Replace all db.run(sql, [params]) calls with db.prepare(sql).run(...params) across all source modules and test files. Also remove the node-sqlite3-wasm import from tests/db.test.ts and update the type annotation accordingly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
88 lines
2.5 KiB
TypeScript
88 lines
2.5 KiB
TypeScript
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
|
import request from 'supertest';
|
|
import bcrypt from 'bcryptjs';
|
|
import app from '../../src/index';
|
|
import { initDb, closeDb } from '../../src/db/index';
|
|
|
|
beforeAll(() => {
|
|
const db = initDb(':memory:');
|
|
// Create a test user
|
|
const hash = bcrypt.hashSync('correctpassword', 10);
|
|
db.prepare(
|
|
`INSERT INTO users (username, password_hash) VALUES (?, ?)`
|
|
).run('testuser', hash);
|
|
});
|
|
|
|
afterAll(() => {
|
|
closeDb();
|
|
});
|
|
|
|
describe('POST /api/auth/login', () => {
|
|
it('should return JWT on successful login', async () => {
|
|
const res = await request(app)
|
|
.post('/api/auth/login')
|
|
.send({ username: 'testuser', password: 'correctpassword' });
|
|
|
|
expect(res.status).toBe(200);
|
|
expect(res.body).toHaveProperty('token');
|
|
expect(typeof res.body.token).toBe('string');
|
|
expect(res.body.token.split('.').length).toBe(3); // valid JWT format
|
|
});
|
|
|
|
it('should reject wrong password with 401', async () => {
|
|
const res = await request(app)
|
|
.post('/api/auth/login')
|
|
.send({ username: 'testuser', password: 'wrongpassword' });
|
|
|
|
expect(res.status).toBe(401);
|
|
expect(res.body).toHaveProperty('error');
|
|
});
|
|
|
|
it('should reject unknown user with 401', async () => {
|
|
const res = await request(app)
|
|
.post('/api/auth/login')
|
|
.send({ username: 'nouser', password: 'anything' });
|
|
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('should reject missing credentials with 400', async () => {
|
|
const res = await request(app)
|
|
.post('/api/auth/login')
|
|
.send({});
|
|
|
|
expect(res.status).toBe(400);
|
|
});
|
|
});
|
|
|
|
describe('Auth middleware', () => {
|
|
it('should reject requests without token with 401', async () => {
|
|
const res = await request(app).get('/api/auth/me');
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('should reject requests with invalid token with 401', async () => {
|
|
const res = await request(app)
|
|
.get('/api/auth/me')
|
|
.set('Authorization', 'Bearer invalid.token.here');
|
|
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('should allow access with valid token', async () => {
|
|
// First login to get a token
|
|
const loginRes = await request(app)
|
|
.post('/api/auth/login')
|
|
.send({ username: 'testuser', password: 'correctpassword' });
|
|
|
|
const token = loginRes.body.token;
|
|
|
|
const res = await request(app)
|
|
.get('/api/auth/me')
|
|
.set('Authorization', `Bearer ${token}`);
|
|
|
|
expect(res.status).toBe(200);
|
|
expect(res.body).toHaveProperty('username', 'testuser');
|
|
});
|
|
});
|