feature: rooms and events implemented on the backend

2025-06-27 17:54:04 -07:00 · 2025-06-27 17:54:04 -07:00 · 85024c6e62
commit 85024c6e62
parent df00324e24
29 changed files with 1659 additions and 115 deletions
--- a/tests/api/rooms/events/update_events_when_append_only.test.ts
+++ b/tests/api/rooms/events/update_events_when_append_only.test.ts
@ -0,0 +1,167 @@
+import * as asserts from 'jsr:@std/assert';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from '../../../helpers.ts';
+import { api, API_CLIENT } from '../../../../utils/api.ts';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - ROOMS - EVENTS - Update (APPEND_ONLY_EVENTS)',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			Deno.env.set('APPEND_ONLY_EVENTS', 'true');
+			asserts.assert(Deno.env.get('APPEND_ONLY_EVENTS'));
+
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const owner_info = await get_new_user(client);
+
+			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'rooms.create']);
+
+			const room = await client.fetch('/rooms', {
+				method: 'POST',
+				headers: {
+					'x-session_id': owner_info.session.id,
+					'x-totp': await generateTotp(owner_info.session.secret)
+				},
+				json: {
+					name: 'test update events room in append only mode'
+				}
+			});
+
+			asserts.assert(room);
+
+			const event_from_owner = await client.fetch(`/rooms/${room.id}/events`, {
+				method: 'POST',
+				headers: {
+					'x-session_id': owner_info.session.id,
+					'x-totp': await generateTotp(owner_info.session.secret)
+				},
+				json: {
+					type: 'test',
+					data: {
+						foo: 'bar'
+					}
+				}
+			});
+
+			asserts.assert(event_from_owner);
+
+			const fetched_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
+				method: 'GET',
+				headers: {
+					'x-session_id': owner_info.session.id,
+					'x-totp': await generateTotp(owner_info.session.secret)
+				}
+			});
+
+			asserts.assertEquals(fetched_event_from_owner, event_from_owner);
+
+			try {
+				await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
+					method: 'PUT',
+					headers: {
+						'x-session_id': owner_info.session.id,
+						'x-totp': await generateTotp(owner_info.session.secret)
+					},
+					json: {
+						type: 'new'
+					}
+				});
+
+				asserts.fail('allowed updating an event in a room with APPEND_ONLY_EVENTS on');
+			} catch (error) {
+				asserts.assertEquals((error as Error).cause, 'append_only_events');
+			}
+
+			try {
+				await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
+					method: 'DELETE',
+					headers: {
+						'x-session_id': owner_info.session.id,
+						'x-totp': await generateTotp(owner_info.session.secret)
+					}
+				});
+
+				asserts.fail('allowed deleting an event in a room with APPEND_ONLY_EVENTS on');
+			} catch (error) {
+				asserts.assertEquals((error as Error).cause, 'append_only_events');
+			}
+
+			const other_user_info = await get_new_user(client);
+
+			const event_from_other_user = await client.fetch(`/rooms/${room.id}/events`, {
+				method: 'POST',
+				headers: {
+					'x-session_id': other_user_info.session.id,
+					'x-totp': await generateTotp(other_user_info.session.secret)
+				},
+				json: {
+					type: 'test',
+					data: {
+						other_user: true
+					}
+				}
+			});
+
+			asserts.assert(event_from_other_user);
+
+			const fetched_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
+				method: 'GET',
+				headers: {
+					'x-session_id': other_user_info.session.id,
+					'x-totp': await generateTotp(other_user_info.session.secret)
+				}
+			});
+
+			asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);
+
+			try {
+				await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
+					method: 'PUT',
+					headers: {
+						'x-session_id': other_user_info.session.id,
+						'x-totp': await generateTotp(other_user_info.session.secret)
+					},
+					json: {
+						type: 'new'
+					}
+				});
+
+				asserts.fail('allowed updating an event in a room with APPEND_ONLY_EVENTS on');
+			} catch (error) {
+				asserts.assertEquals((error as Error).cause, 'append_only_events');
+			}
+
+			try {
+				await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
+					method: 'DELETE',
+					headers: {
+						'x-session_id': other_user_info.session.id,
+						'x-totp': await generateTotp(other_user_info.session.secret)
+					}
+				});
+
+				asserts.fail('allowed deleting an event in a room with APPEND_ONLY_EVENTS on');
+			} catch (error) {
+				asserts.assertEquals((error as Error).cause, 'append_only_events');
+			}
+		} finally {
+			Deno.env.delete('APPEND_ONLY_EVENTS');
+
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});