natsdotnet/tests/NATS.Server.Tests/Accounts/AccountImportExportTests.cs

using Microsoft.Extensions.Logging.Abstractions;
using NATS.Server;
using NATS.Server.Auth;
using NATS.Server.Imports;
using NATS.Server.Subscriptions;

namespace NATS.Server.Tests.Accounts;

/// <summary>
/// Tests for cross-account stream export/import delivery and account isolation semantics.
/// Reference: Go accounts_test.go TestAccountIsolationExportImport, TestMultiAccountsIsolation.
/// </summary>
public class AccountImportExportTests
{
    /// <summary>
    /// Verifies that stream export/import wiring allows messages published in the
    /// exporter account to be delivered to subscribers in the importing account.
    /// Mirrors Go TestAccountIsolationExportImport (conf variant) at the server API level.
    ///
    /// Setup: Account A exports "events.>", Account B imports "events.>" from A.
    /// When a message is published to "events.order" in Account A, a shadow subscription
    /// in Account A (wired for the import) should forward to Account B subscribers.
    /// Since stream import shadow subscription wiring is not yet integrated in ProcessMessage,
    /// this test exercises the export/import API and ProcessServiceImport path to verify
    /// cross-account delivery mechanics.
    /// </summary>
    [Fact]
    public void Stream_export_import_delivers_cross_account()
    {
        using var server = CreateTestServer();

        var exporter = server.GetOrCreateAccount("acct-a");
        var importer = server.GetOrCreateAccount("acct-b");

        // Account A exports "events.>"
        exporter.AddStreamExport("events.>", null);
        exporter.Exports.Streams.ShouldContainKey("events.>");

        // Account B imports "events.>" from Account A, mapped to "imported.events.>"
        importer.AddStreamImport(exporter, "events.>", "imported.events.>");
        importer.Imports.Streams.Count.ShouldBe(1);
        importer.Imports.Streams[0].From.ShouldBe("events.>");
        importer.Imports.Streams[0].To.ShouldBe("imported.events.>");
        importer.Imports.Streams[0].SourceAccount.ShouldBe(exporter);

        // Also set up a service export/import to verify cross-account message delivery
        // through the ProcessServiceImport path (which IS wired in ProcessMessage).
        exporter.AddServiceExport("svc.>", ServiceResponseType.Singleton, null);
        importer.AddServiceImport(exporter, "requests.>", "svc.>");

        // Subscribe in the exporter account's SubList to receive forwarded messages
        var received = new List<(string Subject, string Sid)>();
        var mockClient = new TestNatsClient(1, exporter);
        mockClient.OnMessage = (subject, sid, _, _, _) =>
            received.Add((subject, sid));

        var exportSub = new Subscription { Subject = "svc.order", Sid = "s1", Client = mockClient };
        exporter.SubList.Insert(exportSub);

        // Process a service import: simulates client in B publishing "requests.order"
        // which should transform to "svc.order" and deliver to A's subscriber
        var si = importer.Imports.Services["requests.>"][0];
        server.ProcessServiceImport(si, "requests.order", null,
            ReadOnlyMemory<byte>.Empty, ReadOnlyMemory<byte>.Empty);

        // Verify the message crossed accounts
        received.Count.ShouldBe(1);
        received[0].Subject.ShouldBe("svc.order");
        received[0].Sid.ShouldBe("s1");
    }

    /// <summary>
    /// Verifies that account isolation prevents cross-account delivery when multiple
    /// accounts use wildcard subscriptions and NO imports/exports are configured.
    /// Extends the basic isolation test in AccountIsolationTests by testing with
    /// three accounts and wildcard (">") subscriptions, matching the Go
    /// TestMultiAccountsIsolation pattern where multiple importing accounts must
    /// remain isolated from each other.
    ///
    /// Setup: Three accounts (A, B, C), no exports/imports. Each account subscribes
    /// to "orders.>" via its own SubList. Publishing in A should only match A's
    /// subscribers; B and C should receive nothing.
    /// </summary>
    [Fact]
    public void Account_isolation_prevents_cross_account_delivery()
    {
        using var server = CreateTestServer();

        var accountA = server.GetOrCreateAccount("acct-a");
        var accountB = server.GetOrCreateAccount("acct-b");
        var accountC = server.GetOrCreateAccount("acct-c");

