hikma-engine
Version:
Code Knowledge Graph Indexer - A sophisticated TypeScript-based indexer that transforms Git repositories into multi-dimensional knowledge stores for AI agents
320 lines (319 loc) • 13.3 kB
JavaScript
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const auth_1 = require("./auth");
const api_config_1 = require("../config/api-config");
// Mock the config
jest.mock('../config/api-config');
const mockApiConfig = api_config_1.apiConfig;
describe('AuthenticationService', () => {
beforeEach(() => {
jest.clearAllMocks();
});
describe('validateApiKey', () => {
it('should validate correct API key', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: {
enabled: true,
header: 'X-API-Key',
keys: ['valid-key-1', 'valid-key-2'],
},
jwt: { enabled: false, secret: '', expiresIn: '1h', algorithm: 'HS256' },
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
expect(auth_1.authService.validateApiKey('valid-key-1')).toBe(true);
expect(auth_1.authService.validateApiKey('valid-key-2')).toBe(true);
expect(auth_1.authService.validateApiKey('invalid-key')).toBe(false);
});
it('should return true when API key authentication is disabled', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: {
enabled: false,
header: 'X-API-Key',
keys: [],
},
jwt: { enabled: false, secret: '', expiresIn: '1h', algorithm: 'HS256' },
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
expect(auth_1.authService.validateApiKey('any-key')).toBe(true);
});
});
describe('validateJWT', () => {
const secret = 'test-secret';
const payload = { id: '123', role: 'user' };
beforeEach(() => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: {
enabled: true,
secret,
expiresIn: '1h',
algorithm: 'HS256',
},
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
});
it('should validate correct JWT token', () => {
const token = jsonwebtoken_1.default.sign(payload, secret);
const result = auth_1.authService.validateJWT(token);
expect(result.valid).toBe(true);
expect(result.payload).toMatchObject(payload);
});
it('should reject invalid JWT token', () => {
const result = auth_1.authService.validateJWT('invalid-token');
expect(result.valid).toBe(false);
expect(result.error).toBe('Invalid token');
});
it('should reject expired JWT token', () => {
const expiredToken = jsonwebtoken_1.default.sign(payload, secret, { expiresIn: '-1h' });
const result = auth_1.authService.validateJWT(expiredToken);
expect(result.valid).toBe(false);
expect(result.error).toBe('Token expired');
});
it('should return true when JWT authentication is disabled', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: { enabled: false, secret: '', expiresIn: '1h', algorithm: 'HS256' },
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
const result = auth_1.authService.validateJWT('any-token');
expect(result.valid).toBe(true);
});
});
describe('generateJWT', () => {
it('should generate valid JWT token', () => {
const secret = 'test-secret';
const payload = { id: '123', role: 'user' };
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: {
enabled: true,
secret,
expiresIn: '1h',
algorithm: 'HS256',
},
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
const token = auth_1.authService.generateJWT(payload);
const decoded = jsonwebtoken_1.default.verify(token, secret);
expect(decoded.id).toBe(payload.id);
expect(decoded.role).toBe(payload.role);
});
it('should throw error when JWT secret is not configured', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: {
enabled: true,
secret: undefined,
expiresIn: '1h',
algorithm: 'HS256',
},
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
expect(() => auth_1.authService.generateJWT({ id: '123' })).toThrow('JWT secret not configured');
});
});
describe('extractTokenFromHeader', () => {
it('should extract token from Bearer header', () => {
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9';
const header = `Bearer ${token}`;
expect(auth_1.authService.extractTokenFromHeader(header)).toBe(token);
});
it('should return null for invalid header format', () => {
expect(auth_1.authService.extractTokenFromHeader('InvalidHeader')).toBeNull();
expect(auth_1.authService.extractTokenFromHeader('Basic token')).toBeNull();
expect(auth_1.authService.extractTokenFromHeader('')).toBeNull();
});
});
});
describe('Authentication Middleware', () => {
let req;
let res;
let next;
beforeEach(() => {
req = {
header: jest.fn(),
};
res = {};
next = jest.fn();
jest.clearAllMocks();
});
describe('apiKeyAuth', () => {
it('should authenticate with valid API key', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: {
enabled: true,
header: 'X-API-Key',
keys: ['valid-key'],
},
jwt: { enabled: false, secret: '', expiresIn: '1h', algorithm: 'HS256' },
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
req.header.mockReturnValue('valid-key');
(0, auth_1.apiKeyAuth)(req, res, next);
expect(req.apiKey).toBe('valid-key');
expect(next).toHaveBeenCalled();
});
it('should throw error for missing API key', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: {
enabled: true,
header: 'X-API-Key',
keys: ['valid-key'],
},
jwt: { enabled: false, secret: '', expiresIn: '1h', algorithm: 'HS256' },
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
req.header.mockReturnValue(undefined);
expect(() => (0, auth_1.apiKeyAuth)(req, res, next)).toThrow();
});
it('should skip authentication when disabled', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: { enabled: false, secret: '', expiresIn: '1h', algorithm: 'HS256' },
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
(0, auth_1.apiKeyAuth)(req, res, next);
expect(next).toHaveBeenCalled();
});
});
describe('jwtAuth', () => {
it('should authenticate with valid JWT token', () => {
const secret = 'test-secret';
const payload = { id: '123', role: 'user' };
const token = jsonwebtoken_1.default.sign(payload, secret);
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: {
enabled: true,
secret,
expiresIn: '1h',
algorithm: 'HS256',
},
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
req.header.mockReturnValue(`Bearer ${token}`);
(0, auth_1.jwtAuth)(req, res, next);
expect(req.user).toMatchObject(payload);
expect(next).toHaveBeenCalled();
});
it('should throw error for missing JWT token', () => {
mockApiConfig.getSecurityConfig.mockReturnValue({
apiKey: { enabled: false, header: 'X-API-Key', keys: [] },
jwt: {
enabled: true,
secret: 'test-secret',
expiresIn: '1h',
algorithm: 'HS256',
},
headers: {
contentSecurityPolicy: true,
xFrameOptions: true,
xContentTypeOptions: true,
referrerPolicy: true,
},
});
req.header.mockReturnValue(undefined);
expect(() => (0, auth_1.jwtAuth)(req, res, next)).toThrow();
});
});
describe('authorize', () => {
it('should allow access with correct role', () => {
req.user = { id: '123', role: 'admin', permissions: [] };
const middleware = (0, auth_1.authorize)(['admin', 'user']);
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
it('should deny access with incorrect role', () => {
req.user = { id: '123', role: 'user', permissions: [] };
const middleware = (0, auth_1.authorize)(['admin']);
expect(() => middleware(req, res, next)).toThrow();
});
it('should allow access when no roles required', () => {
req.user = { id: '123', role: 'user', permissions: [] };
const middleware = (0, auth_1.authorize)([]);
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
});
describe('requirePermissions', () => {
it('should allow access with correct permissions', () => {
req.user = {
id: '123',
role: 'user',
permissions: ['read', 'write', 'admin'],
};
const middleware = (0, auth_1.requirePermissions)(['read', 'write']);
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
it('should deny access with insufficient permissions', () => {
req.user = {
id: '123',
role: 'user',
permissions: ['read'],
};
const middleware = (0, auth_1.requirePermissions)(['read', 'write']);
expect(() => middleware(req, res, next)).toThrow();
});
it('should allow access when no permissions required', () => {
req.user = { id: '123', role: 'user', permissions: [] };
const middleware = (0, auth_1.requirePermissions)([]);
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
});
});