323 lines
14 KiB
JavaScript
323 lines
14 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
const vitest_1 = require("vitest");
|
|
const express_1 = __importDefault(require("express"));
|
|
const bcryptjs_1 = __importDefault(require("bcryptjs"));
|
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
const supertest_1 = __importDefault(require("supertest"));
|
|
const client_1 = require("@prisma/client");
|
|
const prisma = new client_1.PrismaClient();
|
|
const JWT_SECRET = 'test-secret-key';
|
|
function createApp() {
|
|
const app = (0, express_1.default)();
|
|
app.use(express_1.default.json());
|
|
app.post('/register', async (req, res) => {
|
|
try {
|
|
const { email, password, name, inviteCode } = req.body;
|
|
if (!email || !password || !name) {
|
|
return res.status(400).json({ error: 'Email, password, and name are required' });
|
|
}
|
|
const settings = await prisma.systemSettings.findUnique({
|
|
where: { id: 'default' }
|
|
});
|
|
const isBanned = await prisma.bannedEmail.findUnique({
|
|
where: { email: email.toLowerCase() }
|
|
});
|
|
if (isBanned) {
|
|
return res.status(403).json({ error: 'This email is not allowed to register' });
|
|
}
|
|
if (settings && !settings.registrationEnabled) {
|
|
if (!inviteCode || settings.inviteCode !== inviteCode) {
|
|
return res.status(403).json({ error: 'Registration is currently closed. An invite code may be required.' });
|
|
}
|
|
}
|
|
const existingUser = await prisma.user.findUnique({ where: { email } });
|
|
if (existingUser) {
|
|
return res.status(400).json({ error: 'Email already registered' });
|
|
}
|
|
const passwordHash = await bcryptjs_1.default.hash(password, 10);
|
|
const userCount = await prisma.user.count();
|
|
const isFirstUser = userCount === 0;
|
|
const user = await prisma.user.create({
|
|
data: {
|
|
email,
|
|
passwordHash,
|
|
name,
|
|
isAdmin: isFirstUser
|
|
}
|
|
});
|
|
const token = jsonwebtoken_1.default.sign({ userId: user.id }, JWT_SECRET, { expiresIn: '7d' });
|
|
res.json({
|
|
token,
|
|
user: { id: user.id, email: user.email, name: user.name, isAdmin: user.isAdmin }
|
|
});
|
|
}
|
|
catch (error) {
|
|
console.error('Register error:', error);
|
|
res.status(500).json({ error: 'Failed to register' });
|
|
}
|
|
});
|
|
app.post('/login', async (req, res) => {
|
|
try {
|
|
const { email, password } = req.body;
|
|
if (!email || !password) {
|
|
return res.status(400).json({ error: 'Email and password are required' });
|
|
}
|
|
const user = await prisma.user.findUnique({ where: { email } });
|
|
if (!user) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
const validPassword = await bcryptjs_1.default.compare(password, user.passwordHash);
|
|
if (!validPassword) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
const token = jsonwebtoken_1.default.sign({ userId: user.id }, JWT_SECRET, { expiresIn: '7d' });
|
|
res.json({
|
|
token,
|
|
user: { id: user.id, email: user.email, name: user.name, isAdmin: user.isAdmin }
|
|
});
|
|
}
|
|
catch (error) {
|
|
console.error('Login error:', error);
|
|
res.status(500).json({ error: 'Failed to login' });
|
|
}
|
|
});
|
|
app.get('/me', async (req, res) => {
|
|
try {
|
|
const authHeader = req.headers.authorization;
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return res.status(401).json({ error: 'No token provided' });
|
|
}
|
|
const token = authHeader.split(' ')[1];
|
|
const decoded = jsonwebtoken_1.default.verify(token, JWT_SECRET);
|
|
const user = await prisma.user.findUnique({
|
|
where: { id: decoded.userId },
|
|
select: { id: true, email: true, name: true, isAdmin: true, isApiEnabled: true, createdAt: true }
|
|
});
|
|
if (!user) {
|
|
return res.status(401).json({ error: 'User not found' });
|
|
}
|
|
res.json(user);
|
|
}
|
|
catch {
|
|
res.status(401).json({ error: 'Invalid token' });
|
|
}
|
|
});
|
|
return app;
|
|
}
|
|
(0, vitest_1.describe)('Auth Routes', () => {
|
|
let app;
|
|
async function cleanup() {
|
|
await prisma.routeLeg.deleteMany();
|
|
await prisma.route.deleteMany();
|
|
await prisma.teamRoute.deleteMany();
|
|
await prisma.teamMember.deleteMany();
|
|
await prisma.team.deleteMany();
|
|
await prisma.photoSubmission.deleteMany();
|
|
await prisma.chatMessage.deleteMany();
|
|
await prisma.locationHistory.deleteMany();
|
|
await prisma.game.deleteMany();
|
|
await prisma.user.deleteMany();
|
|
await prisma.systemSettings.deleteMany();
|
|
await prisma.bannedEmail.deleteMany();
|
|
await prisma.apiKey.deleteMany();
|
|
}
|
|
(0, vitest_1.beforeAll)(async () => {
|
|
app = createApp();
|
|
await cleanup();
|
|
});
|
|
(0, vitest_1.afterAll)(async () => {
|
|
await cleanup();
|
|
await prisma.$disconnect();
|
|
});
|
|
(0, vitest_1.beforeEach)(async () => {
|
|
await cleanup();
|
|
});
|
|
(0, vitest_1.afterAll)(async () => {
|
|
await prisma.user.deleteMany();
|
|
await prisma.systemSettings.deleteMany();
|
|
await prisma.bannedEmail.deleteMany();
|
|
await prisma.$disconnect();
|
|
});
|
|
(0, vitest_1.beforeEach)(async () => {
|
|
await prisma.user.deleteMany();
|
|
await prisma.systemSettings.deleteMany();
|
|
await prisma.bannedEmail.deleteMany();
|
|
});
|
|
(0, vitest_1.describe)('POST /register', () => {
|
|
(0, vitest_1.it)('should register a new user successfully', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'password123',
|
|
name: 'Test User'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(200);
