move API protection check into hooks, adjusting corresponding tests

2025-11-04 09:22:53 +01:00
parent 3c16bc89e5
commit fd907c9851
10 changed files with 47 additions and 74 deletions
--- a/tests/api/API_Protection.test.ts
+++ b/tests/api/API_Protection.test.ts
@@ -0,0 +1,37 @@
+import { describe, test, expect, vi } from 'vitest';
+import { handle } from '../../src/hooks.server';
+
+const event = {
+    url: new URL("http://localhost/api/list"),
+    cookies: { get: vi.fn(() => null) },
+    locals: {user: null}
+};
+
+vi.mock('$lib/auth', () => ({
+    decryptToken: vi.fn()
+}));
+
+describe('API-Endpoints: Zugangs-Mechanismus', () => {
+    test('Unautorisierter Zugriff', async () => {
+        const resolve = vi.fn();
+
+        const response = await handle({ event, resolve });
+
+        expect(response.status).toBe(401);
+        const body = await response.json();
+        expect(body.error).toBe('Unauthorized');
+        expect(resolve).not.toHaveBeenCalled();
+    });
+
+    test('Authentifizierter Zugriff', async () => {
+        event.locals = {user: { id: 'admin', admin: true }}
+
+        const resolve = vi.fn(() => new Response('ok', { status: 200 }));
+
+        const response = await handle({ event, resolve });
+
+        expect(response.status).toBe(200);
+        expect(await response.text()).toBe('ok');
+        expect(resolve).toHaveBeenCalled();
+    });
+})
--- a/tests/api/List.test.ts
+++ b/tests/api/List.test.ts
@@ -14,21 +14,6 @@ const event = {
 };

 describe('API-Endpoints: list', () => {
-	test('Unerlaubter Zugriff', async () => {
-		const event = {
-			locals: {
-				user: null
-			}
-		};
-
-		const response = await GET(event);
-		expect(response.status).toBe(401);
-
-		const json = await response.json();
-		const errorObj = { error: 'Unauthorized' };
-		expect(json).toEqual(errorObj);
-	});
-
 	test('Leere Liste wenn keine Vorgänge existieren', async () => {
 		vi.mocked(getVorgaenge).mockReturnValueOnce([]);

--- a/tests/api/ListVorgang.test.ts
+++ b/tests/api/ListVorgang.test.ts
@@ -31,21 +31,6 @@ const MockEvent = {
 };

 describe('API-Endpoints: list/[vorgang]', () => {
-	test('Unerlaubter Zugriff', async () => {
-		const event = {
-			locals: {
-				user: null
-			}
-		};
-
-		const response = await GET(event);
-		expect(response.status).toBe(401);
-
-		const json = await response.json();
-		const errorObj = { error: 'Unauthorized' };
-		expect(json).toEqual(errorObj);
-	});
-
 	test('Vorgang ohne Tatorte', async () => {
 		const testCrimesList = [];

--- a/tests/api/Users.test.ts
+++ b/tests/api/Users.test.ts
@@ -16,21 +16,6 @@ vi.mock('bcrypt', () => ({
 }));

 describe('API-Endpoint: Users', () => {
-	test('Unerlaubter Zugriff', async () => {
-		const event = {
-			locals: {
-				user: null
-			}
-		};
-
-		const response = await GET(event);
-		expect(response.status).toBe(401);
-
-		const errorMessage = { error: 'Unauthorized' };
-		const json = await response.json();
-		expect(json).toEqual(errorMessage);
-	});
-
 	// [INFO] Test auf keine User nicht notwendig, da immer min. ein User vorhanden

 	// Mock eingelogter User bzw. stelle locals.user zur Verfügung