First working version

test/test.js

@@ -1,12 +1,153 @@
 import { useraccesstokens } from '../src/client/useraccesstokens.js'
 import { suite, test } from 'node:test'
 import assert from 'node:assert'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { TokenManager } from '../server/server.js'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
 
 suite('useraccesstokens plugin', () => {
-  suite('expand', () => {
+  suite('client expand', () => {
     test('can escape html markup characters', () => {
       const result = useraccesstokens.expand('try < & >')
       assert.equal(result, 'try &lt; &amp; &gt;')
     })
+
+    test('can format italic text', () => {
+      const result = useraccesstokens.expand('This is *italic* text')
+      assert.equal(result, 'This is <i>italic</i> text')
+    })
+  })
+
+  suite('server TokenManager', async () => {
+    let tempDir
+    let tokenManager
+
+    // Setup before each test
+    const setup = async () => {
+      tempDir = path.join(__dirname, 'temp-' + Date.now())
+      await fs.mkdir(tempDir, { recursive: true })
+      tokenManager = new (class extends TokenManager {
+        constructor(statusPath) {
+          super(statusPath)
+        }
+      })(tempDir)
+    }
+
+    // Cleanup after each test
+    const cleanup = async () => {
+      if (tempDir) {
+        await fs.rm(tempDir, { recursive: true, force: true })
+      }
+    }
+
+    test('can generate tokens with correct prefix', async () => {
+      await setup()
+      try {
+        const token = tokenManager.generateToken()
+        assert(token.startsWith('fwuat-'))
+        assert(token.length > 20) // Should be reasonably long
+      } finally {
+        await cleanup()
+      }
+    })
+
+    test('can create and validate tokens', async () => {
+      await setup()
+      try {
+        const result = await tokenManager.createToken('testuser', 'test-token')
+        
+        assert(result.token.startsWith('fwuat-'))
+        assert.equal(result.record.name, 'test-token')
+        assert.equal(result.record.user, 'testuser')
+        assert.equal(result.record.revoked, false)
+        assert(result.record.created)
+        assert(result.record.displayHint)
+        
+        const validation = await tokenManager.validateToken(result.token)
+        assert(validation)
+        assert.equal(validation.user, 'testuser')
+        assert.equal(validation.name, 'test-token')
+      } finally {
+        await cleanup()
+      }
+    })
+
+    test('can list user tokens safely', async () => {
+      await setup()
+      try {
+        await tokenManager.createToken('user1', 'token1')
+        await tokenManager.createToken('user1', 'token2')
+        await tokenManager.createToken('user2', 'token3')
+        
+        const user1Tokens = await tokenManager.listTokens('user1')
+        assert.equal(user1Tokens.length, 2)
+        
+        // Verify tokenHash is not included in the response
+        user1Tokens.forEach(token => {
+          assert(!token.tokenHash)
+          assert(token.displayHint)
+          assert.equal(token.user, 'user1')
+        })
+        
+        const user2Tokens = await tokenManager.listTokens('user2')
+        assert.equal(user2Tokens.length, 1)
+      } finally {
+        await cleanup()
+      }
+    })
+
+    test('can revoke tokens', async () => {
+      await setup()
+      try {
+        const result = await tokenManager.createToken('testuser', 'test-token')
+        
+        // Token should work before revocation
+        let validation = await tokenManager.validateToken(result.token)
+        assert(validation)
+        
+        // Revoke the token
+        await tokenManager.revokeToken('testuser', 'test-token')
+        
+        // Token should not work after revocation
+        validation = await tokenManager.validateToken(result.token)
+        assert.equal(validation, null)
+      } finally {
+        await cleanup()
+      }
+    })
+
+    test('rejects duplicate token names for same user', async () => {
+      await setup()
+      try {
+        await tokenManager.createToken('testuser', 'duplicate-name')
+        
+        try {
+          await tokenManager.createToken('testuser', 'duplicate-name')
+          assert.fail('Should have thrown an error for duplicate name')
+        } catch (error) {
+          assert(error.message.includes('already exists'))
+        }
+      } finally {
+        await cleanup()
+      }
+    })
+
+    test('handles token expiration', async () => {
+      await setup()
+      try {
+        // Create token that expires immediately (for testing)
+        const result = await tokenManager.createToken('testuser', 'expired-token', -1)
+        
+        // Token should be expired and not validate
+        const validation = await tokenManager.validateToken(result.token)
+        assert.equal(validation, null)
+      } finally {
+        await cleanup()
+      }
+    })
   })
 })