Add property and protocol coverage tests

Author: benthecarman

Cargo.lock

@@ -12,3 +12,4 @@ ldk-server-protos = { path = "../ldk-server-protos", features = ["serde"] }
 serde_json = "1.0"
 hex-conservative = { version = "0.2", features = ["std"] }
 ldk-node = { git = "https://github.com/lightningdevkit/ldk-node", rev = "d1bbf978c8b7abe87ae2e40793556c1fe4e7ea49" }
+reqwest = { version = "0.12", default-features = false, features = ["http2", "rustls-tls"] }

e2e-tests/Cargo.lock

@@ -14,9 +14,11 @@ use e2e_tests::{
 	find_available_port, mine_and_sync, run_cli, run_cli_raw, setup_funded_channel,
 	wait_for_onchain_balance, LdkServerConfig, LdkServerHandle, TestBitcoind,
 };
-use ldk_node::lightning::ln::msgs::SocketAddress;
 use hex_conservative::{DisplayHex, FromHex};
+use ldk_node::bitcoin::hashes::hmac::{Hmac, HmacEngine};
+use ldk_node::bitcoin::hashes::HashEngine;
 use ldk_node::bitcoin::hashes::{sha256, Hash};
+use ldk_node::lightning::ln::msgs::SocketAddress;
 use ldk_node::lightning::offers::offer::Offer;
 use ldk_node::lightning_invoice::Bolt11Invoice;
 use ldk_server_client::ldk_server_protos::api::{
@@ -26,6 +28,35 @@ use ldk_server_client::ldk_server_protos::events::event_envelope::Event;
 use ldk_server_client::ldk_server_protos::types::{
 	bolt11_invoice_description, Bolt11InvoiceDescription,
 };
+use ldk_server_protos::endpoints::GET_NODE_INFO_PATH;
+use reqwest::{header::HeaderMap, Certificate, Client};
+
+fn compute_auth_header(api_key: &str) -> String {
+	let timestamp =
+		std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
+	let mut hmac_engine: HmacEngine<sha256::Hash> = HmacEngine::new(api_key.as_bytes());
+	hmac_engine.input(&timestamp.to_be_bytes());
+	let hmac = Hmac::<sha256::Hash>::from_engine(hmac_engine);
+	format!("HMAC {timestamp}:{hmac}")
+}
+
+async fn raw_grpc_request(
+	server: &LdkServerHandle, path: &str, extra_headers: HeaderMap,
+) -> reqwest::Response {
+	let cert = Certificate::from_pem(&std::fs::read(&server.tls_cert_path).unwrap()).unwrap();
+	let client = Client::builder().use_rustls_tls().add_root_certificate(cert).build().unwrap();
+
+	let mut request = client
+		.post(format!("https://{}{}", server.base_url(), path))
+		.header("content-type", "application/grpc+proto")
+		.header("te", "trailers")
+		.header("x-auth", compute_auth_header(&server.api_key));
+	for (name, value) in &extra_headers {
+		request = request.header(name, value);
+	}
+
+	request.body(vec![0, 0, 0, 0, 0]).send().await.unwrap()
+}
 
 #[tokio::test]
 async fn test_cli_get_node_info() {
@@ -215,31 +246,21 @@ async fn test_cli_decode_invoice() {
 	// serde_json escapes control chars (U+0000–U+001F) as \uXXXX in JSON.
 	let desc_with_ansi = "pay me\x1b[31m RED \x1b[0m";
 	let output_ansi = run_cli(&server, &["bolt11-receive", "-d", desc_with_ansi]);
-	let raw_decoded = run_cli_raw(
-		&server,
-		&["decode-invoice", output_ansi["invoice"].as_str().unwrap()],
-	);
-	assert!(
-		!raw_decoded.contains('\x1b'),
-		"Raw CLI output must not contain ANSI escape bytes"
-	);
+	let raw_decoded =
+		run_cli_raw(&server, &["decode-invoice", output_ansi["invoice"].as_str().unwrap()]);
+	assert!(!raw_decoded.contains('\x1b'), "Raw CLI output must not contain ANSI escape bytes");
 
 	// Test that Unicode bidi override characters in the description are escaped
 	// (sanitize_for_terminal replaces them with \uXXXX in CLI output)
 	let desc_with_bidi = "pay me\u{202E}evil";
 	let output_bidi = run_cli(&server, &["bolt11-receive", "-d", desc_with_bidi]);
-	let raw_bidi = run_cli_raw(
-		&server,
-		&["decode-invoice", output_bidi["invoice"].as_str().unwrap()],
-	);
+	let raw_bidi =
+		run_cli_raw(&server, &["decode-invoice", output_bidi["invoice"].as_str().unwrap()]);
 	assert!(
 		!raw_bidi.contains('\u{202E}'),
 		"Raw CLI output must not contain bidi override characters"
 	);
-	assert!(
-		raw_bidi.contains("\\u202E"),
-		"Bidi characters should be escaped as \\uXXXX in output"
-	);
+	assert!(raw_bidi.contains("\\u202E"), "Bidi characters should be escaped as \\uXXXX in output");
 }
 
