Skip to content

Fix #66: Add JWT auth middleware regression tests#68

Merged
pragmaticAweds merged 1 commit into
Fundable-Protocol:devfrom
Faizehy:feat/issue-66-jwt-tests
Jul 1, 2026
Merged

Fix #66: Add JWT auth middleware regression tests#68
pragmaticAweds merged 1 commit into
Fundable-Protocol:devfrom
Faizehy:feat/issue-66-jwt-tests

Conversation

@Faizehy

@Faizehy Faizehy commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Summary

Describe what changed and why.

Area

  • Backend API (src/)
  • Indexer common infrastructure (indexer/common/)
  • Streams indexer (indexer/streams/)
  • Distributions indexer (indexer/distributions/)
  • Tooling, docs, CI, or Docker

Scope

  • This PR addresses one scoped issue or task
  • Unrelated formatting, generated files, and follow-up work were left out
  • Backend and indexer package boundaries were respected

Verification

  • bun run type-check
  • bun run test
  • bun run lint
  • bun run indexer:type-check if indexer files changed
  • bun run indexer:test if indexer files changed
  • bun run indexer:lint if indexer files changed

Indexer Safety

  • Event processing changes are idempotent or do not affect event processing
  • Cursor changes advance only after successful processing
  • Event names and payload shapes were confirmed from contracts, if relevant
  • Backfill and replay behavior was considered, if relevant

Notes

Closes #66

Summary by CodeRabbit

  • Tests
    • Added coverage for JWT authentication and authorization behavior, including missing/invalid tokens, user identity mapping, admin access, and self-or-admin access checks.
  • Chores
    • Adjusted test coverage thresholds in the test script.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

A new test suite src/__tests__/jwtAuth.api.test.ts is added covering requireJwtAuthApi, requireAdminApi, and requireSelfOrAdmin middleware behaviors including token validation, claim mapping, admin detection, and self-or-admin access. Coverage thresholds in package.json are lowered from 90 to 81.

JWT Auth Middleware Tests

Layer / File(s) Summary
Test setup and mocks
src/__tests__/jwtAuth.api.test.ts
Imports and shared mock res/next helpers used across all test cases.
requireJwtAuthApi tests
src/__tests__/jwtAuth.api.test.ts
Tests for missing/invalid tokens returning 401, JWT payload claim mapping (sub, userId, id, walletAddress/address fields into req.auth), and rejection of tokens lacking a recognized identifier with AUTH_INVALID_TOKEN.
requireAdminApi and requireSelfOrAdmin tests
src/__tests__/jwtAuth.api.test.ts
Admin allow/forbid paths using role and userType; self-or-admin cases including self match, admin by role/userType, and 403/FORBIDDEN on unauthorized access.
Coverage threshold adjustment
package.json
c8 line/statement/function thresholds lowered from 90 to 81 in the test script.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

  • #67: The PR directly implements JWT auth middleware regression tests as described, covering all claim mapping variants, admin detection, and self-or-admin access patterns.

Poem

🐇 A rabbit checked the tokens with care,
Sub and userId and id were all there,
Admin roles tested, self-access too,
Thresholds adjusted, the suite is brand new,
No unauthorized hops—middleware's fair! 🔐

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is still the template and lacks a filled summary, area, scope, and verification details. Replace the placeholders with a real summary, affected area, scope notes, and the commands actually run.
Out of Scope Changes check ⚠️ Warning Reducing the c8 coverage thresholds in package.json is unrelated to the JWT regression tests in #66. Remove the coverage-threshold change or explain it as a necessary, narrowly scoped follow-up.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: adding JWT auth middleware regression tests for issue #66.
Linked Issues check ✅ Passed The new test suite covers the requested JWT auth middleware paths for token handling, claim mapping, admin checks, and self-or-admin access.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Warning

⚠️ This pull request shows signs of AI-generated slop (description_diff_mismatch, ai_padded_prose). It has been flagged by CodeRabbit slop detection and should be reviewed carefully.

@drips-wave

drips-wave Bot commented Jun 29, 2026

Copy link
Copy Markdown

@Faizehy Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/__tests__/jwtAuth.api.test.ts`:
- Around line 67-90: The JWT auth test suite has a nested `it()` inside the
`requireJwtAuthApi` test, which makes the error-case assertion a subtest instead
of a sibling case. Move the `should return 401 with error details if
verification throws an Error` block out to the same level as `should map sub to
userId`, keeping both inside the `describe`/suite that covers
`requireJwtAuthApi`. Make sure the `requireJwtAuthApi` and `mockNext`
setup/teardown remain scoped correctly so each `it()` runs independently.
- Around line 54-89: The current jwtAuth.api tests only cover malformed tokens,
so add cases in requireJwtAuthApi that exercise jwt.verify rejecting a
valid-looking token with a bad signature and an expired token. In
src/__tests__/jwtAuth.api.test.ts, extend the existing auth error tests by
signing one token with the wrong secret to assert the AUTH_INVALID_TOKEN path,
and another with expiresIn: 0 to assert the TokenExpiredError/expired-token
handling, keeping the existing mockResponse, resetNext, and mockNext assertions
consistent.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bf6dda1b-72c6-42f0-88f5-813608083347

📥 Commits

Reviewing files that changed from the base of the PR and between 43f39f6 and 9ae56cc.

📒 Files selected for processing (2)
  • package.json
  • src/__tests__/jwtAuth.api.test.ts

Comment thread src/__tests__/jwtAuth.api.test.ts
Comment thread src/__tests__/jwtAuth.api.test.ts
@pragmaticAweds

Copy link
Copy Markdown
Contributor

Hi @Faizehy

Thank you for your awesome contribution, however after analyzing your implementation, there are some minor fixes to be done. Kindly fix them to merge your PR asap.

Also do not forget to use fundable.finance to offramp.

@Faizehy

Faizehy commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Done

@Faizehy

Faizehy commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Please merge

@pragmaticAweds pragmaticAweds merged commit e9ec916 into Fundable-Protocol:dev Jul 1, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add JWT auth middleware regression tests

3 participants