Elgato_dark/lobehub
1
0
Fork 0
mirror of https://github.com/lobehub/lobehub synced 2026-04-21 17:47:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 86
lobehub/apps/device-gateway/src/auth.test.ts
Rylan Cai 4dd271c968
feat(cli): support api key auth in cli (#13190) 
*  support cli api key auth

* 🔒 reject invalid x-api-key without fallback auth

* ♻️ clean up cli api key auth diff

* ♻️ clean up cli auth command diff

* ♻️ clean up remaining cli auth diff

* ♻️ split stored auth token fields

* ♻️ trim connect auth surface

* ♻️ drop redundant jwt user id carry-over

* ♻️ trim auth test wording diff

* 🐛 fix api key model imports

* 🐛 fix api key util subpath import

* 🔐 chore(cli): use env-only api key auth

* ♻️ refactor(cli): simplify auth credential flow

*  feat: simplify cli api key login flow

* 🐛 fix(cli): prefer jwt for webapi auth

* ♻️ refactor(cli): trim auth http diff

* 🐛 fix(cli): skip api key auth expiry handling

* 🐛 fix(cli): restore non-jwt expiry handling

* ♻️ refactor(cli): trim connect auth expired diff

* ♻️ refactor(cli): trim login comment diff

* ♻️ refactor(cli): trim resolve token comment diff

* ♻️ refactor(cli): restore connect expiry flow

* ♻️ refactor(cli): trim login api key message

* 🐛 fix(cli): support api key gateway auth

* ♻️ refactor(cli): restore resolve token comment

* ♻️ refactor(cli): trim test-only auth diffs

* ♻️ refactor(cli): restore resolve token comments

*  test(cli): add api key expiry coverage

* 🐛 fix cli auth server resolution and gateway auth

* ♻️ prune auth fix diff noise

* ♻️ unify cli server url precedence

* ♻️ simplify device gateway auth tests

*  add gateway auth edge case coverage

*  remove low-value gateway auth test

* 🐛 fix api key context test mock typing
2026-03-26 10:11:38 +08:00

96 lines
2.6 KiB
TypeScript
Raw Blame History

import { describe, expect, it, vi } from 'vitest';
import { resolveSocketAuth } from './auth';
describe('resolveSocketAuth', () => {
it('rejects missing token', async () => {
const verifyApiKey = vi.fn();
const verifyJwt = vi.fn();
await expect(
resolveSocketAuth({
serviceToken: 'service-secret',
storedUserId: 'user-123',
verifyApiKey,
verifyJwt,
}),
).rejects.toThrow('Missing token');
expect(verifyApiKey).not.toHaveBeenCalled();
expect(verifyJwt).not.toHaveBeenCalled();
});
it('rejects the real service token when storedUserId is missing', async () => {
const verifyApiKey = vi.fn();
const verifyJwt = vi.fn();
await expect(
resolveSocketAuth({
serviceToken: 'service-secret',
token: 'service-secret',
tokenType: 'serviceToken',
verifyApiKey,
verifyJwt,
}),
).rejects.toThrow('Missing userId');
expect(verifyApiKey).not.toHaveBeenCalled();
expect(verifyJwt).not.toHaveBeenCalled();
});
it('rejects clients that only self-declare serviceToken mode', async () => {
const verifyApiKey = vi.fn();
const verifyJwt = vi.fn().mockRejectedValue(new Error('invalid jwt'));
await expect(
resolveSocketAuth({
serviceToken: 'service-secret',
storedUserId: 'user-123',
token: 'attacker-token',
tokenType: 'serviceToken',
verifyApiKey,
verifyJwt,
}),
).rejects.toThrow('invalid jwt');
expect(verifyApiKey).not.toHaveBeenCalled();
expect(verifyJwt).toHaveBeenCalledWith('attacker-token');
});
it('treats a forged serviceToken claim with a valid JWT as JWT auth', async () => {
const verifyApiKey = vi.fn();
const verifyJwt = vi.fn().mockResolvedValue({ userId: 'user-123' });
await expect(
resolveSocketAuth({
serviceToken: 'service-secret',
storedUserId: 'user-123',
token: 'valid-jwt',
tokenType: 'serviceToken',
verifyApiKey,
verifyJwt,
}),
).resolves.toBe('user-123');
expect(verifyApiKey).not.toHaveBeenCalled();
expect(verifyJwt).toHaveBeenCalledWith('valid-jwt');
});
it('accepts the real service token', async () => {
const verifyApiKey = vi.fn();
const verifyJwt = vi.fn();
await expect(
resolveSocketAuth({
serviceToken: 'service-secret',
storedUserId: 'user-123',
token: 'service-secret',
tokenType: 'serviceToken',
verifyApiKey,
verifyJwt,
}),
).resolves.toBe('user-123');
expect(verifyApiKey).not.toHaveBeenCalled();
expect(verifyJwt).not.toHaveBeenCalled();
});
});
Reference in a new issue View git blame Copy permalink