/** * Tests for GET /api/admin/verify-admin * * Covers: * - happy path: User ist admin → isAdmin: true * - 403: User ist authentifiziert aber NICHT in admin_users * - 401: User ist nicht eingeloggt * * Strategy: * - isAdminUser DB-layer: tested directly with mocked Prisma * - requireAdmin util: tested directly with mocked requireUser + isAdminUser * - endpoint handler: tested with mocked requireAdmin */ import { describe, expect, it, vi, beforeEach } from "vitest"; // ─── Prisma mock ───────────────────────────────────────────────────────────── const prismaMock = vi.hoisted(() => ({ adminUser: { findUnique: vi.fn(), }, })); vi.mock("../../server/utils/prisma", () => ({ usePrisma: () => prismaMock, })); // ─── requireUser mock (used by requireAdmin tests) ─────────────────────────── const requireUserMock = vi.hoisted(() => vi.fn()); vi.mock("../../server/utils/auth", async (importOriginal) => { const actual = await importOriginal(); return { ...actual, requireUser: requireUserMock, }; }); import { isAdminUser } from "../../server/db/admin"; import { requireAdmin } from "../../server/utils/auth"; beforeEach(() => { vi.clearAllMocks(); }); // ─── isAdminUser DB-layer ──────────────────────────────────────────────────── describe("isAdminUser — user IS in admin_users", () => { it("returns true when row exists", async () => { prismaMock.adminUser.findUnique.mockResolvedValueOnce({ userId: "128df360-2008-4d6f-8aa1-bdb41ec1362f", createdAt: new Date(), addedBy: null, }); const result = await isAdminUser("128df360-2008-4d6f-8aa1-bdb41ec1362f"); expect(result).toBe(true); expect(prismaMock.adminUser.findUnique).toHaveBeenCalledWith({ where: { userId: "128df360-2008-4d6f-8aa1-bdb41ec1362f" }, }); }); }); describe("isAdminUser — user NOT in admin_users", () => { it("returns false when row is null", async () => { prismaMock.adminUser.findUnique.mockResolvedValueOnce(null); const result = await isAdminUser("some-random-user-id"); expect(result).toBe(false); }); }); // ─── requireAdmin util ─────────────────────────────────────────────────────── describe("requireAdmin — happy path (admin user)", () => { it("returns user object when authenticated and in admin_users", async () => { const fakeUser = { id: "128df360-2008-4d6f-8aa1-bdb41ec1362f", email: "chahinebrini@gmail.com", }; requireUserMock.mockResolvedValueOnce(fakeUser); prismaMock.adminUser.findUnique.mockResolvedValueOnce({ userId: fakeUser.id, createdAt: new Date(), addedBy: null, }); const result = await requireAdmin({} as Parameters[0]); expect(result).toMatchObject({ id: fakeUser.id, email: fakeUser.email }); }); }); describe("requireAdmin — 403 (non-admin)", () => { it("throws 403 when user is authenticated but not in admin_users", async () => { requireUserMock.mockResolvedValueOnce({ id: "regular-user-id", email: "user@example.com", }); prismaMock.adminUser.findUnique.mockResolvedValueOnce(null); await expect( requireAdmin({} as Parameters[0]), ).rejects.toMatchObject({ statusCode: 403 }); }); }); describe("requireAdmin — 401 (not logged in)", () => { it("propagates 401 from requireUser when token missing", async () => { const authError = Object.assign(new Error("Nicht eingeloggt"), { statusCode: 401, }); requireUserMock.mockRejectedValueOnce(authError); await expect( requireAdmin({} as Parameters[0]), ).rejects.toMatchObject({ statusCode: 401 }); }); }); // ─── verify-admin endpoint handler ─────────────────────────────────────────── describe("verify-admin endpoint — returns isAdmin: true for admin", () => { it("returns { success: true, data: { isAdmin: true, userId, email } }", async () => { const fakeUser = { id: "128df360-2008-4d6f-8aa1-bdb41ec1362f", email: "chahinebrini@gmail.com", }; // requireAdmin is backed by requireUser mock (via spread in vi.mock above) requireUserMock.mockResolvedValueOnce(fakeUser); prismaMock.adminUser.findUnique.mockResolvedValueOnce({ userId: fakeUser.id, createdAt: new Date(), addedBy: null, }); const mod = await import("../../server/api/admin/verify-admin.get"); const handler = typeof mod.default === "function" ? mod.default : (mod.default as { handler?: unknown }).handler; const result = await (handler as (e: unknown) => Promise)({}); expect(result).toEqual({ success: true, data: { isAdmin: true, userId: fakeUser.id, email: fakeUser.email, }, }); }); });