Merge pull request #38 from Patrick-Ehimen/feat/auth-tests

Add comprehensive auth module tests

Author: Patrick-Ehimen

apps/mcp-server/src/auth/__tests__/AuthManager.test.ts

@@ -0,0 +1,220 @@
+/**
+ * Tests for AuthManager
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { AuthManager } from "../AuthManager.js";
+import { AuthConfig } from "../types.js";
+
+describe("AuthManager", () => {
+  let authManager: AuthManager;
+  let config: AuthConfig;
+
+  beforeEach(() => {
+    config = {
+      defaultApiKey: "default-api-key-12345",
+      enablePerRequestAuth: true,
+      requireAuthentication: true,
+      keyValidationCache: {
+        enabled: true,
+        maxSize: 100,
+        ttlSeconds: 300,
+        cleanupIntervalSeconds: 0,
+      },
+      rateLimiting: {
+        enabled: true,
+        requestsPerMinute: 60,
+        burstLimit: 10,
+        keyBasedLimiting: true,
+      },
+    };
+    authManager = new AuthManager(config);
+  });
+
+  afterEach(() => {
+    authManager.destroy();
+  });
+
+  describe("validateApiKey", () => {
+    it("should validate API key with correct format", async () => {
+      const apiKey = "valid-api-key-12345";
+      const result = await authManager.validateApiKey(apiKey);
+
+      expect(result.isValid).toBe(true);
+      expect(result.keyHash).toBeDefined();
+      expect(result.errorMessage).toBeUndefined();
+    });
+
+    it("should reject API key with invalid format", async () => {
+      const apiKey = "short";
+      const result = await authManager.validateApiKey(apiKey);
+
+      expect(result.isValid).toBe(false);
+      expect(result.errorMessage).toBe("Invalid API key format");
+    });
+
+    it("should cache validation results", async () => {
+      const apiKey = "valid-api-key-12345";
+
+      const result1 = await authManager.validateApiKey(apiKey);
+      const result2 = await authManager.validateApiKey(apiKey);
+
+      expect(result1).toEqual(result2);
+    });
+
+    it("should enforce rate limiting", async () => {
+      const limitedConfig: AuthConfig = {
+        ...config,
+        keyValidationCache: {
+          enabled: false, // Disable cache to test rate limiting
+          maxSize: 100,
+          ttlSeconds: 300,
+          cleanupIntervalSeconds: 0,
+        },
+        rateLimiting: {
+          enabled: true,
+          requestsPerMinute: 2,
+          burstLimit: 2,
+          keyBasedLimiting: true,
+        },
+      };
+      const limitedManager = new AuthManager(limitedConfig);
+
+      const apiKey = "test-api-key-12345";
+
+      // First two requests should succeed
+      const result1 = await limitedManager.validateApiKey(apiKey);
+      expect(result1.isValid).toBe(true);
+
+      const result2 = await limitedManager.validateApiKey(apiKey);
+      expect(result2.isValid).toBe(true);
+
+      // Third request should be rate limited
+      const result3 = await limitedManager.validateApiKey(apiKey);
+      expect(result3.isValid).toBe(false);
+      expect(result3.errorMessage).toBe("Rate limit exceeded");
+
+      limitedManager.destroy();
+    });
+  });
+
+  describe("getEffectiveApiKey", () => {
+    it("should return request key when provided", async () => {
+      const requestKey = "request-api-key-12345";
+      const effectiveKey = await authManager.getEffectiveApiKey(requestKey);
+
+      expect(effectiveKey).toBe(requestKey);
+    });
+
+    it("should return default key when no request key provided", async () => {
+      const effectiveKey = await authManager.getEffectiveApiKey();
