feat: harden remote serve and reuse connections
Testing / remote-protocol-compat (0.9.5) (push) Successful in 56s
Testing / remote-protocol-compat (0.9.3) (push) Successful in 59s
Testing / test (push) Successful in 1m1s
Build & Publish Package / publish (push) Successful in 33s
Package Extension / package-extension (push) Successful in 36s
Testing / remote-protocol-compat (0.9.5) (push) Successful in 56s
Testing / remote-protocol-compat (0.9.3) (push) Successful in 59s
Testing / test (push) Successful in 1m1s
Build & Publish Package / publish (push) Successful in 33s
Package Extension / package-extension (push) Successful in 36s
- Gate TCP serve commands with safe-by-default policies, per-key allow tokens, per-key rate limiting, and audit labels. - Reuse authenticated encrypted remote sessions and parallelize/caches multi-browser fanout to reduce repeated handshake roundtrips. - Increase paged native-host batch size with extension-side byte budgeting to speed large tab listings safely. - Point install output at public Chrome Web Store / Firefox AMO listings by default, with --dev preserving unpacked workflows. - Share search-engine metadata between CLI and SDK and bump the package/extension version to 0.16.0. - Cover the new security, pooling, paging, install, and fanout behavior with expanded Python and extension tests.
This commit is contained in:
@@ -0,0 +1,52 @@
|
||||
"""Unit tests for the remote connection pool (browser_cli.remote.pool)."""
|
||||
import socket
|
||||
|
||||
from browser_cli.remote import pool
|
||||
|
||||
def _socketpair():
|
||||
a, b = socket.socketpair()
|
||||
return a, b
|
||||
|
||||
def test_checkin_then_checkout_returns_same_connection():
|
||||
pool.close_all()
|
||||
a, b = _socketpair()
|
||||
conn = pool.PooledConnection(a, b"secret")
|
||||
pool.checkin("host:1", conn)
|
||||
assert pool.checkout("host:1") is conn
|
||||
assert pool.checkout("host:1") is None # only one was pooled
|
||||
b.close()
|
||||
pool.close_all()
|
||||
|
||||
def test_checkout_drops_stale_connection(monkeypatch):
|
||||
pool.close_all()
|
||||
a, b = _socketpair()
|
||||
conn = pool.PooledConnection(a, b"secret")
|
||||
pool.checkin("host:2", conn)
|
||||
# Make the pooled connection look older than the idle bound.
|
||||
conn.last_used -= (pool._MAX_IDLE_SECONDS + 1)
|
||||
assert pool.checkout("host:2") is None # stale → dropped, not returned
|
||||
b.close()
|
||||
pool.close_all()
|
||||
|
||||
def test_checkin_caps_pool_size():
|
||||
pool.close_all()
|
||||
sockets = []
|
||||
for i in range(pool._MAX_PER_ENDPOINT + 3):
|
||||
a, b = _socketpair()
|
||||
sockets.append(b)
|
||||
pool.checkin("host:3", pool.PooledConnection(a, b"secret"))
|
||||
drained = 0
|
||||
while pool.checkout("host:3") is not None:
|
||||
drained += 1
|
||||
assert drained == pool._MAX_PER_ENDPOINT
|
||||
for b in sockets:
|
||||
b.close()
|
||||
pool.close_all()
|
||||
|
||||
def test_session_inner_message_strips_auth_fields():
|
||||
msg = {
|
||||
"id": "1", "command": "tabs.list", "args": {}, "user_agent": "browser-cli/1",
|
||||
"pubkey": "x", "sig": "y", "pq_kex": {}, "encrypted": {}, "accept_encoding": {"x": 1},
|
||||
}
|
||||
inner = pool.session_inner_message(msg)
|
||||
assert inner == {"id": "1", "command": "tabs.list", "args": {}, "user_agent": "browser-cli/1", "accept_encoding": {"x": 1}}
|
||||
Reference in New Issue
Block a user