mirror of
https://github.com/nicotsx/zerobyte.git
synced 2026-05-24 16:42:43 -04:00
4305057185
* chore: migrate to vitest * test: speed up some suites by sharing sessions and mocking expensive non-tested actions * test: refactor some tests to verify behavior instead of implementation details * chore: fix linting issues
75 lines
2.4 KiB
TypeScript
75 lines
2.4 KiB
TypeScript
import { describe, expect, test } from "vitest";
|
|
import { createApp } from "~/server/app";
|
|
import { serverEvents } from "~/server/core/events";
|
|
import { createTestSession, getAuthHeaders } from "~/test/helpers/auth";
|
|
|
|
const app = createApp();
|
|
|
|
describe("events security", () => {
|
|
test("should return 401 if no session cookie is provided", async () => {
|
|
const res = await app.request("/api/v1/events");
|
|
expect(res.status).toBe(401);
|
|
const body = await res.json();
|
|
expect(body.message).toBe("Invalid or expired session");
|
|
});
|
|
|
|
test("should return 401 if session is invalid", async () => {
|
|
const res = await app.request("/api/v1/events", {
|
|
headers: getAuthHeaders("invalid-session"),
|
|
});
|
|
expect(res.status).toBe(401);
|
|
const body = await res.json();
|
|
expect(body.message).toBe("Invalid or expired session");
|
|
});
|
|
|
|
test("should return 200 if session is valid", async () => {
|
|
const { headers } = await createTestSession();
|
|
|
|
const res = await app.request("/api/v1/events", {
|
|
headers,
|
|
});
|
|
|
|
expect(res.status).toBe(200);
|
|
expect(res.headers.get("Content-Type")).toBe("text/event-stream");
|
|
await res.body?.cancel();
|
|
});
|
|
|
|
test("should cleanup SSE listeners when client disconnects", async () => {
|
|
const { headers } = await createTestSession();
|
|
const initialCount = serverEvents.listenerCount("doctor:cancelled");
|
|
|
|
const res = await app.request("/api/v1/events", {
|
|
headers,
|
|
});
|
|
|
|
expect(res.status).toBe(200);
|
|
|
|
for (let i = 0; i < 20 && serverEvents.listenerCount("doctor:cancelled") < initialCount + 1; i++) {
|
|
await new Promise((resolve) => setTimeout(resolve, 10));
|
|
}
|
|
|
|
expect(serverEvents.listenerCount("doctor:cancelled")).toBe(initialCount + 1);
|
|
|
|
await res.body?.cancel();
|
|
|
|
for (let i = 0; i < 20 && serverEvents.listenerCount("doctor:cancelled") > initialCount; i++) {
|
|
await new Promise((resolve) => setTimeout(resolve, 10));
|
|
}
|
|
|
|
expect(serverEvents.listenerCount("doctor:cancelled")).toBe(initialCount);
|
|
});
|
|
|
|
describe("unauthenticated access", () => {
|
|
const endpoints: { method: string; path: string }[] = [{ method: "GET", path: "/api/v1/events" }];
|
|
|
|
for (const { method, path } of endpoints) {
|
|
test(`${method} ${path} should return 401`, async () => {
|
|
const res = await app.request(path, { method });
|
|
expect(res.status).toBe(401);
|
|
const body = await res.json();
|
|
expect(body.message).toBe("Invalid or expired session");
|
|
});
|
|
}
|
|
});
|
|
});
|