mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-23 20:00:15 +01:00
ci: update access middleware tests
This commit is contained in:
Danny Avila
parent
451e426e4c
commit
7464214f0f
1 changed files with 177 additions and 71 deletions
|
|
@ -1,17 +1,31 @@
|
||||||
const mongoose = require('mongoose');
|
const mongoose = require('mongoose');
|
||||||
const { MongoMemoryServer } = require('mongodb-memory-server');
|
const { MongoMemoryServer } = require('mongodb-memory-server');
|
||||||
const { checkAccess, generateCheckAccess } = require('./access');
|
const { checkAccess, generateCheckAccess } = require('@librechat/api');
|
||||||
const { PermissionTypes, Permissions } = require('librechat-data-provider');
|
const { PermissionTypes, Permissions } = require('librechat-data-provider');
|
||||||
|
const { getRoleByName } = require('~/models/Role');
|
||||||
const { Role } = require('~/db/models');
|
const { Role } = require('~/db/models');
|
||||||
|
|
||||||
// Mock only the logger
|
// Mock the logger from @librechat/data-schemas
|
||||||
jest.mock('~/config', () => ({
|
jest.mock('@librechat/data-schemas', () => ({
|
||||||
|
...jest.requireActual('@librechat/data-schemas'),
|
||||||
logger: {
|
logger: {
|
||||||
warn: jest.fn(),
|
warn: jest.fn(),
|
||||||
error: jest.fn(),
|
error: jest.fn(),
|
||||||
|
info: jest.fn(),
|
||||||
|
debug: jest.fn(),
|
||||||
},
|
},
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
// Mock the cache to use a simple in-memory implementation
|
||||||
|
const mockCache = new Map();
|
||||||
|
jest.mock('~/cache/getLogStores', () => {
|
||||||
|
return jest.fn(() => ({
|
||||||
|
get: jest.fn(async (key) => mockCache.get(key)),
|
||||||
|
set: jest.fn(async (key, value) => mockCache.set(key, value)),
|
||||||
|
clear: jest.fn(async () => mockCache.clear()),
|
||||||
|
}));
|
||||||
|
});
|
||||||
|
|
||||||
describe('Access Middleware', () => {
|
describe('Access Middleware', () => {
|
||||||
let mongoServer;
|
let mongoServer;
|
||||||
let req, res, next;
|
let req, res, next;
|
||||||
|
|
@ -29,33 +43,86 @@ describe('Access Middleware', () => {
|
||||||
|
|
||||||
beforeEach(async () => {
|
beforeEach(async () => {
|
||||||
await mongoose.connection.dropDatabase();
|
await mongoose.connection.dropDatabase();
|
||||||
|
mockCache.clear(); // Clear the cache between tests
|
||||||
|
|
||||||
// Create test roles
|
// Create test roles
|
||||||
await Role.create({
|
await Role.create({
|
||||||
name: 'user',
|
name: 'user',
|
||||||
permissions: {
|
permissions: {
|
||||||
|
[PermissionTypes.BOOKMARKS]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.PROMPTS]: {
|
||||||
|
[Permissions.SHARED_GLOBAL]: false,
|
||||||
|
[Permissions.USE]: true,
|
||||||
|
[Permissions.CREATE]: true,
|
||||||
|
},
|
||||||
|
[PermissionTypes.MEMORIES]: {
|
||||||
|
[Permissions.USE]: true,
|
||||||
|
[Permissions.CREATE]: true,
|
||||||
|
[Permissions.UPDATE]: true,
|
||||||
|
[Permissions.READ]: true,
|
||||||
|
[Permissions.OPT_OUT]: true,
|
||||||
|
},
|
||||||
[PermissionTypes.AGENTS]: {
|
[PermissionTypes.AGENTS]: {
|
||||||
[Permissions.USE]: true,
|
[Permissions.USE]: true,
|
||||||
[Permissions.CREATE]: false,
|
[Permissions.CREATE]: false,
|
||||||
[Permissions.SHARED_GLOBAL]: false,
|
[Permissions.SHARED_GLOBAL]: false,
|
||||||
},
|
},
|
||||||
|
[PermissionTypes.MULTI_CONVO]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.TEMPORARY_CHAT]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.RUN_CODE]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.WEB_SEARCH]: { [Permissions.USE]: true },
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
await Role.create({
|
await Role.create({
|
||||||
name: 'admin',
|
name: 'admin',
|
||||||
permissions: {
|
permissions: {
|
||||||
|
[PermissionTypes.BOOKMARKS]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.PROMPTS]: {
|
||||||
|
[Permissions.SHARED_GLOBAL]: true,
|
||||||
|
[Permissions.USE]: true,
|
||||||
|
[Permissions.CREATE]: true,
|
||||||
|
},
|
||||||
|
[PermissionTypes.MEMORIES]: {
|
||||||
|
[Permissions.USE]: true,
|
||||||
|
