@wopr-network/platform-core 0.1.0

package/dist/email/notification-templates.test.js

@@ -0,0 +1,238 @@
+import { describe, expect, it } from "vitest";
+import { renderNotificationTemplate } from "./notification-templates.js";
+describe("renderNotificationTemplate", () => {
+    describe("credits-depleted", () => {
+        it("renders valid HTML and text with subject", () => {
+            const result = renderNotificationTemplate("credits-depleted", {
+                email: "user@example.com",
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.subject).toBeTruthy();
+            expect(result.html).toContain("<!DOCTYPE html>");
+            expect(result.text).toBeTruthy();
+        });
+    });
+    describe("grace-period-start", () => {
+        it("renders with balance and grace days", () => {
+            const result = renderNotificationTemplate("grace-period-start", {
+                email: "user@example.com",
+                balanceDollars: "$0.50",
+                graceDays: 7,
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.html).toContain("$0.50");
+            expect(result.html).toContain("7");
+        });
+    });
+    describe("grace-period-warning", () => {
+        it("renders a warning subject", () => {
+            const result = renderNotificationTemplate("grace-period-warning", {
+                email: "user@example.com",
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.subject).toMatch(/last chance|suspended|tomorrow/i);
+        });
+    });
+    describe("auto-suspended", () => {
+        it("renders with reason", () => {
+            const result = renderNotificationTemplate("auto-suspended", {
+                email: "user@example.com",
+                reason: "Grace period expired",
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.html).toContain("Grace period expired");
+        });
+    });
+    describe("auto-topup-success", () => {
+        it("renders with amount and new balance", () => {
+            const result = renderNotificationTemplate("auto-topup-success", {
+                email: "user@example.com",
+                amountDollars: "$50.00",
+                newBalanceDollars: "$55.00",
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.html).toContain("$50.00");
+            expect(result.html).toContain("$55.00");
+        });
+    });
+    describe("auto-topup-failed", () => {
+        it("renders a failed top-up notification", () => {
+            const result = renderNotificationTemplate("auto-topup-failed", {
+                email: "user@example.com",
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.subject).toMatch(/auto top-up failed|failed/i);
+        });
+    });
+    describe("crypto-payment-confirmed", () => {
+        it("renders with amount", () => {
+            const result = renderNotificationTemplate("crypto-payment-confirmed", {
+                email: "user@example.com",
+                amountDollars: "$25.00",
+                newBalanceDollars: "$30.00",
+            });
+            expect(result.html).toContain("$25.00");
+        });
+    });
+    describe("admin-suspended", () => {
+        it("renders with reason", () => {
+            const result = renderNotificationTemplate("admin-suspended", {
+                email: "user@example.com",
+                reason: "ToS violation",
+            });
+            expect(result.html).toContain("ToS violation");
+        });
+    });
+    describe("admin-reactivated", () => {
+        it("renders a reactivation email", () => {
+            const result = renderNotificationTemplate("admin-reactivated", {
+                email: "user@example.com",
+            });
+            expect(result.subject).toMatch(/reactivated/i);
+        });
+    });
+    describe("credits-granted", () => {
+        it("renders with amount and reason", () => {
+            const result = renderNotificationTemplate("credits-granted", {
+                email: "user@example.com",
+                amountDollars: "$5.00",
+                reason: "Support credit",
+            });
+            expect(result.html).toContain("$5.00");
+            expect(result.html).toContain("Support credit");
+        });
+    });
+    describe("role-changed", () => {
+        it("renders with new role", () => {
+            const result = renderNotificationTemplate("role-changed", {
+                email: "user@example.com",
+                newRole: "tenant_admin",
+            });
+            expect(result.html).toContain("tenant_admin");
+        });
+    });
+    describe("team-invite", () => {
+        it("renders with tenant name and invite URL", () => {
+            const result = renderNotificationTemplate("team-invite", {
+                email: "user@example.com",
+                tenantName: "Acme Corp",
+                inviteUrl: "https://app.wopr.bot/invite/abc",
+            });
+            expect(result.html).toContain("Acme Corp");
+        });
+    });
+    describe("agent-created", () => {
