✅ test: add tests for INTERNAL_APP_URL feature

XYenon · factory-droid[bot] · XYenon · commit 49615809056e · 2025-11-01T17:55:15.000+08:00
Add comprehensive test coverage for INTERNAL_APP_URL:
- Test fallback behavior to APP_URL when INTERNAL_APP_URL is not set
- Test explicit INTERNAL_APP_URL configuration
- Test localhost bypass for CDN/proxy
- Test createAsyncServerClient using INTERNAL_APP_URL
- Test authentication headers in async calls

Co-authored-by: factory-droid[bot] &lt;138933559+factory-droid[bot]@users.noreply.github.com&gt;
diff --git a/src/envs/__tests__/app.test.ts b/src/envs/__tests__/app.test.ts
@@ -53,4 +53,39 @@ describe('getServerConfig', () => {
       );
     });
   });
+
+  describe('INTERNAL_APP_URL', () => {
+    it('should default to APP_URL when INTERNAL_APP_URL is not set', () => {
+      process.env.APP_URL = 'https://example.com';
+      delete process.env.INTERNAL_APP_URL;
+      
+      const config = getAppConfig();
+      expect(config.INTERNAL_APP_URL).toBe('https://example.com');
+    });
+
+    it('should use INTERNAL_APP_URL when explicitly set', () => {
+      process.env.APP_URL = 'https://public.example.com';
+      process.env.INTERNAL_APP_URL = 'http://localhost:3210';
+      
+      const config = getAppConfig();
+      expect(config.INTERNAL_APP_URL).toBe('http://localhost:3210');
+    });
+
+    it('should use INTERNAL_APP_URL over APP_URL when both are set', () => {
+      process.env.APP_URL = 'https://public.example.com';
+      process.env.INTERNAL_APP_URL = 'http://internal-service:3210';
+      
+      const config = getAppConfig();
+      expect(config.APP_URL).toBe('https://public.example.com');
+      expect(config.INTERNAL_APP_URL).toBe('http://internal-service:3210');
+    });
+
+    it('should handle localhost INTERNAL_APP_URL for bypassing CDN', () => {
+      process.env.APP_URL = 'https://cloudflare-proxied.com';
+      process.env.INTERNAL_APP_URL = 'http://127.0.0.1:3210';
+      
+      const config = getAppConfig();
+      expect(config.INTERNAL_APP_URL).toBe('http://127.0.0.1:3210');
+    });
+  });
 });
diff --git a/src/server/routers/async/__tests__/caller.test.ts b/src/server/routers/async/__tests__/caller.test.ts
@@ -0,0 +1,121 @@
+// @vitest-environment node
+import { describe, expect, it, vi } from 'vitest';
+
+import { appEnv } from '@/envs/app';
+
+// Mock the dependencies
+vi.mock('@/envs/app', () => ({
+  appEnv: {
+    APP_URL: 'https://public.example.com',
+    INTERNAL_APP_URL: 'http://localhost:3210',
+  },
+}));
+
+vi.mock('@/config/db', () => ({
+  serverDBEnv: {
+    KEY_VAULTS_SECRET: 'test-secret',
+  },
+}));
+
+vi.mock('@/server/modules/KeyVaultsEncrypt', () => ({
+  KeyVaultsGateKeeper: {
+    initWithEnvKey: vi.fn().mockResolvedValue({
+      encrypt: vi.fn().mockResolvedValue('encrypted-data'),
+    }),
+  },
+}));
+
+vi.mock('@trpc/client', () => ({
+  createTRPCClient: vi.fn((config: any) => {
+    // Store the config for inspection
+    return {
+      _config: config,
+    };
+  }),
+  httpLink: vi.fn((options: any) => options),
+}));
+
+describe('createAsyncServerClient', () => {
+  it('should use INTERNAL_APP_URL for server-to-server calls', async () => {
+    const { createAsyncServerClient } = await import('../caller');
+    const { createTRPCClient } = await import('@trpc/client');
+
+    await createAsyncServerClient('test-user-id', { test: 'payload' });
+
+    expect(createTRPCClient).toHaveBeenCalled();
+    const callArgs = vi.mocked(createTRPCClient).mock.calls[0][0];
+    const httpLinkConfig = callArgs.links[0];
+
+    // Verify that the URL uses INTERNAL_APP_URL
+    expect(httpLinkConfig.url).toContain('localhost:3210');
+    expect(httpLinkConfig.url).toBe('http://localhost:3210/trpc/async');
+  });
+
+  it('should fall back to APP_URL when INTERNAL_APP_URL is not set', async () => {
+    // Mock appEnv without INTERNAL_APP_URL
+    vi.mocked(appEnv).INTERNAL_APP_URL = undefined;
+    vi.mocked(appEnv).APP_URL = 'https://fallback.example.com';
+
+    const { createAsyncServerClient } = await import('../caller');
+    const { createTRPCClient } = await import('@trpc/client');
+
+    // Clear previous mocks
+    vi.clearAllMocks();
+
+    await createAsyncServerClient('test-user-id', { test: 'payload' });
+
+    expect(createTRPCClient).toHaveBeenCalled();
+    const callArgs = vi.mocked(createTRPCClient).mock.calls[0][0];
+    const httpLinkConfig = callArgs.links[0];
+
+    // Verify that the URL falls back to APP_URL
+    expect(httpLinkConfig.url).toBe('https://fallback.example.com/trpc/async');
+  });
+
+  it('should bypass CDN when INTERNAL_APP_URL points to localhost', async () => {
+    vi.mocked(appEnv).APP_URL = 'https://cloudflare-proxied.com';
+    vi.mocked(appEnv).INTERNAL_APP_URL = 'http://127.0.0.1:3210';
+
+    const { createAsyncServerClient } = await import('../caller');
+    const { createTRPCClient } = await import('@trpc/client');
+
+    // Clear previous mocks
+    vi.clearAllMocks();
+
+    await createAsyncServerClient('test-user-id', { test: 'payload' });
+
+    expect(createTRPCClient).toHaveBeenCalled();
+    const callArgs = vi.mocked(createTRPCClient).mock.calls[0][0];
+    const httpLinkConfig = callArgs.links[0];
+
+    // Verify that localhost is used to bypass CDN
+    expect(httpLinkConfig.url).toBe('http://127.0.0.1:3210/trpc/async');
+    expect(httpLinkConfig.url).not.toContain('cloudflare-proxied');
+  });
+
+  it('should include proper authentication headers', async () => {
+    vi.mocked(appEnv).INTERNAL_APP_URL = 'http://localhost:3210';
+
+    const { createAsyncServerClient } = await import('../caller');
+    const { KeyVaultsGateKeeper } = await import('@/server/modules/KeyVaultsEncrypt');
+    const { serverDBEnv } = await import('@/config/db');
+
+    // Clear previous mocks
+    vi.clearAllMocks();
+
+    const mockGateKeeper = {
+      encrypt: vi.fn().mockResolvedValue('encrypted-test-data'),
+    };
+    vi.mocked(KeyVaultsGateKeeper.initWithEnvKey).mockResolvedValue(mockGateKeeper as any);
+
+    await createAsyncServerClient('user-123', { clientSecret: 'test-secret' });
+
+    // Verify encryption was called with correct data
+    expect(mockGateKeeper.encrypt).toHaveBeenCalledWith(
+      JSON.stringify({ payload: { clientSecret: 'test-secret' }, userId: 'user-123' }),
+    );
+
+    // Verify KeyVaultsGateKeeper was initialized
+    expect(KeyVaultsGateKeeper.initWithEnvKey).toHaveBeenCalled();
+  });
+});
