test: add integration tests for custom encryption handling in EncryptedHandler

genu · genu · commit 83c242cd6545 · 2024-12-23T14:30:31.000-03:00
diff --git a/tests/integration/tests/enhancements/with-encrypted/with-encrypted.test.ts b/tests/integration/tests/enhancements/with-encrypted/with-encrypted.test.ts
@@ -1,3 +1,4 @@
+import { FieldInfo } from '@zenstackhq/runtime';
 import { loadSchema } from '@zenstackhq/testtools';
 import path from 'path';
 
@@ -12,7 +13,7 @@ describe('Encrypted test', () => {
         process.chdir(origDir);
     });
 
-    it('encrypted tests', async () => {
+    it('Simple encryption test', async () => {
         const { enhance } = await loadSchema(`
     model User {
         id String @id @default(cuid())
@@ -21,6 +22,7 @@ describe('Encrypted test', () => {
         @@allow('all', true)
     }`);
 
+        const sudoDb = enhance(undefined, { kinds: [] });
         const db = enhance(undefined, { encryption: { encryptionKey: 'c558Gq0YQK2QcqtkMF9BGXHCQn4dMF8w' } });
 
         const create = await db.user.create({
@@ -36,7 +38,65 @@ describe('Encrypted test', () => {
             },
         });
 
+        const sudoRead = await sudoDb.user.findUnique({
+            where: {
+                id: '1',
+            },
+        });
+
+        expect(create.encrypted_value).toBe('abc123');
+        expect(read.encrypted_value).toBe('abc123');
+        expect(sudoRead.encrypted_value).not.toBe('abc123');
+    });
+
+    it('Custom encryption test', async () => {
+        const { enhance } = await loadSchema(`
+    model User {
+        id String @id @default(cuid())
+        encrypted_value String @encrypted()
+    
+        @@allow('all', true)
+    }`);
+
+        const sudoDb = enhance(undefined, { kinds: [] });
+        const db = enhance(undefined, {
+            encryption: {
+                encrypt: async (model: string, field: FieldInfo, data: string) => {
+                    // Add _enc to the end of the input
+                    return data + '_enc';
+                },
+                decrypt: async (model: string, field: FieldInfo, cipher: string) => {
+                    // Remove _enc from the end of the input explicitly
+                    if (cipher.endsWith('_enc')) {
+                        return cipher.slice(0, -4); // Remove last 4 characters (_enc)
+                    }
+
+                    return cipher;
+                },
+            },
+        });
+
+        const create = await db.user.create({
+            data: {
+                id: '1',
+                encrypted_value: 'abc123',
+            },
+        });
+
+        const read = await db.user.findUnique({
+            where: {
+                id: '1',
+            },
+        });
+
+        const sudoRead = await sudoDb.user.findUnique({
+            where: {
+                id: '1',
+            },
+        });
+
         expect(create.encrypted_value).toBe('abc123');
         expect(read.encrypted_value).toBe('abc123');
+        expect(sudoRead.encrypted_value).toBe('abc123_enc');
     });
 });
