npm - mbkauthe - Versions diffs - 3.0.0 → 3.1.0 - Mend

mbkauthe 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -110,6 +110,30 @@ app.get('/admin', validateSession, checkRolePermission(['SuperAdmin']), (req, re
 app.listen(3000);
 ```
+## 🧪 Testing
+MBKAuthe includes comprehensive test coverage for all authentication features:
+```bash
+# Run all tests
+npm test
+# Run tests in watch mode (auto-rerun on changes)
+npm run test:watch
+# Run with development flags
+npm run dev
+```
+**Test Coverage:**
+- ✅ Authentication flows (login, 2FA, logout)
+- ✅ OAuth integration (GitHub)
+- ✅ Session management and security
+- ✅ Role-based access control
+- ✅ API endpoints and error handling
+- ✅ CSRF protection and rate limiting
+- ✅ Static asset serving
 ## 📂 Architecture (v3.0)
 ```
@@ -148,14 +172,31 @@ app.post('/api/data', authenticate(process.env.API_TOKEN), handler);
 ### Built-in Routes
-- `GET /mbkauthe/login` - Login page
+**Authentication Routes:**
+- `GET /login`, `/signin` - Redirect to main login page
+- `GET /mbkauthe/login` - Login page (8/min rate limit)
 - `POST /mbkauthe/api/login` - Login endpoint (8/min rate limit)
 - `POST /mbkauthe/api/logout` - Logout endpoint (10/min rate limit)
-- `GET /mbkauthe/2fa` - 2FA page (if enabled)
-- `POST /mbkauthe/api/verify-2fa` - 2FA verification (5/min rate limit)
-- `GET /mbkauthe/api/github/login` - GitHub OAuth
-- `GET /mbkauthe/info` - Version & config info
-- `GET /mbkauthe/ErrorCode` - Error documentation
+- `GET /mbkauthe/2fa` - 2FA verification page (if enabled)
+- `POST /mbkauthe/api/verify-2fa` - 2FA verification API (5/min rate limit)
+**OAuth Routes:**
+- `GET /mbkauthe/api/github/login` - GitHub OAuth initiation (10/5min rate limit)
+- `GET /mbkauthe/api/github/login/callback` - GitHub OAuth callback
+**Information & Utility Routes:**
+- `GET /mbkauthe/info`, `/mbkauthe/i` - Version & config info (8/min rate limit)
+- `GET /mbkauthe/ErrorCode` - Error code documentation
+- `GET /mbkauthe/test` - Test authentication status (8/min rate limit)
+**Static Asset Routes:**
+- `GET /mbkauthe/main.js` - Client-side JavaScript utilities
+- `GET /mbkauthe/bg.webp` - Background image for auth pages
+- `GET /icon.svg` - Application SVG icon (root level)
+- `GET /favicon.ico`, `/icon.ico` - Application favicon
+**Admin API Routes:**
+- `POST /mbkauthe/api/terminateAllSessions` - Terminate all sessions (admin only)
 ## 🔐 Security Features
@@ -245,8 +286,9 @@ const result = await dblogin.query('SELECT * FROM "Users"');
 ## 📚 Documentation
 - [API Documentation](docs/api.md) - Complete API reference
-- [Database Guide](docs/db.md) - Schema details
+- [Database Guide](docs/db.md) - Schema details
 - [Environment Config](docs/env.md) - Configuration options
+- [Error Messages](docs/error-messages.md) - Error code reference
 ## 📝 License

package/docs/api.md CHANGED Viewed

@@ -55,14 +55,65 @@ When a user logs in, MBKAuthe creates a session and sets the following cookies:
 ### Public Endpoints
+#### `GET /login`
+Redirect route that forwards to the main login page.
+**Rate Limit:** No rate limiting applied
+**Query Parameters:**
+- All query parameters are preserved and forwarded
+**Response:** 302 redirect to `/mbkauthe/login`
+**Example:**
+```
+GET /login?redirect=/dashboard
+→ Redirects to: /mbkauthe/login?redirect=/dashboard
+```
+---
+#### `GET /signin`
+Alias redirect route that forwards to the main login page.
