106 lines
3.0 KiB
TypeScript
106 lines
3.0 KiB
TypeScript
import 'reflect-metadata';
|
|
|
|
import { ValidationPipe } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { Test } from '@nestjs/testing';
|
|
import request from 'supertest';
|
|
import { afterAll, beforeAll, describe, expect, it, vi } from 'vitest';
|
|
|
|
import { requestContextMiddleware } from '@adapters/http/RequestContext';
|
|
import { AuthenticationGuard } from '../auth/AuthenticationGuard';
|
|
import { AuthorizationGuard } from '../auth/AuthorizationGuard';
|
|
import { IDENTITY_SESSION_PORT_TOKEN } from '../auth/AuthProviders';
|
|
import { FeatureAvailabilityGuard } from '../policy/FeatureAvailabilityGuard';
|
|
|
|
describe('Admin domain (HTTP, module-wiring)', () => {
|
|
const originalEnv = { ...process.env };
|
|
|
|
let app: any;
|
|
|
|
beforeAll(async () => {
|
|
vi.resetModules();
|
|
|
|
process.env.GRIDPILOT_API_PERSISTENCE = 'inmemory';
|
|
process.env.GRIDPILOT_API_BOOTSTRAP = 'true';
|
|
delete process.env.DATABASE_URL;
|
|
|
|
const { AppModule } = await import('../../app.module');
|
|
|
|
const module = await Test.createTestingModule({
|
|
imports: [AppModule],
|
|
}).compile();
|
|
|
|
app = module.createNestApplication();
|
|
|
|
// Ensure AsyncLocalStorage request context is present for getActorFromRequestContext()
|
|
app.use(requestContextMiddleware);
|
|
|
|
app.useGlobalPipes(
|
|
new ValidationPipe({
|
|
whitelist: true,
|
|
forbidNonWhitelisted: true,
|
|
transform: true,
|
|
}),
|
|
);
|
|
|
|
const reflector = new Reflector();
|
|
const sessionPort = module.get(IDENTITY_SESSION_PORT_TOKEN);
|
|
|
|
const authorizationService = {
|
|
getRolesForUser: () => [],
|
|
};
|
|
|
|
const policyService = {
|
|
getSnapshot: async () => ({
|
|
policyVersion: 1,
|
|
operationalMode: 'normal',
|
|
maintenanceAllowlist: { view: [], mutate: [] },
|
|
capabilities: {},
|
|
loadedFrom: 'defaults',
|
|
loadedAtIso: new Date(0).toISOString(),
|
|
}),
|
|
};
|
|
|
|
app.useGlobalGuards(
|
|
new AuthenticationGuard(sessionPort as any),
|
|
new AuthorizationGuard(reflector, authorizationService as any),
|
|
new FeatureAvailabilityGuard(reflector, policyService as any),
|
|
);
|
|
|
|
await app.init();
|
|
}, 20_000);
|
|
|
|
afterAll(async () => {
|
|
await app?.close();
|
|
|
|
process.env = originalEnv;
|
|
vi.restoreAllMocks();
|
|
});
|
|
|
|
it('module compiles and app is initialized', () => {
|
|
expect(app).toBeDefined();
|
|
expect(app.getHttpServer()).toBeDefined();
|
|
});
|
|
|
|
it('rejects unauthenticated actor on admin endpoints (401)', async () => {
|
|
await request(app.getHttpServer())
|
|
.get('/admin/users')
|
|
.expect(401);
|
|
|
|
await request(app.getHttpServer())
|
|
.get('/admin/dashboard/stats')
|
|
.expect(401);
|
|
});
|
|
|
|
it('rejects authenticated non-admin actor (403)', async () => {
|
|
const agent = request.agent(app.getHttpServer());
|
|
|
|
await agent
|
|
.post('/auth/signup')
|
|
.send({ email: 'user-admin-test@gridpilot.local', password: 'Password123!', displayName: 'Regular User' })
|
|
.expect(201);
|
|
|
|
await agent.get('/admin/users').expect(403);
|
|
await agent.get('/admin/dashboard/stats').expect(403);
|
|
});
|
|
}); |