developer/galaxy-game
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
ecd2bc93489a95153913c5e5b24a351ca8e1da30
galaxy-game/ui/frontend/tests/galaxy-client.test.ts
T
Ilia Denisov fbc0260720 phase 5: wasm core, GalaxyClient skeleton, Connect-Web stubs 
Compile `ui/core` to WebAssembly via TinyGo (903 KB) and expose four
canonical-bytes / signature-verification functions on
`globalThis.galaxyCore` from `ui/wasm/main.go`. The TypeScript-side
`Core` interface plus a `WasmCore` adapter (browser + JSDOM loader)
bridge those into a typed shape, and a `GalaxyClient` skeleton wires
`Core.signRequest` → injected `Signer` → typed Connect client →
`Core.verifyPayloadHash` / `verifyResponse`.

Wire `ui/buf.gen.yaml` against the local
`@bufbuild/protoc-gen-es` v2 binary (devDependency) so the codegen
step does not depend on the buf.build BSR. Vitest covers the bridge
end-to-end: per-method WasmCore tests under JSDOM, byte-for-byte
canon parity against the gateway fixtures committed in Phase 3, and
a `GalaxyClient` orchestration test using
`createRouterTransport`. The committed `core.wasm` snapshot tracks
TinyGo output so contributors run `make wasm` only when `ui/core/`
changes; CI consumes the snapshot directly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 12:58:37 +02:00

