner): skip 'detects file moved to different folder' on Windows
* test(scanner): consolidate 'Library changes' Windows skips into BeforeEach
* test(scanner): close DB before TempDir cleanup to fix Windows file lock
* test(scanner): skip ScanFolders suite on Windows instead of closing shared DB
* ci: retrigger for Windows soak run 2/3
* ci: retrigger for Windows soak run 3/3
* ci: retrigger for Windows soak run 3/3 (take 2)
* test(scanner): skip Multi-Library suite on Windows (SQLite file lock)
* ci(windows): promote go-windows to blocking status check
* test(plugins): run platform-neutral specs on Windows, drop blanket Skip
* test(windows): make tests cross-platform instead of skipping
- subsonic: back-date submissionTime baseline by 1s so
BeTemporally(">") passes under millisecond clock resolution
- persistence: sleep briefly between Put calls so UpdatedAt is
strictly after CreatedAt on low-resolution clocks
- utils/files: close tempFile before os.Remove so the test works on
Windows (where an open handle holds a file lock)
- tests.TempFile: close the handle before returning; metadata tests
no longer leak the open file into Ginkgo's TempDir cleanup
Resolves Copilot review comments on #5380.
* test(tests): add SkipOnWindows helper to reduce boilerplate
Introduces tests.SkipOnWindows(reason) that wraps the 3-line
runtime.GOOS guard pattern used in every Windows-skipped spec.
* test(adapters): use tests.SkipOnWindows helper
* test(core): use tests.SkipOnWindows helper
* test(model): use tests.SkipOnWindows helper
* test(persistence): use tests.SkipOnWindows helper
* test(scanner): use tests.SkipOnWindows helper
* test(server): use tests.SkipOnWindows helper
* test(plugins): run pure-Go unit tests on Windows
config_validation_test, manager_loader_test, and migrate_test have no
WASM/exec dependencies and don't rely on the make-built test plugins
from plugins_suite_test.go. Let them run on Windows too.
209 lines
6.3 KiB
Go
209 lines
6.3 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/fs"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"time"
|
|
|
|
"github.com/navidrome/navidrome/conf/configtest"
|
|
"github.com/navidrome/navidrome/tests"
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
)
|
|
|
|
var _ = Describe("createUnixSocketFile", func() {
|
|
var socketPath string
|
|
|
|
BeforeEach(func() {
|
|
tempDir, _ := os.MkdirTemp("", "create_unix_socket_file_test")
|
|
socketPath = filepath.Join(tempDir, "test.sock")
|
|
DeferCleanup(func() {
|
|
_ = os.RemoveAll(tempDir)
|
|
})
|
|
})
|
|
|
|
When("unixSocketPerm is valid", func() {
|
|
It("updates the permission of the unix socket file and returns nil", func() {
|
|
tests.SkipOnWindows("uses Unix file permission bits")
|
|
_, err := createUnixSocketFile(socketPath, "0777")
|
|
fileInfo, _ := os.Stat(socketPath)
|
|
actualPermission := fileInfo.Mode().Perm()
|
|
|
|
Expect(actualPermission).To(Equal(os.FileMode(0777)))
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
})
|
|
})
|
|
|
|
When("unixSocketPerm is invalid", func() {
|
|
It("returns an error", func() {
|
|
_, err := createUnixSocketFile(socketPath, "invalid")
|
|
Expect(err).To(HaveOccurred())
|
|
|
|
})
|
|
})
|
|
|
|
When("file already exists", func() {
|
|
It("recreates the file as a socket with the right permissions", func() {
|
|
tests.SkipOnWindows("uses Unix file permission bits")
|
|
_, err := os.Create(socketPath)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(os.Chmod(socketPath, os.FileMode(0777))).To(Succeed())
|
|
|
|
_, err = createUnixSocketFile(socketPath, "0600")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
fileInfo, _ := os.Stat(socketPath)
|
|
Expect(fileInfo.Mode().Perm()).To(Equal(os.FileMode(0600)))
|
|
Expect(fileInfo.Mode().Type()).To(Equal(fs.ModeSocket))
|
|
})
|
|
})
|
|
})
|
|
|
|
var _ = Describe("TLS support", func() {
|
|
Describe("validateTLSCertificates", func() {
|
|
const testDataDir = "server/testdata"
|
|
|
|
When("certificate and key are valid and unencrypted", func() {
|
|
It("returns nil", func() {
|
|
certFile := filepath.Join(testDataDir, "test_cert.pem")
|
|
keyFile := filepath.Join(testDataDir, "test_key.pem")
|
|
err := validateTLSCertificates(certFile, keyFile)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
