langfuse

1
import {
2
  getDisplaySecretKey,
3
  hashSecretKey,
4
} from "@/src/features/public-api/lib/apiKeys";
5
import { verifyAuthHeaderAndReturnScope } from "@/src/features/public-api/server/apiAuth";
6
import { prisma } from "@/src/server/db";
7

8
describe("Validate api calls", () => {
9
  beforeEach(async () => {
10
    await prisma.score.deleteMany();
11
    await prisma.observation.deleteMany();
12
    await prisma.trace.deleteMany();
13
    await prisma.apiKey.deleteMany();
14
  });
15

16
  it("should create new api key", async () => {
17
    await createAPIKey();
18
    const auth = await verifyAuthHeaderAndReturnScope(
19
      "Basic cGstbGYtMTIzNDU2Nzg5MDpzay1sZi0xMjM0NTY3ODkw",
20
    );
21
    expect(auth.validKey).toBe(true);
22

23
    const apiKey = await prisma.apiKey.findUnique({
24
      where: { publicKey: "pk-lf-1234567890" },
25
    });
26
    expect(apiKey).not.toBeNull();
27
    expect(apiKey?.fastHashedSecretKey).not.toBeNull();
28
  });
29

30
  it("should create new api key and succeed with new key", async () => {
31
    await createAPIKey();
32
    const auth = await verifyAuthHeaderAndReturnScope(
33
      "Basic cGstbGYtMTIzNDU2Nzg5MDpzay1sZi0xMjM0NTY3ODkw",
34
    );
35
    expect(auth.validKey).toBe(true);
36

37
    const apiKey = await prisma.apiKey.findUnique({
38
      where: { publicKey: "pk-lf-1234567890" },
39
    });
40
    expect(apiKey).not.toBeNull();
41
    expect(apiKey?.fastHashedSecretKey).not.toBeNull();
42

43
    const auth2 = await verifyAuthHeaderAndReturnScope(
44
      "Basic cGstbGYtMTIzNDU2Nzg5MDpzay1sZi0xMjM0NTY3ODkw",
45
    );
46
    expect(auth2.validKey).toBe(true);
47
  });
48

49
  it("should fail on wrong api key with new key", async () => {
50
    await createAPIKey();
51
    const auth = await verifyAuthHeaderAndReturnScope(
52
      "Basic cGstbGYtMTIzNDU2Nzg5MDpzay1sZi0xMjM0NTY3ODkw",
53
    );
54
    expect(auth.validKey).toBe(true);
55

56
    const apiKey = await prisma.apiKey.findUnique({
57
      where: { publicKey: "pk-lf-1234567890" },
58
    });
59
    expect(apiKey).not.toBeNull();
60
    expect(apiKey?.fastHashedSecretKey).not.toBeNull();
61

62
    const wrongAuth = await verifyAuthHeaderAndReturnScope(
63
      "Basic cGstbGYtMTIzNDU2Nzg5MDpzay1sZi0xMjM0NTY3ODkx",
64
    );
65
    expect(wrongAuth.validKey).toBe(false);
66
  });
67

68
  it("should fail on wrong api key without new key", async () => {
69
    await createAPIKey();
70
    const initialApiKey = await prisma.apiKey.findUnique({
71
      where: { publicKey: "pk-lf-1234567890" },
72
    });
73
    expect(initialApiKey).not.toBeNull();
74
    expect(initialApiKey?.fastHashedSecretKey).toBeNull();
75

76
    const auth = await verifyAuthHeaderAndReturnScope(
77
      "Basic cGstbGYtMTIzNDU2Nzg5MDpzay1sZi0xMjM0NTY3ODkx",
78
    );
79
    expect(auth.validKey).toBe(false);
80

81
    const apiKey = await prisma.apiKey.findUnique({
82
      where: { publicKey: "pk-lf-1234567890" },
83
    });
84
    expect(apiKey).not.toBeNull();
85
    expect(apiKey?.fastHashedSecretKey).toBeNull();
86
  });
87

88
  const createAPIKey = async () => {
89
    const seedApiKey = {
90
      id: "seed-api-key",
91
      secret: "sk-lf-1234567890",
92
      public: "pk-lf-1234567890",
93
      note: "seeded key",
94
    };
95
    await prisma.apiKey.create({
96
      data: {
97
        note: seedApiKey.note,
98
        id: seedApiKey.id,
99
        publicKey: seedApiKey.public,
100
        hashedSecretKey: await hashSecretKey(seedApiKey.secret),
101
        displaySecretKey: getDisplaySecretKey(seedApiKey.secret),
102
        project: {
103
          connect: {
104
            id: "7a88fb47-b4e2-43b8-a06c-a5ce950dc53a",
105
          },
106
        },
107
      },
108
    });
109
  };
110

111
  afterAll(async () => {
112
    await prisma.apiKey.deleteMany();
113
    await createAPIKey();
114
  });
115
});
116