import express from "express"; import request from "supertest"; import { beforeEach, describe, expect, it, vi } from "vitest"; import { errorHandler } from "../middleware/index.js"; import { instanceSettingsRoutes } from "../routes/instance-settings.js"; const mockInstanceSettingsService = vi.hoisted(() => ({ getGeneral: vi.fn(), getExperimental: vi.fn(), updateGeneral: vi.fn(), updateExperimental: vi.fn(), listCompanyIds: vi.fn(), })); const mockLogActivity = vi.hoisted(() => vi.fn()); vi.mock("../services/index.js", () => ({ instanceSettingsService: () => mockInstanceSettingsService, logActivity: mockLogActivity, })); function createApp(actor: any) { const app = express(); app.use(express.json()); app.use((req, _res, next) => { req.actor = actor; next(); }); app.use("/api", instanceSettingsRoutes({} as any)); app.use(errorHandler); return app; } describe("instance settings routes", () => { beforeEach(() => { vi.clearAllMocks(); mockInstanceSettingsService.getGeneral.mockResolvedValue({ censorUsernameInLogs: false, }); mockInstanceSettingsService.getExperimental.mockResolvedValue({ enableIsolatedWorkspaces: false, autoRestartDevServerWhenIdle: false, }); mockInstanceSettingsService.updateGeneral.mockResolvedValue({ id: "instance-settings-1", general: { censorUsernameInLogs: true, }, }); mockInstanceSettingsService.updateExperimental.mockResolvedValue({ id: "instance-settings-1", experimental: { enableIsolatedWorkspaces: true, autoRestartDevServerWhenIdle: false, }, }); mockInstanceSettingsService.listCompanyIds.mockResolvedValue(["company-1", "company-2"]); }); it("allows local board users to read and update experimental settings", async () => { const app = createApp({ type: "board", userId: "local-board", source: "local_implicit", isInstanceAdmin: true, }); const getRes = await request(app).get("/api/instance/settings/experimental"); expect(getRes.status).toBe(200); expect(getRes.body).toEqual({ enableIsolatedWorkspaces: false, autoRestartDevServerWhenIdle: false, }); const patchRes = await request(app) .patch("/api/instance/settings/experimental") .send({ enableIsolatedWorkspaces: true }); expect(patchRes.status).toBe(200); expect(mockInstanceSettingsService.updateExperimental).toHaveBeenCalledWith({ enableIsolatedWorkspaces: true, }); expect(mockLogActivity).toHaveBeenCalledTimes(2); }); it("allows local board users to update guarded dev-server auto-restart", async () => { const app = createApp({ type: "board", userId: "local-board", source: "local_implicit", isInstanceAdmin: true, }); await request(app) .patch("/api/instance/settings/experimental") .send({ autoRestartDevServerWhenIdle: true }) .expect(200); expect(mockInstanceSettingsService.updateExperimental).toHaveBeenCalledWith({ autoRestartDevServerWhenIdle: true, }); }); it("allows local board users to read and update general settings", async () => { const app = createApp({ type: "board", userId: "local-board", source: "local_implicit", isInstanceAdmin: true, }); const getRes = await request(app).get("/api/instance/settings/general"); expect(getRes.status).toBe(200); expect(getRes.body).toEqual({ censorUsernameInLogs: false }); const patchRes = await request(app) .patch("/api/instance/settings/general") .send({ censorUsernameInLogs: true }); expect(patchRes.status).toBe(200); expect(mockInstanceSettingsService.updateGeneral).toHaveBeenCalledWith({ censorUsernameInLogs: true, }); expect(mockLogActivity).toHaveBeenCalledTimes(2); }); it("rejects non-admin board users", async () => { const app = createApp({ type: "board", userId: "user-1", source: "session", isInstanceAdmin: false, companyIds: ["company-1"], }); const res = await request(app).get("/api/instance/settings/general"); expect(res.status).toBe(403); expect(mockInstanceSettingsService.getGeneral).not.toHaveBeenCalled(); }); it("rejects agent callers", async () => { const app = createApp({ type: "agent", agentId: "agent-1", companyId: "company-1", source: "agent_key", }); const res = await request(app) .patch("/api/instance/settings/general") .send({ censorUsernameInLogs: true }); expect(res.status).toBe(403); expect(mockInstanceSettingsService.updateGeneral).not.toHaveBeenCalled(); }); });