=test_update_homework_tests_and_work_log

tests/integration/proxy-guard.test.ts

@@ -0,0 +1,46 @@
+import { describe, expect, it, vi } from "vitest"
+
+vi.mock("@/auth", () => ({
+  auth: (handler: (req: unknown) => unknown) => handler,
+}))
+
+import proxy from "@/proxy"
+
+type SessionRole = "admin" | "teacher" | "student" | "parent"
+
+const createRequest = (pathname: string, role?: SessionRole) => ({
+  nextUrl: {
+    pathname,
+    clone: () => new URL(`http://localhost${pathname}`),
+  },
+  auth: role ? { user: { role } } : null,
+  url: `http://localhost${pathname}`,
+})
+
+describe("proxy route guard", () => {
+  it("redirects unauthenticated requests to login with callback", async () => {
+    const response = await proxy(createRequest("/teacher/dashboard") as never)
+    expect(response.status).toBe(307)
+    const location = response.headers.get("location") ?? ""
+    expect(location).toContain("/login")
+    expect(location).toContain("callbackUrl=%2Fteacher%2Fdashboard")
+  })
+
+  it("redirects student away from admin routes", async () => {
+    const response = await proxy(createRequest("/admin/dashboard", "student") as never)
+    expect(response.status).toBe(307)
+    expect(response.headers.get("location")).toContain("/student/dashboard")
+  })
+
+  it("redirects parent away from management routes", async () => {
+    const response = await proxy(createRequest("/management/grade/insights", "parent") as never)
+    expect(response.status).toBe(307)
+    expect(response.headers.get("location")).toContain("/parent/dashboard")
+  })
+
+  it("allows teacher access to management routes", async () => {
+    const response = await proxy(createRequest("/management/grade/insights", "teacher") as never)
+    expect(response.status).toBe(200)
+    expect(response.headers.get("location")).toBeNull()
+  })
+})