diff --git a/backend/src/api/user.ts b/backend/src/api/user.ts index bb367235..f85d0642 100644 --- a/backend/src/api/user.ts +++ b/backend/src/api/user.ts @@ -199,6 +199,16 @@ app.get( } }), async (ctx) => { + const authed = await isLoggedIn(ctx); + if (!authed) { + return ctx.json( + { + message: 'Unauthorized', + }, + 401, + ); + } + const param = ctx.req.valid('param'); const id = parseInt(param['userId']); diff --git a/backend/test/api/user.test.ts b/backend/test/api/user.test.ts index 627f877d..10f26c97 100644 --- a/backend/test/api/user.test.ts +++ b/backend/test/api/user.test.ts @@ -19,29 +19,78 @@ describe('GET /users/:userId', () => { userFactory.resetSequenceNumber(); }); - it('should return correct user', async () => { - const response = await app.request(`/users/1`, {}, env); - const result = await response.json(); + loggedInTest( + 'should return correct user', + async ({ currentUser, sessionToken }) => { + const response = await app.request( + `/users/${currentUser.id}`, + { + headers: { + Cookie: [ + `__Secure-user_id=${currentUser.id}`, + `__Secure-session_token=${sessionToken}`, + ].join('; '), + }, + }, + env, + ); + const result = await response.json(); - expect(response.status).toBe(200); + expect(response.status).toBe(200); - const { passwordDigest, ...rest } = user; - expect(result).toMatchObject(rest); - }); + const { passwordDigest, ...rest } = currentUser; + expect(result).toMatchObject(rest); + }, + ); + + loggedInTest( + 'should return 400 when userId is not a number', + async ({ currentUser, sessionToken }) => { + const response = await app.request( + // userIdに数字以外を指定する + `/users/id`, + { + headers: { + Cookie: [ + `__Secure-user_id=${currentUser.id}`, + `__Secure-session_token=${sessionToken}`, + ].join('; '), + }, + }, + env, + ); - it('should return 400 when userId is not a number', async () => { - // userIdに数字以外を指定する - const response = await app.request(`/users/id`, {}, env); + expect(response.status).toBe(400); + }, + ); - expect(response.status).toBe(400); + it('should return 401 when not logged in', async () => { + // Cookieを指定しない + const response = await app.request(`/users/1`, {}); + + expect(response.status).toBe(401); }); - it('should return 404 when user is not found', async () => { - // 存在しないuserIdを指定する - const response = await app.request(`/users/100`, {}, env); + loggedInTest( + 'should return 404 when user is not found', + async ({ currentUser, sessionToken }) => { + const response = await app.request( + // 存在しないuserIdを指定する + `/users/100`, + { + headers: { + Cookie: [ + `__Secure-user_id=${currentUser.id}`, + `__Secure-session_token=${sessionToken}`, + ].join('; '), + }, + }, + env, + ); - expect(response.status).toBe(404); - }); + expect(response.status).toBe(404); + }, + ); }); describe('PATCH /users/:userId', () => { diff --git a/backend/test/api/users.test.ts b/backend/test/api/users.test.ts index 6060e50c..242dac4e 100644 --- a/backend/test/api/users.test.ts +++ b/backend/test/api/users.test.ts @@ -8,7 +8,10 @@ import { userFactory } from '../factories/user'; interface GetUsersResponse { totalUser: number; - users: SelectUser[]; + users: { + id: number; + name: string; + }[]; } describe('GET /users', () => { @@ -63,7 +66,7 @@ describe('GET /users', () => { const body: GetUsersResponse = await response.json(); expect(body.totalUser).toBe(1); - expect(body.users).toContainEqual(firstUser); + expect(firstUser).toEqual(expect.objectContaining(body.users[0])); }); it('should return 400 when page is not a number', async () => {