isAdmin implemented.

test/admin-functionality.test.js

@@ -0,0 +1,184 @@
+import { suite, test } from 'node:test'
+import assert from 'node:assert'
+import { TokenManager } from '../server/server.js'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
+// Import the securityEnhancer to test isAdmin
+import { securityEnhancer } from '../index.js'
+
+suite('isAdmin functionality with tokens', () => {
+  let tempDir
+  let tokenManager
+  let enhancer
+  let adminUser
+  let regularUser
+  let adminToken
+  let regularToken
+
+  const setup = async () => {
+    tempDir = path.join(__dirname, 'temp-admin-' + Date.now())
+    await fs.mkdir(tempDir, { recursive: true })
+    
+    tokenManager = new TokenManager(tempDir)
+    
+    adminUser = {
+      displayName: 'Admin User',
+      email: 'admin@example.com',
+      provider: 'github',
+      id: 'admin123'
+    }
+    
+    regularUser = {
+      displayName: 'Regular User',
+      email: 'user@example.com',
+      provider: 'github',
+      id: 'user456'
+    }
+    
+    // Create tokens for both users
+    const adminResult = await tokenManager.createToken(adminUser, 'admin-token')
+    adminToken = adminResult.token
+    
+    const regularResult = await tokenManager.createToken(regularUser, 'regular-token')
+    regularToken = regularResult.token
+    
+    // Create the enhancer with admin configuration
+    const mockLog = console.log
+    const mockLoga = console.log
+    const mockArgv = { 
+      status: tempDir,
+      admin: adminUser  // Configure admin user
+    }
+    const mockBaseHandler = {
+      getUser: (req) => req.user || null,
+      isAuthorized: () => false,
+      isAdmin: () => false  // Base handler doesn't grant admin access
+    }
+    
+    enhancer = securityEnhancer(mockLog, mockLoga, mockArgv, mockBaseHandler)
+  }
+
+  const cleanup = async () => {
+    if (tempDir) {
+      await fs.rm(tempDir, { recursive: true, force: true })
+    }
+  }
+
+  test('isAdmin returns true for tokens belonging to admin users', async () => {
+    await setup()
+    try {
+      const req = {
+        headers: {
+          authorization: `Bearer ${adminToken}`
+        }
+      }
+      
+      // Set up token auth context (normally done by middleware)
+      await enhancer.middleware(req, {}, () => {})
+      
+      // Test isAdmin
+      const baseIsAdmin = () => false
+      const isAdmin = enhancer.isAdmin(req, baseIsAdmin)
+      
+      assert.equal(isAdmin, true)
+    } finally {
+      await cleanup()
+    }
+  })
+
+  test('isAdmin returns false for tokens belonging to regular users', async () => {
+    await setup()
+    try {
+      const req = {
+        headers: {
+          authorization: `Bearer ${regularToken}`
+        }
+      }
+      
+      // Set up token auth context (normally done by middleware)
+      await enhancer.middleware(req, {}, () => {})
+      
+      // Test isAdmin
+      const baseIsAdmin = () => false
+      const isAdmin = enhancer.isAdmin(req, baseIsAdmin)
+      
+      assert.equal(isAdmin, false)
+    } finally {
+      await cleanup()
+    }
+  })
+
+  test('isAdmin respects base admin when base returns true', async () => {
+    await setup()
+    try {
+      const req = {
+        headers: {
+          authorization: `Bearer ${regularToken}`
+        }
+      }
+      
+      // Set up token auth context (normally done by middleware)
+      await enhancer.middleware(req, {}, () => {})
+      
+      // Test isAdmin with base admin returning true (session-based admin)
+      const baseIsAdmin = () => true
+      const isAdmin = enhancer.isAdmin(req, baseIsAdmin)
+      
+      assert.equal(isAdmin, true)
+    } finally {
+      await cleanup()
+    }
+  })
+
+  test('isAdmin returns false when no token auth present', async () => {
+    await setup()
+    try {
+      const req = { headers: {} }
+      
+      // Test isAdmin without token auth
+      const baseIsAdmin = () => false
+      const isAdmin = enhancer.isAdmin(req, baseIsAdmin)
+      
+      assert.equal(isAdmin, false)
+    } finally {
+      await cleanup()
+    }
+  })
+
+  test('isAdmin returns false when no admin is configured', async () => {
+    // Create enhancer without admin configuration
+    const tempDir2 = path.join(__dirname, 'temp-no-admin-' + Date.now())
+    await fs.mkdir(tempDir2, { recursive: true })
+    
+    try {
+      const mockArgv = { status: tempDir2 } // No admin configured
+      const mockBaseHandler = {
+        getUser: () => null,
+        isAuthorized: () => false,
+        isAdmin: () => false
+      }
+      
+      const enhancerNoAdmin = securityEnhancer(console.log, console.log, mockArgv, mockBaseHandler)
+      
+      const req = {
+        tokenAuth: {
+          user: adminUser,
+          scopes: ['site:read', 'site:write'],
+          tokenName: 'test-token'
+        }
+      }
+      
+      const baseIsAdmin = () => false
+      const isAdmin = enhancerNoAdmin.isAdmin(req, baseIsAdmin)
+      
+      assert.equal(isAdmin, false)
+    } finally {
+      await fs.rm(tempDir2, { recursive: true, force: true })
+    }
+  })
+})