MrSphay/intelligence-terminal
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d7df2e4aeea5a3ccc0f4cce4b70fb0f1fc669aec
intelligence-terminal/test/fetch-utils.test.mjs
MrSphay d7df2e4aee
All checks were successful
Codex Template Compliance / template-compliance (pull_request) Successful in 5s
Details
Build / test-and-image (pull_request) Successful in 49s
Details
fix: harden terminal action endpoints
2026-05-17 14:19:28 +02:00

57 lines
2.0 KiB
JavaScript
Raw Blame History

import test from 'node:test';
import assert from 'node:assert/strict';
import { readFileSync } from 'node:fs';
import { safeFetch, safeFetchText, getFetchMetrics } from '../apis/utils/fetch.mjs';
test('safeFetch reports HTML as degraded JSON response', async () => {
const originalFetch = globalThis.fetch;
globalThis.fetch = async () => ({
ok: true,
status: 200,
headers: { get: () => 'text/html' },
text: async () => '<html>not json</html>',
});
try {
const data = await safeFetch('https://example.test/json', { retries: 0, source: 'unit' });
assert.match(data.error, /Expected JSON/);
assert.ok(getFetchMetrics().bySource.unit.requests >= 1);
} finally {
globalThis.fetch = originalFetch;
}
});
test('safeFetchText returns text and byte count', async () => {
const originalFetch = globalThis.fetch;
globalThis.fetch = async () => ({
ok: true,
status: 200,
text: async () => 'hello',
});
try {
const data = await safeFetchText('https://example.test/rss', { retries: 0, source: 'rss-unit' });
assert.equal(data.text, 'hello');
assert.equal(data.bytes, 5);
} finally {
globalThis.fetch = originalFetch;
}
});
test('terminal action endpoints avoid URL tokens and include hardening gates', () => {
const server = readFileSync(new URL('../server.mjs', import.meta.url), 'utf8');
assert.match(server, /app\.post\('\/api\/action'/);
assert.match(server, /app\.post\('\/api\/sweep'/);
assert.match(server, /x-crucix-token/);
assert.match(server, /sameOriginPost/);
assert.match(server, /rateLimitTerminalAction/);
assert.match(server, /auditTerminalAction/);
assert.doesNotMatch(server, /req\.query\.token/);
});
test('dashboard exposes token configuration flow without devtools edits', () => {
const html = readFileSync(new URL('../dashboard/public/jarvis.html', import.meta.url), 'utf8');
assert.match(html, /configureTerminalActionToken/);
assert.match(html, /crucix_sweep_token/);
assert.match(html, /x-crucix-token/);
assert.match(html, /SET TOKEN/);
});
Reference in New Issue View Git Blame Copy Permalink