btao.org / favs.blue
See the best posts from any Bluesky account
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Set up AdonisJS auth with session guard for Account model

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Tao Bojlén 025a5645 e85a6931

+35 -31
-25
start/routes.ts
··· 8 8 */ 9 9 10 10 import router from '@adonisjs/core/services/router' 11 - import { middleware } from '#start/kernel' 12 11 13 12 const LandingController = () => import('#controllers/landing_controller') 14 13 const SearchController = () => import('#controllers/search_controller') ··· 84 83 }) 85 84 .as('health.ready') 86 85 87 - // --------------------------------------------------------------------------- 88 - // Auth test routes (only used in tests — protected/guest route stubs) 89 - // --------------------------------------------------------------------------- 90 - 91 - router 92 - .get('/auth/me', async ({ auth, response }) => { 93 - return response.ok({ did: auth.user!.did, handle: auth.user!.handle }) 94 - }) 95 - .use(middleware.auth()) 96 - .as('auth.me') 97 - 98 - router 99 - .get('/api/auth/me', async ({ auth, response }) => { 100 - return response.ok({ did: auth.user!.did, handle: auth.user!.handle }) 101 - }) 102 - .use(middleware.auth()) 103 - .as('api.auth.me') 104 - 105 - router 106 - .get('/auth/guest-only', async ({ response }) => { 107 - return response.ok({ message: 'guest page' }) 108 - }) 109 - .use(middleware.guest()) 110 - .as('auth.guest')
+4 -1
tests/bootstrap.ts
··· 47 47 */ 48 48 export const configureSuite: Config['configureSuite'] = (suite) => { 49 49 if (['functional', 'e2e', 'browser'].includes(suite.name)) { 50 - return suite.setup(() => testUtils.httpServer().start()) 50 + return suite.setup(async () => { 51 + await import('#tests/routes') 52 + return testUtils.httpServer().start() 53 + }) 51 54 } 52 55 }
+7 -5
tests/functional/auth.spec.ts
··· 4 4 * Verifies: 5 5 * - Unauthenticated requests to protected routes get redirected (or 401 for API) 6 6 * - After logging in an Account, auth state persists across requests 7 + * 8 + * Test routes are registered in tests/routes.ts (loaded via bootstrap.ts). 7 9 */ 8 10 import { test } from '@japa/runner' 9 11 import testUtils from '@adonisjs/core/services/test_utils' ··· 13 15 group.each.setup(() => testUtils.db().withGlobalTransaction()) 14 16 15 17 test('unauthenticated request to a protected route returns 302 redirect', async ({ client }) => { 16 - const response = await client.get('/auth/me').redirects(0) 18 + const response = await client.get('/test/auth/me').redirects(0) 17 19 response.assertStatus(302) 18 20 }) 19 21 ··· 26 28 updatedAt: Date.now(), 27 29 }) 28 30 29 - const response = await client.get('/auth/me').loginAs(account) 31 + const response = await client.get('/test/auth/me').loginAs(account) 30 32 response.assertStatus(200) 31 33 response.assertBodyContains({ did: 'did:plc:testuser123', handle: 'test.bsky.social' }) 32 34 }) 33 35 34 36 test('unauthenticated API request returns 401 JSON', async ({ client }) => { 35 - const response = await client.get('/api/auth/me') 37 + const response = await client.get('/api/test/auth/me') 36 38 response.assertStatus(401) 37 39 }) 38 40 ··· 45 47 updatedAt: Date.now(), 46 48 }) 47 49 48 - const response = await client.get('/auth/guest-only').loginAs(account).redirects(0) 50 + const response = await client.get('/test/auth/guest-only').loginAs(account).redirects(0) 49 51 response.assertStatus(302) 50 52 }) 51 53 52 54 test('guest middleware allows unauthenticated users', async ({ client }) => { 53 - const response = await client.get('/auth/guest-only') 55 + const response = await client.get('/test/auth/guest-only') 54 56 response.assertStatus(200) 55 57 }) 56 58 })
+24
tests/routes.ts
··· 1 + /** 2 + * Test-only routes for verifying auth middleware behavior. 3 + * Loaded via tests/bootstrap.ts before test suites run. 4 + */ 5 + import router from '@adonisjs/core/services/router' 6 + import { middleware } from '#start/kernel' 7 + 8 + router 9 + .get('/test/auth/me', async ({ auth, response }) => { 10 + return response.ok({ did: auth.user!.did, handle: auth.user!.handle }) 11 + }) 12 + .use(middleware.auth()) 13 + 14 + router 15 + .get('/api/test/auth/me', async ({ auth, response }) => { 16 + return response.ok({ did: auth.user!.did, handle: auth.user!.handle }) 17 + }) 18 + .use(middleware.auth()) 19 + 20 + router 21 + .get('/test/auth/guest-only', async ({ response }) => { 22 + return response.ok({ message: 'guest page' }) 23 + }) 24 + .use(middleware.guest())