+
+      expect(effectiveKey).toBe("default-api-key-12345");
+    });
+
+    it("should throw error when no key available and authentication required", async () => {
+      const noDefaultConfig: AuthConfig = {
+        ...config,
+        defaultApiKey: undefined,
+      };
+      const noDefaultManager = new AuthManager(noDefaultConfig);
+
+      await expect(noDefaultManager.getEffectiveApiKey()).rejects.toThrow("API key is required");
+
+      noDefaultManager.destroy();
+    });
+  });
+
+  describe("authenticate", () => {
+    it("should authenticate with valid request key", async () => {
+      const requestKey = "valid-request-key-12345";
+      const result = await authManager.authenticate(requestKey);
+
+      expect(result.success).toBe(true);
+      expect(result.usedFallback).toBe(false);
+      expect(result.keyHash).toBeDefined();
+      expect(result.authTime).toBeGreaterThanOrEqual(0);
+    });
+
+    it("should authenticate with fallback key", async () => {
+      const result = await authManager.authenticate();
+
+      expect(result.success).toBe(true);
+      expect(result.usedFallback).toBe(true);
+      expect(result.keyHash).toBeDefined();
+    });
+
+    it("should fail authentication with invalid key", async () => {
+      const invalidKey = "bad";
+      const result = await authManager.authenticate(invalidKey);
+
+      expect(result.success).toBe(false);
+      expect(result.errorMessage).toBeDefined();
+    });
+
+    it("should track authentication time", async () => {
+      const result = await authManager.authenticate("valid-key-12345");
+
+      expect(result.authTime).toBeGreaterThanOrEqual(0);
+      expect(result.authTime).toBeLessThan(1000); // Should be fast
+    });
+  });
+
+  describe("sanitizeApiKey", () => {
+    it("should sanitize API key for logging", () => {
+      const apiKey = "test-api-key-12345678";
+      const sanitized = authManager.sanitizeApiKey(apiKey);
+
+      expect(sanitized).toBe("test...5678");
+      expect(sanitized).not.toContain("api-key");
+    });
+  });
+
+  describe("isRateLimited", () => {
+    it("should check if key is rate limited", async () => {
+      const apiKey = "test-api-key-12345";
+
+      const isLimited = authManager.isRateLimited(apiKey);
+      expect(isLimited).toBe(false);
+    });
+  });
+
+  describe("invalidateKey", () => {
+    it("should invalidate cached key", async () => {
+      const apiKey = "valid-api-key-12345";
+
+      // Validate and cache
+      await authManager.validateApiKey(apiKey);
+
+      // Invalidate
+      authManager.invalidateKey(apiKey);
+
+      // Should validate again (not from cache)
+      const result = await authManager.validateApiKey(apiKey);
+      expect(result.isValid).toBe(true);
+    });
+  });
+
+  describe("getCacheStats", () => {
+    it("should return cache statistics", async () => {
+      await authManager.validateApiKey("key1-valid-12345");
+      await authManager.validateApiKey("key2-valid-12345");
+
+      const stats = authManager.getCacheStats();
+
+      expect(stats.size).toBeGreaterThanOrEqual(0);
+      expect(stats.maxSize).toBe(100);
+    });
+  });
+
+  describe("getRateLimitStatus", () => {
+    it("should return rate limit status for key", () => {
+      const apiKey = "test-api-key-12345";
+      const status = authManager.getRateLimitStatus(apiKey);
+
+      expect(status.allowed).toBe(true);
+      expect(status.remaining).toBeGreaterThan(0);
+      expect(status.resetTime).toBeInstanceOf(Date);
+    });
+  });
+});