[Permissions.CREATE]: true,
|
||||||
|
[Permissions.UPDATE]: true,
|
||||||
|
[Permissions.READ]: true,
|
||||||
|
[Permissions.OPT_OUT]: true,
|
||||||
|
},
|
||||||
[PermissionTypes.AGENTS]: {
|
[PermissionTypes.AGENTS]: {
|
||||||
[Permissions.USE]: true,
|
[Permissions.USE]: true,
|
||||||
[Permissions.CREATE]: true,
|
[Permissions.CREATE]: true,
|
||||||
[Permissions.SHARED_GLOBAL]: true,
|
[Permissions.SHARED_GLOBAL]: true,
|
||||||
},
|
},
|
||||||
|
[PermissionTypes.MULTI_CONVO]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.TEMPORARY_CHAT]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.RUN_CODE]: { [Permissions.USE]: true },
|
||||||
|
[PermissionTypes.WEB_SEARCH]: { [Permissions.USE]: true },
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
// Create limited role with no AGENTS permissions
|
||||||
|
await Role.create({
|
||||||
|
name: 'limited',
|
||||||
|
permissions: {
|
||||||
|
// Explicitly set AGENTS permissions to false
|
||||||
|
[PermissionTypes.AGENTS]: {
|
||||||
|
[Permissions.USE]: false,
|
||||||
|
[Permissions.CREATE]: false,
|
||||||
|
[Permissions.SHARED_GLOBAL]: false,
|
||||||
|
},
|
||||||
|
// Has permissions for other types
|
||||||
|
[PermissionTypes.PROMPTS]: {
|
||||||
|
[Permissions.USE]: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
req = {
|
req = {
|
||||||
user: { id: 'user123', role: 'user' },
|
user: { id: 'user123', role: 'user' },
|
||||||
body: {},
|
body: {},
|
||||||
|
originalUrl: '/test',
|
||||||
};
|
};
|
||||||
res = {
|
res = {
|
||||||
status: jest.fn().mockReturnThis(),
|
status: jest.fn().mockReturnThis(),
|
||||||
|
|
@ -67,92 +134,114 @@ describe('Access Middleware', () => {
|
||||||
|
|
||||||
describe('checkAccess', () => {
|
describe('checkAccess', () => {
|
||||||
test('should return false if user is not provided', async () => {
|
test('should return false if user is not provided', async () => {
|
||||||
const result = await checkAccess(null, PermissionTypes.AGENTS, [Permissions.USE]);
|
const result = await checkAccess({
|
||||||
|
user: null,
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(result).toBe(false);
|
expect(result).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should return true if user has required permission', async () => {
|
test('should return true if user has required permission', async () => {
|
||||||
const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.USE]);
|
const result = await checkAccess({
|
||||||
|
req: {},
|
||||||
|
user: { id: 'user123', role: 'user' },
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(result).toBe(true);
|
expect(result).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should return false if user lacks required permission', async () => {
|
test('should return false if user lacks required permission', async () => {
|
||||||
const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.CREATE]);
|
const result = await checkAccess({
|
||||||
|
req: {},
|
||||||
|
user: { id: 'user123', role: 'user' },
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.CREATE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(result).toBe(false);
|
expect(result).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should return true if user has any of multiple permissions', async () => {
|
test('should return true if user has any of multiple permissions', async () => {
|
||||||
const result = await checkAccess(req.user, PermissionTypes.AGENTS, [
|
const result = await checkAccess({
|
||||||
Permissions.USE,
|
req: {},
|
||||||
Permissions.CREATE,
|
user: { id: 'user123', role: 'user' },
|
||||||
]);
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.CREATE, Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(result).toBe(true);
|
expect(result).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should check body properties when permission is not directly granted', async () => {
|
test('should check body properties when permission is not directly granted', async () => {
|
||||||
// User role doesn't have CREATE permission, but bodyProps allows it
|
const req = { body: { id: 'agent123' } };
|
||||||
