@@ -121,9 +121,12 @@ describe('POST /auth/verify', () => {
121121 mockDeviceFindFirst . mockResolvedValue ( undefined ) ; // no existing device → create device
122122 setupInsert ( ) ;
123123
124- const res = await request ( app )
125- . post ( '/auth/verify' )
126- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
124+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
125+ walletAddress : WALLET ,
126+ signature : SIGNATURE ,
127+ nonce : NONCE ,
128+ identityPublicKey : IDENTITY_KEY ,
129+ } ) ;
127130
128131 expect ( res . status ) . toBe ( 200 ) ;
129132 expect ( res . body ) . toHaveProperty ( 'token' ) ;
@@ -137,9 +140,12 @@ describe('POST /auth/verify', () => {
137140 mockWalletFindFirst . mockResolvedValue ( { userId : 'existing-user-id' , address : WALLET } ) ;
138141 mockDeviceFindFirst . mockResolvedValue ( { id : 'device-id' , isRevoked : false } ) ;
139142
140- const res = await request ( app )
141- . post ( '/auth/verify' )
142- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
143+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
144+ walletAddress : WALLET ,
145+ signature : SIGNATURE ,
146+ nonce : NONCE ,
147+ identityPublicKey : IDENTITY_KEY ,
148+ } ) ;
143149
144150 expect ( res . status ) . toBe ( 200 ) ;
145151 expect ( res . body ) . toHaveProperty ( 'token' ) ;
@@ -152,9 +158,12 @@ describe('POST /auth/verify', () => {
152158 mockDeviceFindFirst . mockResolvedValue ( undefined ) ; // new device for existing user
153159 setupExistingUserInsert ( ) ;
154160
155- const res = await request ( app )
156- . post ( '/auth/verify' )
157- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
161+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
162+ walletAddress : WALLET ,
163+ signature : SIGNATURE ,
164+ nonce : NONCE ,
165+ identityPublicKey : IDENTITY_KEY ,
166+ } ) ;
158167
159168 expect ( res . status ) . toBe ( 200 ) ;
160169 expect ( res . body ) . toHaveProperty ( 'token' ) ;
@@ -163,9 +172,12 @@ describe('POST /auth/verify', () => {
163172 it ( 'returns 401 when nonce is expired or invalid' , async ( ) => {
164173 mockConsumeNonce . mockReturnValue ( false ) ;
165174
166- const res = await request ( app )
167- . post ( '/auth/verify' )
168- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : 'expired-nonce' , identityPublicKey : IDENTITY_KEY } ) ;
175+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
176+ walletAddress : WALLET ,
177+ signature : SIGNATURE ,
178+ nonce : 'expired-nonce' ,
179+ identityPublicKey : IDENTITY_KEY ,
180+ } ) ;
169181
170182 expect ( res . status ) . toBe ( 401 ) ;
171183 expect ( res . body ) . toHaveProperty ( 'error' ) ;
@@ -175,9 +187,12 @@ describe('POST /auth/verify', () => {
175187 mockConsumeNonce . mockReturnValue ( true ) ;
176188 mockVerify . mockReturnValue ( false ) ;
177189
178- const res = await request ( app )
179- . post ( '/auth/verify' )
180- . send ( { walletAddress : WALLET , signature : 'badsig' , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
190+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
191+ walletAddress : WALLET ,
192+ signature : 'badsig' ,
193+ nonce : NONCE ,
194+ identityPublicKey : IDENTITY_KEY ,
195+ } ) ;
181196
182197 expect ( res . status ) . toBe ( 401 ) ;
183198 expect ( res . body . error ) . toMatch ( / s i g n a t u r e / i) ;
@@ -189,9 +204,12 @@ describe('POST /auth/verify', () => {
189204 mockWalletFindFirst . mockResolvedValue ( { userId : 'existing-user-id' , address : WALLET } ) ;
190205 mockDeviceFindFirst . mockResolvedValue ( { id : 'device-id' , isRevoked : true } ) ;
191206
192- const res = await request ( app )
193- . post ( '/auth/verify' )
194- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
207+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
208+ walletAddress : WALLET ,
209+ signature : SIGNATURE ,
210+ nonce : NONCE ,
211+ identityPublicKey : IDENTITY_KEY ,
212+ } ) ;
195213
196214 expect ( res . status ) . toBe ( 401 ) ;
197215 expect ( res . body . error ) . toMatch ( / r e v o k e d / i) ;
@@ -226,9 +244,12 @@ describe('POST /auth/verify', () => {
226244 throw new Error ( 'invalid key' ) ;
227245 } ) ;
228246
229- const res = await request ( app )
230- . post ( '/auth/verify' )
231- . send ( { walletAddress : 'INVALID' , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
247+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
248+ walletAddress : 'INVALID' ,
249+ signature : SIGNATURE ,
250+ nonce : NONCE ,
251+ identityPublicKey : IDENTITY_KEY ,
252+ } ) ;
232253
233254 expect ( res . status ) . toBe ( 401 ) ;
234255 expect ( res . body ) . toHaveProperty ( 'error' ) ;
@@ -258,29 +279,41 @@ describe('Auth rate limiting', () => {
258279
259280 it ( 'allows up to 5 /auth/verify requests per minute, blocks the 6th with 429' , async ( ) => {
260281 for ( let i = 0 ; i < 5 ; i ++ ) {
261- const res = await request ( app )
262- . post ( '/auth/verify' )
263- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
282+ const res = await request ( app ) . post ( '/auth/verify' ) . send ( {
283+ walletAddress : WALLET ,
284+ signature : SIGNATURE ,
285+ nonce : NONCE ,
286+ identityPublicKey : IDENTITY_KEY ,
287+ } ) ;
264288 expect ( res . status ) . toBe ( 200 ) ;
265289 }
266290
267- const blocked = await request ( app )
268- . post ( '/auth/verify' )
269- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
291+ const blocked = await request ( app ) . post ( '/auth/verify' ) . send ( {
292+ walletAddress : WALLET ,
293+ signature : SIGNATURE ,
294+ nonce : NONCE ,
295+ identityPublicKey : IDENTITY_KEY ,
296+ } ) ;
270297 expect ( blocked . status ) . toBe ( 429 ) ;
271298 expect ( blocked . headers [ 'retry-after' ] ) . toBeDefined ( ) ;
272299 } ) ;
273300
274301 it ( 'challenge and verify limiters are independent' , async ( ) => {
275302 // Exhaust verify limit
276303 for ( let i = 0 ; i < 5 ; i ++ ) {
277- await request ( app )
278- . post ( '/auth/verify' )
279- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
304+ await request ( app ) . post ( '/auth/verify' ) . send ( {
305+ walletAddress : WALLET ,
306+ signature : SIGNATURE ,
307+ nonce : NONCE ,
308+ identityPublicKey : IDENTITY_KEY ,
309+ } ) ;
280310 }
281- const verifyBlocked = await request ( app )
282- . post ( '/auth/verify' )
283- . send ( { walletAddress : WALLET , signature : SIGNATURE , nonce : NONCE , identityPublicKey : IDENTITY_KEY } ) ;
311+ const verifyBlocked = await request ( app ) . post ( '/auth/verify' ) . send ( {
312+ walletAddress : WALLET ,
313+ signature : SIGNATURE ,
314+ nonce : NONCE ,
315+ identityPublicKey : IDENTITY_KEY ,
316+ } ) ;
284317 expect ( verifyBlocked . status ) . toBe ( 429 ) ;
285318
286319 // Challenge limit should still allow requests
0 commit comments