···
console.log("✓ Test server stopped and test database cleaned up");
123
+
// Clear database between each test
124
+
beforeEach(async () => {
125
+
const db = require("bun:sqlite").Database.open(TEST_DB_PATH);
127
+
// Delete all data from tables (preserve schema)
128
+
db.run("DELETE FROM rate_limit_attempts");
129
+
db.run("DELETE FROM email_change_tokens");
130
+
db.run("DELETE FROM password_reset_tokens");
131
+
db.run("DELETE FROM email_verification_tokens");
132
+
db.run("DELETE FROM passkeys");
133
+
db.run("DELETE FROM sessions");
134
+
db.run("DELETE FROM subscriptions");
135
+
db.run("DELETE FROM transcriptions");
136
+
db.run("DELETE FROM class_members");
137
+
db.run("DELETE FROM meeting_times");
138
+
db.run("DELETE FROM classes");
139
+
db.run("DELETE FROM class_waitlist");
140
+
db.run("DELETE FROM users WHERE id != 0"); // Keep ghost user
email: "test@example.com",
···
196
+
// Helper to register a user, verify email, and get session via login
197
+
async function registerAndLogin(user: { email: string; password: string; name?: string }): Promise<string> {
198
+
const hashedPassword = await clientHashPassword(user.email, user.password);
200
+
// Register the user
201
+
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
203
+
headers: { "Content-Type": "application/json" },
204
+
body: JSON.stringify({
206
+
password: hashedPassword,
207
+
name: user.name || "Test User",
211
+
if (registerResponse.status !== 200) {
212
+
const error = await registerResponse.json();
213
+
throw new Error(`Registration failed: ${JSON.stringify(error)}`);
216
+
const registerData = await registerResponse.json();
217
+
const userId = registerData.user.id;
219
+
// Mark email as verified directly in the database (test mode)
220
+
const db = require("bun:sqlite").Database.open(TEST_DB_PATH);
221
+
db.run("UPDATE users SET email_verified = 1 WHERE id = ?", [userId]);
224
+
// Now login to get a session
225
+
const loginResponse = await fetch(`${BASE_URL}/api/auth/login`, {
227
+
headers: { "Content-Type": "application/json" },
228
+
body: JSON.stringify({
230
+
password: hashedPassword,
234
+
if (loginResponse.status !== 200) {
235
+
const error = await loginResponse.json();
236
+
throw new Error(`Login failed: ${JSON.stringify(error)}`);
239
+
return extractSessionCookie(loginResponse);
242
+
// Helper to add active subscription to a user
243
+
function addSubscription(userEmail: string): void {
244
+
const db = require("bun:sqlite").Database.open(TEST_DB_PATH);
245
+
const user = db.query("SELECT id FROM users WHERE email = ?").get(userEmail) as { id: number };
248
+
throw new Error(`User ${userEmail} not found`);
252
+
"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",
253
+
[`test-sub-${user.id}`, user.id, `test-customer-${user.id}`, "active"]
// All tests run against a fresh database, no cleanup needed
describe("API Endpoints - Authentication", () => {
···
expect(response.status).toBe(200);
201
-
// Extract session before consuming response body
202
-
const sessionCookie = extractSessionCookie(response);
const data = await response.json();
expect(data.user).toBeDefined();
expect(data.user.email).toBe(TEST_USER.email);
207
-
expect(sessionCookie).toBeTruthy();
288
+
expect(data.email_verification_required).toBe(true);
test("should reject registration with missing email", async () => {
···
test("should enforce rate limiting on registration", async () => {
const hashedPassword = await clientHashPassword(
277
-
"test@example.com",
358
+
"ratelimit@example.com",
281
-
// Make registration attempts until rate limit is hit (limit is 5 per hour)
282
-
let rateLimitHit = false;
283
-
for (let i = 0; i < 10; i++) {
284
-
const response = await fetch(`${BASE_URL}/api/auth/register`, {
286
-
headers: { "Content-Type": "application/json" },
287
-
body: JSON.stringify({
288
-
email: `test${i}@example.com`,
289
-
password: hashedPassword,
293
-
if (response.status === 429) {
294
-
rateLimitHit = true;
299
-
// Verify that rate limiting was triggered
300
-
