@tscircuit/fake-snippets 0.0.9 → 0.0.11

package/bun-tests/fake-snippets-api/fixtures/get-test-server.ts

@@ -8,6 +8,7 @@ interface TestFixture {
   url: string
   server: any
   axios: typeof defaultAxios
+  unauthenticatedAxios: typeof defaultAxios
   db: DbClient
   seed: ReturnType<typeof seedDatabase>
 }
@@ -30,6 +31,9 @@ export const getTestServer = async (): Promise<TestFixture> => {
       Authorization: `Bearer ${seed.account.account_id}`,
     },
   })
+  const unauthenticatedAxios = defaultAxios.create({
+    baseURL: url,
+  })
 
   afterEach(async () => {
     if (server && typeof server.stop === "function") {
@@ -41,6 +45,7 @@ export const getTestServer = async (): Promise<TestFixture> => {
     url,
     server,
     axios,
+    unauthenticatedAxios,
     db,
     seed,
   }

package/bun-tests/fake-snippets-api/routes/packages/update.test.ts

@@ -0,0 +1,161 @@
+import { getTestServer } from "bun-tests/fake-snippets-api/fixtures/get-test-server"
+import { expect, test } from "bun:test"
+
+test("update package", async () => {
+  const { axios, db } = await getTestServer()
+
+  // First create a package
+  const packageResponse = await axios.post(
+    "/api/packages/create",
+    {
+      name: "test-package",
+      description: "Test Description",
+    },
+    {
+      headers: {
+        Authorization: "Bearer 1234",
+      },
+    },
+  )
+  const packageId = packageResponse.data.package.package_id
+
+  // Update the package
+  const response = await axios.post(
+    "/api/packages/update",
+    {
+      package_id: packageId,
+      name: "updated-package",
+      description: "Updated Description",
+    },
+    {
+      headers: {
+        Authorization: "Bearer 1234",
+      },
+    },
+  )
+
+  expect(response.status).toBe(200)
+  expect(response.data.ok).toBe(true)
+  expect(response.data.package.name).toBe("testuser/updated-package")
+  expect(response.data.package.description).toBe("Updated Description")
+
+  // Verify the package was updated in the database
+  const updatedPackage = db.packages.find((p) => p.package_id === packageId)
+  expect(updatedPackage?.name).toBe("testuser/updated-package")
+  expect(updatedPackage?.description).toBe("Updated Description")
+})
+
+test("update package privacy settings", async () => {
+  const { axios, db } = await getTestServer()
+
+  // Create initial public package
+  const packageResponse = await axios.post(
+    "/api/packages/create",
+    {
+      name: "public-package",
+      description: "Public Package",
+      is_private: false,
+    },
+    {
+      headers: {
+        Authorization: "Bearer 1234",
+      },
+    },
+  )
+  const packageId = packageResponse.data.package.package_id
+
+  // Update to make it private
+  const response = await axios.post(
+    "/api/packages/update",
+    {
+      package_id: packageId,
+      is_private: true,
+    },
+    {
+      headers: {
+        Authorization: "Bearer 1234",
+      },
+    },
+  )
+
+  expect(response.status).toBe(200)
+  expect(response.data.ok).toBe(true)
+  expect(response.data.package.is_private).toBe(true)
+  expect(response.data.package.is_public).toBe(false)
+  expect(response.data.package.is_unlisted).toBe(true) // Private packages should be unlisted
+
+  // Verify in database
+  const updatedPackage = db.packages.find((p) => p.package_id === packageId)
+  expect(updatedPackage?.is_private).toBe(true)
+  expect(updatedPackage?.is_public).toBe(false)
+  expect(updatedPackage?.is_unlisted).toBe(true)
+})
+
+test("update non-existent package", async () => {
+  const { axios } = await getTestServer()
+
+  try {
+    await axios.post(
+      "/api/packages/update",
+      {
+        package_id: "non-existent-id",
+        name: "updated-name",
+      },
+      {
+        headers: {
+          Authorization: "Bearer 1234",
+        },
+      },
+    )
+    throw new Error("Expected request to fail")
+  } catch (error: any) {
+    expect(error.status).toBe(404)
+    expect(error.data.error.error_code).toBe("package_not_found")
+    expect(error.data.error.message).toBe("Package not found")
+  }
+})
+
+test("update package without permission", async () => {
+  const { axios, db } = await getTestServer()
+
+  db.addPackage({
+    name: "Package3",
+    unscoped_name: "Package3",
+    owner_github_username: "user1",
+    creator_account_id: "creator1",
+    created_at: "2023-01-03T00:00:00Z",
+    updated_at: "2023-01-03T00:00:00Z",
+    description: "Description 3",
+    ai_description: "AI Description 3",
+    owner_org_id: "org1",
+    latest_version: "1.0.0",
+    license: "MIT",
+    is_source_from_github: true,
+    star_count: 0,
+  } as any)
+
+  const packageId = db.packages[0].package_id
+
+  // Try to update with different user
+  try {
+    await axios.post(
+      "/api/packages/update",
+      {
+        package_id: packageId,
+        name: "stolen-package",
+      },
+      {
+        headers: {
+          Authorization: "Bearer 5678", // Different user
+        },
+      },
+    )
+    throw new Error("Expected request to fail")
+  } catch (error: any) {
+    expect(error.status).toBe(403)
+    expect(error.data.error.error_code).toBe("forbidden")
+    expect(error.data.error.message).toBe(
+      "You don't have permission to update this package",
+    )
+  }
+})

