Files
emdash-cms--emdash/packages/core/tests/unit/api/registry-access-integrity.test.ts
wehub-resource-sync b3a7f98e5a
CI / E2E Cloudflare (4/8) (push) Failing after 0s
CI / E2E Cloudflare (8/8) (push) Failing after 1s
CI / Lint (push) Failing after 1s
Auto Extract / Extract (push) Failing after 4s
CI / Version Check (push) Failing after 9s
CI / Integration Tests (push) Failing after 1s
CI / E2E tests (1/8) (push) Failing after 1s
CI / E2E tests (2/8) (push) Failing after 2s
CI / E2E tests (3/8) (push) Failing after 2s
CI / Browser Tests (push) Failing after 1s
CI / E2E tests (5/8) (push) Failing after 1s
CI / E2E Cloudflare (2/8) (push) Failing after 2s
CI / Typecheck (push) Failing after 1s
CI / Changeset Validation (push) Failing after 2s
CI / E2E Cloudflare (5/8) (push) Failing after 1s
CI / E2E Cloudflare (6/8) (push) Failing after 1s
CI / E2E Cloudflare (7/8) (push) Failing after 1s
CodeQL / Analyze (javascript-typescript) (push) Failing after 1s
Format / Format (push) Failing after 0s
CodeQL / Analyze (actions) (push) Failing after 4s
CI / E2E tests (4/8) (push) Failing after 1s
CI / E2E tests (6/8) (push) Failing after 1s
CI / E2E tests (7/8) (push) Failing after 2s
CI / E2E tests (8/8) (push) Failing after 1s
CI / E2E Cloudflare (1/8) (push) Failing after 1s
CI / E2E Cloudflare (3/8) (push) Failing after 2s
Preview Releases / Publish Preview (push) Failing after 0s
zizmor / Run zizmor (push) Failing after 1s
Release / Release (push) Failing after 2s
CI / Smoke Tests (push) Failing after 5m36s
CI / Tests (push) Failing after 6m36s
Release / Sync Templates (push) Has been skipped
CI / E2E Tests (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:23:53 +08:00

50 lines
2.3 KiB
TypeScript

import type { DeclaredAccess } from "@emdash-cms/plugin-types";
import { describe, expect, it } from "vitest";
import { enforcedAccessEqual } from "../../../src/api/handlers/registry.js";
// The install consent gate compares capability STRING SETS, which discard
// `allowedHosts`: a record advertising one host scope and a bundle enforcing
// another both reduce to `["network:request"]` and would slip through.
// `enforcedAccessEqual` compares the full enforced access -- capabilities AND
// host scope -- of the signed record against the bundle that will run.
describe("enforcedAccessEqual (record vs bundle integrity)", () => {
it("treats identical declaredAccess as equal", () => {
const a: DeclaredAccess = {
content: { read: {} },
network: { request: { allowedHosts: ["api.good.com"] } },
email: { transport: {} },
};
expect(enforcedAccessEqual(a, structuredClone(a))).toBe(true);
});
it("rejects a bundle whose network host scope differs from the record", () => {
const record: DeclaredAccess = { network: { request: { allowedHosts: ["api.good.com"] } } };
const bundle: DeclaredAccess = { network: { request: { allowedHosts: ["evil.com"] } } };
// Both reduce to the same capability set -- the string-set gate would pass.
expect(enforcedAccessEqual(record, bundle)).toBe(false);
});
it("rejects host scope widening (restricted record, unrestricted bundle)", () => {
const record: DeclaredAccess = { network: { request: { allowedHosts: ["api.good.com"] } } };
const bundle: DeclaredAccess = { network: { request: {} } };
expect(enforcedAccessEqual(record, bundle)).toBe(false);
});
it("rejects an extra capability in the bundle", () => {
const record: DeclaredAccess = { content: { read: {} } };
const bundle: DeclaredAccess = { content: { read: {}, write: {} } };
expect(enforcedAccessEqual(record, bundle)).toBe(false);
});
it("rejects a record with no access against a capability-bearing bundle", () => {
expect(enforcedAccessEqual({}, { email: { transport: {} } })).toBe(false);
});
it("is insensitive to host-list ordering (same scope, different order)", () => {
const a: DeclaredAccess = { network: { request: { allowedHosts: ["a.com", "b.com"] } } };
const b: DeclaredAccess = { network: { request: { allowedHosts: ["b.com", "a.com"] } } };
expect(enforcedAccessEqual(a, b)).toBe(true);
});
});