test: comprehensive tests for refresh tokens, rate limits, proxy, mocks

BillChirico · BillChirico · commit d24e2f4e0013 · 2026-02-16T14:39:24.000-05:00
- Test refreshDiscordToken: success, failure, token rotation, no refresh token (issue #15) - Test fetchWithRateLimit: 429 response, retry-after parsing, max retries exhaustion (issue #16) - Test proxy: actual redirect behavior for unauthenticated requests, passthrough for valid tokens, callbackUrl preservation (issue #17) - Fix mock types: complete Account/Token objects with all required fields (issue #18) - Update guilds API test to use getToken() instead of session.accessToken - Update landing page tests for conditional invite button rendering - Update header/dashboard-shell/server-selector tests for refactored components - Add health check endpoint test - All 82 tests passing, lint clean, build succeeds
diff --git a/web/src/lib/auth.ts b/web/src/lib/auth.ts
@@ -34,8 +34,10 @@ const DISCORD_SCOPES = "identify guilds email";
 /**
  * Refresh a Discord OAuth2 access token using the refresh token.
  * Returns updated token fields or the original token with an error flag.
+ *
+ * Exported for testing; not intended for direct use outside auth callbacks.
  */
-async function refreshDiscordToken(token: Record<string, unknown>): Promise<Record<string, unknown>> {
+export async function refreshDiscordToken(token: Record<string, unknown>): Promise<Record<string, unknown>> {
   const params = new URLSearchParams({
     client_id: process.env.DISCORD_CLIENT_ID ?? "",
     client_secret: process.env.DISCORD_CLIENT_SECRET ?? "",
diff --git a/web/tests/api/guilds.test.ts b/web/tests/api/guilds.test.ts
@@ -1,10 +1,7 @@
 import { describe, it, expect, vi, beforeEach } from "vitest";
+import { NextRequest } from "next/server";
 
-// Mock next-auth
-vi.mock("next-auth", () => ({
-  default: vi.fn(),
-}));
-
+// Mock next-auth/providers/discord
 vi.mock("next-auth/providers/discord", () => ({
   default: vi.fn((config: Record<string, unknown>) => ({
     id: "discord",
@@ -14,78 +11,87 @@ vi.mock("next-auth/providers/discord", () => ({
   })),
 }));
 
-// Mock getServerSession
-const mockGetServerSession = vi.fn();
-vi.mock("next-auth", async () => {
-  return {
-    default: vi.fn(),
-    getServerSession: (...args: unknown[]) => mockGetServerSession(...args),
-  };
-});
+// Mock getToken from next-auth/jwt (used in the new API route)
+const mockGetToken = vi.fn();
+vi.mock("next-auth/jwt", () => ({
+  getToken: (...args: unknown[]) => mockGetToken(...args),
+}));
 
 // Mock discord lib
 const mockGetMutualGuilds = vi.fn();
 vi.mock("@/lib/discord", () => ({
   getMutualGuilds: (...args: unknown[]) => mockGetMutualGuilds(...args),
 }));
 
+function createMockRequest(url = "http://localhost:3000/api/guilds"): NextRequest {
+  return new NextRequest(new URL(url));
+}
+
 describe("GET /api/guilds", () => {
   beforeEach(() => {
     vi.clearAllMocks();
+    process.env.NEXTAUTH_SECRET = "a-valid-secret-that-is-at-least-32-characters-long";
   });
 
-  it("returns 401 when not authenticated", async () => {
-    mockGetServerSession.mockResolvedValue(null);
+  it("returns 401 when no token exists", async () => {
+    mockGetToken.mockResolvedValue(null);
 
     const { GET } = await import("@/app/api/guilds/route");
-    const response = await GET();
+    const response = await GET(createMockRequest());
 
     expect(response.status).toBe(401);
     const body = await response.json();
     expect(body.error).toBe("Unauthorized");
   });
 
