npm - @brika/auth - Versions diffs - 0.1.1 - Mend

@brika/auth 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

package/README.md +207 -0
package/package.json +50 -0
package/src/__tests__/AuthClient.test.ts +736 -0
package/src/__tests__/AuthService.test.ts +140 -0
package/src/__tests__/ScopeService.test.ts +156 -0
package/src/__tests__/SessionService.test.ts +311 -0
package/src/__tests__/UserService-avatar.test.ts +277 -0
package/src/__tests__/UserService.test.ts +223 -0
package/src/__tests__/canAccess.test.ts +166 -0
package/src/__tests__/disabledScopes.test.ts +101 -0
package/src/__tests__/middleware.test.ts +190 -0
package/src/__tests__/plugin.test.ts +78 -0
package/src/__tests__/requireSession.test.ts +78 -0
package/src/__tests__/routes-auth.test.ts +248 -0
package/src/__tests__/routes-profile.test.ts +403 -0
package/src/__tests__/routes-scopes.test.ts +64 -0
package/src/__tests__/routes-sessions.test.ts +235 -0
package/src/__tests__/routes-users.test.ts +477 -0
package/src/__tests__/serveImage.test.ts +277 -0
package/src/__tests__/setup.test.ts +270 -0
package/src/__tests__/verifyToken.test.ts +219 -0
package/src/client/AuthClient.ts +312 -0
package/src/client/http-client.ts +84 -0
package/src/client/index.ts +19 -0
package/src/config.ts +82 -0
package/src/constants.ts +10 -0
package/src/index.ts +16 -0
package/src/lib/define-roles.ts +35 -0
package/src/lib/define-scopes.ts +48 -0
package/src/middleware/canAccess.ts +126 -0
package/src/middleware/index.ts +13 -0
package/src/middleware/requireAuth.ts +35 -0
package/src/middleware/requireScope.ts +46 -0
package/src/middleware/verifyToken.ts +52 -0
package/src/plugin.ts +86 -0
package/src/react/AuthProvider.tsx +105 -0
package/src/react/hooks.ts +128 -0
package/src/react/index.ts +51 -0
package/src/react/withScopeGuard.tsx +73 -0
package/src/roles.ts +40 -0
package/src/schemas.ts +112 -0
package/src/scopes.ts +60 -0
package/src/server/index.ts +44 -0
package/src/server/requireSession.ts +44 -0
package/src/server/routes/auth.ts +102 -0
package/src/server/routes/cookie.ts +7 -0
package/src/server/routes/index.ts +32 -0
package/src/server/routes/profile.ts +162 -0
package/src/server/routes/scopes.ts +22 -0
package/src/server/routes/sessions.ts +68 -0
package/src/server/routes/setup.ts +50 -0
package/src/server/routes/users.ts +175 -0
package/src/server/serveImage.ts +91 -0
package/src/services/AuthService.ts +80 -0
package/src/services/ScopeService.ts +94 -0
package/src/services/SessionService.ts +245 -0
package/src/services/UserService.ts +245 -0
package/src/setup.ts +99 -0
package/src/tanstack/index.ts +15 -0
package/src/tanstack/routeBuilder.ts +311 -0
package/src/types.ts +118 -0
package/tsconfig.json +8 -0

package/src/__tests__/routes-users.test.ts ADDED Viewed

@@ -0,0 +1,477 @@
+/**
+ * @brika/auth - User Route Tests (CRUD, password reset)
+ */
+import { describe, expect, test } from 'bun:test';
+import { stub, useTestBed } from '@brika/di/testing';
+import type { Middleware } from '@brika/router';
+import { TestApp } from '@brika/router/testing';
+import { userRoutes } from '../server/routes/users';
+import { UserService } from '../services/UserService';
+import { Role, Scope, type Session, type User } from '../types';
+function withSession(session: Session): Middleware {
+  return async (c, next) => {
+    c.set('session', session);
+    await next();
+  };
+}
+const adminSession: Session = {
+  id: 'sess-admin',
+  userId: 'user-admin',
+  userEmail: 'admin@test.com',
+  userName: 'Admin',
+  userRole: Role.ADMIN,
+  scopes: [Scope.ADMIN_ALL],
+};
+const userSession: Session = {
+  id: 'sess-user',
+  userId: 'user-regular',
+  userEmail: 'user@test.com',
+  userName: 'User',
+  userRole: Role.USER,
+  scopes: [Scope.WORKFLOW_READ, Scope.BOARD_READ],
+};
+const now = new Date();
+const adminUser: User = {
+  id: 'user-admin',
+  email: 'admin@test.com',
+  name: 'Admin',
+  role: Role.ADMIN,
+  avatarHash: null,
+  createdAt: now,
+  updatedAt: now,
+  isActive: true,
+  scopes: [],
+};
+const regularUser: User = {
+  id: 'user-regular',
+  email: 'user@test.com',
+  name: 'User',
+  role: Role.USER,
+  avatarHash: null,
+  createdAt: now,
+  updatedAt: now,
+  isActive: true,
+  scopes: [],
+};
+// ─── GET /api/users ─────────────────────────────────────────────────────────
+describe('GET /api/users — as admin', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService, {
+      listUsers: () => [adminUser, regularUser],
+    });
+    app = TestApp.create(userRoutes, [withSession(adminSession)]);
+  });
+  test('returns list of users', async () => {
+    const res = await app.get('/api/users');
+    expect(res.status).toBe(200);
+    const body = res.body as {