+**Rate Limit:** No rate limiting applied
+**Query Parameters:**
+- All query parameters are preserved and forwarded
+**Response:** 302 redirect to `/mbkauthe/login`
+**Example:**
+```
+GET /signin
+→ Redirects to: /mbkauthe/login
+```
+---
 #### `GET /mbkauthe/login`
-Renders the login page.
+Renders the main login page.
+**Rate Limit:** 8 requests per minute (exempt for logged-in users)
+**CSRF Protection:** Required (token included in form)
 **Query Parameters:**
 - `redirect` (optional) - URL to redirect after successful login
-**Response:** HTML page
+**Response:** HTML page with login form
+**Template Variables:**
+- `githubLoginEnabled` - Whether GitHub OAuth is enabled
+- `customURL` - Redirect URL after login
+- `userLoggedIn` - Whether user is already authenticated
+- `username` - Current username if logged in
+- `version` - MBKAuthe version
+- `appName` - Application name
+- `csrfToken` - CSRF protection token
 **Example:**
 ```
@@ -275,13 +326,17 @@ fetch('/mbkauthe/api/logout', {
 Terminates all active sessions across all users (admin only).
-**Authentication:** API token required
+**Authentication:** API token required (via `authenticate` middleware)
+**Rate Limit:** No explicit rate limiting applied
 **Headers:**
 ```
-Authorization: your-api-token
+Authorization: your-main-secret-token
 ```
+**Request Body:** None required
 **Success Response (200 OK):**
 ```json
 {
@@ -298,16 +353,28 @@ Authorization: your-api-token
 | 500 | Failed to terminate sessions |
 | 500 | Internal Server Error |
+**Implementation Details:**
+- Clears all user session IDs in the database (`Users` table)
+- Deletes all session records from the `session` table
+- Destroys the current request session
+- Clears session cookies
+- Runs database operations in parallel for better performance
 **Example Request:**
 ```javascript
 fetch('/mbkauthe/api/terminateAllSessions', {
   method: 'POST',
   headers: {
-    'Authorization': 'your-secret-token',
+    'Authorization': process.env.MAIN_SECRET_TOKEN,
+    'Content-Type': 'application/json'
   }
 })
 .then(response => response.json())
-.then(data => console.log(data));
+.then(data => {
+  if (data.success) {
+    console.log('All sessions terminated successfully');
+  }
+});
 ```
 ---
@@ -363,6 +430,10 @@ GET /mbkauthe/ErrorCode
 Serves the client-side JavaScript file containing helper functions for authentication operations.
+**Rate Limit:** No rate limiting applied
+**Cache:** Cached for 1 year (max-age=31536000)
 **Purpose:** Provides frontend JavaScript utilities including:
 - `logout()` - Logout function with confirmation dialog and cache clearing
 - `logoutuser()` - Alias for logout function
@@ -396,46 +467,20 @@ Serves the client-side JavaScript file containing helper functions for authentic
 - Clears cookies
 - Forces page reload
----
-#### `GET /mbkauthe/ErrorCode`
-Displays comprehensive error code documentation with descriptions and user messages.
-**Response:** HTML page showing:
-- All error codes organized by category
-- Error code ranges (Authentication, 2FA, Session, Authorization, etc.)
-- User-friendly messages and hints for each error
-- Dynamically generated from `lib/utils/errors.js`
-**Categories:**
-- **600-699**: Authentication Errors
-- **700-799**: Two-Factor Authentication Errors
-- **800-899**: Session Management Errors
-- **900-999**: Authorization Errors
-- **1000-1099**: Input Validation Errors
-- **1100-1199**: Rate Limiting Errors
-- **1200-1299**: Server Errors
-- **1300-1399**: OAuth Errors
-**Note:** This page is automatically synchronized with the error definitions in the codebase. Adding new errors only requires updating `lib/utils/errors.js` and the category code array.
-**Usage:**
-```
-GET /mbkauthe/ErrorCode
-```
 ---
 #### `GET /icon.svg`
-Serves the application's SVG icon file.
+Serves the application's SVG icon file from the root level.