-  it("returns 401 when session has no access token", async () => {
-    mockGetServerSession.mockResolvedValue({
-      user: { name: "Test" },
+  it("returns 401 when token has no access token", async () => {
+    mockGetToken.mockResolvedValue({
+      sub: "123",
+      id: "user-123",
       // No accessToken
     });
 
     const { GET } = await import("@/app/api/guilds/route");
-    const response = await GET();
+    const response = await GET(createMockRequest());
 
     expect(response.status).toBe(401);
   });
 
-  it("returns guilds when authenticated", async () => {
+  it("returns guilds when authenticated with valid token", async () => {
     const mockGuilds = [
       { id: "1", name: "Server 1", icon: null, botPresent: true },
     ];
 
-    mockGetServerSession.mockResolvedValue({
-      user: { name: "Test" },
-      accessToken: "valid-token",
+    mockGetToken.mockResolvedValue({
+      sub: "123",
+      accessToken: "valid-discord-token",
+      refreshToken: "refresh-token",
+      accessTokenExpires: Date.now() + 60_000,
+      id: "discord-user-123",
     });
     mockGetMutualGuilds.mockResolvedValue(mockGuilds);
 
     const { GET } = await import("@/app/api/guilds/route");
-    const response = await GET();
+    const response = await GET(createMockRequest());
 
     expect(response.status).toBe(200);
     const body = await response.json();
     expect(body).toEqual(mockGuilds);
-    expect(mockGetMutualGuilds).toHaveBeenCalledWith("valid-token");
+    expect(mockGetMutualGuilds).toHaveBeenCalledWith("valid-discord-token");
   });
 
   it("returns 500 on discord API error", async () => {
-    mockGetServerSession.mockResolvedValue({
-      user: { name: "Test" },
-      accessToken: "valid-token",
+    mockGetToken.mockResolvedValue({
+      sub: "123",
+      accessToken: "valid-discord-token",
+      refreshToken: "refresh-token",
+      accessTokenExpires: Date.now() + 60_000,
+      id: "discord-user-123",
     });
     mockGetMutualGuilds.mockRejectedValue(new Error("Discord API error"));
 
     const { GET } = await import("@/app/api/guilds/route");
-    const response = await GET();
+    const response = await GET(createMockRequest());
 
     expect(response.status).toBe(500);
     const body = await response.json();
diff --git a/web/tests/api/health.test.ts b/web/tests/api/health.test.ts
@@ -0,0 +1,13 @@
+import { describe, it, expect } from "vitest";
+import { GET } from "@/app/api/health/route";
+
+describe("GET /api/health", () => {
+  it("returns 200 with status ok", async () => {
+    const response = await GET();
+    expect(response.status).toBe(200);
+
+    const body = await response.json();
+    expect(body.status).toBe("ok");
+    expect(typeof body.timestamp).toBe("string");
+  });
+});
diff --git a/web/tests/app/landing.test.tsx b/web/tests/app/landing.test.tsx
@@ -1,4 +1,4 @@
-import { describe, it, expect } from "vitest";
+import { describe, it, expect, beforeEach } from "vitest";
 import { render, screen } from "@testing-library/react";
 import LandingPage from "@/app/page";
 
@@ -19,10 +19,22 @@ describe("LandingPage", () => {
     expect(screen.getByText("Web Dashboard")).toBeDefined();
   });
 
-  it("renders sign in and add to server buttons", () => {
+  it("renders sign in button", () => {
     render(<LandingPage />);
     expect(screen.getByText("Sign In")).toBeDefined();
+  });
+
+  it("hides Add to Server button when CLIENT_ID is not set", () => {
+    delete process.env.NEXT_PUBLIC_DISCORD_CLIENT_ID;
+    render(<LandingPage />);
+    expect(screen.queryByText("Add to Server")).toBeNull();
+  });
+
+  it("shows Add to Server buttons when CLIENT_ID is set", () => {
+    process.env.NEXT_PUBLIC_DISCORD_CLIENT_ID = "test-client-id";
+    render(<LandingPage />);
     expect(screen.getAllByText("Add to Server").length).toBeGreaterThan(0);
+    delete process.env.NEXT_PUBLIC_DISCORD_CLIENT_ID;
   });
 
   it("renders footer with links", () => {
diff --git a/web/tests/components/layout/dashboard-shell.test.tsx b/web/tests/components/layout/dashboard-shell.test.tsx
@@ -1,65 +1,19 @@
 import { describe, it, expect, vi } from "vitest";
 import { render, screen } from "@testing-library/react";
 
