add some tests for API routes

package.json

@@ -4,7 +4,7 @@
   "description": "3D model database and content management system with integrated annotations and stories 3D editor",
   "scripts": {
     "start": "cd source/server/ && npm start",
-    "test": "echo \"Error: no test specified\" && exit 1",
+    "test": "cd source/server/ && npm test",
     "build-ui": "cd source/ui && webpack --mode=production",
     "build-server": "tsc -b source/server",
     "watch": "cd source/server && HOT_RELOAD=1 NODE_ENV=development ROOT_DIR=\"../../\" nodemon -e ts,js -w . -w ../ui/webpack.config.js -x ts-node index.ts"

source/server/routes/api/v1/scenes/scene/history/get.test.ts

@@ -11,7 +11,7 @@ import UserManager from "../../../../../../auth/UserManager.js";
  */
 
 describe("GET /api/v1/scenes/:scene/history", function(){
-  let vfs :Vfs, userManager :UserManager, user :User, admin :User;
+  let vfs :Vfs, userManager :UserManager, user :User, admin :User, opponent :User;
 
   describe("with sample data", function(){
     let now :Date, scene_id :number;
@@ -21,6 +21,7 @@ describe("GET /api/v1/scenes/:scene/history", function(){
       userManager = locals.userManager;
       user = await userManager.addUser("bob", "12345678");
       admin = await userManager.addUser("alice", "12345678", true);
+      opponent = await userManager.addUser("oscar", "12345678");
 
       now = new Date();
       now.setMilliseconds(0); //ms are rounded inside sqlite
@@ -59,11 +60,37 @@ describe("GET /api/v1/scenes/:scene/history", function(){
         ["articles", 1],
       ]);
     });
+
     it("get text history", async function(){
       let res = await request(this.server).get("/api/v1/scenes/foo/history")
       .set("Accept", "text/plain")
       .expect(200)
       .expect("Content-Type", "text/plain; charset=utf-8");
     });
+
+
+    it("get an empty history", async function(){
+      await vfs.createScene("empty", user.uid);
+      let res = await request(this.server).get("/api/v1/scenes/empty/history")
+      .expect(200);
+    })
+
+    describe("requires read access", function(){
+      this.beforeAll(async function(){
+        await vfs.createScene("private", user.uid);
+        await userManager.grant("private", "default", "none");
+        await userManager.grant("private", "any", "none");
+      });
+      it("(anonymous)", async function(){
+        await request(this.server).get("/api/v1/scenes/private/history")
+        .expect(404);
+      });
+
+      it("(user)", async function(){
+        await request(this.server).get("/api/v1/scenes/private/history")
+        .auth(opponent.username, "12345678")
+        .expect(404);
+      });
+    })
   })
 });

source/server/routes/api/v1/scenes/scene/history/post.test.ts

@@ -15,9 +15,10 @@ describe("POST /api/v1/scenes/:scene/history", function(){
 
   /**
    * antidate everything currently in the database to force proper ordering
+   * Ensure rounding to the nearest second
    */
-  async function antidate(){
-    let ts = Math.round(Date.now()/1000)-10000;
+  async function antidate(t = Date.now()){
+    let ts = Math.round(t/1000)-10000;
     let d = new Date(ts*1000);
     await vfs._db.exec(`
       UPDATE scenes SET ctime = datetime("${d.toISOString()}");

source/server/routes/api/v1/scenes/scene/permissions/get.test.ts

@@ -0,0 +1,47 @@
+import { randomBytes } from "crypto";
+import request from "supertest";
+import Vfs from "../../../../../../vfs/index.js";
+import User from "../../../../../../auth/User.js";
+import UserManager from "../../../../../../auth/UserManager.js";
+
+
+
+/**
+ * Minimal tests as most
+ */
+
+describe("GET /api/v1/scenes/:scene/permissions", function(){
+  let vfs :Vfs, userManager :UserManager, user :User, admin :User, opponent :User;
+
+  let titleSlug :string, scene_id :number;
+  this.beforeAll(async function(){
+    let locals = await createIntegrationContext(this);
+    vfs = locals.vfs;
+    userManager = locals.userManager;
+    user = await userManager.addUser("bob", "12345678");
+    admin = await userManager.addUser("alice", "12345678", true);
+    opponent = await userManager.addUser("oscar", "12345678");
+  });
+
+  this.afterAll(async function(){
+    await cleanIntegrationContext(this);
+  });
+  this.beforeEach(async function(){
+    //Initialize a unique scene for each test
+    titleSlug = this.currentTest?.title.replace(/[^\w]/g, "_").slice(0,15)+"_"+randomBytes(4).toString("base64url");
+    scene_id = await vfs.createScene(titleSlug, user.uid);
+    await vfs.writeDoc("{}", scene_id, user.uid);
+  });
+
+  it("requires read access", async function(){
+    await userManager.grant(titleSlug, "default", "none");
+    await userManager.grant(titleSlug, "any", "none");
+    //Anonymous
+    await request(this.server).get(`/api/v1/scenes/${titleSlug}/permissions`)
+    .expect(404);
+    //read-only User 
+    await request(this.server).get(`/api/v1/scenes/${titleSlug}/permissions`)
+    .auth(opponent.username, "12345678")
+    .expect(404);
+  });
+});

