Skip to content

test: Add integration tests for webhooks + unit tests for requireApiKey middleware#741

Merged
Jayy4rl merged 2 commits into
StellarYield:mainfrom
jayteemoney:test/webhook-and-apikey-middleware
Jun 29, 2026
Merged

test: Add integration tests for webhooks + unit tests for requireApiKey middleware#741
Jayy4rl merged 2 commits into
StellarYield:mainfrom
jayteemoney:test/webhook-and-apikey-middleware

Conversation

@jayteemoney

Copy link
Copy Markdown
Contributor

Summary

Adds automated test coverage for two areas of the backend API:

All new tests use the project's existing Vitest + Supertest stack and follow the established mocking patterns (vi.mock("../../db/index.js")). They are fully isolated and fast — no real database, network, or DNS access.

#690 — Webhook endpoint integration tests

File: backend/src/api/controllers/webhooks.integration.test.ts

Exercises the real router stack (auth → validation → controller) mounted on a minimal Express app, mirroring how app.ts wires /api/v1/webhooks:

  • POST /api/v1/webhooks — valid body → 201; non-HTTPS URL → 400; missing/empty events400; no auth → 401.
  • GET /api/v1/webhooks — no auth → 401; valid auth → 200 + array (and asserts secrets are never exposed); empty list → 200 + [].
  • DELETE /api/v1/webhooks/:id — not found → 404; success → 204; non-numeric id → 400; no auth → 401.

The DB layer and NotificationService / validateWebhookUrl are mocked at module level.

#693requireApiKey middleware unit tests

File: backend/src/api/middleware/auth.test.ts

  • Missing Authorization header → 401 Unauthorized.
  • Malformed header (no Bearer prefix / Basic scheme) → 401.
  • Unknown key / DB error → 403 (fails closed).
  • Valid key with wrong role → 403 Insufficient permissions.
  • Valid admin key → calls next() and attaches req.apiKey.
  • Valid key with no role requirement → calls next().
  • Verifies the key is looked up by its SHA-256 hash, never the plaintext.

The database query is mocked; no real DB is hit.

Test results

✓ src/api/middleware/auth.test.ts (9 tests)
✓ src/api/controllers/webhooks.integration.test.ts (12 tests)
Test Files  2 passed (2)
     Tests  21 passed (21)

Both files pass ESLint and are type-clean.

Notes for the maintainer

While wiring the integration test I noticed two pre-existing issues on main (not introduced here, left untouched to keep this PR focused):

  • src/api/controllers/vaults.ts declares getVaultOperators twice (lines 410 and 986), which breaks the esbuild/tsc transform for anything importing the full app. The integration test mounts only the webhooks router to stay unaffected.
  • src/api/controllers/webhooks.test.ts has an assertion that predates the consecutiveFailures field added to formatWebhook, so that existing test currently fails.

Closes #690
Closes #693

@drips-wave

drips-wave Bot commented Jun 29, 2026

Copy link
Copy Markdown

@jayteemoney Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Jayy4rl Jayy4rl merged commit 139d3df into StellarYield:main Jun 29, 2026
2 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Write unit tests for requireApiKey middleware Write integration tests for webhook registration endpoints

2 participants