Skip to content

Commit

Permalink
test: add tests for blockallowlist APIs
Browse files Browse the repository at this point in the history
  • Loading branch information
@akhileshthite
akhileshthite committed Jan 8, 2024
1 parent 1f345bb commit 7e34a68
Showing 1 changed file with 399 additions and 0 deletions.
399 changes: 399 additions & 0 deletions src/server/api/blockallowlist.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,399 @@
import anyTest, { TestFn } from 'ava'
import sinon from 'sinon'
import { spawnTestServer } from '../fixtures/spawnServer.js'
import { FastifyTypebox } from './index.js'
import ActivityPubSystem from '../apsystem.js'

interface TestContext {
server: FastifyTypebox
hasAdminPermissionForRequestStub: sinon.SinonStub
hasPermissionActorRequestStub: sinon.SinonStub
mockStore: any
}

const test = anyTest as TestFn<TestContext>

test.beforeEach(async t => {
t.context.server = await spawnTestServer()

// Set up the mockStore
t.context.mockStore = {
blocklist: {
list: sinon.stub(),
add: sinon.stub().resolves(),
remove: sinon.stub().resolves()
},
allowlist: {
list: sinon.stub(),
add: sinon.stub().resolves(),
remove: sinon.stub().resolves()
},
forActor: sinon.stub().callsFake((actor) => ({
blocklist: {
list: sinon.stub(),
add: sinon.stub().resolves(),
remove: sinon.stub().resolves()
},
allowlist: {
list: sinon.stub(),
add: sinon.stub().resolves(),
remove: sinon.stub().resolves()
}
}))
}

// Setup mock responses
t.context.mockStore.blocklist.list.resolves(['[email protected]'])
t.context.mockStore.allowlist.list.resolves(['[email protected]'])
t.context.mockStore.forActor('testActor').blocklist.list.resolves(['[email protected]', '[email protected]'])
t.context.mockStore.forActor('testActor').allowlist.list.resolves(['[email protected]', '[email protected]'])

t.context.hasAdminPermissionForRequestStub = sinon.stub(ActivityPubSystem.prototype, 'hasAdminPermissionForRequest').resolves(true)
t.context.hasPermissionActorRequestStub = sinon.stub(ActivityPubSystem.prototype, 'hasPermissionActorRequest').resolves(true)
})

test.afterEach.always(async t => {
await t.context.server?.close()
t.context.hasAdminPermissionForRequestStub.restore()
t.context.hasPermissionActorRequestStub.restore()
})

// Global Blocklist Tests
// test.serial('GET /blocklist - success', async t => {
// const response = await t.context.server.inject({
// method: 'GET',
// url: '/v1/blocklist'
// })

// console.log(response.statusCode)
// console.log(response.body)

// t.is(response.statusCode, 200, 'returns a status code of 200')
// t.is(response.body, '[email protected]', 'returns the blocklist')
// })

test.serial('POST /blocklist - success', async t => {
const blocklistData = '[email protected]'

const response = await t.context.server.inject({
method: 'POST',
url: '/v1/blocklist',
payload: blocklistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

test.serial('DELETE /blocklist - success', async t => {
const blocklistData = '[email protected]'

const response = await t.context.server.inject({
method: 'DELETE',
url: '/v1/blocklist',
payload: blocklistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

// Global Allowlist Tests
// test.serial('GET /allowlist - success', async t => {
// const response = await t.context.server.inject({
// method: 'GET',
// url: '/v1/allowlist'
// })

// console.log(response.statusCode)
// console.log(response.body)

// t.is(response.statusCode, 200, 'returns a status code of 200')
// t.is(response.body, '[email protected]', 'returns the allowlist')
// })

test.serial('POST /allowlist - success', async t => {
const allowlistData = '[email protected]'

const response = await t.context.server.inject({
method: 'POST',
url: '/v1/allowlist',
payload: allowlistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

test.serial('DELETE /allowlist - success', async t => {
const allowlistData = '[email protected]'

const response = await t.context.server.inject({
method: 'DELETE',
url: '/v1/allowlist',
payload: allowlistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

// Negative cases for Global Blocklist
test.serial('GET /v1/blocklist - not allowed', async t => {
t.context.hasAdminPermissionForRequestStub.resolves(false)

const response = await t.context.server.inject({
method: 'GET',
url: '/v1/blocklist'
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('POST /v1/blocklist - not allowed', async t => {
t.context.hasAdminPermissionForRequestStub.resolves(false)
const blocklistData = '[email protected]'

const response = await t.context.server.inject({
method: 'POST',
url: '/v1/blocklist',
payload: blocklistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('DELETE /v1/blocklist - not allowed', async t => {
t.context.hasAdminPermissionForRequestStub.resolves(false)
const blocklistData = '[email protected]'

const response = await t.context.server.inject({
method: 'DELETE',
url: '/v1/blocklist',
payload: blocklistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

