zerobyte/app/server/modules/events/__tests__/events.controller.test.ts
Nico 99932a8522
refactor: better-auth (#319)
* refactor: better-auth

* chore: pr feedback

* chore: lower + trim usernames in db
2026-01-07 22:36:20 +01:00

51 lines
1.6 KiB
TypeScript

import { test, describe, expect } from "bun:test";
import { createApp } from "~/server/app";
import { createTestSession } from "~/test/helpers/auth";
const app = createApp();
describe("events security", () => {
test("should return 401 if no session cookie is provided", async () => {
const res = await app.request("/api/v1/events");
expect(res.status).toBe(401);
const body = await res.json();
expect(body.message).toBe("Invalid or expired session");
});
test("should return 401 if session is invalid", async () => {
const res = await app.request("/api/v1/events", {
headers: {
Cookie: "better-auth.session_token=invalid-session",
},
});
expect(res.status).toBe(401);
const body = await res.json();
expect(body.message).toBe("Invalid or expired session");
});
test("should return 200 if session is valid", async () => {
const { token } = await createTestSession();
const res = await app.request("/api/v1/events", {
headers: {
Cookie: `better-auth.session_token=${token}`,
},
});
expect(res.status).toBe(200);
expect(res.headers.get("Content-Type")).toBe("text/event-stream");
});
describe("unauthenticated access", () => {
const endpoints: { method: string; path: string }[] = [{ method: "GET", path: "/api/v1/events" }];
for (const { method, path } of endpoints) {
test(`${method} ${path} should return 401`, async () => {
const res = await app.request(path, { method });
expect(res.status).toBe(401);
const body = await res.json();
expect(body.message).toBe("Invalid or expired session");
});
}
});
});