tests

2026-01-08 16:30:15 +01:00
parent 52e9a2f6a7
commit 064fdd1b0a
25 changed files with 3068 additions and 0 deletions
--- a/apps/api/src/domain/admin/Admin.http.test.ts
+++ b/apps/api/src/domain/admin/Admin.http.test.ts
@@ -0,0 +1,106 @@
+import 'reflect-metadata';
+
+import { ValidationPipe } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Test } from '@nestjs/testing';
+import request from 'supertest';
+import { afterAll, beforeAll, describe, expect, it, vi } from 'vitest';
+
+import { requestContextMiddleware } from '@adapters/http/RequestContext';
+import { AuthenticationGuard } from '../auth/AuthenticationGuard';
+import { AuthorizationGuard } from '../auth/AuthorizationGuard';
+import { IDENTITY_SESSION_PORT_TOKEN } from '../auth/AuthProviders';
+import { FeatureAvailabilityGuard } from '../policy/FeatureAvailabilityGuard';
+
+describe('Admin domain (HTTP, module-wiring)', () => {
+  const originalEnv = { ...process.env };
+
+  let app: any;
+
+  beforeAll(async () => {
+    vi.resetModules();
+
+    process.env.GRIDPILOT_API_PERSISTENCE = 'inmemory';
+    process.env.GRIDPILOT_API_BOOTSTRAP = 'true';
+    delete process.env.DATABASE_URL;
+
+    const { AppModule } = await import('../../app.module');
+
+    const module = await Test.createTestingModule({
+      imports: [AppModule],
+    }).compile();
+
+    app = module.createNestApplication();
+
+    // Ensure AsyncLocalStorage request context is present for getActorFromRequestContext()
+    app.use(requestContextMiddleware);
+
+    app.useGlobalPipes(
+      new ValidationPipe({
+        whitelist: true,
+        forbidNonWhitelisted: true,
+        transform: true,
+      }),
+    );
+
+    const reflector = new Reflector();
+    const sessionPort = module.get(IDENTITY_SESSION_PORT_TOKEN);
+
+    const authorizationService = {
+      getRolesForUser: () => [],
+    };
+
+    const policyService = {
+      getSnapshot: async () => ({
+        policyVersion: 1,
+        operationalMode: 'normal',
+        maintenanceAllowlist: { view: [], mutate: [] },
+        capabilities: {},
+        loadedFrom: 'defaults',
+        loadedAtIso: new Date(0).toISOString(),
+      }),
+    };
+
+    app.useGlobalGuards(
+      new AuthenticationGuard(sessionPort as any),
+      new AuthorizationGuard(reflector, authorizationService as any),
+      new FeatureAvailabilityGuard(reflector, policyService as any),
+    );
+
+    await app.init();
+  }, 20_000);
+
+  afterAll(async () => {
+    await app?.close();
+
+    process.env = originalEnv;
+    vi.restoreAllMocks();
+  });
+
+  it('module compiles and app is initialized', () => {
+    expect(app).toBeDefined();
+    expect(app.getHttpServer()).toBeDefined();
+  });
+
+  it('rejects unauthenticated actor on admin endpoints (401)', async () => {
+    await request(app.getHttpServer())
+      .get('/admin/users')
+      .expect(401);
+
+    await request(app.getHttpServer())
+      .get('/admin/dashboard/stats')
+      .expect(401);
+  });
+
+  it('rejects authenticated non-admin actor (403)', async () => {
+    const agent = request.agent(app.getHttpServer());
+
+    await agent
+      .post('/auth/signup')
+      .send({ email: 'user-admin-test@gridpilot.local', password: 'Password123!', displayName: 'Regular User' })
+      .expect(201);
+
+    await agent.get('/admin/users').expect(403);
+    await agent.get('/admin/dashboard/stats').expect(403);
+  });
+});