Christian Mueller e760853781 refactor: migrate from node-sqlite3-wasm to better-sqlite3
Replace all db.run(sql, [params]) calls with db.prepare(sql).run(...params)
across all source modules and test files. Also remove the node-sqlite3-wasm
import from tests/db.test.ts and update the type annotation accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-06 21:17:44 +02:00

88 lines
2.5 KiB
TypeScript

import { describe, it, expect, beforeAll, afterAll } from 'vitest';
import request from 'supertest';
import bcrypt from 'bcryptjs';
import app from '../../src/index';
import { initDb, closeDb } from '../../src/db/index';
beforeAll(() => {
const db = initDb(':memory:');
// Create a test user
const hash = bcrypt.hashSync('correctpassword', 10);
db.prepare(
`INSERT INTO users (username, password_hash) VALUES (?, ?)`
).run('testuser', hash);
});
afterAll(() => {
closeDb();
});
describe('POST /api/auth/login', () => {
it('should return JWT on successful login', async () => {
const res = await request(app)
.post('/api/auth/login')
.send({ username: 'testuser', password: 'correctpassword' });
expect(res.status).toBe(200);
expect(res.body).toHaveProperty('token');
expect(typeof res.body.token).toBe('string');
expect(res.body.token.split('.').length).toBe(3); // valid JWT format
});
it('should reject wrong password with 401', async () => {
const res = await request(app)
.post('/api/auth/login')
.send({ username: 'testuser', password: 'wrongpassword' });
expect(res.status).toBe(401);
expect(res.body).toHaveProperty('error');
});
it('should reject unknown user with 401', async () => {
const res = await request(app)
.post('/api/auth/login')
.send({ username: 'nouser', password: 'anything' });
expect(res.status).toBe(401);
});
it('should reject missing credentials with 400', async () => {
const res = await request(app)
.post('/api/auth/login')
.send({});
expect(res.status).toBe(400);
});
});
describe('Auth middleware', () => {
it('should reject requests without token with 401', async () => {
const res = await request(app).get('/api/auth/me');
expect(res.status).toBe(401);
});
it('should reject requests with invalid token with 401', async () => {
const res = await request(app)
.get('/api/auth/me')
.set('Authorization', 'Bearer invalid.token.here');
expect(res.status).toBe(401);
});
it('should allow access with valid token', async () => {
// First login to get a token
const loginRes = await request(app)
.post('/api/auth/login')
.send({ username: 'testuser', password: 'correctpassword' });
const token = loginRes.body.token;
const res = await request(app)
.get('/api/auth/me')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body).toHaveProperty('username', 'testuser');
});
});