-// Mock child components
+// Mock child components — DashboardShell is now a server component
 vi.mock("@/components/layout/header", () => ({
-  Header: ({ onMenuClick }: { onMenuClick: () => void }) => (
-    <header data-testid="header">
-      <button onClick={onMenuClick} data-testid="menu-btn">
-        Menu
-      </button>
-    </header>
-  ),
+  Header: () => <header data-testid="header">Header</header>,
 }));
 
 vi.mock("@/components/layout/sidebar", () => ({
-  Sidebar: ({ onNavClick }: { onNavClick?: () => void }) => (
-    <nav data-testid="sidebar" onClick={onNavClick}>
-      Sidebar
-    </nav>
-  ),
+  Sidebar: () => <nav data-testid="sidebar">Sidebar</nav>,
 }));
 
 vi.mock("@/components/layout/server-selector", () => ({
   ServerSelector: () => <div data-testid="server-selector">Servers</div>,
 }));
 
-// Mock radix dialog for Sheet
-vi.mock("@radix-ui/react-dialog", () => {
-  const React = require("react");
-  return {
-    Root: ({ children, open }: { children: React.ReactNode; open?: boolean }) => (
-      <div data-testid="sheet-root" data-open={open}>
-        {children}
-      </div>
-    ),
-    Trigger: ({ children }: { children: React.ReactNode }) => children,
-    Portal: ({ children }: { children: React.ReactNode }) => children,
-    Overlay: React.forwardRef((_: unknown, ref: React.Ref<HTMLDivElement>) => (
-      <div ref={ref} data-testid="sheet-overlay" />
-    )),
-    Content: React.forwardRef(
-      ({ children }: { children: React.ReactNode }, ref: React.Ref<HTMLDivElement>) => (
-        <div ref={ref} data-testid="sheet-content">
-          {children}
-        </div>
-      ),
-    ),
-    Close: React.forwardRef(
-      ({ children }: { children: React.ReactNode }, ref: React.Ref<HTMLButtonElement>) => (
-        <button ref={ref} data-testid="sheet-close">
-          {children}
-        </button>
-      ),
-    ),
-    Title: React.forwardRef(
-      ({ children }: { children: React.ReactNode }, ref: React.Ref<HTMLHeadingElement>) => (
-        <h2 ref={ref}>{children}</h2>
-      ),
-    ),
-  };
-});
-
 import { DashboardShell } from "@/components/layout/dashboard-shell";
 
 describe("DashboardShell", () => {
@@ -70,7 +24,7 @@ describe("DashboardShell", () => {
       </DashboardShell>,
     );
     expect(screen.getByTestId("header")).toBeDefined();
-    expect(screen.getAllByTestId("sidebar").length).toBeGreaterThan(0);
+    expect(screen.getByTestId("sidebar")).toBeDefined();
     expect(screen.getByTestId("content")).toBeDefined();
   });
 
@@ -80,6 +34,6 @@ describe("DashboardShell", () => {
         <div>Content</div>
       </DashboardShell>,
     );
-    expect(screen.getAllByTestId("server-selector").length).toBeGreaterThan(0);
+    expect(screen.getByTestId("server-selector")).toBeDefined();
   });
 });
diff --git a/web/tests/components/layout/header.test.tsx b/web/tests/components/layout/header.test.tsx
@@ -6,6 +6,7 @@ vi.mock("next-auth/react", () => ({
   useSession: () => ({
     data: {
       user: {
+        id: "discord-user-123",
         name: "TestUser",
         email: "test@example.com",
         image: "https://cdn.discordapp.com/avatars/123/abc.png",
@@ -16,28 +17,30 @@ vi.mock("next-auth/react", () => ({
   signOut: vi.fn(),
 }));
 
