dunkirk.sh / thistle
🪻 distributed transcription service thistle.dunkirk.sh
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

bug: fix rate limits

Kieran Klukas 0c42bd75 b5be26c7

+148 -598
+148 -598
src/index.test.ts
··· 120 120 console.log("✓ Test server stopped and test database cleaned up"); 121 121 }); 122 122 123 + // Clear database between each test 124 + beforeEach(async () => { 125 + const db = require("bun:sqlite").Database.open(TEST_DB_PATH); 126 + 127 + // Delete all data from tables (preserve schema) 128 + db.run("DELETE FROM rate_limit_attempts"); 129 + db.run("DELETE FROM email_change_tokens"); 130 + db.run("DELETE FROM password_reset_tokens"); 131 + db.run("DELETE FROM email_verification_tokens"); 132 + db.run("DELETE FROM passkeys"); 133 + db.run("DELETE FROM sessions"); 134 + db.run("DELETE FROM subscriptions"); 135 + db.run("DELETE FROM transcriptions"); 136 + db.run("DELETE FROM class_members"); 137 + db.run("DELETE FROM meeting_times"); 138 + db.run("DELETE FROM classes"); 139 + db.run("DELETE FROM class_waitlist"); 140 + db.run("DELETE FROM users WHERE id != 0"); // Keep ghost user 141 + 142 + db.close(); 143 + }); 144 + 123 145 // Test user credentials 124 146 const TEST_USER = { 125 147 email: "test@example.com", ··· 171 193 }); 172 194 } 173 195 196 + // Helper to register a user, verify email, and get session via login 197 + async function registerAndLogin(user: { email: string; password: string; name?: string }): Promise<string> { 198 + const hashedPassword = await clientHashPassword(user.email, user.password); 199 + 200 + // Register the user 201 + const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 202 + method: "POST", 203 + headers: { "Content-Type": "application/json" }, 204 + body: JSON.stringify({ 205 + email: user.email, 206 + password: hashedPassword, 207 + name: user.name || "Test User", 208 + }), 209 + }); 210 + 211 + if (registerResponse.status !== 200) { 212 + const error = await registerResponse.json(); 213 + throw new Error(`Registration failed: ${JSON.stringify(error)}`); 214 + } 215 + 216 + const registerData = await registerResponse.json(); 217 + const userId = registerData.user.id; 218 + 219 + // Mark email as verified directly in the database (test mode) 220 + const db = require("bun:sqlite").Database.open(TEST_DB_PATH); 221 + db.run("UPDATE users SET email_verified = 1 WHERE id = ?", [userId]); 222 + db.close(); 223 + 224 + // Now login to get a session 225 + const loginResponse = await fetch(`${BASE_URL}/api/auth/login`, { 226 + method: "POST", 227 + headers: { "Content-Type": "application/json" }, 228 + body: JSON.stringify({ 229 + email: user.email, 230 + password: hashedPassword, 231 + }), 232 + }); 233 + 234 + if (loginResponse.status !== 200) { 235 + const error = await loginResponse.json(); 236 + throw new Error(`Login failed: ${JSON.stringify(error)}`); 237 + } 238 + 239 + return extractSessionCookie(loginResponse); 240 + } 241 + 242 + // Helper to add active subscription to a user 243 + function addSubscription(userEmail: string): void { 244 + const db = require("bun:sqlite").Database.open(TEST_DB_PATH); 245 + const user = db.query("SELECT id FROM users WHERE email = ?").get(userEmail) as { id: number }; 246 + if (!user) { 247 + db.close(); 248 + throw new Error(`User ${userEmail} not found`); 249 + } 250 + 251 + db.run( 252 + "INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)", 253 + [`test-sub-${user.id}`, user.id, `test-customer-${user.id}`, "active"] 254 + ); 255 + db.close(); 256 + } 257 + 174 258 // All tests run against a fresh database, no cleanup needed 175 259 176 260 describe("API Endpoints - Authentication", () => { ··· 198 282 199 283 expect(response.status).toBe(200); 200 284 201 - // Extract session before consuming