Merge pull request #48 from Nandgopal-R/feat/unauthorized-user

fix: tests

Author: adar-ssh

bun.lock

@@ -21,6 +21,7 @@
     "@types/pdfkit": "^0.17.5",
     "better-auth": "^1.5.4",
     "elysia": "^1.4.27",
+    "file-type": "^21.3.1",
     "nodemailer": "^8.0.2",
     "pdfkit": "^0.17.2",
     "pg": "^8.20.0",
@@ -46,9 +47,10 @@
     ]
   },
   "resolutions": {
-    "hono": "^4.11.10",
+    "hono": "^4.12.7",
     "@hono/node-server": "^1.19.10",
-    "lodash": "^4.17.23"
+    "lodash": "^4.17.23",
+    "file-type": "^21.3.1"
   },
   "module": "src/index.ts"
 }

package.json

@@ -18,3 +18,11 @@ export const requireAuth = (app: Elysia) =>
       user: session.user as User,
     };
   });
+
+export const optionalAuth = (app: Elysia) =>
+  app.derive(async (context) => {
+    const session = await auth.api.getSession(context.request);
+    return {
+      user: (session?.user as User) ?? null,
+    };
+  });

src/api/auth/requireAuth.ts

@@ -40,13 +40,13 @@ export async function submitResponse({
   const response = await prisma.formResponse.create({
     data: {
       formId: params.formId,
-      respondentId: user.id,
+      respondentId: user?.id ?? null,
       answers: body.answers,
       isSubmitted: body.isSubmitted ?? false,
     },
   });
   logger.info(
-    `User ${user.id} ${body.isSubmitted ? "submitted" : "saved draft"} response ${response.id} for form ${params.formId}`,
+    `User ${user?.id ?? "anonymous"} ${body.isSubmitted ? "submitted" : "saved draft"} response ${response.id} for form ${params.formId}`,
   );
   return {
     success: true,

src/api/form-response/controller.ts

@@ -5,7 +5,7 @@ import {
   getSubmittedResponseDTO,
   resumeResponseDTO,
 } from "../../types/form-response";
-import { requireAuth } from "../auth/requireAuth";
+import { optionalAuth, requireAuth } from "../auth/requireAuth";
 import {
   getAllReceivedResponses,
   getAllUserResponses,
@@ -15,12 +15,19 @@ import {
   submitResponse,
 } from "./controller";
 
-export const formResponseRoutes = new Elysia({ prefix: "/responses" })
-  .use(requireAuth)
+const publicResponseRoutes = new Elysia()
+  .use(optionalAuth)
   .post("/submit/:formId", submitResponse, formResponseDTO)
-  .post("/draft/:formId", submitResponse, formResponseDTO)
+  .post("/draft/:formId", submitResponse, formResponseDTO);
+
+const protectedResponseRoutes = new Elysia()
+  .use(requireAuth)
   .put("/resume/:responseId", resumeResponse, resumeResponseDTO)
   .get("/my", getAllUserResponses)
   .get("/received", getAllReceivedResponses)
   .get("/:formId", getResponseForFormOwner, formResponseForFormOwnerDTO)
   .get("/user/:formId", getSubmittedResponse, getSubmittedResponseDTO);
+
+export const formResponseRoutes = new Elysia({ prefix: "/responses" })
+  .use(publicResponseRoutes)
+  .use(protectedResponseRoutes);

src/api/form-response/routes.ts

@@ -28,15 +28,29 @@ describe("Form Response Integration Tests", () => {
       isSubmitted: true,
     };
 
-    it("returns 401 without authentication", async () => {
+    it("allows submission without authentication", async () => {
       setAuthenticatedUser(null);
+      prismaMock.form.findUnique.mockResolvedValue({
+        id: UUID,
+        isPublished: true,
+      });
+      prismaMock.formResponse.create.mockResolvedValue({
+        id: RESPONSE_ID,
+        formId: UUID,
+        respondentId: null,
+        answers: answerPayload.answers,
+        isSubmitted: true,
+      });
+
       const res = await app.handle(
         request(`/responses/submit/${UUID}`, {
           method: "POST",
           body: jsonBody(answerPayload),
         }),
       );
-      expect(res.status).toBe(401);
+      expect(res.status).toBe(200);
+      const data = await res.json();
+      expect(data.success).toBe(true);
     });
 
     it("submits a response successfully", async () => {

src/integration_testing/form-response.integration.test.ts

@@ -5,6 +5,11 @@ export interface Context {
   set: { status?: number | string };
 }
 
+export interface OptionalAuthContext {
+  user: { id: string } | null;
+  set: { status?: number | string };
+}
+
 export const formResponseDTO = {
   params: t.Object({
     formId: t.String({
@@ -27,7 +32,7 @@ export const formResponseDTO = {
   }),
 };
 
-export interface FormResponseContext extends Context {
+export interface FormResponseContext extends OptionalAuthContext {
   params: Static<typeof formResponseDTO.params>;
   body: Static<typeof formResponseDTO.body>;
 }