Jean-Luc Makiola
5b702a0e98
- Destructure { db, userId } from createTestDb() in all 8 service test files
- Pass userId to every service function call
- Add cross-user isolation tests for items, categories, threads, setups
- Add composite unique constraint test for categories
- Update verifyApiKey assertions to check { userId } return
- Update verifyAccessToken assertions to check { userId } return
- Pass userId to exchangeCode and refreshAccessToken calls
71 lines
2.1 KiB
TypeScript
71 lines
2.1 KiB
TypeScript
import { beforeEach, describe, expect, it } from "bun:test";
|
|
import {
|
|
createApiKey,
|
|
deleteApiKey,
|
|
listApiKeys,
|
|
verifyApiKey,
|
|
} from "../../src/server/services/auth.service.ts";
|
|
import { createTestDb } from "../helpers/db.ts";
|
|
|
|
describe("Auth Service", () => {
|
|
let db: any;
|
|
let userId: number;
|
|
|
|
beforeEach(async () => {
|
|
({ db, userId } = await createTestDb());
|
|
});
|
|
|
|
describe("API Key Management", () => {
|
|
it("creates key and returns raw key once (length > 16, prefix matches first 8 chars)", async () => {
|
|
const result = await createApiKey(db, userId, "test-key");
|
|
|
|
expect(result).toBeDefined();
|
|
expect(result.rawKey).toBeDefined();
|
|
expect(result.rawKey.length).toBeGreaterThan(16);
|
|
expect(result.keyPrefix).toBe(result.rawKey.slice(0, 8));
|
|
expect(result.name).toBe("test-key");
|
|
});
|
|
|
|
it("verifies valid key returns { userId }", async () => {
|
|
const result = await createApiKey(db, userId, "test-key");
|
|
const verified = await verifyApiKey(db, result.rawKey);
|
|
|
|
expect(verified).not.toBeNull();
|
|
expect(verified?.userId).toBe(userId);
|
|
});
|
|
|
|
it("rejects invalid key returns null", async () => {
|
|
await createApiKey(db, userId, "test-key");
|
|
const verified = await verifyApiKey(db, "invalidkey12345678");
|
|
|
|
expect(verified).toBeNull();
|
|
});
|
|
|
|
it("deletes key so it is no longer valid", async () => {
|
|
const result = await createApiKey(db, userId, "test-key");
|
|
await deleteApiKey(db, userId, result.id);
|
|
|
|
const verified = await verifyApiKey(db, result.rawKey);
|
|
expect(verified).toBeNull();
|
|
});
|
|
|
|
it("listApiKeys returns keys without hashes", async () => {
|
|
await createApiKey(db, userId, "key-one");
|
|
await createApiKey(db, userId, "key-two");
|
|
|
|
const keys = await listApiKeys(db, userId);
|
|
expect(keys).toHaveLength(2);
|
|
expect(keys[0].name).toBe("key-one");
|
|
expect(keys[1].name).toBe("key-two");
|
|
// Ensure no hash is exposed
|
|
for (const key of keys) {
|
|
expect(key).toHaveProperty("id");
|
|
expect(key).toHaveProperty("name");
|
|
expect(key).toHaveProperty("keyPrefix");
|
|
expect(key).toHaveProperty("createdAt");
|
|
expect(key).not.toHaveProperty("keyHash");
|
|
}
|
|
});
|
|
});
|
|
});
|