openreader/tests/unit/admin-providers-validation.spec.ts
Richard R 876ca7d774 feat(admin,config,ui,db): introduce runtime-editable site config and admin-managed TTS providers
Add database-backed runtime configuration for feature flags and TTS provider credentials, editable via a new admin UI panel. Replace static NEXT_PUBLIC_* and TTS provider env vars with admin-managed settings stored in the database and injected at SSR for client access. Implement admin-only panels for managing shared TTS provider credentials (with encrypted API keys) and live site feature flags. Add schema migrations, API routes, React contexts, and hooks for SSR-injected runtime config and live updates. Update client and server logic to resolve configuration from the database at runtime, enforcing admin restrictions and supporting migration from legacy env-based config.

BREAKING CHANGE: Feature flags and TTS provider credentials are now managed at runtime via the admin UI. Environment variables are only used for initial seeding and are ignored after first boot. Existing deployments must migrate configuration to the admin panel.
2026-05-12 22:39:24 -06:00

52 lines
1.6 KiB
TypeScript

import { expect, test } from '@playwright/test';
import {
AdminProviderError,
toMasked,
validateProviderType,
validateSlug,
type AdminProviderRecord,
} from '../../src/lib/server/admin/providers';
test.describe('admin provider validation', () => {
test('normalizes valid slugs to lowercase', () => {
expect(validateSlug('My-Provider-1')).toBe('my-provider-1');
});
test('rejects built-in provider ids as slugs', () => {
expect(() => validateSlug('openai')).toThrow(AdminProviderError);
expect(() => validateSlug('custom-openai')).toThrow('reserved');
});
test('rejects malformed slug values', () => {
expect(() => validateSlug('-bad-')).toThrow(AdminProviderError);
expect(() => validateSlug('bad_slug')).toThrow(AdminProviderError);
expect(() => validateSlug('')).toThrow(AdminProviderError);
});
test('accepts only known provider types', () => {
expect(validateProviderType('openai')).toBe('openai');
expect(() => validateProviderType('unknown')).toThrow(AdminProviderError);
});
test('masks api key from last4 in list responses', () => {
const record: AdminProviderRecord = {
id: 'id-1',
slug: 'shared-one',
displayName: 'Shared One',
providerType: 'openai',
baseUrl: null,
apiKeyCiphertext: 'ciphertext',
apiKeyIv: 'iv',
apiKeyLast4: 'abcd',
defaultModel: 'gpt-4o-mini-tts',
defaultInstructions: 'warm tone',
enabled: true,
createdAt: 1,
updatedAt: 1,
};
expect(toMasked(record).apiKeyMask).toBe('••••abcd');
});
});