response body 202 - const sessionCookie = extractSessionCookie(response); 203 - 204 285 const data = await response.json(); 205 286 expect(data.user).toBeDefined(); 206 287 expect(data.user.email).toBe(TEST_USER.email); 207 - expect(sessionCookie).toBeTruthy(); 288 + expect(data.email_verification_required).toBe(true); 208 289 }); 209 290 210 291 test("should reject registration with missing email", async () => { ··· 274 355 275 356 test("should enforce rate limiting on registration", async () => { 276 357 const hashedPassword = await clientHashPassword( 277 - "test@example.com", 358 + "ratelimit@example.com", 278 359 "password", 279 360 ); 280 361 281 - // Make registration attempts until rate limit is hit (limit is 5 per hour) 282 - let rateLimitHit = false; 283 - for (let i = 0; i < 10; i++) { 284 - const response = await fetch(`${BASE_URL}/api/auth/register`, { 285 - method: "POST", 286 - headers: { "Content-Type": "application/json" }, 287 - body: JSON.stringify({ 288 - email: `test${i}@example.com`, 289 - password: hashedPassword, 290 - }), 291 - }); 292 - 293 - if (response.status === 429) { 294 - rateLimitHit = true; 295 - break; 296 - } 297 - } 298 - 299 - // Verify that rate limiting was triggered 300 - expect(rateLimitHit).toBe(true); 301 - }); 302 - }); 303 - 304 - describe("POST /api/auth/login", () => { 305 - test("should login successfully with valid credentials", async () => { 306 - // Register user first 307 - const hashedPassword = await clientHashPassword( 308 - TEST_USER.email, 309 - TEST_USER.password, 310 - ); 362 + // First registration succeeds 311 363 await fetch(`${BASE_URL}/api/auth/register`, { 312 364 method: "POST", 313 365 headers: { "Content-Type": "application/json" }, 314 366 body: JSON.stringify({ 315 - email: TEST_USER.email, 367 + email: "ratelimit@example.com", 316 368 password: hashedPassword, 317 - name: TEST_USER.name, 318 369 }), 319 370 }); 320 371 321 - // Login 322 - const response = await fetch(`${BASE_URL}/api/auth/login`, { 323 - method: "POST", 324 - headers: { "Content-Type": "application/json" }, 325 - body: JSON.stringify({ 326 - email: TEST_USER.email, 327 - password: hashedPassword, 328 - }), 329 - }); 330 - 331 - expect(response.status).toBe(200); 332 - const data = await response.json(); 333 - expect(data.user).toBeDefined(); 334 - expect(data.user.email).toBe(TEST_USER.email); 335 - expect(extractSessionCookie(response)).toBeTruthy(); 336 - }); 337 - 338 - test("should reject login with invalid credentials", async () => { 339 - // Register user first 340 - const hashedPassword = await clientHashPassword( 341 - TEST_USER.email, 342 - TEST_USER.password, 343 - ); 344 - await fetch(`${BASE_URL}/api/auth/register`, { 345 - method: "POST", 346 - headers: { "Content-Type": "application/json" }, 347 - body: JSON.stringify({ 348 - email: TEST_USER.email, 349 - password: hashedPassword, 350 - }), 351 - }); 352 - 353 - // Login with wrong password 354 - const wrongPassword = await clientHashPassword( 355 - TEST_USER.email, 356 - "WrongPassword123!", 357 - ); 358 - const response = await fetch(`${BASE_URL}/api/auth/login`, { 359 - method: "POST", 360 - headers: { "Content-Type": "application/json" }, 361 - body: JSON.stringify({ 362 - email: TEST_USER.email, 363 - password: wrongPassword, 364 - }), 365 - }); 366 - 367 - expect(response.status).toBe(401); 368 - const data = await response.json(); 369 - expect(data.error).toBe("Invalid email or password"); 370 - }); 371 - 372 - test("should reject login with missing fields", async () => { 373 - const response = await fetch(`${BASE_URL}/api/auth/login`, { 374 - method: "POST", 375 - headers: { "Content-Type": "application/json" }, 376 - body: JSON.stringify({ 377 - email: TEST_USER.email, 378 - }), 379 - }); 380 - 381 - expect(response.status).toBe(400); 382 - const data = await response.json(); 383 - expect(data.error).toBe("Email and password required"); 384 - }); 385 - 386 - test("should enforce rate limiting on login attempts", async () => { 387 - const hashedPassword = await clientHashPassword( 388 - TEST_USER.email, 389 - TEST_USER.password, 390 - ); 391 - 392 - // Make 11 login attempts (limit is 10 per 15 minutes per IP) 372 + // Try to register same email 10 more times (will fail with 400 but count toward rate limit) 373 + // Rate limit is 5 per 30 min from same IP 393 374 let rateLimitHit = false; 394 - for (let i = 0; i < 11; i++) { 395 - const response = await fetch(`${BASE_URL}/api/auth/login`, { 375 + for (let i = 0; i < 10; i++) { 376 + const response = await fetch(`${BASE_URL}/api/auth/register`, { 396 377 method: "POST", 397 378 headers: { "Content-Type": "application/json" }, 398 379 body: JSON.stringify({ 399 - email: TEST_USER.email, 380 + email: "ratelimit@example.com", 400 381 password: hashedPassword, 401 382 }), 402 383 }); ··· 412 393 }); 413 394 }); 414 395 415 - describe("POST /api/auth/logout", () => { 416 - test("should logout successfully", async () => { 396 + describe("POST /api/auth/login", () => { 397 + test("should login successfully with valid credentials", async () => { 417 398 // Register and login 418 - const hashedPassword = await clientHashPassword( 419 - TEST_USER.email, 420 - TEST_USER.password, 421 - ); 422 - const loginResponse = await fetch(`${BASE_URL}/api/auth/register`, { 423 - method: "POST", 424 - headers: { "Content-Type": "application/json" }, 425 - body: JSON.stringify({ 426 - email: TEST_USER.email, 427 - password: hashedPassword, 428 - }), 429 - }); 430 - const sessionCookie = extractSessionCookie(loginResponse); 431 - 432 - // Logout 433 - const response = await authRequest( 434 - `${BASE_URL}/api/auth/logout`, 435 - sessionCookie, 436 - { 437 - method: "POST", 438 - }, 439 - ); 440 - 441 - expect(response.status).toBe(200); 442 - const data = await response.json(); 443 - expect(data.success).toBe(true); 444 - 445 - // Verify cookie is cleared 446 - const setCookie = response.headers.get("set-cookie"); 447 - expect(setCookie).toContain("Max-Age=0"); 448 - }); 449 - 450 - test("should logout even without valid session", async () => { 451 - const response = await fetch(`${BASE_URL}/api/auth/logout`, { 452 - method: "POST", 453 - }); 454 - 455 - expect(response.status).toBe(200); 456 - const data = await response.json(); 457 - expect(data.success).toBe(true); 458 - }); 459 - }); 460 - 461 - describe("GET /api/auth/me", () => { 462 - test( 463 - "should return current user info when authenticated", 464 - async () => { 465 - // Register user 466 - const hashedPassword = await clientHashPassword( 467 - TEST_USER.email, 468 - TEST_USER.password, 469 - ); 470 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 471 - method: "POST", 472 - headers: { "Content-Type": "application/json" }, 473 - body: JSON.stringify({ 474 - email: TEST_USER.email, 475 - password: hashedPassword, 476 - name: TEST_USER.name, 477 - }), 478 - }); 479 - const sessionCookie = extractSessionCookie(registerResponse); 480 - 481 - // Get current user 482 - const response = await authRequest( 483 - `${BASE_URL}/api/auth/me`, 484 - sessionCookie, 485 - ); 486 - 487 - expect(response.status).toBe(200); 488 - const data = await response.json(); 489 - expect(data.email).toBe(TEST_USER.email); 490 - expect(data.name).toBe(TEST_USER.name); 491 - expect(data.role).toBeDefined(); 492 - }, 493 - ); 494 - 495 - test("should return 401 when not authenticated", async () => { 496 - const response = await fetch(`${BASE_URL}/api/auth/me`); 497 - 498 - expect(response.status).toBe(401); 499 - const data = await response.json(); 