 #[tokio::test]
@@ -307,30 +328,20 @@ async fn test_cli_decode_offer() {
 	// Test that ANSI escape sequences cannot reach the terminal via CLI output.
 	let desc_with_ansi = "offer\x1b[31m RED \x1b[0m";
 	let output_ansi = run_cli(&server_a, &["bolt12-receive", desc_with_ansi]);
-	let raw_decoded = run_cli_raw(
-		&server_a,
-		&["decode-offer", output_ansi["offer"].as_str().unwrap()],
-	);
-	assert!(
-		!raw_decoded.contains('\x1b'),
-		"Raw CLI output must not contain ANSI escape bytes"
-	);
+	let raw_decoded =
+		run_cli_raw(&server_a, &["decode-offer", output_ansi["offer"].as_str().unwrap()]);
+	assert!(!raw_decoded.contains('\x1b'), "Raw CLI output must not contain ANSI escape bytes");
 
 	// Test that Unicode bidi override characters in the description are escaped
 	let desc_with_bidi = "offer\u{202E}evil";
 	let output_bidi = run_cli(&server_a, &["bolt12-receive", desc_with_bidi]);
-	let raw_bidi = run_cli_raw(
-		&server_a,
-		&["decode-offer", output_bidi["offer"].as_str().unwrap()],
-	);
+	let raw_bidi =
+		run_cli_raw(&server_a, &["decode-offer", output_bidi["offer"].as_str().unwrap()]);
 	assert!(
 		!raw_bidi.contains('\u{202E}'),
 		"Raw CLI output must not contain bidi override characters"
 	);
-	assert!(
-		raw_bidi.contains("\\u202E"),
-		"Bidi characters should be escaped as \\uXXXX in output"
-	);
+	assert!(raw_bidi.contains("\\u202E"), "Bidi characters should be escaped as \\uXXXX in output");
 }
 
 #[tokio::test]
@@ -1148,3 +1159,44 @@ async fn test_metrics_endpoint_with_auth() {
 	assert!(metrics.contains("ldk_server_total_anchor_channels_reserve_sats 0"));
 	assert!(metrics.contains("ldk_server_total_lightning_balance_sats 0"));
 }
+
+#[tokio::test]
+async fn test_grpc_rejects_invalid_timeout_header() {
+	let bitcoind = TestBitcoind::new();
+	let server = LdkServerHandle::start(&bitcoind).await;
+
+	let mut headers = HeaderMap::new();
+	headers.insert("grpc-timeout", "abc".parse().unwrap());
+
+	let response =
+		raw_grpc_request(&server, &format!("/api.LightningNode/{GET_NODE_INFO_PATH}"), headers)
+			.await;
+	assert_eq!(response.status(), 200);
+	assert_eq!(response.headers().get("grpc-status").unwrap(), "3");
+	assert_eq!(response.headers().get("grpc-message").unwrap(), "Invalid grpc-timeout header");
+}
+
+#[tokio::test]
+async fn test_grpc_rejects_unknown_paths_and_methods() {
+	let bitcoind = TestBitcoind::new();
+	let server = LdkServerHandle::start(&bitcoind).await;
+
+		let response = raw_grpc_request(
+			&server,
+			&format!("/not-the-service/{GET_NODE_INFO_PATH}"),
+			HeaderMap::new(),
+		)
+	.await;
+	assert_eq!(response.status(), 200);
+	assert_eq!(response.headers().get("grpc-status").unwrap(), "12");
+	assert_eq!(
+		response.headers().get("grpc-message").unwrap(),
+		"Unknown path%3A %2Fnot-the-service%2FGetNodeInfo"
+	);
+
+	let response =
+		raw_grpc_request(&server, "/api.LightningNode/DoesNotExist", HeaderMap::new()).await;
+	assert_eq!(response.status(), 200);
+	assert_eq!(response.headers().get("grpc-status").unwrap(), "12");
+	assert_eq!(response.headers().get("grpc-message").unwrap(), "Unknown method%3A DoesNotExist");
+}

e2e-tests/Cargo.toml

@@ -19,4 +19,5 @@ rustls = "0.21"
 rustls-pemfile = "1"
 
 [dev-dependencies]
+proptest = "1.6.0"
 tokio = { version = "1", default-features = false, features = ["macros", "rt"] }