From 8ba676fdab19fc25bb5d01952180a596c0c27ffb Mon Sep 17 00:00:00 2001
From: "liuxiaohe.io" <liuxiaohe.io@bytedance.com>
Date: Wed, 13 May 2026 23:28:21 +0800
Subject: [PATCH] test: cover handler pre-auth plugin routing

---
 src/handler.test.ts | 80 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)

diff --git a/src/handler.test.ts b/src/handler.test.ts
index 86bb328..807652e 100644
--- a/src/handler.test.ts
+++ b/src/handler.test.ts
@@ -7,6 +7,7 @@ import { LiteREST } from './literest'
 import { createResponse } from './utils'
 import { corsPreflight } from './cors'
 import { StarbasePluginRegistry } from './plugin'
+import type { StarbasePlugin } from './plugin'
 
 vi.mock('./cors', () => ({
     corsPreflight: vi.fn().mockReturnValue(new Response(null, { status: 204 })),
@@ -181,6 +182,85 @@ describe('StarbaseDB Cache Expiry', () => {
     })
 })
 
+describe('StarbaseDB Pre-Auth Plugin Routing', () => {
+    function createInstanceWithPlugin(plugin: Partial<StarbasePlugin>) {
+        return new StarbaseDB({
+            dataSource: mockDataSource,
+            config: mockConfig,
+            plugins: [plugin as StarbasePlugin],
+        })
+    }
+
+    it('should route matching authless plugin paths before auth checks', async () => {
+        const authlessPlugin = {
+            opts: { requiresAuth: false },
+            pathPrefix: '/webhooks/:provider/*',
+        }
+        const preAuthInstance = createInstanceWithPlugin(authlessPlugin)
+        const request = new Request(
+            'https://example.com/webhooks/stripe/events/created'
+        )
+
+        const response = await preAuthInstance.handlePreAuth(
+            request,
+            mockExecutionContext
+        )
+
+        expect(preAuthInstance['app'].fetch).toHaveBeenCalledWith(request)
+        await expect(response?.text()).resolves.toBe('mock-response')
+    })
+
+    it('should skip authless plugins when the path does not match', async () => {
+        const authlessPlugin = {
+            opts: { requiresAuth: false },
+            pathPrefix: '/webhooks/:provider/*',
+        }
+        const preAuthInstance = createInstanceWithPlugin(authlessPlugin)
+        const request = new Request('https://example.com/query')
+
+        const response = await preAuthInstance.handlePreAuth(
+            request,
+            mockExecutionContext
+        )
+
+        expect(response).toBeUndefined()
+        expect(preAuthInstance['app'].fetch).not.toHaveBeenCalled()
+    })
+
+    it('should not route auth-required plugin paths before auth checks', async () => {
+        const authRequiredPlugin = {
+            opts: { requiresAuth: true },
+            pathPrefix: '/socket',
+        }
+        const preAuthInstance = createInstanceWithPlugin(authRequiredPlugin)
+        const request = new Request('https://example.com/socket')
+
+        const response = await preAuthInstance.handlePreAuth(
+            request,
+            mockExecutionContext
+        )
+
+        expect(response).toBeUndefined()
+        expect(preAuthInstance['app'].fetch).not.toHaveBeenCalled()
+    })
+
+    it('should ignore authless plugins without a path prefix', async () => {
+        const authlessPlugin = {
+            opts: { requiresAuth: false },
+        }
+        const preAuthInstance = createInstanceWithPlugin(authlessPlugin)
+        const request = new Request('https://example.com/webhooks/stripe')
+
+        const response = await preAuthInstance.handlePreAuth(
+            request,
+            mockExecutionContext
+        )
+
+        expect(response).toBeUndefined()
+        expect(preAuthInstance['app'].fetch).not.toHaveBeenCalled()
+    })
+})
+
 describe('StarbaseDB Error Handling', () => {
     it('should return 500 if query execution fails', async () => {
         vi.mocked(executeQuery).mockRejectedValue(new Error('Database error'))