openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: add auth, rate-limit, and keys service tests
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m13s
Details

Browse source
This commit is contained in:
Hoid 2026-02-26 10:03:31 +00:00
parent 1a37765f41
commit 1aea9c872c
3 changed files with 346 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

85
src/__tests__/auth.test.ts Normal file
View file

@ -0,0 +1,85 @@
import { describe, it, expect, vi, beforeEach } from "vitest";
import { authMiddleware } from "../middleware/auth.js";
import { isValidKey, getKeyInfo } from "../services/keys.js";
const mockJson = vi.fn();
const mockStatus = vi.fn(() => ({ json: mockJson }));
const mockNext = vi.fn();
function makeReq(headers: Record<string, string> = {}): any {
return { headers };
}
function makeRes(): any {
mockJson.mockClear();
mockStatus.mockClear();
return { status: mockStatus, json: mockJson };
}
describe("authMiddleware", () => {
beforeEach(() => {
vi.clearAllMocks();
});
it("returns 401 when no auth header and no x-api-key", () => {
const req = makeReq();
const res = makeRes();
authMiddleware(req, res, mockNext);
expect(mockStatus).toHaveBeenCalledWith(401);
expect(mockJson).toHaveBeenCalledWith(
expect.objectContaining({ error: expect.stringContaining("Missing API key") })
);
expect(mockNext).not.toHaveBeenCalled();
});
it("returns 403 when Bearer token is invalid", () => {
vi.mocked(isValidKey).mockReturnValueOnce(false);
const req = makeReq({ authorization: "Bearer bad-key" });
const res = makeRes();
authMiddleware(req, res, mockNext);
expect(mockStatus).toHaveBeenCalledWith(403);
expect(mockJson).toHaveBeenCalledWith({ error: "Invalid API key" });
expect(mockNext).not.toHaveBeenCalled();
});
it("returns 403 when x-api-key is invalid", () => {
vi.mocked(isValidKey).mockReturnValueOnce(false);
const req = makeReq({ "x-api-key": "bad-key" });
const res = makeRes();
authMiddleware(req, res, mockNext);
expect(mockStatus).toHaveBeenCalledWith(403);
expect(mockNext).not.toHaveBeenCalled();
});
it("calls next() and attaches apiKeyInfo when Bearer token is valid", () => {
const info = { key: "test-key", tier: "pro", email: "t@t.com", createdAt: "2025-01-01" };
vi.mocked(isValidKey).mockReturnValueOnce(true);
vi.mocked(getKeyInfo).mockReturnValueOnce(info as any);
const req = makeReq({ authorization: "Bearer test-key" });
const res = makeRes();
authMiddleware(req, res, mockNext);
expect(mockNext).toHaveBeenCalled();
expect((req as any).apiKeyInfo).toEqual(info);
});
it("calls next() and attaches apiKeyInfo when x-api-key is valid", () => {
const info = { key: "xkey", tier: "free", email: "x@t.com", createdAt: "2025-01-01" };
vi.mocked(isValidKey).mockReturnValueOnce(true);
vi.mocked(getKeyInfo).mockReturnValueOnce(info as any);
const req = makeReq({ "x-api-key": "xkey" });
const res = makeRes();
authMiddleware(req, res, mockNext);
expect(mockNext).toHaveBeenCalled();
expect((req as any).apiKeyInfo).toEqual(info);
});
it("prefers Authorization header over x-api-key when both present", () => {
vi.mocked(isValidKey).mockReturnValueOnce(true);
vi.mocked(getKeyInfo).mockReturnValueOnce({ key: "bearer-key" } as any);
const req = makeReq({ authorization: "Bearer bearer-key", "x-api-key": "header-key" });
const res = makeRes();
authMiddleware(req, res, mockNext);
expect(isValidKey).toHaveBeenCalledWith("bearer-key");
expect((req as any).apiKeyInfo).toEqual({ key: "bearer-key" });
});
});