// Negative cases for Global Allowlist
test.serial('GET /v1/allowlist - not allowed', async t => {
t.context.hasAdminPermissionForRequestStub.resolves(false)

const response = await t.context.server.inject({
method: 'GET',
url: '/v1/allowlist'
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('POST /v1/allowlist - not allowed', async t => {
t.context.hasAdminPermissionForRequestStub.resolves(false)
const allowlistData = '[email protected]'

const response = await t.context.server.inject({
method: 'POST',
url: '/v1/allowlist',
payload: allowlistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('DELETE /v1/allowlist - not allowed', async t => {
t.context.hasAdminPermissionForRequestStub.resolves(false)
const allowlistData = '[email protected]'

const response = await t.context.server.inject({
method: 'DELETE',
url: '/v1/allowlist',
payload: allowlistData,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

// Actor-specific Blocklist Tests
// test.serial('GET /:actor/blocklist - success', async t => {
// const actor = 'testActor'
// const blockedAccounts = ['[email protected]', '[email protected]']

// t.context.mockStore.forActor(actor).blocklist.list.resolves(blockedAccounts)

// const response = await t.context.server.inject({
// method: 'GET',
// url: `/v1/${actor}/blocklist`
// })

// console.log(response.statusCode)
// console.log(response.body)

// t.is(response.statusCode, 200, 'returns a status code of 200')
// t.deepEqual(response.body.split('\n'), blockedAccounts, 'returns the correct blocklist')
// })

test.serial('POST /:actor/blocklist - success', async t => {
const actor = 'testActor'
const accountsToAdd = ['[email protected]', '[email protected]'].join('\n')

const response = await t.context.server.inject({
method: 'POST',
url: `/v1/${actor}/blocklist`,
payload: accountsToAdd,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

test.serial('DELETE /:actor/blocklist - success', async t => {
const actor = 'testActor'
const accountsToRemove = ['[email protected]', '[email protected]'].join('\n')

const response = await t.context.server.inject({
method: 'DELETE',
url: `/v1/${actor}/blocklist`,
payload: accountsToRemove,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

// Actor-specific Allowlist Tests
// test.serial('GET /:actor/allowlist - success', async t => {
// const actor = 'testActor'
// const allowedAccounts = ['[email protected]', '[email protected]']

// t.context.mockStore.forActor(actor).allowlist.list.resolves(allowedAccounts)

// const response = await t.context.server.inject({
// method: 'GET',
// url: `/v1/${actor}/allowlist`
// })

// console.log(response.statusCode)
// console.log(response.body)

// t.is(response.statusCode, 200, 'returns a status code of 200')
// t.deepEqual(response.body.split('\n'), allowedAccounts, 'returns the correct allowlist')
// })

test.serial('POST /:actor/allowlist - success', async t => {
const actor = 'testActor'
const accountsToAdd = ['[email protected]', '[email protected]'].join('\n')

const response = await t.context.server.inject({
method: 'POST',
url: `/v1/${actor}/allowlist`,
payload: accountsToAdd,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

test.serial('DELETE /:actor/allowlist - success', async t => {
const actor = 'testActor'
const accountsToRemove = ['[email protected]', '[email protected]'].join('\n')

const response = await t.context.server.inject({
method: 'DELETE',
url: `/v1/${actor}/allowlist`,
payload: accountsToRemove,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 200, 'returns a status code of 200')
})

// Negative cases for /:actor/blocklist
test.serial('GET /:actor/blocklist - not allowed', async t => {
t.context.hasPermissionActorRequestStub.resolves(false)
const actor = 'testActor'

const response = await t.context.server.inject({
method: 'GET',
url: `/v1/${actor}/blocklist`
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('POST /:actor/blocklist - not allowed', async t => {
t.context.hasPermissionActorRequestStub.resolves(false)
const actor = 'testActor'
const accountsToAdd = '[email protected]'

const response = await t.context.server.inject({
method: 'POST',
url: `/v1/${actor}/blocklist`,
payload: accountsToAdd,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('DELETE /:actor/blocklist - not allowed', async t => {
t.context.hasPermissionActorRequestStub.resolves(false)
const actor = 'testActor'
const accountsToRemove = '[email protected]'

const response = await t.context.server.inject({
method: 'DELETE',
url: `/v1/${actor}/blocklist`,
payload: accountsToRemove,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

// Negative cases for /:actor/allowlist
test.serial('GET /:actor/allowlist - not allowed', async t => {
t.context.hasPermissionActorRequestStub.resolves(false)
const actor = 'testActor'

const response = await t.context.server.inject({
method: 'GET',
url: `/v1/${actor}/allowlist`
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('POST /:actor/allowlist - not allowed', async t => {
t.context.hasPermissionActorRequestStub.resolves(false)
const actor = 'testActor'
const accountsToAdd = '[email protected]'

const response = await t.context.server.inject({
method: 'POST',
url: `/v1/${actor}/allowlist`,
payload: accountsToAdd,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

test.serial('DELETE /:actor/allowlist - not allowed', async t => {
t.context.hasPermissionActorRequestStub.resolves(false)
const actor = 'testActor'
const accountsToRemove = '[email protected]'

const response = await t.context.server.inject({
method: 'DELETE',
url: `/v1/${actor}/allowlist`,
payload: accountsToRemove,
headers: { 'Content-Type': 'text/plain' }
})

t.is(response.statusCode, 403, 'returns a status code of 403')
})

0 comments on commit 7e34a68

Please sign in to comment.