keligrubb/kestrelos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

refactor testing
Some checks failed
ci/woodpecker/pr/pr Pipeline failed
Details

Browse Source
This commit is contained in:
Madison Grubb
2026-02-17 11:05:57 -05:00
parent b0e8dd7ad9
commit 1a566e2d80
57 changed files with 1127 additions and 1760 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
test/unit/authSkipPaths.spec.js
View File

@@ -1,36 +1,40 @@
/**
* Ensures no API route that requires auth (requireAuth with optional role)
* is in the auth skip list. When adding a new protected API, add its path prefix to
* PROTECTED_PATH_PREFIXES in server/utils/authSkipPaths.js so these tests fail if it gets skipped.
* PROTECTED_PATH_PREFIXES in server/utils/authHelpers.js so these tests fail if it gets skipped.
*/
import { describe, it, expect } from 'vitest'
import { skipAuth, SKIP_PATHS, PROTECTED_PATH_PREFIXES } from '../../server/utils/authSkipPaths.js'
import { skipAuth, SKIP_PATHS, PROTECTED_PATH_PREFIXES } from '../../server/utils/authHelpers.js'
describe('authSkipPaths', () => {
it('does not skip any protected path (auth required for these)', () => {
for (const path of PROTECTED_PATH_PREFIXES) {
it('does not skip any protected path', () => {
const protectedPaths = [
...PROTECTED_PATH_PREFIXES,
'/api/cameras',
'/api/devices',
'/api/devices/any-id',
'/api/me',
'/api/pois',
'/api/pois/any-id',
'/api/users',
'/api/users/any-id',
]
protectedPaths.forEach((path) => {
expect(skipAuth(path)).toBe(false)
}
// Also check a concrete path under each prefix
expect(skipAuth('/api/cameras')).toBe(false)
expect(skipAuth('/api/devices')).toBe(false)
expect(skipAuth('/api/devices/any-id')).toBe(false)
expect(skipAuth('/api/me')).toBe(false)
expect(skipAuth('/api/pois')).toBe(false)
expect(skipAuth('/api/pois/any-id')).toBe(false)
expect(skipAuth('/api/users')).toBe(false)
expect(skipAuth('/api/users/any-id')).toBe(false)
})
})
it('skips known public paths', () => {
expect(skipAuth('/api/auth/login')).toBe(true)
expect(skipAuth('/api/auth/logout')).toBe(true)
expect(skipAuth('/api/auth/config')).toBe(true)
expect(skipAuth('/api/auth/oidc/authorize')).toBe(true)
expect(skipAuth('/api/auth/oidc/callback')).toBe(true)
expect(skipAuth('/api/health')).toBe(true)
expect(skipAuth('/api/health/ready')).toBe(true)
expect(skipAuth('/health')).toBe(true)
it.each([
'/api/auth/login',
'/api/auth/logout',
'/api/auth/config',
'/api/auth/oidc/authorize',
'/api/auth/oidc/callback',
'/api/health',
'/api/health/ready',
'/health',
])('skips public path: %s', (path) => {
expect(skipAuth(path)).toBe(true)
})
it('keeps SKIP_PATHS and PROTECTED_PATH_PREFIXES disjoint', () => {