        // Each account has its own independent SubList
        accountA.SubList.ShouldNotBeSameAs(accountB.SubList);
        accountB.SubList.ShouldNotBeSameAs(accountC.SubList);

        // Set up wildcard subscribers in all three accounts
        var receivedA = new List<string>();
        var receivedB = new List<string>();
        var receivedC = new List<string>();

        var clientA = new TestNatsClient(1, accountA);
        clientA.OnMessage = (subject, _, _, _, _) => receivedA.Add(subject);
        var clientB = new TestNatsClient(2, accountB);
        clientB.OnMessage = (subject, _, _, _, _) => receivedB.Add(subject);
        var clientC = new TestNatsClient(3, accountC);
        clientC.OnMessage = (subject, _, _, _, _) => receivedC.Add(subject);

        // Subscribe to wildcard "orders.>" in each account's SubList
        accountA.SubList.Insert(new Subscription { Subject = "orders.>", Sid = "a1", Client = clientA });
        accountB.SubList.Insert(new Subscription { Subject = "orders.>", Sid = "b1", Client = clientB });
        accountC.SubList.Insert(new Subscription { Subject = "orders.>", Sid = "c1", Client = clientC });

        // Publish in Account A's subject space — only A's SubList is matched
        var resultA = accountA.SubList.Match("orders.client.stream.entry");
        resultA.PlainSubs.Length.ShouldBe(1);

        foreach (var sub in resultA.PlainSubs)
        {
            sub.Client?.SendMessage("orders.client.stream.entry", sub.Sid, null,
                ReadOnlyMemory<byte>.Empty, ReadOnlyMemory<byte>.Empty);
        }

        // Account A received the message
        receivedA.Count.ShouldBe(1);
        receivedA[0].ShouldBe("orders.client.stream.entry");

        // Accounts B and C did NOT receive anything (isolation)
        receivedB.Count.ShouldBe(0);
        receivedC.Count.ShouldBe(0);

        // Now publish in Account B's subject space
        var resultB = accountB.SubList.Match("orders.other.stream.entry");
        resultB.PlainSubs.Length.ShouldBe(1);

        foreach (var sub in resultB.PlainSubs)
        {
            sub.Client?.SendMessage("orders.other.stream.entry", sub.Sid, null,
                ReadOnlyMemory<byte>.Empty, ReadOnlyMemory<byte>.Empty);
        }

        // Account B received the message
        receivedB.Count.ShouldBe(1);
        receivedB[0].ShouldBe("orders.other.stream.entry");

        // Account A still has only its original message, Account C still empty
        receivedA.Count.ShouldBe(1);
        receivedC.Count.ShouldBe(0);
    }

    private static NatsServer CreateTestServer()
    {
        var port = GetFreePort();
        return new NatsServer(new NatsOptions { Port = port }, NullLoggerFactory.Instance);
    }

    private static int GetFreePort()
    {
        using var sock = new System.Net.Sockets.Socket(
            System.Net.Sockets.AddressFamily.InterNetwork,
            System.Net.Sockets.SocketType.Stream,
            System.Net.Sockets.ProtocolType.Tcp);
        sock.Bind(new System.Net.IPEndPoint(System.Net.IPAddress.Loopback, 0));
        return ((System.Net.IPEndPoint)sock.LocalEndPoint!).Port;
    }

    /// <summary>
    /// Minimal test double for INatsClient used in import/export tests.
    /// </summary>
    private sealed class TestNatsClient(ulong id, Account account) : INatsClient
    {
        public ulong Id => id;
        public ClientKind Kind => ClientKind.Client;
        public Account? Account => account;
        public Protocol.ClientOptions? ClientOpts => null;
        public ClientPermissions? Permissions => null;

        public Action<string, string, string?, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>>? OnMessage { get; set; }

        public void SendMessage(string subject, string sid, string? replyTo,
            ReadOnlyMemory<byte> headers, ReadOnlyMemory<byte> payload)
        {
            OnMessage?.Invoke(subject, sid, replyTo, headers, payload);
        }

        public bool QueueOutbound(ReadOnlyMemory<byte> data) => true;

        public void RemoveSubscription(string sid) { }
    }
}