package/bun-tests/fake-snippets-api/routes/snippets/get.test.ts

@@ -112,3 +112,52 @@ test("GET /api/snippets/get - should return snippet by unscoped_name and owner",
   const responseBody = getResponse.data
   expect(responseBody.ok).toBe(true)
 })
+
+test("GET /api/snippets/get - should not return snippet if snippet is private and user is unauthenticated", async () => {
+  const { axios, db, unauthenticatedAxios } = await getTestServer()
+
+  // First create a snippet
+  const snippet = {
+    unscoped_name: "test-package",
+    owner_name: "testuser",
+    code: "export const TestComponent = () => <div>Test</div>",
+    dts: "export declare const TestComponent: () => JSX.Element",
+    created_at: "2023-01-01T00:00:00Z",
+    updated_at: "2023-01-01T00:00:00Z",
+    name: "testuser/test-package",
+    snippet_type: "package",
+    description: "Test package",
+  }
+
+  db.addSnippet(snippet as any)
+
+  const createdSnippet = db.packages[0]
+
+  const updatedSnippet = await axios.post("/api/snippets/update", {
+    snippet_id: createdSnippet.package_id,
+    is_private: true,
+  })
+
+  expect(updatedSnippet.status).toBe(200)
+  expect(updatedSnippet.data.snippet.is_private).toBe(true)
+  expect(updatedSnippet.data.snippet.is_public).toBe(false)
+
+  // Get the snippet using name and owner
+  const getResponse = await axios.post("/api/snippets/get", {
+    snippet_id: createdSnippet.package_id,
+  })
+
+  expect(getResponse.status).toBe(200)
+  const responseBody = getResponse.data
+  expect(responseBody.ok).toBe(true)
+
+  try {
+    await unauthenticatedAxios.post("/api/snippets/get", {
+      snippet_id: createdSnippet.package_id,
+    })
+    throw new Error("Expected request to fail")
+  } catch (error: any) {
+    expect(error.status).toBe(404)
+    expect(error.data.error.error_code).toBe("snippet_not_found")
+  }
+})

