initial: server + shared

2026-06-11 13:41:38 +05:00
commit 65da047e7c
148 changed files with 15900 additions and 0 deletions
@@ -0,0 +1,95 @@
+import jwt from '@fastify/jwt'
+import Fastify from 'fastify'
+import { afterAll, beforeEach, beforeAll, describe, expect, it } from 'vitest'
+import { prisma } from '../../lib/prisma.js'
+import { registerAuthOAuthRoutes } from '../auth-oauth.js'
+
+const JWT_SECRET = 'test-secret'
+
+async function buildApp() {
+  const app = Fastify({ logger: false })
+  await app.register(jwt, { secret: JWT_SECRET })
+  app.decorate('authenticate', async function (request, reply) {
+    try {
+      await request.jwtVerify()
+    } catch {
+      return reply.code(401).send({ error: 'Unauthorized' })
+    }
+  })
+  app.decorate('eventBus', { emit: () => {} })
+  await registerAuthOAuthRoutes(app)
+  await app.ready()
+  return app
+}
+
+function signToken(app, userId, email) {
+  return app.jwt.sign({ sub: userId, email })
+}
+
+async function createUser(email) {
+  const user = await prisma.user.create({
+    data: { email, displayName: 'Test', avatar: null, avatarStyle: 'avataaars' },
+  })
+  await prisma.notificationPreference.create({ data: { userId: user.id, globalEnabled: true } })
+  return user
+}
+
+describe('DELETE /api/me/oauth/:provider', () => {
+  let app, user, token
+  const email = `test-unlink-${Date.now()}@example.com`
+
+  beforeAll(async () => {
+    app = await buildApp()
+  })
+  afterAll(async () => {
+    await prisma.oAuthAccount.deleteMany({ where: { user: { email } } })
+    await prisma.notificationPreference.deleteMany({ where: { user: { email } } })
+    await prisma.user.deleteMany({ where: { email } })
+    await app.close()
+  })
+
+  beforeEach(async () => {
+    await prisma.oAuthAccount.deleteMany({ where: { user: { email } } })
+    await prisma.user.deleteMany({ where: { email } })
+    user = await createUser(email)
+    token = signToken(app, user.id, email)
+  })
+
+  it('returns 404 for non-linked provider', async () => {
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/me/oauth/vk',
+      headers: { authorization: `Bearer ${token}` },
+    })
+    expect(res.statusCode).toBe(404)
+  })
+
+  it('unlinks a provider', async () => {
+    await prisma.user.update({ where: { id: user.id }, data: { passwordHash: 'hashed' } })
+    await prisma.oAuthAccount.create({
+      data: { provider: 'vk', providerUserId: '123', userId: user.id },
+    })
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/me/oauth/vk',
+      headers: { authorization: `Bearer ${token}` },
+    })
+    expect(res.statusCode).toBe(200)
+
+    const count = await prisma.oAuthAccount.count({ where: { userId: user.id } })
+    expect(count).toBe(0)
+  })
+
+  it('rejects removing last method without password', async () => {
+    await prisma.oAuthAccount.create({
+      data: { provider: 'vk', providerUserId: '123', userId: user.id },
+    })
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/me/oauth/vk',
+      headers: { authorization: `Bearer ${token}` },
+    })
+    expect(res.statusCode).toBe(400)
+    expect(JSON.parse(res.body).error).toContain('последний метод')
+  })
+})