+**Rate Limit:** No rate limiting applied
 **Response:** SVG image file (Content-Type: image/svg+xml)
 **Cache:** Cached for 1 year (max-age=31536000)
+**Note:** This route is mounted at the root level (not under `/mbkauthe`)
 **Usage:**
 ```html
 <img src="/icon.svg" alt="App Icon">
@@ -710,64 +755,6 @@ Authorization: your-secret-token
 ---
-### `authapi(requiredRole)`
-Advanced API authentication with role-based access control.
-**Parameters:**
-- `requiredRole` (array, optional) - Array of allowed roles
-**Usage:**
-```javascript
-import { authapi } from 'mbkauthe';
-// Any authenticated API user
-app.get('/api/data', authapi(), (req, res) => {
-  console.log(req.user); // { username, UserName, role, Role }
-  res.json({ data: 'API data' });
-});
-// Only SuperAdmin via API
-app.post('/api/admin/action', authapi(['SuperAdmin']), (req, res) => {
-  res.json({ success: true });
-});
-```
-**Headers Required:**
-```
-Authorization: user-api-key-64-char-hex
-```
-**Behavior:**
-- Validates API key from `Authorization` header
-- Looks up user associated with API key
-- Checks if user account is active
-- Verifies user role if `requiredRole` is specified
-- Blocks demo users from accessing endpoints
-- Populates `req.user` with user information
-- Returns 401 if unauthorized, 403 if insufficient permissions
-**req.user Object:**
-```javascript
-req.user = {
-  username: "john.doe",
-  UserName: "john.doe",
-  role: "NormalUser",
-  Role: "NormalUser"
-}
-```
-**Database Requirement:**
-Requires `UserAuthApiKey` table:
-```sql
-CREATE TABLE "UserAuthApiKey" (
-    username VARCHAR(50) PRIMARY KEY REFERENCES "Users"("UserName"),
-    "key" VARCHAR(64) UNIQUE NOT NULL
-);
-```
----
 ## Error Codes
 ### HTTP Status Codes
@@ -876,7 +863,7 @@ app.get('/moderator',
 ### API Authentication
 ```javascript
-import { authenticate, authapi } from 'mbkauthe';
+import { authenticate } from 'mbkauthe';
 // Simple token authentication
 app.post('/api/webhook',
@@ -887,24 +874,27 @@ app.post('/api/webhook',
   }
 );
-// API key with user validation
-app.get('/api/user/profile', authapi(), async (req, res) => {
-  const { username } = req.user;
-  // Fetch user profile
-  const profile = await getUserProfile(username);
-  res.json({ success: true, profile });
-});
-// API key with role requirement
-app.delete('/api/admin/users/:id',
-  authapi(['SuperAdmin']),
+// Admin API with token authentication
+app.post('/api/admin/terminate-sessions',
+  authenticate(process.env.MAIN_SECRET_TOKEN),
   async (req, res) => {
-    await deleteUser(req.params.id);
+    // Terminate all sessions
     res.json({ success: true });
   }
 );
+// Protected API endpoint (requires session)
+app.get('/api/user/profile',
+  validateSession,
+  async (req, res) => {
+    const { username } = req.session.user;
+    // Fetch user profile
+    const profile = await getUserProfile(username);
+    res.json({ success: true, profile });
+  }
+);
 ```
 ---

package/index.d.ts CHANGED Viewed

@@ -5,6 +5,43 @@
 import { Request, Response, NextFunction, Router } from 'express';
 import { Pool } from 'pg';
+// Global augmentations must be at the top level, outside any declare module blocks
+declare global {
+  namespace Express {
+    interface Request {
+      user?: {
+        username: string;
+        UserName: string;
+        role: 'SuperAdmin' | 'NormalUser' | 'Guest';
+        Role: 'SuperAdmin' | 'NormalUser' | 'Guest';
+      };
+      userRole?: 'SuperAdmin' | 'NormalUser' | 'Guest';
+    }
+    interface Session {
+      user?: {
+        id: number;
+        username: string;
+        UserName: string;
+        role: 'SuperAdmin' | 'NormalUser' | 'Guest';
+        Role: 'SuperAdmin' | 'NormalUser' | 'Guest';
+        sessionId: string;
+        allowedApps?: string[];
+      };
+      preAuthUser?: {
+        id: number;
+        username: string;
+        UserName?: string;
