vrr/OmniRoute
2
0
Fork 0
mirror of https://github.com/diegosouzapw/OmniRoute.git synced 2026-05-05 09:46:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
OmniRoute/tests/unit/settings-api.test.ts
diegosouzapw 8cf78ddf00 feat(auth): enforce dashboard sessions for management routes 
Require dashboard session cookies on protected management APIs and
reject bearer API keys with explicit 403 responses to prevent
privilege escalation across provider, settings, and model alias routes.

Add a dedicated payload rules management surface with dashboard UI,
OpenAPI documentation, route normalization, and tests for hot-reloaded
runtime updates.

Consolidate provider catalog metadata for dashboard pages, add
Perplexity web-cookie provider support, retire the legacy provider
creation page, and improve upstream proxy handling.

Harden startup and runtime behavior by moving cloud sync bootstrap to
server instrumentation, skipping background services during build/test,
making models.dev sync abortable, pruning isolated build artifacts, and
improving DB backup and recovery safeguards.
2026-04-17 16:45:27 -03:00

96 lines
3.5 KiB
TypeScript
Raw Blame History

import { describe, test } from "node:test";
import assert from "node:assert/strict";
import { makeManagementSessionRequest } from "../helpers/managementSession.ts";
import { getSettings, updateSettings } from "../../src/lib/db/settings.ts";
const settingsRoute = await import("../../src/app/api/settings/route.ts");
describe("Settings API - debugMode and hiddenSidebarItems", () => {
describe("debugMode", () => {
test("updateSettings with debugMode=true succeeds", async () => {
const result = await updateSettings({ debugMode: true });
assert.ok(result, "updateSettings should return truthy result");
const settings = await getSettings();
assert.strictEqual(settings.debugMode, true, "debugMode should be true");
});
test("updateSettings with debugMode=false succeeds", async () => {
const result = await updateSettings({ debugMode: false });
assert.ok(result, "updateSettings should return truthy result");
const settings = await getSettings();
assert.strictEqual(settings.debugMode, false, "debugMode should be false");
});
});
describe("hiddenSidebarItems", () => {
test("updateSettings with hiddenSidebarItems=['translator'] succeeds", async () => {
const result = await updateSettings({ hiddenSidebarItems: ["translator"] });
assert.ok(result, "updateSettings should return truthy result");
const settings = await getSettings();
assert.deepStrictEqual(
settings.hiddenSidebarItems,
["translator"],
"hiddenSidebarItems should contain translator"
);
});
test("updateSettings with empty hiddenSidebarItems succeeds", async () => {
const result = await updateSettings({ hiddenSidebarItems: [] });
assert.ok(result, "updateSettings should return truthy result");
const settings = await getSettings();
assert.deepStrictEqual(
settings.hiddenSidebarItems,
[],
"hiddenSidebarItems should be empty array"
);
});
});
describe("combined updates", () => {
test("updateSettings with both debugMode and hiddenSidebarItems succeeds", async () => {
const result = await updateSettings({
debugMode: true,
hiddenSidebarItems: ["translator"],
});
assert.ok(result, "updateSettings should return truthy result");
const settings = await getSettings();
assert.strictEqual(settings.debugMode, true, "debugMode should be true");
assert.deepStrictEqual(
settings.hiddenSidebarItems,
["translator"],
"hiddenSidebarItems should be updated"
);
});
test("updateSettings persists antigravitySignatureCacheMode", async () => {
const result = await updateSettings({
antigravitySignatureCacheMode: "bypass-strict",
});
assert.ok(result, "updateSettings should return truthy result");
const settings = await getSettings();
assert.strictEqual(
settings.antigravitySignatureCacheMode,
"bypass-strict",
"antigravitySignatureCacheMode should be updated"
);
});
test("PUT /api/settings reuses the PATCH update flow", async () => {
const response = await settingsRoute.PUT(
await makeManagementSessionRequest("http://localhost/api/settings", {
method: "PUT",
body: { antigravitySignatureCacheMode: "bypass" },
})
);
const body = await response.json();
assert.equal(response.status, 200);
assert.equal(body.antigravitySignatureCacheMode, "bypass");
});
});
});
Reference in a new issue View git blame Copy permalink