@actuate-media/cms-core 0.11.2 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/api/cron-routes.test.d.ts +2 -0
- package/dist/__tests__/api/cron-routes.test.d.ts.map +1 -0
- package/dist/__tests__/api/cron-routes.test.js +67 -0
- package/dist/__tests__/api/cron-routes.test.js.map +1 -0
- package/dist/__tests__/auth/password.test.js +82 -3
- package/dist/__tests__/auth/password.test.js.map +1 -1
- package/dist/__tests__/auth/session.test.js +54 -1
- package/dist/__tests__/auth/session.test.js.map +1 -1
- package/dist/__tests__/cron/cron.test.d.ts +2 -0
- package/dist/__tests__/cron/cron.test.d.ts.map +1 -0
- package/dist/__tests__/cron/cron.test.js +262 -0
- package/dist/__tests__/cron/cron.test.js.map +1 -0
- package/dist/__tests__/security/encrypted-fields.test.d.ts +2 -0
- package/dist/__tests__/security/encrypted-fields.test.d.ts.map +1 -0
- package/dist/__tests__/security/encrypted-fields.test.js +60 -0
- package/dist/__tests__/security/encrypted-fields.test.js.map +1 -0
- package/dist/__tests__/security/safe-fetch.test.d.ts +2 -0
- package/dist/__tests__/security/safe-fetch.test.d.ts.map +1 -0
- package/dist/__tests__/security/safe-fetch.test.js +97 -0
- package/dist/__tests__/security/safe-fetch.test.js.map +1 -0
- package/dist/__tests__/security/ssrf.test.d.ts +2 -0
- package/dist/__tests__/security/ssrf.test.d.ts.map +1 -0
- package/dist/__tests__/security/ssrf.test.js +209 -0
- package/dist/__tests__/security/ssrf.test.js.map +1 -0
- package/dist/api/handler-factory.d.ts.map +1 -1
- package/dist/api/handler-factory.js +3 -0
- package/dist/api/handler-factory.js.map +1 -1
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +84 -1
- package/dist/api/handlers.js.map +1 -1
- package/dist/auth/oauth.d.ts +8 -0
- package/dist/auth/oauth.d.ts.map +1 -1
- package/dist/auth/oauth.js +39 -1
- package/dist/auth/oauth.js.map +1 -1
- package/dist/auth/password.d.ts +35 -2
- package/dist/auth/password.d.ts.map +1 -1
- package/dist/auth/password.js +97 -7
- package/dist/auth/password.js.map +1 -1
- package/dist/auth/session.d.ts +9 -0
- package/dist/auth/session.d.ts.map +1 -1
- package/dist/auth/session.js +54 -1
- package/dist/auth/session.js.map +1 -1
- package/dist/cron/index.d.ts +72 -0
- package/dist/cron/index.d.ts.map +1 -0
- package/dist/cron/index.js +222 -0
- package/dist/cron/index.js.map +1 -0
- package/dist/security/encrypted-fields.d.ts +9 -0
- package/dist/security/encrypted-fields.d.ts.map +1 -1
- package/dist/security/encrypted-fields.js +52 -1
- package/dist/security/encrypted-fields.js.map +1 -1
- package/dist/security/ip-canon.d.ts +71 -0
- package/dist/security/ip-canon.d.ts.map +1 -0
- package/dist/security/ip-canon.js +352 -0
- package/dist/security/ip-canon.js.map +1 -0
- package/dist/security/safe-fetch.d.ts +30 -8
- package/dist/security/safe-fetch.d.ts.map +1 -1
- package/dist/security/safe-fetch.js +32 -6
- package/dist/security/safe-fetch.js.map +1 -1
- package/dist/security/webhook.d.ts +20 -2
- package/dist/security/webhook.d.ts.map +1 -1
- package/dist/security/webhook.js +100 -30
- package/dist/security/webhook.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cron-routes.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/api/cron-routes.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
import { afterEach, beforeEach, describe, expect, it } from 'vitest';
|
|
2
|
+
import { handleActuateAPI } from '../../api/index.js';
|
|
3
|
+
import { initDB } from '../../db.js';
|
|
4
|
+
const SECRET = 'test-secret-for-cron-routes-aaaaaaaaaaa';
|
|
5
|
+
function createMockDB() {
|
|
6
|
+
return {
|
|
7
|
+
document: {
|
|
8
|
+
findMany: async () => [],
|
|
9
|
+
updateMany: async () => ({ count: 0 }),
|
|
10
|
+
deleteMany: async () => ({ count: 0 }),
|
|
11
|
+
},
|
|
12
|
+
session: { deleteMany: async () => ({ count: 0 }) },
|
|
13
|
+
auditLog: { deleteMany: async () => ({ count: 0 }) },
|
|
14
|
+
passwordResetToken: { deleteMany: async () => ({ count: 0 }) },
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
describe('cron route HTTP method (Vercel Cron compatibility)', () => {
|
|
18
|
+
const originalCronSecret = process.env.CRON_SECRET;
|
|
19
|
+
beforeEach(() => {
|
|
20
|
+
process.env.CMS_SECRET = SECRET;
|
|
21
|
+
process.env.CRON_SECRET = 'cron-secret-for-test-aaaaaaaaaaaaaaaa';
|
|
22
|
+
initDB(createMockDB());
|
|
23
|
+
});
|
|
24
|
+
afterEach(() => {
|
|
25
|
+
if (originalCronSecret === undefined)
|
|
26
|
+
delete process.env.CRON_SECRET;
|
|
27
|
+
else
|
|
28
|
+
process.env.CRON_SECRET = originalCronSecret;
|
|
29
|
+
});
|
|
30
|
+
// Bugbot review (PR #40, post-fix commit): Vercel Cron sends GET requests
|
|
31
|
+
// (https://vercel.com/docs/cron-jobs). The original implementation used
|
|
32
|
+
// router.post(...) which would have returned 405/404 for every Vercel
|
|
33
|
+
// invocation, leaving the cron jobs silently non-functional.
|
|
34
|
+
it.each(['/api/cms/cron/publish', '/api/cms/cron/cleanup', '/api/cms/cron/seo-scan'])('accepts GET %s with valid CRON_SECRET (Vercel Cron path)', async (path) => {
|
|
35
|
+
const handler = handleActuateAPI({ prismaClient: createMockDB() });
|
|
36
|
+
const response = await handler(new Request(`https://example.com${path}`, {
|
|
37
|
+
method: 'GET',
|
|
38
|
+
headers: { authorization: `Bearer ${process.env.CRON_SECRET}` },
|
|
39
|
+
}));
|
|
40
|
+
// Either 200 (handler ran) or 500 (handler ran but mock DB couldn't
|
|
41
|
+
// satisfy something) — both prove the route was matched. We must NOT
|
|
42
|
+
// get 404 or 405.
