Wired up authentication to tests

refs https://linear.app/tryghost/issue/AP-288 This makes sure that all of our tests use authentication. We have to stop communicating with the `activitypub-testing` service directly, because we need to replicate how this runs in production. How this generally runs is that there will be a host `example.com` and everything on `/.ghost/activitypub` will hit our service, and everything else will hit a Ghost instance - specifically for us we need the `/ghost/.well-known/jwks.json` endpoint to be reachable for auth to work. We have two wiremock instances, `fake-external-activitypub` is used to mock external services, so we can test things like follow requests and sending to external inboxes. `fake-ghost-activitypub` is the actual service under test, it proxies everything to our underlying `activitypub-testing` container, but allows us to add mocks for the jwks.json file. This essentially behaves as the `nginx` container in dev, or fastly in production. Listening on port 80 gives nicer urls Hardcoded keypair saves generating the keys, and allows us to cache them in the db.
TryGhost · Sep 29, 2024 · d61eb13 · d61eb13
1 parent 15cb22c
commit d61eb13
Show file tree

Hide file tree

Showing 5 changed files with 163 additions and 58 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -84,7 +84,9 @@ services:
       - NODE_ENV=testing
     command: yarn run cucumber-js
     depends_on:
-      wiremock:
+      fake-ghost-activitypub:
+        condition: service_started
+      fake-external-activitypub:
         condition: service_started
       activitypub-testing:
           condition: service_healthy
@@ -102,14 +104,15 @@ services:
       interval: 1s
       retries: 120
 
-  wiremock:
+  fake-ghost-activitypub:
     image: wiremock/wiremock:latest
-    ports:
-      - "8082:8080"
+    entrypoint: ["/docker-entrypoint.sh", "--global-response-templating", "--disable-gzip", "--verbose", "--port=80"]
     volumes:
-      - ./wiremock/mappings:/home/wiremock/mappings
-      - ./wiremock/__files:/home/wiremock/__files
-    entrypoint: ["/docker-entrypoint.sh", "--global-response-templating", "--disable-gzip", "--verbose"]
+      - ./wiremock/fake-ghost/mappings:/home/wiremock/mappings
+
+  fake-external-activitypub:
+    image: wiremock/wiremock:latest
+    entrypoint: ["/docker-entrypoint.sh", "--global-response-templating", "--disable-gzip", "--verbose", "--port=80"]
 
   fake-mastodon:
     image: wiremock/wiremock:latest

diff --git a/features/fixtures/private.key b/features/fixtures/private.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDF/DHjumSXbqze
+fmOULYZNlddNWpqw6q3T1U/zrwY8XM/sZhRKzUBcEUVDucQTbSPpuo46FoNOhJT7
+ws57ltNlwLxJkzwTmkY2QUX2lmvRzXYwfjb4Q0y0ynYgDop213stJLORnpA4CjWP
+gfvOtqpbEDI5L6luXEOR8G69Mfu3FzJ7C83WfpzuU5ErPSEBZZ0TT2ZXn8g6YXWu
+EyDUz4GPNaDpRnaYU/5jNpURwzaB92Hmbb99zeUjPHMsrcRrAILDT46T66ISSi6J
+Jpv1OcYkedCxjdRWSGz8jPXyO46q3CrcH2khiwRkk2I5dn+8gJkgOKHbCc3PUD0O
+I1nKhfEFAgMBAAECggEAGke36pndDOHWxgDiYHKri2RqrBytAHNiSAZeYsMWkZAj
+VGaXZnd4xc/QESWZMpfv5rBJ/UlsPBGqwgFxjaOvY2gSRjTqSlLV45FGA22jmbmL
+aPP0AX/TcIMYa3hqpkxDkDI5OMjirWGjiu1O2rlSAxzzAbbDJ4BNQtO2q1v1ZO/O
+SjIV7VnzF5JVJ6MmT5X0x8sXsUi6amhJHeUFhVuINxDhVi/bDgVcwaDvICD8Zd6M
+IvpNLYtXEsUKDdu6Elk5EUL3bOGguQYUlHKefvzqxQOJiXZPUCrIn01MudBwssVh
+9KbtEPWJRuKkT+sVDGBgArGh6rjmUAgYUvQF5TXwcQKBgQDoUtyiWNwQi/4V9qdh
+oLLIQzcEnXySwuGt4W4MAKCuvrOs6olnHuShiX4gTy9AhuBbc8YyVmfyeyMYYchg
+AJAbhNlE2pDodOhLc5j5zW2iqagf9VtlKz1qqHquEQu/DuHvQpRMYHH9bAam4dGD
+pWQhDZCorZ89rILJeZtx26QxcQKBgQDaKXfQ81evhxWJCZE1uN8FZ9Qu5OfmB52x
+cZONXmdhsspCmEXEhJkTaeHAJRs9YmP8cvNaVip2ox9XTvH1wfD/fUKSCF3VgCMM
+WTlakbIs+OakOJIj4LK3lEch4Kq5KDD6AvFQ6yHkjM1ZeJPK4X0VevOVuvgw1gGJ
+HrTU/y6u1QKBgHkQDOcQlQSOXsZFNO3b1q4i0H24L10u7nk0mqrofNLyjyCRSy6Q
+W6WNx0rA2KewYSNmziYW/q3N2vjuo4LbaDze2nVVy+NGYHJI97NciEAWVoToz0qF
+4Mg+qUchnNRfxf5u3GZ8b4oWi9TUoeAPBIFw1yv+5Zc22SRyGT2YrhQRAoGBANg1
+PK9yWzZ0E92qA6VQQIak7d5DsaeBaMEQpID4TFDA1j7Flm86UlKxHrBElghx2FG6
+wn6G4rKM22S1sooy2Nr7ktwTOpt60EFOs86UkhaL3lhmUD8KU1QouY5TkB7MPC2q
+eOoO/Zn6CRFgtGferQ56ualskMglb4QrUF+/Ps65AoGAK89IUXy0AZe6Mu/Cel8c
+vqy/162x6s3WjBVNB9Yv2SyyRDNi08/5j1IDBAsSAbFXI4GMY/SnqF7E5YhSvCwa
+A9thv/Im0kF/72POO6UpEfe2QWqjOpUI8FCMWUOVDP4tVQ9b8eTqNTMkB3W4MgTo
+2EOtiOrc9Wd+E7gpDsVMCNA=
+-----END PRIVATE KEY-----
diff --git a/features/fixtures/public.key b/features/fixtures/public.key
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfwx47pkl26s3n5jlC2G
+TZXXTVqasOqt09VP868GPFzP7GYUSs1AXBFFQ7nEE20j6bqOOhaDToSU+8LOe5bT
+ZcC8SZM8E5pGNkFF9pZr0c12MH42+ENMtMp2IA6Kdtd7LSSzkZ6QOAo1j4H7zraq
+WxAyOS+pblxDkfBuvTH7txcyewvN1n6c7lORKz0hAWWdE09mV5/IOmF1rhMg1M+B
+jzWg6UZ2mFP+YzaVEcM2gfdh5m2/fc3lIzxzLK3EawCCw0+Ok+uiEkouiSab9TnG
+JHnQsY3UVkhs/Iz18juOqtwq3B9pIYsEZJNiOXZ/vICZIDih2wnNz1A9DiNZyoXx
+BQIDAQAB
+-----END PUBLIC KEY-----