b82b90d2f5
Addresses final-review findings: I1 render-generation guard prevents a double-mount /timer leak on rapid re-navigation; I2 adds anonymous-rejection tests for the owner-only POST /speedtest/run and /health/check; M1 CSS comment; M2 cron↔worker dedup note; M4 full 8-byte PNG signature check; M5 card-contract unit test for all 7 cards. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
18 lines
876 B
JavaScript
18 lines
876 B
JavaScript
import { describe, it, expect, beforeAll } from 'vitest';
|
|
import request from 'supertest';
|
|
import { setup } from './helpers.js';
|
|
import * as repo from '../../lib/db/repos/speedtest.js';
|
|
|
|
let app, ownerHeaders;
|
|
beforeAll(async () => { ({ app, ownerHeaders } = await setup()); await repo.record({ down_mbps: 50, up_mbps: 10, ping_ms: 12 }); });
|
|
describe('speedtest api', () => {
|
|
it('401 without auth', async () => expect((await request(app).get('/api/speedtest/history')).status).toBe(401));
|
|
it('POST /run rejects anonymous (auth boundary before enqueue)', async () =>
|
|
expect((await request(app).post('/api/speedtest/run')).status).toBe(401));
|
|
it('history returns rows', async () => {
|
|
const res = await request(app).get('/api/speedtest/history').set(ownerHeaders);
|
|
expect(res.status).toBe(200);
|
|
expect(res.body.length).toBeGreaterThanOrEqual(1);
|
|
});
|
|
});
|