k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 21:31:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
48098ef5eca7fa18cf775a47c5900d04963eed9e
TREK/server/tests/unit/middleware/tripAccess.test.ts
T
jubnl b4922322ae test: expand test suite to 87.3% backend coverage 
Add new integration test files covering previously untested routes:
- categories.test.ts — GET /api/categories
- oidc.test.ts — full OIDC login flow (callback, state, errors)
- settings.test.ts — GET/PUT /api/settings, bulk save
- tags.test.ts — CRUD for trip tags
- todo.test.ts — todo items CRUD and reorder

Add new unit test files covering service-layer logic:
- adminService.test.ts — user/invite management, packing templates, OIDC settings
- atlasService.test.ts — atlas search and place enrichment
- authServiceDb.test.ts — DB-backed auth helpers (login, register, MFA)
- backupService.test.ts — export/import/restore logic
- categoryService.test.ts — category CRUD
- dayService.test.ts — day management and accommodation helpers
- mapsService.test.ts — route/directions helpers
- oidcService.test.ts — OIDC state, auth code, role resolution, user upsert
- packingService.test.ts — packing item/bag/template operations
- placeService.test.ts — place CRUD and tag attachment
- settingsService.test.ts — settings get/set/bulk
- tagService.test.ts — tag CRUD
- todoService.test.ts — todo CRUD and reorder
- tripService.test.ts — trip CRUD, member management, archiving
- vacayService.test.ts — vacay integration helpers
- tripAccess.test.ts (middleware) — requireTripAccess middleware

Expand existing integration and unit test files with additional cases
across admin, atlas, auth, backup, collab, days, files, maps, memories
(Immich/Synology), notifications, places, reservations, share, vacay,
weather, auth middleware, ephemeral tokens, notification preferences,
permissions, SSRF guard, and WebSocket connection tests.

Update test helpers (factories.ts, test-db.ts) with new factory
functions and seed data required by the expanded suite.

Fix minor issues in server/src/routes/reservations.ts and
server/src/services/atlasService.ts surfaced by new test coverage.

Update sonar-project.properties to reflect new coverage thresholds.
2026-04-06 20:08:30 +02:00