expect(rateLimitHit).toBe(true);
304
-
describe("POST /api/auth/login", () => {
305
-
test("should login successfully with valid credentials", async () => {
306
-
// Register user first
307
-
const hashedPassword = await clientHashPassword(
309
-
TEST_USER.password,
362
+
// First registration succeeds
await fetch(`${BASE_URL}/api/auth/register`, {
headers: { "Content-Type": "application/json" },
315
-
email: TEST_USER.email,
367
+
email: "ratelimit@example.com",
password: hashedPassword,
317
-
name: TEST_USER.name,
322
-
const response = await fetch(`${BASE_URL}/api/auth/login`, {
324
-
headers: { "Content-Type": "application/json" },
325
-
body: JSON.stringify({
326
-
email: TEST_USER.email,
327
-
password: hashedPassword,
331
-
expect(response.status).toBe(200);
332
-
const data = await response.json();
333
-
expect(data.user).toBeDefined();
334
-
expect(data.user.email).toBe(TEST_USER.email);
335
-
expect(extractSessionCookie(response)).toBeTruthy();
338
-
test("should reject login with invalid credentials", async () => {
339
-
// Register user first
340
-
const hashedPassword = await clientHashPassword(
342
-
TEST_USER.password,
344
-
await fetch(`${BASE_URL}/api/auth/register`, {
346
-
headers: { "Content-Type": "application/json" },
347
-
body: JSON.stringify({
348
-
email: TEST_USER.email,
349
-
password: hashedPassword,
353
-
// Login with wrong password
354
-
const wrongPassword = await clientHashPassword(
356
-
"WrongPassword123!",
358
-
const response = await fetch(`${BASE_URL}/api/auth/login`, {
360
-
headers: { "Content-Type": "application/json" },
361
-
body: JSON.stringify({
362
-
email: TEST_USER.email,
363
-
password: wrongPassword,
367
-
expect(response.status).toBe(401);
368
-
const data = await response.json();
369
-
expect(data.error).toBe("Invalid email or password");
372
-
test("should reject login with missing fields", async () => {
373
-
const response = await fetch(`${BASE_URL}/api/auth/login`, {
375
-
headers: { "Content-Type": "application/json" },
376
-
body: JSON.stringify({
377
-
email: TEST_USER.email,
381
-
expect(response.status).toBe(400);
382
-
const data = await response.json();
383
-
expect(data.error).toBe("Email and password required");
386
-
test("should enforce rate limiting on login attempts", async () => {
387
-
const hashedPassword = await clientHashPassword(
389
-
TEST_USER.password,
392
-
// Make 11 login attempts (limit is 10 per 15 minutes per IP)
372
+
// Try to register same email 10 more times (will fail with 400 but count toward rate limit)
373
+
// Rate limit is 5 per 30 min from same IP
let rateLimitHit = false;
394
-
for (let i = 0; i < 11; i++) {
395
-
const response = await fetch(`${BASE_URL}/api/auth/login`, {
375
+
for (let i = 0; i < 10; i++) {
376
+
const response = await fetch(`${BASE_URL}/api/auth/register`, {
headers: { "Content-Type": "application/json" },
399
-
email: TEST_USER.email,
380
+
email: "ratelimit@example.com",
password: hashedPassword,
···
415
-
describe("POST /api/auth/logout", () => {
416
-
test("should logout successfully", async () => {
396
+
describe("POST /api/auth/login", () => {
397
+
test("should login successfully with valid credentials", async () => {
418
-
const hashedPassword = await clientHashPassword(
420
-
TEST_USER.password,
422
-
const loginResponse = await fetch(`${BASE_URL}/api/auth/register`, {
424
-
headers: { "Content-Type": "application/json" },
425
-
body: JSON.stringify({
426
-
email: TEST_USER.email,
427
-
password: hashedPassword,
430
-
const sessionCookie = extractSessionCookie(loginResponse);
433
-
const response = await authRequest(
434
-
`${BASE_URL}/api/auth/logout`,
441
-
expect(response.status).toBe(200);
442
-
const data = await response.json();
443
-
expect(data.success).toBe(true);
445
-
// Verify cookie is cleared
446
-
const setCookie = response.headers.get("set-cookie");
447
-
expect(setCookie).toContain("Max-Age=0");
450
-
test("should logout even without valid session", async () => {
451
-
const response = await fetch(`${BASE_URL}/api/auth/logout`, {
455
-
