import { describe, expect, test } from "bun:test"; import { applyExportMask } from "./export-mask"; import { parseMeExportRequestBody } from "./me-export-request-body"; describe("parseMeExportRequestBody", () => { test("maskPolicy defaults to masked", () => { expect(parseMeExportRequestBody({})).toEqual({ maskPolicy: "masked" }); expect(parseMeExportRequestBody({ maskPolicy: undefined })).toEqual({ maskPolicy: "masked" }); }); test("invalid maskPolicy throws 400", () => { try { parseMeExportRequestBody({ maskPolicy: "invalid-policy" }); expect.unreachable(); } catch (e: unknown) { expect(e).toMatchObject({ statusCode: 400 }); } }); }); describe("applyExportMask", () => { test("never-export fields are excluded", () => { const input = { nickname: "dash", passwordHash: "hash", resetToken: "rst", sessionId: "sid", apiKey: "k", accessToken: "token", tokenCount: 3, }; expect(applyExportMask(input, "raw")).toEqual({ nickname: "dash", tokenCount: 3, }); }); test("never-export fields match case and underscore variants", () => { const input = { nickname: "dash", Access_Token: "token", SESSION_ID: "sid", }; expect(applyExportMask(input, "raw")).toEqual({ nickname: "dash", }); }); test("raw policy still filters resetToken/apiKey and naming variants", () => { const input = { nickname: "dash", resetToken: "rst-1", reset_token: "rst-2", resetPasswordToken: "rst-3", apiKey: "key-1", API_KEY: "key-2", email: "dash@example.com", }; expect(applyExportMask(input, "raw")).toEqual({ nickname: "dash", email: "dash@example.com", }); }); test("masked policy masks email and phone fields", () => { const input = { nickname: "dash", email: "dash@example.com", phone: "13800138000", }; expect(applyExportMask(input, "masked")).toEqual({ nickname: "dash", email: "***", phone: "***", }); }); });