msw: Implement DELETE /api/v1/me/tokens/:tokenId request handler

Turbo87 · Turbo87 · commit 6adbf6f54907 · 2025-01-22T15:37:18.000+01:00
diff --git a/packages/crates-io-msw/handlers/api-tokens.js b/packages/crates-io-msw/handlers/api-tokens.js
@@ -1,4 +1,5 @@
 import createToken from './api-tokens/create.js';
+import deleteToken from './api-tokens/delete.js';
 import listTokens from './api-tokens/list.js';
 
-export default [createToken, listTokens];
+export default [createToken, listTokens, deleteToken];
diff --git a/packages/crates-io-msw/handlers/api-tokens/delete.js b/packages/crates-io-msw/handlers/api-tokens/delete.js
@@ -0,0 +1,21 @@
+import { http, HttpResponse } from 'msw';
+
+import { db } from '../../index.js';
+import { getSession } from '../../utils/session.js';
+
+export default http.delete('/api/v1/me/tokens/:tokenId', async ({ params }) => {
+  let { user } = getSession();
+  if (!user) {
+    return HttpResponse.json({ errors: [{ detail: 'must be logged in to perform that action' }] }, { status: 403 });
+  }
+
+  let { tokenId } = params;
+  db.apiToken.delete({
+    where: {
+      id: { equals: parseInt(tokenId) },
+      user: { id: { equals: user.id } },
+    },
+  });
+
+  return HttpResponse.json({});
+});
diff --git a/packages/crates-io-msw/handlers/api-tokens/delete.test.js b/packages/crates-io-msw/handlers/api-tokens/delete.test.js
@@ -0,0 +1,28 @@
+import { assert, test } from 'vitest';
+
+import { db } from '../../index.js';
+
+test('revokes an API token', async function () {
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  let token = db.apiToken.create({ user });
+
+  let response = await fetch(`/api/v1/me/tokens/${token.id}`, { method: 'DELETE' });
+  assert.strictEqual(response.status, 200);
+  assert.deepEqual(await response.json(), {});
+
+  let tokens = db.apiToken.findMany({});
+  assert.strictEqual(tokens.length, 0);
+});
+
+test('returns an error if unauthenticated', async function () {
+  let user = db.user.create();
+  let token = db.apiToken.create({ user });
+
+  let response = await fetch(`/api/v1/me/tokens/${token.id}`, { method: 'DELETE' });
+  assert.strictEqual(response.status, 403);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'must be logged in to perform that action' }],
+  });
+});
