@jant/core 0.3.1 → 0.3.3

package/src/middleware/__tests__/auth.test.ts

@@ -0,0 +1,139 @@
+import { describe, it, expect } from "vitest";
+import { Hono } from "hono";
+import { requireAuth, requireAuthApi } from "../auth.js";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+function createMockAuth(authenticated: boolean) {
+  return {
+    api: {
+      getSession: async () =>
+        authenticated
+          ? {
+              user: { id: "user-1", email: "test@test.com", name: "Test" },
+              session: { id: "session-1" },
+            }
+          : null,
+    },
+  } as AppVariables["auth"];
+}
+
+describe("requireAuth", () => {
+  it("allows authenticated requests", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      c.set("auth", createMockAuth(true));
+      await next();
+    });
+    app.get("/dash", requireAuth(), (c) => c.text("Dashboard"));
+
+    const res = await app.request("/dash");
+    expect(res.status).toBe(200);
+    expect(await res.text()).toBe("Dashboard");
+  });
+
+  it("redirects unauthenticated requests to /signin", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      c.set("auth", createMockAuth(false));
+      await next();
+    });
+    app.get("/dash", requireAuth(), (c) => c.text("Dashboard"));
+
+    const res = await app.request("/dash", { redirect: "manual" });
+    expect(res.status).toBe(302);
+    expect(res.headers.get("Location")).toBe("/signin");
+  });
+
+  it("redirects to custom path", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      c.set("auth", createMockAuth(false));
+      await next();
+    });
+    app.get("/dash", requireAuth("/login"), (c) => c.text("Dashboard"));
+
+    const res = await app.request("/dash", { redirect: "manual" });
+    expect(res.status).toBe(302);
+    expect(res.headers.get("Location")).toBe("/login");
+  });
+
+  it("redirects when auth is not configured", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      // auth not set (undefined)
+      await next();
+    });
+    app.get("/dash", requireAuth(), (c) => c.text("Dashboard"));
+
+    const res = await app.request("/dash", { redirect: "manual" });
+    expect(res.status).toBe(302);
+  });
+});
+
+describe("requireAuthApi", () => {
+  it("allows authenticated requests", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      c.set("auth", createMockAuth(true));
+      await next();
+    });
+    app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
+
+    const res = await app.request("/api/data");
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.data).toBe("secret");
+  });
+
+  it("returns 401 for unauthenticated requests", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      c.set("auth", createMockAuth(false));
+      await next();
+    });
+    app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
+
+    const res = await app.request("/api/data");
+    expect(res.status).toBe(401);
+
+    const body = await res.json();
+    expect(body.error).toBe("Unauthorized");
+  });
+
+  it("returns 500 when auth is not configured", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      // auth not set (undefined)
+      await next();
+    });
+    app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
+
+    const res = await app.request("/api/data");
+    expect(res.status).toBe(500);
+
+    const body = await res.json();
+    expect(body.error).toBe("Authentication not configured");
+  });
+
+  it("returns 401 when getSession throws", async () => {
+    const app = new Hono<Env>();
+    app.use("*", async (c, next) => {
+      c.set("auth", {
+        api: {
+          getSession: async () => {
+            throw new Error("Session error");
+          },
+        },
+      } as AppVariables["auth"]);
+      await next();
+    });
+    app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
+
+    const res = await app.request("/api/data");
+    expect(res.status).toBe(401);
+  });
+});

