Rework authentication

tests/1.user.test.js

@@ -1,7 +1,14 @@
 import assert from "node:assert";
 import { test } from "node:test";
 import { validate } from "uuid";
-import { apiGet, apiPost, apiPatch, apiDelete } from "./api.js";
+import {
+    apiCookie,
+    apiToken,
+    apiGet,
+    apiPost,
+    apiPatch,
+    apiDelete,
+} from "./api.js";
 
 const state = {};
 
@@ -40,14 +47,25 @@ test("shouldn't be able to login", async () => {
 });
 
 test("can login", async () => {
-    const response = await apiPost(`auth/login`, {
+    const responseArray = await apiCookie(`auth/login`, {
         username: state.username,
         password: state.password,
     });
+    const response = responseArray[0];
+    state.cookie = responseArray[1];
+
+    assert.equal(validate(response.id), true);
+    assert.equal(validate(response.ownerId), true);
+    assert.equal(response.ownerId, state.userId);
+
+    state.sessionId = response.id;
+});
+
+test("can get access token", async () => {
+    const response = await apiToken(`auth/refresh`, state.cookie);
 
     assert.equal(validate(response.id), true);
     assert.equal(validate(response.ownerId), true);
-    assert.equal(response.token.length > 0, true);
     assert.equal(response.ownerId, state.userId);
 
     state.sessionId = response.id;

tests/2.community.test.js

@@ -1,7 +1,14 @@
 import assert from "node:assert";
 import { test } from "node:test";
 import { validate } from "uuid";
-import { apiGet, apiPost, apiPatch, apiDelete } from "./api.js";
+import {
+    apiCookie,
+    apiToken,
+    apiGet,
+    apiPost,
+    apiPatch,
+    apiDelete,
+} from "./api.js";
 
 const state = {};
 
@@ -30,19 +37,27 @@ test("can create community", async () => {
     });
     state.userId2 = responseRegister2.id;
 
-    const responseLogin1 = await apiPost(`auth/login`, {
+    const responseLogin1Array = await apiCookie(`auth/login`, {
         username: state.username1,
         password: state.password1,
     });
+    const responseLogin1 = responseLogin1Array[0];
+    state.cookie1 = responseLogin1Array[1];
     state.sessionId1 = responseLogin1.id;
-    state.token1 = responseLogin1.token;
 
-    const responseLogin2 = await apiPost(`auth/login`, {
+    const responseLogin2Array = await apiCookie(`auth/login`, {
         username: state.username2,
         password: state.password2,
     });
+    const responseLogin2 = responseLogin2Array[0];
+    state.cookie2 = responseLogin2Array[1];
     state.sessionId2 = responseLogin2.id;
-    state.token2 = responseLogin2.token;
+
+    const responseRefresh1 = await apiToken(`auth/refresh`, state.cookie1);
+    state.token1 = responseRefresh1.token;
+
+    const responseRefresh2 = await apiToken(`auth/refresh`, state.cookie2);
+    state.token2 = responseRefresh2.token;
 
     const responseCreate = await apiPost(
         `community`,

tests/api.js

@@ -2,6 +2,32 @@ import config from "../src/config.json" with { type: "json" };
 
 const url = `http://localhost:${config.port}/api/v1`;
 
+const apiCookie = async (endpoint, request) => {
+    const response = await fetch(`${url}/${endpoint}`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(request),
+    });
+
+    const responseCookie = response.headers.getSetCookie().at(0) ?? "";
+
+    return [await response.json(), responseCookie];
+};
+
+const apiToken = async (endpoint, cookie) => {
+    const response = await fetch(`${url}/${endpoint}`, {
+        method: "GET",
+        headers: {
+            "Content-Type": "application/json",
+            Cookie: cookie,
+        },
+    });
+
+    return await response.json();
+};
+
 const apiGet = async (endpoint, token) => {
     const response = await fetch(`${url}/${endpoint}`, {
         method: "GET",
@@ -53,4 +79,4 @@ const apiDelete = async (endpoint, request, token) => {
     return await response.json();
 };
 
-export { apiGet, apiPost, apiPatch, apiDelete };
+export { apiCookie, apiToken, apiGet, apiPost, apiPatch, apiDelete };