})
|
|
})
|
|
|
|
When("private key is encrypted with PKCS#8 format", func() {
|
|
It("returns an error with helpful message", func() {
|
|
certFile := filepath.Join(testDataDir, "test_cert_encrypted.pem")
|
|
keyFile := filepath.Join(testDataDir, "test_key_encrypted.pem")
|
|
err := validateTLSCertificates(certFile, keyFile)
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("encrypted"))
|
|
Expect(err.Error()).To(ContainSubstring("openssl"))
|
|
})
|
|
})
|
|
|
|
When("private key is encrypted with legacy format (Proc-Type header)", func() {
|
|
It("returns an error with helpful message", func() {
|
|
certFile := filepath.Join(testDataDir, "test_cert.pem")
|
|
keyFile := filepath.Join(testDataDir, "test_key_encrypted_legacy.pem")
|
|
err := validateTLSCertificates(certFile, keyFile)
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("encrypted"))
|
|
Expect(err.Error()).To(ContainSubstring("openssl"))
|
|
})
|
|
})
|
|
|
|
When("key file does not exist", func() {
|
|
It("returns an error", func() {
|
|
certFile := filepath.Join(testDataDir, "test_cert.pem")
|
|
keyFile := filepath.Join(testDataDir, "nonexistent.pem")
|
|
err := validateTLSCertificates(certFile, keyFile)
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("reading TLS key file"))
|
|
})
|
|
})
|
|
|
|
When("key file does not contain valid PEM", func() {
|
|
It("returns an error", func() {
|
|
// Create a temp file with invalid PEM content
|
|
tmpFile, err := os.CreateTemp("", "invalid_key*.pem")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
DeferCleanup(func() {
|
|
_ = os.Remove(tmpFile.Name())
|
|
})
|
|
_, err = tmpFile.WriteString("not a valid PEM file")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
_ = tmpFile.Close()
|
|
|
|
certFile := filepath.Join(testDataDir, "test_cert.pem")
|
|
err = validateTLSCertificates(certFile, tmpFile.Name())
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("valid PEM block"))
|
|
})
|
|
})
|
|
|
|
When("certificate file does not exist", func() {
|
|
It("returns an error from tls.LoadX509KeyPair", func() {
|
|
certFile := filepath.Join(testDataDir, "nonexistent_cert.pem")
|
|
keyFile := filepath.Join(testDataDir, "test_key.pem")
|
|
err := validateTLSCertificates(certFile, keyFile)
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("loading TLS certificate/key pair"))
|
|
})
|
|
})
|
|
})
|
|
|
|
Describe("Server TLS", func() {
|
|
const testDataDir = "server/testdata"
|
|
|
|
When("server is started with valid TLS certificates", func() {
|
|
It("accepts HTTPS connections", func() {
|
|
DeferCleanup(configtest.SetupConfig())
|
|
|
|
// Create server with mock dependencies
|
|
ds := &tests.MockDataStore{}
|
|
server := New(ds, nil, nil)
|
|
|
|
// Load the test certificate to create a trusted CA pool
|
|
certFile := filepath.Join(testDataDir, "test_cert.pem")
|
|
keyFile := filepath.Join(testDataDir, "test_key.pem")
|
|
caCert, err := os.ReadFile(certFile)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
// Create an HTTPS client that trusts our test certificate
|
|
httpClient := &http.Client{
|
|
Timeout: 5 * time.Second,
|
|
Transport: &http.Transport{
|
|
TLSClientConfig: &tls.Config{
|
|
RootCAs: caCertPool,
|
|
MinVersion: tls.VersionTLS12,
|
|
},
|
|
},
|
|
}
|
|
|
|
// Start the server in a goroutine
|
|
ctx, cancel := context.WithCancel(GinkgoT().Context())
|
|
defer cancel()
|
|
|
|
errChan := make(chan error, 1)
|
|
go func() {
|
|
errChan <- server.Run(ctx, "127.0.0.1", 14534, certFile, keyFile)
|
|
}()
|
|
|
|
Eventually(func() error {
|
|
// Make an HTTPS request to the server
|
|
resp, err := httpClient.Get("https://127.0.0.1:14534/ping")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer resp.Body.Close()
|
|
if resp.StatusCode != http.StatusOK {
|
|
return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
|
|
}
|
|
return nil
|
|
}, 2*time.Second, 100*time.Millisecond).Should(Succeed())
|
|
|
|
// Stop the server
|
|
cancel()
|
|
|
|
// Wait for server to stop (with timeout)
|
|
select {
|
|
case <-errChan:
|
|
// Server stopped
|
|
case <-time.After(2 * time.Second):
|
|
Fail("Server did not stop in time")
|
|
}
|
|
})
|
|
})
|
|
})
|
|
})
|