From 5ce748859774471c5b0f147755b71c2f6e01d3f4 Mon Sep 17 00:00:00 2001
From: Bill <bill@bballou.com>
Date: Sat, 25 Oct 2025 21:07:53 -0400
Subject: [PATCH] refactor: remove CORS settings, make auth mandatory in types

- Remove enableCORS and allowedOrigins from MCPServerSettings
- Make apiKey required (string, not optional)
- Set enableAuth to true by default
- Add comprehensive test coverage for settings types
---
 src/types/settings-types.ts  | 12 +++------
 tests/settings-types.test.ts | 47 ++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 8 deletions(-)
 create mode 100644 tests/settings-types.test.ts

diff --git a/src/types/settings-types.ts b/src/types/settings-types.ts
index 6ed7052..bdf5a94 100644
--- a/src/types/settings-types.ts
+++ b/src/types/settings-types.ts
@@ -1,10 +1,8 @@
 // Settings Types
 export interface MCPServerSettings {
 	port: number;
-	enableCORS: boolean;
-	allowedOrigins: string[];
-	apiKey?: string;
-	enableAuth: boolean;
+	apiKey: string; // Now required, not optional
+	enableAuth: boolean; // Will be removed in future, kept for migration
 }
 
 export interface NotificationSettings {
@@ -20,10 +18,8 @@ export interface MCPPluginSettings extends MCPServerSettings, NotificationSettin
 
 export const DEFAULT_SETTINGS: MCPPluginSettings = {
 	port: 3000,
-	enableCORS: true,
-	allowedOrigins: ['*'],
-	apiKey: '',
-	enableAuth: false,
+	apiKey: '', // Will be auto-generated on first load
+	enableAuth: true, // Always true now
 	autoStart: false,
 	// Notification defaults
 	notificationsEnabled: false,
diff --git a/tests/settings-types.test.ts b/tests/settings-types.test.ts
new file mode 100644
index 0000000..89541a4
--- /dev/null
+++ b/tests/settings-types.test.ts
@@ -0,0 +1,47 @@
+import { DEFAULT_SETTINGS, MCPPluginSettings } from '../src/types/settings-types';
+
+describe('Settings Types', () => {
+	describe('DEFAULT_SETTINGS', () => {
+		it('should have authentication enabled by default', () => {
+			expect(DEFAULT_SETTINGS.enableAuth).toBe(true);
+		});
+
+		it('should not have enableCORS field', () => {
+			expect((DEFAULT_SETTINGS as any).enableCORS).toBeUndefined();
+		});
+
+		it('should not have allowedOrigins field', () => {
+			expect((DEFAULT_SETTINGS as any).allowedOrigins).toBeUndefined();
+		});
+
+		it('should have empty apiKey by default', () => {
+			expect(DEFAULT_SETTINGS.apiKey).toBe('');
+		});
+
+		it('should have autoStart disabled by default', () => {
+			expect(DEFAULT_SETTINGS.autoStart).toBe(false);
+		});
+
+		it('should have valid port number', () => {
+			expect(DEFAULT_SETTINGS.port).toBe(3000);
+			expect(DEFAULT_SETTINGS.port).toBeGreaterThan(0);
+			expect(DEFAULT_SETTINGS.port).toBeLessThan(65536);
+		});
+	});
+
+	describe('MCPPluginSettings interface', () => {
+		it('should require apiKey field', () => {
+			const settings: MCPPluginSettings = {
+				...DEFAULT_SETTINGS,
+				apiKey: 'test-key'
+			};
+			expect(settings.apiKey).toBe('test-key');
+		});
+
+		it('should not allow enableCORS field', () => {
+			// This is a compile-time check, but we verify runtime
+			const settings: MCPPluginSettings = DEFAULT_SETTINGS;
+			expect((settings as any).enableCORS).toBeUndefined();
+		});
+	});
+});