test(etapi): port no-token

_regroup/test-etapi/no-token.http

@@ -1,109 +0,0 @@
-GET {{triliumHost}}/etapi/notes?search=aaa
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/notes/root
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-PATCH {{triliumHost}}/etapi/notes/root
-Authorization: fakeauth
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-DELETE {{triliumHost}}/etapi/notes/root
-Authorization: fakeauth
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/branches/root
-Authorization: fakeauth
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-PATCH {{triliumHost}}/etapi/branches/root
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-DELETE {{triliumHost}}/etapi/branches/root
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/attributes/000
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-PATCH {{triliumHost}}/etapi/attributes/000
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-DELETE {{triliumHost}}/etapi/attributes/000
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/inbox/2022-02-22
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/calendar/days/2022-02-22
-Authorization: fakeauth
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/calendar/weeks/2022-02-22
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/calendar/months/2022-02
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/calendar/years/2022
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-POST {{triliumHost}}/etapi/create-note
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/app-info
-
-> {% client.assert(response.status === 401); %}
-
-### Fake URL will get a 404 even without token
-
-GET {{triliumHost}}/etapi/zzzzzz
-
-> {% client.assert(response.status === 404); %}

apps/server/spec/etapi/no-token.spec.ts

@@ -0,0 +1,54 @@
+import { Application } from "express";
+import { beforeAll, describe, expect, it } from "vitest";
+import supertest from "supertest";
+import { login } from "./utils.js";
+import config from "../../src/services/config.js";
+import type TestAgent from "supertest/lib/agent.js";
+
+let app: Application;
+
+const USER = "etapi";
+
+const routes = [
+    "GET /etapi/notes?search=aaa",
+    "GET /etapi/notes/root",
+    "PATCH /etapi/notes/root",
+    "DELETE /etapi/notes/root",
+    "GET /etapi/branches/root",
+    "PATCH /etapi/branches/root",
+    "DELETE /etapi/branches/root",
+    "GET /etapi/attributes/000",
+    "PATCH /etapi/attributes/000",
+    "DELETE /etapi/attributes/000",
+    "GET /etapi/inbox/2022-02-22",
+    "GET /etapi/calendar/days/2022-02-22",
+    "GET /etapi/calendar/weeks/2022-02-22",
+    "GET /etapi/calendar/months/2022-02",
+    "GET /etapi/calendar/years/2022",
+    "POST /etapi/create-note",
+    "GET /etapi/app-info",
+]
+
+describe("no-token", () => {
+    beforeAll(async () => {
+        config.General.noAuthentication = false;
+        const buildApp = (await (import("../../src/app.js"))).default;
+        app = await buildApp();
+    });
+
+    for (const route of routes) {
+        const [ method, url ] = route.split(" ", 2);
+
+        it(`rejects access to ${method} ${url}`, () => {
+            (supertest(app)[method.toLowerCase()](url) as TestAgent)
+                .auth(USER, "fakeauth", { "type": "basic"})
+                .expect(401)
+        });
+    }
+
+    it("responds with 404 even without token", () => {
+        supertest(app)
+            .get("/etapi/zzzzzz")
+            .expect(404);
+    });
+});