expect(response.status).toBe(200);
456
-
const data = await response.json();
457
-
expect(data.success).toBe(true);
461
-
describe("GET /api/auth/me", () => {
463
-
"should return current user info when authenticated",
466
-
const hashedPassword = await clientHashPassword(
468
-
TEST_USER.password,
470
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
472
-
headers: { "Content-Type": "application/json" },
473
-
body: JSON.stringify({
474
-
email: TEST_USER.email,
475
-
password: hashedPassword,
476
-
name: TEST_USER.name,
479
-
const sessionCookie = extractSessionCookie(registerResponse);
481
-
// Get current user
482
-
const response = await authRequest(
483
-
`${BASE_URL}/api/auth/me`,
487
-
expect(response.status).toBe(200);
488
-
const data = await response.json();
489
-
expect(data.email).toBe(TEST_USER.email);
490
-
expect(data.name).toBe(TEST_USER.name);
491
-
expect(data.role).toBeDefined();
495
-
test("should return 401 when not authenticated", async () => {
496
-
const response = await fetch(`${BASE_URL}/api/auth/me`);
498
-
expect(response.status).toBe(401);
499
-
const data = await response.json();
500
-
expect(data.error).toBe("Not authenticated");
503
-
test("should return 401 with invalid session", async () => {
504
-
const response = await authRequest(
505
-
`${BASE_URL}/api/auth/me`,
509
-
expect(response.status).toBe(401);
510
-
const data = await response.json();
511
-
expect(data.error).toBe("Invalid session");
516
-
describe("API Endpoints - Session Management", () => {
517
-
describe("GET /api/sessions", () => {
518
-
test("should return user sessions", async () => {
520
-
const hashedPassword = await clientHashPassword(
522
-
TEST_USER.password,
524
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
526
-
headers: { "Content-Type": "application/json" },
527
-
body: JSON.stringify({
528
-
email: TEST_USER.email,
529
-
password: hashedPassword,
532
-
const sessionCookie = extractSessionCookie(registerResponse);
535
-
const response = await authRequest(
536
-
`${BASE_URL}/api/sessions`,
540
-
expect(response.status).toBe(200);
541
-
const data = await response.json();
542
-
expect(data.sessions).toBeDefined();
543
-
expect(data.sessions.length).toBeGreaterThan(0);
544
-
expect(data.sessions[0]).toHaveProperty("id");
545
-
expect(data.sessions[0]).toHaveProperty("ip_address");
546
-
expect(data.sessions[0]).toHaveProperty("user_agent");
549
-
test("should require authentication", async () => {
550
-
const response = await fetch(`${BASE_URL}/api/sessions`);
552
-
expect(response.status).toBe(401);
556
-
describe("DELETE /api/sessions", () => {
557
-
test("should delete specific session", async () => {
558
-
// Register user and create multiple sessions
559
-
const hashedPassword = await clientHashPassword(
561
-
TEST_USER.password,
563
-
const session1Response = await fetch(`${BASE_URL}/api/auth/register`, {
565
-
headers: { "Content-Type": "application/json" },
566
-
body: JSON.stringify({
567
-
email: TEST_USER.email,
568
-
password: hashedPassword,
571
-
const session1Cookie = extractSessionCookie(session1Response);
573
-
const session2Response = await fetch(`${BASE_URL}/api/auth/login`, {
575
-
headers: { "Content-Type": "application/json" },
576
-
body: JSON.stringify({
577
-
email: TEST_USER.email,
578
-
password: hashedPassword,
581
-
const session2Cookie = extractSessionCookie(session2Response);
583
-
// Get sessions list
584
-
const sessionsResponse = await authRequest(
585
-
`${BASE_URL}/api/sessions`,
588
-
const sessionsData = await sessionsResponse.json();
589
-
const targetSessionId = sessionsData.sessions.find(
590
-
(s: { id: string }) => s.id === session2Cookie,
593
-
// Delete session 2
594
-
const response = await authRequest(
595
-
`${BASE_URL}/api/sessions`,
599
-
headers: { "Content-Type": "application/json" },
600
-
body: JSON.stringify({ sessionId: targetSessionId }),
604
-
expect(response.status).toBe(200);
605
-
const data = await response.json();
606
-
expect(data.success).toBe(true);
608
-
// Verify session 2 is deleted
