79 lines
2.7 KiB
TypeScript
79 lines
2.7 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
import { SignJWT } from "jose";
|
|
|
|
const keysRoute = await import("../../src/app/api/keys/route.ts");
|
|
const cliToolsKeysRoute = await import("../../src/app/api/cli-tools/keys/route.ts");
|
|
const { createApiKey, deleteApiKey } = await import("../../src/lib/db/apiKeys.ts");
|
|
|
|
const originalJwtSecret = process.env.JWT_SECRET;
|
|
const originalApiKeySecret = process.env.API_KEY_SECRET;
|
|
|
|
async function createAuthCookie() {
|
|
process.env.JWT_SECRET = "test-cli-tools-keys-secret";
|
|
const secret = new TextEncoder().encode(process.env.JWT_SECRET);
|
|
const token = await new SignJWT({ sub: "test-user" })
|
|
.setProtectedHeader({ alg: "HS256" })
|
|
.setIssuedAt()
|
|
.setExpirationTime("1h")
|
|
.sign(secret);
|
|
|
|
return `auth_token=${token}`;
|
|
}
|
|
|
|
test.afterEach(() => {
|
|
if (originalJwtSecret === undefined) delete process.env.JWT_SECRET;
|
|
else process.env.JWT_SECRET = originalJwtSecret;
|
|
if (originalApiKeySecret === undefined) delete process.env.API_KEY_SECRET;
|
|
else process.env.API_KEY_SECRET = originalApiKeySecret;
|
|
});
|
|
|
|
test("CLI tools key list can return unmasked keys for authenticated internal consumers", async () => {
|
|
process.env.API_KEY_SECRET = "test-api-key-secret";
|
|
const created = await createApiKey("CLI Tools Test Key", "test-machine-cli-tools");
|
|
|
|
try {
|
|
const cookie = await createAuthCookie();
|
|
const request = new Request("http://localhost/api/cli-tools/keys", {
|
|
headers: {
|
|
cookie,
|
|
},
|
|
});
|
|
|
|
const response = await cliToolsKeysRoute.GET(request);
|
|
assert.equal(response.status, 200);
|
|
const payload = await response.json();
|
|
const key = payload.keys.find((entry) => entry.id === created.id);
|
|
|
|
assert.ok(key, "created key should be present");
|
|
assert.notEqual(key.key, created.key);
|
|
assert.match(key.key, /^.{8}\*\*\*\*.*$/);
|
|
assert.equal(key.rawKey, created.key);
|
|
} finally {
|
|
await deleteApiKey(created.id);
|
|
}
|
|
});
|
|
|
|
test("general keys route stays masked for non-CLI consumers", async () => {
|
|
process.env.API_KEY_SECRET = "test-api-key-secret";
|
|
const created = await createApiKey("Masked Key Test", "test-machine-masked");
|
|
|
|
try {
|
|
const cookie = await createAuthCookie();
|
|
const request = new Request("http://localhost/api/keys", {
|
|
headers: { cookie },
|
|
});
|
|
|
|
const response = await keysRoute.GET(request);
|
|
assert.equal(response.status, 200);
|
|
const payload = await response.json();
|
|
const key = payload.keys.find((entry) => entry.id === created.id);
|
|
|
|
assert.ok(key, "created key should be present");
|
|
assert.notEqual(key.key, created.key);
|
|
assert.match(key.key, /^.{8}\*\*\*\*.*$/);
|
|
} finally {
|
|
await deleteApiKey(created.id);
|
|
}
|
|
});
|