feat(test): bootstrap unit tests for auth helpers + geocoder classifier#4
Merged
Conversation
First tests in the repo. Targets the three pure functions where a regression would silently corrupt behaviour: - extractKey (7 cases) — pulls fmsk.… out of `Authorization: Bearer …`. Pins the policy that Bearer is the only accepted shape; explicitly asserts X-API-Key and AuthKey are NOT recognized (matches the 9485134 + 257d98e header removals). - sha256Hex (3 cases) — pinned to the FIPS 180-4 test vector for "abc". Asserts exactly 64 lowercase-hex chars. Drift here would break legacy application.auth_key validation silently. - sha256Base64Url (3 cases) — pinned to the same SHA-256 bytes encoded per @better-auth/api-key's defaultKeyHasher (base64url no-padding, 43 chars). Asserts the output uses the base64url alphabet (- and _), not standard base64 — guards against encoder drift that would silently break BA-issued key validation. - detectFormat (18 cases) — table-driven over every supported and unsupported ID format. Includes the deliberately-unsupported CBS WK/GM codes returning "unknown" (matches the recent classifier cleanup), and the case/whitespace normalization branches. DB-touching tests (resolveKey, resolveBuildingExternalId, resolveNeighborhoodId) are out of scope for this PR — they need fixture setup and a separate decision on test-DB strategy (transactional rollback vs ephemeral schema). Leaving as a follow-up so the unit test foundation can land first. Wires `bun test` and `bun run typecheck` into package.json scripts so both are runnable from CI without remembering the exact bun incantation.
Wires the bun test + typecheck scripts (just added in the previous commit) into CI. Runs on every PR and on push to main. oven-sh/setup-bun@v2 is the official Bun setup action. --frozen-lockfile keeps bun.lock authoritative; a stray dependency change without a lockfile bump fails the install step rather than silently picking a newer version on CI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
First tests in the repo. Targets the three pure functions where a regression would silently corrupt behaviour — drift in the hash format means every authed request 401s; drift in the classifier means a
BU01234567might silently join on the wrong column and return wrong building data on a billable call.Bun's built-in test runner — zero new dependencies, no jest/vitest setup.
Coverage
extractKeysha256Hexsha256Base64Url@better-auth/api-key'sdefaultKeyHasher(43 chars, no padding, base64url alphabet — guards against encoder drift to standard base64)detectFormatWK/GM, malformed BU codes, empty string, random strings)32 tests / 37 assertions, run in 48ms.
Scope deliberately limited to pure functions
DB-touching tests (
resolveKey,resolveBuildingExternalId,resolveNeighborhoodId) are out of scope for this PR. They need fixture setup and a separate decision on test-DB strategy (transactional rollback vs ephemeral schema vs mockedsql). Landing the unit-test foundation first so the next contributor doesn't bounce off "where do I even start" — they can either add more pure-function tests in the same shape, or pick up the DB-fixture problem as a separate effort.Test exports
To make the helpers testable without forcing them through
authMiddleware/resolveBuildingExternalId, four internal functions are now exported:extractKey,sha256Hex,sha256Base64Url,detectFormat. Also exported theIdFormattype so the test table can be typed. No runtime behaviour change.Wiring
package.jsonnow hasbun testandbun run typecheckscripts so CI can call them by name without baking the bun incantation into the workflow.Test plan
bun test→ 32 pass, 0 failbun run --bun tsc --noEmitcleanfundermaps-webservice.servicerestarts cleanly post-rebuild🤖 Generated with Claude Code