Files
diegosouzapw--omniroute/tests/unit/cli-tools-keys-route.test.ts
2026-07-13 13:39:12 +08:00

79 lines
2.7 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
import { SignJWT } from "jose";
const keysRoute = await import("../../src/app/api/keys/route.ts");
const cliToolsKeysRoute = await import("../../src/app/api/cli-tools/keys/route.ts");
const { createApiKey, deleteApiKey } = await import("../../src/lib/db/apiKeys.ts");
const originalJwtSecret = process.env.JWT_SECRET;
const originalApiKeySecret = process.env.API_KEY_SECRET;
async function createAuthCookie() {
process.env.JWT_SECRET = "test-cli-tools-keys-secret";
const secret = new TextEncoder().encode(process.env.JWT_SECRET);
const token = await new SignJWT({ sub: "test-user" })
.setProtectedHeader({ alg: "HS256" })
.setIssuedAt()
.setExpirationTime("1h")
.sign(secret);
return `auth_token=${token}`;
}
test.afterEach(() => {
if (originalJwtSecret === undefined) delete process.env.JWT_SECRET;
else process.env.JWT_SECRET = originalJwtSecret;
if (originalApiKeySecret === undefined) delete process.env.API_KEY_SECRET;
else process.env.API_KEY_SECRET = originalApiKeySecret;
});
test("CLI tools key list can return unmasked keys for authenticated internal consumers", async () => {
process.env.API_KEY_SECRET = "test-api-key-secret";
const created = await createApiKey("CLI Tools Test Key", "test-machine-cli-tools");
try {
const cookie = await createAuthCookie();
const request = new Request("http://localhost/api/cli-tools/keys", {
headers: {
cookie,
},
});
const response = await cliToolsKeysRoute.GET(request);
assert.equal(response.status, 200);
const payload = await response.json();
const key = payload.keys.find((entry) => entry.id === created.id);
assert.ok(key, "created key should be present");
assert.notEqual(key.key, created.key);
assert.match(key.key, /^.{8}\*\*\*\*.*$/);
assert.equal(key.rawKey, created.key);
} finally {
await deleteApiKey(created.id);
}
});
test("general keys route stays masked for non-CLI consumers", async () => {
process.env.API_KEY_SECRET = "test-api-key-secret";
const created = await createApiKey("Masked Key Test", "test-machine-masked");
try {
const cookie = await createAuthCookie();
const request = new Request("http://localhost/api/keys", {
headers: { cookie },
});
const response = await keysRoute.GET(request);
assert.equal(response.status, 200);
const payload = await response.json();
const key = payload.keys.find((entry) => entry.id === created.id);
assert.ok(key, "created key should be present");
assert.notEqual(key.key, created.key);
assert.match(key.key, /^.{8}\*\*\*\*.*$/);
} finally {
await deleteApiKey(created.id);
}
});