47 lines
1.7 KiB
TypeScript
47 lines
1.7 KiB
TypeScript
import { describe, expect, it, vi } from "vitest"
|
|
|
|
vi.mock("@/auth", () => ({
|
|
auth: (handler: (req: unknown) => unknown) => handler,
|
|
}))
|
|
|
|
import proxy from "@/proxy"
|
|
|
|
type SessionRole = "admin" | "teacher" | "student" | "parent"
|
|
|
|
const createRequest = (pathname: string, role?: SessionRole) => ({
|
|
nextUrl: {
|
|
pathname,
|
|
clone: () => new URL(`http://localhost${pathname}`),
|
|
},
|
|
auth: role ? { user: { role } } : null,
|
|
url: `http://localhost${pathname}`,
|
|
})
|
|
|
|
describe("proxy route guard", () => {
|
|
it("redirects unauthenticated requests to login with callback", async () => {
|
|
const response = await proxy(createRequest("/teacher/dashboard") as never)
|
|
expect(response.status).toBe(307)
|
|
const location = response.headers.get("location") ?? ""
|
|
expect(location).toContain("/login")
|
|
expect(location).toContain("callbackUrl=%2Fteacher%2Fdashboard")
|
|
})
|
|
|
|
it("redirects student away from admin routes", async () => {
|
|
const response = await proxy(createRequest("/admin/dashboard", "student") as never)
|
|
expect(response.status).toBe(307)
|
|
expect(response.headers.get("location")).toContain("/student/dashboard")
|
|
})
|
|
|
|
it("redirects parent away from management routes", async () => {
|
|
const response = await proxy(createRequest("/management/grade/insights", "parent") as never)
|
|
expect(response.status).toBe(307)
|
|
expect(response.headers.get("location")).toContain("/parent/dashboard")
|
|
})
|
|
|
|
it("allows teacher access to management routes", async () => {
|
|
const response = await proxy(createRequest("/management/grade/insights", "teacher") as never)
|
|
expect(response.status).toBe(200)
|
|
expect(response.headers.get("location")).toBeNull()
|
|
})
|
|
})
|