Files
2026-07-13 13:32:57 +08:00

60 lines
1.9 KiB
TypeScript

import type { PrismaClient } from "@trigger.dev/database";
import { createCipheriv, createHash, randomBytes } from "node:crypto";
// Must match ENCRYPTION_KEY in internal-packages/testcontainers/src/webapp.ts
const ENCRYPTION_KEY = "test-encryption-key-for-e2e!!!!!";
function hashToken(token: string): string {
return createHash("sha256").update(token).digest("hex");
}
function encryptToken(value: string, key: string) {
const nonce = randomBytes(12);
const cipher = createCipheriv("aes-256-gcm", key, nonce);
let encrypted = cipher.update(value, "utf8", "hex");
encrypted += cipher.final("hex");
return {
nonce: nonce.toString("hex"),
ciphertext: encrypted,
tag: cipher.getAuthTag().toString("hex"),
};
}
function obfuscate(token: string): string {
return `${token.slice(0, 11)}${"•".repeat(20)}${token.slice(-4)}`;
}
export async function seedTestUser(prisma: PrismaClient, overrides?: { admin?: boolean }) {
const suffix = randomBytes(6).toString("hex");
return prisma.user.create({
data: {
email: `pat-user-${suffix}@test.local`,
authenticationMethod: "MAGIC_LINK",
admin: overrides?.admin ?? false,
},
});
}
// Seeds a PersonalAccessToken row using the same hashing/encryption scheme as
// webapp's services/personalAccessToken.server.ts so the webapp subprocess can
// authenticate against it.
export async function seedTestPAT(
prisma: PrismaClient,
userId: string,
opts: { revoked?: boolean } = {}
): Promise<{ token: string; id: string }> {
const token = `tr_pat_${randomBytes(20).toString("hex")}`;
const encrypted = encryptToken(token, ENCRYPTION_KEY);
const row = await prisma.personalAccessToken.create({
data: {
name: "e2e-test-pat",
userId,
encryptedToken: encrypted,
hashedToken: hashToken(token),
obfuscatedToken: obfuscate(token),
revokedAt: opts.revoked ? new Date() : null,
},
});
return { token, id: row.id };
}