janpeter/Scrum4Me
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
Scrum4Me/__tests__/api/pair-stream.test.ts
Madhura68 2a0c6a512d feat(ST-1004): add SSE /api/auth/pair/stream with cookie auth 
GET /api/auth/pair/stream/[pairingId]:
- runtime: 'nodejs', maxDuration: 300, dynamic: 'force-dynamic'
- Auth via s4m_pair HttpOnly cookie (readPairCookie + verifyToken tegen
  desktop_token_hash); 401 zonder cookie of bij hash-mismatch, 404 als pairing
  onbekend, 410 als verlopen — geen geheim materiaal in URL of querystring
- Hergebruikt LISTEN/NOTIFY-pattern uit app/api/realtime/solo/route.ts:
  ReadableStream + dedicated pg.Client + heartbeat 25s + hard-close 240s
- Channel: scrum4me_pairing; filter notifies op pairing_id-match
- Initial 'state'-event direct na connect met huidige status (voorkomt race
  waarbij approve net vóór SSE-open landt — desktop ziet 'm alsnog)
- Auto-close zodra status consumed/cancelled binnenkomt
- Fallback DIRECT_URL → DATABASE_URL (de eerste staat lokaal op een placeholder)

Tests __tests__/api/pair-stream.test.ts (4 cases — auth-paden):
- 401 zonder cookie (en geen DB-call gedaan)
- 404 op onbekende pairingId
- 410 op verlopen pairing
- 401 op cookie/hash-mismatch

Full-stream-test (LISTEN+notify-roundtrip) is een handmatige acceptatietest in
ST-1008 — niet zinvol te mocken voor v1.

Quality gates: lint 0 errors, tsc clean, vitest 121/121.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 22:42:07 +02:00

84 lines
2.7 KiB
TypeScript
Raw Blame History

import { describe, it, expect, vi, beforeEach } from 'vitest'
// Mock the cookie helper directly — easier than mocking next/headers + reasoning
// over the cookies() async wrapper. The actual cookie wiring is tested in
// pair-start.test.ts.
const { mockReadPairCookie } = vi.hoisted(() => ({
mockReadPairCookie: vi.fn(),
}))
vi.mock('@/lib/auth/pair-cookie', () => ({
readPairCookie: mockReadPairCookie,
setPairCookie: vi.fn(),
clearPairCookie: vi.fn(),
}))
vi.mock('@/lib/prisma', () => ({
prisma: {
loginPairing: {
findUnique: vi.fn(),
},
},
}))
import { prisma } from '@/lib/prisma'
import { hashToken } from '@/lib/auth/pairing'
import type { NextRequest } from 'next/server'
import { GET } from '@/app/api/auth/pair/stream/[pairingId]/route'
const mockPrisma = prisma as unknown as {
loginPairing: { findUnique: ReturnType<typeof vi.fn> }
}
function makeReq(): NextRequest {
// Minimaal NextRequest-shape voor de auth-paden — we komen niet aan signal/url toe
// omdat de auth-checks vóór de stream-setup falen.
return { signal: new AbortController().signal } as unknown as NextRequest
}
const params = (id: string) =>
({ params: Promise.resolve({ pairingId: id }) }) as { params: Promise<{ pairingId: string }> }
beforeEach(() => {
vi.clearAllMocks()
})
describe('GET /api/auth/pair/stream/[pairingId]', () => {
it('401 zonder s4m_pair-cookie', async () => {
mockReadPairCookie.mockResolvedValue(null)
const res = await GET(makeReq(), params('pair-x'))
expect(res.status).toBe(401)
const body = await res.json()
expect(body.error).toMatch(/cookie/i)
expect(mockPrisma.loginPairing.findUnique).not.toHaveBeenCalled()
})
it('404 als pairing onbekend is', async () => {
mockReadPairCookie.mockResolvedValue('whatever-token')
mockPrisma.loginPairing.findUnique.mockResolvedValue(null)
const res = await GET(makeReq(), params('pair-onbekend'))
expect(res.status).toBe(404)
})
it('410 als pairing verlopen is', async () => {
mockReadPairCookie.mockResolvedValue('correct-token')
mockPrisma.loginPairing.findUnique.mockResolvedValue({
desktop_token_hash: hashToken('correct-token'),
status: 'pending',
expires_at: new Date(Date.now() - 1000),
})
const res = await GET(makeReq(), params('pair-verlopen'))
expect(res.status).toBe(410)
})
it('401 als cookie hashed naar andere desktop_token_hash', async () => {
mockReadPairCookie.mockResolvedValue('verkeerd-token')
mockPrisma.loginPairing.findUnique.mockResolvedValue({
desktop_token_hash: hashToken('echt-token'),
status: 'pending',
expires_at: new Date(Date.now() + 60_000),
})
const res = await GET(makeReq(), params('pair-mismatch'))
expect(res.status).toBe(401)
})
})
Reference in a new issue View git blame Copy permalink