+      users: User[];
+    };
+    expect(body.users).toHaveLength(2);
+  });
+});
+describe('GET /api/users — as regular user', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes, [withSession(userSession)]);
+  });
+  test('returns 403 without admin scope', async () => {
+    const res = await app.get('/api/users');
+    expect(res.status).toBe(403);
+  });
+});
+describe('GET /api/users — unauthenticated', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes);
+  });
+  test('returns 401 without session', async () => {
+    const res = await app.get('/api/users');
+    expect(res.status).toBe(401);
+  });
+});
+// ─── POST /api/users ────────────────────────────────────────────────────────
+describe('POST /api/users — as admin', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  let setPasswordCalled: boolean;
+  useTestBed(() => {
+    setPasswordCalled = false;
+    stub(UserService, {
+      createUser: (email: string, name: string, role: Role) => ({
+        ...regularUser,
+        id: 'new-user',
+        email,
+        name,
+        role,
+      }),
+      setPassword: async () => {
+        setPasswordCalled = true;
+      },
+    });
+    app = TestApp.create(userRoutes, [withSession(adminSession)]);
+  });
+  test('creates user and returns user object', async () => {
+    const res = await app.post('/api/users', {
+      email: 'new@test.com',
+      name: 'New User',
+      role: Role.USER,
+    });
+    expect(res.status).toBe(200);
+    const body = res.body as {
+      status: number;
+      body: {
+        user: User;
+      };
+    };
+    expect(body.body.user.email).toBe('new@test.com');
+  });
+  test('sets password when provided', async () => {
+    await app.post('/api/users', {
+      email: 'new@test.com',
+      name: 'New User',
+      role: Role.USER,
+      password: 'Secret123!',
+    });
+    expect(setPasswordCalled).toBe(true);
+  });
+  test('skips setPassword when password is not provided', async () => {
+    await app.post('/api/users', {
+      email: 'new@test.com',
+      name: 'New User',
+      role: Role.USER,
+    });
+    expect(setPasswordCalled).toBe(false);
+  });
+});
+describe('POST /api/users — as regular user', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes, [withSession(userSession)]);
+  });
+  test('returns 403 for non-admin', async () => {
+    const res = await app.post('/api/users', {
+      email: 'test@y.com',
+      name: 'Test',
+      role: Role.USER,
+    });
+    expect(res.status).toBe(403);
+  });
+});
+describe('POST /api/users — unauthenticated', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes);
+  });
+  test('returns 401 without session', async () => {
+    const res = await app.post('/api/users', {
+      email: 'test@y.com',
+      name: 'Test',
+      role: Role.USER,
+    });
+    expect(res.status).toBe(401);
+  });
+});
+// ─── GET /api/users/:id ─────────────────────────────────────────────────────
+describe('GET /api/users/:id — as admin', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService, {
+      getUser: (id: string) => {
+        if (id === 'user-regular') {
+          return regularUser;
+        }
+        if (id === 'user-admin') {
+          return adminUser;
+        }
+        return null;
+      },
+    });
+    app = TestApp.create(userRoutes, [withSession(adminSession)]);
+  });
+  test('returns user by id', async () => {
+    const res = await app.get('/api/users/user-regular');
+    expect(res.status).toBe(200);
+    const body = res.body as {
+      user: User;
+    };
+    expect(body.user.email).toBe('user@test.com');
+  });
+  test('returns 404 for unknown user', async () => {
+    const res = await app.get('/api/users/nonexistent');
+    expect(res.status).toBe(404);
+  });
+});
+describe('GET /api/users/:id — as regular user', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService, {
+      getUser: () => regularUser,
+    });
+    app = TestApp.create(userRoutes, [withSession(userSession)]);
+  });
+  test('can access own profile', async () => {
+    const res = await app.get('/api/users/user-regular');
+    expect(res.status).toBe(200);
+  });
+  test('returns 403 when accessing another user', async () => {
+    const res = await app.get('/api/users/user-admin');
+    expect(res.status).toBe(403);
+  });
+});
+describe('GET /api/users/:id — unauthenticated', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes);
+  });
+  test('returns 401 without session', async () => {
+    const res = await app.get('/api/users/user-admin');
+    expect(res.status).toBe(401);
+  });
+});
+// ─── PUT /api/users/:id/password ────────────────────────────────────────────
