feat: vitest setup + auth middleware — token invalide et absent → 401

2026-03-14 23:19:45 +01:00
parent 01d347bce3
commit 9f53193c7c
4 changed files with 1851 additions and 5 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -10,7 +10,8 @@
    "migration:generate": "npm run typeorm -- migration:generate",
    "migration:run": "npm run typeorm -- migration:run",
    "migration:revert": "npm run typeorm -- migration:revert",
-    "seed:videos": "ts-node --transpile-only src/seeds/videos.ts"
+    "seed:videos": "ts-node --transpile-only src/seeds/videos.ts",
+    "test": "vitest run"
  },
  "dependencies": {
    "bcrypt": "^5.1.1",
@@ -18,11 +19,13 @@
    "cors": "^2.8.5",
    "dotenv": "^16.4.5",
    "express": "^4.18.3",
+    "express-rate-limit": "^8.3.1",
    "jsonwebtoken": "^9.0.2",
    "multer": "^2.1.1",
    "mysql2": "^3.9.3",
    "reflect-metadata": "^0.2.2",
-    "typeorm": "^0.3.20"
+    "typeorm": "^0.3.20",
+    "winston": "^3.19.0"
  },
  "devDependencies": {
    "@types/bcrypt": "^5.0.2",
@@ -32,8 +35,12 @@
    "@types/jsonwebtoken": "^9.0.6",
    "@types/multer": "^2.1.0",
    "@types/node": "^20.12.2",
+    "@types/supertest": "^7.2.0",
+    "@types/winston": "^2.4.4",
+    "supertest": "^7.2.2",
    "ts-node": "^10.9.2",
    "ts-node-dev": "^2.0.0",
-    "typescript": "^5.4.3"
+    "typescript": "^5.4.3",
+    "vitest": "^4.1.0"
  }
 }
--- a/backend/tests/auth.middleware.test.ts
+++ b/backend/tests/auth.middleware.test.ts
@@ -0,0 +1,54 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import express, { Request, Response } from "express";
+import request from "supertest";
+import cookieParser from "cookie-parser";
+import { requireAuth } from "../src/middleware/auth.middleware";
+
+function buildApp() {
+  const app = express();
+  app.use(express.json());
+  app.use(cookieParser());
+  app.get("/protected", requireAuth, (_req: Request, res: Response) => {
+    res.json({ success: true });
+  });
+  return app;
+}
+
+describe("requireAuth middleware", () => {
+  beforeEach(() => {
+    process.env.SUPER_OAUTH_URL = "http://fake-oauth";
+  });
+
+  afterEach(() => {
+    vi.unstubAllGlobals();
+    delete process.env.SUPER_OAUTH_URL;
+  });
+
+  it("retourne 401 quand le token est invalide (SuperOAuth répond valid: false)", async () => {
+    vi.stubGlobal(
+      "fetch",
+      vi.fn().mockResolvedValue({
+        ok: true,
+        json: async () => ({ success: true, data: { valid: false } }),
+      })
+    );
+
+    const res = await request(buildApp())
+      .get("/protected")
+      .set("Authorization", "Bearer invalid-token");
+
+    expect(res.status).toBe(401);
+    expect(res.body.error).toBeDefined();
+  });
+
+  it("retourne 401 quand aucun cookie ni header Authorization", async () => {
+    const fetchMock = vi.fn();
+    vi.stubGlobal("fetch", fetchMock);
+
+    const res = await request(buildApp()).get("/protected");
+
+    expect(res.status).toBe(401);
+    expect(res.body.message).toBe("Access token required");
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+});
--- a/backend/vitest.config.ts
+++ b/backend/vitest.config.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    environment: "node",
+    globals: true,
+  },
+});