apps/tests/admin_list_users.test.ts
import axios from "axios";
import { password } from "bun";
import { describe, it, expect } from "bun:test";
let BASE_URL = `http://localhost:3001`;
describe("RBAC - Admin only List Users",()=>{
let userToken : string;
let adminToken : string;
it("signin in as admin",async ()=>{
const res = await axios.post(`${BASE_URL}/api/v1/signin`,{
email : "[email protected]",
password : "runstate-admin-logging"
})
console.log(adminToken)
adminToken = res.data.data.token;
})
it("signin as user",async () => {
const res = await axios.post(`${BASE_URL}/api/v1/signin`,{
email : "[email protected]",
password : "A@a123456"
})
console.log(userToken);
userToken = res.data.data.token;
})
it("user cannot access admin endpoint", async () => {
try{
const res = await axios.get(`${BASE_URL}/api/v1/admin/users`,{
headers : {
Authorization : `Bearer ${userToken}`
}
})
}catch( err : any ){
expect(err.response.status).toBe(403)
}
})
it("admin can access admin endpoints", async () => {
const res = await axios.get(`${BASE_URL}/api/v1/admin/users`,{
headers : {
Authorization : `Bearer ${adminToken}`
}
})
expect(res.status).toBe(200);
console.log(res.data.data);
expect(Array.isArray(res.data.data)).toBe(true)
})
})
apps/tests/website_ownership.test.ts
import axios from "axios";
import { describe, it, expect } from "bun:test";
const BASE_URL = `http://localhost:3001`;
describe("RBAC - Website Ownership", () =>{
let userAToken : string;
let userBToken : string;
let websiteIdA : string;
it("signin user A", async() =>{
const res = await axios.post(`${BASE_URL}/api/v1/signin`,{
email : "[email protected]",
password : "A@a123456"
})
userAToken = res.data.data.token;
})
it("signin user B", async () => {
const res = await axios.post(`${BASE_URL}/api/v1/signin`,{
email : "[email protected]",
password : "A@a123456"
})
userBToken = res.data.data.token;
})
it("user A creates website",async () =>{
const res = await axios.post(`${BASE_URL}/api/v1/websites`,{
url : "<https://examples1.com>"
},{
headers : {
Authorization : `Bearer ${userAToken}`
}
})
console.log(res.data.data);
websiteIdA = res.data.data.ID;
})
it("user B cannot delete user A website", async () => {
expect.assertions(1)
try {
await axios.delete(`${BASE_URL}/api/v1/websites/${websiteIdA}`,{
headers : {
Authorization : `Bearer ${userBToken}`
}
})
}
catch(err : any){
expect(err.response.status).toBe(403)
}
})
it("user A can delete its own website", async () => {
const res = await axios.delete(`${BASE_URL}/api/v1/websites/${websiteIdA}`, {
headers : {
Authorization : `Bearer ${userAToken}`
}
})
expect(res.data.success).toBe(true)
})
})
tests/admin_lists_delete_users.test.tsimport axios from "axios";
import { password } from "bun";
import { describe, it, expect } from "bun:test";
let BASE_URL = `http://localhost:3001`;
describe("RBAC - Admin only List Users & Delete any user",()=>{
let userToken : string;
let adminToken : string;
let userWebsiteId : string;
it("signin in as admin",async ()=>{
const res = await axios.post(`${BASE_URL}/api/v1/signin`,{
email : "[email protected]",
password : "runstate-admin-logging"
})
console.log(adminToken)
adminToken = res.data.data.token;
})
it("signin as user",async () => {
const res = await axios.post(`${BASE_URL}/api/v1/signin`,{
email : "[email protected]",
password : "A@a123456"
})
console.log(userToken);
userToken = res.data.data.token;
})
it("user creates website", async() => {
const res = await axios.post(`${BASE_URL}/api/v1/websites`,{
url : "<https://examples2.com>"
},{
headers : {
Authorization : `Bearer ${userToken}`
}
})
expect(res.data.success).toBe(true);
userWebsiteId = res.data.data.ID;
})
it("user cannot access admin endpoint", async () => {
try{
const res = await axios.get(`${BASE_URL}/api/v1/admin/users`,{
headers : {
Authorization : `Bearer ${userToken}`
}
})
}catch( err : any ){
expect(err.response.status).toBe(403)
}
})
it("admin can access admin endpoints", async () => {
const res = await axios.get(`${BASE_URL}/api/v1/admin/users`,{
headers : {
Authorization : `Bearer ${adminToken}`
}
})
expect(res.status).toBe(200);
console.log(res.data.data);
expect(Array.isArray(res.data.data)).toBe(true)
})
// ADMIN CAN DELETE ANY USER'S WEBSITE
it("admin can delete any user's website", async () => {
const res = await axios.delete(`${BASE_URL}/api/v1/websites/${userWebsiteId}`,{
headers : {
Authorization : `Bearer ${adminToken}`
}
})
expect(res.data.success).toBe(true)
})
})
