feat(test): add end-to-end test coverage for container lifecycle, auth, buckets, objects, policies, credentials, status, and S3 compatibility

test/test.auth.test.ts

@@ -0,0 +1,103 @@
+import { assertEquals, assertExists } from 'jsr:@std/assert';
+import { afterAll, beforeAll, describe, it } from 'jsr:@std/testing/bdd';
+import { TypedRequest } from '@api.global/typedrequest';
+import { createTestContainer, getTestPorts, loginAndGetIdentity, TEST_ADMIN_PASSWORD } from './helpers/server.helper.ts';
+import { ObjectStorageContainer } from '../ts/index.ts';
+import type * as interfaces from '../ts_interfaces/index.ts';
+import type { IReq_AdminLoginWithUsernameAndPassword } from '../ts_interfaces/requests/admin.ts';
+import type { IReq_VerifyIdentity } from '../ts_interfaces/requests/admin.ts';
+import type { IReq_AdminLogout } from '../ts_interfaces/requests/admin.ts';
+import type { IReq_GetServerStatus } from '../ts_interfaces/requests/status.ts';
+
+const PORT_INDEX = 1;
+const ports = getTestPorts(PORT_INDEX);
+const url = `http://localhost:${ports.uiPort}/typedrequest`;
+
+describe('Authentication', { sanitizeResources: false, sanitizeOps: false }, () => {
+  let container: ObjectStorageContainer;
+  let identity: interfaces.data.IIdentity;
+
+  beforeAll(async () => {
+    container = createTestContainer(PORT_INDEX);
+    await container.start();
+  });
+
+  afterAll(async () => {
+    await container.stop();
+  });
+
+  it('should login with valid credentials', async () => {
+    identity = await loginAndGetIdentity(ports.uiPort);
+    assertExists(identity.jwt);
+    assertEquals(identity.userId, 'admin');
+    assertEquals(identity.username, 'admin');
+    assertEquals(identity.role, 'admin');
+    assertEquals(identity.expiresAt > Date.now(), true);
+  });
+
+  it('should reject login with wrong password', async () => {
+    const req = new TypedRequest<IReq_AdminLoginWithUsernameAndPassword>(
+      url,
+      'adminLoginWithUsernameAndPassword',
+    );
+    let threw = false;
+    try {
+      await req.fire({ username: 'admin', password: 'wrongpassword' });
+    } catch {
+      threw = true;
+    }
+    assertEquals(threw, true);
+  });
+
+  it('should reject login with wrong username', async () => {
+    const req = new TypedRequest<IReq_AdminLoginWithUsernameAndPassword>(
+      url,
+      'adminLoginWithUsernameAndPassword',
+    );
+    let threw = false;
+    try {
+      await req.fire({ username: 'notadmin', password: TEST_ADMIN_PASSWORD });
+    } catch {
+      threw = true;
+    }
+    assertEquals(threw, true);
+  });
+
+  it('should verify a valid identity', async () => {
+    const req = new TypedRequest<IReq_VerifyIdentity>(url, 'verifyIdentity');
+    const response = await req.fire({ identity });
+    assertEquals(response.valid, true);
+    assertExists(response.identity);
+    assertEquals(response.identity!.userId, 'admin');
+  });
+
+  it('should reject verification with tampered JWT', async () => {
+    const req = new TypedRequest<IReq_VerifyIdentity>(url, 'verifyIdentity');
+    const tamperedIdentity = { ...identity, jwt: identity.jwt + 'tampered' };
+    const response = await req.fire({ identity: tamperedIdentity });
+    assertEquals(response.valid, false);
+  });
+
+  it('should reject verification with missing identity', async () => {
+    const req = new TypedRequest<IReq_VerifyIdentity>(url, 'verifyIdentity');
+    const response = await req.fire({ identity: null as any });
+    assertEquals(response.valid, false);
+  });
+
+  it('should logout successfully', async () => {
+    const req = new TypedRequest<IReq_AdminLogout>(url, 'adminLogout');
+    const response = await req.fire({ identity });
+    assertEquals(response.ok, true);
+  });
+
+  it('should reject protected endpoint without identity', async () => {
+    const req = new TypedRequest<IReq_GetServerStatus>(url, 'getServerStatus');
+    let threw = false;
+    try {
+      await req.fire({ identity: null as any });
+    } catch {
+      threw = true;
+    }
+    assertEquals(threw, true);
+  });
+});