From 9e6d78b62506e6501c75dbe7f92094f77553831d Mon Sep 17 00:00:00 2001 From: Elian Doran Date: Mon, 2 Jun 2025 19:26:36 +0300 Subject: [PATCH] test(etapi): port no-token --- _regroup/test-etapi/no-token.http | 109 ------------------------ apps/server/spec/etapi/no-token.spec.ts | 54 ++++++++++++ 2 files changed, 54 insertions(+), 109 deletions(-) delete mode 100644 _regroup/test-etapi/no-token.http create mode 100644 apps/server/spec/etapi/no-token.spec.ts diff --git a/_regroup/test-etapi/no-token.http b/_regroup/test-etapi/no-token.http deleted file mode 100644 index d8198ed2b..000000000 --- a/_regroup/test-etapi/no-token.http +++ /dev/null @@ -1,109 +0,0 @@ -GET {{triliumHost}}/etapi/notes?search=aaa - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/notes/root - -> {% client.assert(response.status === 401); %} - -### - -PATCH {{triliumHost}}/etapi/notes/root -Authorization: fakeauth - -> {% client.assert(response.status === 401); %} - -### - -DELETE {{triliumHost}}/etapi/notes/root -Authorization: fakeauth - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/branches/root -Authorization: fakeauth - -> {% client.assert(response.status === 401); %} - -### - -PATCH {{triliumHost}}/etapi/branches/root - -> {% client.assert(response.status === 401); %} - -### - -DELETE {{triliumHost}}/etapi/branches/root - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/attributes/000 - -> {% client.assert(response.status === 401); %} - -### - -PATCH {{triliumHost}}/etapi/attributes/000 - -> {% client.assert(response.status === 401); %} - -### - -DELETE {{triliumHost}}/etapi/attributes/000 - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/inbox/2022-02-22 - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/calendar/days/2022-02-22 -Authorization: fakeauth - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/calendar/weeks/2022-02-22 - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/calendar/months/2022-02 - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/calendar/years/2022 - -> {% client.assert(response.status === 401); %} - -### - -POST {{triliumHost}}/etapi/create-note - -> {% client.assert(response.status === 401); %} - -### - -GET {{triliumHost}}/etapi/app-info - -> {% client.assert(response.status === 401); %} - -### Fake URL will get a 404 even without token - -GET {{triliumHost}}/etapi/zzzzzz - -> {% client.assert(response.status === 404); %} diff --git a/apps/server/spec/etapi/no-token.spec.ts b/apps/server/spec/etapi/no-token.spec.ts new file mode 100644 index 000000000..d4a7a2f9f --- /dev/null +++ b/apps/server/spec/etapi/no-token.spec.ts @@ -0,0 +1,54 @@ +import { Application } from "express"; +import { beforeAll, describe, expect, it } from "vitest"; +import supertest from "supertest"; +import { login } from "./utils.js"; +import config from "../../src/services/config.js"; +import type TestAgent from "supertest/lib/agent.js"; + +let app: Application; + +const USER = "etapi"; + +const routes = [ + "GET /etapi/notes?search=aaa", + "GET /etapi/notes/root", + "PATCH /etapi/notes/root", + "DELETE /etapi/notes/root", + "GET /etapi/branches/root", + "PATCH /etapi/branches/root", + "DELETE /etapi/branches/root", + "GET /etapi/attributes/000", + "PATCH /etapi/attributes/000", + "DELETE /etapi/attributes/000", + "GET /etapi/inbox/2022-02-22", + "GET /etapi/calendar/days/2022-02-22", + "GET /etapi/calendar/weeks/2022-02-22", + "GET /etapi/calendar/months/2022-02", + "GET /etapi/calendar/years/2022", + "POST /etapi/create-note", + "GET /etapi/app-info", +] + +describe("no-token", () => { + beforeAll(async () => { + config.General.noAuthentication = false; + const buildApp = (await (import("../../src/app.js"))).default; + app = await buildApp(); + }); + + for (const route of routes) { + const [ method, url ] = route.split(" ", 2); + + it(`rejects access to ${method} ${url}`, () => { + (supertest(app)[method.toLowerCase()](url) as TestAgent) + .auth(USER, "fakeauth", { "type": "basic"}) + .expect(401) + }); + } + + it("responds with 404 even without token", () => { + supertest(app) + .get("/etapi/zzzzzz") + .expect(404); + }); +});