singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/src/tests/integration/web-auth-token.test.ts
Iouri Goussev b6e105b058 perf(test): compile unit tests with esbuild, reclassify integration tests, fix node_modules symlink (#2809) 
* fix(test): wire src/resources/extensions/shared/tests/ into test:unit runner

The test:unit glob excluded src/resources/extensions/shared/tests/ entirely,
leaving format-utils.test.ts (and any future tests there) silently unfired.

- Add shared/tests/*.test.ts to the test:unit glob in package.json
- Export newestSrcMtime from ensure-workspace-builds.cjs (require.main guard
  prevents side-effects on require) so the staleness logic can be tested
- Add src/tests/ensure-workspace-builds.test.ts covering newestSrcMtime:
  non-existent dir, no .ts files, single file, max of multiple, recursion,
  node_modules skip

Closes #2808

* perf(test): compile unit tests with esbuild and fix dist-test/node_modules

Replace per-file --experimental-strip-types with a single esbuild compilation
step (scripts/compile-tests.mjs) that compiles all src/ TypeScript to dist-test/
in ~3s, then runs the pre-compiled JS. Eliminates ~1.7s Node startup overhead
per test file.

- scripts/compile-tests.mjs: esbuild compilation, asset copy, .ts→.js rewrite,
  stale file cleanup; creates dist-test/node_modules symlink so resource-loader.ts
  resolves gsdNodeModules to a real path (fixes node-modules-symlink test failure)
- scripts/dist-test-resolve.mjs: ESM loader hook for @gsd/* bare specifiers and
  .ts→.js fallback rewriting at runtime
- .gitignore: exclude dist-test/ from version control
- package.json: add test:compile script; update test:unit to compile-then-run;
  update test:integration globs to cover new integration/ subdirectories
- worker-registry.ts: unref() cleanup timer so it does not keep the Node process
  alive after tests complete

Closes #2858

* fix(test): update relative imports in tests/integration/ after directory move

When tests were moved from tests/ to tests/integration/ in the previous
commit, relative imports weren't updated. ../foo now resolves one level
too shallow.

Fix all 117 import paths across 43 test files:
- ../foo → ../../foo (source files at gsd/ level)
- ../../get-secrets-from-user.ts → ../../../ (at extensions/ level)
- ../../subagent/worker-registry.ts → ../../../ (at extensions/ level)
- ./marketplace-test-fixtures.js → ../marketplace-test-fixtures.ts
- ./test-helpers.ts → ../test-helpers.ts

typecheck:extensions now passes with zero errors.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(integration): set 10-minute timeout for integration test runner

build job takes ~7min on main. Without a global timeout, hanging tests
block the suite indefinitely. --test-timeout=600000 caps each test at 10min.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Revert "test(integration): set 10-minute timeout for integration test runner"

This reverts commit be77ead77d369ad8569292ae6b69ba56435f5433.

* fix(test): correct formatDuration(0) edge case and docker test root path

- formatDuration(0) now returns '0s' instead of '0ms' by guarding the
  sub-second branch with ms > 0
- docker-template.test.ts root path goes ../../.. from dist-test/src/tests/
  to reach project root instead of landing in dist-test/
- replace require() calls in skill-health.ts and visualizer-overlay.ts
  with proper ES module imports

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(test): correct relative import paths in integration tests

All affected tests were one directory level off — importing from ../web/
and ../resources/ when the correct paths are ../../web/ and ../../resources/.
Tests live at src/tests/integration/, not src/tests/.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(test): add esbuild to root devDeps and wire dist-test-resolve hook

P1: esbuild was only in web/package.json — compile-tests.mjs requires it
at the root node_modules path, so CI failed on clean installs.

P2: dist-test-resolve.mjs existed but was never loaded; @gsd/* imports in
compiled tests resolved to installed workspace packages instead of freshly
compiled dist-test output. Add --import to test:unit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(deps): align esbuild version with lock file (0.25.12)

^0.27.4 didn't satisfy the existing lock file entry. Use the version
already present so npm ci passes without regenerating the lock file.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(test): correct all relative import depths in src/tests/integration/

Tests in src/tests/integration/ need 3 levels up (../../..) to reach
project-root dirs (web/, packages/) and 2 levels up (../..) to reach
src-level dirs (src/web/, src/cli-web-branch.ts).

