gui.do / sifa-api
Sifa professional network API (Fastify, AT Protocol, Jetstream) sifa.id/
fork atom
sifa-api / tests / middleware / admin.test.ts
at main 87 lines 3.2 kB view raw
Guido X Jansen feat(admin): add admin stats dashboard endpoint (#77)
bd805fd7
1import { describe, it, expect, vi } from 'vitest'; 2import type { FastifyRequest, FastifyReply } from 'fastify'; 3import type { Env } from '../../src/config.js'; 4import { createAdminMiddleware } from '../../src/middleware/admin.js'; 5 6function makeConfig(adminDids?: string): Env { 7 return { 8 NODE_ENV: 'test', 9 PORT: 3100, 10 PUBLIC_URL: 'http://localhost:3100', 11 DATABASE_URL: 'postgresql://localhost/test', 12 VALKEY_URL: 'redis://localhost:6379', 13 SIFA_DID: 'did:plc:test', 14 JETSTREAM_URL: 'wss://jetstream.example.com', 15 OAUTH_JWKS_PATH: '/tmp/jwks', 16 GEONAMES_USERNAME: 'test', 17 ADMIN_DIDS: adminDids, 18 }; 19} 20 21function makeMocks(did: string | null) { 22 const request = { did } as FastifyRequest; 23 const send = vi.fn(); 24 const status = vi.fn().mockReturnValue({ send }); 25 const reply = { status, send } as unknown as FastifyReply; 26 return { request, reply, status, send }; 27} 28 29describe('Admin middleware', () => { 30 it('allows a DID that is in the admin list', async () => { 31 const middleware = createAdminMiddleware(makeConfig('did:plc:admin1,did:plc:admin2')); 32 const { request, reply, status } = makeMocks('did:plc:admin1'); 33 34 await middleware(request, reply); 35 36 expect(status).not.toHaveBeenCalled(); 37 }); 38 39 it('rejects a DID that is not in the admin list', async () => { 40 const middleware = createAdminMiddleware(makeConfig('did:plc:admin1')); 41 const { request, reply, status, send } = makeMocks('did:plc:other'); 42 43 await middleware(request, reply); 44 45 expect(status).toHaveBeenCalledWith(403); 46 expect(send).toHaveBeenCalledWith({ error: 'Forbidden', message: 'Admin access required' }); 47 }); 48 49 it('rejects when ADMIN_DIDS is unset (fails closed)', async () => { 50 const middleware = createAdminMiddleware(makeConfig(undefined)); 51 const { request, reply, status, send } = makeMocks('did:plc:anyone'); 52 53 await middleware(request, reply); 54 55 expect(status).toHaveBeenCalledWith(403); 56 expect(send).toHaveBeenCalledWith({ error: 'Forbidden', message: 'Admin access required' }); 57 }); 58 59 it('rejects when ADMIN_DIDS is empty string (fails closed)', async () => { 60 const middleware = createAdminMiddleware(makeConfig('')); 61 const { request, reply, status, send } = makeMocks('did:plc:anyone'); 62 63 await middleware(request, reply); 64 65 expect(status).toHaveBeenCalledWith(403); 66 expect(send).toHaveBeenCalledWith({ error: 'Forbidden', message: 'Admin access required' }); 67 }); 68 69 it('rejects when request.did is null', async () => { 70 const middleware = createAdminMiddleware(makeConfig('did:plc:admin1')); 71 const { request, reply, status, send } = makeMocks(null); 72 73 await middleware(request, reply); 74 75 expect(status).toHaveBeenCalledWith(403); 76 expect(send).toHaveBeenCalledWith({ error: 'Forbidden', message: 'Admin access required' }); 77 }); 78 79 it('trims whitespace around DIDs in the list', async () => { 80 const middleware = createAdminMiddleware(makeConfig(' did:plc:admin1 , did:plc:admin2 ')); 81 const { request, reply, status } = makeMocks('did:plc:admin2'); 82 83 await middleware(request, reply); 84 85 expect(status).not.toHaveBeenCalled(); 86 }); 87});