|
|
43
|
+
expect([200, 500]).toContain(response.status);
|
|
44
|
+
});
|
|
45
|
+
it.each(['/api/cms/cron/publish', '/api/cms/cron/cleanup', '/api/cms/cron/seo-scan'])('still accepts POST %s for self-hosted schedulers', async (path) => {
|
|
46
|
+
const handler = handleActuateAPI({ prismaClient: createMockDB() });
|
|
47
|
+
const response = await handler(new Request(`https://example.com${path}`, {
|
|
48
|
+
method: 'POST',
|
|
49
|
+
headers: { authorization: `Bearer ${process.env.CRON_SECRET}` },
|
|
50
|
+
}));
|
|
51
|
+
expect([200, 500]).toContain(response.status);
|
|
52
|
+
});
|
|
53
|
+
it.each(['/api/cms/cron/publish', '/api/cms/cron/cleanup', '/api/cms/cron/seo-scan'])('rejects GET %s without CRON_SECRET (401, not 405)', async (path) => {
|
|
54
|
+
const handler = handleActuateAPI({ prismaClient: createMockDB() });
|
|
55
|
+
const response = await handler(new Request(`https://example.com${path}`, { method: 'GET' }));
|
|
56
|
+
expect(response.status).toBe(401);
|
|
57
|
+
});
|
|
58
|
+
it.each(['/api/cms/cron/publish', '/api/cms/cron/cleanup', '/api/cms/cron/seo-scan'])('rejects GET %s with wrong CRON_SECRET (401)', async (path) => {
|
|
59
|
+
const handler = handleActuateAPI({ prismaClient: createMockDB() });
|
|
60
|
+
const response = await handler(new Request(`https://example.com${path}`, {
|
|
61
|
+
method: 'GET',
|
|
62
|
+
headers: { authorization: 'Bearer wrong-secret' },
|
|
63
|
+
}));
|
|
64
|
+
expect(response.status).toBe(401);
|
|
65
|
+
});
|
|
66
|
+
});
|
|
67
|
+
//# sourceMappingURL=cron-routes.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cron-routes.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/cron-routes.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAEpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,MAAM,MAAM,GAAG,yCAAyC,CAAA;AAExD,SAAS,YAAY;IACnB,OAAO;QACL,QAAQ,EAAE;YACR,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;YACxB,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;YACtC,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;SACvC;QACD,OAAO,EAAE,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;QACnD,QAAQ,EAAE,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;QACpD,kBAAkB,EAAE,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;KAC/D,CAAA;AACH,CAAC;AAED,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;IAElD,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAA;QAC/B,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,uCAAuC,CAAA;QACjE,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,kBAAkB,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;;YAC/D,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,kBAAkB,CAAA;IACnD,CAAC,CAAC,CAAA;IAEF,0EAA0E;IAC1E,wEAAwE;IACxE,sEAAsE;IACtE,6DAA6D;IAE7D,EAAE,CAAC,IAAI,CAAC,CAAC,uBAAuB,EAAE,uBAAuB,EAAE,wBAAwB,CAAC,CAAC,CACnF,0DAA0D,EAC1D,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAA;QAClE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,sBAAsB,IAAI,EAAE,EAAE;YACxC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE;SAChE,CAAC,CACH,CAAA;QACD,oEAAoE;QACpE,qEAAqE;QACrE,kBAAkB;QAClB,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAC/C,CAAC,CACF,CAAA;IAED,EAAE,CAAC,IAAI,CAAC,CAAC,uBAAuB,EAAE,uBAAuB,EAAE,wBAAwB,CAAC,CAAC,CACnF,kDAAkD,EAClD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAA;QAClE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,sBAAsB,IAAI,EAAE,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE;SAChE,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAC/C,CAAC,CACF,CAAA;IAED,EAAE,CAAC,IAAI,CAAC,CAAC,uBAAuB,EAAE,uBAAuB,EAAE,wBAAwB,CAAC,CAAC,CACnF,mDAAmD,EACnD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAA;QAClE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,sBAAsB,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,CAAA;QAC5F,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CACF,CAAA;IAED,EAAE,CAAC,IAAI,CAAC,CAAC,uBAAuB,EAAE,uBAAuB,EAAE,wBAAwB,CAAC,CAAC,CACnF,6CAA6C,EAC7C,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAA;QAClE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,sBAAsB,IAAI,EAAE,EAAE;YACxC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,qBAAqB,EAAE;SAClD,CAAC,CACH,CAAA;QACD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CACF,CAAA;AACH,CAAC,CAAC,CAAA"}
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
import { describe, it, expect } from 'vitest';
|
|
2
|
-
import { hashPassword, verifyPassword, validatePasswordPolicy } from '../../auth/password.js';
|
|
2
|
+
import { hashPassword, verifyPassword, validatePasswordPolicy, needsRehash, compareToDummyHash, PBKDF2_ITERATIONS, } from '../../auth/password.js';
|
|
3
3
|
describe('hashPassword', () => {
|
|
4
|
-
it(
|
|
4
|
+
it(`returns a string in format "pbkdf2:${PBKDF2_ITERATIONS}:salt:hash"`, async () => {
|
|
5
5
|
const hash = await hashPassword('MySecret123!');
|
|
6
6
|
const parts = hash.split(':');
|
|
7
7
|
expect(parts).toHaveLength(4);
|
|
8
8
|
expect(parts[0]).toBe('pbkdf2');
|
|
9
|
-
expect(parts[1]).toBe(
|
|
9
|
+
expect(parts[1]).toBe(String(PBKDF2_ITERATIONS));
|
|
10
10
|
expect(parts[2]).toMatch(/^[0-9a-f]{32}$/);
|
|
11
11
|
expect(parts[3]).toMatch(/^[0-9a-f]{64}$/);
|
|
12
12
|
});
|
|
13
|
+
it('uses at least 600,000 iterations (OWASP 2023+ guidance)', () => {
|
|
14
|
+
expect(PBKDF2_ITERATIONS).toBeGreaterThanOrEqual(600_000);
|
|
15
|
+
});
|
|
13
16
|
it('produces different hashes for the same password (random salt)', async () => {
|
|
14
17
|
const hash1 = await hashPassword('SamePassword');
|
|
15
18
|
const hash2 = await hashPassword('SamePassword');
|
|
@@ -35,6 +38,82 @@ describe('verifyPassword', () => {
|
|
|
35
38
|
const result = await verifyPassword('anything', 'pbkdf2:100000::');
|
|
36
39
|
expect(result).toBe(false);
|
|
37
40
|
});
|
|
41
|
+
it('verifies legacy 100k-iteration hashes (back-compat)', async () => {
|
|
42
|
+
// Build a legacy-style hash by hand with 100k iterations.