609
-
const verifyResponse = await authRequest(
610
-
`${BASE_URL}/api/auth/me`,
613
-
expect(verifyResponse.status).toBe(401);
616
-
test("should not delete another user's session", async () => {
617
-
// Register two users
618
-
const hashedPassword1 = await clientHashPassword(
620
-
TEST_USER.password,
622
-
const user1Response = await fetch(`${BASE_URL}/api/auth/register`, {
624
-
headers: { "Content-Type": "application/json" },
625
-
body: JSON.stringify({
626
-
email: TEST_USER.email,
627
-
password: hashedPassword1,
630
-
const user1Cookie = extractSessionCookie(user1Response);
632
-
const hashedPassword2 = await clientHashPassword(
634
-
TEST_USER_2.password,
636
-
const user2Response = await fetch(`${BASE_URL}/api/auth/register`, {
638
-
headers: { "Content-Type": "application/json" },
639
-
body: JSON.stringify({
640
-
email: TEST_USER_2.email,
641
-
password: hashedPassword2,
644
-
const user2Cookie = extractSessionCookie(user2Response);
646
-
// Try to delete user2's session using user1's credentials
647
-
const response = await authRequest(
648
-
`${BASE_URL}/api/sessions`,
652
-
headers: { "Content-Type": "application/json" },
653
-
body: JSON.stringify({ sessionId: user2Cookie }),
657
-
expect(response.status).toBe(404);
660
-
test("should not delete current session", async () => {
662
-
const hashedPassword = await clientHashPassword(
664
-
TEST_USER.password,
666
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
668
-
headers: { "Content-Type": "application/json" },
669
-
body: JSON.stringify({
670
-
email: TEST_USER.email,
671
-
password: hashedPassword,
674
-
const sessionCookie = extractSessionCookie(registerResponse);
399
+
const sessionCookie = await registerAndLogin(TEST_USER);
// Try to delete own current session
const response = await authRequest(
···
describe("API Endpoints - User Management", () => {
describe("DELETE /api/user", () => {
test("should delete user account", async () => {
698
-
const hashedPassword = await clientHashPassword(
700
-
TEST_USER.password,
702
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
704
-
headers: { "Content-Type": "application/json" },
705
-
body: JSON.stringify({
706
-
email: TEST_USER.email,
707
-
password: hashedPassword,
710
-
const sessionCookie = extractSessionCookie(registerResponse);
422
+
// Register and login
423
+
const sessionCookie = await registerAndLogin(TEST_USER);
const response = await authRequest(
···
describe("PUT /api/user/email", () => {
test("should update user email", async () => {
745
-
const hashedPassword = await clientHashPassword(
747
-
TEST_USER.password,
749
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
751
-
headers: { "Content-Type": "application/json" },
752
-
body: JSON.stringify({
753
-
email: TEST_USER.email,
754
-
password: hashedPassword,
757
-
const sessionCookie = extractSessionCookie(registerResponse);
457
+
// Register and login
458
+
const sessionCookie = await registerAndLogin(TEST_USER);
460
+
// Update email - this creates a token but doesn't change email yet
const newEmail = "newemail@example.com";
const response = await authRequest(
`${BASE_URL}/api/user/email`,
···
const data = await response.json();
expect(data.success).toBe(true);
476
+
// Manually complete the email change in the database (simulating verification)
477
+
const db = require("bun:sqlite").Database.open(TEST_DB_PATH);
478
+
const tokenData = db.query("SELECT user_id, new_email FROM email_change_tokens ORDER BY created_at DESC LIMIT 1").get() as { user_id: number, new_email: string };
479
+
db.run("UPDATE users SET email = ?, email_verified = 1 WHERE id = ?", [tokenData.new_email, tokenData.user_id]);
480
+
db.run("DELETE FROM email_change_tokens WHERE user_id = ?", [tokenData.user_id]);
const meResponse = await authRequest(
`${BASE_URL}/api/auth/me`,
···
test("should reject duplicate email", async () => {
786
-
const hashedPassword1 = await clientHashPassword(
788
-
TEST_USER.password,
790
-
await fetch(`${BASE_URL}/api/auth/register`, {
792
-