apps/mcp-server/src/auth/__tests__/KeyValidationCache.test.ts

@@ -0,0 +1,146 @@
+/**
+ * Tests for KeyValidationCache
+ */
+
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { KeyValidationCache } from "../KeyValidationCache.js";
+import { CacheConfig, ValidationResult } from "../types.js";
+
+describe("KeyValidationCache", () => {
+  let cache: KeyValidationCache;
+  let config: CacheConfig;
+
+  beforeEach(() => {
+    config = {
+      enabled: true,
+      maxSize: 10,
+      ttlSeconds: 60,
+      cleanupIntervalSeconds: 0, // Disable auto-cleanup for tests
+    };
+    cache = new KeyValidationCache(config);
+  });
+
+  afterEach(() => {
+    cache.destroy();
+  });
+
+  describe("get and set", () => {
+    it("should store and retrieve validation results", () => {
+      const keyHash = "test-hash-123";
+      const result: ValidationResult = {
+        isValid: true,
+        keyHash,
+      };
+
+      cache.set(keyHash, result);
+      const retrieved = cache.get(keyHash);
+
+      expect(retrieved).toEqual(result);
+    });
+
+    it("should return null for non-existent keys", () => {
+      const retrieved = cache.get("non-existent");
+
+      expect(retrieved).toBeNull();
+    });
+
+    it("should return null when cache is disabled", () => {
+      const disabledCache = new KeyValidationCache({ ...config, enabled: false });
+      const keyHash = "test-hash";
+      const result: ValidationResult = { isValid: true, keyHash };
+
+      disabledCache.set(keyHash, result);
+      const retrieved = disabledCache.get(keyHash);
+
+      expect(retrieved).toBeNull();
+      disabledCache.destroy();
+    });
+  });
+
+  describe("TTL expiration", () => {
+    it("should expire entries after TTL", async () => {
+      const shortTTLConfig: CacheConfig = {
+        ...config,
+        ttlSeconds: 0.1, // 100ms
+      };
+      const shortCache = new KeyValidationCache(shortTTLConfig);
+
+      const keyHash = "test-hash";
+      const result: ValidationResult = { isValid: true, keyHash };
+
+      shortCache.set(keyHash, result);
+
+      // Should be available immediately
+      expect(shortCache.get(keyHash)).toEqual(result);
+
+      // Wait for expiration
+      await new Promise((resolve) => setTimeout(resolve, 150));
+
+      // Should be expired
+      expect(shortCache.get(keyHash)).toBeNull();
+
+      shortCache.destroy();
+    });
+  });
+
+  describe("LRU eviction", () => {
+    it("should evict least recently used entry when cache is full", () => {
+      const smallCache = new KeyValidationCache({ ...config, maxSize: 3 });
+
+      // Fill cache
+      smallCache.set("key1", { isValid: true, keyHash: "key1" });
+      smallCache.set("key2", { isValid: true, keyHash: "key2" });
+      smallCache.set("key3", { isValid: true, keyHash: "key3" });
+
+      // Access key2 to make it more recently used
+      smallCache.get("key2");
+
+      // Add new entry, should evict key1 (least recently used)
+      smallCache.set("key4", { isValid: true, keyHash: "key4" });
+
+      expect(smallCache.get("key1")).toBeNull();
+      expect(smallCache.get("key2")).not.toBeNull();
+      expect(smallCache.get("key3")).not.toBeNull();
+      expect(smallCache.get("key4")).not.toBeNull();
+
+      smallCache.destroy();
+    });
+  });
+
+  describe("invalidate", () => {
+    it("should remove specific key from cache", () => {
+      const keyHash = "test-hash";
+      const result: ValidationResult = { isValid: true, keyHash };
+
+      cache.set(keyHash, result);
+      expect(cache.get(keyHash)).toEqual(result);
+
+      cache.invalidate(keyHash);
+      expect(cache.get(keyHash)).toBeNull();
+    });
+  });
+
+  describe("clear", () => {
+    it("should remove all entries from cache", () => {
+      cache.set("key1", { isValid: true, keyHash: "key1" });
+      cache.set("key2", { isValid: true, keyHash: "key2" });
+
+      cache.clear();
+
+      expect(cache.get("key1")).toBeNull();
+      expect(cache.get("key2")).toBeNull();
+    });
+  });
+
+  describe("getStats", () => {
+    it("should return cache statistics", () => {
+      cache.set("key1", { isValid: true, keyHash: "key1" });
+      cache.set("key2", { isValid: true, keyHash: "key2" });
+
+      const stats = cache.getStats();
+
+      expect(stats.size).toBe(2);
+      expect(stats.maxSize).toBe(10);
+    });
+  });
+});