+// Mock the MobileSidebar client component
+vi.mock("@/components/layout/mobile-sidebar", () => ({
+  MobileSidebar: () => (
+    <button data-testid="mobile-sidebar-toggle" aria-label="Toggle menu">
+      Menu
+    </button>
+  ),
+}));
+
 import { Header } from "@/components/layout/header";
 
 describe("Header", () => {
   it("renders the brand name", () => {
-    render(<Header onMenuClick={vi.fn()} />);
+    render(<Header />);
     expect(screen.getByText("Bill Bot Dashboard")).toBeDefined();
   });
 
-  it("renders the hamburger menu button", () => {
-    render(<Header onMenuClick={vi.fn()} />);
-    expect(screen.getByLabelText("Toggle menu")).toBeDefined();
-  });
-
-  it("calls onMenuClick when hamburger is clicked", () => {
-    const onMenuClick = vi.fn();
-    render(<Header onMenuClick={onMenuClick} />);
-    screen.getByLabelText("Toggle menu").click();
-    expect(onMenuClick).toHaveBeenCalled();
+  it("renders the mobile sidebar toggle", () => {
+    render(<Header />);
+    expect(screen.getByTestId("mobile-sidebar-toggle")).toBeDefined();
   });
 
   it("renders user fallback avatar when authenticated", () => {
-    render(<Header onMenuClick={vi.fn()} />);
+    render(<Header />);
     // Radix Avatar shows fallback initially in jsdom
     expect(screen.getByText("T")).toBeDefined();
   });
diff --git a/web/tests/components/layout/server-selector.test.tsx b/web/tests/components/layout/server-selector.test.tsx
@@ -54,11 +54,23 @@ describe("ServerSelector", () => {
     });
   });
 
-  it("handles fetch errors gracefully", async () => {
+  it("shows error state with retry button on fetch failure", async () => {
     global.fetch = vi.fn().mockRejectedValue(new Error("Network error"));
     render(<ServerSelector />);
     await waitFor(() => {
-      expect(screen.getByText("No servers found")).toBeDefined();
+      expect(screen.getByText("Failed to load servers")).toBeDefined();
+      expect(screen.getByText("Retry")).toBeDefined();
+    });
+  });
+
+  it("shows error state on non-OK response", async () => {
+    global.fetch = vi.fn().mockResolvedValue({
+      ok: false,
+      status: 500,
+    });
+    render(<ServerSelector />);
+    await waitFor(() => {
+      expect(screen.getByText("Failed to load servers")).toBeDefined();
     });
   });
 });
diff --git a/web/tests/components/providers.test.tsx b/web/tests/components/providers.test.tsx
@@ -6,12 +6,14 @@ vi.mock("next-auth/react", () => ({
   SessionProvider: ({ children }: { children: React.ReactNode }) => (
     <div data-testid="session-provider">{children}</div>
   ),
+  useSession: () => ({ data: null, status: "unauthenticated" }),
+  signIn: vi.fn(),
 }));
 
 import { Providers } from "@/components/providers";
 
 describe("Providers", () => {
-  it("wraps children in SessionProvider", () => {
+  it("wraps children in SessionProvider with SessionGuard", () => {
     render(
       <Providers>
         <div data-testid="child">Hello</div>
diff --git a/web/tests/lib/auth.test.ts b/web/tests/lib/auth.test.ts
diff --git a/web/tests/lib/discord.test.ts b/web/tests/lib/discord.test.ts
diff --git a/web/tests/middleware.test.ts b/web/tests/middleware.test.ts
