openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: add app-level integration tests for routes, CORS, 404, headers
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m23s
Details

Browse source
This commit is contained in:
OpenClaw 2026-02-27 13:05:07 +00:00
parent 0d90c333c7
commit 427ec8e894
1 changed files with 107 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

107
src/__tests__/app-routes.test.ts Normal file
View file

@ -0,0 +1,107 @@
import { describe, it, expect, beforeAll } from "vitest";
import request from "supertest";
import { app } from "../index.js";
describe("App-level routes", () => {
describe("POST /v1/signup/* (410 Gone)", () => {
it("returns 410 for POST /v1/signup", async () => {
const res = await request(app).post("/v1/signup");
expect(res.status).toBe(410);
expect(res.body.error).toContain("discontinued");
expect(res.body.demo_endpoint).toBe("/v1/demo/html");
expect(res.body.pro_url).toBe("https://docfast.dev/#pricing");
});
it("returns 410 for POST /v1/signup/free", async () => {
const res = await request(app).post("/v1/signup/free");
expect(res.status).toBe(410);
expect(res.body.error).toContain("discontinued");
});
it("returns 410 for GET /v1/signup", async () => {
const res = await request(app).get("/v1/signup");
expect(res.status).toBe(410);
expect(res.body.demo_endpoint).toBeDefined();
});
});
describe("GET /api", () => {
it("returns API discovery info", async () => {
const res = await request(app).get("/api");
expect(res.status).toBe(200);
expect(res.body.name).toBe("DocFast API");
expect(res.body.version).toBeDefined();
expect(Array.isArray(res.body.endpoints)).toBe(true);
expect(res.body.endpoints.length).toBeGreaterThan(0);
});
});
describe("404 handler", () => {
it("returns JSON 404 for API paths (/v1/*)", async () => {
const res = await request(app).get("/v1/nonexistent");
expect(res.status).toBe(404);
expect(res.body.error).toContain("Not Found");
});
it("returns JSON 404 for API paths (/api/*)", async () => {
const res = await request(app).get("/api/nonexistent");
expect(res.status).toBe(404);
expect(res.body.error).toContain("Not Found");
});
it("returns HTML 404 for browser paths", async () => {
const res = await request(app).get("/nonexistent-page");
expect(res.status).toBe(404);
expect(res.headers["content-type"]).toContain("text/html");
expect(res.text).toContain("404");
});
});
describe("CORS behavior", () => {
it("returns restricted origin for auth routes", async () => {
for (const path of ["/v1/signup", "/v1/recover", "/v1/billing", "/v1/demo"]) {
const res = await request(app).get(path);
expect(res.headers["access-control-allow-origin"]).toBe("https://docfast.dev");
}
});
it("returns wildcard origin for other routes", async () => {
for (const path of ["/v1/convert", "/health"]) {
const res = await request(app).get(path);
expect(res.headers["access-control-allow-origin"]).toBe("*");
}
});
it("returns 204 for OPTIONS preflight", async () => {
const res = await request(app).options("/v1/signup");
expect(res.status).toBe(204);
expect(res.headers["access-control-allow-methods"]).toContain("GET");
expect(res.headers["access-control-allow-headers"]).toContain("X-API-Key");
});
});
describe("Request ID", () => {
it("adds X-Request-Id header to responses", async () => {
const res = await request(app).get("/api");
expect(res.headers["x-request-id"]).toBeDefined();
});
it("echoes provided X-Request-Id", async () => {
const res = await request(app).get("/api").set("X-Request-Id", "test-id-123");
expect(res.headers["x-request-id"]).toBe("test-id-123");
});
});
describe("Security headers", () => {
it("includes helmet security headers", async () => {
const res = await request(app).get("/api");
expect(res.headers["x-content-type-options"]).toBe("nosniff");
expect(res.headers["x-frame-options"]).toBeDefined();
});
it("includes permissions-policy header", async () => {
const res = await request(app).get("/api");
expect(res.headers["permissions-policy"]).toContain("camera=()");
});
});
});