cards/apps/api/tests/me.test.ts

import { describe, it, expect } from 'vitest';
import { Hono } from 'hono';

import { meRouter } from '../src/routes/me.ts';
import type { CardsDb } from '../src/db/connection.ts';

/**
 * Auth-Gate-Test ohne echte DB. Der Stub-DB kann keine Drizzle-
 * Queries beantworten — wir prüfen nur, dass die Route den
 * authMiddleware-Pfad ehrt.
 */
function buildApp() {
	const app = new Hono();
	const stub = {} as CardsDb;
	app.route('/api/v1/me', meRouter({ db: stub }));
	return { app };
}

describe('meRouter — auth-gate', () => {
	it('GET /export ohne X-User-Id ist 401', async () => {
		const { app } = buildApp();
		const res = await app.request('/api/v1/me/export');
		expect(res.status).toBe(401);
	});

	it('POST /delete ohne X-User-Id ist 401', async () => {
		const { app } = buildApp();
		const res = await app.request('/api/v1/me/delete', { method: 'POST' });
		expect(res.status).toBe(401);
	});
});