package/src/routes/api/__tests__/posts.test.ts

@@ -0,0 +1,306 @@
+import { describe, it, expect } from "vitest";
+import { createTestApp } from "../../../__tests__/helpers/app.js";
+import { postsApiRoutes } from "../posts.js";
+import * as sqid from "../../../lib/sqid.js";
+
+describe("Posts API Routes", () => {
+  describe("GET /api/posts", () => {
+    it("returns empty list when no posts exist", async () => {
+      const { app } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request("/api/posts");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.posts).toEqual([]);
+      expect(body.nextCursor).toBeNull();
+    });
+
+    it("returns posts with sqids", async () => {
+      const { app, services } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      await services.posts.create({
+        type: "note",
+        content: "Hello world",
+        visibility: "featured",
+      });
+
+      const res = await app.request("/api/posts");
+      const body = await res.json();
+
+      expect(body.posts).toHaveLength(1);
+      expect(body.posts[0].content).toBe("Hello world");
+      expect(body.posts[0].sqid).toBeTruthy();
+    });
+
+    it("filters by visibility", async () => {
+      const { app, services } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      await services.posts.create({
+        type: "note",
+        content: "featured",
+        visibility: "featured",
+      });
+      await services.posts.create({
+        type: "note",
+        content: "draft",
+        visibility: "draft",
+      });
+
+      const res = await app.request("/api/posts?visibility=draft");
+      const body = await res.json();
+
+      expect(body.posts).toHaveLength(1);
+      expect(body.posts[0].visibility).toBe("draft");
+    });
+
+    it("supports limit parameter", async () => {
+      const { app, services } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      for (let i = 0; i < 5; i++) {
+        await services.posts.create({
+          type: "note",
+          content: `post ${i}`,
+          visibility: "featured",
+        });
+      }
+
+      const res = await app.request("/api/posts?limit=2");
+      const body = await res.json();
+
+      expect(body.posts).toHaveLength(2);
+      expect(body.nextCursor).toBeTruthy();
+    });
+  });
+
+  describe("GET /api/posts/:id", () => {
+    it("returns a post by sqid", async () => {
+      const { app, services } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      const post = await services.posts.create({
+        type: "note",
+        content: "test post",
+        visibility: "featured",
+      });
+      const id = sqid.encode(post.id);
+
+      const res = await app.request(`/api/posts/${id}`);
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.content).toBe("test post");
+      expect(body.sqid).toBe(id);
+    });
+
+    it("returns 400 for invalid sqid", async () => {
+      const { app } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request("/api/posts/!!invalid!!");
+      expect(res.status).toBe(400);
+    });
+
+    it("returns 404 for non-existent post", async () => {
+      const { app } = createTestApp();
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request(`/api/posts/${sqid.encode(9999)}`);
+      expect(res.status).toBe(404);
+    });
+  });
+
+  describe("POST /api/posts", () => {
+    it("returns 401 when not authenticated", async () => {
+      const { app } = createTestApp({ authenticated: false });
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request("/api/posts", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          type: "note",
+          content: "test",
+          visibility: "quiet",
+        }),
+      });
+
+      expect(res.status).toBe(401);
+    });
+
+    it("creates a post when authenticated", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request("/api/posts", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          type: "note",
+          content: "Hello from API",
+          visibility: "quiet",
+        }),
+      });
+
+      expect(res.status).toBe(201);
+
+      const body = await res.json();
+      expect(body.content).toBe("Hello from API");
+      expect(body.sqid).toBeTruthy();
+    });
+
+    it("returns 400 for invalid body", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request("/api/posts", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ type: "invalid-type" }),
+      });
+
+      expect(res.status).toBe(400);
+      const body = await res.json();
+      expect(body.error).toBe("Validation failed");
+    });
+
+    it("returns 400 for missing required fields", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request("/api/posts", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({}),
+      });
+
+      expect(res.status).toBe(400);
+    });
+  });
+
+  describe("PUT /api/posts/:id", () => {
+    it("returns 401 when not authenticated", async () => {
+      const { app, services } = createTestApp({ authenticated: false });
+      app.route("/api/posts", postsApiRoutes);
+
+      const post = await services.posts.create({
+        type: "note",
+        content: "original",
+      });
+
+      const res = await app.request(`/api/posts/${sqid.encode(post.id)}`, {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ content: "updated" }),
+      });
+
+      expect(res.status).toBe(401);
+    });
+
+    it("updates a post when authenticated", async () => {
+      const { app, services } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const post = await services.posts.create({
+        type: "note",
+        content: "original",
+      });
+
+      const res = await app.request(`/api/posts/${sqid.encode(post.id)}`, {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ content: "updated" }),
+      });
+
+      expect(res.status).toBe(200);
+      const body = await res.json();
+      expect(body.content).toBe("updated");
+    });
+
+    it("returns 404 for non-existent post", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request(`/api/posts/${sqid.encode(9999)}`, {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ content: "test" }),
+      });
+
+      expect(res.status).toBe(404);
+    });
+
+    it("returns 400 for invalid update data", async () => {
+      const { app, services } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const post = await services.posts.create({
+        type: "note",
+        content: "test",
+      });
+
+      const res = await app.request(`/api/posts/${sqid.encode(post.id)}`, {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ type: "invalid-type" }),
+      });
+
+      expect(res.status).toBe(400);
+    });
+  });
+
+  describe("DELETE /api/posts/:id", () => {
+    it("returns 401 when not authenticated", async () => {
+      const { app, services } = createTestApp({ authenticated: false });
+      app.route("/api/posts", postsApiRoutes);
+
+      const post = await services.posts.create({
+        type: "note",
+        content: "test",
+      });
+
+      const res = await app.request(`/api/posts/${sqid.encode(post.id)}`, {
+        method: "DELETE",
+      });
+
+      expect(res.status).toBe(401);
+    });
+
+    it("deletes a post when authenticated", async () => {
+      const { app, services } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const post = await services.posts.create({
+        type: "note",
+        content: "to be deleted",
+      });
+
+      const res = await app.request(`/api/posts/${sqid.encode(post.id)}`, {
+        method: "DELETE",
+      });
+
+      expect(res.status).toBe(200);
+      const body = await res.json();
+      expect(body.success).toBe(true);
+
+      // Verify post is deleted
+      const found = await services.posts.getById(post.id);
+      expect(found).toBeNull();
+    });
+
+    it("returns 404 for non-existent post", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/posts", postsApiRoutes);
+
+      const res = await app.request(`/api/posts/${sqid.encode(9999)}`, {
+        method: "DELETE",
+      });
+
+      expect(res.status).toBe(404);
+    });
+  });
+});

