Files
GearBox/tests/services/auth.service.test.ts
Jean-Luc Makiola 59e7f4be8a fix(15): convert auth service/tests to async PGlite pattern
The executor agents wrote sync SQLite-style calls (.get(), .all(), .run())
instead of the async Postgres pattern established in Phase 14. Fixed:
- auth.service.ts: use await + destructuring for all DB operations
- auth routes: await listApiKeys
- All auth test files: async createTestDb(), await service calls

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 21:40:12 +02:00

69 lines
2.0 KiB
TypeScript

import { beforeEach, describe, expect, it } from "bun:test";
import {
createApiKey,
deleteApiKey,
listApiKeys,
verifyApiKey,
} from "../../src/server/services/auth.service.ts";
import { createTestDb } from "../helpers/db.ts";
describe("Auth Service", () => {
let db: Awaited<ReturnType<typeof createTestDb>>;
beforeEach(async () => {
db = await createTestDb();
});
describe("API Key Management", () => {
it("creates key and returns raw key once (length > 16, prefix matches first 8 chars)", async () => {
const result = await createApiKey(db, "test-key");
expect(result).toBeDefined();
expect(result.rawKey).toBeDefined();
expect(result.rawKey.length).toBeGreaterThan(16);
expect(result.keyPrefix).toBe(result.rawKey.slice(0, 8));
expect(result.name).toBe("test-key");
});
it("verifies valid key returns true", async () => {
const result = await createApiKey(db, "test-key");
const isValid = await verifyApiKey(db, result.rawKey);
expect(isValid).toBe(true);
});
it("rejects invalid key returns false", async () => {
await createApiKey(db, "test-key");
const isValid = await verifyApiKey(db, "invalidkey12345678");
expect(isValid).toBe(false);
});
it("deletes key so it is no longer valid", async () => {
const result = await createApiKey(db, "test-key");
await deleteApiKey(db, result.id);
const isValid = await verifyApiKey(db, result.rawKey);
expect(isValid).toBe(false);
});
it("listApiKeys returns keys without hashes", async () => {
await createApiKey(db, "key-one");
await createApiKey(db, "key-two");
const keys = await listApiKeys(db);
expect(keys).toHaveLength(2);
expect(keys[0].name).toBe("key-one");
expect(keys[1].name).toBe("key-two");
// Ensure no hash is exposed
for (const key of keys) {
expect(key).toHaveProperty("id");
expect(key).toHaveProperty("name");
expect(key).toHaveProperty("keyPrefix");
expect(key).toHaveProperty("createdAt");
expect(key).not.toHaveProperty("keyHash");
}
});
});
});