|
|
43
|
+
const password = 'LegacyPass1!';
|
|
44
|
+
const salt = crypto.getRandomValues(new Uint8Array(16));
|
|
45
|
+
const key = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits']);
|
|
46
|
+
const derived = await crypto.subtle.deriveBits({ name: 'PBKDF2', salt, iterations: 100_000, hash: 'SHA-256' }, key, 256);
|
|
47
|
+
const legacy = `pbkdf2:100000:${Buffer.from(salt).toString('hex')}:${Buffer.from(derived).toString('hex')}`;
|
|
48
|
+
expect(await verifyPassword(password, legacy)).toBe(true);
|
|
49
|
+
expect(await verifyPassword('wrong', legacy)).toBe(false);
|
|
50
|
+
});
|
|
51
|
+
it('rejects absurdly low iteration counts (corruption guard)', async () => {
|
|
52
|
+
const result = await verifyPassword('anything', 'pbkdf2:100:abc:def');
|
|
53
|
+
expect(result).toBe(false);
|
|
54
|
+
});
|
|
55
|
+
it('rejects absurdly high iteration counts (DoS guard)', async () => {
|
|
56
|
+
const result = await verifyPassword('anything', 'pbkdf2:99999999:abc:def');
|
|
57
|
+
expect(result).toBe(false);
|
|
58
|
+
});
|
|
59
|
+
});
|
|
60
|
+
describe('needsRehash', () => {
|
|
61
|
+
it('returns true for old 100k-iteration hashes', () => {
|
|
62
|
+
expect(needsRehash('pbkdf2:100000:abc:def')).toBe(true);
|
|
63
|
+
});
|
|
64
|
+
it('returns false for current 600k-iteration hashes', async () => {
|
|
65
|
+
const hash = await hashPassword('Test1234!');
|
|
66
|
+
expect(needsRehash(hash)).toBe(false);
|
|
67
|
+
});
|
|
68
|
+
it('returns false for malformed hash', () => {
|
|
69
|
+
expect(needsRehash('not-a-hash')).toBe(false);
|
|
70
|
+
expect(needsRehash('pbkdf2:notanumber:abc:def')).toBe(false);
|
|
71
|
+
});
|
|
72
|
+
});
|
|
73
|
+
describe('compareToDummyHash', () => {
|
|
74
|
+
it('always returns false (dummy hash never matches a real password)', async () => {
|
|
75
|
+
const a = await compareToDummyHash('any password');
|
|
76
|
+
const b = await compareToDummyHash('different password');
|
|
77
|
+
const c = await compareToDummyHash('');
|
|
78
|
+
expect(a).toBe(false);
|
|
79
|
+
expect(b).toBe(false);
|
|
80
|
+
expect(c).toBe(false);
|
|
81
|
+
});
|
|
82
|
+
it('takes meaningful CPU time (defends user-enumeration timing channel)', async () => {
|
|
83
|
+
// The whole point is that this isn't a no-op. We can't assert exact ms in
|
|
84
|
+
// CI, but we can confirm it doesn't return synchronously.
|
|
85
|
+
const start = performance.now();
|
|
86
|
+
await compareToDummyHash('Some submitted password');
|
|
87
|
+
const elapsed = performance.now() - start;
|
|
88
|
+
// 600k iterations of PBKDF2-HMAC-SHA256 takes ~50-300ms on a typical CI
|
|
89
|
+
// worker. We assert >5ms as a generous lower bound that still catches
|
|
90
|
+
// a stub returning instantly.
|
|
91
|
+
expect(elapsed).toBeGreaterThan(5);
|
|
92
|
+
});
|
|
93
|
+
// Bugbot review #4 (PR #40): the original implementation lazily
|
|
94
|
+
// initialised the dummy hash on first call, making the first non-existent
|
|
95
|
+
// user login take ~2× the time of subsequent ones (one hashPassword +
|
|
96
|
+
// one verifyPassword vs just verifyPassword). That recreated the
|
|
97
|
+
// user-enumeration timing channel the dummy hash exists to close. The
|
|
98
|
+
// fix precomputes the hash via a top-level Promise — by the time the
|
|
99
|
+
// first user request arrives, the work is either done or already
|
|
100
|
+
// in-flight. We can't directly assert "module load started the hash",
|
|
101
|
+
// but we can verify that two back-to-back calls have the same order of
|
|
102
|
+
// magnitude of cost (i.e. the first isn't ~2× the second).
|
|
103
|
+
it('first call is not measurably slower than subsequent calls (eager init)', async () => {
|
|
104
|
+
// Warm up — actual first invocation in the test process.
|
|
105
|
+
const t1 = performance.now();
|
|
106
|
+
await compareToDummyHash('warmup');
|
|
107
|
+
const e1 = performance.now() - t1;
|
|
108
|
+
const t2 = performance.now();
|
|
109
|
+
await compareToDummyHash('subsequent');
|
|
110
|
+
const e2 = performance.now() - t2;
|
|
111
|
+
// The first call should NOT be more than 1.6× the second. Without
|
|
112
|
+
// eager init it was ~2× because it ran hashPassword (600k iter) +
|
|
113
|
+
// verifyPassword (600k iter); after eager init it's just verifyPassword.
|
|
114
|
+
// We use a generous bound to avoid flakes from CI scheduler jitter.