source/server/routes/api/v1/scenes/scene/permissions/patch.test.ts

@@ -0,0 +1,80 @@
+import { randomBytes } from "crypto";
+import request from "supertest";
+import Vfs from "../../../../../../vfs/index.js";
+import User from "../../../../../../auth/User.js";
+import UserManager from "../../../../../../auth/UserManager.js";
+
+
+
+/**
+ * Minimal tests as most
+ */
+
+describe("PATCH /api/v1/scenes/:scene/permissions", function(){
+  let vfs :Vfs, userManager :UserManager, user :User, admin :User, opponent :User;
+
+  let titleSlug :string, scene_id :number;
+  this.beforeAll(async function(){
+    let locals = await createIntegrationContext(this);
+    vfs = locals.vfs;
+    userManager = locals.userManager;
+    user = await userManager.addUser("bob", "12345678");
+    admin = await userManager.addUser("alice", "12345678", true);
+    opponent = await userManager.addUser("oscar", "12345678");
+  });
+
+  this.afterAll(async function(){
+    await cleanIntegrationContext(this);
+  });
+  this.beforeEach(async function(){
+    //Initialize a unique scene for each test
+    titleSlug = this.currentTest?.title.replace(/[^\w]/g, "_").slice(0,15)+"_"+randomBytes(4).toString("base64url");
+    scene_id = await vfs.createScene(titleSlug, user.uid);
+    await vfs.writeDoc("{}", scene_id, user.uid);
+  });
+
+  it("can change user permissions", async function(){
+    await request(this.server).patch(`/api/v1/scenes/${titleSlug}/permissions`)
+    .auth(user.username, "12345678")
+    .set("Content-Type", "application/json")
+    .send({username: opponent.username, access: "write"})
+    .expect(204);
+    expect(await userManager.getPermissions(titleSlug)).to.deep.equal([
+      { "uid": 0, "username": "default", "access": "read" },
+      { "uid": 1, "username": "any", "access": "read" },
+      { "uid": user.uid, "username": "bob", "access": "admin" },
+      { "uid": opponent.uid, "username": "oscar", "access": "write" }
+    ]);
+  });
+
+  it("rejects invalid access levels", async function(){
+    await request(this.server).patch(`/api/v1/scenes/${titleSlug}/permissions`)
+    .auth(user.username, "12345678")
+    .set("Content-Type", "application/json")
+    .send({username: opponent.username, access: "xxx"})
+    .expect(400);
+    expect(await userManager.getPermissions(titleSlug)).to.deep.equal([
+      { "uid": 0, "username": "default", "access": "read" },
+      { "uid": 1, "username": "any", "access": "read" },
+      { "uid": user.uid, "username": "bob", "access": "admin" },
+    ]);
+  });
+
+  it("requires admin access", async function(){
+    const body = {username: opponent.username, access: "admin"};
+    await userManager.grant(titleSlug, opponent.username, "write");
+    await request(this.server).patch(`/api/v1/scenes/${titleSlug}/permissions`)
+    .auth(opponent.username, "12345678")
+    .set("Content-Type", "application/json")
+    .send(body)
+    .expect(401);
+
+    let r = await request(this.server).patch(`/api/v1/scenes/${titleSlug}/permissions`)
+    .auth(user.username, "12345678")
+    .set("Content-Type", "application/json")
+    .send(body)
+    .expect(204);
+
+    expect(await userManager.getAccessRights(titleSlug, opponent.uid)).to.equal("admin");
+  });
+});