Files
diegosouzapw--omniroute/tests/integration/search-providers-catalog.test.ts
2026-07-13 13:39:12 +08:00

400 lines
15 KiB
TypeScript

/**
* Integration tests for GET /api/search/providers — extended catalog (F4).
*
* Tests:
* - Returns 16 items total (13 search + 3 fetch providers).
* - Each item carries the correct `kind` field.
* - Status reflects actual DB credential state:
* - "configured" when an active, non-rate-limited connection exists.
* - "missing" when no connection exists for the provider.
* - "rate_limited" when all connections are rate-limited (rateLimitedUntil in future).
* - Back-compat: `data` field is present and uses legacy shape
* {id, object, created, name, search_types}.
* - Unauthenticated requests receive 401.
* - Error responses do not leak stack traces (Hard Rule #12).
*/
import test from "node:test";
import assert from "node:assert/strict";
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import {
createManagementSessionHeaders,
TEST_MANAGEMENT_JWT_SECRET,
} from "../helpers/managementSession.ts";
// ---------------------------------------------------------------------------
// Isolated temp DB for this test suite
// ---------------------------------------------------------------------------
const TEST_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), "omniroute-search-providers-catalog-"));
process.env.DATA_DIR = TEST_DATA_DIR;
process.env.API_KEY_SECRET = "test-api-key-secret-search-catalog";
// Disable dashboard password requirement by default
process.env.INITIAL_PASSWORD = "";
process.env.DASHBOARD_PASSWORD = "";
process.env.JWT_SECRET = TEST_MANAGEMENT_JWT_SECRET;
// ---------------------------------------------------------------------------
// Module imports (after env setup so DB initialises in the right dir)
// ---------------------------------------------------------------------------
const core = await import("../../src/lib/db/core.ts");
const providersDb = await import("../../src/lib/db/providers.ts");
// Import route AFTER env is configured
const route = await import("../../src/app/api/search/providers/route.ts");
// ---------------------------------------------------------------------------
// Constants
// ---------------------------------------------------------------------------
// 13 search-kind providers: serper, brave, perplexity, exa, tavily, google-pse,
// linkup, searchapi, youcom, searxng, ollama, zai + duckduckgo-free (added in the
// v3.8.27 cycle, registry open-sse/config/searchRegistry.ts).
const EXPECTED_SEARCH_COUNT = 13;
const EXPECTED_FETCH_COUNT = 4;
const EXPECTED_TOTAL = EXPECTED_SEARCH_COUNT + EXPECTED_FETCH_COUNT;
// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------
/** Build a Request with valid management session cookie. */
async function buildAuthRequest(url = "http://localhost/api/search/providers"): Promise<Request> {
const headers = await createManagementSessionHeaders();
return new Request(url, { method: "GET", headers });
}
/** Build an unauthenticated request. */
function buildUnauthRequest(url = "http://localhost/api/search/providers"): Request {
return new Request(url, { method: "GET" });
}
/** Seed an active provider connection. */
async function seedActiveConnection(provider: string) {
return providersDb.createProviderConnection({
provider,
authType: "apikey",
name: `${provider}-test`,
apiKey: `sk-test-${provider}-${Date.now()}`,
isActive: true,
testStatus: "active",
rateLimitedUntil: null,
providerSpecificData: {},
});
}
/** Seed a rate-limited provider connection (rateLimitedUntil in future). */
async function seedRateLimitedConnection(provider: string) {
const future = new Date(Date.now() + 60_000).toISOString();
return providersDb.createProviderConnection({
provider,
authType: "apikey",
name: `${provider}-ratelimited`,
apiKey: `sk-test-${provider}-rl-${Date.now()}`,
isActive: false, // rate-limited connections are set inactive
testStatus: "unavailable",
rateLimitedUntil: future,
providerSpecificData: {},
});
}
/** Reset DB state between tests. */
async function resetStorage() {
core.resetDbInstance();
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
fs.mkdirSync(TEST_DATA_DIR, { recursive: true });
}
// ---------------------------------------------------------------------------
// Lifecycle hooks
// ---------------------------------------------------------------------------
test.beforeEach(async () => {
await resetStorage();
});
test.after(async () => {
await resetStorage();
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
});
// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------
test("search-providers-catalog: returns 401 for unauthenticated requests when auth is required", async () => {
// Enable auth: set a password in DB settings and INITIAL_PASSWORD so isAuthRequired() → true
