chore: 현재 작업 중간 커밋

test/apiAuth.test.js

@@ -0,0 +1,52 @@
+"use strict";
+
+const test = require("node:test");
+const assert = require("node:assert/strict");
+const { isAuthorizedRequest, resolveApiAuth } = require("../src/apiAuth");
+
+test("resolveApiAuth requires token by default in production", () => {
+  assert.throws(() => resolveApiAuth({ nodeEnv: "production" }), /DASHBOARD_API_TOKEN/);
+});
+
+test("resolveApiAuth is disabled by default in non-production", () => {
+  const authConfig = resolveApiAuth({ nodeEnv: "development" });
+  assert.equal(authConfig.enabled, false);
+  assert.equal(authConfig.token, "");
+});
+
+test("isAuthorizedRequest supports bearer and x-api-key headers", () => {
+  const authConfig = resolveApiAuth({
+    nodeEnv: "production",
+    apiToken: "top-secret-token",
+  });
+
+  assert.equal(
+    isAuthorizedRequest(
+      {
+        authorization: "Bearer top-secret-token",
+      },
+      authConfig
+    ),
+    true
+  );
+
+  assert.equal(
+    isAuthorizedRequest(
+      {
+        "x-api-key": "top-secret-token",
+      },
+      authConfig
+    ),
+    true
+  );
+
+  assert.equal(
+    isAuthorizedRequest(
+      {
+        authorization: "Bearer wrong-token",
+      },
+      authConfig
+    ),
+    false
+  );
+});