tests/api/named-admins.test.js

const path = require('path');
const fs = require('fs');
const os = require('os');

describe('load-admins', () => {
  const originalEnv = { ...process.env };
  let tmpDir;

  beforeEach(() => {
    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'admins-test-'));
    delete process.env.ADMIN_CONFIG_PATH;
    delete process.env.ADMIN_KEY;
  });

  afterEach(() => {
    process.env = { ...originalEnv };
    fs.rmSync(tmpDir, { recursive: true, force: true });
    jest.resetModules();
  });

  function writeConfig(admins) {
    const filePath = path.join(tmpDir, 'admins.json');
    fs.writeFileSync(filePath, JSON.stringify(admins));
    return filePath;
  }

  test('loads admins from ADMIN_CONFIG_PATH', () => {
    const configPath = writeConfig([
      { name: 'Alice', key: 'key-a' },
      { name: 'Bob', key: 'key-b' }
    ]);
    process.env.ADMIN_CONFIG_PATH = configPath;

    const { findAdminByKey } = require('../../backend/config/load-admins');
    expect(findAdminByKey('key-a')).toEqual({ name: 'Alice' });
    expect(findAdminByKey('key-b')).toEqual({ name: 'Bob' });
    expect(findAdminByKey('wrong')).toBeNull();
  });

  test('falls back to ADMIN_KEY when no config file', () => {
    process.env.ADMIN_CONFIG_PATH = path.join(tmpDir, 'nonexistent.json');
    process.env.ADMIN_KEY = 'legacy-key';

    const { findAdminByKey } = require('../../backend/config/load-admins');
    expect(findAdminByKey('legacy-key')).toEqual({ name: 'Admin' });
    expect(findAdminByKey('wrong')).toBeNull();
  });

  test('throws when neither config file nor ADMIN_KEY exists', () => {
    process.env.ADMIN_CONFIG_PATH = path.join(tmpDir, 'nonexistent.json');

    expect(() => {
      require('../../backend/config/load-admins');
    }).toThrow();
  });

  test('rejects duplicate admin names', () => {
    const configPath = writeConfig([
      { name: 'Alice', key: 'key-a' },
      { name: 'Alice', key: 'key-b' }
    ]);
    process.env.ADMIN_CONFIG_PATH = configPath;

    expect(() => {
      require('../../backend/config/load-admins');
    }).toThrow(/duplicate/i);
  });

  test('rejects duplicate keys', () => {
    const configPath = writeConfig([
      { name: 'Alice', key: 'same-key' },
      { name: 'Bob', key: 'same-key' }
    ]);
    process.env.ADMIN_CONFIG_PATH = configPath;

    expect(() => {
      require('../../backend/config/load-admins');
    }).toThrow(/duplicate/i);
  });
});

const request = require('supertest');

describe('POST /api/auth/login — named admins', () => {
  let app;

  beforeAll(() => {
    process.env.ADMIN_KEY = 'test-admin-key';
    process.env.ADMIN_CONFIG_PATH = '/tmp/nonexistent-admins.json';
    jest.resetModules();
    ({ app } = require('../../backend/server'));
  });

  test('login returns admin name in response', async () => {
    const res = await request(app)
      .post('/api/auth/login')
      .set('Content-Type', 'application/json')
      .send({ key: 'test-admin-key' });

    expect(res.status).toBe(200);
    expect(res.body.name).toBeDefined();
    expect(res.body.token).toBeDefined();
  });

  test('verify returns admin name in user object', async () => {
    const loginRes = await request(app)
      .post('/api/auth/login')
      .set('Content-Type', 'application/json')
      .send({ key: 'test-admin-key' });

    const res = await request(app)
      .post('/api/auth/verify')
      .set('Authorization', `Bearer ${loginRes.body.token}`);

    expect(res.status).toBe(200);
    expect(res.body.user.name).toBeDefined();
  });

  test('invalid key still returns 401', async () => {
    const res = await request(app)
      .post('/api/auth/login')
      .set('Content-Type', 'application/json')
      .send({ key: 'wrong-key' });

    expect(res.status).toBe(401);
  });
});
feat: add admin config loader with multi-key support Made-with: Cursor 2026-03-23 03:46:09 -04:00			`const path = require('path');`
			`const fs = require('fs');`
			`const os = require('os');`

			`describe('load-admins', () => {`
			`const originalEnv = { ...process.env };`
			`let tmpDir;`

			`beforeEach(() => {`
			`tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'admins-test-'));`
			`delete process.env.ADMIN_CONFIG_PATH;`
			`delete process.env.ADMIN_KEY;`
			`});`