138 lines
5.5 KiB
TypeScript
Raw Blame History

/**
* Unit tests for requireTripAccess and requireTripOwner middleware.
* TRIP-ACCESS-001 through TRIP-ACCESS-010.
* canAccessTrip and isOwner are mocked; no DB required.
*/
import { describe, it, expect, vi, beforeEach } from 'vitest';
import type { Request, Response, NextFunction } from 'express';
const mockCanAccessTrip = vi.fn();
const mockIsOwner = vi.fn();
vi.mock('../../../src/db/database', () => ({
canAccessTrip: (...args: any[]) => mockCanAccessTrip(...args),
isOwner: (...args: any[]) => mockIsOwner(...args),
}));
vi.mock('../../../src/config', () => ({ JWT_SECRET: 'test-secret' }));
import { requireTripAccess, requireTripOwner } from '../../../src/middleware/tripAccess';
function makeRes(): { res: Response; status: ReturnType<typeof vi.fn>; json: ReturnType<typeof vi.fn> } {
const json = vi.fn();
const status = vi.fn(() => ({ json }));
const res = { status } as unknown as Response;
return { res, status, json };
}
function makeReq(params: Record<string, string> = {}, userId = 1): Request {
return {
params,
user: { id: userId },
} as unknown as Request;
}
beforeEach(() => {
mockCanAccessTrip.mockReset();
mockIsOwner.mockReset();
});
// ── requireTripAccess ─────────────────────────────────────────────────────────
describe('requireTripAccess', () => {
it('TRIP-ACCESS-001: returns 400 when no tripId param', () => {
const next = vi.fn() as unknown as NextFunction;
const { res, status, json } = makeRes();
requireTripAccess(makeReq({}), res, next);
expect(next).not.toHaveBeenCalled();
expect(status).toHaveBeenCalledWith(400);
expect(json).toHaveBeenCalledWith(expect.objectContaining({ error: expect.any(String) }));
});
it('TRIP-ACCESS-002: returns 404 when canAccessTrip returns null (not a member)', () => {
mockCanAccessTrip.mockReturnValue(null);
const next = vi.fn() as unknown as NextFunction;
const { res, status, json } = makeRes();
requireTripAccess(makeReq({ tripId: '42' }), res, next);
expect(next).not.toHaveBeenCalled();
expect(status).toHaveBeenCalledWith(404);
expect(json).toHaveBeenCalledWith(expect.objectContaining({ error: expect.any(String) }));
});
it('TRIP-ACCESS-003: calls next and attaches trip when user has access', () => {
const fakeTrip = { id: 42, user_id: 1 };
mockCanAccessTrip.mockReturnValue(fakeTrip);
const next = vi.fn() as unknown as NextFunction;
const { res } = makeRes();
const req = makeReq({ tripId: '42' }, 1);
requireTripAccess(req, res, next);
expect(next).toHaveBeenCalledOnce();
expect((req as any).trip).toEqual(fakeTrip);
});
it('TRIP-ACCESS-004: accepts req.params.id as fallback when tripId is absent', () => {
const fakeTrip = { id: 7, user_id: 2 };
mockCanAccessTrip.mockReturnValue(fakeTrip);
const next = vi.fn() as unknown as NextFunction;
const { res } = makeRes();
requireTripAccess(makeReq({ id: '7' }), res, next);
expect(mockCanAccessTrip).toHaveBeenCalledWith(7, expect.any(Number));
expect(next).toHaveBeenCalledOnce();
});
it('TRIP-ACCESS-005: passes numeric tripId to canAccessTrip', () => {
mockCanAccessTrip.mockReturnValue({ id: 99, user_id: 3 });
const next = vi.fn() as unknown as NextFunction;
const { res } = makeRes();
requireTripAccess(makeReq({ tripId: '99' }, 3), res, next);
expect(mockCanAccessTrip).toHaveBeenCalledWith(99, 3);
});
});
// ── requireTripOwner ──────────────────────────────────────────────────────────
describe('requireTripOwner', () => {
it('TRIP-ACCESS-006: returns 400 when no tripId param', () => {
const next = vi.fn() as unknown as NextFunction;
const { res, status, json } = makeRes();
requireTripOwner(makeReq({}), res, next);
expect(next).not.toHaveBeenCalled();
expect(status).toHaveBeenCalledWith(400);
expect(json).toHaveBeenCalledWith(expect.objectContaining({ error: expect.any(String) }));
});
it('TRIP-ACCESS-007: returns 403 when user is not the owner', () => {
mockIsOwner.mockReturnValue(false);
const next = vi.fn() as unknown as NextFunction;
const { res, status, json } = makeRes();
requireTripOwner(makeReq({ tripId: '10' }, 2), res, next);
expect(next).not.toHaveBeenCalled();
expect(status).toHaveBeenCalledWith(403);
expect(json).toHaveBeenCalledWith(expect.objectContaining({ error: expect.any(String) }));
});
it('TRIP-ACCESS-008: calls next when user is the owner', () => {
mockIsOwner.mockReturnValue(true);
const next = vi.fn() as unknown as NextFunction;
const { res } = makeRes();
requireTripOwner(makeReq({ tripId: '10' }, 1), res, next);
expect(next).toHaveBeenCalledOnce();
});
it('TRIP-ACCESS-009: accepts req.params.id as fallback when tripId is absent', () => {
mockIsOwner.mockReturnValue(true);
const next = vi.fn() as unknown as NextFunction;
const { res } = makeRes();
requireTripOwner(makeReq({ id: '5' }, 1), res, next);
expect(mockIsOwner).toHaveBeenCalledWith(5, 1);
expect(next).toHaveBeenCalledOnce();
});
it('TRIP-ACCESS-010: passes numeric tripId to isOwner', () => {
mockIsOwner.mockReturnValue(true);
const next = vi.fn() as unknown as NextFunction;
const { res } = makeRes();
requireTripOwner(makeReq({ tripId: '77' }, 4), res, next);
expect(mockIsOwner).toHaveBeenCalledWith(77, 4);
});
});
Reference in New Issue View Git Blame Copy Permalink