testing/integration_helpers.ts view source
readonly string[] Field names that must not appear in non-admin HTTP response bodies.
testing/integration_helpers.ts
Integration test helpers — route lookup, response validation, and cookie utilities.
Declarations #
14 declarations
ADMIN_ONLY_FIELD_BLOCKLIST #
ADMIN_ONLY_FIELD_BLOCKLIST
assert_no_error_info_leakage #
assert_no_error_info_leakage
testing/integration_helpers.ts view source
(body: unknown, context: string): void Assert that an error response contains no leaky field values.
Checks both field names and string values for patterns indicating
stack traces, SQL, or internal paths. Accepts unknown so callers
pass response bodies / nested envelope fields directly without
intermediate as casts; non-object bodies skip the field-name check.
body
type
unknowncontext
description for error messages
type
stringreturns
void assert_no_sensitive_fields_in_json #
assert_no_sensitive_fields_in_json
testing/integration_helpers.ts view source
(body: unknown, blocklist: readonly string[], context: string): void Assert that a parsed JSON body contains no fields from the given blocklist.
body
type
unknownblocklist
type
readonly string[]context
description for error messages
type
stringreturns
void assert_rate_limit_retry_after_header #
assert_rate_limit_retry_after_header
testing/integration_helpers.ts view source
(response: Response, body: { retry_after: number; }): void Assert that a 429 response includes a valid Retry-After header
matching the JSON body's retry_after field.
response
type
Responsebody
type
{ retry_after: number; }returns
void assert_response_matches_spec #
assert_response_matches_spec
testing/integration_helpers.ts view source
(route_specs: RouteSpec[], method: string, path: string, response: Response): Promise<void> Validate a response body against the route spec's declared schemas.
For 2xx responses, validates against spec.output.
For error responses, validates against the merged error schema for that status code.
route_specs
type
RouteSpec[]method
type
stringpath
type
stringresponse
type
Responsereturns
Promise<void> throws
Error- if no route spec matches `method` + `path`, if the response
check_error_response_fields #
check_error_response_fields
testing/integration_helpers.ts view source
(body: Record<string, unknown>): string[] List the fields in an error response body that are not in the known-safe set.
Error schemas use z.looseObject (intentional — multiple producers), but
test responses should be checked for fields that could leak information.
body
type
Record<string, unknown>returns
string[] array of unexpected field names (empty = clean)
collect_json_keys_recursive #
collect_json_keys_recursive
testing/integration_helpers.ts view source
(value: unknown): Set<string> Recursively collect all key names from a parsed JSON value.
Walks objects and arrays to find every property name at any nesting depth.
value
type
unknownreturns
Set<string> create_expired_test_cookie #
create_expired_test_cookie
testing/integration_helpers.ts view source
(keyring: Keyring, session_options: SessionOptions<string>): Promise<string> Create an expired test cookie — validly signed but with an expiry timestamp in 1970.
keyring
type Keyring
session_options
type
SessionOptions<string>returns
Promise<string> find_auth_route #
find_auth_route
testing/integration_helpers.ts view source
(specs: RouteSpec[], suffix: "/login" | "/logout" | "/password" | "/verify" | "/signup" | "/bootstrap", method: RouteMethod): RouteSpec | undefined Find a REST auth route by suffix and method.
Decouples tests from consumer route prefix (/api/account/login,
/api/auth/login, etc.). suffix must be one of
REST_AUTH_ROUTE_SUFFIXES — throws otherwise so a post-migration RPC
method name (e.g. /sessions/revoke-all) fails loudly at the call site
instead of silently returning undefined.
specs
type
RouteSpec[]suffix
type
"/login" | "/logout" | "/password" | "/verify" | "/signup" | "/bootstrap"method
type RouteMethod
returns
RouteSpec | undefined throws
Error- if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES`.
find_route_spec #
find_route_spec
testing/integration_helpers.ts view source
(specs: RouteSpec[], method: string, path: string): RouteSpec | undefined Find a route spec matching the given method and path.
Supports both exact matches and parameterized paths (:param segments).
specs
type
RouteSpec[]method
type
stringpath
request path (exact or with concrete param values)
type
stringreturns
RouteSpec | undefined pick_auth_headers #
pick_auth_headers
testing/integration_helpers.ts view source
(spec: RouteSpec, test_app: TestApp, authed_account: TestAccount, admin_account: TestAccount): Record<string, string> Pick request headers matching a route spec's auth requirement.
Maps RouteAuth onto a test account's credentials:
- none — origin headers only
- authenticated — the authed account's session cookie
- role: admin — the admin account's session cookie
- role: <other> — the test app's bootstrapped keeper session
- keeper — the test app's daemon token
spec
type RouteSpec
test_app
type TestApp
authed_account
type TestAccount
admin_account
type TestAccount
returns
Record<string, string> REST_AUTH_ROUTE_SUFFIXES #
REST_AUTH_ROUTE_SUFFIXES
testing/integration_helpers.ts view source
readonly ["/login", "/logout", "/password", "/verify", "/signup", "/bootstrap"] REST auth route suffixes on the account/bootstrap surface — the only routes still REST. find_auth_route rejects any other suffix at runtime; session/token CRUD, admin operations, and role_grant flows live on the RPC surface and should be reached via rpc_call.
RestAuthRouteSuffix #
RestAuthRouteSuffix
testing/integration_helpers.ts view source
"/login" | "/logout" | "/password" | "/verify" | "/signup" | "/bootstrap" SENSITIVE_FIELD_BLOCKLIST #
SENSITIVE_FIELD_BLOCKLIST
testing/integration_helpers.ts view source
readonly string[] Field names that must never appear in any HTTP response body.