Files
spoon/packages/backend/tests/unit/worker-auth.test.ts
T

107 lines
3.2 KiB
TypeScript

import { convexTest } from 'convex-test';
import { ConvexError } from 'convex/values';
import { afterEach, describe, expect, test } from 'vitest';
import { internal } from '../../convex/_generated/api.js';
import schema from '../../convex/schema';
import { assertWorkerToken } from '../../convex/workerAuth';
const modules = import.meta.glob('../../convex/**/*.*s');
afterEach(() => {
delete process.env.SPOON_WORKER_TOKEN;
});
describe('assertWorkerToken', () => {
test('accepts a token that matches after trimming', () => {
process.env.SPOON_WORKER_TOKEN = 'secret\n';
expect(() => assertWorkerToken('secret')).not.toThrow();
expect(() => assertWorkerToken(' secret ')).not.toThrow();
});
test('rejects a mismatched token', () => {
process.env.SPOON_WORKER_TOKEN = 'secret';
expect(() => assertWorkerToken('nope')).toThrow(ConvexError);
});
test('throws when not configured', () => {
expect(() => assertWorkerToken('x')).toThrow(ConvexError);
});
});
describe('getRawEnvironmentForJobInternal', () => {
test('only exposes environment for a claimed job', async () => {
const t = convexTest(schema, modules);
const jobId = await t.mutation(async (ctx) => {
const now = Date.now();
const ownerId = await ctx.db.insert('users', {
email: 'worker-auth@example.com',
name: 'Worker Auth',
});
const spoonId = await ctx.db.insert('spoons', {
ownerId,
name: 'Worker Auth Spoon',
provider: 'gitea',
upstreamOwner: 'upstream',
upstreamRepo: 'worker-auth',
upstreamDefaultBranch: 'main',
upstreamUrl: 'https://git.example.com/upstream/worker-auth',
forkOwner: 'team',
forkRepo: 'worker-auth-spoon',
forkUrl: 'https://git.example.com/team/worker-auth-spoon',
visibility: 'private',
maintenanceMode: 'watch',
syncCadence: 'daily',
productionRefStrategy: 'default_branch',
status: 'active',
createdAt: now,
updatedAt: now,
});
const requestId = await ctx.db.insert('agentRequests', {
spoonId,
ownerId,
prompt: 'Test worker authorization',
status: 'queued',
createdAt: now,
updatedAt: now,
});
return await ctx.db.insert('agentJobs', {
spoonId,
ownerId,
agentRequestId: requestId,
status: 'queued',
prompt: 'Test worker authorization',
runtime: 'opencode',
baseBranch: 'main',
workBranch: 'spoon/worker-auth',
forkOwner: 'team',
forkRepo: 'worker-auth-spoon',
forkUrl: 'https://git.example.com/team/worker-auth-spoon',
upstreamOwner: 'upstream',
upstreamRepo: 'worker-auth',
selectedSecretIds: [],
model: '',
reasoningEffort: 'medium',
createdAt: now,
updatedAt: now,
});
});
expect(
await t.query(internal.userEnvironment.getRawEnvironmentForJobInternal, {
jobId,
}),
).toBeNull();
await t.mutation(async (ctx) => {
await ctx.db.patch(jobId, { claimedBy: 'w1' });
});
expect(
await t.query(internal.userEnvironment.getRawEnvironmentForJobInternal, {
jobId,
}),
).not.toBeNull();
});
});