generated from nhcarrigan/template
hikari
29c817230d
## Summary This PR represents the full v1 prototype, implementing the core game systems for Elysium. - Full idle/clicker RPG loop: resource collection, crafting, boss fights, exploration, and quests - Adventurer hiring with batch size selector and progressive tier cost scaling - Prestige, transcendence, and apotheosis systems with auto-prestige support - Character sheet, titles, leaderboards, companion system, and daily login bonuses - Auto-quest and auto-boss toggles - Discord webhook notifications on prestige/transcendence/apotheosis - Discord role awarded on apotheosis - Responsive design and overarching story/lore system - In-game sound effects and browser notifications for key events - Support link button in the resource bar - Full test coverage (100% on `apps/api` and `packages/types`) - CI pipeline: lint → build → test ## Closes Closes #1 Closes #2 Closes #3 Closes #4 Closes #5 Closes #6 Closes #7 Closes #8 Closes #9 Closes #10 Closes #11 Closes #12 Closes #13 Closes #14 Closes #16 Closes #19 Closes #20 Closes #21 Closes #22 Closes #23 Closes #24 Closes #25 Closes #26 Closes #27 Closes #29 ✨ This issue was created with help from Hikari~ 🌸 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Reviewed-on: #30 Co-authored-by: Hikari <hikari@nhcarrigan.com> Co-committed-by: Hikari <hikari@nhcarrigan.com>
77 lines
3.0 KiB
TypeScript
77 lines
3.0 KiB
TypeScript
/* eslint-disable max-lines-per-function -- Test suites naturally have many cases */
|
|
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
|
|
|
describe("jwt service", () => {
|
|
const ORIGINAL_ENV = process.env;
|
|
|
|
beforeEach(() => {
|
|
process.env = { ...ORIGINAL_ENV };
|
|
vi.resetModules();
|
|
});
|
|
|
|
afterEach(() => {
|
|
process.env = ORIGINAL_ENV;
|
|
});
|
|
|
|
describe("signToken", () => {
|
|
it("throws when JWT_SECRET is not set", async () => {
|
|
delete process.env["JWT_SECRET"];
|
|
const { signToken } = await import("../../src/services/jwt.js");
|
|
expect(() => signToken("test_id")).toThrow("JWT_SECRET environment variable is required");
|
|
});
|
|
|
|
it("returns a three-part dot-separated token", async () => {
|
|
process.env["JWT_SECRET"] = "test_secret";
|
|
const { signToken } = await import("../../src/services/jwt.js");
|
|
const token = signToken("test_id");
|
|
expect(token.split(".")).toHaveLength(3);
|
|
});
|
|
});
|
|
|
|
describe("verifyToken", () => {
|
|
it("throws when JWT_SECRET is not set", async () => {
|
|
delete process.env["JWT_SECRET"];
|
|
const { verifyToken } = await import("../../src/services/jwt.js");
|
|
expect(() => verifyToken("a.b.c")).toThrow("JWT_SECRET environment variable is required");
|
|
});
|
|
|
|
it("round-trips a token correctly", async () => {
|
|
process.env["JWT_SECRET"] = "test_secret";
|
|
const { signToken, verifyToken } = await import("../../src/services/jwt.js");
|
|
const token = signToken("user_123");
|
|
const payload = verifyToken(token);
|
|
expect(payload.discordId).toBe("user_123");
|
|
});
|
|
|
|
it("throws on wrong token format (not 3 parts)", async () => {
|
|
process.env["JWT_SECRET"] = "test_secret";
|
|
const { verifyToken } = await import("../../src/services/jwt.js");
|
|
expect(() => verifyToken("only.two")).toThrow("Invalid token format");
|
|
});
|
|
|
|
it("throws on tampered signature", async () => {
|
|
process.env["JWT_SECRET"] = "test_secret";
|
|
const { signToken, verifyToken } = await import("../../src/services/jwt.js");
|
|
const token = signToken("user_123");
|
|
const parts = token.split(".");
|
|
const tampered = `${parts[0]}.${parts[1]}.BAD_SIGNATURE`;
|
|
expect(() => verifyToken(tampered)).toThrow("Invalid token signature");
|
|
});
|
|
|
|
it("throws on expired token", async () => {
|
|
process.env["JWT_SECRET"] = "test_secret";
|
|
const { verifyToken } = await import("../../src/services/jwt.js");
|
|
// Build a token with exp in the past
|
|
const header = Buffer.from(JSON.stringify({ alg: "HS256", typ: "JWT" })).toString("base64url");
|
|
const payload = Buffer.from(
|
|
JSON.stringify({ discordId: "x", iat: 1000, exp: 1001 }),
|
|
).toString("base64url");
|
|
const { createHmac } = await import("crypto");
|
|
const signature = createHmac("sha256", "test_secret")
|
|
.update(`${header}.${payload}`)
|
|
.digest("base64url");
|
|
expect(() => verifyToken(`${header}.${payload}.${signature}`)).toThrow("Token has expired");
|
|
});
|
|
});
|
|
});
|