+        it("renders with agent name", () => {
+            const result = renderNotificationTemplate("agent-created", {
+                email: "user@example.com",
+                agentName: "HAL 9000",
+            });
+            expect(result.html).toContain("HAL 9000");
+        });
+    });
+    describe("channel-connected", () => {
+        it("renders with channel and agent name", () => {
+            const result = renderNotificationTemplate("channel-connected", {
+                email: "user@example.com",
+                channelName: "Discord",
+                agentName: "MyBot",
+            });
+            expect(result.html).toContain("Discord");
+            expect(result.html).toContain("MyBot");
+        });
+    });
+    describe("channel-disconnected", () => {
+        it("renders with channel, agent, and reason", () => {
+            const result = renderNotificationTemplate("channel-disconnected", {
+                email: "user@example.com",
+                channelName: "Discord",
+                agentName: "MyBot",
+                reason: "Token expired",
+            });
+            expect(result.html).toContain("Discord");
+            expect(result.html).toContain("Token expired");
+        });
+    });
+    describe("agent-suspended", () => {
+        it("renders with agent name and reason", () => {
+            const result = renderNotificationTemplate("agent-suspended", {
+                email: "user@example.com",
+                agentName: "MyBot",
+                reason: "Account suspended",
+            });
+            expect(result.html).toContain("MyBot");
+        });
+    });
+    describe("custom", () => {
+        it("renders with custom subject and body", () => {
+            const result = renderNotificationTemplate("custom", {
+                email: "user@example.com",
+                subject: "Hello from WOPR",
+                bodyText: "This is a custom message.",
+            });
+            expect(result.subject).toBe("Hello from WOPR");
+            expect(result.html).toContain("This is a custom message.");
+            expect(result.text).toContain("This is a custom message.");
+        });
+        it("escapes HTML in bodyText to prevent XSS", () => {
+            const result = renderNotificationTemplate("custom", {
+                email: "user@example.com",
+                subject: "Test",
+                bodyText: "<script>alert('xss')</script>",
+            });
+            expect(result.html).not.toContain("<script>");
+            expect(result.html).toContain("&lt;script&gt;");
+        });
+        it("converts newlines to <br> tags in HTML", () => {
+            const result = renderNotificationTemplate("custom", {
+                email: "user@example.com",
+                subject: "Test",
+                bodyText: "Line one\nLine two",
+            });
+            expect(result.html).toContain("<br");
+        });
+    });
+    describe("dividend-weekly-digest", () => {
+        it("renders dividend-weekly-digest template", () => {
+            const result = renderNotificationTemplate("dividend-weekly-digest", {
+                email: "alice@example.com",
+                weeklyTotalDollars: "$3.50",
+                weeklyTotalCents: 350,
+                lifetimeTotalDollars: "$42.00",
+                distributionCount: 5,
+                poolAvgCents: 2000,
+                activeUsersAvg: 10,
+                nextDividendDate: "Tuesday, February 25, 2026",
+                weekStartDate: "February 17",
+                weekEndDate: "February 23",
+                unsubscribeUrl: "https://app.wopr.bot/settings/notifications",
+                creditsUrl: "https://app.wopr.bot/billing/credits",
+            });
+            expect(result.subject).toBe("WOPR paid you $3.50 this week");
+            expect(result.html).toContain("$3.50");
+            expect(result.html).toContain("$42.00");
+            expect(result.html).toContain("February 17");
+            expect(result.html).toContain("February 23");
+            expect(result.html).toContain("Unsubscribe");
+            expect(result.text).toContain("$3.50");
+            expect(result.text).toContain("Unsubscribe");
+        });
+    });
+    describe("XSS protection", () => {
+        it("escapes HTML in user-supplied fields like agentName", () => {
+            const result = renderNotificationTemplate("agent-created", {
+                email: "user@example.com",
+                agentName: '<img src=x onerror="alert(1)">',
+            });
+            expect(result.html).not.toContain("<img");
+            expect(result.html).toContain("&lt;img");
+        });
+        it("escapes HTML in reason fields", () => {
+            const result = renderNotificationTemplate("admin-suspended", {
+                email: "user@example.com",
+                reason: "<script>evil()</script>",
+            });
+            expect(result.html).not.toContain("<script>");
+        });
+    });
+});