Fixes:
- ../../web/lib/ → ../../../web/lib/   (Next.js app, not src/web/)
- ../../web/app/ → ../../../web/app/
- ../../packages/ → ../../../packages/
- ../cli-web-branch.ts → ../../cli-web-branch.ts
- ../web-mode.ts → ../../web-mode.ts
- ../resources/extensions/ → ../../resources/extensions/
- ci_monitor ROOT path: 2 levels up → 3 levels up
- web-responsive WEB_ROOT: 2 levels up → 3 levels up

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(test): use dot reporter for test:unit to reduce noise

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(test): switch test:unit reporter to tap

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(test): compact test reporter — silent on pass, failures + summary only

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(test): include shared/tests in test:coverage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(test): correct path depths in tests moved to integration/

Tests moved from tests/ to tests/integration/ need one extra ../
to reach the same source files. Also fix web component paths — those
files live at web/ not src/web/.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(test): fix web component paths in web-session-parity-contract

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(test): use process.cwd() for project root in docker-template test

Resolving relative to __dirname breaks under test:coverage which runs
source files directly from src/tests/ — needs ../.. not ../../..
(the extra level only exists in the compiled dist-test/ output).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* ci: retrigger CI

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 14:51:49 -06:00

87 lines
4.1 KiB
TypeScript
Raw Blame History

/**
* Tests for the web auth token flow (web/lib/auth.ts).
*
* The auth module runs in the browser, so we verify the source code contains
* the expected patterns for token extraction, persistence, and transmission.
*/
import test from 'node:test'
import assert from 'node:assert/strict'
import { readFileSync } from 'node:fs'
import { join } from 'node:path'
const projectRoot = process.cwd()
// ─── Source contract tests ──────────────────────────────────────────────────
const authSource = readFileSync(join(projectRoot, 'web', 'lib', 'auth.ts'), 'utf-8')
test('auth.ts persists token to localStorage on extraction', () => {
assert.match(authSource, /localStorage\.setItem/, 'should persist token to localStorage after extracting from hash')
})
test('auth.ts falls back to localStorage when hash is absent', () => {
assert.match(authSource, /localStorage\.getItem/, 'should read from localStorage when URL hash is empty')
})
test('auth.ts defines an auth storage key constant', () => {
assert.match(authSource, /AUTH_STORAGE_KEY/, 'should use a named constant for the localStorage key')
})
test('auth.ts clears the URL fragment after token extraction', () => {
assert.match(authSource, /replaceState/, 'should clear the hash from the address bar')
})
test('auth.ts wraps localStorage calls in try/catch for private browsing', () => {
// localStorage can throw in private browsing when quota is exceeded
const setItemIndex = authSource.indexOf('localStorage.setItem')
const getItemIndex = authSource.indexOf('localStorage.getItem')
assert.ok(setItemIndex > -1)
assert.ok(getItemIndex > -1)
// Both localStorage accesses should be inside try blocks
const beforeSetItem = authSource.slice(Math.max(0, setItemIndex - 200), setItemIndex)
const beforeGetItem = authSource.slice(Math.max(0, getItemIndex - 200), getItemIndex)
assert.match(beforeSetItem, /try\s*\{/, 'localStorage.setItem should be inside a try block')
assert.match(beforeGetItem, /try\s*\{/, 'localStorage.getItem should be inside a try block')
})
// ─── sendBeacon auth token tests ────────────────────────────────────────────
const appShellSource = readFileSync(join(projectRoot, 'web', 'components', 'gsd', 'app-shell.tsx'), 'utf-8')
test('app-shell.tsx sendBeacon includes auth token as query parameter', () => {
// sendBeacon cannot set custom headers, so the token must be passed
// as a _token query parameter for the proxy to accept the request.
assert.match(appShellSource, /_token=/, 'sendBeacon URL should include _token query parameter')
})
test('app-shell.tsx sendBeacon does not send bare unauthenticated URL', () => {
// Every sendBeacon to /api/ should include the auth token
const beaconCalls = appShellSource.match(/sendBeacon\([^)]+\)/g) || []
for (const call of beaconCalls) {
if (call.includes('/api/')) {
// The URL should be constructed with the token, not a bare string literal
assert.ok(
!call.includes('"/api/shutdown"') && !call.includes("'/api/shutdown'"),
`sendBeacon call should not use a bare /api/ URL without auth: ${call}`
)
}
}
})
// ─── proxy.ts contract tests ────────────────────────────────────────────────
const proxySource = readFileSync(join(projectRoot, 'web', 'proxy.ts'), 'utf-8')
test('proxy.ts accepts _token query parameter as fallback authentication', () => {
assert.match(proxySource, /_token/, 'proxy should support _token query parameter for SSE/sendBeacon')
})
test('proxy.ts validates bearer token from Authorization header', () => {
assert.match(proxySource, /Bearer/, 'proxy should check Authorization: Bearer header')
})
test('proxy.ts skips auth when GSD_WEB_AUTH_TOKEN is not set', () => {
assert.match(proxySource, /GSD_WEB_AUTH_TOKEN/, 'proxy should read GSD_WEB_AUTH_TOKEN from env')
assert.match(proxySource, /NextResponse\.next\(\)/, 'proxy should pass through when no token is configured')
})
Reference in a new issue View git blame Copy permalink