feat: add some hurl tests

package.json

@@ -6,7 +6,7 @@
   "type": "module",
   "scripts": {
     "start": "prisma migrate deploy && node server.js",
-    "test": "mocha tests/**/*.test.js --reporter nyan",
+    "test": "mocha tests/**/*.test.js --reporter nyan && hurl --test tests/api/*.hurl",
     "test-watch": "mocha --watch tests/**/*.test.js --reporter nyan",
     "build": "node pre.js && vite build",
     "dev": "npm run server-dev",

tests/api/account.hurl

@@ -0,0 +1,34 @@
+# First sign in to get auth cookies
+POST http://localhost:3000/api/authentication/signin
+Content-Type: application/json
+{
+    "username": "groot",
+    "password": "iamgroot"
+}
+HTTP 200
+[Captures]
+sacred_cookie: cookie "__HEMMELIG_TOKEN"
+public_cookie: cookie "__HEMMELIG_TOKEN_PUBLIC"
+
+# Get account info
+GET http://localhost:3000/api/account
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200
+
+# Update account
+# PUT http://localhost:3000/api/account/update
+# Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+# Content-Type: application/json
+# {
+#     "email":"groot@hemmelig.app",
+#     "currentPassword":"iamgroot",
+#     "newPassword":"iamgroot",
+#     "confirmNewPassword":"iamgroot",
+#     "generated":false
+# }
+# HTTP 200
+
+# Delete account
+# POST http://localhost:3000/api/account/delete
+# Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+# HTTP 200 

tests/api/admin.hurl

@@ -0,0 +1,67 @@
+# First sign in as admin
+POST http://localhost:3000/api/authentication/signin
+Content-Type: application/json
+{
+    "username": "groot",
+    "password": "iamgroot"
+}
+HTTP 200
+[Captures]
+sacred_cookie: cookie "__HEMMELIG_TOKEN"
+public_cookie: cookie "__HEMMELIG_TOKEN_PUBLIC"
+
+# Get admin settings
+GET http://localhost:3000/api/admin/settings
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200
+
+# Update admin settings
+PUT http://localhost:3000/api/admin/settings
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+Content-Type: application/json
+{
+    "disable_users": false,
+    "disable_user_account_creation": false,
+    "read_only": false,
+    "disable_file_upload": false,
+    "restrict_organization_email": ""
+}
+HTTP 200
+
+# Get users list
+GET http://localhost:3000/api/admin/users
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200
+
+# Create new user as admin
+# POST http://localhost:3000/api/admin/users
+# Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+# Content-Type: application/json
+# {
+#     "username": "newuser",
+#     "password": "newuserpass",
+#     "email": "newuser@example.com",
+#     "role": "user",
+#     "generated": true
+# }
+# HTTP 200
+
+# Update user as admin
+# PUT http://localhost:3000/api/admin/users
+# Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+# Content-Type: application/json
+# {
+#     "username": "newuser",
+#     "email": "updated@example.com",
+#     "role": "user"
+# }
+# HTTP 200
+
+# Delete user as admin
+# DELETE http://localhost:3000/api/admin/users
+# Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+# Content-Type: application/json
+# {
+#     "username": "newuser"
+# }
+# HTTP 200 

tests/api/authentication.hurl

@@ -0,0 +1,22 @@
+POST http://localhost:3000/api/authentication/signin
+Content-Type: application/json
+{
+    "username": "groot",
+    "password": "iamgroot"
+}
+HTTP 200
+[Captures]
+sacred_cookie: cookie "__HEMMELIG_TOKEN"
+public_cookie: cookie "__HEMMELIG_TOKEN_PUBLIC"
+
+GET http://localhost:3000/api/authentication/verify
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200
+
+GET http://localhost:3000/api/authentication/refresh
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200
+
+POST http://localhost:3000/api/authentication/signout
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200 

tests/api/healthz.hurl

@@ -0,0 +1,3 @@
+# Health check endpoint
+GET http://localhost:3000/api/healthz
+HTTP 200 

tests/api/secret.hurl

@@ -0,0 +1,70 @@
+# First sign in to get auth cookies
+POST http://localhost:3000/api/authentication/signin
+Content-Type: application/json
+{
+    "username": "groot",
+    "password": "iamgroot"
+}
+HTTP 200
+[Captures]
+sacred_cookie: cookie "__HEMMELIG_TOKEN"
+public_cookie: cookie "__HEMMELIG_TOKEN_PUBLIC"
+
+# Create a new secret
+POST http://localhost:3000/api/secret
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+Content-Type: application/json
+{
+    "text": "This is a test secret",
+    "title": "Test Secret",
+    "ttl": 86400,
+    "password": "secretpass",
+    "preventBurn": false,
+    "maxViews": 1,
+    "isPublic": false
+}
+HTTP 201
+[Captures]
+secret_id: jsonpath "$.id"
+
+# Check if secret exists
+GET http://localhost:3000/api/secret/{{secret_id}}/exist
+HTTP 401
+
+# Get secret with password
+POST http://localhost:3000/api/secret/{{secret_id}}
+Content-Type: application/json
+{
+    "password": "secretpass"
+}
+HTTP 200
+
+# Get user's secrets
+GET http://localhost:3000/api/secret
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+HTTP 200
+
+# Create a new public secret
+POST http://localhost:3000/api/secret
+Cookie: sacred={{sacred_cookie}}; public={{public_cookie}}
+Content-Type: application/json
+{
+    "text": "This is a test secret",
+    "title": "Test Secret",
+    "ttl": 86400,
+    "password": "secretpass",
+    "preventBurn": false,
+    "maxViews": 1,
+    "isPublic": true
+}
+HTTP 201
+[Captures]
+secret_id_2: jsonpath "$.id"
+
+# Get public secrets
+GET http://localhost:3000/api/secret/public/
+HTTP 200
+
+# Burn a secret
+POST http://localhost:3000/api/secret/{{secret_id_2}}/burn
+HTTP 200 

tests/api/stats.hurl

@@ -0,0 +1,12 @@
+# Get statistics
+GET http://localhost:3000/api/stats
+HTTP 200
+[Asserts]
+jsonpath "$.totalSecretsCreated" exists
+jsonpath "$.activeSecrets" exists
+jsonpath "$.isPublicSecrets" exists
+jsonpath "$.totalUsers" exists
+jsonpath "$.totalFiles" exists
+jsonpath "$.secretsWithPassword" exists
+jsonpath "$.secretsWithIpRestriction" exists
+jsonpath "$.averageViewsPerSecret" exists