+describe('PUT /api/users/:id/password — as admin', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService, {
+      getUser: (id: string) => (id === 'user-regular' ? regularUser : null),
+      setPassword: async () => {},
+    });
+    app = TestApp.create(userRoutes, [withSession(adminSession)]);
+  });
+  test('resets password for existing user', async () => {
+    const res = await app.put('/api/users/user-regular/password', {
+      password: 'NewPass123!',
+    });
+    expect(res.status).toBe(200);
+    expect(
+      (
+        res.body as {
+          ok: boolean;
+        }
+      ).ok
+    ).toBe(true);
+  });
+  test('returns 400 when password is missing', async () => {
+    const res = await app.put('/api/users/user-regular/password', {});
+    expect(res.status).toBe(400);
+  });
+  test('returns 404 for unknown user', async () => {
+    const res = await app.put('/api/users/nonexistent/password', {
+      password: 'ValidPass123!',
+    });
+    expect(res.status).toBe(404);
+  });
+});
+describe('PUT /api/users/:id/password — as regular user', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes, [withSession(userSession)]);
+  });
+  test('returns 403 for non-admin', async () => {
+    const res = await app.put('/api/users/user-regular/password', {
+      password: 'ValidPass123!',
+    });
+    expect(res.status).toBe(403);
+  });
+});
+describe('PUT /api/users/:id/password — unauthenticated', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes);
+  });
+  test('returns 401 without session', async () => {
+    const res = await app.put('/api/users/user-regular/password', {
+      password: 'ValidPass123!',
+    });
+    expect(res.status).toBe(401);
+  });
+});
+// ─── PUT /api/users/:id ─────────────────────────────────────────────────────
+describe('PUT /api/users/:id — as admin', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService, {
+      updateUser: (
+        _id: string,
+        updates: {
+          name?: string;
+        }
+      ) => ({
+        ...regularUser,
+        name: updates.name ?? regularUser.name,
+      }),
+    });
+    app = TestApp.create(userRoutes, [withSession(adminSession)]);
+  });
+  test('updates user fields', async () => {
+    const res = await app.put('/api/users/user-regular', {
+      name: 'Updated Name',
+    });
+    expect(res.status).toBe(200);
+    const body = res.body as {
+      user: User;
+    };
+    expect(body.user.name).toBe('Updated Name');
+  });
+});
+describe('PUT /api/users/:id — as regular user', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes, [withSession(userSession)]);
+  });
+  test('returns 403 for non-admin', async () => {
+    const res = await app.put('/api/users/user-regular', {
+      name: 'Test',
+    });
+    expect(res.status).toBe(403);
+  });
+});
+describe('PUT /api/users/:id — unauthenticated', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes);
+  });
+  test('returns 401 without session', async () => {
+    const res = await app.put('/api/users/user-regular', {
+      name: 'Test',
+    });
+    expect(res.status).toBe(401);
+  });
+});
+// ─── DELETE /api/users/:id ──────────────────────────────────────────────────
+describe('DELETE /api/users/:id — as admin', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService, {
+      getUser: (id: string) => (id === 'user-regular' ? regularUser : null),
+      deleteUser: () => {},
+    });
+    app = TestApp.create(userRoutes, [withSession(adminSession)]);
+  });
+  test('deletes another user', async () => {
+    const res = await app.delete('/api/users/user-regular');
+    expect(res.status).toBe(200);
+    expect(
+      (
+        res.body as {
+          ok: boolean;
+        }
+      ).ok
+    ).toBe(true);
+  });
+  test('returns 400 when trying to self-delete', async () => {
+    const res = await app.delete('/api/users/user-admin');
+    expect(res.status).toBe(400);
+  });
+  test('returns 404 for unknown user', async () => {
+    const res = await app.delete('/api/users/nonexistent');
+    expect(res.status).toBe(404);
+  });
+});
+describe('DELETE /api/users/:id — as regular user', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes, [withSession(userSession)]);
+  });
+  test('returns 403 for non-admin', async () => {
+    const res = await app.delete('/api/users/user-regular');
+    expect(res.status).toBe(403);
+  });
+});
+describe('DELETE /api/users/:id — unauthenticated', () => {
+  let app: ReturnType<typeof TestApp.create>;
+  useTestBed(() => {
+    stub(UserService);
+    app = TestApp.create(userRoutes);
+  });
+  test('returns 401 without session', async () => {
+    const res = await app.delete('/api/users/user-regular');
+    expect(res.status).toBe(401);
+  });
+});