const bodyProps = {
|
const result = await checkAccess({
|
||||||
[Permissions.CREATE]: ['agentId', 'name'],
|
req,
|
||||||
};
|
user: { id: 'user123', role: 'user' },
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
const checkObject = { agentId: 'agent123' };
|
permissions: [Permissions.UPDATE],
|
||||||
|
bodyProps: {
|
||||||
const result = await checkAccess(
|
[Permissions.UPDATE]: ['id'],
|
||||||
req.user,
|
},
|
||||||
PermissionTypes.AGENTS,
|
checkObject: req.body,
|
||||||
[Permissions.CREATE],
|
getRoleByName,
|
||||||
bodyProps,
|
});
|
||||||
checkObject,
|
|
||||||
);
|
|
||||||
expect(result).toBe(true);
|
expect(result).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should return false if role is not found', async () => {
|
test('should return false if role is not found', async () => {
|
||||||
req.user.role = 'nonexistent';
|
const result = await checkAccess({
|
||||||
const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.USE]);
|
req: {},
|
||||||
|
user: { id: 'user123', role: 'nonexistent' },
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(result).toBe(false);
|
expect(result).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should return false if role has no permissions for the requested type', async () => {
|
test('should return false if role has no permissions for the requested type', async () => {
|
||||||
await Role.create({
|
const result = await checkAccess({
|
||||||
name: 'limited',
|
req: {},
|
||||||
permissions: {
|
user: { id: 'user123', role: 'limited' },
|
||||||
// Explicitly set AGENTS permissions to false
|
permissionType: PermissionTypes.AGENTS,
|
||||||
[PermissionTypes.AGENTS]: {
|
permissions: [Permissions.USE],
|
||||||
[Permissions.USE]: false,
|
getRoleByName,
|
||||||
[Permissions.CREATE]: false,
|
|
||||||
[Permissions.SHARED_GLOBAL]: false,
|
|
||||||
},
|
|
||||||
// Has permissions for other types
|
|
||||||
[PermissionTypes.PROMPTS]: {
|
|
||||||
[Permissions.USE]: true,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
});
|
});
|
||||||
req.user.role = 'limited';
|
|
||||||
|
|
||||||
const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.USE]);
|
|
||||||
expect(result).toBe(false);
|
expect(result).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should handle admin role with all permissions', async () => {
|
test('should handle admin role with all permissions', async () => {
|
||||||
req.user.role = 'admin';
|
const createResult = await checkAccess({
|
||||||
|
req: {},
|
||||||
const createResult = await checkAccess(req.user, PermissionTypes.AGENTS, [
|
user: { id: 'admin123', role: 'admin' },
|
||||||
Permissions.CREATE,
|
permissionType: PermissionTypes.AGENTS,
|
||||||
]);
|
permissions: [Permissions.CREATE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(createResult).toBe(true);
|
expect(createResult).toBe(true);
|
||||||
|
|
||||||
const shareResult = await checkAccess(req.user, PermissionTypes.AGENTS, [
|
const shareResult = await checkAccess({
|
||||||
Permissions.SHARED_GLOBAL,
|
req: {},
|
||||||
]);
|
user: { id: 'admin123', role: 'admin' },
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.SHARED_GLOBAL],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
expect(shareResult).toBe(true);
|
expect(shareResult).toBe(true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('generateCheckAccess', () => {
|
describe('generateCheckAccess', () => {
|
||||||
test('should call next() when user has required permission', async () => {
|
test('should call next() when user has required permission', async () => {
|
||||||
const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
|
const middleware = generateCheckAccess({
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).toHaveBeenCalled();
|
expect(next).toHaveBeenCalled();
|
||||||
|
|
@ -160,7 +249,11 @@ describe('Access Middleware', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should return 403 when user lacks permission', async () => {
|
test('should return 403 when user lacks permission', async () => {
|
||||||
const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.CREATE]);
