38 lines
1.6 KiB
TypeScript
38 lines
1.6 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
|
|
// POST /api/tools/agent-bridge/cert previously read request.json() and accessed
|
|
// raw.sudoPassword without any schema validation (failing the t06 route
|
|
// validation gate). It now validates the body with CertTrustBodySchema via
|
|
// safeParse. These tests pin that schema's contract so the route keeps both its
|
|
// validation gate compliance and its lenient fallback behavior.
|
|
|
|
const { CertTrustBodySchema } = await import(
|
|
"../../src/app/api/tools/agent-bridge/cert/route.ts"
|
|
);
|
|
|
|
test("accepts a body with a string sudoPassword", () => {
|
|
const parsed = CertTrustBodySchema.safeParse({ sudoPassword: "hunter2" });
|
|
assert.equal(parsed.success, true);
|
|
assert.equal(parsed.success && parsed.data.sudoPassword, "hunter2");
|
|
});
|
|
|
|
test("accepts an empty body (sudoPassword is optional, falls back to cached)", () => {
|
|
const parsed = CertTrustBodySchema.safeParse({});
|
|
assert.equal(parsed.success, true);
|
|
assert.equal(parsed.success && parsed.data.sudoPassword, undefined);
|
|
});
|
|
|
|
test("rejects a non-string sudoPassword instead of trusting raw input", () => {
|
|
const parsed = CertTrustBodySchema.safeParse({ sudoPassword: 12345 });
|
|
assert.equal(parsed.success, false);
|
|
});
|
|
|
|
test("ignores unrelated extra keys without throwing", () => {
|
|
const parsed = CertTrustBodySchema.safeParse({ sudoPassword: "x", extra: true });
|
|
assert.equal(parsed.success, true);
|
|
assert.equal(parsed.success && parsed.data.sudoPassword, "x");
|
|
// Zod strips unknown keys by default
|
|
assert.equal(parsed.success && "extra" in parsed.data, false);
|
|
});
|