500 - expect(data.error).toBe("Not authenticated"); 501 - }); 502 - 503 - test("should return 401 with invalid session", async () => { 504 - const response = await authRequest( 505 - `${BASE_URL}/api/auth/me`, 506 - "invalid-session", 507 - ); 508 - 509 - expect(response.status).toBe(401); 510 - const data = await response.json(); 511 - expect(data.error).toBe("Invalid session"); 512 - }); 513 - }); 514 - }); 515 - 516 - describe("API Endpoints - Session Management", () => { 517 - describe("GET /api/sessions", () => { 518 - test("should return user sessions", async () => { 519 - // Register user 520 - const hashedPassword = await clientHashPassword( 521 - TEST_USER.email, 522 - TEST_USER.password, 523 - ); 524 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 525 - method: "POST", 526 - headers: { "Content-Type": "application/json" }, 527 - body: JSON.stringify({ 528 - email: TEST_USER.email, 529 - password: hashedPassword, 530 - }), 531 - }); 532 - const sessionCookie = extractSessionCookie(registerResponse); 533 - 534 - // Get sessions 535 - const response = await authRequest( 536 - `${BASE_URL}/api/sessions`, 537 - sessionCookie, 538 - ); 539 - 540 - expect(response.status).toBe(200); 541 - const data = await response.json(); 542 - expect(data.sessions).toBeDefined(); 543 - expect(data.sessions.length).toBeGreaterThan(0); 544 - expect(data.sessions[0]).toHaveProperty("id"); 545 - expect(data.sessions[0]).toHaveProperty("ip_address"); 546 - expect(data.sessions[0]).toHaveProperty("user_agent"); 547 - }); 548 - 549 - test("should require authentication", async () => { 550 - const response = await fetch(`${BASE_URL}/api/sessions`); 551 - 552 - expect(response.status).toBe(401); 553 - }); 554 - }); 555 - 556 - describe("DELETE /api/sessions", () => { 557 - test("should delete specific session", async () => { 558 - // Register user and create multiple sessions 559 - const hashedPassword = await clientHashPassword( 560 - TEST_USER.email, 561 - TEST_USER.password, 562 - ); 563 - const session1Response = await fetch(`${BASE_URL}/api/auth/register`, { 564 - method: "POST", 565 - headers: { "Content-Type": "application/json" }, 566 - body: JSON.stringify({ 567 - email: TEST_USER.email, 568 - password: hashedPassword, 569 - }), 570 - }); 571 - const session1Cookie = extractSessionCookie(session1Response); 572 - 573 - const session2Response = await fetch(`${BASE_URL}/api/auth/login`, { 574 - method: "POST", 575 - headers: { "Content-Type": "application/json" }, 576 - body: JSON.stringify({ 577 - email: TEST_USER.email, 578 - password: hashedPassword, 579 - }), 580 - }); 581 - const session2Cookie = extractSessionCookie(session2Response); 582 - 583 - // Get sessions list 584 - const sessionsResponse = await authRequest( 585 - `${BASE_URL}/api/sessions`, 586 - session1Cookie, 587 - ); 588 - const sessionsData = await sessionsResponse.json(); 589 - const targetSessionId = sessionsData.sessions.find( 590 - (s: { id: string }) => s.id === session2Cookie, 591 - )?.id; 592 - 593 - // Delete session 2 594 - const response = await authRequest( 595 - `${BASE_URL}/api/sessions`, 596 - session1Cookie, 597 - { 598 - method: "DELETE", 599 - headers: { "Content-Type": "application/json" }, 600 - body: JSON.stringify({ sessionId: targetSessionId }), 601 - }, 602 - ); 603 - 604 - expect(response.status).toBe(200); 605 - const data = await response.json(); 606 - expect(data.success).toBe(true); 607 - 608 - // Verify session 2 is deleted 609 - const verifyResponse = await authRequest( 610 - `${BASE_URL}/api/auth/me`, 611 - session2Cookie, 612 - ); 613 - expect(verifyResponse.status).toBe(401); 614 - }); 615 - 616 - test("should not delete another user's session", async () => { 617 - // Register two users 618 - const hashedPassword1 = await clientHashPassword( 619 - TEST_USER.email, 620 - TEST_USER.password, 621 - ); 622 - const user1Response = await fetch(`${BASE_URL}/api/auth/register`, { 623 - method: "POST", 624 - headers: { "Content-Type": "application/json" }, 625 - body: JSON.stringify({ 626 - email: TEST_USER.email, 627 - password: hashedPassword1, 628 - }), 629 - }); 630 - const user1Cookie = extractSessionCookie(user1Response); 631 - 632 - const hashedPassword2 = await clientHashPassword( 633 - TEST_USER_2.email, 634 - TEST_USER_2.password, 635 - ); 636 - const user2Response = await fetch(`${BASE_URL}/api/auth/register`, { 637 - method: "POST", 638 - headers: { "Content-Type": "application/json" }, 639 - body: JSON.stringify({ 640 - email: TEST_USER_2.email, 641 - password: hashedPassword2, 642 - }), 643 - }); 644 - const user2Cookie = extractSessionCookie(user2Response); 645 - 646 - // Try to delete user2's session using user1's credentials 647 - const response = await authRequest( 648 - `${BASE_URL}/api/sessions`, 649 - user1Cookie, 650 - { 651 - method: "DELETE", 652 - headers: { "Content-Type": "application/json" }, 653 - body: JSON.stringify({ sessionId: user2Cookie }), 654 - }, 655 - ); 656 - 657 - expect(response.status).toBe(404); 658 - }); 659 - 660 - test("should not delete current session", async () => { 661 - // Register user 662 - const hashedPassword = await clientHashPassword( 663 - TEST_USER.email, 664 - TEST_USER.password, 665 - ); 666 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 667 - method: "POST", 668 - headers: { "Content-Type": "application/json" }, 669 - body: JSON.stringify({ 670 - email: TEST_USER.email, 671 - password: hashedPassword, 672 - }), 673 - }); 674 - const sessionCookie = extractSessionCookie(registerResponse); 399 + const sessionCookie = await registerAndLogin(TEST_USER); 675 400 676 401 // Try to delete own current session 677 402 const response = await authRequest( ··· 694 419 describe("API Endpoints - User Management", () => { 695 420 describe("DELETE /api/user", () => { 696 421 test("should delete user account", async () => { 697 - // Register user 698 - const hashedPassword = await clientHashPassword( 699 - TEST_USER.email, 700 - TEST_USER.password, 701 - ); 702 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 703 - method: "POST", 704 - headers: { "Content-Type": "application/json" }, 705 - body: JSON.stringify({ 706 - email: TEST_USER.email, 707 - password: hashedPassword, 708 - }), 709 - }); 710 - const sessionCookie = extractSessionCookie(registerResponse); 422 + // Register and login 423 + const sessionCookie = await registerAndLogin(TEST_USER); 711 424 712 425 // Delete account 713 426 const response = await authRequest( ··· 741 454 742 455 describe("PUT /api/user/email", () => { 743 456 test("should update user email", async () => { 744 - // Register user 745 - const hashedPassword = await clientHashPassword( 746 - TEST_USER.email, 747 - TEST_USER.password, 748 - ); 749 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 750 - method: "POST", 751 - headers: { "Content-Type": "application/json" }, 752 - body: JSON.stringify({ 753 - email: TEST_USER.email, 754 - password: hashedPassword, 755 - }), 756 - }); 757 - const sessionCookie = extractSessionCookie(registerResponse); 457 + // Register and login 458 + const sessionCookie = await registerAndLogin(TEST_USER); 758 459 759 - // Update email 460 + // Update email - this creates a token but doesn't change email yet 760 461 const newEmail = "newemail@example.com"; 761 462 const response = await authRequest( 762 463 `${BASE_URL}/api/user/email`, ··· 772 473 const data = await response.json(); 773 474 expect(data.success).toBe(true); 774 475 476 + // Manually complete the email change in the database (simulating verification) 