111 lines
4.0 KiB
TypeScript
111 lines
4.0 KiB
TypeScript
import { test } from "node:test";
|
|
import assert from "node:assert";
|
|
import { POST } from "../../src/app/api/v1/embeddings/route";
|
|
import { extractApiKey, isValidApiKey } from "../../src/sse/services/auth";
|
|
|
|
test("extractApiKey", async (t) => {
|
|
await t.test("should extract bearer token", async () => {
|
|
const req = new Request("http://localhost", {
|
|
headers: { Authorization: "Bearer my-token" },
|
|
});
|
|
assert.strictEqual(extractApiKey(req), "my-token");
|
|
});
|
|
|
|
await t.test("should return null if no authorization header", async () => {
|
|
const req = new Request("http://localhost");
|
|
assert.strictEqual(extractApiKey(req), null);
|
|
});
|
|
|
|
await t.test("should return null if header is not bearer", async () => {
|
|
const req = new Request("http://localhost", {
|
|
headers: { Authorization: "NotBearer my-token" },
|
|
});
|
|
assert.strictEqual(extractApiKey(req), null);
|
|
});
|
|
|
|
await t.test("should return null if header is just 'Bearer '", async () => {
|
|
const req = new Request("http://localhost", {
|
|
headers: { Authorization: "Bearer " },
|
|
});
|
|
assert.strictEqual(extractApiKey(req), null);
|
|
});
|
|
});
|
|
|
|
test("isValidApiKey", async (t) => {
|
|
const originalEnv = process.env.OMNIROUTE_API_KEY;
|
|
|
|
await t.test("should return true if key matches OMNIROUTE_API_KEY", async () => {
|
|
process.env.OMNIROUTE_API_KEY = "test-key";
|
|
assert.strictEqual(await isValidApiKey("test-key"), true);
|
|
delete process.env.OMNIROUTE_API_KEY;
|
|
});
|
|
|
|
await t.test("should return false for unknown key (when not in env)", async () => {
|
|
// We assume validateApiKey will return false for a dummy key if the DB is empty.
|
|
assert.strictEqual(await isValidApiKey("non-existent-key"), false);
|
|
});
|
|
|
|
// Restore original env in case of failure
|
|
process.env.OMNIROUTE_API_KEY = originalEnv;
|
|
});
|
|
|
|
test("POST /v1/embeddings authentication", async (t) => {
|
|
const originalRequireApiKey = process.env.REQUIRE_API_KEY;
|
|
const originalOmniKey = process.env.OMNIROUTE_API_KEY;
|
|
|
|
await t.test("should return 401 when an invalid API key is provided", async () => {
|
|
process.env.OMNIROUTE_API_KEY = "valid-key";
|
|
const req = new Request("http://localhost/v1/embeddings", {
|
|
method: "POST",
|
|
headers: { Authorization: "Bearer invalid-key" },
|
|
body: JSON.stringify({ model: "mistral/mistral-embed", input: "test" }),
|
|
});
|
|
const res = await POST(req);
|
|
assert.strictEqual(res.status, 401);
|
|
delete process.env.OMNIROUTE_API_KEY;
|
|
});
|
|
|
|
await t.test(
|
|
"should return 401 when no API key is provided and REQUIRE_API_KEY is true",
|
|
async () => {
|
|
process.env.REQUIRE_API_KEY = "true";
|
|
const req = new Request("http://localhost/v1/embeddings", {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/json" },
|
|
body: JSON.stringify({ model: "mistral/mistral-embed", input: "test" }),
|
|
});
|
|
const res = await POST(req);
|
|
assert.strictEqual(res.status, 401);
|
|
delete process.env.REQUIRE_API_KEY;
|
|
}
|
|
);
|
|
|
|
await t.test("should NOT return 401 when a valid API key is provided", async () => {
|
|
process.env.OMNIROUTE_API_KEY = "valid-key";
|
|
const originalFetch = globalThis.fetch;
|
|
globalThis.fetch = async () => new Response(JSON.stringify({ data: [] }), { status: 200 });
|
|
|
|
try {
|
|
const req = new Request("http://localhost/v1/embeddings", {
|
|
method: "POST",
|
|
headers: {
|
|
Authorization: "Bearer valid-key",
|
|
"Content-Type": "application/json",
|
|
},
|
|
body: JSON.stringify({ model: "mistral/mistral-embed", input: "test" }),
|
|
});
|
|
const res = await POST(req);
|
|
const body = await res.text();
|
|
// It might be 400, 404, etc. because of downstream failure, but NOT 401.
|
|
assert.notStrictEqual(res.status, 401, "Should not be 401 Unauthorized");
|
|
} finally {
|
|
globalThis.fetch = originalFetch;
|
|
delete process.env.OMNIROUTE_API_KEY;
|
|
}
|
|
});
|
|
|
|
// Restore original env in case of failure
|
|
process.env.REQUIRE_API_KEY = originalRequireApiKey;
|
|
process.env.OMNIROUTE_API_KEY = originalOmniKey;
|
|
});
|