Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): owner-only middleware for single-user bearer auth

Browse Source
This commit is contained in:
root
2026-05-31 11:06:21 +10:00
parent cd71d64523
commit 7e55f07689
2 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/auth/owner.js Normal file
View File

@@ -0,0 +1,17 @@
export function ownerOnly(req, res, next) {
const expected = process.env.OWNER_TOKEN;
if (!expected) {
return res.status(500).json({
error: { code: 'no_owner_token', message: 'OWNER_TOKEN not configured' }
});
}
const auth = req.headers.authorization || '';
const [scheme, token] = auth.split(' ');
if (scheme !== 'Bearer' || token !== expected) {
return res.status(401).json({
error: { code: 'unauthorized', message: 'invalid token' }
});
}
req.actor = { kind: 'user', id: null };
next();
}

47
tests/auth/owner.test.js Normal file
View File

@@ -0,0 +1,47 @@
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { ownerOnly } from '../../lib/auth/owner.js';
function mockReq(token) {
return { headers: { authorization: token ? `Bearer ${token}` : undefined } };
}
function mockRes() {
const r = { status: vi.fn().mockReturnThis(), json: vi.fn().mockReturnThis(), end: vi.fn() };
return r;
}
describe('ownerOnly middleware', () => {
beforeEach(() => { process.env.OWNER_TOKEN = 'test-token'; });
it('rejects missing token', () => {
const res = mockRes();
const next = vi.fn();
ownerOnly(mockReq(null), res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(next).not.toHaveBeenCalled();
});
it('rejects wrong token', () => {
const res = mockRes();
const next = vi.fn();
ownerOnly(mockReq('wrong'), res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
it('accepts correct token + attaches actor', () => {
const res = mockRes();
const next = vi.fn();
const req = mockReq('test-token');
ownerOnly(req, res, next);
expect(next).toHaveBeenCalled();
expect(req.actor).toEqual({ kind: 'user', id: null });
});
it('returns 500 when OWNER_TOKEN unset', () => {
delete process.env.OWNER_TOKEN;
const res = mockRes();
const next = vi.fn();
ownerOnly(mockReq('anything'), res, next);
expect(res.status).toHaveBeenCalledWith(500);
expect(next).not.toHaveBeenCalled();
});
});