|
const middleware = generateCheckAccess({
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.CREATE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).not.toHaveBeenCalled();
|
expect(next).not.toHaveBeenCalled();
|
||||||
|
|
@ -175,11 +268,12 @@ describe('Access Middleware', () => {
|
||||||
[Permissions.CREATE]: ['agentId'],
|
[Permissions.CREATE]: ['agentId'],
|
||||||
};
|
};
|
||||||
|
|
||||||
const middleware = generateCheckAccess(
|
const middleware = generateCheckAccess({
|
||||||
PermissionTypes.AGENTS,
|
permissionType: PermissionTypes.AGENTS,
|
||||||
[Permissions.CREATE],
|
permissions: [Permissions.CREATE],
|
||||||
bodyProps,
|
bodyProps,
|
||||||
);
|
getRoleByName,
|
||||||
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).toHaveBeenCalled();
|
expect(next).toHaveBeenCalled();
|
||||||
|
|
@ -187,10 +281,16 @@ describe('Access Middleware', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should handle database errors gracefully', async () => {
|
test('should handle database errors gracefully', async () => {
|
||||||
// Create a user with an invalid role that will cause getRoleByName to fail
|
// Mock getRoleByName to throw an error
|
||||||
req.user.role = { invalid: 'object' }; // This will cause an error when querying
|
const mockGetRoleByName = jest
|
||||||
|
.fn()
|
||||||
|
.mockRejectedValue(new Error('Database connection failed'));
|
||||||
|
|
||||||
const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
|
const middleware = generateCheckAccess({
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName: mockGetRoleByName,
|
||||||
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).not.toHaveBeenCalled();
|
expect(next).not.toHaveBeenCalled();
|
||||||
|
|
@ -203,11 +303,11 @@ describe('Access Middleware', () => {
|
||||||
test('should work with multiple permission types', async () => {
|
test('should work with multiple permission types', async () => {
|
||||||
req.user.role = 'admin';
|
req.user.role = 'admin';
|
||||||
|
|
||||||
const middleware = generateCheckAccess(PermissionTypes.AGENTS, [
|
const middleware = generateCheckAccess({
|
||||||
Permissions.USE,
|
permissionType: PermissionTypes.AGENTS,
|
||||||
Permissions.CREATE,
|
permissions: [Permissions.USE, Permissions.CREATE, Permissions.SHARED_GLOBAL],
|
||||||
Permissions.SHARED_GLOBAL,
|
getRoleByName,
|
||||||
]);
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).toHaveBeenCalled();
|
expect(next).toHaveBeenCalled();
|
||||||
|
|
@ -216,14 +316,16 @@ describe('Access Middleware', () => {
|
||||||
test('should handle missing user gracefully', async () => {
|
test('should handle missing user gracefully', async () => {
|
||||||
req.user = null;
|
req.user = null;
|
||||||
|
|
||||||
const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
|
const middleware = generateCheckAccess({
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).not.toHaveBeenCalled();
|
expect(next).not.toHaveBeenCalled();
|
||||||
expect(res.status).toHaveBeenCalledWith(500);
|
expect(res.status).toHaveBeenCalledWith(403);
|
||||||
expect(res.json).toHaveBeenCalledWith({
|
expect(res.json).toHaveBeenCalledWith({ message: 'Forbidden: Insufficient permissions' });
|
||||||
message: expect.stringContaining('Server error:'),
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should handle role with no AGENTS permissions', async () => {
|
test('should handle role with no AGENTS permissions', async () => {
|
||||||
|
|
@ -240,7 +342,11 @@ describe('Access Middleware', () => {
|
||||||
});
|
});
|
||||||
req.user.role = 'noaccess';
|
req.user.role = 'noaccess';
|
||||||
|
|
||||||
const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
|
const middleware = generateCheckAccess({
|
||||||
|
permissionType: PermissionTypes.AGENTS,
|
||||||
|
permissions: [Permissions.USE],
|
||||||
|
getRoleByName,
|
||||||
|
});
|
||||||
await middleware(req, res, next);
|
await middleware(req, res, next);
|
||||||
|
|
||||||
expect(next).not.toHaveBeenCalled();
|
expect(next).not.toHaveBeenCalled();
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue