86 lines
2.9 KiB
TypeScript
86 lines
2.9 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
import { cliMitmStartSchema } from "../../src/shared/validation/schemas.ts";
|
|
import { validateBody } from "../../src/shared/validation/helpers.ts";
|
|
import { resolveApiKey } from "../../src/shared/services/apiKeyResolver.ts";
|
|
|
|
test("cliMitmStartSchema accepts a non-empty string apiKey", () => {
|
|
const result = validateBody(cliMitmStartSchema, {
|
|
apiKey: "sk-test-key-value",
|
|
sudoPassword: "password123",
|
|
});
|
|
assert.equal(result.success, true);
|
|
if (result.success) {
|
|
assert.equal(result.data.apiKey, "sk-test-key-value");
|
|
assert.equal(result.data.sudoPassword, "password123");
|
|
}
|
|
});
|
|
|
|
test("cliMitmStartSchema accepts a null apiKey", () => {
|
|
const result = validateBody(cliMitmStartSchema, {
|
|
apiKey: null,
|
|
sudoPassword: "",
|
|
});
|
|
assert.equal(result.success, true);
|
|
if (result.success) {
|
|
assert.equal(result.data.apiKey, null);
|
|
assert.equal(result.data.sudoPassword, "");
|
|
}
|
|
});
|
|
|
|
test("cliMitmStartSchema accepts an omitted apiKey", () => {
|
|
const result = validateBody(cliMitmStartSchema, {
|
|
sudoPassword: "",
|
|
});
|
|
assert.equal(result.success, true);
|
|
if (result.success) {
|
|
assert.equal(result.data.apiKey, undefined);
|
|
}
|
|
});
|
|
|
|
test("cliMitmStartSchema accepts and parses keyId correctly", () => {
|
|
const result = validateBody(cliMitmStartSchema, {
|
|
keyId: "api-key-id-123",
|
|
sudoPassword: "password",
|
|
});
|
|
assert.equal(result.success, true);
|
|
if (result.success) {
|
|
assert.equal(result.data.keyId, "api-key-id-123");
|
|
assert.equal(result.data.apiKey, undefined);
|
|
}
|
|
});
|
|
|
|
test("cliMitmStartSchema accepts null keyId", () => {
|
|
const result = validateBody(cliMitmStartSchema, {
|
|
keyId: null,
|
|
sudoPassword: "",
|
|
});
|
|
assert.equal(result.success, true);
|
|
if (result.success) {
|
|
assert.equal(result.data.keyId, null);
|
|
}
|
|
});
|
|
|
|
// Regression test: null apiKey + unresolvable keyId must yield the sentinel 'sk_omniroute',
|
|
// which the route guard must reject with a 400 rather than letting it pass to startMitm.
|
|
test("resolveApiKey returns sentinel when apiKey is null and keyId is null", async () => {
|
|
const result = await resolveApiKey(null, null);
|
|
assert.equal(
|
|
result,
|
|
"sk_omniroute",
|
|
"resolveApiKey should return the sentinel when no real key is available"
|
|
);
|
|
});
|
|
|
|
test("sentinel guard condition catches sk_omniroute and null", () => {
|
|
const SENTINEL = "sk_omniroute";
|
|
// Simulate what the route guard checks: (!apiKey || apiKey === 'sk_omniroute')
|
|
const shouldReject = (apiKey: string | null | undefined): boolean =>
|
|
!apiKey || apiKey === SENTINEL;
|
|
|
|
assert.equal(shouldReject(null), true, "null apiKey must be rejected");
|
|
assert.equal(shouldReject(undefined), true, "undefined apiKey must be rejected");
|
|
assert.equal(shouldReject("sk_omniroute"), true, "sentinel must be rejected");
|
|
assert.equal(shouldReject("sk-real-key-abc"), false, "real key must be allowed");
|
|
});
|