Add backend policy tests and API client split
All checks were successful
Build and Deploy / build-and-push (push) Successful in 3m8s
All checks were successful
Build and Deploy / build-and-push (push) Successful in 3m8s
This commit is contained in:
Cauê Faleiros
22
backend/test/security.test.js
Normal file
22
backend/test/security.test.js
Normal file
@@ -0,0 +1,22 @@
|
||||
const test = require('node:test');
|
||||
const assert = require('node:assert/strict');
|
||||
const { stripEnvQuotes, hashSecret, maskSecret } = require('../utils/security');
|
||||
|
||||
test('stripEnvQuotes removes leading and trailing double quotes from env values', () => {
|
||||
assert.equal(stripEnvQuotes('"secret"'), 'secret');
|
||||
assert.equal(stripEnvQuotes('secret'), 'secret');
|
||||
assert.equal(stripEnvQuotes('"partly'), 'partly');
|
||||
});
|
||||
|
||||
test('hashSecret returns a stable sha256 digest without exposing the secret', () => {
|
||||
const first = hashSecret('fasto_sk_example');
|
||||
const second = hashSecret('fasto_sk_example');
|
||||
|
||||
assert.equal(first, second);
|
||||
assert.equal(first.length, 64);
|
||||
assert.notEqual(first, 'fasto_sk_example');
|
||||
});
|
||||
|
||||
test('maskSecret stores only an id and secret suffix', () => {
|
||||
assert.equal(maskSecret('rt_123', 'abcdefghijklmnopqrstuvwxyz'), 'masked:rt_123:uvwxyz');
|
||||
});
|
||||
Reference in New Issue
Block a user