|
|
115
|
+
expect(e1).toBeLessThan(e2 * 1.6 + 50);
|
|
116
|
+
});
|
|
38
117
|
});
|
|
39
118
|
describe('validatePasswordPolicy', () => {
|
|
40
119
|
it('passes when password meets all requirements', () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/password.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,
|
|
1
|
+
{"version":3,"file":"password.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/password.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,EACL,YAAY,EACZ,cAAc,EACd,sBAAsB,EACtB,WAAW,EACX,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,wBAAwB,CAAA;AAE/B,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,sCAAsC,iBAAiB,aAAa,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC/B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;QAC1C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,CAAC,iBAAiB,CAAC,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAChD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC/B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,gBAAgB,CAAC,CAAA;QACjD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,gBAAgB,CAAC,CAAA;QACjD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAA;QAC5D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;QACnE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAA;QAClE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,cAAc,CAAA;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;QACvD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAA;QACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9D,GAAG,EACH,GAAG,CACJ,CAAA;QACD,MAAM,MAAM,GAAG,iBAAiB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAA;QAC3G,MAAM,CAAC,MAAM,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzD,MAAM,CAAC,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAA;QACrE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAA;QAC1E,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;QAC5C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC7C,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAA;QAClD,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,oBAAoB,CAAC,CAAA;QACxD,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAA;QACtC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACrB,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACrB,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,0EAA0E;QAC1E,0DAA0D;QAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC/B,MAAM,kBAAkB,CAAC,yBAAyB,CAAC,CAAA;QACnD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAA;QACzC,wEAAwE;QACxE,sEAAsE;QACtE,8BAA8B;QAC9B,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC,CAAC,CAAA;IAEF,gEAAgE;IAChE,0EAA0E;IAC1E,sEAAsE;IACtE,iEAAiE;IACjE,sEAAsE;IACtE,qEAAqE;IACrE,iEAAiE;IACjE,sEAAsE;IACtE,uEAAuE;IACvE,2DAA2D;IAC3D,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,yDAAyD;QACzD,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC5B,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;QAEjC,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC5B,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAA;QACtC,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;QAEjC,kEAAkE;QAClE,kEAAkE;QAClE,yEAAyE;QACzE,oEAAoE;QACpE,MAAM,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,MAAM,GAAG,sBAAsB,CAAC,aAAa,EAAE;YACnD,SAAS,EAAE,CAAC;YACZ,gBAAgB,EAAE,IAAI;YACtB,gBAAgB,EAAE,IAAI;YACtB,cAAc,EAAE,IAAI;YACpB,mBAAmB,EAAE,IAAI;SAC1B,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,MAAM,GAAG,sBAAsB,CAAC,MAAM,EAAE;YAC5C,SAAS,EAAE,CAAC;SACb,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,wCAAwC,CAAC,CAAA;IAC3E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,sBAAsB,CAAC,gBAAgB,EAAE;YACtD,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,sBAAsB,CAAC,gBAAgB,EAAE;YACtD,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,0CAA0C,CAAC,CAAA;IAC7E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,eAAe,EAAE;YACrD,cAAc,EAAE,IAAI;SACrB,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAA;IAClE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,sBAAsB,CAAC,iBAAiB,EAAE;YACvD,mBAAmB,EAAE,IAAI;SAC1B,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE;YAC3C,SAAS,EAAE,CAAC;YACZ,gBAAgB,EAAE,IAAI;YACtB,cAAc,EAAE,IAAI;YACpB,mBAAmB,EAAE,IAAI;SAC1B,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,sBAAsB,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;QACrD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { describe, it, expect } from 'vitest';
|
|
2
|
-
import
|
|
2
|
+
import * as jose from 'jose';
|
|
3
|
+
import { createSession, verifySession, refreshSession, InvalidSessionPayloadError, } from '../../auth/session.js';
|
|
3
4
|
const TEST_SECRET = 'a-secret-key-that-is-at-least-32-chars-long!!';
|
|
4
5
|
const TEST_PAYLOAD = {
|
|
5
6
|
userId: 'user_001',
|
|
@@ -47,6 +48,58 @@ describe('verifySession', () => {
|
|
|
47
48
|
await expect(verifySession(tampered, { secret: TEST_SECRET })).rejects.toThrow();
|
|
48
49
|
});
|
|
49
50
|
});
|
|
51
|
+
describe('verifySession payload validation', () => {
|
|
52
|
+
// Forge a JWT signed with the right secret but with a malformed payload.
|
|
53
|
+
// jose.jwtVerify accepts these; assertSessionPayload is the line of defense.
|
|
54
|
+
async function forgeJWT(payload) {
|
|
55
|
+
const secret = new TextEncoder().encode(TEST_SECRET);
|
|
56
|
+
return new jose.SignJWT(payload)
|
|
57
|
+
.setProtectedHeader({ alg: 'HS256' })
|
|
58
|
+
.setIssuedAt()
|
|
59
|
+
.setExpirationTime('1h')
|
|
60
|
+
.setIssuer('actuate-cms')
|
|
61
|
+
.setAudience('actuate-cms')
|
|
62
|
+
.sign(secret);
|
|
63
|
+
}
|
|
64
|
+
it('rejects payload missing userId', async () => {
|
|
65
|
+
const token = await forgeJWT({ role: 'admin', sessionId: 'sess1' });
|
|
66
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
67
|
+
});
|
|
68
|
+
it('rejects payload missing role', async () => {
|
|
69
|
+
const token = await forgeJWT({ userId: 'u1', sessionId: 'sess1' });
|
|
70
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
71
|
+
});
|
|
72
|
+
it('rejects payload missing sessionId', async () => {
|
|
73
|
+
const token = await forgeJWT({ userId: 'u1', role: 'admin' });
|
|
74
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
75
|
+
});
|
|
76
|
+
it('rejects empty-string userId', async () => {
|
|
77
|
+
const token = await forgeJWT({ userId: '', role: 'admin', sessionId: 'sess1' });
|
|
78
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
79
|
+
});
|
|
80
|
+