+        role: 'SuperAdmin' | 'NormalUser' | 'Guest';
+        Role?: 'SuperAdmin' | 'NormalUser' | 'Guest';
+        loginMethod?: 'password' | 'github';
+        redirectUrl?: string | null;
+      };
+      oauthRedirect?: string;
+    }
+  }
+}
 declare module 'mbkauthe' {
   // Configuration Types
   export interface MBKAuthConfig {
@@ -90,26 +127,6 @@ declare module 'mbkauthe' {
     updated_at: Date;
   }
-  // Request Extensions
-  declare global {
-    namespace Express {
-      interface Request {
-        user?: {
-          username: string;
-          UserName: string;
-          role: UserRole;
-          Role: UserRole;
-        };
-      }
-      interface Session {
-        user?: SessionUser;
-        preAuthUser?: PreAuthUser;
-        oauthRedirect?: string;
-      }
-    }
-  }
   // API Response Types
   export interface LoginResponse {
     success: boolean;
@@ -177,8 +194,6 @@ declare module 'mbkauthe' {
   export function authenticate(token: string): AuthMiddleware;
-  export function authapi(requiredRole?: UserRole[]): AuthMiddleware;
   // Utility Functions
   export function renderError(
     res: Response,

package/lib/main.js CHANGED Viewed

@@ -2,7 +2,6 @@ import express from "express";
 import session from "express-session";
 import cookieParser from "cookie-parser";
 import passport from 'passport';
-import { packageJson } from "./config/index.js";
 import {
   sessionConfig,
   corsMiddleware,
@@ -12,6 +11,11 @@ import {
 import authRoutes from "./routes/auth.js";
 import oauthRoutes from "./routes/oauth.js";
 import miscRoutes from "./routes/misc.js";
+import { fileURLToPath } from "url";
+import path from "path";
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const router = express.Router();
@@ -48,5 +52,15 @@ router.get(["/login", "/signin"], async (req, res) => {
   return res.redirect(redirectUrl);
 });
+router.get('/icon.svg', (req, res) => {
+  res.setHeader('Cache-Control', 'public, max-age=31536000');
+  res.sendFile(path.join(__dirname, '..', 'public', 'icon.svg'));
+});
+router.get(['/favicon.ico', '/icon.ico'], (req, res) => {
+  res.setHeader('Cache-Control', 'public, max-age=31536000');
+  res.sendFile(path.join(__dirname, '..', 'public', 'icon.ico'));
+});
 export { getLatestVersion } from "./routes/misc.js";
 export default router;

package/lib/routes/misc.js CHANGED Viewed

@@ -1,19 +1,20 @@
 import express from "express";
 import fetch from 'node-fetch';
 import rateLimit from 'express-rate-limit';
-import { fileURLToPath } from "url";
-import fs from "fs";
-import path from "path";
 import { mbkautheVar, packageJson, appVersion } from "../config/index.js";
 import { renderError } from "../utils/response.js";
 import { authenticate, validateSession } from "../middleware/auth.js";
 import { ErrorCodes, ErrorMessages } from "../utils/errors.js";
 import { dblogin } from "../database/pool.js";
 import { clearSessionCookies } from "../config/cookies.js";
+import { fileURLToPath } from "url";
+import path from "path";
+import fs from "fs";
-const router = express.Router();
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const router = express.Router();
 // Rate limiter for info/test routes
 const LoginLimit = rateLimit({
   windowMs: 1 * 60 * 1000,
@@ -30,16 +31,6 @@ router.get('/main.js', (req, res) => {
   res.sendFile(path.join(__dirname, '..', '..', 'public', 'main.js'));
 });
-router.get('/icon.svg', (req, res) => {
-  res.setHeader('Cache-Control', 'public, max-age=31536000');
-  res.sendFile(path.join(__dirname, '..', '..', 'public', 'icon.svg'));
-});
-router.get(['/favicon.ico', '/icon.ico'], (req, res) => {
-  res.setHeader('Cache-Control', 'public, max-age=31536000');
-  res.sendFile(path.join(__dirname, '..', '..', 'public', 'icon.ico'));
-});
 router.get("/bg.webp", (req, res) => {
   const imgPath = path.join(__dirname, "..", "..", "public", "bg.webp");
