embed integrity check task in backup API responses

The UI is polling for the taskId, might as well attach it

src/routes/apps.js

@@ -2,6 +2,7 @@ import apps from '../apps.js';
 import appstore from '../appstore.js';
 import assert from 'node:assert';
 import AuditSource from '../auditsource.js';
+import backups from '../backups.js';
 import backupSites from '../backupsites.js';
 import BoxError from '../boxerror.js';
 import community from '../community.js';
@@ -866,7 +867,7 @@ async function listBackups(req, res, next) {
     const [error, result] = await safe(apps.listBackups(req.resources.app, page, perPage));
     if (error) return next(BoxError.toHttpError(error));
 
-    next(new HttpSuccess(200, { backups: result }));
+    next(new HttpSuccess(200, { backups: result.map(backups.removePrivateFields) }));
 }
 
 async function listBackupSites(req, res, next) {

src/routes/backupsites.js

@@ -242,7 +242,7 @@ async function listBackups(req, res, next) {
 
     const [error, results] = await safe(backups.listByTypePaged(backups.BACKUP_TYPE_BOX, req.resources.backupSite.id, page, perPage));
     if (error) return next(BoxError.toHttpError(error));
-    next(new HttpSuccess(200, { backups: results }));
+    next(new HttpSuccess(200, { backups: results.map(backups.removePrivateFields) }));
 }
 
 export default {

src/routes/test/backups-test.js

@@ -3,6 +3,7 @@
 import common from './common.js';
 import expect from 'expect.js';
 import superagent from '@cloudron/superagent';
+import timers from 'timers/promises';
 
 describe('Backups API', function () {
     const { setup, cleanup, waitForTask, serverUrl, owner, admin, getDefaultBackupSite } = common;
@@ -68,4 +69,39 @@ describe('Backups API', function () {
             .send({ preserveSecs: 30, label: 'NewOrleans' });
         expect(response.status).to.equal(200);
     });
+
+    describe('integrity', function () {
+        it('start a check', async function () {
+            const response = await superagent.post(`${serverUrl}/api/v1/backups/${someBackup.id}/start_integrity_check`)
+                .query({ access_token: admin.token })
+                .send({});
+            expect(response.status).to.equal(201);
+            const taskId = response.body.taskId;
+            expect(taskId).to.be.a('string');
+        });
+
+        it('wait for check', async function () {
+            let response;
+            for (let i = 0; i < 10; i++) {
+                response = await superagent.get(`${serverUrl}/api/v1/backups/${someBackup.id}`)
+                    .query({ access_token: admin.token });
+                expect(response.status).to.equal(200);
+                if (!response.body.integrityCheckTask?.active) break;
+                await timers.setTimeout(3000);
+            }
+
+            expect(response.body.integrityCheckTask).to.be(null);
+        });
+
+        it('has integrity fields', async function () {
+            const response = await superagent.get(`${serverUrl}/api/v1/backups/${someBackup.id}`)
+                .query({ access_token: owner.token })
+                .ok(() => true);
+            expect(response.status).to.equal(200);
+            expect(response.body.lastIntegrityCheckTime).to.be.a('string');
+            expect(response.body.integrityCheckStatus).to.equal('passed');
+            expect(response.body.integrityCheckResult).to.eql({ messages: [] });
+            expect(response.body.integrityCheckTask).to.be(null);
+        });
+    });
 });