71 lines
3.0 KiB
TypeScript
71 lines
3.0 KiB
TypeScript
/**
|
|
* test-session-permissions.ts — Verify payment operation permissions in session.ts.
|
|
*
|
|
* Tests that the new payment:x402, payment:safe-propose, and payment:safe-execute
|
|
* operations are properly defined in OPERATION_PERMISSIONS.
|
|
*
|
|
* Usage:
|
|
* bun run scripts/test-session-permissions.ts
|
|
*/
|
|
|
|
import { OPERATION_PERMISSIONS, AuthLevel } from '../src/encryptid/session';
|
|
|
|
let passed = 0;
|
|
let failed = 0;
|
|
|
|
function assert(condition: boolean, msg: string) {
|
|
if (condition) {
|
|
console.log(` ✓ ${msg}`);
|
|
passed++;
|
|
} else {
|
|
console.error(` ✗ ${msg}`);
|
|
failed++;
|
|
}
|
|
}
|
|
|
|
function main() {
|
|
console.log('=== Session Permission Tests ===\n');
|
|
|
|
// Test 1: payment:x402 exists with correct settings
|
|
console.log('[1] payment:x402');
|
|
const x402 = OPERATION_PERMISSIONS['payment:x402'];
|
|
assert(x402 !== undefined, 'payment:x402 is defined');
|
|
assert(x402.minAuthLevel === AuthLevel.STANDARD, 'Requires STANDARD auth');
|
|
assert(x402.requiresCapability === 'wallet', 'Requires wallet capability');
|
|
assert(x402.maxAgeSeconds === undefined, 'No max age (not time-sensitive)');
|
|
|
|
// Test 2: payment:safe-propose exists with correct settings
|
|
console.log('\n[2] payment:safe-propose');
|
|
const propose = OPERATION_PERMISSIONS['payment:safe-propose'];
|
|
assert(propose !== undefined, 'payment:safe-propose is defined');
|
|
assert(propose.minAuthLevel === AuthLevel.ELEVATED, 'Requires ELEVATED auth');
|
|
assert(propose.requiresCapability === 'wallet', 'Requires wallet capability');
|
|
assert(propose.maxAgeSeconds === 60, 'Max age is 60 seconds');
|
|
|
|
// Test 3: payment:safe-execute exists with correct settings
|
|
console.log('\n[3] payment:safe-execute');
|
|
const execute = OPERATION_PERMISSIONS['payment:safe-execute'];
|
|
assert(execute !== undefined, 'payment:safe-execute is defined');
|
|
assert(execute.minAuthLevel === AuthLevel.CRITICAL, 'Requires CRITICAL auth');
|
|
assert(execute.requiresCapability === 'wallet', 'Requires wallet capability');
|
|
assert(execute.maxAgeSeconds === 60, 'Max age is 60 seconds');
|
|
|
|
// Test 4: Existing operations still intact
|
|
console.log('\n[4] Existing operations unchanged');
|
|
assert(OPERATION_PERMISSIONS['rspace:view-public'] !== undefined, 'rspace:view-public still exists');
|
|
assert(OPERATION_PERMISSIONS['rwallet:send-small'] !== undefined, 'rwallet:send-small still exists');
|
|
assert(OPERATION_PERMISSIONS['account:delete'] !== undefined, 'account:delete still exists');
|
|
assert(OPERATION_PERMISSIONS['rspace:view-public'].minAuthLevel === AuthLevel.BASIC, 'rspace:view-public still BASIC');
|
|
assert(OPERATION_PERMISSIONS['account:delete'].minAuthLevel === AuthLevel.CRITICAL, 'account:delete still CRITICAL');
|
|
|
|
// Test 5: Auth level ordering
|
|
console.log('\n[5] Auth level escalation (x402 < propose < execute)');
|
|
assert(x402.minAuthLevel < propose.minAuthLevel, 'x402 < propose');
|
|
assert(propose.minAuthLevel < execute.minAuthLevel, 'propose < execute');
|
|
|
|
console.log(`\n=== Results: ${passed} passed, ${failed} failed ===`);
|
|
process.exit(failed > 0 ? 1 : 0);
|
|
}
|
|
|
|
main();
|