it('rejects non-string fingerprint when present', async () => {
|
|
81
|
+
const token = await forgeJWT({
|
|
82
|
+
userId: 'u1',
|
|
83
|
+
role: 'admin',
|
|
84
|
+
sessionId: 'sess1',
|
|
85
|
+
fingerprint: 12345,
|
|
86
|
+
});
|
|
87
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
88
|
+
});
|
|
89
|
+
it('strips extra attacker-supplied claims from the returned payload', async () => {
|
|
90
|
+
const token = await forgeJWT({
|
|
91
|
+
userId: 'u1',
|
|
92
|
+
role: 'CLIENT',
|
|
93
|
+
sessionId: 'sess1',
|
|
94
|
+
isSuperUser: true,
|
|
95
|
+
injectedField: 'pwn',
|
|
96
|
+
});
|
|
97
|
+
const decoded = await verifySession(token, { secret: TEST_SECRET });
|
|
98
|
+
expect(Object.keys(decoded).sort()).toEqual(['role', 'sessionId', 'userId']);
|
|
99
|
+
expect(decoded.isSuperUser).toBeUndefined();
|
|
100
|
+
expect(decoded.injectedField).toBeUndefined();
|
|
101
|
+
});
|
|
102
|
+
});
|
|
50
103
|
describe('refreshSession', () => {
|
|
51
104
|
it('returns a new valid token with the same payload', async () => {
|
|
52
105
|
const original = await createSession(TEST_PAYLOAD, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/session.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,
|
|
1
|
+
{"version":3,"file":"session.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/session.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EACL,aAAa,EACb,aAAa,EACb,cAAc,EACd,0BAA0B,GAC3B,MAAM,uBAAuB,CAAA;AAE9B,MAAM,WAAW,GAAG,+CAA+C,CAAA;AAEnE,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,UAAU;IAClB,IAAI,EAAE,OAAO;IACb,SAAS,EAAE,aAAa;CACzB,CAAA;AAED,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAC/B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACnE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACnE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE;YAC9C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,CAAC;SACV,CAAC,CAAA;QAEF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QAEzD,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IAC/E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QAExE,MAAM,MAAM,CACV,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC,CACzE,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACrB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,CAAA;QAE7C,MAAM,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IAClF,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,yEAAyE;IACzE,6EAA6E;IAC7E,KAAK,UAAU,QAAQ,CAAC,OAAgC;QACtD,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACpD,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;aAC7B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,SAAS,CAAC,aAAa,CAAC;aACxB,WAAW,CAAC,aAAa,CAAC;aAC1B,IAAI,CAAC,MAAM,CAAC,CAAA;IACjB,CAAC;IAED,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAA;QACnE,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAA;QAClE,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAC7D,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAA;QAC/E,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC;YAC3B,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAA;QACF,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC;YAC3B,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,IAAI;YACjB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACnE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC5E,MAAM,CAAE,OAA8C,CAAC,WAAW,CAAC,CAAC,aAAa,EAAE,CAAA;QACnF,MAAM,CAAE,OAA8C,CAAC,aAAa,CAAC,CAAC,aAAa,EAAE,CAAA;IACvF,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE;YACjD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;QAEF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QAEzD,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QAEzE,MAAM,CAAC,OAAO,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACvC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAEpC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACvE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cron.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/cron/cron.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,262 @@
|
|
|
1
|
+
import { describe, expect, it, beforeEach, afterEach, vi } from 'vitest';
|
|
2
|
+
import { isAuthorizedCronRequest, processCleanup, processSeoScan } from '../../cron/index.js';
|
|
3
|
+
describe('cron auth', () => {
|
|
4
|
+
const originalSecret = process.env.CRON_SECRET;
|
|
5
|
+
afterEach(() => {
|
|
6
|
+
if (originalSecret === undefined)
|
|
7
|
+
delete process.env.CRON_SECRET;
|
|
8
|
+
else
|
|
9
|
+
process.env.CRON_SECRET = originalSecret;
|
|
10
|
+
});
|
|
11
|
+
it('rejects when CRON_SECRET is unset (fail-closed)', () => {
|
|
12
|
+
delete process.env.CRON_SECRET;
|
|
13
|
+
expect(isAuthorizedCronRequest('Bearer anything')).toBe(false);
|
|
14
|
+
});
|
|
15
|
+
it('rejects when CRON_SECRET is the empty string (fail-closed)', () => {
|
|
16
|
+
process.env.CRON_SECRET = '';
|
|
17
|
+
expect(isAuthorizedCronRequest('Bearer anything')).toBe(false);
|
|
18
|
+
});
|
|
19
|
+
it('rejects null/undefined header', () => {
|
|
20
|
+
process.env.CRON_SECRET = 'abc123';
|
|
21
|
+
expect(isAuthorizedCronRequest(null)).toBe(false);
|
|
22
|
+
expect(isAuthorizedCronRequest(undefined)).toBe(false);
|
|
23
|
+
});
|
|
24
|
+
it('rejects wrong secret', () => {
|
|
25
|
+
process.env.CRON_SECRET = 'correct-secret';
|
|
26
|
+
expect(isAuthorizedCronRequest('Bearer wrong-secret')).toBe(false);
|
|
27
|
+
});
|
|
28
|
+
it('rejects partially-correct secret of equal length (constant-time)', () => {
|
|
29
|
+
process.env.CRON_SECRET = 'secret-with-fixed-length';
|
|
30
|
+
expect(isAuthorizedCronRequest('Bearer secret-with-fixex-length')).toBe(false);
|
|
31
|
+
});
|
|
32
|
+
it('accepts correct Bearer token', () => {
|
|
33
|
+
process.env.CRON_SECRET = 'correct-secret-value';
|
|
34
|
+
expect(isAuthorizedCronRequest('Bearer correct-secret-value')).toBe(true);
|
|
35
|
+
});
|
|
36
|
+
it('accepts bare secret (for self-hosted schedulers without Bearer prefix)', () => {
|
|
37
|
+
process.env.CRON_SECRET = 'correct-secret-value';
|
|
38
|
+
expect(isAuthorizedCronRequest('correct-secret-value')).toBe(true);
|
|
39
|
+
});
|
|
40
|
+
// Bugbot review #6 (PR #40): the prior `if (a.length !== b.length) return
|
|
41
|
+
// false` early exit leaked the secret length through response timing.
|
|
42
|
+
// The HMAC-based comparison must reject mismatched lengths just as
|
|
43
|
+
// reliably without revealing length information through different code
|
|
44
|
+
// paths.