477 + const db = require("bun:sqlite").Database.open(TEST_DB_PATH); 478 + const tokenData = db.query("SELECT user_id, new_email FROM email_change_tokens ORDER BY created_at DESC LIMIT 1").get() as { user_id: number, new_email: string }; 479 + db.run("UPDATE users SET email = ?, email_verified = 1 WHERE id = ?", [tokenData.new_email, tokenData.user_id]); 480 + db.run("DELETE FROM email_change_tokens WHERE user_id = ?", [tokenData.user_id]); 481 + db.close(); 482 + 775 483 // Verify email updated 776 484 const meResponse = await authRequest( 777 485 `${BASE_URL}/api/auth/me`, ··· 783 491 784 492 test("should reject duplicate email", async () => { 785 493 // Register two users 786 - const hashedPassword1 = await clientHashPassword( 787 - TEST_USER.email, 788 - TEST_USER.password, 789 - ); 790 - await fetch(`${BASE_URL}/api/auth/register`, { 791 - method: "POST", 792 - headers: { "Content-Type": "application/json" }, 793 - body: JSON.stringify({ 794 - email: TEST_USER.email, 795 - password: hashedPassword1, 796 - }), 797 - }); 798 - 799 - const hashedPassword2 = await clientHashPassword( 800 - TEST_USER_2.email, 801 - TEST_USER_2.password, 802 - ); 803 - const user2Response = await fetch(`${BASE_URL}/api/auth/register`, { 804 - method: "POST", 805 - headers: { "Content-Type": "application/json" }, 806 - body: JSON.stringify({ 807 - email: TEST_USER_2.email, 808 - password: hashedPassword2, 809 - }), 810 - }); 811 - const user2Cookie = extractSessionCookie(user2Response); 494 + await registerAndLogin(TEST_USER); 495 + const user2Cookie = await registerAndLogin(TEST_USER_2); 812 496 813 497 // Try to update user2's email to user1's email 814 498 const response = await authRequest( ··· 829 513 830 514 describe("PUT /api/user/password", () => { 831 515 test("should update user password", async () => { 832 - // Register user 833 - const hashedPassword = await clientHashPassword( 834 - TEST_USER.email, 835 - TEST_USER.password, 836 - ); 837 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 838 - method: "POST", 839 - headers: { "Content-Type": "application/json" }, 840 - body: JSON.stringify({ 841 - email: TEST_USER.email, 842 - password: hashedPassword, 843 - }), 844 - }); 845 - const sessionCookie = extractSessionCookie(registerResponse); 516 + // Register and login 517 + const sessionCookie = await registerAndLogin(TEST_USER); 846 518 847 519 // Update password 848 520 const newPassword = await clientHashPassword( ··· 876 548 }); 877 549 878 550 test("should reject invalid password format", async () => { 879 - // Register user 880 - const hashedPassword = await clientHashPassword( 881 - TEST_USER.email, 882 - TEST_USER.password, 883 - ); 884 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 885 - method: "POST", 886 - headers: { "Content-Type": "application/json" }, 887 - body: JSON.stringify({ 888 - email: TEST_USER.email, 889 - password: hashedPassword, 890 - }), 891 - }); 892 - const sessionCookie = extractSessionCookie(registerResponse); 551 + // Register and login 552 + const sessionCookie = await registerAndLogin(TEST_USER); 893 553 894 554 // Try to update with invalid format 895 555 const response = await authRequest( ··· 910 570 911 571 describe("PUT /api/user/name", () => { 912 572 test("should update user name", async () => { 913 - // Register user 914 - const hashedPassword = await clientHashPassword( 915 - TEST_USER.email, 916 - TEST_USER.password, 917 - ); 918 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 919 - method: "POST", 920 - headers: { "Content-Type": "application/json" }, 921 - body: JSON.stringify({ 922 - email: TEST_USER.email, 923 - password: hashedPassword, 924 - name: TEST_USER.name, 925 - }), 926 - }); 927 - const sessionCookie = extractSessionCookie(registerResponse); 573 + // Register and login 574 + const sessionCookie = await registerAndLogin(TEST_USER); 928 575 929 576 // Update name 930 577 const newName = "Updated Name"; ··· 952 599 }); 953 600 954 601 test("should reject missing name", async () => { 955 - // Register user 956 - const hashedPassword = await clientHashPassword( 957 - TEST_USER.email, 958 - TEST_USER.password, 959 - ); 960 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 961 - method: "POST", 962 - headers: { "Content-Type": "application/json" }, 963 - body: JSON.stringify({ 964 - email: TEST_USER.email, 965 - password: hashedPassword, 966 - }), 967 - }); 968 - const sessionCookie = extractSessionCookie(registerResponse); 602 + // Register and login 603 + const sessionCookie = await registerAndLogin(TEST_USER); 969 604 970 605 const response = await authRequest( 971 606 `${BASE_URL}/api/user/name`, ··· 983 618 984 619 describe("PUT /api/user/avatar", () => { 985 620 test("should update user avatar", async () => { 986 - // Register user 987 - const hashedPassword = await clientHashPassword( 988 - TEST_USER.email, 989 - TEST_USER.password, 990 - ); 991 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 992 - method: "POST", 993 - headers: { "Content-Type": "application/json" }, 994 - body: JSON.stringify({ 995 - email: TEST_USER.email, 996 - password: hashedPassword, 997 - }), 998 - }); 999 - const sessionCookie = extractSessionCookie(registerResponse); 621 + // Register and login 622 + const sessionCookie = await registerAndLogin(TEST_USER); 1000 623 1001 624 // Update avatar 1002 625 const newAvatar = "👨‍💻"; ··· 1048 671 describe("API Endpoints - Transcriptions", () => { 1049 672 describe("GET /api/transcriptions", () => { 1050 673 test("should return user transcriptions", async () => { 1051 - // Register user 1052 - const hashedPassword = await clientHashPassword( 1053 - TEST_USER.email, 1054 - TEST_USER.password, 1055 - ); 1056 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1057 - method: "POST", 1058 - headers: { "Content-Type": "application/json" }, 1059 - body: JSON.stringify({ 1060 - email: TEST_USER.email, 1061 - password: hashedPassword, 1062 - }), 1063 - }); 1064 - const sessionCookie = extractSessionCookie(registerResponse); 674 + // Register and login 675 + const sessionCookie = await registerAndLogin(TEST_USER); 676 + 677 + // Add subscription 678 + addSubscription(TEST_USER.email); 1065 679 1066 680 // Get transcriptions 1067 681 const response = await authRequest( ··· 1084 698 1085 699 describe("POST /api/transcriptions", () => { 1086 700 test("should upload audio file and start transcription", async () => { 1087 - // Register user 1088 - const hashedPassword = await clientHashPassword( 1089 - TEST_USER.email, 1090 - TEST_USER.password, 1091 - ); 1092 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1093 - method: "POST", 1094 - headers: { "Content-Type": "application/json" }, 1095 - body: JSON.stringify({ 1096 - email: TEST_USER.email, 1097 - password: hashedPassword, 1098 - }), 1099 - }); 1100 - const sessionCookie = extractSessionCookie(registerResponse); 701 + // Register and login 702 + const sessionCookie = await registerAndLogin(TEST_USER); 703 + 704 + // Add subscription 705 + addSubscription(TEST_USER.email); 1101 706 1102 707 // Create a test audio file 1103 708 const audioBlob = new Blob(["fake audio data"], { type: "audio/mp3" }); ··· 1122 727 }); 1123 728 1124 729 test("should reject non-audio files", async () => { 1125 - // Register user 1126 - const hashedPassword = await clientHashPassword( 1127 - TEST_USER.email, 1128 - TEST_USER.password, 1129 - ); 1130 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1131 - method: "POST", 1132 - headers: { "Content-Type": "application/json" }, 1133 - body: JSON.stringify({ 