|
|
(0, vitest_1.expect)(res.body).toHaveProperty('token');
|
|
(0, vitest_1.expect)(res.body.user).toHaveProperty('id');
|
|
(0, vitest_1.expect)(res.body.user.email).toBe('test@example.com');
|
|
(0, vitest_1.expect)(res.body.user.name).toBe('Test User');
|
|
});
|
|
(0, vitest_1.it)('should return error when email is missing', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
password: 'password123',
|
|
name: 'Test User'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(400);
|
|
(0, vitest_1.expect)(res.body.error).toContain('required');
|
|
});
|
|
(0, vitest_1.it)('should return error when email already exists', async () => {
|
|
await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'password123',
|
|
name: 'Test User'
|
|
});
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'password456',
|
|
name: 'Another User'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(400);
|
|
(0, vitest_1.expect)(res.body.error).toContain('already registered');
|
|
});
|
|
(0, vitest_1.it)('should not register a banned email', async () => {
|
|
await prisma.bannedEmail.create({
|
|
data: { email: 'banned@example.com', reason: 'Test ban' }
|
|
});
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
email: 'banned@example.com',
|
|
password: 'password123',
|
|
name: 'Banned User'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(403);
|
|
(0, vitest_1.expect)(res.body.error).toContain('not allowed');
|
|
});
|
|
(0, vitest_1.it)('should require invite code when registration is disabled', async () => {
|
|
await prisma.systemSettings.create({
|
|
data: { id: 'default', registrationEnabled: false }
|
|
});
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'password123',
|
|
name: 'Test User'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(403);
|
|
(0, vitest_1.expect)(res.body.error).toContain('invite code');
|
|
});
|
|
(0, vitest_1.it)('should allow registration with valid invite code when registration is disabled', async () => {
|
|
await prisma.systemSettings.create({
|
|
data: { id: 'default', registrationEnabled: false, inviteCode: 'VALID123' }
|
|
});
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/register')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'password123',
|
|
name: 'Test User',
|
|
inviteCode: 'VALID123'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(200);
|
|
});
|
|
});
|
|
(0, vitest_1.describe)('POST /login', () => {
|
|
(0, vitest_1.beforeEach)(async () => {
|
|
const passwordHash = await bcryptjs_1.default.hash('password123', 10);
|
|
await prisma.user.create({
|
|
data: {
|
|
email: 'test@example.com',
|
|
passwordHash,
|
|
name: 'Test User'
|
|
}
|
|
});
|
|
});
|
|
(0, vitest_1.it)('should login successfully with valid credentials', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/login')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'password123'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(200);
|
|
(0, vitest_1.expect)(res.body).toHaveProperty('token');
|
|
(0, vitest_1.expect)(res.body.user.email).toBe('test@example.com');
|
|
});
|
|
(0, vitest_1.it)('should return error with invalid password', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/login')
|
|
.send({
|
|
email: 'test@example.com',
|
|
password: 'wrongpassword'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(401);
|
|
(0, vitest_1.expect)(res.body.error).toBe('Invalid credentials');
|
|
});
|
|
(0, vitest_1.it)('should return error for non-existent user', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/login')
|
|
.send({
|
|
email: 'nonexistent@example.com',
|
|
password: 'password123'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(401);
|
|
(0, vitest_1.expect)(res.body.error).toBe('Invalid credentials');
|
|
});
|
|
(0, vitest_1.it)('should return error when email is missing', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.post('/login')
|
|
.send({
|
|
password: 'password123'
|
|
});
|
|
(0, vitest_1.expect)(res.status).toBe(400);
|
|
});
|
|
});
|
|
(0, vitest_1.describe)('GET /me', () => {
|
|
let token;
|
|
let userId;
|
|
(0, vitest_1.beforeEach)(async () => {
|
|
const passwordHash = await bcryptjs_1.default.hash('password123', 10);
|
|
const user = await prisma.user.create({
|
|
data: {
|
|
email: 'test@example.com',
|
|
passwordHash,
|
|
name: 'Test User',
|
|
isAdmin: true
|
|
}
|
|
});
|
|
userId = user.id;
|
|
token = jsonwebtoken_1.default.sign({ userId: user.id }, JWT_SECRET, { expiresIn: '7d' });
|
|
});
|
|
(0, vitest_1.it)('should return user data with valid token', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.get('/me')
|
|
.set('Authorization', `Bearer ${token}`);
|
|
(0, vitest_1.expect)(res.status).toBe(200);
|
|
(0, vitest_1.expect)(res.body.id).toBe(userId);
|
|
(0, vitest_1.expect)(res.body.email).toBe('test@example.com');
|
|
(0, vitest_1.expect)(res.body.isAdmin).toBe(true);
|
|
});
|
|
(0, vitest_1.it)('should return 401 without token', async () => {
|
|
const res = await (0, supertest_1.default)(app).get('/me');
|
|
(0, vitest_1.expect)(res.status).toBe(401);
|
|
});
|
|
(0, vitest_1.it)('should return 401 with invalid token', async () => {
|
|
const res = await (0, supertest_1.default)(app)
|
|
.get('/me')
|
|
.set('Authorization', 'Bearer invalid-token');
|
|
(0, vitest_1.expect)(res.status).toBe(401);
|
|
});
|
|
});
|
|
});
|