feat: Add tests for permission checks and response accept header

tests/http.lib.js

@@ -11,13 +11,23 @@ const REQ = (url, { method, query, headers, body }) => {
     headers: { "content-type": "application/json", ...headers },
     body,
   })
-    .then(res =>
-      res.json().then(data => {
-        res.data = data
+    .then(res => {
+      const contentType = res.headers.get("content-type")
+
+      if (contentType && contentType.indexOf("application/json") !== -1) {
+        return res.json().then(data => {
+          res.data = data
+
+          return res
+        })
+      }
+
+      return res.text().then(text => {
+        res.data = text
 
         return res
       })
-    )
+    })
     .then(res => {
       if (!res.ok) {
         const error = new Error(res.statusText)

tests/index.js

@@ -15,6 +15,7 @@ describe("blocks :: init with defaults", async assert => {
       require("./routes/no-schema.route"),
       require("./routes/with-schema.route"),
       require("./routes/no-allow.route"),
+      require("./routes/dont-allow.route"),
       require("./routes/return-undefined.route"),
       require("./routes/upload.route"),
     ],
@@ -28,10 +29,10 @@ describe("blocks :: init with defaults", async assert => {
   })
 
   assert({
-    given: "5 custom routes",
-    should: "load default /ping and custom",
+    given: "6 custom routes",
+    should: "load default /ping and all custom",
     actual: plugins.Router.count(),
-    expected: 6,
+    expected: 7,
   })
 
   assert({
@@ -70,14 +71,78 @@ describe("blocks :: init with defaults", async assert => {
         message: "Endpoint GET:/not-exist not found",
         details: {
           method: "GET",
-          pathname: "/not-exist",
+          path: "/not-exist",
         },
       },
     },
   })
 
   assert({
-    given: "route that returns undefined",
+    given: "route without isAllowed defined",
+    should: "return 403",
+    actual: await GET(`${API_URL}/no-allow`).catch(({ status, body }) => ({
+      status,
+      body,
+    })),
+    expected: {
+      status: 403,
+      body: {
+        error: "AuthorizationError",
+        code: 403,
+        message: "Not allowed to access resource",
+        details: {
+          method: "GET",
+          path: "/no-allow",
+        },
+      },
+    },
+  })
+
+  assert({
+    given: "route returns false in isAllowed",
+    should: "return 403",
+    actual: await GET(`${API_URL}/dont-allow`).catch(({ status, body }) => ({
+      status,
+      body,
+    })),
+    expected: {
+      status: 403,
+      body: {
+        error: "AuthorizationError",
+        code: 403,
+        message: "Not allowed to access resource",
+        details: {
+          method: "GET",
+          path: "/dont-allow",
+        },
+      },
+    },
+  })
+
+  assert({
+    given: "accept app/json on route that returns undefined",
+    should: "return empty JSON object",
+    actual: await GET(`${API_URL}/return-undefined`, {
+      headers: {
+        Accepts: "application/json",
+      },
+    }),
+    expected: {},
+  })
+
+  assert({
+    given: "accept text/plain on route that returns undefined",
+    should: "return empty JSON object",
+    actual: await GET(`${API_URL}/return-undefined`, {
+      headers: {
+        Accept: "text/plain",
+      },
+    }),
+    expected: "",
+  })
+
+  assert({
+    given: "route that returns null",
     should: "return empty JSON object",
     actual: await GET(`${API_URL}/return-undefined`),
     expected: {},
@@ -101,7 +166,7 @@ describe("blocks :: init with defaults", async assert => {
   })
 
   assert({
-    given: "form data with file field",
+    given: "multipart/form-data with file field",
     should: "upload and save file localy",
     actual: await FORM_DATA(`${API_URL}/upload`, {
       body: {

tests/routes/dont-allow.route.js

@@ -0,0 +1,30 @@
+const debug = require("debug")("Blocks:CustomRoute")
+
+module.exports = {
+  method: "GET",
+  path: "/dont-allow",
+
+  /**
+   * Permission checking, if allowed:
+   *  -> continue to action
+   *  -> otherwise return 403
+   *
+   * @param  {Object}  plugins  Plugins
+   * @param  {Object}  req      Node request
+   *
+   * @return {boolean}
+   */
+  isAllowed: () => () => false,
+
+  /**
+   * After schema validation and permission checking, do route logic
+   *
+   * @param  {Object}  plugins  Plugins
+   * @param  {Object}  req      Node request
+   *
+   * @return {mixed}
+   */
+  action: () => () => ({
+    ping: "pong",
+  }),
+}

tests/routes/no-allow.route.js

@@ -12,7 +12,7 @@ module.exports = {
    *
    * @return {mixed}
    */
-  action: () => async () => ({
+  action: () => () => ({
     ping: "pong",
   }),
 }

tests/routes/no-schema.route.js

@@ -12,7 +12,7 @@ module.exports = {
    *
    * @return {boolean}
    */
-  isAllowed: (/* plugins */) => async () => true,
+  isAllowed: () => () => true,
 
   /**
    * After schema validation and permission checking, do route logic
@@ -22,7 +22,7 @@ module.exports = {
    *
    * @return {mixed}
    */
-  action: () => async () => {
+  action: () => () => {
     return {
       message: "Default json schema works!",
     }

tests/routes/return-undefined.route.js

@@ -12,7 +12,7 @@ module.exports = {
    *
    * @return {boolean}
    */
-  isAllowed: (/* plugins */) => async () => true,
+  isAllowed: () => () => true,
 
   /**
    * After schema validation and permission checking, do route logic

tests/routes/upload.route.js

@@ -31,7 +31,7 @@ module.exports = {
    *
    * @return {mixed}
    */
-  action: () => async ({ ctx: { body } }) => {
+  action: () => ({ ctx: { body } }) => {
     return {
       file: body.file.path,
     }

tests/routes/with-schema.route.js

@@ -19,7 +19,7 @@ module.exports = {
    *
    * @return {boolean}
    */
-  isAllowed: (/* plugins */) => async () => true,
+  isAllowed: () => () => true,
 
   /**
    * After schema validation and permission checking, do route logic