package/dist/email/notification-worker.d.ts

@@ -0,0 +1,24 @@
+/**
+ * NotificationWorker — processes pending notification queue entries.
+ *
+ * Called on a timer (e.g. every 30s) from the server startup code.
+ * Do NOT put the interval inside this class.
+ */
+import type { EmailClient } from "./client.js";
+import type { INotificationPreferencesRepository, INotificationQueueRepository } from "./notification-repository-types.js";
+export interface NotificationWorkerConfig {
+    queue: INotificationQueueRepository;
+    emailClient: EmailClient;
+    preferences: INotificationPreferencesRepository;
+    batchSize?: number;
+}
+export declare class NotificationWorker {
+    private readonly queue;
+    private readonly emailClient;
+    private readonly preferences;
+    private readonly batchSize;
+    constructor(config: NotificationWorkerConfig);
+    /** Process one batch of pending notifications. Returns count of processed items. */
+    processBatch(): Promise<number>;
+    private isEnabledByPreferences;
+}

package/dist/email/notification-worker.js

@@ -0,0 +1,109 @@
+/**
+ * NotificationWorker — processes pending notification queue entries.
+ *
+ * Called on a timer (e.g. every 30s) from the server startup code.
+ * Do NOT put the interval inside this class.
+ */
+import { logger } from "../config/logger.js";
+import { renderNotificationTemplate } from "./notification-templates.js";
+/** Templates that bypass user preference checks — always sent. */
+const CRITICAL_TEMPLATES = new Set([
+    "grace-period-start",
+    "grace-period-warning",
+    "auto-suspended",
+    "admin-suspended",
+    "admin-reactivated",
+    "password-reset",
+    "welcome",
+    "account-deletion-requested",
+    "account-deletion-cancelled",
+    "account-deletion-completed",
+]);
+/** Map from template name to preference key. */
+const PREF_MAP = {
+    "low-balance": "billing_low_balance",
+    "credits-depleted": "billing_low_balance",
+    "auto-topup-success": "billing_auto_topup",
+    "auto-topup-failed": "billing_auto_topup",
+    "credit-purchase-receipt": "billing_receipts",
+    "crypto-payment-confirmed": "billing_receipts",
+    "channel-disconnected": "agent_channel_disconnect",
+    "agent-created": "agent_status_changes",
+    "channel-connected": "agent_status_changes",
+    "agent-suspended": "agent_status_changes",
+    "credits-granted": "billing_receipts",
+    "dividend-weekly-digest": "billing_receipts",
+    "role-changed": "account_role_changes",
+    "team-invite": "account_team_invites",
+};
+export class NotificationWorker {
+    queue;
+    emailClient;
+    preferences;
+    batchSize;
+    constructor(config) {
+        this.queue = config.queue;
+        this.emailClient = config.emailClient;
+        this.preferences = config.preferences;
+        this.batchSize = config.batchSize ?? 10;
+    }
+    /** Process one batch of pending notifications. Returns count of processed items. */
+    async processBatch() {
+        const pending = await this.queue.fetchPending(this.batchSize);
+        let processed = 0;
+        for (const notif of pending) {
+            try {
+                const data = JSON.parse(notif.data);
+                const email = data.email;
+                if (!email) {
+                    logger.error("Notification missing email field", {
+                        notificationId: notif.id,
+                        template: notif.template,
+                    });
+                    this.queue.markFailed(notif.id, notif.attempts + 1);
+                    processed++;
+                    continue;
+                }
+                // Check preferences (skip for critical notifications)
+                if (!CRITICAL_TEMPLATES.has(notif.template)) {
+                    const prefs = this.preferences.get(notif.tenantId);
+                    if (!this.isEnabledByPreferences(notif.template, prefs)) {
+                        // User has disabled this notification type — mark sent to clear queue
+                        this.queue.markSent(notif.id);
+                        processed++;
+                        continue;
+                    }
+                }
+                // Render the template
+                const rendered = renderNotificationTemplate(notif.template, data);
+                // Send via email client
+                await this.emailClient.send({
+                    to: email,
+                    subject: rendered.subject,
+                    html: rendered.html,
+                    text: rendered.text,
+                    userId: notif.tenantId,
+                    templateName: notif.template,
+                });
+                this.queue.markSent(notif.id);
+                processed++;
+            }
+            catch (err) {
+                logger.error("Notification send failed", {
+                    notificationId: notif.id,
+                    template: notif.template,
+                    error: err instanceof Error ? err.message : String(err),
+                });
+                this.queue.markFailed(notif.id, notif.attempts + 1);
+                processed++;
+            }
+        }
+        return processed;
+    }
+    isEnabledByPreferences(template, prefs) {
+        const prefKey = PREF_MAP[template];
+        if (!prefKey)
+            return true; // unknown template -> send by default
+        return prefs[prefKey] !== false; // default to enabled if key missing
+    }
+}

