make kestrel a tak server, so that it can send and receive pois as cots data

test/unit/sanitize.spec.js

@@ -0,0 +1,95 @@
+import { describe, it, expect } from 'vitest'
+import { sanitizeString, sanitizeIdentifier, sanitizeLabel } from '../../server/utils/sanitize.js'
+
+describe('sanitize', () => {
+  describe('sanitizeString', () => {
+    it('trims whitespace', () => {
+      expect(sanitizeString('  test  ')).toBe('test')
+      expect(sanitizeString('\n\ttest\n\t')).toBe('test')
+    })
+
+    it('returns empty string for non-string input', () => {
+      expect(sanitizeString(null)).toBe('')
+      expect(sanitizeString(undefined)).toBe('')
+      expect(sanitizeString(123)).toBe('')
+      expect(sanitizeString({})).toBe('')
+    })
+
+    it('truncates strings exceeding max length', () => {
+      const longString = 'a'.repeat(2000)
+      expect(sanitizeString(longString, 1000).length).toBe(1000)
+    })
+
+    it('uses default max length', () => {
+      const longString = 'a'.repeat(2000)
+      expect(sanitizeString(longString).length).toBe(1000)
+    })
+
+    it('preserves valid strings', () => {
+      expect(sanitizeString('valid string')).toBe('valid string')
+      expect(sanitizeString('test123')).toBe('test123')
+    })
+  })
+
+  describe('sanitizeIdentifier', () => {
+    it('accepts valid identifiers', () => {
+      expect(sanitizeIdentifier('test123')).toBe('test123')
+      expect(sanitizeIdentifier('test_user')).toBe('test_user')
+      expect(sanitizeIdentifier('Test123')).toBe('Test123')
+      expect(sanitizeIdentifier('_test')).toBe('_test')
+    })
+
+    it('rejects invalid characters', () => {
+      expect(sanitizeIdentifier('test-user')).toBe('')
+      expect(sanitizeIdentifier('test.user')).toBe('')
+      expect(sanitizeIdentifier('test user')).toBe('')
+      expect(sanitizeIdentifier('test@user')).toBe('')
+    })
+
+    it('trims whitespace', () => {
+      expect(sanitizeIdentifier('  test123  ')).toBe('test123')
+    })
+
+    it('returns empty string for non-string input', () => {
+      expect(sanitizeIdentifier(null)).toBe('')
+      expect(sanitizeIdentifier(undefined)).toBe('')
+      expect(sanitizeIdentifier(123)).toBe('')
+    })
+
+    it('rejects empty strings', () => {
+      expect(sanitizeIdentifier('')).toBe('')
+      expect(sanitizeIdentifier('   ')).toBe('')
+    })
+
+    it('rejects strings exceeding max length', () => {
+      const longId = 'a'.repeat(256)
+      expect(sanitizeIdentifier(longId)).toBe('')
+    })
+  })
+
+  describe('sanitizeLabel', () => {
+    it('trims whitespace', () => {
+      expect(sanitizeLabel('  test label  ')).toBe('test label')
+    })
+
+    it('truncates long labels', () => {
+      const longLabel = 'a'.repeat(2000)
+      expect(sanitizeLabel(longLabel, 500).length).toBe(500)
+    })
+
+    it('uses default max length', () => {
+      const longLabel = 'a'.repeat(2000)
+      expect(sanitizeLabel(longLabel).length).toBe(1000)
+    })
+
+    it('returns empty string for non-string input', () => {
+      expect(sanitizeLabel(null)).toBe('')
+      expect(sanitizeLabel(undefined)).toBe('')
+    })
+
+    it('preserves valid labels', () => {
+      expect(sanitizeLabel('Valid Label')).toBe('Valid Label')
+      expect(sanitizeLabel('Test 123')).toBe('Test 123')
+    })
+  })
+})