|
|
45
|
+
it.each([
|
|
46
|
+
['shorter than secret', 'short'],
|
|
47
|
+
['longer than secret', 'a-much-longer-string-than-the-secret-value-itself'],
|
|
48
|
+
['empty', ''],
|
|
49
|
+
['one char short', 'correct-secret-valu'],
|
|
50
|
+
['one char long', 'correct-secret-value-x'],
|
|
51
|
+
])('rejects header %s when length differs from secret', (_label, attempt) => {
|
|
52
|
+
process.env.CRON_SECRET = 'correct-secret-value';
|
|
53
|
+
expect(isAuthorizedCronRequest(`Bearer ${attempt}`)).toBe(false);
|
|
54
|
+
});
|
|
55
|
+
});
|
|
56
|
+
describe('processCleanup', () => {
|
|
57
|
+
let now;
|
|
58
|
+
beforeEach(() => {
|
|
59
|
+
now = Date.now();
|
|
60
|
+
vi.useFakeTimers();
|
|
61
|
+
vi.setSystemTime(now);
|
|
62
|
+
});
|
|
63
|
+
afterEach(() => {
|
|
64
|
+
vi.useRealTimers();
|
|
65
|
+
});
|
|
66
|
+
it('returns zeros when db is empty / has no models', async () => {
|
|
67
|
+
const result = await processCleanup({});
|
|
68
|
+
expect(result).toEqual({
|
|
69
|
+
sessionsDeleted: 0,
|
|
70
|
+
auditLogsDeleted: 0,
|
|
71
|
+
documentsDeleted: 0,
|
|
72
|
+
passwordResetTokensDeleted: 0,
|
|
73
|
+
});
|
|
74
|
+
});
|
|
75
|
+
it('deletes expired/revoked sessions older than the retention window', async () => {
|
|
76
|
+
const deleteMany = vi.fn().mockResolvedValue({ count: 3 });
|
|
77
|
+
const db = { session: { deleteMany } };
|
|
78
|
+
const result = await processCleanup(db, { sessionRetentionMs: 1000 });
|
|
79
|
+
expect(result.sessionsDeleted).toBe(3);
|
|
80
|
+
expect(deleteMany).toHaveBeenCalledTimes(1);
|
|
81
|
+
const where = deleteMany.mock.calls[0][0].where;
|
|
82
|
+
expect(where.OR[0].revokedAt.lt.getTime()).toBe(now - 1000);
|
|
83
|
+
expect(where.OR[1].expiresAt.lt.getTime()).toBe(now - 1000);
|
|
84
|
+
});
|
|
85
|
+
it('continues other cleanups when one model fails', async () => {
|
|
86
|
+
const db = {
|
|
87
|
+
session: { deleteMany: vi.fn().mockRejectedValue(new Error('boom')) },
|
|
88
|
+
auditLog: { deleteMany: vi.fn().mockResolvedValue({ count: 5 }) },
|
|
89
|
+
document: { deleteMany: vi.fn().mockResolvedValue({ count: 2 }) },
|
|
90
|
+
};
|
|
91
|
+
const warn = vi.spyOn(console, 'warn').mockImplementation(() => { });
|
|
92
|
+
const result = await processCleanup(db);
|
|
93
|
+
expect(result.sessionsDeleted).toBe(0);
|
|
94
|
+
expect(result.auditLogsDeleted).toBe(5);
|
|
95
|
+
expect(result.documentsDeleted).toBe(2);
|
|
96
|
+
expect(warn).toHaveBeenCalled();
|
|
97
|
+
warn.mockRestore();
|
|
98
|
+
});
|
|
99
|
+
it('uses default retention windows when none provided', async () => {
|
|
100
|
+
const deleteMany = vi.fn().mockResolvedValue({ count: 0 });
|
|
101
|
+
const db = { auditLog: { deleteMany } };
|
|
102
|
+
await processCleanup(db);
|
|
103
|
+
const cutoff = deleteMany.mock.calls[0][0].where.timestamp.lt.getTime();
|
|
104
|
+
// Default audit log retention is 90 days.
|
|
105
|
+
expect(cutoff).toBe(now - 90 * 24 * 60 * 60 * 1000);
|
|
106
|
+
});
|
|
107
|
+
// Bugbot review (PR #40, post-fix re-scan): `modelExists` used
|
|
108
|
+
// `typeof db[name] === 'object'` which is true for `null` because of the
|
|
109
|
+
// historical `typeof null === 'object'` quirk. With `{ session: null }` the
|
|
110
|
+
// guard returned true and the subsequent `db.session.deleteMany(...)` call
|
|
111
|
+
// threw a TypeError that the outer try/catch papered over.
|
|
112
|
+
it('treats explicitly-null model delegates as missing (regression)', async () => {
|
|
113
|
+
const db = {
|
|
114
|
+
session: null,
|
|
115
|
+
auditLog: null,
|
|
116
|
+
document: null,
|
|
117
|
+
passwordResetToken: null,
|
|
118
|
+
};
|
|
119
|
+
const result = await processCleanup(db);
|
|
120
|
+
expect(result).toEqual({
|
|
121
|
+
sessionsDeleted: 0,
|
|
122
|
+
auditLogsDeleted: 0,
|
|
123
|
+
documentsDeleted: 0,
|
|
124
|
+
passwordResetTokensDeleted: 0,
|
|
125
|
+
});
|
|
126
|
+
});
|
|
127
|
+
});
|
|
128
|
+
describe('processSeoScan', () => {
|
|
129
|
+
it('returns empty result when document model is missing', async () => {
|
|
130
|
+
const result = await processSeoScan({});
|
|
131
|
+
expect(result).toEqual({ total: 0, pagesWithIssues: 0, totalProblems: 0, issues: [] });
|
|
132
|
+
});
|
|
133
|
+
it('flags missing meta title, description, canonical, schema', async () => {
|
|
134
|
+
const findMany = vi.fn().mockResolvedValue([
|
|
135
|
+
{
|
|
136
|
+
id: 'doc1',
|
|
137
|
+
title: 'Hello',
|
|
138
|
+
slug: 'hello',
|
|
139
|
+
collection: 'pages',
|
|
140
|
+
data: {},
|
|
141
|
+
plainText: 'x'.repeat(500),
|
|
142
|
+
},
|
|
143
|
+
]);
|
|
144
|
+
const db = { document: { findMany } };
|
|
145
|
+
const result = await processSeoScan(db);
|
|
146
|
+
expect(result.total).toBe(1);
|
|
147
|
+
expect(result.pagesWithIssues).toBe(1);
|
|
148
|
+
const problems = result.issues[0].problems;
|
|
149
|
+
expect(problems).toContain('Missing meta title');
|
|
150
|
+
expect(problems).toContain('Missing meta description');
|
|
151
|
+
expect(problems).toContain('No canonical URL set');
|
|
152
|
+
expect(problems).toContain('No Schema.org type');
|
|
153
|
+
});
|
|
154
|
+
it('respects maxDocuments bound', async () => {
|
|
155
|
+
const findMany = vi.fn().mockResolvedValue([]);
|
|
156
|
+
const db = { document: { findMany } };
|
|
157
|
+
await processSeoScan(db, { maxDocuments: 100 });
|
|
158
|
+
expect(findMany.mock.calls[0][0].take).toBe(100);
|
|
159
|
+
});
|
|
160
|
+
it('does not flag well-formed documents', async () => {
|
|
161
|
+
const db = {
|
|
162
|
+
document: {
|
|
163
|
+
findMany: vi.fn().mockResolvedValue([
|
|
164
|
+
{
|
|
165
|
+
id: 'doc1',
|
|
166
|
+
title: 'Hello',
|
|
167
|
+
slug: 'hello',
|
|
168
|
+
collection: 'pages',
