Add server, routes, views, CLI, CSS, and integration tests

- Server factory with Fastify plugins (JWT, cookie, multipart, formbody, static) - Auth middleware: requireAuth preHandler (401 for API, redirect for pages) - Auth API routes: POST /api/v1/auth/login, POST /api/v1/auth/logout - File API routes: GET/POST /api/v1/files, DELETE /api/v1/files/:id - Page routes: /, /login, /logout, /upload, /files, /files/:id/delete, /f/:id, /f/:id/raw - HTML views: layout, login, upload, file-list, file-view, not-found - CLI register-user script - public/style.css dark theme - Test helpers: createTestApp, loginAs, buildMultipart - Integration tests for auth API, file API, and page routes (51 tests passing) - Update CLAUDE.md with red/green TDD and commit instructions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-03 15:55:14 -08:00
parent 157d1e8230
commit 8fd1464b9d
19 changed files with 1180 additions and 1 deletions
--- a/tests/integration/files-api.test.ts
+++ b/tests/integration/files-api.test.ts
@@ -0,0 +1,120 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { createTestApp, type TestContext, loginAs, buildMultipart } from '../helpers/setup.ts';
+import { createUser } from '../../src/db/users.ts';
+import { hashPassword } from '../../src/services/auth.ts';
+
+describe('GET /api/v1/files', () => {
+  let ctx: TestContext;
+  let token: string;
+
+  beforeEach(async () => {
+    ctx = createTestApp();
+    const hash = await hashPassword('secret');
+    createUser(ctx.db, { username: 'alice', passwordHash: hash });
+    token = await loginAs(ctx.app, 'alice', 'secret');
+  });
+
+  afterEach(async () => {
+    await ctx.app.close();
+    ctx.cleanup();
+  });
+
+  it('returns empty list for new user', async () => {
+    const res = await ctx.app.inject({
+      method: 'GET',
+      url: '/api/v1/files',
+      cookies: { token },
+    });
+    expect(res.statusCode).toBe(200);
+    expect(res.json().files).toEqual([]);
+  });
+
+  it('returns 401 without auth', async () => {
+    const res = await ctx.app.inject({ method: 'GET', url: '/api/v1/files' });
+    expect(res.statusCode).toBe(401);
+  });
+});
+
+describe('POST /api/v1/files', () => {
+  let ctx: TestContext;
+  let token: string;
+
+  beforeEach(async () => {
+    ctx = createTestApp();
+    const hash = await hashPassword('secret');
+    createUser(ctx.db, { username: 'alice', passwordHash: hash });
+    token = await loginAs(ctx.app, 'alice', 'secret');
+  });
+
+  afterEach(async () => {
+    await ctx.app.close();
+    ctx.cleanup();
+  });
+
+  it('uploads a file and returns url', async () => {
+    const res = await ctx.app.inject({
+      method: 'POST',
+      url: '/api/v1/files',
+      cookies: { token },
+      ...buildMultipart({ file: { filename: 'test.txt', contentType: 'text/plain', data: Buffer.from('hello') } }),
+    });
+    expect(res.statusCode).toBe(201);
+    const body = res.json();
+    expect(body.url).toMatch(/\/f\//);
+    expect(body.file.original_name).toBe('test.txt');
+  });
+
+  it('returns 401 without auth', async () => {
+    const res = await ctx.app.inject({ method: 'POST', url: '/api/v1/files' });
+    expect(res.statusCode).toBe(401);
+  });
+});
+
+describe('DELETE /api/v1/files/:id', () => {
+  let ctx: TestContext;
+  let token: string;
+  let fileId: string;
+
+  beforeEach(async () => {
+    ctx = createTestApp();
+    const hash = await hashPassword('secret');
+    createUser(ctx.db, { username: 'alice', passwordHash: hash });
+    token = await loginAs(ctx.app, 'alice', 'secret');
+
+    const uploadRes = await ctx.app.inject({
+      method: 'POST',
+      url: '/api/v1/files',
+      cookies: { token },
+      ...buildMultipart({ file: { filename: 'f.txt', contentType: 'text/plain', data: Buffer.from('data') } }),
+    });
+    fileId = uploadRes.json().file.id;
+  });
+
+  afterEach(async () => {
+    await ctx.app.close();
+    ctx.cleanup();
+  });
+
+  it('deletes an owned file', async () => {
+    const res = await ctx.app.inject({
+      method: 'DELETE',
+      url: `/api/v1/files/${fileId}`,
+      cookies: { token },
+    });
+    expect(res.statusCode).toBe(200);
+  });
+
+  it('returns 404 for non-existent file', async () => {
+    const res = await ctx.app.inject({
+      method: 'DELETE',
+      url: '/api/v1/files/doesnotexist',
+      cookies: { token },
+    });
+    expect(res.statusCode).toBe(404);
+  });
+
+  it('returns 401 without auth', async () => {
+    const res = await ctx.app.inject({ method: 'DELETE', url: `/api/v1/files/${fileId}` });
+    expect(res.statusCode).toBe(401);
+  });
+});