tiennm99/llmapikey
1
0
Fork 0
mirror of https://github.com/tiennm99/llmapikey.git synced 2026-06-17 10:47:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
559bac81040f46bb400e1cfbc0b5100ec0dc292d
llmapikey/tests/is-admin.test.js
T
tiennm99 616f133989 feat: add gated admin console for api_keys registry (list/search/filter/revoke/mint) 
- env-allowlist authz via ADMIN_GITHUB_USER_IDS on numeric provider_id (no migration)
- server-side re-gated revoke + manual-mint actions
- parameterized search/filter/paginate queries
- shared mint-key extraction (DRY) from generate-key
- notFound() for non-admins (404 never leaks route existence)
- 3 unit-test suites (authz/queries/integration)
2026-06-13 21:16:57 +07:00

63 lines
1.9 KiB
JavaScript
Raw Blame History

import assert from "node:assert/strict";
import { test } from "node:test";
import { parseAdminIds, isAdmin } from "../lib/auth/admin-allowlist.js";
const ENV = "ADMIN_GITHUB_USER_IDS";
/** Run `fn` with the allowlist env set to `value`, restoring it afterwards. */
function withAllowlist(value, fn) {
const prev = process.env[ENV];
if (value === undefined) delete process.env[ENV];
else process.env[ENV] = value;
try {
fn();
} finally {
if (prev === undefined) delete process.env[ENV];
else process.env[ENV] = prev;
}
}
test("parseAdminIds: empty / unset → []", () => {
assert.deepEqual(parseAdminIds(""), []);
assert.deepEqual(parseAdminIds(undefined), []);
assert.deepEqual(parseAdminIds(null), []);
});
test("parseAdminIds: trims, drops empties and trailing commas", () => {
assert.deepEqual(parseAdminIds(" 1 , 2 ,,3 "), ["1", "2", "3"]);
assert.deepEqual(parseAdminIds("42"), ["42"]);
});
test("isAdmin: matches an id in the allowlist", () => {
withAllowlist("12345,67890", () => {
assert.equal(isAdmin({ githubUserId: "67890" }), true);
assert.equal(isAdmin({ githubUserId: "12345" }), true);
});
});
test("isAdmin: rejects ids not in the allowlist", () => {
withAllowlist("12345", () => {
assert.equal(isAdmin({ githubUserId: "99999" }), false);
});
});
test("isAdmin: exact match only — no substring/prefix match", () => {
withAllowlist("42", () => {
assert.equal(isAdmin({ githubUserId: "4" }), false);
assert.equal(isAdmin({ githubUserId: "420" }), false);
assert.equal(isAdmin({ githubUserId: "42" }), true);
});
});
test("isAdmin: fail-closed for null/missing identity and empty allowlist", () => {
withAllowlist("12345", () => {
assert.equal(isAdmin(null), false);
assert.equal(isAdmin(undefined), false);
assert.equal(isAdmin({}), false);
});
withAllowlist("", () => {
assert.equal(isAdmin({ githubUserId: "12345" }), false);
});
});
Reference in New Issue View Git Blame Copy Permalink