package/dist/email/notification-worker.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/email/notification-worker.test.js

@@ -0,0 +1,153 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { NotificationWorker } from "./notification-worker.js";
+vi.mock("../config/logger.js", () => ({
+    logger: {
+        info: vi.fn(),
+        error: vi.fn(),
+        warn: vi.fn(),
+        debug: vi.fn(),
+    },
+}));
+function makeNotif(overrides = {}) {
+    return {
+        id: "notif-1",
+        tenantId: "tenant-1",
+        template: "low-balance",
+        data: JSON.stringify({ email: "user@example.com", balanceDollars: "$1.00" }),
+        status: "pending",
+        attempts: 0,
+        retryAfter: null,
+        sentAt: null,
+        createdAt: Date.now(),
+        ...overrides,
+    };
+}
+function makeQueue(pending = []) {
+    return {
+        enqueue: vi.fn().mockReturnValue("notif-id"),
+        fetchPending: vi.fn().mockReturnValue(pending),
+        markSent: vi.fn(),
+        markFailed: vi.fn(),
+        listForTenant: vi.fn().mockReturnValue({ entries: [], total: 0 }),
+    };
+}
+function makePrefs(prefs = {}) {
+    const defaultPrefs = {
+        billing_low_balance: true,
+        billing_receipts: true,
+        billing_auto_topup: true,
+        agent_channel_disconnect: true,
+        agent_status_changes: false,
+        account_role_changes: true,
+        account_team_invites: true,
+    };
+    return {
+        get: vi.fn().mockReturnValue({ ...defaultPrefs, ...prefs }),
+        update: vi.fn(),
+    };
+}
+function makeEmailClient() {
+    return {
+        send: vi.fn().mockResolvedValue({ id: "email-123", success: true }),
+        onEmailSent: vi.fn(),
+    };
+}
+describe("NotificationWorker", () => {
+    let emailClient;
+    beforeEach(() => {
+        emailClient = makeEmailClient();
+    });
+    describe("processBatch", () => {
+        it("sends emails for pending notifications and marks them sent", async () => {
+            const notif = makeNotif();
+            const queue = makeQueue([notif]);
+            const prefs = makePrefs();
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            const count = await worker.processBatch();
+            expect(emailClient.send).toHaveBeenCalledOnce();
+            expect(queue.markSent).toHaveBeenCalledWith("notif-1");
+            expect(count).toBe(1);
+        });
+        it("returns 0 when no pending notifications", async () => {
+            const queue = makeQueue([]);
+            const prefs = makePrefs();
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            const count = await worker.processBatch();
+            expect(count).toBe(0);
+            expect(emailClient.send).not.toHaveBeenCalled();
+        });
+        it("marks notification as failed (not sent) when email is missing", async () => {
+            const notif = makeNotif({ data: JSON.stringify({}) }); // no email
+            const queue = makeQueue([notif]);
+            const prefs = makePrefs();
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            await worker.processBatch();
+            expect(emailClient.send).not.toHaveBeenCalled();
+            expect(queue.markFailed).toHaveBeenCalledWith("notif-1", 1);
+        });
+        it("marks as sent (skipped) when user preference disables that template", async () => {
+            const notif = makeNotif({ template: "agent-created" }); // pref: agent_status_changes
+            const queue = makeQueue([notif]);
+            const prefs = makePrefs({ agent_status_changes: false }); // disabled
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            await worker.processBatch();
+            expect(emailClient.send).not.toHaveBeenCalled();
+            expect(queue.markSent).toHaveBeenCalledWith("notif-1"); // cleared from queue
+        });
