Files
2026-07-13 13:39:12 +08:00

156 lines
5.8 KiB
TypeScript

import { describe, test, before, after } from "node:test";
import assert from "node:assert/strict";
import { mkdtempSync, rmSync } from "node:fs";
import { tmpdir } from "node:os";
import { join } from "node:path";
// Isolated DB + auth disabled so requireManagementAuth passes (no key configured).
let tmpDataDir: string;
let core: typeof import("@/lib/db/core");
let db: typeof import("@/lib/db/discoveryResults");
let resultsRoute: typeof import("@/app/api/discovery/results/route");
let resultByIdRoute: typeof import("@/app/api/discovery/results/[id]/route");
let scanRoute: typeof import("@/app/api/discovery/scan/route");
let verifyRoute: typeof import("@/app/api/discovery/verify/[id]/route");
function req(method: string, url: string, body?: unknown): Request {
return new Request(`http://localhost${url}`, {
method,
headers: { "content-type": "application/json" },
body: body === undefined ? undefined : JSON.stringify(body),
});
}
before(async () => {
tmpDataDir = mkdtempSync(join(tmpdir(), "omniroute-discovery-routes-"));
process.env.DATA_DIR = tmpDataDir;
delete process.env.REQUIRE_API_KEY;
process.env.OMNIROUTE_DISABLE_AUTH = "1";
core = await import("@/lib/db/core");
core.resetDbInstance();
core.getDbInstance();
db = await import("@/lib/db/discoveryResults");
resultsRoute = await import("@/app/api/discovery/results/route");
resultByIdRoute = await import("@/app/api/discovery/results/[id]/route");
scanRoute = await import("@/app/api/discovery/scan/route");
verifyRoute = await import("@/app/api/discovery/verify/[id]/route");
});
after(() => {
core.resetDbInstance();
if (tmpDataDir) rmSync(tmpDataDir, { recursive: true, force: true });
});
describe("discovery API routes", () => {
test("GET /results lists persisted findings (and filters by providerId)", async () => {
db.upsertDiscoveryResult({
providerId: "acme",
method: "free_tier",
authType: "none",
feasibility: 3,
riskLevel: "none",
status: "pending",
});
const res = await resultsRoute.GET(req("GET", "/api/discovery/results?providerId=acme"));
assert.equal(res.status, 200);
const body = await res.json();
assert.ok(Array.isArray(body.results));
assert.ok(body.results.some((r: { providerId: string }) => r.providerId === "acme"));
});
test("GET /results/:id returns the row, 404 when missing, 400 on bad id", async () => {
const created = db.upsertDiscoveryResult({
providerId: "beta",
method: "trial",
authType: "api_key",
feasibility: 2,
riskLevel: "low",
status: "pending",
});
const ok = await resultByIdRoute.GET(req("GET", `/api/discovery/results/${created.id}`), {
params: Promise.resolve({ id: String(created.id) }),
});
assert.equal(ok.status, 200);
const missing = await resultByIdRoute.GET(req("GET", "/api/discovery/results/999999"), {
params: Promise.resolve({ id: "999999" }),
});
assert.equal(missing.status, 404);
const bad = await resultByIdRoute.GET(req("GET", "/api/discovery/results/abc"), {
params: Promise.resolve({ id: "abc" }),
});
assert.equal(bad.status, 400);
});
test("POST /scan persists findings; rejects an empty providerId with 400", async () => {
const res = await scanRoute.POST(req("POST", "/api/discovery/scan", { providerId: "gamma" }));
assert.equal(res.status, 200);
const body = await res.json();
assert.ok(Array.isArray(body.results) && body.results.length > 0);
assert.ok(body.results[0].id > 0);
// the persisted row is now queryable
assert.ok(db.getDiscoveryResults("gamma").length > 0);
const invalid = await scanRoute.POST(req("POST", "/api/discovery/scan", { providerId: "" }));
assert.equal(invalid.status, 400);
const malformed = new Request("http://localhost/api/discovery/scan", {
method: "POST",
headers: { "content-type": "application/json" },
body: "{not json",
});
const malformedRes = await scanRoute.POST(malformed);
assert.equal(malformedRes.status, 400);
});
test("POST /verify/:id marks verified, 404 when missing", async () => {
const created = db.upsertDiscoveryResult({
providerId: "delta",
method: "public_api",
authType: "api_key",
feasibility: 5,
riskLevel: "none",
status: "pending",
});
const res = await verifyRoute.POST(req("POST", `/api/discovery/verify/${created.id}`), {
params: Promise.resolve({ id: String(created.id) }),
});
assert.equal(res.status, 200);
const body = await res.json();
assert.equal(body.result.status, "verified");
const missing = await verifyRoute.POST(req("POST", "/api/discovery/verify/999999"), {
params: Promise.resolve({ id: "999999" }),
});
assert.equal(missing.status, 404);
});
test("DELETE /results/:id removes the row, 404 on second delete", async () => {
const created = db.upsertDiscoveryResult({
providerId: "epsilon",
method: "free_tier",
authType: "none",
feasibility: 1,
riskLevel: "none",
status: "pending",
});
const first = await resultByIdRoute.DELETE(req("DELETE", `/api/discovery/results/${created.id}`), {
params: Promise.resolve({ id: String(created.id) }),
});
assert.equal(first.status, 200);
const second = await resultByIdRoute.DELETE(req("DELETE", `/api/discovery/results/${created.id}`), {
params: Promise.resolve({ id: String(created.id) }),
});
assert.equal(second.status, 404);
});
test("error responses do not leak stack traces", async () => {
const missing = await resultByIdRoute.GET(req("GET", "/api/discovery/results/424242"), {
params: Promise.resolve({ id: "424242" }),
});
const body = await missing.json();
assert.ok(!String(body.error?.message ?? "").includes("at /"));
});
});