headers: { "Content-Type": "application/json" },
793
-
body: JSON.stringify({
794
-
email: TEST_USER.email,
795
-
password: hashedPassword1,
799
-
const hashedPassword2 = await clientHashPassword(
801
-
TEST_USER_2.password,
803
-
const user2Response = await fetch(`${BASE_URL}/api/auth/register`, {
805
-
headers: { "Content-Type": "application/json" },
806
-
body: JSON.stringify({
807
-
email: TEST_USER_2.email,
808
-
password: hashedPassword2,
811
-
const user2Cookie = extractSessionCookie(user2Response);
494
+
await registerAndLogin(TEST_USER);
495
+
const user2Cookie = await registerAndLogin(TEST_USER_2);
// Try to update user2's email to user1's email
const response = await authRequest(
···
describe("PUT /api/user/password", () => {
test("should update user password", async () => {
833
-
const hashedPassword = await clientHashPassword(
835
-
TEST_USER.password,
837
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
839
-
headers: { "Content-Type": "application/json" },
840
-
body: JSON.stringify({
841
-
email: TEST_USER.email,
842
-
password: hashedPassword,
845
-
const sessionCookie = extractSessionCookie(registerResponse);
516
+
// Register and login
517
+
const sessionCookie = await registerAndLogin(TEST_USER);
const newPassword = await clientHashPassword(
···
test("should reject invalid password format", async () => {
880
-
const hashedPassword = await clientHashPassword(
882
-
TEST_USER.password,
884
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
886
-
headers: { "Content-Type": "application/json" },
887
-
body: JSON.stringify({
888
-
email: TEST_USER.email,
889
-
password: hashedPassword,
892
-
const sessionCookie = extractSessionCookie(registerResponse);
551
+
// Register and login
552
+
const sessionCookie = await registerAndLogin(TEST_USER);
// Try to update with invalid format
const response = await authRequest(
···
describe("PUT /api/user/name", () => {
test("should update user name", async () => {
914
-
const hashedPassword = await clientHashPassword(
916
-
TEST_USER.password,
918
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
920
-
headers: { "Content-Type": "application/json" },
921
-
body: JSON.stringify({
922
-
email: TEST_USER.email,
923
-
password: hashedPassword,
924
-
name: TEST_USER.name,
927
-
const sessionCookie = extractSessionCookie(registerResponse);
573
+
// Register and login
574
+
const sessionCookie = await registerAndLogin(TEST_USER);
const newName = "Updated Name";
···
test("should reject missing name", async () => {
956
-
const hashedPassword = await clientHashPassword(
958
-
TEST_USER.password,
960
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
962
-
headers: { "Content-Type": "application/json" },
963
-
body: JSON.stringify({
964
-
email: TEST_USER.email,
965
-
password: hashedPassword,
968
-
const sessionCookie = extractSessionCookie(registerResponse);
602
+
// Register and login
603
+
const sessionCookie = await registerAndLogin(TEST_USER);
const response = await authRequest(
`${BASE_URL}/api/user/name`,
···
describe("PUT /api/user/avatar", () => {
test("should update user avatar", async () => {
987
-
const hashedPassword = await clientHashPassword(
989
-
TEST_USER.password,
991
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
993
-
headers: { "Content-Type": "application/json" },
994
-
body: JSON.stringify({
995
-
email: TEST_USER.email,
996
-
password: hashedPassword,
999
-
const sessionCookie = extractSessionCookie(registerResponse);
621
+
// Register and login
622
+
const sessionCookie = await registerAndLogin(TEST_USER);
···
describe("API Endpoints - Transcriptions", () => {
describe("GET /api/transcriptions", () => {
test("should return user transcriptions", async () => {
1052
-
const hashedPassword = await clientHashPassword(
1054
-
TEST_USER.password,
1056
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1058
-
headers: { "Content-Type": "application/json" },
1059
-
body: JSON.stringify({
1060
-
email: TEST_USER.email,
1061
-
password: hashedPassword,
1064
-
const sessionCookie = extractSessionCookie(registerResponse);
