UNPKG

@budibase/server

Version:

Budibase Web Server

github.com/Budibase/budibase

Budibase/budibase

53 lines (47 loc) 1.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import { UserCtx } from "@budibase/types" import { ensureTenantAppOwnershipMiddleware } from "../ensureTenantAppOwnership" import { context, Header, HTTPError } from "@budibase/backend-core" function ctx(opts?: { appId: string }) { const ctx = { throw: (status: number, message: string) => { throw new HTTPError(message, status) }, path: "", request: { headers: {}, }, } as unknown as UserCtx if (opts?.appId) { ctx.request.headers[Header.APP_ID] = opts.appId } return ctx } describe("Ensure Tenant Ownership Middleware", () => { const tenantId = "tenant1" const appId = `app_dev_${tenantId}_fce449c4d75b4e4a9c7a6980d82a3e22` it("calls next() when appId matches tenant ID", async () => { await context.doInTenant(tenantId, async () => { let called = false await ensureTenantAppOwnershipMiddleware(ctx({ appId }), () => { called = true }) expect(called).toBe(true) }) }) it("throws when tenant appId does not match tenant ID", async () => { let called = false await expect(async () => { await context.doInTenant("tenant_2", async () => { await ensureTenantAppOwnershipMiddleware(ctx({ appId }), () => { called = true }) }) }).rejects.toThrow("Unauthorized") expect(called).toBe(false) }) it("throws 400 when appId is missing", async () => { await expect( ensureTenantAppOwnershipMiddleware(ctx(), () => {}) ).rejects.toThrow("appId must be provided") }) })