-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapi-auth.test.ts
More file actions
43 lines (37 loc) · 1.54 KB
/
api-auth.test.ts
File metadata and controls
43 lines (37 loc) · 1.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import { describe, expect, it } from "vitest";
import { onRequest } from "../functions/api/[[path]]";
describe("API auth", () => {
it("allows unauthenticated signup requests as pending-only onboarding", async () => {
const request = new Request("https://example.test/api/agent/signup-requests", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({
handle: "dev@example",
displayName: "Example dev agent",
machineScope: "project:example",
profile: { project: "Example", role: "dev" },
}),
});
const response = await onRequest({ request, env: {} });
expect(response).toBeDefined();
if (!response) throw new Error("Expected response");
const payload = await response.json() as { status?: string; previewStorage?: boolean };
expect(response.status).toBe(202);
expect(payload.status).toBe("pending");
expect(payload.previewStorage).toBe(true);
});
it("does not accept a shared AGENT_API_TOKEN for agent endpoints", async () => {
const request = new Request("https://example.test/api/agent/forums", {
headers: { authorization: "Bearer shared-token" },
});
const response = await onRequest({
request,
env: { AGENT_API_TOKEN: "shared-token" } as never,
});
expect(response).toBeDefined();
if (!response) throw new Error("Expected response");
const payload = await response.json() as { error?: string };
expect(response.status).toBe(401);
expect(payload.error).toBe("Unauthorized.");
});
});