   res.setHeader('Content-Type', 'image/webp');

package/package.json CHANGED Viewed

@@ -1,12 +1,14 @@
 {
   "name": "mbkauthe",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "MBKTech's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
   "types": "index.d.ts",
   "scripts": {
-    "dev": "cross-env test=dev nodemon index.js"
+    "dev": "cross-env test=dev nodemon index.js",
+    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
+    "test:watch": "node --experimental-vm-modules node_modules/jest/bin/jest.js --watch"
   },
   "repository": {
     "type": "git",
@@ -30,8 +32,6 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "bcrypt": "^6.0.0",
-    "cheerio": "^1.0.0",
     "connect-pg-simple": "^10.0.0",
     "cookie-parser": "^1.4.7",
     "csurf": "^1.2.2",
@@ -40,19 +40,26 @@
     "express-handlebars": "^8.0.1",
     "express-rate-limit": "^7.5.0",
     "express-session": "^1.18.1",
-    "marked": "^15.0.11",
     "node-fetch": "^3.3.2",
     "passport": "^0.7.0",
     "passport-github2": "^0.1.12",
-    "path": "^0.12.7",
     "pg": "^8.14.1",
-    "speakeasy": "^2.0.0",
-    "url": "^0.11.4"
+    "speakeasy": "^2.0.0"
   },
   "devDependencies": {
     "@types/express": "^5.0.6",
-    "@types/node": "^22.19.1",
     "cross-env": "^7.0.3",
-    "nodemon": "^3.1.11"
+    "jest": "^30.2.0",
+    "nodemon": "^3.1.11",
+    "supertest": "^7.1.4"
+  },
+  "jest": {
+    "testEnvironment": "node",
+    "testMatch": [
+      "**/*.spec.js",
+      "**/*.test.js"
+    ],
+    "testTimeout": 10000,
+    "transform": {}
   }
-}
+}

package/test.spec.js ADDED Viewed

@@ -0,0 +1,178 @@
+import request from 'supertest';
+const BASE_URL = "http://localhost:5555";
+// Helper to get CSRF token and cookies
+const getCSRFTokenAndCookies = async () => {
+  const response = await request(BASE_URL).get('/mbkauthe/login');
+  const html = response.text;
+  const csrfMatch = html.match(/name="_csrf".*?value="([^"]+)"/i) ||
+                   html.match(/content="([^"]+)".*?name="_csrf"/i);
+  return {
+    csrfToken: csrfMatch?.[1] || '',
+    cookies: response.headers['set-cookie'] || []
+  };
+};
+describe('mbkauthe Routes', () => {
+  describe('Redirect Routes', () => {
+    test('GET /login redirects to /mbkauthe/login', async () => {
+      const response = await request(BASE_URL)
+        .get('/login')
+        .redirects(0);
+      expect(response.status).toBe(302);
+      expect(response.headers.location).toContain('/mbkauthe/login');
+    });
+    test('GET /signin redirects to /mbkauthe/login', async () => {
+      const response = await request(BASE_URL)
+        .get('/signin')
+        .redirects(0);
+      expect(response.status).toBe(302);
+      expect(response.headers.location).toContain('/mbkauthe/login');
+    });
+  });
+  describe('Authentication Pages', () => {
+    test('GET /mbkauthe/login contains loginUsername input', async () => {
+      const response = await request(BASE_URL).get('/mbkauthe/login');
+      expect(response.status).toBe(200);
+      expect(response.text).toMatch(/id\s*=\s*["']loginUsername["']/i);
+    });
+    test('GET /mbkauthe/2fa contains token input or redirects', async () => {
+      const response = await request(BASE_URL)
+        .get('/mbkauthe/2fa')
+        .redirects(0);
+      if (response.status === 302) {
+        expect(response.headers.location).toContain('/mbkauthe/login');
+      } else {
+        expect(response.status).toBe(200);
+        expect(response.text).toMatch(/id\s*=\s*["']token["']/i);
+      }
+    });
+  });
+  describe('Info Pages', () => {
+    test.each([
+      ['/mbkauthe/info', 'info page'],
+      ['/mbkauthe/i', 'info short page'],
+    ])('GET %s contains CurrentVersion div', async (path, desc) => {
+      const response = await request(BASE_URL).get(path);
+      expect(response.status).toBe(200);
+      expect(response.text).toMatch(/id\s*=\s*["']CurrentVersion["']/i);