+        it("sends critical templates even when preferences would disable them", async () => {
+            // grace-period-start is critical — should bypass preference check
+            const notif = makeNotif({
+                template: "grace-period-start",
+                data: JSON.stringify({
+                    email: "user@example.com",
+                    balanceDollars: "$0.00",
+                    graceDays: 7,
+                    creditsUrl: "https://app.wopr.bot/billing/credits",
+                }),
+            });
+            const queue = makeQueue([notif]);
+            // Even if all prefs disabled, critical templates must send
+            const prefs = makePrefs({
+                billing_low_balance: false,
+                billing_receipts: false,
+                billing_auto_topup: false,
+            });
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            await worker.processBatch();
+            expect(emailClient.send).toHaveBeenCalledOnce();
+            expect(queue.markSent).toHaveBeenCalledWith(notif.id);
+        });
+        it("marks as failed and increments attempts when send throws", async () => {
+            const notif = makeNotif({ attempts: 2 });
+            const queue = makeQueue([notif]);
+            const prefs = makePrefs();
+            vi.spyOn(emailClient, "send").mockRejectedValueOnce(new Error("Network error"));
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            await worker.processBatch();
+            expect(queue.markFailed).toHaveBeenCalledWith("notif-1", 3); // attempts + 1
+            expect(queue.markSent).not.toHaveBeenCalled();
+        });
+        it("processes multiple notifications in one batch", async () => {
+            const notif1 = makeNotif({ id: "n1" });
+            const notif2 = makeNotif({
+                id: "n2",
+                template: "welcome",
+                data: JSON.stringify({ email: "b@b.com" }),
+            });
+            const queue = makeQueue([notif1, notif2]);
+            const prefs = makePrefs();
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs });
+            const count = await worker.processBatch();
+            expect(count).toBe(2);
+            expect(emailClient.send).toHaveBeenCalledTimes(2);
+        });
+        it("respects custom batchSize", async () => {
+            const notifs = Array.from({ length: 5 }, (_, i) => makeNotif({ id: `n${i}` }));
+            const queue = makeQueue(notifs.slice(0, 3)); // fetchPending called with batchSize
+            const prefs = makePrefs();
+            const worker = new NotificationWorker({ queue, emailClient, preferences: prefs, batchSize: 3 });
+            await worker.processBatch();
+            expect(queue.fetchPending).toHaveBeenCalledWith(3);
+        });
+    });
+});

package/dist/email/require-verified.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Email Verification Middleware — Blocks actions until email is verified.
+ *
+ * When used after session auth middleware, checks that the authenticated user
+ * has verified their email. API token auth (machine-to-machine) is not subject
+ * to email verification and is always allowed through.
+ */
+import type { Context, Next } from "hono";
+/** Minimal interface for checking email verification status. */
+export interface IEmailVerifier {
+    isVerified(userId: string): Promise<boolean>;
+}
+/**
+ * Create middleware that blocks session-authenticated users who haven't verified their email.
+ *
+ * API token auth (authMethod === "api_key") bypasses this check since machine
+ * clients don't have email addresses to verify.
+ *
+ * @param verifier - Email verification store
+ */
+export declare function requireEmailVerified(verifier: IEmailVerifier): (c: Context, next: Next) => Promise<void | (Response & import("hono").TypedResponse<{
+    error: string;
+    message: string;
+    code: string;
+}, 403, "json">)>;

