msw: Implement GET /api/v1/me/tokens request handler

Author: Turbo87

packages/crates-io-msw/handlers/api-tokens.js

@@ -1,3 +1,4 @@
 import createToken from './api-tokens/create.js';
+import listTokens from './api-tokens/list.js';
 
-export default [createToken];
+export default [createToken, listTokens];

packages/crates-io-msw/handlers/api-tokens/list.js

@@ -0,0 +1,30 @@
+import { http, HttpResponse } from 'msw';
+
+import { db } from '../../index.js';
+import { serializeApiToken } from '../../serializers/api-token.js';
+import { getSession } from '../../utils/session.js';
+
+export default http.get('/api/v1/me/tokens', async ({ request }) => {
+  let url = new URL(request.url);
+
+  let { user } = getSession();
+  if (!user) {
+    return HttpResponse.json({ errors: [{ detail: 'must be logged in to perform that action' }] }, { status: 403 });
+  }
+
+  let expiredAfter = new Date();
+  if (url.searchParams.has('expired_days')) {
+    expiredAfter.setUTCDate(expiredAfter.getUTCDate() - url.searchParams.get('expired_days'));
+  }
+
+  let apiTokens = db.apiToken
+    .findMany({
+      where: { user: { id: { equals: user.id } } },
+      orderBy: { id: 'desc' },
+    })
+    .filter(token => !token.expiredAt || new Date(token.expiredAt) > expiredAfter);
+
+  return HttpResponse.json({
+    api_tokens: apiTokens.map(token => serializeApiToken(token)),
+  });
+});

packages/crates-io-msw/handlers/api-tokens/list.test.js

@@ -0,0 +1,78 @@
+import { afterEach, assert, beforeEach, test, vi } from 'vitest';
+
+import { db } from '../../index.js';
+
+beforeEach(() => {
+  vi.useFakeTimers();
+  vi.setSystemTime(new Date('2017-11-20T12:00:00'));
+});
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+test('returns the list of API token for the authenticated `user`', async function () {
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  db.apiToken.create({
+    user,
+    createdAt: '2017-11-19T12:59:22Z',
+    crateScopes: ['serde', 'serde-*'],
+    endpointScopes: ['publish-update'],
+  });
+  db.apiToken.create({ user, createdAt: '2017-11-19T13:59:22Z', expiredAt: '2023-11-20T10:59:22Z' });
+  db.apiToken.create({ user, createdAt: '2017-11-19T14:59:22Z' });
+  db.apiToken.create({ user, createdAt: '2017-11-19T15:59:22Z', expiredAt: '2017-11-20T10:59:22Z' });
+
+  let response = await fetch('/api/v1/me/tokens');
+  assert.strictEqual(response.status, 200);
+  assert.deepEqual(await response.json(), {
+    api_tokens: [
+      {
+        id: 3,
+        crate_scopes: null,
+        created_at: '2017-11-19T14:59:22.000Z',
+        endpoint_scopes: null,
+        expired_at: null,
+        last_used_at: null,
+        name: 'API Token 3',
+      },
+      {
+        id: 2,
+        crate_scopes: null,
+        created_at: '2017-11-19T13:59:22.000Z',
+        endpoint_scopes: null,
+        expired_at: '2023-11-20T10:59:22.000Z',
+        last_used_at: null,
+        name: 'API Token 2',
+      },
+      {
+        id: 1,
+        crate_scopes: ['serde', 'serde-*'],
+        created_at: '2017-11-19T12:59:22.000Z',
+        endpoint_scopes: ['publish-update'],
+        expired_at: null,
+        last_used_at: null,
+        name: 'API Token 1',
+      },
+    ],
+  });
+});
+
+test('empty list case', async function () {
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  let response = await fetch('/api/v1/me/tokens');
+  assert.strictEqual(response.status, 200);
+  assert.deepEqual(await response.json(), { api_tokens: [] });
+});
+
+test('returns an error if unauthenticated', async function () {
+  let response = await fetch('/api/v1/me/tokens');
+  assert.strictEqual(response.status, 403);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'must be logged in to perform that action' }],
+  });
+});