+    });
+    test('GET /mbkauthe/ErrorCode contains error-603 div', async () => {
+      const response = await request(BASE_URL).get('/mbkauthe/ErrorCode');
+      expect(response.status).toBe(200);
+      expect(response.text).toMatch(/id\s*=\s*["']error-603["']/i);
+    });
+  });
+  describe('Static Assets', () => {
+    test('GET /mbkauthe/main.js returns JavaScript', async () => {
+      const response = await request(BASE_URL).get('/mbkauthe/main.js');
+      expect(response.status).toBe(200);
+      expect(response.headers['content-type']).toContain('javascript');
+    });
+    test('GET /icon.svg returns SVG content', async () => {
+      const response = await request(BASE_URL).get('/icon.svg');
+      expect(response.status).toBe(200);
+      expect(response.text || response.body.toString()).toMatch(/<svg|SVG/);
+    });
+    test.each([
+      ['/favicon.ico', 'favicon'],
+      ['/icon.ico', 'icon'],
+    ])('GET %s returns ICO content', async (path, desc) => {
+      const response = await request(BASE_URL).get(path);
+      expect(response.status).toBe(200);
+    });
+    test('GET /mbkauthe/bg.webp returns WEBP content', async () => {
+      const response = await request(BASE_URL).get('/mbkauthe/bg.webp');
+      expect(response.status).toBe(200);
+      expect(response.headers['content-type']).toContain('image/webp');
+    });
+  });
+  describe('Protected Routes', () => {
+    test('GET /mbkauthe/test responds appropriately', async () => {
+      const response = await request(BASE_URL).get('/mbkauthe/test');
+      expect([200, 302, 401, 403, 429]).toContain(response.status);
+    });
+  });
+  describe('OAuth Routes', () => {
+    test('GET /mbkauthe/api/github/login handles GitHub OAuth', async () => {
+      const response = await request(BASE_URL)
+        .get('/mbkauthe/api/github/login')
+        .redirects(0);
+      expect([200, 302, 500, 429]).toContain(response.status);
+      if (response.status === 302) {
+        const location = response.headers.location;
+        expect(location).toMatch(/github\.com|login/);
+      }
+    });
+    test('GET /mbkauthe/api/github/login/callback handles callback', async () => {
+      const response = await request(BASE_URL).get('/mbkauthe/api/github/login/callback');
+      expect([200, 302, 400, 401, 429]).toContain(response.status);
+    });
+  });
+  describe('API Endpoints', () => {
+    test('POST /mbkauthe/api/login handles login API', async () => {
+      const response = await request(BASE_URL)
+        .post('/mbkauthe/api/login')
+        .send({ username: 'test', password: 'test' });
+      expect([200, 400, 401, 403, 429]).toContain(response.status);
+      expect(response.headers['content-type']).toContain('application/json');
+    });
+    test('POST /mbkauthe/api/verify-2fa handles 2FA API', async () => {
+      const { csrfToken, cookies } = await getCSRFTokenAndCookies();
+      const response = await request(BASE_URL)
+        .post('/mbkauthe/api/verify-2fa')
+        .set('Cookie', cookies)
+        .send({ token: '123456', _csrf: csrfToken });
+      expect([200, 400, 401, 403, 429]).toContain(response.status);
+      expect(response.headers['content-type']).toContain('application/json');
+    });
+    test('POST /mbkauthe/api/terminateAllSessions handles session termination', async () => {
+      const { csrfToken, cookies } = await getCSRFTokenAndCookies();
+      const response = await request(BASE_URL)
+        .post('/mbkauthe/api/terminateAllSessions')
+        .set('Cookie', cookies)
+        .send({ _csrf: csrfToken });
+      expect([200, 400, 401, 403, 429]).toContain(response.status);
+      if (response.status === 401) {
+        expect(response.headers['content-type']).not.toContain('application/json');
+      } else {
+        expect(response.headers['content-type']).toContain('application/json');
+      }
+    });
+  });
+});