add mock backend for integration testing

integration/mock_backend/README.md

@@ -0,0 +1,33 @@
+# Mock Backend
+
+This project will serve a simple website that returns basic HTTP parameters
+as a JSON object. This is intended to be used for testing WAF behaviour.
+
+For example, testing that a silent redirect occurred, a header was added,
+or traffic was blocked.
+
+## How to run
+
+Install dependencies with `npm i`.
+
+Add site keys to config.js.
+
+Run with `npm run start`
+
+## How to use
+
+This project is intended to fill in as a backend in a WAF workflow. This Backend
+should be turned up on a server, the WAF under test should point to this server.
+
+Visiting the public WAF address should show pages hosted on this backend.
+
+The `/token/action` page hosts entry form that will asynchronously submit a
+request with an 'action' token attached.
+
+The `/token/session` page hosts a page with session token Javascript already
+installed.
+
+`/hello.html` is a static HTML page, intended to test JavaScript injection.
+
+All other pages return a synthetic JSON response. This response is intended to
+be parsed by integration tests to confirm Firewall Policy behaviour.

integration/mock_backend/config.js

@@ -0,0 +1,5 @@
+module.exports = {
+  port: process.env.PORT || 8080,
+  sessionSiteKey: 'TODO',
+  actionSiteKey: 'TODO',
+};

integration/mock_backend/index.js

@@ -0,0 +1,35 @@
+const express = require('express');
+const handlebars = require('express-handlebars');
+const path = require('path');
+const config = require('./config');
+const app = express();
+
+app.engine('handlebars', handlebars.engine({defaultLayout: false})); // No default layout here
+app.set('view engine', 'handlebars');
+app.set('views', path.join(__dirname, 'views'));
+app.use(express.static('public')); // Serve static files from public folder
+
+app.get('/token/action', (req, res) => {
+  res.render('action',
+    { siteKey: config.actionSiteKey });
+});
+
+app.get('/token/session', (req, res) => {
+  res.render('session',
+    { siteKey: config.sessionSiteKey });
+});
+
+app.get('*', (req, res) => {
+  res.send({
+    url: req.url,
+    method: req.method,
+    body: req.body,
+    headers: req.headers,
+    query: req.query,
+    params: req.params
+  });
+});
+
+app.listen(config.port, () => {
+  console.log(`mock backend listening on port ${config.port}`);
+});

integration/mock_backend/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "mock_backend",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "run": "node index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "express": "^4.21.1",
+    "express-handlebars": "^8.0.1"
+  }
+}

integration/mock_backend/public/hello.html

@@ -0,0 +1,9 @@
+<html>
+  <head>
+    <title>Hello World</title>
+  </head>
+  <body>
+    <h1>Hello World!</h1>
+    <p>Welcome to our website!</p>
+  </body>
+</html>

integration/mock_backend/views/action.handlebars

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>reCAPTCHA WAF Action Token</title>
+    <script src="https://www.google.com/recaptcha/enterprise.js?render={{siteKey}}"></script>
+    <script>
+    function onSuccess(action_token) {
+      const xhr = new XMLHttpRequest();
+      let url = document.getElementById("destpath").value;
+      xhr.open('GET', url, false);
+      // Attach the action-token to the predefined request header
+      xhr.setRequestHeader("X-Recaptcha-Token", action_token);
+      xhr.send(null);
+    }
+
+    function onError(reason) {
+      alert('Response promise rejected: ' + reason);
+    }
+
+    grecaptcha.enterprise.ready(function () {
+      document.getElementById("execute-button").onclick = () => {
+        grecaptcha.enterprise.execute('{{siteKey}}', {
+        }).then(onSuccess, onError);
+      };
+    });
+  </script>
+  </head>
+  <body>
+      <form>
+          <label for="destpath">Destination Path:</label><br>
+          <input type="text" id="destpath" name="destpath"><br>
+          <button type="button" id="execute-button">Execute Button</button>
+      </form>
+  </body>
+</html>

integration/mock_backend/views/session.handlebars

@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+  <html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>reCAPTCHA WAF Session Token</title>
+    <script src="https://www.google.com/recaptcha/enterprise.js?render={{siteKey}}&waf=session" async defer></script>
+  </head>
+</html>