243 lines
7.3 KiB
TypeScript
243 lines
7.3 KiB
TypeScript
import * as asserts from 'jsr:@std/assert';
|
|
import { EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from '../../../helpers.ts';
|
|
import { api, API_CLIENT } from '../../../../utils/api.ts';
|
|
import { generateTotp } from '@stdext/crypto/totp';
|
|
|
|
Deno.test({
|
|
name: 'API - ROOMS - EVENTS - Update',
|
|
permissions: {
|
|
env: true,
|
|
read: true,
|
|
write: true,
|
|
net: true
|
|
},
|
|
fn: async () => {
|
|
let test_server_info: EPHEMERAL_SERVER | null = null;
|
|
try {
|
|
test_server_info = await get_ephemeral_listen_server();
|
|
const client: API_CLIENT = api({
|
|
prefix: '/api',
|
|
hostname: test_server_info.hostname,
|
|
port: test_server_info.port
|
|
});
|
|
|
|
const owner_info = await get_new_user(client);
|
|
|
|
await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'rooms.create']);
|
|
|
|
const room = await client.fetch('/rooms', {
|
|
method: 'POST',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
},
|
|
json: {
|
|
name: 'test update events room'
|
|
}
|
|
});
|
|
|
|
asserts.assert(room);
|
|
|
|
const event_from_owner = await client.fetch(`/rooms/${room.id}/events`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
},
|
|
json: {
|
|
type: 'test',
|
|
data: {
|
|
foo: 'bar'
|
|
}
|
|
}
|
|
});
|
|
|
|
asserts.assert(event_from_owner);
|
|
|
|
const fetched_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
|
|
method: 'GET',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(fetched_event_from_owner, event_from_owner);
|
|
|
|
const updated_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
|
|
method: 'PUT',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
},
|
|
json: {
|
|
type: 'other',
|
|
data: {
|
|
foo: 'baz'
|
|
}
|
|
}
|
|
});
|
|
|
|
asserts.assertNotEquals(updated_event_from_owner, event_from_owner);
|
|
asserts.assertEquals(updated_event_from_owner.type, 'other');
|
|
asserts.assertEquals(updated_event_from_owner.data.foo, 'baz');
|
|
|
|
const fetched_updated_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
|
|
method: 'GET',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(fetched_updated_event_from_owner, updated_event_from_owner);
|
|
asserts.assertNotEquals(fetched_updated_event_from_owner, fetched_event_from_owner);
|
|
asserts.assertEquals(fetched_updated_event_from_owner, updated_event_from_owner);
|
|
|
|
const other_user_info = await get_new_user(client);
|
|
|
|
const event_from_other_user = await client.fetch(`/rooms/${room.id}/events`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
},
|
|
json: {
|
|
type: 'test',
|
|
data: {
|
|
other_user: true
|
|
}
|
|
}
|
|
});
|
|
|
|
asserts.assert(event_from_other_user);
|
|
|
|
const fetched_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
|
|
method: 'GET',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);
|
|
|
|
const updated_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
|
|
method: 'PUT',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
},
|
|
json: {
|
|
type: 'other',
|
|
data: {
|
|
other_user: 'bloop'
|
|
}
|
|
}
|
|
});
|
|
|
|
asserts.assertNotEquals(updated_event_from_other_user, event_from_other_user);
|
|
asserts.assertEquals(updated_event_from_other_user.type, 'other');
|
|
asserts.assertEquals(updated_event_from_other_user.data.other_user, 'bloop');
|
|
|
|
const fetched_updated_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
|
|
method: 'GET',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);
|
|
asserts.assertNotEquals(fetched_updated_event_from_other_user, fetched_event_from_other_user);
|
|
asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);
|
|
|
|
const updated_by_owner_room = await client.fetch(`/rooms/${room.id}`, {
|
|
method: 'PUT',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
},
|
|
json: {
|
|
permissions: {
|
|
...room.permissions,
|
|
write_events: [owner_info.user.id]
|
|
}
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(updated_by_owner_room.permissions.write_events, [owner_info.user.id]);
|
|
|
|
try {
|
|
await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
|
|
method: 'PUT',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
},
|
|
json: {
|
|
type: 'new'
|
|
}
|
|
});
|
|
|
|
asserts.fail('allowed updating an event in a room with a write_events allowed only by owner');
|
|
} catch (error) {
|
|
asserts.assertEquals((error as Error).cause, 'permission_denied');
|
|
}
|
|
|
|
try {
|
|
await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
|
|
method: 'DELETE',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.fail('allowed deleting an event in a room with a write_events allowed only by owner');
|
|
} catch (error) {
|
|
asserts.assertEquals((error as Error).cause, 'permission_denied');
|
|
}
|
|
|
|
const publicly_writable_room = await client.fetch(`/rooms/${room.id}`, {
|
|
method: 'PUT',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
},
|
|
json: {
|
|
permissions: {
|
|
...room.permissions,
|
|
write_events: []
|
|
}
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(publicly_writable_room.permissions.write_events, []);
|
|
|
|
const delete_other_user_event_response = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
|
|
method: 'DELETE',
|
|
headers: {
|
|
'x-session_id': other_user_info.session.id,
|
|
'x-totp': await generateTotp(other_user_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(delete_other_user_event_response.deleted, true);
|
|
|
|
const delete_owner_event_response = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
|
|
method: 'DELETE',
|
|
headers: {
|
|
'x-session_id': owner_info.session.id,
|
|
'x-totp': await generateTotp(owner_info.session.secret)
|
|
}
|
|
});
|
|
|
|
asserts.assertEquals(delete_owner_event_response.deleted, true);
|
|
} finally {
|
|
if (test_server_info) {
|
|
await test_server_info?.server?.stop();
|
|
}
|
|
}
|
|
}
|
|
});
|