HyperSpaceOut/jackboxpartypack-gamepicker
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auth route uses named admin lookup, embeds name in JWT

Browse Source 
- Login/verify use findAdminByKey; JWT and response include admin name
- Verify returns 403 when token lacks name (legacy tokens)
- Test tokens include name for getAuthToken()
- Set Content-Type on supertest JSON bodies (superagent/mime resolution)

Made-with: Cursor
This commit is contained in:
cottongin
2026-03-23 09:25:50 -04:00
parent fd72c0d7ee
commit 9f60c6983d
5 changed files with 77 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/api/session-archive.test.js
View File

@@ -184,6 +184,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [s1.id, s2.id] });
expect(res.status).toBe(200);
@@ -203,6 +204,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'unarchive', ids: [s1.id, s2.id] });
expect(res.status).toBe(200);
@@ -219,6 +221,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'delete', ids: [s1.id, s2.id] });
expect(res.status).toBe(200);
@@ -235,6 +238,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [active.id, closed.id] });
expect(res.status).toBe(400);
@@ -251,6 +255,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'delete', ids: [active.id] });
expect(res.status).toBe(400);
@@ -260,6 +265,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [] });
expect(res.status).toBe(400);
@@ -269,6 +275,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'nuke', ids: [1] });
expect(res.status).toBe(400);
@@ -278,6 +285,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: 'not-array' });
expect(res.status).toBe(400);
@@ -289,6 +297,7 @@ describe('POST /api/sessions/bulk', () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Authorization', getAuthHeader())
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [s1.id, 9999] });
expect(res.status).toBe(404);
@@ -297,6 +306,7 @@ describe('POST /api/sessions/bulk', () => {
test('returns 401 without auth', async () => {
const res = await request(app)
.post('/api/sessions/bulk')
.set('Content-Type', 'application/json')
.send({ action: 'archive', ids: [1] });
expect(res.status).toBe(401);