const settingsDb = await import("../../src/lib/db/settings.ts");
await settingsDb.updateSettings({ requireLogin: true, password: "hashed-pw-test" });
const req = buildUnauthRequest();
const res = await route.GET(req);
assert.equal(res.status, 401);
const body = await res.json();
// Hard Rule #12: error body should not leak stack traces
const bodyStr = JSON.stringify(body);
assert.ok(!bodyStr.includes(" at /"), "error body must not contain stack trace");
});
test("search-providers-catalog: returns 16 providers (13 search + 3 fetch)", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
assert.equal(res.status, 200);
const body = await res.json();
assert.ok(Array.isArray(body.providers), "`providers` array must be present");
assert.equal(
body.providers.length,
EXPECTED_TOTAL,
`Expected ${EXPECTED_TOTAL} providers, got ${body.providers.length}`
);
});
test("search-providers-catalog: correct count of search and fetch kinds", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const searchItems = body.providers.filter((p: { kind: string }) => p.kind === "search");
const fetchItems = body.providers.filter((p: { kind: string }) => p.kind === "fetch");
assert.equal(
searchItems.length,
EXPECTED_SEARCH_COUNT,
`Expected ${EXPECTED_SEARCH_COUNT} search-kind items, got ${searchItems.length}`
);
assert.equal(
fetchItems.length,
EXPECTED_FETCH_COUNT,
`Expected ${EXPECTED_FETCH_COUNT} fetch-kind items, got ${fetchItems.length}`
);
});
test("search-providers-catalog: every item has a valid kind value", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
for (const item of body.providers) {
assert.ok(
item.kind === "search" || item.kind === "fetch",
`item.kind must be 'search' or 'fetch', got '${item.kind}' for id=${item.id}`
);
}
});
test("search-providers-catalog: status=missing when no DB credentials exist", async () => {
// No connections seeded — all providers should be "missing"
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
for (const item of body.providers) {
assert.equal(
item.status,
"missing",
`provider ${item.id} should be 'missing', got '${item.status}'`
);
}
});
test("search-providers-catalog: status=configured when active credentials seeded", async () => {
// Seed an active connection for serper-search
await seedActiveConnection("serper-search");
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const serper = body.providers.find((p: { id: string }) => p.id === "serper-search");
assert.ok(serper, "serper-search must be in response");
assert.equal(
serper.status,
"configured",
`serper-search should be 'configured' after seeding active credentials`
);
// Other providers (no creds) should still be "missing"
const missingItems = body.providers.filter(
(p: { id: string; status: string }) => p.id !== "serper-search" && p.id !== "perplexity-search"
);
for (const item of missingItems) {
assert.equal(item.status, "missing", `${item.id} should be 'missing'`);
}
});
test("search-providers-catalog: status=rate_limited when all connections are rate-limited", async () => {
// Seed a rate-limited connection for brave-search (no active connections)
await seedRateLimitedConnection("brave-search");
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const brave = body.providers.find((p: { id: string }) => p.id === "brave-search");
assert.ok(brave, "brave-search must be in response");
assert.equal(
brave.status,
"rate_limited",
`brave-search should be 'rate_limited' when all connections have future rateLimitedUntil`
);
});
test("search-providers-catalog: mixed status across providers", async () => {
// serper → configured, brave → rate_limited, rest → missing
await seedActiveConnection("serper-search");
await seedRateLimitedConnection("brave-search");
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const serper = body.providers.find((p: { id: string }) => p.id === "serper-search");
assert.equal(serper?.status, "configured", "serper-search should be configured");
const brave = body.providers.find((p: { id: string }) => p.id === "brave-search");
assert.equal(brave?.status, "rate_limited", "brave-search should be rate_limited");
const exa = body.providers.find((p: { id: string }) => p.id === "exa-search");
assert.equal(exa?.status, "missing", "exa-search should be missing");
});
test("search-providers-catalog: back-compat data field has legacy shape", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
// Legacy shape: { id, object, created, name, search_types }
assert.ok(Array.isArray(body.data), "`data` array must be present for back-compat");
assert.equal(body.data.length, EXPECTED_TOTAL, "data array should have same length as providers");
for (const item of body.data) {
assert.ok(typeof item.id === "string", "data item must have id");
