fix tests

Author: gioelecerati

packages/api/src/controllers/access-control.test.ts

@@ -243,29 +243,45 @@ describe("controllers/access-control", () => {
     });
 
     it("should not allow playback if origin is not in playback.allowedOrigins", async () => {
-      const webhook = await db.webhook.create({
-        id: uuid(),
-        name: "test",
-        url: `http://localhost:3004/api/access-control/webhook-test`,
-        events: ["playback.accessControl"],
-      });
-      gatedAsset.playbackPolicy.webhookId = webhook.id;
-      gatedAsset.playbackPolicy.type = "webhook";
+      gatedAsset.playbackPolicy.type = "jwt";
       gatedAsset.playbackPolicy.allowedOrigins = ["http://localhost:3000"];
       await db.asset.update(gatedAsset.id, {
         playbackPolicy: gatedAsset.playbackPolicy,
       });
+      let asset = await db.asset.get(gatedAsset.id);
+      expect(asset.playbackPolicy.allowedOrigins).toEqual([
+        "http://localhost:3000",
+      ]);
       const res3 = await client.post("/access-control/gate", {
         stream: `video+${gatedAsset.playbackId}`,
-        type: "accessKey",
-        accessKey: signingKey.publicKey,
+        type: "jwt",
+        pub: "notExistingPubKey",
         webhookPayload: {
           headers: {
             origin: "https://example.com",
           },
         },
       });
       expect(res3.status).toBe(403);
+      let resJson = await res3.json();
+      expect(resJson.errors[0]).toBe(
+        `Content is gated and origin not in allowed origins`
+      );
+      const res4 = await client.post("/access-control/gate", {
+        stream: `video+${gatedAsset.playbackId}`,
+        type: "jwt",
+        pub: "notExistingPubKey",
+        webhookPayload: {
+          headers: {
+            origin: "http://localhost:3000",
+          },
+        },
+      });
+      expect(res4.status).toBe(403);
+      let resJson2 = await res4.json();
+      expect(resJson2.errors[0]).toBe(
+        "Content is gated and corresponding public key not found"
+      );
     });
 
     it("should allow playback on public playbackId with and without a public key provided", async () => {

packages/api/src/controllers/access-control.ts

@@ -245,17 +245,17 @@ app.post(
 
     let origin: string = null;
     if (req.body?.webhookPayload?.headers) {
-      origin = req.body?.webhookPayload?.headers["Origin"];
+      origin = req.body?.webhookPayload?.headers["origin"];
     }
 
-    if (req.body.origin) {
+    if (origin) {
       if (allowedOrigins.length > 0) {
         if (!allowedOrigins.includes(origin)) {
           console.log(`
             access-control: gate: content with playbackId=${playbackId} is gated but origin=${origin} not in allowed origins=${allowedOrigins}, disallowing playback
           `);
           throw new ForbiddenError(
-            "Content is gated and origin not in allowed origins"
+            `Content is gated and origin not in allowed origins`
           );
         }
       }