package/bun-tests/fake-snippets-api/routes/snippets/update.test.ts

@@ -7,7 +7,7 @@ test("update snippet", async () => {
   // Add a test snippet
   const snippet = {
     unscoped_name: "TestSnippet",
-    owner_name: "account-1234",
+    owner_name: "testuser",
     code: "Original Content",
     created_at: "2023-01-01T00:00:00Z",
     updated_at: "2023-01-01T00:00:00Z",
@@ -23,19 +23,11 @@ test("update snippet", async () => {
   // Update the snippet
   const updatedCode = "Updated Content"
   const updatedCompiledJs = "console.log('Updated Content')"
-  const response = await axios.post(
-    "/api/snippets/update",
-    {
-      snippet_id: addedPackage.package_id,
-      code: updatedCode,
-      compiled_js: updatedCompiledJs,
-    },
-    {
-      headers: {
-        Authorization: "Bearer 1234",
-      },
-    },
-  )
+  const response = await axios.post("/api/snippets/update", {
+    snippet_id: addedPackage.package_id,
+    code: updatedCode,
+    compiled_js: updatedCompiledJs,
+  })
 
   expect(response.status).toBe(200)
   expect(response.data.snippet.code).toBe(updatedCode)
@@ -56,19 +48,11 @@ test("update non-existent snippet", async () => {
   const { axios } = await getTestServer()
 
   try {
-    await axios.post(
-      "/api/snippets/update",
-      {
-        snippet_id: "non-existent-id",
-        code: "Updated Content",
-        compiled_js: "console.log('Updated Content')",
-      },
-      {
-        headers: {
-          Authorization: "Bearer 1234",
-        },
-      },
-    )
+    await axios.post("/api/snippets/update", {
+      snippet_id: "non-existent-id",
+      code: "Updated Content",
+      compiled_js: "console.log('Updated Content')",
+    })
     // If the request doesn't throw an error, fail the test
     expect(true).toBe(false)
   } catch (error: any) {
@@ -83,7 +67,7 @@ test("update snippet with null compiled_js", async () => {
   // Add a test snippet with compiled_js
   const snippet = {
     unscoped_name: "TestSnippet",
-    owner_name: "account-1234",
+    owner_name: "testuser",
     code: "Original Content",
     created_at: "2023-01-01T00:00:00Z",
     updated_at: "2023-01-01T00:00:00Z",
@@ -155,3 +139,61 @@ test("update snippet after create snippet", async () => {
   expect(response.data.snippet.code).toBe(updatedCode)
   expect(response.data.snippet.updated_at).not.toBe(createdSnippet.created_at)
 })
+
+test("update snippet visibility", async () => {
+  const { axios, db } = await getTestServer()
+
+  const snippet = {
+    unscoped_name: "TestSnippet",
+    code: "Test Content",
+    snippet_type: "package",
+    description: "Test Description",
+  }
+
+  await axios.post("/api/snippets/create", snippet)
+
+  const createdSnippet = db.packages[0]
+
+  const response = await axios.post(
+    "/api/snippets/update",
+    {
+      snippet_id: createdSnippet.package_id,
+      is_private: true,
+    },
+    {
+      headers: {
+        Authorization: `Bearer ${createdSnippet.creator_account_id}`,
+      },
+    },
+  )
+
+  expect(response.status).toBe(200)
+  expect(response.data.snippet.is_private).toBe(true)
+})
+
+test("update snippet visibility with unauthenticated user", async () => {
+  const { axios, db } = await getTestServer()
+
+  const snippet = {
+    unscoped_name: "TestSnippet",
+    code: "Test Content",
+    snippet_type: "package",
+    description: "Test Description",
+  }
+
+  db.addSnippet(snippet as any)
+
+  const createdSnippet = db.packages[0]
+
+  try {
+    await axios.post("/api/snippets/update", {
+      snippet_id: createdSnippet.package_id,
+      is_private: true,
+    })
+  } catch (error: any) {
+    expect(error.status).toBe(403)
+    expect(error.data.error.message).toBe(
+      "You don't have permission to update this snippet",
+    )
+  }
+})