674
+
// Register and login
675
+
const sessionCookie = await registerAndLogin(TEST_USER);
677
+
// Add subscription
678
+
addSubscription(TEST_USER.email);
const response = await authRequest(
···
describe("POST /api/transcriptions", () => {
test("should upload audio file and start transcription", async () => {
1088
-
const hashedPassword = await clientHashPassword(
1090
-
TEST_USER.password,
1092
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1094
-
headers: { "Content-Type": "application/json" },
1095
-
body: JSON.stringify({
1096
-
email: TEST_USER.email,
1097
-
password: hashedPassword,
1100
-
const sessionCookie = extractSessionCookie(registerResponse);
701
+
// Register and login
702
+
const sessionCookie = await registerAndLogin(TEST_USER);
704
+
// Add subscription
705
+
addSubscription(TEST_USER.email);
// Create a test audio file
const audioBlob = new Blob(["fake audio data"], { type: "audio/mp3" });
···
test("should reject non-audio files", async () => {
1126
-
const hashedPassword = await clientHashPassword(
1128
-
TEST_USER.password,
1130
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1132
-
headers: { "Content-Type": "application/json" },
1133
-
body: JSON.stringify({
1134
-
email: TEST_USER.email,
1135
-
password: hashedPassword,
1138
-
const sessionCookie = extractSessionCookie(registerResponse);
730
+
// Register and login
731
+
const sessionCookie = await registerAndLogin(TEST_USER);
733
+
// Add subscription
734
+
addSubscription(TEST_USER.email);
// Try to upload non-audio file
const textBlob = new Blob(["text file"], { type: "text/plain" });
···
test("should reject files exceeding size limit", async () => {
1159
-
const hashedPassword = await clientHashPassword(
1161
-
TEST_USER.password,
1163
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1165
-
headers: { "Content-Type": "application/json" },
1166
-
body: JSON.stringify({
1167
-
email: TEST_USER.email,
1168
-
password: hashedPassword,
1171
-
const sessionCookie = extractSessionCookie(registerResponse);
754
+
// Register and login
755
+
const sessionCookie = await registerAndLogin(TEST_USER);
757
+
// Add subscription
758
+
addSubscription(TEST_USER.email);
// Create a file larger than 100MB (the actual limit)
const largeBlob = new Blob([new ArrayBuffer(101 * 1024 * 1024)], {
···
1217
-
const adminHash = await clientHashPassword(
1219
-
TEST_ADMIN.password,
1221
-
const adminResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1223
-
headers: { "Content-Type": "application/json" },
1224
-
body: JSON.stringify({
1225
-
email: TEST_ADMIN.email,
1226
-
password: adminHash,
1227
-
name: TEST_ADMIN.name,
1230
-
adminCookie = extractSessionCookie(adminResponse);
803
+
adminCookie = await registerAndLogin(TEST_ADMIN);
// Manually set admin role in database
806
+
const db = require("bun:sqlite").Database.open(TEST_DB_PATH);
db.run("UPDATE users SET role = 'admin' WHERE email = ?", [
1238
-
const userHash = await clientHashPassword(
1240
-
TEST_USER.password,
1242
-
const userResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1244
-
headers: { "Content-Type": "application/json" },
1245
-
body: JSON.stringify({
1246
-
email: TEST_USER.email,
1247
-
password: userHash,
1248
-
name: TEST_USER.name,
1251
-
userCookie = extractSessionCookie(userResponse);
812
+
userCookie = await registerAndLogin(TEST_USER);
.query<{ id: number }, [string]>("SELECT id FROM users WHERE email = ?")
userId = userIdResult?.id;
describe("GET /api/admin/users", () => {
···
let sessionCookie: string;
1522
-
const hashedPassword = await clientHashPassword(
1524
-
TEST_USER.password,
1526
-
const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {
1528
-
headers: { "Content-Type": "application/json" },
1529
-
body: JSON.stringify({
1530
-
email: TEST_USER.email,
1531
-
password: hashedPassword,
1534
-
sessionCookie = extractSessionCookie(registerResponse);
1083
+
// Register and login
1084
+
sessionCookie = await registerAndLogin(TEST_USER);
describe("GET /api/passkeys", () => {
dunkirk.sh