package/src/routes/api/__tests__/search.test.ts

@@ -0,0 +1,77 @@
+import { describe, it, expect } from "vitest";
+import { createTestApp } from "../../../__tests__/helpers/app.js";
+import { searchApiRoutes } from "../search.js";
+
+describe("Search API Routes", () => {
+  it("returns 400 when query is missing", async () => {
+    const { app } = createTestApp({ fts: true });
+    app.route("/api/search", searchApiRoutes);
+
+    const res = await app.request("/api/search");
+    expect(res.status).toBe(400);
+
+    const body = await res.json();
+    expect(body.error).toContain("'q' is required");
+  });
+
+  it("returns 400 for empty query", async () => {
+    const { app } = createTestApp({ fts: true });
+    app.route("/api/search", searchApiRoutes);
+
+    const res = await app.request("/api/search?q=");
+    expect(res.status).toBe(400);
+  });
+
+  it("returns 400 for query over 200 characters", async () => {
+    const { app } = createTestApp({ fts: true });
+    app.route("/api/search", searchApiRoutes);
+
+    const longQuery = "a".repeat(201);
+    const res = await app.request(`/api/search?q=${longQuery}`);
+    expect(res.status).toBe(400);
+
+    const body = await res.json();
+    expect(body.error).toBe("Query too long");
+  });
+
+  it("returns search results for valid query", async () => {
+    const { app, services } = createTestApp({ fts: true });
+    app.route("/api/search", searchApiRoutes);
+
+    await services.posts.create({
+      type: "note",
+      content: "Testing search functionality in jant",
+      visibility: "featured",
+    });
+
+    const res = await app.request("/api/search?q=jant");
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.query).toBe("jant");
+    expect(body.results.length).toBeGreaterThanOrEqual(1);
+    expect(body.count).toBeGreaterThanOrEqual(1);
+    expect(body.results[0].url).toMatch(/^\/p\//);
+  });
+
+  it("returns empty results for non-matching query", async () => {
+    const { app } = createTestApp({ fts: true });
+    app.route("/api/search", searchApiRoutes);
+
+    const res = await app.request("/api/search?q=zznonexistentzzz");
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.results).toEqual([]);
+    expect(body.count).toBe(0);
+  });
+
+  it("does not require authentication", async () => {
+    const { app } = createTestApp({ authenticated: false, fts: true });
+    app.route("/api/search", searchApiRoutes);
+
+    const res = await app.request("/api/search?q=test");
+    // Should not return 401
+    expect(res.status).not.toBe(401);
+  });
+});

package/src/routes/api/posts.ts

@@ -34,7 +34,9 @@ postsApiRoutes.get("/", async (c) => {
     })),
 
     nextCursor:
-      posts.length === limit ? sqid.encode(posts[posts.length - 1]!.id) : null,
+      posts.length === limit
+        ? sqid.encode(posts[posts.length - 1]?.id ?? 0)
+        : null,
   });
 });