fix: add test for app origin url format

spaenleh · spaenleh · commit f29f969c034b · 2025-06-16T11:04:24.000Z
diff --git a/src/config/env.ts b/src/config/env.ts
@@ -7,7 +7,7 @@ const Environment = {
   test: 'test',
 } as const;
 
-export const NODE_ENV: string | undefined = process.env.NODE_ENV;
+export const NODE_ENV = process.env.NODE_ENV ?? Environment.development;
 
 const once = (fn) => {
   let called = false;
diff --git a/src/services/item/plugins/app/app.controller.test.ts b/src/services/item/plugins/app/app.controller.test.ts
@@ -1,4 +1,5 @@
 import { faker } from '@faker-js/faker';
+import { eq } from 'drizzle-orm';
 import { StatusCodes } from 'http-status-codes';
 import { v4 } from 'uuid';
 
@@ -13,6 +14,7 @@ import build, {
 } from '../../../../../test/app';
 import { seedFromJson } from '../../../../../test/mocks/seed';
 import { db } from '../../../../drizzle/db';
+import { appsTable } from '../../../../drizzle/schema';
 import type { AccountRaw, AppRaw, ItemWithCreator } from '../../../../drizzle/types';
 import { assertIsDefined } from '../../../../utils/assertions';
 import { APP_ITEMS_PREFIX } from '../../../../utils/config';
@@ -112,6 +114,27 @@ describe('Apps Plugin Tests', () => {
         });
         expect(response.json().token).toBeTruthy();
       });
+
+      it('validation of payload', async () => {
+        // remove apps that have been registered with this URL
+        const url = 'http://localhost:3333';
+        await db.delete(appsTable).where(eq(appsTable.url, url));
+        const { apps } = await seedFromJson({ apps: [{ url }] });
+        const chosenApp = apps[0];
+        const {
+          items: [item],
+        } = await seedFromJson({
+          items: [{ isPublic: true, type: ItemType.APP, extra: { app: { url: chosenApp.url } } }],
+        });
+
+        const response = await app.inject({
+          method: HttpMethod.Post,
+          url: `${APP_ITEMS_PREFIX}/${item.id}/api-access-token`,
+          payload: { origin: chosenApp.url, key: chosenApp.key },
+        });
+        expect(response.statusCode).toEqual(StatusCodes.OK);
+        expect(response.json().token).toBeTruthy();
+      });
     });
 
     describe('Signed In', () => {
diff --git a/src/services/item/plugins/app/app.schemas.ts b/src/services/item/plugins/app/app.schemas.ts
@@ -20,7 +20,7 @@ export const generateToken = {
   }),
   body: customType.StrictObject({
     key: customType.UUID(),
-    origin: Type.String({ format: 'url' }),
+    origin: Type.String({ format: 'url' }), // should be `uri` for http://localhost:3333 to be valid
   }),
   response: {
     [StatusCodes.OK]: Type.Object({ token: Type.String() }),
