Files
2026-07-13 13:39:12 +08:00

144 lines
4.6 KiB
TypeScript

/**
* Integration tests — PUT /api/memory/[id]
* Tests: 200 happy path, 400 invalid body, 404 not found, 401 unauth, error sanitization.
*/
import test from "node:test";
import assert from "node:assert/strict";
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { mock } from "node:test";
import {
makeManagementSessionRequest,
createManagementSessionHeaders,
} from "../helpers/managementSession.ts";
const TEST_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), "omniroute-memory-put-"));
process.env.DATA_DIR = TEST_DATA_DIR;
process.env.API_KEY_SECRET = "test-secret-for-memory-put";
const core = await import("../../src/lib/db/core.ts");
const localDb = await import("../../src/lib/localDb.ts");
// ── Dynamic import of route module (after DATA_DIR set) ──
const memoryIdRoute = await import("../../src/app/api/memory/[id]/route.ts");
const { PUT, GET, DELETE } = memoryIdRoute;
// ── Memory store module ──
const memoryStore = await import("../../src/lib/memory/store.ts");
const { createMemory, getMemory } = memoryStore;
// ── Helpers ──
async function resetStorage() {
core.resetDbInstance();
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
fs.mkdirSync(TEST_DATA_DIR, { recursive: true });
}
function makeParams(id: string) {
return { params: Promise.resolve({ id }) };
}
async function makeAuthRequest(method: "PUT" | "GET" | "DELETE", body?: unknown) {
return makeManagementSessionRequest(`http://localhost/api/memory/test-id`, {
method,
body: body === undefined ? undefined : body,
});
}
async function seedMemory() {
return createMemory({
content: "Test content",
key: "test-key",
type: "factual" as any,
sessionId: "",
apiKeyId: "api-key-test",
metadata: {},
expiresAt: null,
});
}
// ── Test lifecycle ──
test.beforeEach(async () => {
await resetStorage();
await localDb.updateSettings({ requireLogin: false });
});
test.after(async () => {
await resetStorage();
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
});
// ── Tests ──
test("PUT /api/memory/[id] — happy path: 200 + {success:true}", async () => {
const memory = await seedMemory();
const req = await makeAuthRequest("PUT", { content: "Updated content" });
const res = await PUT(req, makeParams(memory.id));
assert.strictEqual(res.status, 200);
const body = await res.json();
assert.strictEqual(body.success, true);
});
test("PUT /api/memory/[id] — 400 with invalid body (extra field not in strict schema)", async () => {
const memory = await seedMemory();
const req = await makeAuthRequest("PUT", { content: "Updated", unknownField: "bad" });
const res = await PUT(req, makeParams(memory.id));
assert.strictEqual(res.status, 400);
const body = await res.json();
assert.ok(body.message || body.error, "should return error");
});
test("PUT /api/memory/[id] — 404 if memory does not exist", async () => {
const req = await makeAuthRequest("PUT", { content: "Updated" });
const res = await PUT(req, makeParams("non-existent-id-12345"));
assert.strictEqual(res.status, 404);
const body = await res.json();
assert.ok(body.error, "should have error field");
});
test("PUT /api/memory/[id] — 401 without auth when requireLogin=true", async () => {
await localDb.updateSettings({ requireLogin: true, password: "hashed-pw" });
const req = new Request("http://localhost/api/memory/test-id", {
method: "PUT",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ content: "Updated" }),
});
const res = await PUT(req, makeParams("any-id"));
assert.strictEqual(res.status, 401);
});
test("PUT /api/memory/[id] — error path: no stack trace in response", async () => {
// Trigger an error by passing invalid JSON to the parse step
const req = new Request("http://localhost/api/memory/test-id", {
method: "PUT",
headers: {},
body: "not-json{{{",
});
// Even with a parse error, we need auth headers or requireLogin off (already off from beforeEach)
const headers = await createManagementSessionHeaders();
const authReq = new Request("http://localhost/api/memory/test-id", {
method: "PUT",
headers: Object.fromEntries(headers.entries()),
body: "not-json{{{",
});
const res = await PUT(authReq, makeParams("any-id"));
// Should be 400 (invalid JSON) not a crash
assert.ok(res.status >= 400, "should return error status");
const body = await res.json();
const bodyStr = JSON.stringify(body);
// Hard Rule #12: no stack trace in response body
assert.ok(!bodyStr.match(/\sat\s\//), "response must not contain stack trace");
});