mirage: Add authentication check to GET /api/v1/me/crate_owner_invitations route handler

Author: Turbo87

mirage/route-handlers/me.js

@@ -99,5 +99,12 @@ export function register(server) {
     return { ok: true };
   });
 
-  server.get('/api/v1/me/crate_owner_invitations', { crate_owner_invitations: [] });
+  server.get('/api/v1/me/crate_owner_invitations', function (schema) {
+    let { user } = getSession(schema);
+    if (!user) {
+      return new Response(403, {}, { errors: [{ detail: 'must be logged in to perform that action' }] });
+    }
+
+    return { crate_owner_invitations: [] };
+  });
 }

tests/mirage/invitations-test.js

@@ -13,6 +13,9 @@ module('Mirage | Crate Owner Invitations', function (hooks) {
 
   module('GET /api/v1/me/crate_owner_invitations', function () {
     test('empty case', async function (assert) {
+      let user = this.server.create('user');
+      this.server.create('mirage-session', { user });
+
       let response = await fetch('/api/v1/me/crate_owner_invitations');
       assert.equal(response.status, 200);
 
@@ -95,5 +98,15 @@ module('Mirage | Crate Owner Invitations', function (hooks) {
         ],
       });
     });
+
+    test('returns an error if unauthenticated', async function (assert) {
+      let response = await fetch('/api/v1/me/crate_owner_invitations');
+      assert.equal(response.status, 403);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {
+        errors: [{ detail: 'must be logged in to perform that action' }],
+      });
+    });
   });
 });