90 lines
2.5 KiB
TypeScript
90 lines
2.5 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
|
|
import {
|
|
formatRuntimeEnvValidationErrors,
|
|
getWebRuntimeEnv,
|
|
validateWebRuntimeEnv,
|
|
} from "../../src/lib/env/runtimeEnv.ts";
|
|
|
|
function buildEnv(overrides = {}) {
|
|
return {
|
|
NODE_ENV: "test",
|
|
DATA_DIR: "/tmp/omniroute-test",
|
|
JWT_SECRET: "j".repeat(48),
|
|
API_KEY_SECRET: "k".repeat(32),
|
|
AUTH_COOKIE_SECURE: "true",
|
|
REQUIRE_API_KEY: "false",
|
|
PRICING_SYNC_ENABLED: "false",
|
|
OMNIROUTE_DISABLE_BACKGROUND_SERVICES: "false",
|
|
CLOUD_URL: "https://cloud.example",
|
|
NEXT_PUBLIC_CLOUD_URL: "https://public-cloud.example",
|
|
NEXT_PUBLIC_BASE_URL: "https://app.example",
|
|
OMNIROUTE_PORT: "20128",
|
|
API_PORT: "21128",
|
|
DASHBOARD_PORT: "22128",
|
|
...overrides,
|
|
};
|
|
}
|
|
|
|
test("validateWebRuntimeEnv accepts a valid runtime env payload", () => {
|
|
const result = validateWebRuntimeEnv(buildEnv());
|
|
|
|
assert.equal(result.valid, true);
|
|
assert.equal(result.errors.length, 0);
|
|
assert.equal(result.data.AUTH_COOKIE_SECURE, "true");
|
|
assert.equal(result.data.API_PORT, "21128");
|
|
});
|
|
|
|
test("validateWebRuntimeEnv rejects invalid boolean and port flags", () => {
|
|
const result = validateWebRuntimeEnv(
|
|
buildEnv({
|
|
AUTH_COOKIE_SECURE: "1",
|
|
API_PORT: "70000",
|
|
})
|
|
);
|
|
|
|
assert.equal(result.valid, false);
|
|
assert.ok(result.errors.some((error) => error.name === "AUTH_COOKIE_SECURE"));
|
|
assert.ok(result.errors.some((error) => error.name === "API_PORT"));
|
|
});
|
|
|
|
test("validateWebRuntimeEnv rejects malformed public URLs", () => {
|
|
const result = validateWebRuntimeEnv(
|
|
buildEnv({
|
|
NEXT_PUBLIC_CLOUD_URL: "cloud.example",
|
|
})
|
|
);
|
|
|
|
assert.equal(result.valid, false);
|
|
assert.ok(result.errors.some((error) => error.name === "NEXT_PUBLIC_CLOUD_URL"));
|
|
});
|
|
|
|
test("getWebRuntimeEnv throws sanitized messages without leaking secret values", () => {
|
|
const env = buildEnv({
|
|
API_KEY_SECRET: "short-secret",
|
|
});
|
|
|
|
assert.throws(
|
|
() => getWebRuntimeEnv(env),
|
|
(error: any) => {
|
|
assert.match(error.message, /API_KEY_SECRET/);
|
|
assert.doesNotMatch(error.message, /short-secret/);
|
|
return true;
|
|
}
|
|
);
|
|
});
|
|
|
|
test("formatRuntimeEnvValidationErrors preserves hints but never requires raw values", () => {
|
|
const message = formatRuntimeEnvValidationErrors([
|
|
{
|
|
name: "API_KEY_SECRET",
|
|
issue: 'Required environment variable "API_KEY_SECRET" is not set.',
|
|
hint: "Generate with: openssl rand -hex 32",
|
|
},
|
|
]);
|
|
|
|
assert.match(message, /API_KEY_SECRET/);
|
|
assert.match(message, /openssl rand -hex 32/);
|
|
});
|