Spaces:
Running
Running
| import { beforeEach, describe, expect, test } from "bun:test" | |
| import { Hono } from "hono" | |
| import { createAuthMiddleware } from "../src/lib/request-auth" | |
| let regularApiKeys: Array<string> | |
| let adminApiKeys: Array<string> | |
| function createApp() { | |
| const app = new Hono() | |
| app.use( | |
| "*", | |
| createAuthMiddleware({ | |
| getApiKeys: () => regularApiKeys, | |
| allowUnauthenticatedPaths: [], | |
| shouldSkipPath: (path) => path.startsWith("/admin/"), | |
| }), | |
| ) | |
| app.use( | |
| "/admin/*", | |
| createAuthMiddleware({ | |
| getApiKeys: () => adminApiKeys, | |
| allowUnauthenticatedPaths: [], | |
| allowWhenNoApiKeys: false, | |
| }), | |
| ) | |
| app.all("/models", (c) => c.json({ ok: true, scope: "default" })) | |
| app.all("/admin/config/model-mappings", (c) => | |
| c.json({ ok: true, scope: "admin" }), | |
| ) | |
| return app | |
| } | |
| beforeEach(() => { | |
| regularApiKeys = ["regular-key"] | |
| adminApiKeys = ["admin-key"] | |
| }) | |
| describe("request auth middleware", () => { | |
| test("accepts regular api keys for protected non-admin routes", async () => { | |
| const app = createApp() | |
| const response = await app.request("/models", { | |
| headers: { | |
| "x-api-key": "regular-key", | |
| }, | |
| }) | |
| expect(response.status).toBe(200) | |
| expect(await response.json()).toEqual({ ok: true, scope: "default" }) | |
| }) | |
| test("accepts admin api key for admin routes", async () => { | |
| const app = createApp() | |
| const response = await app.request("/admin/config/model-mappings", { | |
| headers: { | |
| authorization: "Bearer admin-key", | |
| }, | |
| }) | |
| expect(response.status).toBe(200) | |
| expect(await response.json()).toEqual({ ok: true, scope: "admin" }) | |
| }) | |
| test("rejects regular api keys on admin routes", async () => { | |
| const app = createApp() | |
| const response = await app.request("/admin/config/model-mappings", { | |
| headers: { | |
| "x-api-key": "regular-key", | |
| }, | |
| }) | |
| expect(response.status).toBe(401) | |
| }) | |
| test("rejects admin api keys on protected non-admin routes", async () => { | |
| const app = createApp() | |
| const response = await app.request("/models", { | |
| headers: { | |
| "x-api-key": "admin-key", | |
| }, | |
| }) | |
| expect(response.status).toBe(401) | |
| }) | |
| test("allows non-admin routes when no regular api keys are configured", async () => { | |
| regularApiKeys = [] | |
| const app = createApp() | |
| const response = await app.request("/models") | |
| expect(response.status).toBe(200) | |
| expect(await response.json()).toEqual({ ok: true, scope: "default" }) | |
| }) | |
| test("rejects admin routes when no admin api key is configured", async () => { | |
| adminApiKeys = [] | |
| const app = createApp() | |
| const response = await app.request("/admin/config/model-mappings") | |
| expect(response.status).toBe(401) | |
| }) | |
| test("allows options requests for admin routes without auth", async () => { | |
| const app = createApp() | |
| const response = await app.request("/admin/config/model-mappings", { | |
| method: "OPTIONS", | |
| }) | |
| expect(response.status).toBe(200) | |
| expect(await response.json()).toEqual({ ok: true, scope: "admin" }) | |
| }) | |
| }) | |