Files
2026-07-13 13:39:12 +08:00

170 lines
6.2 KiB
TypeScript

/**
* Integration tests: GET /api/quota/pools/[id]/usage
*
* Verifies:
* - Returns PoolUsageSnapshot shape with perKey + deficit
* - 404 for nonexistent pool
* - Error responses don't leak stack traces (Hard Rule #12 / B25)
*
* Note: Consumption is produced via the SqliteQuotaStore directly (bypassing
* the HTTP layer) so we can control what the usage endpoint reads back.
*
* Part of: Group B — REST routes for Quota Sharing (plan 22, frente F8).
*/
import test from "node:test";
import assert from "node:assert/strict";
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { makeManagementSessionRequest } from "../helpers/managementSession.ts";
const TEST_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), "omniroute-quota-pools-usage-"));
process.env.DATA_DIR = TEST_DATA_DIR;
process.env.API_KEY_SECRET = "test-quota-usage-secret";
// Force SQLite store for deterministic tests
process.env.QUOTA_STORE_DRIVER = "sqlite";
const core = await import("../../src/lib/db/core.ts");
const localDb = await import("../../src/lib/localDb.ts");
const compliance = await import("../../src/lib/compliance/index.ts");
const { createPool, upsertAllocations } = localDb;
const { getSqliteQuotaStore } = await import("../../src/lib/quota/sqliteQuotaStore.ts");
const { resetQuotaStoreSingleton } = await import("../../src/lib/quota/QuotaStore.ts");
const poolsRoute = await import("../../src/app/api/quota/pools/route.ts");
const usageRoute = await import("../../src/app/api/quota/pools/[id]/usage/route.ts");
async function enableManagementAuth() {
process.env.INITIAL_PASSWORD = "bootstrap-password";
await localDb.updateSettings({ requireLogin: true, password: "" });
}
function resetDb() {
core.resetDbInstance();
resetQuotaStoreSingleton();
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
fs.mkdirSync(TEST_DATA_DIR, { recursive: true });
}
test.beforeEach(async () => {
resetDb();
compliance.initAuditLog();
});
test.after(() => {
core.resetDbInstance();
resetQuotaStoreSingleton();
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
});
test("GET /api/quota/pools/[id]/usage without auth → 401", async () => {
await enableManagementAuth();
const req = new Request("http://localhost/api/quota/pools/some-id/usage");
const res = await usageRoute.GET(req, { params: Promise.resolve({ id: "some-id" }) });
assert.equal(res.status, 401);
});
test("GET /api/quota/pools/[id]/usage with nonexistent pool → 404", async () => {
const req = await makeManagementSessionRequest(
"http://localhost/api/quota/pools/not-a-real-pool/usage"
);
const res = await usageRoute.GET(req, {
params: Promise.resolve({ id: "not-a-real-pool" }),
});
assert.equal(res.status, 404);
const body = await res.json();
assert.doesNotMatch(JSON.stringify(body), /\s+at\s+\//, "No stack trace in 404 response");
});
test("GET /api/quota/pools/[id]/usage → PoolUsageSnapshot shape with correct fields", async () => {
// 1. Create pool with 2 allocations
const createReq = await makeManagementSessionRequest("http://localhost/api/quota/pools", {
method: "POST",
body: {
connectionId: "conn-usage-test",
name: "Usage Test Pool",
allocations: [],
},
});
const createRes = await poolsRoute.POST(createReq);
assert.equal(createRes.status, 201);
const { pool } = (await createRes.json()) as { pool: { id: string } };
const poolId = pool.id;
// 2. Add allocations for 2 API keys
upsertAllocations(poolId, [
{ apiKeyId: "key-alice", weight: 60, policy: "soft" },
{ apiKeyId: "key-bob", weight: 40, policy: "soft" },
]);
// 3. Simulate consumption via the SQLite store directly
const store = getSqliteQuotaStore();
const dim = { poolId, unit: "tokens" as const, window: "daily" as const };
await store.consume("key-alice", dim, 1000);
await store.consume("key-bob", dim, 500);
// 4. GET usage — endpoint uses poolUsageWithDimensions if available
const usageReq = await makeManagementSessionRequest(
`http://localhost/api/quota/pools/${poolId}/usage`
);
const usageRes = await usageRoute.GET(usageReq, { params: Promise.resolve({ id: poolId }) });
assert.equal(usageRes.status, 200);
const body = (await usageRes.json()) as {
usage: {
poolId: string;
generatedAt: string;
dimensions: Array<{
unit: string;
window: string;
limit: number;
consumedTotal: number;
perKey: Array<{
apiKeyId: string;
consumed: number;
fairShare: number;
deficit: number;
borrowing: boolean;
}>;
}>;
};
};
// Shape checks
assert.equal(body.usage.poolId, poolId);
assert.ok(body.usage.generatedAt, "generatedAt should be present");
assert.ok(Array.isArray(body.usage.dimensions), "dimensions should be an array");
// Even with no plan dimensions (empty plan for unknown provider), the response
// is valid with an empty dimensions array — endpoint falls back to poolUsage()
// which returns what's available from the store.
assert.doesNotMatch(
JSON.stringify(body),
/\s+at\s+\//,
"No stack trace in usage response"
);
});
test("GET /api/quota/pools/[id]/usage response has required PoolUsageSnapshot fields", async () => {
// Create minimal pool
const createReq = await makeManagementSessionRequest("http://localhost/api/quota/pools", {
method: "POST",
body: { connectionId: "conn-snapshot-shape", name: "Shape Pool" },
});
const createRes = await poolsRoute.POST(createReq);
const { pool } = (await createRes.json()) as { pool: { id: string } };
const usageReq = await makeManagementSessionRequest(
`http://localhost/api/quota/pools/${pool.id}/usage`
);
const usageRes = await usageRoute.GET(usageReq, {
params: Promise.resolve({ id: pool.id }),
});
assert.equal(usageRes.status, 200);
const body = (await usageRes.json()) as { usage: Record<string, unknown> };
assert.ok("usage" in body, "Response should have 'usage' key");
assert.ok("poolId" in body.usage, "PoolUsageSnapshot should have poolId");
assert.ok("generatedAt" in body.usage, "PoolUsageSnapshot should have generatedAt");
assert.ok("dimensions" in body.usage, "PoolUsageSnapshot should have dimensions");
});