Implement host proof
This commit is contained in:
parent
b7126b0d07
commit
c162c4bdde
5 changed files with 221 additions and 22 deletions
|
|
@ -1994,6 +1994,118 @@ console.log('\n=== Game Session Tests ===');
|
|||
});
|
||||
});
|
||||
|
||||
console.log('\nHost Proof Validation Tests:');
|
||||
|
||||
let authGamePin: string | null = null;
|
||||
|
||||
await test('POST /api/games with Authorization token stores host_user_id', async () => {
|
||||
const gameData = {
|
||||
pin: '777777',
|
||||
hostPeerId: 'kaboot-777777',
|
||||
quiz: { title: 'Auth Test Quiz', questions: [] },
|
||||
gameConfig: {},
|
||||
};
|
||||
|
||||
const { data } = await gameRequest('POST', '/api/games', gameData, {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
}, 201);
|
||||
|
||||
if (!(data as { success: boolean }).success) throw new Error('Expected success: true');
|
||||
authGamePin = '777777';
|
||||
});
|
||||
|
||||
await test('GET /api/games/:pin/host with valid Authorization token succeeds', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
|
||||
const { data } = await gameRequest('GET', `/api/games/${authGamePin}/host`, undefined, {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
});
|
||||
|
||||
const game = data as Record<string, unknown>;
|
||||
if (game.pin !== authGamePin) throw new Error('Wrong PIN');
|
||||
if (!game.quiz) throw new Error('Missing quiz');
|
||||
});
|
||||
|
||||
await test('PATCH /api/games/:pin with valid Authorization token succeeds', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
|
||||
await gameRequest('PATCH', `/api/games/${authGamePin}`, {
|
||||
gameState: 'QUESTION',
|
||||
}, {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
});
|
||||
|
||||
const { data } = await gameRequest('GET', `/api/games/${authGamePin}/host`, undefined, {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
});
|
||||
|
||||
const game = data as Record<string, unknown>;
|
||||
if (game.gameState !== 'QUESTION') throw new Error('gameState not updated');
|
||||
});
|
||||
|
||||
await test('GET /api/games/:pin/host with neither secret nor token returns 401', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
await gameRequest('GET', `/api/games/${authGamePin}/host`, undefined, {}, 401);
|
||||
});
|
||||
|
||||
await test('PATCH /api/games/:pin with neither secret nor token returns 401', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
await gameRequest('PATCH', `/api/games/${authGamePin}`, { gameState: 'LOBBY' }, {}, 401);
|
||||
});
|
||||
|
||||
await test('DELETE /api/games/:pin with neither secret nor token returns 401', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
await gameRequest('DELETE', `/api/games/${authGamePin}`, undefined, {}, 401);
|
||||
});
|
||||
|
||||
await test('GET /api/games/:pin/host with invalid token returns 401', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
await gameRequest('GET', `/api/games/${authGamePin}/host`, undefined, {
|
||||
'Authorization': 'Bearer invalid-token-12345',
|
||||
}, 401);
|
||||
});
|
||||
|
||||
await test('PATCH /api/games/:pin with invalid token returns 401', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
await gameRequest('PATCH', `/api/games/${authGamePin}`, { gameState: 'LOBBY' }, {
|
||||
'Authorization': 'Bearer invalid-token-12345',
|
||||
}, 401);
|
||||
});
|
||||
|
||||
await test('DELETE /api/games/:pin with valid Authorization token succeeds', async () => {
|
||||
if (!authGamePin) throw new Error('No auth game created');
|
||||
|
||||
await gameRequest('DELETE', `/api/games/${authGamePin}`, undefined, {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
});
|
||||
|
||||
await gameRequest('GET', `/api/games/${authGamePin}`, undefined, {}, 404);
|
||||
});
|
||||
|
||||
await test('POST /api/games without auth allows access via secret only', async () => {
|
||||
const gameData = {
|
||||
pin: '888888',
|
||||
hostPeerId: 'kaboot-888888',
|
||||
quiz: { title: 'No Auth Quiz', questions: [] },
|
||||
gameConfig: {},
|
||||
};
|
||||
|
||||
const { data } = await gameRequest('POST', '/api/games', gameData, {}, 201);
|
||||
const secret = (data as { hostSecret: string }).hostSecret;
|
||||
|
||||
await gameRequest('GET', `/api/games/888888/host`, undefined, {
|
||||
'X-Host-Secret': secret,
|
||||
});
|
||||
|
||||
await gameRequest('GET', `/api/games/888888/host`, undefined, {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
}, 404);
|
||||
|
||||
await gameRequest('DELETE', '/api/games/888888', undefined, {
|
||||
'X-Host-Secret': secret,
|
||||
});
|
||||
});
|
||||
|
||||
console.log('\n=== AI Generate Endpoint Tests ===');
|
||||
|
||||
console.log('\nGenerate Status Tests:');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue