forked from Fediversity/simple-nixos-fediverse
145 lines
5.6 KiB
Nix
145 lines
5.6 KiB
Nix
{ pkgs, self }:
|
|
let
|
|
lib = pkgs.lib;
|
|
rebuildableTest = import ./rebuildableTest.nix pkgs;
|
|
seleniumScript = pkgs.writers.writePython3Bin "selenium-script"
|
|
{
|
|
libraries = with pkgs.python3Packages; [ selenium ];
|
|
} ''
|
|
from selenium import webdriver
|
|
from selenium.webdriver.common.by import By
|
|
from selenium.webdriver.firefox.options import Options
|
|
from selenium.webdriver.support.ui import WebDriverWait
|
|
|
|
print(1)
|
|
|
|
options = Options()
|
|
options.add_argument("--headless")
|
|
# devtools don't show up in headless screenshots
|
|
# options.add_argument("-devtools")
|
|
service = webdriver.FirefoxService(executable_path="${lib.getExe pkgs.geckodriver}") # noqa: E501
|
|
|
|
driver = webdriver.Firefox(options=options, service=service)
|
|
driver.get("http://mastodon.localhost:55001/public/local")
|
|
|
|
# wait until the statuses load
|
|
WebDriverWait(driver, 90).until(
|
|
lambda x: x.find_element(By.CLASS_NAME, "status"))
|
|
|
|
driver.save_screenshot("/mastodon-screenshot.png")
|
|
|
|
driver.close()
|
|
'';
|
|
in
|
|
pkgs.nixosTest {
|
|
name = "test-mastodon-garage";
|
|
|
|
nodes = {
|
|
server = { config, ... }: {
|
|
virtualisation.memorySize = lib.mkVMOverride 4096;
|
|
imports = with self.nixosModules; [
|
|
bleedingFediverse
|
|
fediversity
|
|
garage-vm
|
|
mastodon-vm
|
|
];
|
|
# TODO: pair down
|
|
environment.systemPackages = with pkgs; [
|
|
python3
|
|
firefox-unwrapped
|
|
geckodriver
|
|
toot
|
|
xh
|
|
seleniumScript
|
|
helix
|
|
imagemagick
|
|
];
|
|
environment.variables = {
|
|
POST_MEDIA = ./green.png;
|
|
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.mastodon.id;
|
|
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.mastodon.secret;
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = { nodes, ... }: ''
|
|
import re
|
|
import time
|
|
|
|
server.start()
|
|
|
|
with subtest("Mastodon starts"):
|
|
server.wait_for_unit("mastodon-web.service")
|
|
|
|
# make sure mastodon is fully up and running before we interact with it
|
|
# TODO: is there a way to test for this?
|
|
time.sleep(180)
|
|
|
|
with subtest("Account creation"):
|
|
account_creation_output = server.succeed("mastodon-tootctl accounts create test --email test@test.com --confirmed --approve")
|
|
password_match = re.match('.*New password: ([^\n]*).*', account_creation_output, re.S)
|
|
if password_match is None:
|
|
raise Exception(f"account creation did not generate a password.\n{account_creation_output}")
|
|
password = password_match.group(1)
|
|
|
|
with subtest("TTY Login"):
|
|
server.wait_until_tty_matches("1", "login: ")
|
|
server.send_chars("root\n");
|
|
|
|
with subtest("Log in with toot"):
|
|
# toot doesn't provide a way to just specify our login details as arguments, so we have to pretend we're typing them in at the prompt
|
|
server.send_chars("toot login_cli --instance http://mastodon.localhost:55001 --email test@test.com\n")
|
|
server.wait_until_tty_matches("1", "Password: ")
|
|
server.send_chars(password + "\n")
|
|
server.wait_until_tty_matches("1", "Successfully logged in.")
|
|
|
|
with subtest("post text"):
|
|
server.succeed("echo 'hello mastodon' | toot post")
|
|
|
|
with subtest("post image"):
|
|
server.succeed("toot post --media $POST_MEDIA")
|
|
|
|
with subtest("access garage"):
|
|
server.succeed("mc alias set garage ${nodes.server.fediversity.internal.garage.api.url} --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
|
|
server.succeed("mc ls garage/mastodon")
|
|
|
|
with subtest("access image in garage"):
|
|
image = server.succeed("mc find garage --regex original")
|
|
image = image.rstrip()
|
|
if image == "":
|
|
raise Exception("image posted to mastodon did not get stored in garage")
|
|
server.succeed(f"mc cat {image} >/garage-image.webp")
|
|
garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
|
|
image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
|
|
if garage_image_hash != image_hash:
|
|
raise Exception("image stored in garage did not match image uploaded")
|
|
|
|
with subtest("Content security policy allows garage images"):
|
|
headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
|
|
csp_match = None
|
|
# I can't figure out re.MULTILINE
|
|
for header in headers.split("\n"):
|
|
csp_match = re.match('^Content-Security-Policy: (.*)$', header)
|
|
if csp_match is not None:
|
|
break
|
|
if csp_match is None:
|
|
raise Exception("mastodon did not send a content security policy header")
|
|
csp = csp_match.group(1)
|
|
# the img-src content security policy should include the garage server
|
|
## TODO: use `nodes.server.fediversity.internal.garage.api.url` same as above, but beware of escaping the regex.
|
|
garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
|
|
if garage_csp is None:
|
|
raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
|
|
|
|
# this could in theory give a false positive if mastodon changes it's colorscheme to include pure green.
|
|
with subtest("image displays"):
|
|
server.succeed("selenium-script")
|
|
server.copy_from_vm("/mastodon-screenshot.png", "")
|
|
displayed_colors = server.succeed("convert /mastodon-screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
|
|
# check that the green image displayed somewhere
|
|
green_check = re.match(".*#00FF00.*", displayed_colors, re.S)
|
|
if green_check is None:
|
|
raise Exception("cannot detect the uploaded image on mastodon page.")
|
|
'';
|
|
}
|