ipv-cri-ob-api/test/infra/public-api.test.ts at 682df92bba200003e3c09b6e4da738d472104483 · govuk-one-login/ipv-cri-ob-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import { loadTemplate, openApiSchema } from './helpers'
import { describe, expect, it } from 'vitest'

const template = loadTemplate('public-api.yaml')

const paths = template['paths'] as Record<string, Record<string, unknown>>

describe('public-api.yaml structure', () => {
  it('is a valid OpenAPI 3.x document', () => {
    expect(openApiSchema.safeParse(template).success).toBe(true)
  })

  it('has title', () => {
    const info = template['info'] as Record<string, string>
    expect(info['title']).toBe('Open Banking Credential Issuer Public API')
  })
})

describe('public-api.yaml paths', () => {
  const expectedPaths = ['/health', '/.well-known/jwks.json', '/token']

  it.each(expectedPaths)('has path: %s', (path) => {
    expect(paths).toHaveProperty(path)
  })

  it('/health has GET with mock integration', () => {
    const get = paths['/health']?.['get'] as Record<string, unknown>
    const integration = get['x-amazon-apigateway-integration'] as Record<string, string>
    expect(integration['type']).toBe('mock')
  })

  it('/token has POST method', () => {
    expect(paths['/token']).toHaveProperty('post')
  })

  it('/.well-known/jwks.json has GET with S3 integration', () => {
    const get = paths['/.well-known/jwks.json']?.['get'] as Record<string, unknown>
    const integration = get['x-amazon-apigateway-integration'] as Record<string, string>
    expect(integration['type']).toBe('aws')
  })
})

describe('public-api.yaml components', () => {
  const components = template['components'] as Record<string, Record<string, unknown>>
  const schemas = components['schemas']

  it('defines required schemas', () => {
    expect(schemas).toHaveProperty('JWKSFile')
    expect(schemas).toHaveProperty('TokenResponse')
    expect(schemas).toHaveProperty('Error')
  })
})

describe('public-api.yaml request validators', () => {
  const validators = template['x-amazon-apigateway-request-validators'] as Record<string, unknown>

  it('defines Validate both', () => {
    expect(validators).toHaveProperty('Validate both')
  })

  it('defines Validate Param only', () => {
    expect(validators).toHaveProperty('Validate Param only')
  })
})

describe('public-api.yaml /token security and validation', () => {
  const post = paths['/token']?.['post'] as Record<string, unknown>

  it('applies Validate both request validator', () => {
    expect(post['x-amazon-apigateway-request-validator']).toBe('Validate both')
  })

  it('has api_key security requirement', () => {
    const security = post['security'] as Record<string, unknown>[]
    expect(security).toBeDefined()
    expect(security.some((s) => 'api_key' in s)).toBe(true)
  })

  it('uses aws_proxy integration', () => {
    const integration = post['x-amazon-apigateway-integration'] as Record<string, string>
    expect(integration['type']).toBe('aws_proxy')
  })
})