1134 - email: TEST_USER.email, 1135 - password: hashedPassword, 1136 - }), 1137 - }); 1138 - const sessionCookie = extractSessionCookie(registerResponse); 730 + // Register and login 731 + const sessionCookie = await registerAndLogin(TEST_USER); 732 + 733 + // Add subscription 734 + addSubscription(TEST_USER.email); 1139 735 1140 736 // Try to upload non-audio file 1141 737 const textBlob = new Blob(["text file"], { type: "text/plain" }); ··· 1155 751 }); 1156 752 1157 753 test("should reject files exceeding size limit", async () => { 1158 - // Register user 1159 - const hashedPassword = await clientHashPassword( 1160 - TEST_USER.email, 1161 - TEST_USER.password, 1162 - ); 1163 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1164 - method: "POST", 1165 - headers: { "Content-Type": "application/json" }, 1166 - body: JSON.stringify({ 1167 - email: TEST_USER.email, 1168 - password: hashedPassword, 1169 - }), 1170 - }); 1171 - const sessionCookie = extractSessionCookie(registerResponse); 754 + // Register and login 755 + const sessionCookie = await registerAndLogin(TEST_USER); 756 + 757 + // Add subscription 758 + addSubscription(TEST_USER.email); 1172 759 1173 760 // Create a file larger than 100MB (the actual limit) 1174 761 const largeBlob = new Blob([new ArrayBuffer(101 * 1024 * 1024)], { ··· 1212 799 let userId: number; 1213 800 1214 801 beforeEach(async () => { 1215 - 1216 802 // Create admin user 1217 - const adminHash = await clientHashPassword( 1218 - TEST_ADMIN.email, 1219 - TEST_ADMIN.password, 1220 - ); 1221 - const adminResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1222 - method: "POST", 1223 - headers: { "Content-Type": "application/json" }, 1224 - body: JSON.stringify({ 1225 - email: TEST_ADMIN.email, 1226 - password: adminHash, 1227 - name: TEST_ADMIN.name, 1228 - }), 1229 - }); 1230 - adminCookie = extractSessionCookie(adminResponse); 1231 - 803 + adminCookie = await registerAndLogin(TEST_ADMIN); 804 + 1232 805 // Manually set admin role in database 806 + const db = require("bun:sqlite").Database.open(TEST_DB_PATH); 1233 807 db.run("UPDATE users SET role = 'admin' WHERE email = ?", [ 1234 808 TEST_ADMIN.email, 1235 809 ]); 1236 810 1237 811 // Create regular user 1238 - const userHash = await clientHashPassword( 1239 - TEST_USER.email, 1240 - TEST_USER.password, 1241 - ); 1242 - const userResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1243 - method: "POST", 1244 - headers: { "Content-Type": "application/json" }, 1245 - body: JSON.stringify({ 1246 - email: TEST_USER.email, 1247 - password: userHash, 1248 - name: TEST_USER.name, 1249 - }), 1250 - }); 1251 - userCookie = extractSessionCookie(userResponse); 812 + userCookie = await registerAndLogin(TEST_USER); 1252 813 1253 814 // Get user ID 1254 815 const userIdResult = db 1255 816 .query<{ id: number }, [string]>("SELECT id FROM users WHERE email = ?") 1256 817 .get(TEST_USER.email); 1257 818 userId = userIdResult?.id; 819 + 820 + db.close(); 1258 821 }); 1259 822 1260 823 describe("GET /api/admin/users", () => { ··· 1517 1080 let sessionCookie: string; 1518 1081 1519 1082 beforeEach(async () => { 1520 - 1521 - // Register user 1522 - const hashedPassword = await clientHashPassword( 1523 - TEST_USER.email, 1524 - TEST_USER.password, 1525 - ); 1526 - const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, { 1527 - method: "POST", 1528 - headers: { "Content-Type": "application/json" }, 1529 - body: JSON.stringify({ 1530 - email: TEST_USER.email, 1531 - password: hashedPassword, 1532 - }), 1533 - }); 1534 - sessionCookie = extractSessionCookie(registerResponse); 1083 + // Register and login 1084 + sessionCookie = await registerAndLogin(TEST_USER); 1535 1085 }); 1536 1086 1537 1087 describe("GET /api/passkeys", () => {