212 lines
6.9 KiB
TypeScript
Raw Blame History

// Verifies the orchestration order in `GalaxyClient.executeCommand`:
//
// core.signRequest(fields)
// → signer(canonicalBytes)
// → edge.executeCommand({ envelope, signature })
// → core.verifyPayloadHash(response payload, hash)
// → core.verifyResponse(envelope, signature)
// → return response.payloadBytes
//
// Tests use a hand-rolled mock `Core` and a Connect router transport
// from `@connectrpc/connect`, which lets us assert what the gateway
// would have received without standing up a real Connect server.
import { create } from "@bufbuild/protobuf";
import { createClient, createRouterTransport } from "@connectrpc/connect";
import { describe, expect, test, vi } from "vitest";
import { GalaxyClient } from "../src/api/galaxy-client";
import {
EdgeGateway,
ExecuteCommandResponseSchema,
type ExecuteCommandRequest,
} from "../src/proto/galaxy/gateway/v1/edge_gateway_pb";
import type {
Core,
RequestSigningFields,
ResponseSigningFields,
} from "../src/platform/core/index";
const FIXED_REQUEST_ID = "req-test-1";
const FIXED_TIMESTAMP = 1_700_000_000_000n;
describe("GalaxyClient.executeCommand", () => {
test("orchestrates sign → fetch → verify and returns the payload", async () => {
const canonicalBytes = new Uint8Array([0xca, 0xfe]);
const signature = new Uint8Array(64).fill(0x55);
const responsePayload = new TextEncoder().encode("hello-from-server");
const responseHash = new Uint8Array(32).fill(0x77);
const responseSignature = new Uint8Array(64).fill(0x99);
const responsePublicKey = new Uint8Array(32).fill(0x11);
const core = mockCore({
signRequestImpl: () => canonicalBytes,
verifyResponseImpl: () => true,
verifyPayloadHashImpl: () => true,
});
const signer = vi.fn(async () => signature);
const sha256 = vi.fn(async () => new Uint8Array(32).fill(0x33));
let captured: ExecuteCommandRequest | undefined;
const transport = createRouterTransport(({ service }) => {
service(EdgeGateway, {
executeCommand(req) {
captured = req;
return create(ExecuteCommandResponseSchema, {
protocolVersion: "v1",
requestId: FIXED_REQUEST_ID,
timestampMs: FIXED_TIMESTAMP,
resultCode: "ok",
payloadBytes: responsePayload,
payloadHash: responseHash,
signature: responseSignature,
});
},
subscribeEvents() {
throw new Error("not used in this test");
},
});
});
const edge = createClient(EdgeGateway, transport);
const client = new GalaxyClient({
core,
edge,
signer,
sha256,
deviceSessionId: "device-session-1",
gatewayResponsePublicKey: responsePublicKey,
clock: () => FIXED_TIMESTAMP,
requestIdFactory: () => FIXED_REQUEST_ID,
});
const out = await client.executeCommand(
"user.account.get",
new TextEncoder().encode("client-payload"),
);
expect(Array.from(out)).toEqual(Array.from(responsePayload));
expect(signer).toHaveBeenCalledWith(canonicalBytes);
expect(sha256).toHaveBeenCalledTimes(1);
expect(core.signRequest).toHaveBeenCalledTimes(1);
const verifyHashCall = vi.mocked(core.verifyPayloadHash).mock.calls[0]!;
expect(Array.from(verifyHashCall[0])).toEqual(Array.from(responsePayload));
expect(Array.from(verifyHashCall[1])).toEqual(Array.from(responseHash));
const verifyRespCall = vi.mocked(core.verifyResponse).mock.calls[0]!;
expect(Array.from(verifyRespCall[0])).toEqual(Array.from(responsePublicKey));
expect(Array.from(verifyRespCall[1])).toEqual(Array.from(responseSignature));
expect(verifyRespCall[2]).toMatchObject({
protocolVersion: "v1",
requestId: FIXED_REQUEST_ID,
resultCode: "ok",
});
expect(captured?.deviceSessionId).toBe("device-session-1");
expect(captured?.messageType).toBe("user.account.get");
expect(captured?.requestId).toBe(FIXED_REQUEST_ID);
expect(Array.from(captured?.signature ?? [])).toEqual(
Array.from(signature),
);
});
test("throws when the response signature fails verification", async () => {
const core = mockCore({
signRequestImpl: () => new Uint8Array(),
verifyResponseImpl: () => false,
verifyPayloadHashImpl: () => true,
});
const transport = createRouterTransport(({ service }) => {
service(EdgeGateway, {
executeCommand: () =>
create(ExecuteCommandResponseSchema, {
protocolVersion: "v1",
requestId: FIXED_REQUEST_ID,
timestampMs: FIXED_TIMESTAMP,
resultCode: "ok",
payloadBytes: new Uint8Array(),
payloadHash: new Uint8Array(32),
signature: new Uint8Array(64),
}),
subscribeEvents() {
throw new Error("not used in this test");
},
});
});
const client = new GalaxyClient({
core,
edge: createClient(EdgeGateway, transport),
signer: async () => new Uint8Array(64),
sha256: async () => new Uint8Array(32),
deviceSessionId: "device-session-1",
gatewayResponsePublicKey: new Uint8Array(32),
clock: () => FIXED_TIMESTAMP,
requestIdFactory: () => FIXED_REQUEST_ID,
});
await expect(
client.executeCommand("user.account.get", new Uint8Array()),
).rejects.toThrow(/invalid response signature/);
});
test("throws when the response payload_hash does not match", async () => {
const core = mockCore({
signRequestImpl: () => new Uint8Array(),
verifyResponseImpl: () => true,
verifyPayloadHashImpl: () => false,
});
const transport = createRouterTransport(({ service }) => {
service(EdgeGateway, {
executeCommand: () =>
create(ExecuteCommandResponseSchema, {
protocolVersion: "v1",
requestId: FIXED_REQUEST_ID,
timestampMs: FIXED_TIMESTAMP,
resultCode: "ok",
payloadBytes: new Uint8Array(),
payloadHash: new Uint8Array(32),
signature: new Uint8Array(64),
}),
subscribeEvents() {
throw new Error("not used in this test");
},
});
});
const client = new GalaxyClient({
core,
edge: createClient(EdgeGateway, transport),
signer: async () => new Uint8Array(64),
sha256: async () => new Uint8Array(32),
deviceSessionId: "device-session-1",
gatewayResponsePublicKey: new Uint8Array(32),
clock: () => FIXED_TIMESTAMP,
requestIdFactory: () => FIXED_REQUEST_ID,
});
await expect(
client.executeCommand("user.account.get", new Uint8Array()),
).rejects.toThrow(/payload_hash mismatch/);
});
});
interface MockCoreOptions {
signRequestImpl: (fields: RequestSigningFields) => Uint8Array;
verifyResponseImpl: (
publicKey: Uint8Array,
signature: Uint8Array,
fields: ResponseSigningFields,
) => boolean;
verifyPayloadHashImpl: (
payload: Uint8Array,
hash: Uint8Array,
) => boolean;
}
function mockCore(opts: MockCoreOptions): Core & {
signRequest: ReturnType<typeof vi.fn>;
verifyResponse: ReturnType<typeof vi.fn>;
verifyPayloadHash: ReturnType<typeof vi.fn>;
verifyEvent: ReturnType<typeof vi.fn>;
} {
return {
signRequest: vi.fn(opts.signRequestImpl),
verifyResponse: vi.fn(opts.verifyResponseImpl),
verifyEvent: vi.fn(() => true),
verifyPayloadHash: vi.fn(opts.verifyPayloadHashImpl),
};
}
Reference in New Issue View Git Blame Copy Permalink