|
|
169
|
+
data: {
|
|
170
|
+
metaTitle: 'Hello',
|
|
171
|
+
metaDescription: 'A page',
|
|
172
|
+
canonical: 'https://example.com/hello',
|
|
173
|
+
schemaType: 'Article',
|
|
174
|
+
body: '<h1>Hello</h1><img alt="ok" src="x">'.padEnd(400, ' '),
|
|
175
|
+
},
|
|
176
|
+
plainText: 'x'.repeat(500),
|
|
177
|
+
},
|
|
178
|
+
]),
|
|
179
|
+
},
|
|
180
|
+
};
|
|
181
|
+
const result = await processSeoScan(db);
|
|
182
|
+
expect(result.pagesWithIssues).toBe(0);
|
|
183
|
+
expect(result.totalProblems).toBe(0);
|
|
184
|
+
});
|
|
185
|
+
// Bugbot review (PR #40, post-fix re-scan): the `<h1>` heading detection
|
|
186
|
+
// used `content.includes('<h1')` which is case-sensitive, so documents with
|
|
187
|
+
// valid uppercase `<H1>` headings (or `<H1 class="...">`) were falsely
|
|
188
|
+
// flagged as missing. Now matches the case-insensitive `<img>` detection
|
|
189
|
+
// for consistency with the HTML spec.
|
|
190
|
+
it.each([
|
|
191
|
+
['lowercase <h1>', '<h1>Hello</h1>'],
|
|
192
|
+
['uppercase <H1>', '<H1>Hello</H1>'],
|
|
193
|
+
['mixed-case <H1 class>', '<H1 class="hero">Hello</H1>'],
|
|
194
|
+
['attribute on lowercase', '<h1 id="x">Hello</h1>'],
|
|
195
|
+
])('does not flag %s as missing H1 (regression)', async (_label, h1Markup) => {
|
|
196
|
+
const db = {
|
|
197
|
+
document: {
|
|
198
|
+
findMany: vi.fn().mockResolvedValue([
|
|
199
|
+
{
|
|
200
|
+
id: 'doc1',
|
|
201
|
+
title: 'Hello',
|
|
202
|
+
slug: 'hello',
|
|
203
|
+
collection: 'pages',
|
|
204
|
+
data: {
|
|
205
|
+
metaTitle: 'Hello',
|
|
206
|
+
metaDescription: 'A page',
|
|
207
|
+
canonical: 'https://example.com/hello',
|
|
208
|
+
schemaType: 'Article',
|
|
209
|
+
body: `${h1Markup}<img alt="ok" src="x">`.padEnd(400, ' '),
|
|
210
|
+
},
|
|
211
|
+
plainText: 'x'.repeat(500),
|
|
212
|
+
},
|
|
213
|
+
]),
|
|
214
|
+
},
|
|
215
|
+
};
|
|
216
|
+
const result = await processSeoScan(db);
|
|
217
|
+
expect(result.issues[0]?.problems ?? []).not.toContain('No H1 heading found in content');
|
|
218
|
+
});
|
|
219
|
+
// Bugbot review (PR #40, post-fix re-scan #2): the `<img>` regex was
|
|
220
|
+
// case-insensitive (`/gi`) but the `alt=` substring check inside the filter
|
|
221
|
+
// was case-sensitive (`img.includes('alt=')`), so `<IMG ALT="text">` matched
|
|
222
|
+
// the regex and was then falsely counted as missing alt text. Same class of
|
|
223
|
+
// bug as the H1 case-sensitivity fix above.
|
|
224
|
+
it.each([
|
|
225
|
+
['lowercase img + lowercase alt', '<img src="x" alt="ok">', 0],
|
|
226
|
+
['uppercase IMG + uppercase ALT', '<IMG SRC="x" ALT="ok">', 0],
|
|
227
|
+
['mixed-case Img + mixed-case Alt', '<Img src="x" Alt="ok">', 0],
|
|
228
|
+
['lowercase img with no alt is flagged', '<img src="x">', 1],
|
|
229
|
+
['uppercase IMG with no alt is flagged', '<IMG SRC="x">', 1],
|
|
230
|
+
])('alt-text scan is case-insensitive — %s', async (_label, imgMarkup, expectedMissing) => {
|
|
231
|
+
const db = {
|
|
232
|
+
document: {
|
|
233
|
+
findMany: vi.fn().mockResolvedValue([
|
|
234
|
+
{
|
|
235
|
+
id: 'doc1',
|
|
236
|
+
title: 'Hello',
|
|
237
|
+
slug: 'hello',
|
|
238
|
+
collection: 'pages',
|
|
239
|
+
data: {
|
|
240
|
+
metaTitle: 'Hello',
|
|
241
|
+
metaDescription: 'A page',
|
|
242
|
+
canonical: 'https://example.com/hello',
|
|
243
|
+
schemaType: 'Article',
|
|
244
|
+
body: `<h1>Hello</h1>${imgMarkup}`.padEnd(400, ' '),
|
|
245
|
+
},
|
|
246
|
+
plainText: 'x'.repeat(500),
|
|
247
|
+
},
|
|
248
|
+
]),
|
|
249
|
+
},
|
|
250
|
+
};
|
|
251
|
+
const result = await processSeoScan(db);
|
|
252
|
+
const problems = result.issues[0]?.problems ?? [];
|
|
253
|
+
const altMessages = problems.filter((p) => p.endsWith('image(s) missing alt text'));
|
|
254
|
+
if (expectedMissing === 0) {
|
|
255
|
+
expect(altMessages).toHaveLength(0);
|
|
256
|
+
}
|
|
257
|
+
else {
|
|
258
|
+
expect(altMessages).toContain(`${expectedMissing} image(s) missing alt text`);
|
|
259
|
+
}
|
|
260
|
+
});
|
|
261
|
+
});
|
|
262
|
+
//# sourceMappingURL=cron.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cron.test.js","sourceRoot":"","sources":["../../../src/__tests__/cron/cron.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EAAE,uBAAuB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAE7F,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;IAE9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,cAAc,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;;YAC3D,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,cAAc,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;QAC9B,MAAM,CAAC,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,CAAA;QAC5B,MAAM,CAAC,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,QAAQ,CAAA;QAClC,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACjD,MAAM,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,gBAAgB,CAAA;QAC1C,MAAM,CAAC,uBAAuB,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,0BAA0B,CAAA;QACpD,MAAM,CAAC,uBAAuB,CAAC,iCAAiC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sBAAsB,CAAA;QAChD,MAAM,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sBAAsB,CAAA;QAChD,MAAM,CAAC,uBAAuB,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,0EAA0E;IAC1E,sEAAsE;IACtE,mEAAmE;IACnE,uEAAuE;IACvE,SAAS;IACT,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,qBAAqB,EAAE,OAAO,CAAC;QAChC,CAAC,oBAAoB,EAAE,mDAAmD,CAAC;QAC3E,CAAC,OAAO,EAAE,EAAE,CAAC;QACb,CAAC,gBAAgB,EAAE,qBAAqB,CAAC;QACzC,CAAC,eAAe,EAAE,wBAAwB,CAAC;KAC5C,CAAC,CAAC,mDAAmD,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE;QAC1E,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sBAAsB,CAAA;QAChD,MAAM,CAAC,uBAAuB,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAClE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,GAAW,CAAA;IAEf,UAAU,CAAC,GAAG,EAAE;QACd,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAChB,EAAE,CAAC,aAAa,EAAE,CAAA;QAClB,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,aAAa,EAAE,CAAA;IACpB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,eAAe,EAAE,CAAC;YAClB,gBAAgB,EAAE,CAAC;YACnB,gBAAgB,EAAE,CAAC;YACnB,0BAA0B,EAAE,CAAC;SAC9B,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,UAAU,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1D,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,CAAA;QAEtC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAA;QAE9E,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,UAAU,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QAC3C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAA;QAC3D,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,EAAE,GAAG;YACT,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE;YACrE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;YACjE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;SAClE,CAAA;QACD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;QAEnE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAEhD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACvC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACvC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC/B,IAAI,CAAC,WAAW,EAAE,CAAA;IACpB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,UAAU,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1D,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,CAAA;QAEvC,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAEjC,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAA;QACxE,0CAA0C;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACrD,CAAC,CAAC,CAAA;IAEF,+DAA+D;IAC/D,yEAAyE;IACzE,4EAA4E;IAC5E,2EAA2E;IAC3E,2DAA2D;IAC3D,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,EAAE,GAAG;YACT,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,kBAAkB,EAAE,IAAI;SACzB,CAAA;QACD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,eAAe,EAAE,CAAC;YAClB,gBAAgB,EAAE,CAAC;YACnB,gBAAgB,EAAE,CAAC;YACnB,0BAA0B,EAAE,CAAC;SAC9B,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YACzC;gBACE,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE,EAAE;gBACR,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;aAC3B;SACF,CAAC,CAAA;QACF,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAA;QAErC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAEhD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAA;QAC3C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAA;QAChD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAA;QACtD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAClD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAA;IAClD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAA;QAC9C,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAA;QAErC,MAAM,cAAc,CAAC,EAAW,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAA;QACxD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,EAAE,GAAG;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAClC;wBACE,EAAE,EAAE,MAAM;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,OAAO;wBACb,UAAU,EAAE,OAAO;wBACnB,IAAI,EAAE;4BACJ,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,QAAQ;4BACzB,SAAS,EAAE,2BAA2B;4BACtC,UAAU,EAAE,SAAS;4BACrB,IAAI,EAAE,sCAAsC,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;yBAC9D;wBACD,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC3B;iBACF,CAAC;aACH;SACF,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;IAEF,yEAAyE;IACzE,4EAA4E;IAC5E,uEAAuE;IACvE,yEAAyE;IACzE,sCAAsC;IACtC,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QACpC,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QACpC,CAAC,uBAAuB,EAAE,6BAA6B,CAAC;QACxD,CAAC,wBAAwB,EAAE,uBAAuB,CAAC;KACpD,CAAC,CAAC,6CAA6C,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAClC;wBACE,EAAE,EAAE,MAAM;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,OAAO;wBACb,UAAU,EAAE,OAAO;wBACnB,IAAI,EAAE;4BACJ,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,QAAQ;4BACzB,SAAS,EAAE,2BAA2B;4BACtC,UAAU,EAAE,SAAS;4BACrB,IAAI,EAAE,GAAG,QAAQ,wBAAwB,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;yBAC3D;wBACD,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC3B;iBACF,CAAC;aACH;SACF,CAAA;QACD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAA;IAC1F,CAAC,CAAC,CAAA;IAEF,qEAAqE;IACrE,4EAA4E;IAC5E,6EAA6E;IAC7E,4EAA4E;IAC5E,4CAA4C;IAC5C,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,+BAA+B,EAAE,wBAAwB,EAAE,CAAC,CAAC;QAC9D,CAAC,+BAA+B,EAAE,wBAAwB,EAAE,CAAC,CAAC;QAC9D,CAAC,iCAAiC,EAAE,wBAAwB,EAAE,CAAC,CAAC;QAChE,CAAC,sCAAsC,EAAE,eAAe,EAAE,CAAC,CAAC;QAC5D,CAAC,sCAAsC,EAAE,eAAe,EAAE,CAAC,CAAC;KAC7D,CAAC,CAAC,wCAAwC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE;QACxF,MAAM,EAAE,GAAG;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAClC;wBACE,EAAE,EAAE,MAAM;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,OAAO;wBACb,UAAU,EAAE,OAAO;wBACnB,IAAI,EAAE;4BACJ,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,QAAQ;4BACzB,SAAS,EAAE,2BAA2B;4BACtC,UAAU,EAAE,SAAS;4BACrB,IAAI,EAAE,iBAAiB,SAAS,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;yBACpD;wBACD,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC3B;iBACF,CAAC;aACH;SACF,CAAA;QACD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAA;QACjD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC,CAAA;QACnF,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACrC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,GAAG,eAAe,4BAA4B,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encrypted-fields.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/encrypted-fields.test.ts"],"names":[],"mappings":""}
|