Brendan Chen
623a3374cf
Flips SESSION_COOKIE_NAME from 'token' to 'nanodrop_session' per the
family per-app naming convention (<app>_session). fastify-jwt's
cookieName in server.ts is now sourced from the constant so a future
rename only needs to touch constants.ts.
Hard-cut migration with no dual-cookie shim: the existing 'token'
cookie has no Max-Age so it dies on browser close anyway, and this
is a single-user deployment per CLAUDE.md. Users re-log in once
after deploy.
Test files updated mechanically: cookies: { token } → cookies: {
nanodrop_session: token } (variable name 'token' kept locally),
clearCookie regex updated, login response now also asserts
Max-Age=2592000 from the family TTL.
121 lines
3.5 KiB
TypeScript
121 lines
3.5 KiB
TypeScript
import { describe, it, expect, beforeEach, afterEach } from 'vitest';
|
|
import { createTestApp, type TestContext, loginAs, buildMultipart } from '../helpers/setup.ts';
|
|
import { createUser } from '../../src/db/users.ts';
|
|
import { hashPassword } from '../../src/services/auth.ts';
|
|
|
|
describe('GET /api/v1/files', () => {
|
|
let ctx: TestContext;
|
|
let token: string;
|
|
|
|
beforeEach(async () => {
|
|
ctx = createTestApp();
|
|
const hash = await hashPassword('secret');
|
|
createUser(ctx.db, { username: 'alice', passwordHash: hash });
|
|
token = await loginAs(ctx.app, 'alice', 'secret');
|
|
});
|
|
|
|
afterEach(async () => {
|
|
await ctx.app.close();
|
|
ctx.cleanup();
|
|
});
|
|
|
|
it('returns empty list for new user', async () => {
|
|
const res = await ctx.app.inject({
|
|
method: 'GET',
|
|
url: '/api/v1/files',
|
|
cookies: { nanodrop_session: token },
|
|
});
|
|
expect(res.statusCode).toBe(200);
|
|
expect(res.json().files).toEqual([]);
|
|
});
|
|
|
|
it('returns 401 without auth', async () => {
|
|
const res = await ctx.app.inject({ method: 'GET', url: '/api/v1/files' });
|
|
expect(res.statusCode).toBe(401);
|
|
});
|
|
});
|
|
|
|
describe('POST /api/v1/files', () => {
|
|
let ctx: TestContext;
|
|
let token: string;
|
|
|
|
beforeEach(async () => {
|
|
ctx = createTestApp();
|
|
const hash = await hashPassword('secret');
|
|
createUser(ctx.db, { username: 'alice', passwordHash: hash });
|
|
token = await loginAs(ctx.app, 'alice', 'secret');
|
|
});
|
|
|
|
afterEach(async () => {
|
|
await ctx.app.close();
|
|
ctx.cleanup();
|
|
});
|
|
|
|
it('uploads a file and returns url', async () => {
|
|
const res = await ctx.app.inject({
|
|
method: 'POST',
|
|
url: '/api/v1/files',
|
|
cookies: { nanodrop_session: token },
|
|
...buildMultipart({ file: { filename: 'test.txt', contentType: 'text/plain', data: Buffer.from('hello') } }),
|
|
});
|
|
expect(res.statusCode).toBe(201);
|
|
const body = res.json();
|
|
expect(body.url).toMatch(/\/f\//);
|
|
expect(body.file.original_name).toBe('test.txt');
|
|
});
|
|
|
|
it('returns 401 without auth', async () => {
|
|
const res = await ctx.app.inject({ method: 'POST', url: '/api/v1/files' });
|
|
expect(res.statusCode).toBe(401);
|
|
});
|
|
});
|
|
|
|
describe('DELETE /api/v1/files/:id', () => {
|
|
let ctx: TestContext;
|
|
let token: string;
|
|
let fileId: string;
|
|
|
|
beforeEach(async () => {
|
|
ctx = createTestApp();
|
|
const hash = await hashPassword('secret');
|
|
createUser(ctx.db, { username: 'alice', passwordHash: hash });
|
|
token = await loginAs(ctx.app, 'alice', 'secret');
|
|
|
|
const uploadRes = await ctx.app.inject({
|
|
method: 'POST',
|
|
url: '/api/v1/files',
|
|
cookies: { nanodrop_session: token },
|
|
...buildMultipart({ file: { filename: 'f.txt', contentType: 'text/plain', data: Buffer.from('data') } }),
|
|
});
|
|
fileId = uploadRes.json().file.id;
|
|
});
|
|
|
|
afterEach(async () => {
|
|
await ctx.app.close();
|
|
ctx.cleanup();
|
|
});
|
|
|
|
it('deletes an owned file', async () => {
|
|
const res = await ctx.app.inject({
|
|
method: 'DELETE',
|
|
url: `/api/v1/files/${fileId}`,
|
|
cookies: { nanodrop_session: token },
|
|
});
|
|
expect(res.statusCode).toBe(200);
|
|
});
|
|
|
|
it('returns 404 for non-existent file', async () => {
|
|
const res = await ctx.app.inject({
|
|
method: 'DELETE',
|
|
url: '/api/v1/files/doesnotexist',
|
|
cookies: { nanodrop_session: token },
|
|
});
|
|
expect(res.statusCode).toBe(404);
|
|
});
|
|
|
|
it('returns 401 without auth', async () => {
|
|
const res = await ctx.app.inject({ method: 'DELETE', url: `/api/v1/files/${fileId}` });
|
|
expect(res.statusCode).toBe(401);
|
|
});
|
|
});
|