From 6b6457cb5df0dd541383ad6bf9a2d814599e166e Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Wed, 4 Feb 2026 21:01:13 -0800
Subject: [PATCH] Remove old tests

---
 src/middleware.js      |  1 -
 src/middleware.test.js | 83 ++++++++++++++++++++++++++----------------
 2 files changed, 51 insertions(+), 33 deletions(-)

diff --git a/src/middleware.js b/src/middleware.js
index ac34e4af1..6dcae8631 100644
--- a/src/middleware.js
+++ b/src/middleware.js
@@ -8,7 +8,6 @@ let warnedAllowedHosts = false;
 export async function middleware(req) {
   if (!warnedAllowedHosts && process.env.HOMEPAGE_ALLOWED_HOSTS) {
     warnedAllowedHosts = true;
-    // eslint-disable-next-line no-console
     console.warn(
       "HOMEPAGE_ALLOWED_HOSTS is deprecated. To secure a publicly accessible homepage, configure authentication instead.",
     );
diff --git a/src/middleware.test.js b/src/middleware.test.js
index cb37749ec..f4cd492a5 100644
--- a/src/middleware.test.js
+++ b/src/middleware.test.js
@@ -1,70 +1,89 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
-const { NextResponse } = vi.hoisted(() => ({
+const { NextResponse, getToken } = vi.hoisted(() => ({
   NextResponse: {
-    json: vi.fn((body, init) => ({ type: "json", body, init })),
     next: vi.fn(() => ({ type: "next" })),
+    redirect: vi.fn((url) => ({ type: "redirect", url })),
   },
+  getToken: vi.fn(),
 }));
 
 vi.mock("next/server", () => ({ NextResponse }));
+vi.mock("next-auth/jwt", () => ({ getToken }));
 
-import { middleware } from "./middleware";
+async function loadMiddleware() {
+  vi.resetModules();
+  const mod = await import("./middleware");
+  return mod.middleware;
+}
 
-function createReq(host) {
+function createReq(url = "http://localhost:3000/") {
   return {
+    url,
     headers: {
-      get: (key) => (key === "host" ? host : null),
+      get: () => null,
     },
   };
 }
 
 describe("middleware", () => {
   const originalEnv = process.env;
-  const originalConsoleError = console.error;
+  const originalConsoleWarn = console.warn;
 
   beforeEach(() => {
     vi.clearAllMocks();
     process.env = { ...originalEnv };
-    console.error = originalConsoleError;
+    console.warn = originalConsoleWarn;
   });
 
-  it("allows requests for default localhost hosts", () => {
-    process.env.PORT = "3000";
-    const res = middleware(createReq("localhost:3000"));
+  it("allows requests when auth is disabled", async () => {
+    const middleware = await loadMiddleware();
+    const res = await middleware(createReq());
 
     expect(NextResponse.next).toHaveBeenCalled();
     expect(res).toEqual({ type: "next" });
   });
 
-  it("blocks requests when host is not allowed", () => {
-    process.env.PORT = "3000";
-    const errSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+  it("warns once when HOMEPAGE_ALLOWED_HOSTS is set, but does not block", async () => {
+    const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+    process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com";
 
-    const res = middleware(createReq("evil.com"));
-
-    expect(errSpy).toHaveBeenCalled();
-    expect(NextResponse.json).toHaveBeenCalledWith(
-      { error: "Host validation failed. See logs for more details." },
-      { status: 400 },
-    );
-    expect(res.type).toBe("json");
-    expect(res.init.status).toBe(400);
-  });
-
-  it("allows requests when HOMEPAGE_ALLOWED_HOSTS is '*'", () => {
-    process.env.HOMEPAGE_ALLOWED_HOSTS = "*";
-    const res = middleware(createReq("anything.example"));
+    const middleware = await loadMiddleware();
+    const res1 = await middleware(createReq());
+    const res2 = await middleware(createReq());
 
+    expect(warnSpy).toHaveBeenCalledTimes(1);
     expect(NextResponse.next).toHaveBeenCalled();
-    expect(res).toEqual({ type: "next" });
+    expect(res1).toEqual({ type: "next" });
+    expect(res2).toEqual({ type: "next" });
   });
 
-  it("allows requests when host is included in HOMEPAGE_ALLOWED_HOSTS", () => {
-    process.env.PORT = "3000";
-    process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com:3000,other:3000";
+  it("redirects to signin when auth is enabled and no token is present", async () => {
+    process.env.HOMEPAGE_AUTH_ENABLED = "true";
+    process.env.HOMEPAGE_AUTH_SECRET = "secret";
 
-    const res = middleware(createReq("example.com:3000"));
+    getToken.mockResolvedValueOnce(null);
+
+    const middleware = await loadMiddleware();
+    const res = await middleware(createReq("http://localhost:3000/some"));
+
+    expect(getToken).toHaveBeenCalledWith({
+      req: expect.objectContaining({ url: "http://localhost:3000/some" }),
+      secret: "secret",
+    });
+    expect(NextResponse.redirect).toHaveBeenCalled();
+    expect(res.type).toBe("redirect");
+    expect(String(res.url)).toContain("/auth/signin");
+  });
+
+  it("allows requests when auth is enabled and a token is present", async () => {
+    process.env.HOMEPAGE_AUTH_ENABLED = "true";
+    process.env.HOMEPAGE_AUTH_SECRET = "secret";
+
+    getToken.mockResolvedValueOnce({ sub: "user" });
+
+    const middleware = await loadMiddleware();
+    const res = await middleware(createReq("http://localhost:3000/"));
 
     expect(NextResponse.next).toHaveBeenCalled();
     expect(res).toEqual({ type: "next" });