Files
kestrelos/test/unit/authSkipPaths.spec.js
T
Madison Grubb aa8a0bd83f
PR / lint (pull_request) Failing after 31s
PR / test (pull_request) Successful in 45s
PR / docker-build (pull_request) Successful in 1m3s
PR / e2e (pull_request) Successful in 1m33s
Add ADS-B, AIS, and ALPR map layers with live CoT streaming.
Ingest aircraft and vessel tracks via OSINT feeds and tactical CoT, expose viewport-filtered SSE to the map, and add an OSM ALPR layer with tiled caching and performant marker sync.
2026-06-24 16:24:41 -04:00

48 lines
1.3 KiB
JavaScript

/**
* Ensures no API route that requires auth (requireAuth with optional role)
* is in the auth skip list. When adding a new protected API, add its path prefix to
* PROTECTED_PATH_PREFIXES in server/utils/authHelpers.js so these tests fail if it gets skipped.
*/
import { describe, it, expect } from 'vitest'
import { skipAuth, SKIP_PATHS, PROTECTED_PATH_PREFIXES } from '../../server/utils/authHelpers.js'
describe('authSkipPaths', () => {
it('does not skip any protected path', () => {
const protectedPaths = [
...PROTECTED_PATH_PREFIXES,
'/api/alpr',
'/api/cameras',
'/api/devices',
'/api/devices/any-id',
'/api/me',
'/api/pois',
'/api/pois/any-id',
'/api/users',
'/api/users/any-id',
]
protectedPaths.forEach((path) => {
expect(skipAuth(path)).toBe(false)
})
})
it.each([
'/api/auth/login',
'/api/auth/logout',
'/api/auth/config',
'/api/auth/oidc/authorize',
'/api/auth/oidc/callback',
'/api/health',
'/api/health/ready',
'/health',
])('skips public path: %s', (path) => {
expect(skipAuth(path)).toBe(true)
})
it('keeps SKIP_PATHS and PROTECTED_PATH_PREFIXES disjoint', () => {
const skipSet = new Set(SKIP_PATHS)
for (const path of PROTECTED_PATH_PREFIXES) {
expect(skipSet.has(path)).toBe(false)
}
})
})