Skip to content

Add robust coverage for server/middleware/api-guard.ts #82

Open
Open
Add robust coverage for server/middleware/api-guard.ts#82
Assignees
anthuanvasquez
Labels
area:testingTest coverage and qualityenhancementNew feature or requestpriority:highUrgent workstatus:approvedApproved for implementationstatus:needs-reviewNeeds maintainer review
Milestone
Project Stabilization - Q2 2026
@anthuanvasquez

Description

@anthuanvasquez
anthuanvasquez
opened on Apr 26, 2026

Context

server/middleware/api-guard.ts now contains stricter origin and internal-secret validation, but there is no dedicated test coverage for this critical middleware.

Problem

Security behavior can regress silently without tests.

Proposed Solution

Create focused tests covering:

  • valid x-internal-secret bypass
  • reject missing origin/referer in production
  • reject unauthorized origin
  • reject invalid allowedOrigin config
  • allow development bypass only when expected

Acceptance Criteria

  • New test file for middleware behavior
  • All critical branches covered
  • Existing API tests remain green

Notes

This should run inside current Vitest setup and avoid flaky mocks where possible.

Metadata

Metadata

Assignees

Labels

area:testingTest coverage and qualityenhancementNew feature or requestpriority:highUrgent workstatus:approvedApproved for implementationstatus:needs-reviewNeeds maintainer review

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions