testing/integration.ts

Standard integration test suite for fuz_app auth routes.
describe_standard_integration_tests creates a composable test suite that
exercises the full middleware stack (origin, session, bearer_auth, request_context)
against a real PGlite database. Consumers call it with their route factory and
session config — all auth route tests come for free.
Tests use stub_password_deps (deterministic hashing, no Argon2 overhead).
Login handlers call verify_password(submitted, stored_hash) which works because
both hash and verify use the same stub logic.
Rate limiters are disabled by default — tests make many login attempts and would
trigger limits otherwise.

Declarations
#

2 declarations

view source

describe_standard_integration_tests
#

testing/integration.ts view source

(options: StandardIntegrationTestOptions): void

Standard integration test suite for fuz_app auth routes.
Exercises login/logout, cookie attributes, session security, session
revocation, password change (incl. API token revocation), origin
verification, bearer auth (incl. browser context discard on mutations),
token revocation, cross-account isolation, expired credential rejection,
signup invite edge cases, and response body validation.
Each test group asserts that required routes exist, failing with a descriptive
message if the consumer's route specs are misconfigured.

`options`

type StandardIntegrationTestOptions

returns

void

throws

Error - at setup time when `options.rpc_endpoints` is empty — the

StandardIntegrationTestOptions
#

testing/integration.ts view source

StandardIntegrationTestOptions

Configuration for describe_standard_integration_tests.

`session_options`

Session config for cookie-based auth.

type SessionOptions<string>

`create_route_specs`

Route spec factory — same one used in production.

type (ctx: AppServerContext) => Array<RouteSpec>

`app_options`

Optional overrides for AppServerOptions.

type SuiteAppOptions

`db_factories`

Database factories to run tests against. Default: pglite only.
Pass consumer factories (e.g. [pglite_factory, pg_factory]) to also test against PostgreSQL.

type Array<DbFactory>

`rpc_endpoints`

RPC endpoint specs — required. This suite dispatches
account_verify, account_session_*, and account_token_* via
rpc_call_for_spec (the /api/account/verify REST route is a
status-only nginx shim with no payload). Hard-fails via
require_rpc_endpoint_path on setup so consumer projects see a
clear setup error instead of confusing test failures.
Accepts either an array (eager) or a factory
(ctx: AppServerContext) => Array<RpcEndpointSpec> — the factory form
is required when action handlers must close over the per-test
ctx.app_settings / ctx.deps (e.g. the canonical
create_standard_rpc_actions(ctx.deps, {app_settings: ctx.app_settings})
pattern). The factory must return the same endpoint path regardless
of ctx — it is invoked once at setup with a stub ctx for path lookup
and again per-test by create_app_server for live dispatch.

type RpcEndpointsSuiteOption

Depends on
#

Imported by
#

testing/standard.ts