michal/mcpctl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da90f01dc18ff1184ac38fc21f0f79c85d2e9104
mcpctl/src/mcpd/tests/auth.test.ts
Michal d2a682a460 feat: implement mcpd core server framework with Fastify 
Add Fastify server with config validation (Zod), health/healthz endpoints,
auth middleware (Bearer token + session lookup), security plugins (CORS,
Helmet, rate limiting), error handler, audit logging, and graceful shutdown.
36 tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 04:22:01 +00:00

102 lines
3.2 KiB
TypeScript
Raw Blame History

import { describe, it, expect, vi, afterEach } from 'vitest';
import Fastify from 'fastify';
import type { FastifyInstance } from 'fastify';
import { createAuthMiddleware } from '../src/middleware/auth.js';
let app: FastifyInstance;
afterEach(async () => {
if (app) await app.close();
});
function setupApp(findSession: (token: string) => Promise<{ userId: string; expiresAt: Date } | null>) {
app = Fastify({ logger: false });
const authMiddleware = createAuthMiddleware({ findSession });
app.addHook('preHandler', authMiddleware);
app.get('/protected', async (request) => {
return { userId: request.userId };
});
return app.ready();
}
describe('auth middleware', () => {
it('returns 401 when no Authorization header', async () => {
await setupApp(async () => null);
const res = await app.inject({ method: 'GET', url: '/protected' });
expect(res.statusCode).toBe(401);
expect(res.json<{ error: string }>().error).toContain('Authorization');
});
it('returns 401 when header is not Bearer', async () => {
await setupApp(async () => null);
const res = await app.inject({
method: 'GET',
url: '/protected',
headers: { authorization: 'Basic abc123' },
});
expect(res.statusCode).toBe(401);
});
it('returns 401 when token is empty', async () => {
await setupApp(async () => null);
const res = await app.inject({
method: 'GET',
url: '/protected',
headers: { authorization: 'Bearer ' },
});
expect(res.statusCode).toBe(401);
expect(res.json<{ error: string }>().error).toContain('Empty');
});
it('returns 401 when token not found', async () => {
await setupApp(async () => null);
const res = await app.inject({
method: 'GET',
url: '/protected',
headers: { authorization: 'Bearer invalid-token' },
});
expect(res.statusCode).toBe(401);
expect(res.json<{ error: string }>().error).toContain('Invalid');
});
it('returns 401 when token is expired', async () => {
const pastDate = new Date(Date.now() - 86400_000);
await setupApp(async () => ({ userId: 'user-1', expiresAt: pastDate }));
const res = await app.inject({
method: 'GET',
url: '/protected',
headers: { authorization: 'Bearer expired-token' },
});
expect(res.statusCode).toBe(401);
expect(res.json<{ error: string }>().error).toContain('expired');
});
it('passes valid token and sets userId', async () => {
const futureDate = new Date(Date.now() + 86400_000);
await setupApp(async () => ({ userId: 'user-42', expiresAt: futureDate }));
const res = await app.inject({
method: 'GET',
url: '/protected',
headers: { authorization: 'Bearer valid-token' },
});
expect(res.statusCode).toBe(200);
expect(res.json<{ userId: string }>().userId).toBe('user-42');
});
it('calls findSession with the token', async () => {
const findSession = vi.fn(async () => ({
userId: 'user-1',
expiresAt: new Date(Date.now() + 86400_000),
}));
await setupApp(findSession);
await app.inject({
method: 'GET',
url: '/protected',
headers: { authorization: 'Bearer my-token' },
});
expect(findSession).toHaveBeenCalledWith('my-token');
});
});
Reference in New Issue View Git Blame Copy Permalink