HyperSpaceOut/jackboxpartypack-gamepicker
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auth route uses named admin lookup, embeds name in JWT

Browse Source 
- Login/verify use findAdminByKey; JWT and response include admin name
- Verify returns 403 when token lacks name (legacy tokens)
- Test tokens include name for getAuthToken()
- Set Content-Type on supertest JSON bodies (superagent/mime resolution)

Made-with: Cursor
This commit is contained in:
cottongin
2026-03-23 09:25:50 -04:00
parent fd72c0d7ee
commit 9f60c6983d
5 changed files with 77 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
tests/api/named-admins.test.js
View File

@@ -78,3 +78,50 @@ describe('load-admins', () => {
}).toThrow(/duplicate/i);
});
});
const request = require('supertest');
describe('POST /api/auth/login — named admins', () => {
let app;
beforeAll(() => {
process.env.ADMIN_KEY = 'test-admin-key';
process.env.ADMIN_CONFIG_PATH = '/tmp/nonexistent-admins.json';
jest.resetModules();
({ app } = require('../../backend/server'));
});
test('login returns admin name in response', async () => {
const res = await request(app)
.post('/api/auth/login')
.set('Content-Type', 'application/json')
.send({ key: 'test-admin-key' });
expect(res.status).toBe(200);
expect(res.body.name).toBeDefined();
expect(res.body.token).toBeDefined();
});
test('verify returns admin name in user object', async () => {
const loginRes = await request(app)
.post('/api/auth/login')
.set('Content-Type', 'application/json')
.send({ key: 'test-admin-key' });
const res = await request(app)
.post('/api/auth/verify')
.set('Authorization', `Bearer ${loginRes.body.token}`);
expect(res.status).toBe(200);
expect(res.body.user.name).toBeDefined();
});
test('invalid key still returns 401', async () => {
const res = await request(app)
.post('/api/auth/login')
.set('Content-Type', 'application/json')
.send({ key: 'wrong-key' });
expect(res.status).toBe(401);
});
});

10
tests/api/session-archive.test.js
View File

@@ -184,6 +184,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [s1.id, s2.id] });
expect(res.status).toBe(200);
@@ -203,6 +204,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'unarchive', ids: [s1.id, s2.id] });
expect(res.status).toBe(200);
@@ -219,6 +221,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'delete', ids: [s1.id, s2.id] });
expect(res.status).toBe(200);
@@ -235,6 +238,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [active.id, closed.id] });
expect(res.status).toBe(400);
@@ -251,6 +255,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'delete', ids: [active.id] });
expect(res.status).toBe(400);
@@ -260,6 +265,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [] });
expect(res.status).toBe(400);
@@ -269,6 +275,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'nuke', ids: [1] });
expect(res.status).toBe(400);
@@ -278,6 +285,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: 'not-array' });
expect(res.status).toBe(400);
@@ -289,6 +297,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [s1.id, 9999] });
expect(res.status).toBe(404);
@@ -297,6 +306,7 @@ describe('POST /api/sessions/bulk', () => {
test('returns 401 without auth', async () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [1] });
expect(res.status).toBe(401);

5
tests/api/session-notes.test.js
View File

@@ -157,6 +157,7 @@ describe('PUT /api/sessions/:id/notes', () => {
const res = await request(app)
.put(`/api/sessions/${session.id}/notes`)
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ notes: 'New notes here' });
expect(res.status).toBe(200);
@@ -169,6 +170,7 @@ describe('PUT /api/sessions/:id/notes', () => {
const res = await request(app)
.put(`/api/sessions/${session.id}/notes`)
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ notes: 'Replacement' });
expect(res.status).toBe(200);
@@ -179,6 +181,7 @@ describe('PUT /api/sessions/:id/notes', () => {
const res = await request(app)
.put('/api/sessions/99999/notes')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ notes: 'test' });
expect(res.status).toBe(404);
@@ -189,6 +192,7 @@ describe('PUT /api/sessions/:id/notes', () => {
const res = await request(app)
.put(`/api/sessions/${session.id}/notes`)
.set('Content-Type', 'application/json')
.send({ notes: 'test' });
expect(res.status).toBe(401);
@@ -200,6 +204,7 @@ describe('PUT /api/sessions/:id/notes', () => {
const res = await request(app)
.put(`/api/sessions/${session.id}/notes`)
.set('Authorization', 'Bearer invalid-token')
.set('Content-Type', 'application/json')
.send({ notes: 'test' });
expect(res.status).toBe(403);

2
tests/helpers/test-utils.js
View File

@@ -2,7 +2,7 @@ const jwt = require('jsonwebtoken');
const db = require('../../backend/database');
function getAuthToken() {
return jwt.sign({ role: 'admin' }, process.env.JWT_SECRET, { expiresIn: '1h' });
return jwt.sign({ role: 'admin', name: 'TestAdmin' }, process.env.JWT_SECRET, { expiresIn: '1h' });
}
function getAuthHeader() {