StreamPay-Frontend/privacy.test.ts at main · Windowlight/StreamPay-Frontend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import { scrubStreamPII, processDeletionRequest } from "./app/lib/privacy";
import { db } from "./app/lib/db";
import { Stream } from "./app/types/openapi";

describe("Privacy Services", () => {
  const sampleStream: Stream = {
    id: "test-stream",
    recipient: "GD7H...3J4K",
    rate: "10 XLM/day",
    schedule: "daily",
    status: "active",
    email: "test@example.com",
    label: "Private Label",
    memo: "Secret Memo",
    partnerId: "PID-999",
    createdAt: new Date().toISOString(),
    updatedAt: new Date().toISOString(),
  };

  describe("scrubStreamPII", () => {
    it("redacts PII for 'user' role", () => {
      const scrubbed = scrubStreamPII(sampleStream, 'user');
      expect(scrubbed.email).toBe("t***t@example.com");
      expect(scrubbed.label).toBe("[REDACTED]");
      expect(scrubbed.memo).toBe("[REDACTED]");
      expect(scrubbed.partnerId).toBe("[MASKED]");
    });

    it("allows full access for 'admin' role", () => {
      const scrubbed = scrubStreamPII(sampleStream, 'admin');
      expect(scrubbed.email).toBe(sampleStream.email);
      expect(scrubbed.label).toBe(sampleStream.label);
    });
  });

  describe("processDeletionRequest", () => {
    it("permanently scrubs PII from the database", async () => {
      const walletAddress = "GD7H...3J4K";

      // Ensure user exists first
      db.users.set(walletAddress, {
        wallet_address: walletAddress,
        email: "ada@creativestudio.io",
        display_name: "Ada",
        avatar_url: null,
        created_at: new Date().toISOString(),
      });

      const result = await processDeletionRequest(walletAddress);

      expect(result.requestId).toMatch(/^dsr-/);
      expect(db.users.has(walletAddress)).toBe(false);

      // Verify stream scrubbing
      const stream = db.streams.get("stream-ada");
      if (stream) {
        expect(stream.email).toBeUndefined();
        expect(stream.label).toBeUndefined();
      }
    });

    it("is idempotent", async () => {
      const walletAddress = "non-existent-wallet";
      const result1 = await processDeletionRequest(walletAddress);
      const result2 = await processDeletionRequest(walletAddress);

      expect(result1.status).toBe("processing");
      expect(result2.status).toBe("processing");
    });
  });
});