arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/apps/admin/worker/index.test.ts
Arthur Belleville 657ebc44b9
chore(admin): align domain and deploy command
2026-04-24 16:22:51 +02:00

88 lines
2.7 KiB
TypeScript
Raw Blame History

// @vitest-environment node
import { beforeEach, describe, expect, it, vi } from "vitest";
import worker, {
ADMIN_APP_SESSION_COOKIE,
buildAccessDeniedHtml,
createSignedAdminAppSession,
} from "./index";
const env = {
ADMIN_APP_ACCESS_TOKEN: "super-secret-admin-app-token",
ADMIN_APP_SESSION_SECRET: "worker-session-secret",
ASSETS: {
fetch: vi.fn(async () => new Response("<html>app</html>", { status: 200 })),
},
};
describe("admin worker firewall", () => {
beforeEach(() => {
vi.clearAllMocks();
});
it("serves the admin access gate when no session cookie is present", async () => {
const response = await worker.fetch(
new Request("https://admin-panel.xtablo.com/", {
headers: {
accept: "text/html",
},
}),
env
);
expect(response.status).toBe(401);
await expect(response.text()).resolves.toContain("Internal Admin Access");
});
it("creates a signed app session cookie from a valid access token", async () => {
const request = new Request("https://admin-panel.xtablo.com/__admin/access", {
body: new URLSearchParams({ accessToken: env.ADMIN_APP_ACCESS_TOKEN }),
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
});
const response = await worker.fetch(request, env);
expect(response.status).toBe(302);
expect(response.headers.get("location")).toBe("https://admin-panel.xtablo.com/");
expect(response.headers.get("set-cookie")).toContain(`${ADMIN_APP_SESSION_COOKIE}=`);
});
it("allows authenticated requests through to static assets", async () => {
const session = await createSignedAdminAppSession(env.ADMIN_APP_SESSION_SECRET);
const request = new Request("https://admin-panel.xtablo.com/", {
headers: {
cookie: `${ADMIN_APP_SESSION_COOKIE}=${session}`,
},
});
const response = await worker.fetch(request, env);
expect(response.status).toBe(200);
expect(env.ASSETS.fetch).toHaveBeenCalledOnce();
});
it("rejects invalid access tokens", async () => {
const request = new Request("https://admin-panel.xtablo.com/__admin/access", {
body: new URLSearchParams({ accessToken: "wrong-token" }),
headers: {
accept: "text/html",
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
});
const response = await worker.fetch(request, env);
expect(response.status).toBe(401);
await expect(response.text()).resolves.toContain("Invalid app access token");
});
});
describe("buildAccessDeniedHtml", () => {
it("renders the access error when provided", () => {
expect(buildAccessDeniedHtml("Bad token")).toContain("Bad token");
});
});
Reference in a new issue View git blame Copy permalink