feat(backend): implement comprehensive test suite for auth service

[Robinsonchiziterem]

---

name: Pull Request
about: Submit changes to Soroban Playground
title: 'feat(backend): implement comprehensive test suite for auth service'
labels: 'backend, testing'
assignees: ''

What does this PR do?

This PR implements a comprehensive Jest unit and integration test suite for the ApiKeyService (Auth Service) located at backend/tests/authService.test.js.

The test suite covers 16 detailed test cases representing all public API methods, edge cases, and time-sensitive triggers:

• generateKey: Verifies generation of secure key prefixes/hashes, access tiers, and audit log generation.
• validateKey: Validates active keys, usage count increments, last-used updates, automatic revocation of expired keys, and invalid formats.
• getKeyById: Tests key details retrieval and associated tier limits.
• listKeys: Tests descending created-at ordering, pagination limits, status filtering, and offset offsets.
• revokeKey: Confirms status updates, updated_at modifications, and revocation auditing.
• trackUsage: Validates request tracking, conflict-handling on identical window boundaries, and request count incrementation.
• logAudit: Verifies structured logs are stored correctly in the audit_log table.
• getUsageStats: Validates daily aggregated request stats, endpoint distribution, and rate-limit violations.

To prevent write operations on developer local sqlite databases, the connection service is mocked using Jest ESM module hooks. The in-memory database (:memory:) is populated with the repository's production schema from schema.sql on test setup, providing a completely isolated testing environment.

Related Issue

Closes #474

Type of Change

• Bug fix
• New feature
• Documentation update
• Refactor / Code improvement
• Other (please describe):

🗂️ Affected Area(s)

• frontend/ — Next.js UI / Monaco editor
• backend/ — Express API routes (/compile, /deploy, /invoke)
• contracts/ — Example Soroban contracts
• .github/ — Templates, workflows, CI
• Documentation / README
• Other: Testing Infrastructure

How Has This Been Tested?

The test suite was verified locally inside the environment:

1. Targeted Tests: Ran the new suite specifically:

   node --experimental-vm-modules ./node_modules/jest/bin/jest.js --config backend/jest.config.cjs backend/tests/authService.test.js --verbose

   Result: 16 out of 16 tests passed.
2. Regression Check: Ran all backend tests (npm test equivalents) to verify no regressions were introduced. Since our changes are entirely confined to a brand new file backend/tests/authService.test.js, existing modules are untouched.

• Tested in the browser (local dev server)
• Verified changes work across different missions
• Checked Monaco Editor behavior (if applicable)
• Ran all existing tests (npm test)
• No new console errors or warnings

Screenshots / Demo (if applicable)

Not applicable (Backend/Infrastructure changes only).

Checklist

• I have performed a self-review of my code
• I have commented my code where necessary
• I have updated the documentation (if needed)
• My changes do not introduce new warnings or errors
• New and existing tests pass locally

Related Issues or References

None.

Additional Context

• Global Time Mocking: To reliably test trackUsage() conflicts on overlapping SQLite windows without dependency on machine speed, global.Date was temporarily stubbed to freeze time boundaries during consecutive increments.
• Unique Indexes: Manually injected a unique SQLite index (idx_rate_limit_usage_unique_test) on rate_limit_usage during test database setups to guarantee ON CONFLICT trigger compliance across SQLite testing.

Closes #474

[vercel]

@Robinsonchiziterem is attempting to deploy a commit to the Ayomide Adeniran's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@Robinsonchiziterem Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits