dcrouter/test/test.protected-endpoint.ts

import { expect, tap } from '@git.zone/tstest/tapbundle';
import { DcRouter } from '../ts/index.js';
import { TypedRequest } from '@api.global/typedrequest';
import * as interfaces from '../ts_interfaces/index.js';

let testDcRouter: DcRouter;
let adminIdentity: interfaces.data.IIdentity;

tap.test('should start DCRouter with OpsServer', async () => {
  testDcRouter = new DcRouter({
    // Minimal config for testing
  });

  await testDcRouter.start();
  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
});

tap.test('should login as admin', async () => {
  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
    'http://localhost:3000/typedrequest',
    'adminLoginWithUsernameAndPassword'
  );

  const response = await loginRequest.fire({
    username: 'admin',
    password: 'admin'
  });

  expect(response).toHaveProperty('identity');
  adminIdentity = response.identity;
  console.log('Admin logged in with JWT');
});

tap.test('should allow admin to verify identity', async () => {
  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
    'http://localhost:3000/typedrequest',
    'verifyIdentity'
  );

  const response = await verifyRequest.fire({
    identity: adminIdentity,
  });

  expect(response).toHaveProperty('valid');
  expect(response.valid).toBeTrue();
  console.log('Admin identity verified successfully');
});

tap.test('should reject verify identity without identity', async () => {
  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
    'http://localhost:3000/typedrequest',
    'verifyIdentity'
  );

  try {
    await verifyRequest.fire({} as any);
    expect(true).toBeFalse(); // Should not reach here
  } catch (error) {
    expect(error).toBeTruthy();
    console.log('Successfully rejected request without identity');
  }
});

tap.test('should reject verify identity with invalid JWT', async () => {
  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
    'http://localhost:3000/typedrequest',
    'verifyIdentity'
  );

  try {
    await verifyRequest.fire({
      identity: {
        ...adminIdentity,
        jwt: 'invalid.jwt.token'
      },
    });
    expect(true).toBeFalse(); // Should not reach here
  } catch (error) {
    expect(error).toBeTruthy();
    console.log('Successfully rejected request with invalid JWT');
  }
});

tap.test('should allow access to public endpoints without auth', async () => {
  const healthRequest = new TypedRequest<interfaces.requests.IReq_GetHealthStatus>(
    'http://localhost:3000/typedrequest',
    'getHealthStatus'
  );

  // No identity provided
  const response = await healthRequest.fire({});

  expect(response).toHaveProperty('health');
  expect(response.health.healthy).toBeTrue();
  console.log('Public endpoint accessible without auth');
});

tap.test('should allow read-only config access', async () => {
  const configRequest = new TypedRequest<interfaces.requests.IReq_GetConfiguration>(
    'http://localhost:3000/typedrequest',
    'getConfiguration'
  );

  // Config is read-only and doesn't require auth
  const response = await configRequest.fire({});

  expect(response).toHaveProperty('config');
  expect(response.config).toHaveProperty('email');
  expect(response.config).toHaveProperty('dns');
  expect(response.config).toHaveProperty('proxy');
  expect(response.config).toHaveProperty('security');
  console.log('Configuration read successfully');
});

tap.test('should stop DCRouter', async () => {
  await testDcRouter.stop();
});

export default tap.start();