From ddc6f99dafeb5d9b262304dbc1f768932fa146c1 Mon Sep 17 00:00:00 2001 From: Akpolo Ogagaoghene Prince Date: Mon, 1 Jun 2026 17:12:44 +0100 Subject: [PATCH] fix(backend): mock requireAuth from auth.js so route tests authenticate The stream route integration tests stubbed out authentication by mocking src/middleware/auth.middleware.js (which only re-exports authMiddleware as an alias). The routes import requireAuth directly from src/middleware/auth.js, so the mock never took effect and every authenticated request returned 401, failing 22 tests across stream/top-up/cancel/withdraw and the streams integration suite. Point each mock at src/middleware/auth.js and override requireAuth, using importOriginal so the module's other exports (requireAdmin, issueChallenge, verifyChallenge, verifyJwt) remain intact for the rest of the app. No production code changes; test-only fix to restore a green backend CI job. --- backend/tests/integration/streams.test.ts | 20 +++++++++---------- .../tests/integration/streams/cancel.test.ts | 16 +++++++++------ .../integration/streams/withdraw.test.ts | 16 +++++++++------ backend/tests/integration/top-up.test.ts | 16 +++++++++------ backend/tests/stream.test.ts | 17 +++++++++------- 5 files changed, 50 insertions(+), 35 deletions(-) diff --git a/backend/tests/integration/streams.test.ts b/backend/tests/integration/streams.test.ts index 8767f88d..153a8355 100644 --- a/backend/tests/integration/streams.test.ts +++ b/backend/tests/integration/streams.test.ts @@ -11,16 +11,16 @@ import request from 'supertest'; // Bypass Stellar signature verification on POST /v1/streams. The route is // exercised here as a stand-in for the indexer worker, so we replace the auth // middleware with a stub that injects a deterministic wallet. -vi.mock('../../src/middleware/auth.middleware.js', () => ({ - authMiddleware: (req: any, _res: any, next: any) => { - req.user = { publicKey: 'GTEST_USER_PUBLIC_KEY' }; - next(); - }, - optionalAuthMiddleware: (req: any, _res: any, next: any) => { - req.user = { publicKey: 'GTEST_USER_PUBLIC_KEY' }; - next(); - }, -})); +vi.mock('../../src/middleware/auth.js', async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + requireAuth: (req: any, _res: any, next: any) => { + req.user = { publicKey: 'GTEST_USER_PUBLIC_KEY' }; + next(); + }, + }; +}); // ─── Mocks (using vi.hoisted to ensure they are available to vi.mock) ───────── diff --git a/backend/tests/integration/streams/cancel.test.ts b/backend/tests/integration/streams/cancel.test.ts index ab8aba03..5ee167aa 100644 --- a/backend/tests/integration/streams/cancel.test.ts +++ b/backend/tests/integration/streams/cancel.test.ts @@ -38,12 +38,16 @@ vi.mock('../../../src/lib/prisma.js', () => { }); // Mock auth middleware to bypass real Stellar signature verification -vi.mock('../../../src/middleware/auth.middleware.js', () => ({ - authMiddleware: (req: any, res: any, next: any) => { - req.user = { publicKey: 'G_SENDER_123' }; - next(); - }, -})); +vi.mock('../../../src/middleware/auth.js', async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + requireAuth: (req: any, _res: any, next: any) => { + req.user = { publicKey: 'G_SENDER_123' }; + next(); + }, + }; +}); // ─── App import (after mocks) ─────────────────────────────────────────────── diff --git a/backend/tests/integration/streams/withdraw.test.ts b/backend/tests/integration/streams/withdraw.test.ts index cf253f5e..ef97c771 100644 --- a/backend/tests/integration/streams/withdraw.test.ts +++ b/backend/tests/integration/streams/withdraw.test.ts @@ -32,12 +32,16 @@ vi.mock('../../../src/services/sorobanService.js', () => ({ isStale: vi.fn().mockReturnValue(false), })); -vi.mock('../../../src/middleware/auth.middleware.js', () => ({ - authMiddleware: (req: any, _res: any, next: any) => { - req.user = { publicKey: currentUser.publicKey }; - next(); - }, -})); +vi.mock('../../../src/middleware/auth.js', async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + requireAuth: (req: any, _res: any, next: any) => { + req.user = { publicKey: currentUser.publicKey }; + next(); + }, + }; +}); import app from '../../../src/app.js'; diff --git a/backend/tests/integration/top-up.test.ts b/backend/tests/integration/top-up.test.ts index eb8a6b52..4870b41a 100644 --- a/backend/tests/integration/top-up.test.ts +++ b/backend/tests/integration/top-up.test.ts @@ -58,12 +58,16 @@ vi.mock('../../src/services/sorobanService.js', () => ({ cancelStream: vi.fn(), })); -vi.mock('../../src/middleware/auth.middleware.js', () => ({ - authMiddleware: vi.fn((req: any, _res: any, next: any) => { - req.user = { publicKey: req.headers['x-test-caller'] ?? SENDER }; - next(); - }), -})); +vi.mock('../../src/middleware/auth.js', async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + requireAuth: vi.fn((req: any, _res: any, next: any) => { + req.user = { publicKey: req.headers['x-test-caller'] ?? SENDER }; + next(); + }), + }; +}); // App import after mocks import app from '../../src/app.js'; diff --git a/backend/tests/stream.test.ts b/backend/tests/stream.test.ts index accdb55e..479ff79a 100644 --- a/backend/tests/stream.test.ts +++ b/backend/tests/stream.test.ts @@ -1,13 +1,16 @@ import { describe, it, expect, vi, beforeEach } from 'vitest'; import request from 'supertest'; -vi.mock('../src/middleware/auth.middleware.js', () => ({ - authMiddleware: (req: any, _res: any, next: any) => { - req.user = { publicKey: 'GTEST_USER_PUBLIC_KEY' }; - next(); - }, - optionalAuthMiddleware: (_req: any, _res: any, next: any) => next(), -})); +vi.mock('../src/middleware/auth.js', async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + requireAuth: (req: any, _res: any, next: any) => { + req.user = { publicKey: 'GTEST_USER_PUBLIC_KEY' }; + next(); + }, + }; +}); vi.mock('../src/middleware/stream-rate-limiter.middleware.js', () => ({ streamCreationRateLimiter: (_req: any, _res: any, next: any) => next(),