			`afterEach(() => {`
			`process.env = { ...originalEnv };`
			`fs.rmSync(tmpDir, { recursive: true, force: true });`
			`jest.resetModules();`
			`});`

			`function writeConfig(admins) {`
			`const filePath = path.join(tmpDir, 'admins.json');`
			`fs.writeFileSync(filePath, JSON.stringify(admins));`
			`return filePath;`
			`}`

			`test('loads admins from ADMIN_CONFIG_PATH', () => {`
			`const configPath = writeConfig([`
			`{ name: 'Alice', key: 'key-a' },`
			`{ name: 'Bob', key: 'key-b' }`
			`]);`
			`process.env.ADMIN_CONFIG_PATH = configPath;`

			`const { findAdminByKey } = require('../../backend/config/load-admins');`
			`expect(findAdminByKey('key-a')).toEqual({ name: 'Alice' });`
			`expect(findAdminByKey('key-b')).toEqual({ name: 'Bob' });`
			`expect(findAdminByKey('wrong')).toBeNull();`
			`});`

			`test('falls back to ADMIN_KEY when no config file', () => {`
			`process.env.ADMIN_CONFIG_PATH = path.join(tmpDir, 'nonexistent.json');`
			`process.env.ADMIN_KEY = 'legacy-key';`

			`const { findAdminByKey } = require('../../backend/config/load-admins');`
			`expect(findAdminByKey('legacy-key')).toEqual({ name: 'Admin' });`
			`expect(findAdminByKey('wrong')).toBeNull();`
			`});`

			`test('throws when neither config file nor ADMIN_KEY exists', () => {`
			`process.env.ADMIN_CONFIG_PATH = path.join(tmpDir, 'nonexistent.json');`

			`expect(() => {`
			`require('../../backend/config/load-admins');`
			`}).toThrow();`
			`});`

			`test('rejects duplicate admin names', () => {`
			`const configPath = writeConfig([`
			`{ name: 'Alice', key: 'key-a' },`
			`{ name: 'Alice', key: 'key-b' }`
			`]);`
			`process.env.ADMIN_CONFIG_PATH = configPath;`

			`expect(() => {`
			`require('../../backend/config/load-admins');`
			`}).toThrow(/duplicate/i);`
			`});`

			`test('rejects duplicate keys', () => {`
			`const configPath = writeConfig([`
			`{ name: 'Alice', key: 'same-key' },`
			`{ name: 'Bob', key: 'same-key' }`
			`]);`
			`process.env.ADMIN_CONFIG_PATH = configPath;`

			`expect(() => {`
			`require('../../backend/config/load-admins');`
			`}).toThrow(/duplicate/i);`
			`});`
			`});`
feat: auth route uses named admin lookup, embeds name in JWT - Login/verify use findAdminByKey; JWT and response include admin name - Verify returns 403 when token lacks name (legacy tokens) - Test tokens include name for getAuthToken() - Set Content-Type on supertest JSON bodies (superagent/mime resolution) Made-with: Cursor 2026-03-23 09:25:50 -04:00
			`const request = require('supertest');`

			`describe('POST /api/auth/login — named admins', () => {`
			`let app;`

			`beforeAll(() => {`
			`process.env.ADMIN_KEY = 'test-admin-key';`
			`process.env.ADMIN_CONFIG_PATH = '/tmp/nonexistent-admins.json';`
			`jest.resetModules();`
			`({ app } = require('../../backend/server'));`
			`});`

			`test('login returns admin name in response', async () => {`
			`const res = await request(app)`
			`.post('/api/auth/login')`
			`.set('Content-Type', 'application/json')`
			`.send({ key: 'test-admin-key' });`

			`expect(res.status).toBe(200);`
			`expect(res.body.name).toBeDefined();`
			`expect(res.body.token).toBeDefined();`
			`});`

			`test('verify returns admin name in user object', async () => {`
			`const loginRes = await request(app)`
			`.post('/api/auth/login')`
			`.set('Content-Type', 'application/json')`
			`.send({ key: 'test-admin-key' });`

			`const res = await request(app)`
			`.post('/api/auth/verify')`
			.set('Authorization', `Bearer ${loginRes.body.token}`);

			`expect(res.status).toBe(200);`
			`expect(res.body.user.name).toBeDefined();`
			`});`

			`test('invalid key still returns 401', async () => {`
			`const res = await request(app)`
			`.post('/api/auth/login')`
			`.set('Content-Type', 'application/json')`
			`.send({ key: 'wrong-key' });`

			`expect(res.status).toBe(401);`
			`});`
			`});`