github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
TREK/server/tests/unit/services/ephemeralTokens.test.ts
Julien G. 905c7d460b Add comprehensive backend test suite (#339) 
* add test suite, mostly covers integration testing, tests are only backend side

* workflow runs the correct script

* workflow runs the correct script

* workflow runs the correct script

* unit tests incoming

* Fix multer silent rejections and error handler info leak

- Revert cb(null, false) to cb(new Error(...)) in auth.ts, collab.ts,
  and files.ts so invalid uploads return an error instead of silently
  dropping the file
- Error handler in app.ts now always returns 500 / "Internal server
  error" instead of forwarding err.message to the client

* Use statusCode consistently for multer errors and error handler

- Error handler in app.ts reads err.statusCode to forward the correct
  HTTP status while keeping the response body generic
2026-04-03 13:17:53 +02:00

72 lines
2.7 KiB
TypeScript
Raw Permalink Blame History

import { describe, it, expect, beforeEach, vi } from 'vitest';
// Reset module between tests that need a fresh token store
beforeEach(() => {
vi.resetModules();
});
describe('ephemeralTokens', () => {
async function getModule() {
return import('../../../src/services/ephemeralTokens');
}
// AUTH-030 — Resource token creation (single-use)
describe('createEphemeralToken', () => {
it('AUTH-030: creates a token and returns a hex string', async () => {
const { createEphemeralToken } = await getModule();
const token = createEphemeralToken(1, 'download');
expect(token).not.toBeNull();
expect(typeof token).toBe('string');
expect(token!.length).toBe(64); // 32 bytes hex
});
it('AUTH-030: different calls produce different tokens', async () => {
const { createEphemeralToken } = await getModule();
const t1 = createEphemeralToken(1, 'download');
const t2 = createEphemeralToken(1, 'download');
expect(t1).not.toBe(t2);
});
});
// AUTH-029 — WebSocket token expiry (single-use)
describe('consumeEphemeralToken', () => {
it('AUTH-030: token is consumed and returns userId on first use', async () => {
const { createEphemeralToken, consumeEphemeralToken } = await getModule();
const token = createEphemeralToken(42, 'download')!;
const userId = consumeEphemeralToken(token, 'download');
expect(userId).toBe(42);
});
it('AUTH-030: token is single-use — second consume returns null', async () => {
const { createEphemeralToken, consumeEphemeralToken } = await getModule();
const token = createEphemeralToken(42, 'download')!;
consumeEphemeralToken(token, 'download'); // first use
const second = consumeEphemeralToken(token, 'download'); // second use
expect(second).toBeNull();
});
it('AUTH-029: purpose mismatch returns null', async () => {
const { createEphemeralToken, consumeEphemeralToken } = await getModule();
const token = createEphemeralToken(42, 'ws')!;
const result = consumeEphemeralToken(token, 'download');
expect(result).toBeNull();
});
it('AUTH-029: expired token returns null', async () => {
vi.useFakeTimers();
const { createEphemeralToken, consumeEphemeralToken } = await getModule();
const token = createEphemeralToken(42, 'ws')!; // 30s TTL
vi.advanceTimersByTime(31_000); // advance past expiry
const result = consumeEphemeralToken(token, 'ws');
expect(result).toBeNull();
vi.useRealTimers();
});
it('returns null for unknown token', async () => {
const { consumeEphemeralToken } = await getModule();
const result = consumeEphemeralToken('nonexistent-token', 'download');
expect(result).toBeNull();
});
});
});
Reference in New Issue View Git Blame Copy Permalink