assert.equal(item.object, "search_provider", "data item object must be 'search_provider'");
assert.ok(typeof item.created === "number", "data item must have numeric created timestamp");
assert.ok(typeof item.name === "string", "data item must have name");
assert.ok(Array.isArray(item.search_types), "data item must have search_types array");
}
});
test("search-providers-catalog: fetch providers have correct metadata", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const fetchProviders = body.providers.filter((p: { kind: string }) => p.kind === "fetch");
const ids = fetchProviders.map((p: { id: string }) => p.id);
assert.ok(ids.includes("firecrawl"), "firecrawl must be present");
assert.ok(ids.includes("jina-reader"), "jina-reader must be present");
assert.ok(ids.includes("tavily-search"), "tavily-search must be present");
assert.ok(ids.includes("tinyfish"), "tinyfish must be present");
const firecrawl = fetchProviders.find((p: { id: string }) => p.id === "firecrawl");
assert.equal(firecrawl.name, "Firecrawl");
assert.equal(firecrawl.costPerQuery, 0.002);
assert.equal(firecrawl.freeMonthlyQuota, 500);
assert.ok(Array.isArray(firecrawl.fetchFormats), "fetchFormats must be an array");
assert.ok(
firecrawl.fetchFormats.includes("markdown"),
"firecrawl fetchFormats must include markdown"
);
assert.ok(
firecrawl.fetchFormats.includes("screenshot"),
"firecrawl fetchFormats must include screenshot"
);
const jina = fetchProviders.find((p: { id: string }) => p.id === "jina-reader");
assert.equal(jina.name, "Jina Reader");
assert.equal(jina.costPerQuery, 0.0005);
assert.ok(jina.fetchFormats.includes("text"), "jina fetchFormats must include text");
const tavily = fetchProviders.find((p: { id: string }) => p.id === "tavily-search");
assert.equal(tavily.name, "Tavily Extract");
assert.equal(tavily.costPerQuery, 0.001);
const tinyfish = fetchProviders.find((p: { id: string }) => p.id === "tinyfish");
assert.equal(tinyfish.name, "TinyFish Fetch");
assert.equal(tinyfish.costPerQuery, 0);
assert.ok(
tinyfish.fetchFormats.includes("markdown"),
"tinyfish fetchFormats must include markdown"
);
});
test("search-providers-catalog: search providers have correct fields", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const searchProviders = body.providers.filter((p: { kind: string }) => p.kind === "search");
for (const item of searchProviders) {
assert.ok(typeof item.id === "string", "search item must have id");
assert.ok(typeof item.name === "string", "search item must have name");
assert.ok(typeof item.costPerQuery === "number", "search item must have costPerQuery");
assert.ok(typeof item.freeMonthlyQuota === "number", "search item must have freeMonthlyQuota");
assert.ok(Array.isArray(item.searchTypes), "search item must have searchTypes array");
assert.equal(
item.configureHref,
"/dashboard/providers",
"configureHref must be /dashboard/providers"
);
}
// Spot check: serper-search
const serper = searchProviders.find((p: { id: string }) => p.id === "serper-search");
assert.ok(serper, "serper-search must be in search providers");
assert.ok(serper.searchTypes.includes("web"), "serper must support web search");
assert.equal(serper.kind, "search");
});
test("search-providers-catalog: response validates against SearchProviderCatalogResponseSchema", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const { SearchProviderCatalogResponseSchema } =
await import("../../src/shared/schemas/searchTools.ts");
const result = SearchProviderCatalogResponseSchema.safeParse({ providers: body.providers });
assert.ok(
result.success,
`Schema validation failed: ${(result as { error?: { message: string } }).error?.message ?? "unknown"}`
);
});
test("search-providers-catalog: fetch providers have configureHref set", async () => {
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const fetchProviders = body.providers.filter((p: { kind: string }) => p.kind === "fetch");
for (const item of fetchProviders) {
assert.equal(
item.configureHref,
"/dashboard/providers",
`fetch provider ${item.id} must have configureHref='/dashboard/providers'`
);
}
});
test("search-providers-catalog: perplexity-search uses credential fallback", async () => {
// perplexity-search can use perplexity (chat) credentials as fallback
// Seed the fallback provider "perplexity" (not "perplexity-search")
await seedActiveConnection("perplexity");
const req = await buildAuthRequest();
const res = await route.GET(req);
const body = await res.json();
const perplexity = body.providers.find((p: { id: string }) => p.id === "perplexity-search");
assert.ok(perplexity, "perplexity-search must be in response");
assert.equal(
perplexity.status,
"configured",
"perplexity-search should be 'configured' via fallback to perplexity credentials"
);
});