package/dist/email/require-verified.js

@@ -0,0 +1,52 @@
+/**
+ * Email Verification Middleware — Blocks actions until email is verified.
+ *
+ * When used after session auth middleware, checks that the authenticated user
+ * has verified their email. API token auth (machine-to-machine) is not subject
+ * to email verification and is always allowed through.
+ */
+import { logger } from "../config/logger.js";
+/**
+ * Create middleware that blocks session-authenticated users who haven't verified their email.
+ *
+ * API token auth (authMethod === "api_key") bypasses this check since machine
+ * clients don't have email addresses to verify.
+ *
+ * @param verifier - Email verification store
+ */
+export function requireEmailVerified(verifier) {
+    return async (c, next) => {
+        let authMethod;
+        let userId;
+        try {
+            authMethod = c.get("authMethod");
+            const user = c.get("user");
+            userId = user?.id;
+        }
+        catch {
+            // No auth context set — let downstream auth middleware handle 401
+            return next();
+        }
+        // API token auth bypasses email verification
+        if (authMethod === "api_key") {
+            return next();
+        }
+        // Session auth requires verified email
+        if (authMethod === "session" && userId) {
+            try {
+                if (!(await verifier.isVerified(userId))) {
+                    return c.json({
+                        error: "Email verification required",
+                        message: "Please verify your email address before creating bots",
+                        code: "EMAIL_NOT_VERIFIED",
+                    }, 403);
+                }
+            }
+            catch (error) {
+                // If we can't check verification (DB issue), don't block the user
+                logger.warn("Email verification check failed", { error });
+            }
+        }
+        return next();
+    };
+}

package/dist/email/require-verified.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/email/require-verified.test.js

@@ -0,0 +1,62 @@
+import { Hono } from "hono";
+import { beforeEach, describe, expect, it } from "vitest";
+import { requireEmailVerified } from "./require-verified.js";
+describe("requireEmailVerified middleware", () => {
+    let verifiedUsers;
+    let app;
+    beforeEach(() => {
+        verifiedUsers = new Set();
+        const middleware = requireEmailVerified({
+            isVerified: async (userId) => verifiedUsers.has(userId),
+        });
+        app = new Hono();
+        // Simulate session auth middleware setting user context
+        app.use("/test/*", async (c, next) => {
+            const authMethod = (c.req.header("X-Auth-Method") || "session");
+            const userId = c.req.header("X-User-Id") || "user-1";
+            c.set("authMethod", authMethod);
+            c.set("user", { id: userId, roles: ["user"] });
+            return next();
+        });
+        app.use("/test/*", middleware);
+        app.post("/test/create", (c) => c.json({ ok: true }));
+        // Route without auth context — use a plain Hono app for this
+        const noauthApp = new Hono();
+        noauthApp.use("/noauth/*", middleware);
+        noauthApp.post("/noauth/create", (c) => c.json({ ok: true }));
+        // Mount the noauth app into the main app
+        app.route("/", noauthApp);
+    });
+    it("should block session-authenticated users without verified email", async () => {
+        const res = await app.request("/test/create", {
+            method: "POST",
+            headers: { "X-Auth-Method": "session", "X-User-Id": "user-1" },
+        });
+        expect(res.status).toBe(403);
+        const body = await res.json();
+        expect(body.code).toBe("EMAIL_NOT_VERIFIED");
+    });
+    it("should allow session-authenticated users with verified email", async () => {
+        verifiedUsers.add("user-1");
+        const res = await app.request("/test/create", {
+            method: "POST",
+            headers: { "X-Auth-Method": "session", "X-User-Id": "user-1" },
+        });
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.ok).toBe(true);
+    });
+    it("should always allow API token auth", async () => {
+        const res = await app.request("/test/create", {
+            method: "POST",
+            headers: { "X-Auth-Method": "api_key", "X-User-Id": "token:write" },
+        });
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.ok).toBe(true);
+    });
+    it("should pass through when no auth context is set", async () => {
+        const res = await app.request("/noauth/create", { method: "POST" });
+        expect(res.status).toBe(200);
+    });
+});