|
| 1 | +import { describe, it, expect, vi, beforeEach, afterEach } from "vitest"; |
| 2 | +import { isValidSession, createSession } from "./token-auth"; |
| 3 | + |
| 4 | +// Mock dependencies |
| 5 | +vi.mock("../config/env-config", () => ({ |
| 6 | + authConfig: { |
| 7 | + strictSessionIp: true, |
| 8 | + }, |
| 9 | + serverConfig: { |
| 10 | + nodeEnv: "development", |
| 11 | + }, |
| 12 | +})); |
| 13 | + |
| 14 | +vi.mock("../utils/logger", () => ({ |
| 15 | + loggers: { |
| 16 | + server: { |
| 17 | + warn: vi.fn(), |
| 18 | + }, |
| 19 | + }, |
| 20 | +})); |
| 21 | + |
| 22 | +describe("token-auth", () => { |
| 23 | + describe("isValidSession", () => { |
| 24 | + beforeEach(() => { |
| 25 | + vi.useFakeTimers(); |
| 26 | + // Set an initial time so we can easily advance it |
| 27 | + vi.setSystemTime(new Date(2024, 1, 1, 12, 0, 0)); |
| 28 | + }); |
| 29 | + |
| 30 | + afterEach(() => { |
| 31 | + vi.useRealTimers(); |
| 32 | + vi.clearAllMocks(); |
| 33 | + }); |
| 34 | + |
| 35 | + it("should return false for a non-existent session ID", () => { |
| 36 | + const result = isValidSession("non-existent-session-id", "127.0.0.1"); |
| 37 | + expect(result).toBe(false); |
| 38 | + }); |
| 39 | + |
| 40 | + it("should return true for a valid session ID and matching IP", () => { |
| 41 | + const ip = "192.168.1.100"; |
| 42 | + const sessionId = createSession(ip); |
| 43 | + |
| 44 | + const result = isValidSession(sessionId, ip); |
| 45 | + expect(result).toBe(true); |
| 46 | + }); |
| 47 | + |
| 48 | + it("should return false when the session is expired", () => { |
| 49 | + const ip = "10.0.0.5"; |
| 50 | + const sessionId = createSession(ip); |
| 51 | + |
| 52 | + // Advance time by 24 hours + 1 ms (SESSION_DURATION is 24 hours) |
| 53 | + vi.advanceTimersByTime(24 * 60 * 60 * 1000 + 1); |
| 54 | + |
| 55 | + const result = isValidSession(sessionId, ip); |
| 56 | + expect(result).toBe(false); |
| 57 | + |
| 58 | + // Verify the session was deleted by checking it again (should return false and not delete again since it's already gone) |
| 59 | + const resultAgain = isValidSession(sessionId, ip); |
| 60 | + expect(resultAgain).toBe(false); |
| 61 | + }); |
| 62 | + |
| 63 | + it("should return false for a valid session but mismatched IP when strictSessionIp is true", () => { |
| 64 | + const ip = "192.168.1.100"; |
| 65 | + const differentIp = "192.168.1.200"; |
| 66 | + const sessionId = createSession(ip); |
| 67 | + |
| 68 | + const result = isValidSession(sessionId, differentIp); |
| 69 | + expect(result).toBe(false); |
| 70 | + }); |
| 71 | + |
| 72 | + it("should return true for a valid session and mismatched IP when strictSessionIp is false", async () => { |
| 73 | + // Need to dynamically mock authConfig for this specific test |
| 74 | + const { authConfig } = await import("../config/env-config"); |
| 75 | + authConfig.strictSessionIp = false; |
| 76 | + |
| 77 | + const ip = "192.168.1.100"; |
| 78 | + const differentIp = "192.168.1.200"; |
| 79 | + const sessionId = createSession(ip); |
| 80 | + |
| 81 | + const result = isValidSession(sessionId, differentIp); |
| 82 | + expect(result).toBe(true); |
| 83 | + |
| 84 | + // Restore strictSessionIp for other tests |
| 85 | + authConfig.strictSessionIp = true; |
| 86 | + }); |
| 87 | + }); |
| 88 | +}); |
0 commit comments