@brika/auth 0.1.1

package/src/__tests__/serveImage.test.ts

@@ -0,0 +1,277 @@
+/**
+ * @brika/auth - serveImage Tests
+ *
+ * Tests for the image serving utility: null data handling, cache headers,
+ * ETag generation, 304 responses, and query parameter parsing with photon resize.
+ */
+
+import { describe, expect, it } from 'bun:test';
+import { deflateSync } from 'node:zlib';
+import { type ImageQuery, serveImage } from '../server/serveImage';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function createCtx(
+  query: ImageQuery = {},
+  headers: Record<string, string> = {}
+): {
+  req: Request;
+  query: ImageQuery;
+} {
+  const req = new Request('http://localhost:3001/api/auth/avatar/user-1', {
+    headers,
+  });
+  return {
+    req,
+    query,
+  };
+}
+
+/** Simple 1x1 white PNG as a Buffer for testing. */
+const TINY_IMAGE = Buffer.from(
+  'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAC0lEQVQI12NgAAIABQAB' +
+    'Nl7BcQAAAABJRU5ErkJggg==',
+  'base64'
+);
+
+/** Create a valid NxN RGB PNG for resize tests. */
+function makeTestPng(size: number): Buffer {
+  function crc32(buf: Buffer): number {
+    const table = new Uint32Array(256);
+    for (let i = 0; i < 256; i++) {
+      let c = i;
+      for (let j = 0; j < 8; j++) {
+        c = c & 1 ? 0xedb88320 ^ (c >>> 1) : c >>> 1;
+      }
+      table[i] = c;
+    }
+    let c = 0xffffffff;
+    for (let i = 0; i < buf.length; i++) {
+      c = (c >>> 8) ^ (table[(c ^ (buf[i] ?? 0)) & 0xff] ?? 0);
+    }
+    return (c ^ 0xffffffff) >>> 0;
+  }
+  function chunk(type: string, data: Buffer): Buffer {
+    const len = Buffer.alloc(4);
+    len.writeUInt32BE(data.length);
+    const td = Buffer.concat([Buffer.from(type), data]);
+    const crc = Buffer.alloc(4);
+    crc.writeUInt32BE(crc32(td));
+    return Buffer.concat([len, td, crc]);
+  }
+  const rowBytes = 1 + size * 3; // filter byte + RGB per pixel
+  const raw = Buffer.alloc(size * rowBytes);
+  for (let y = 0; y < size; y++) {
+    raw[y * rowBytes] = 0; // filter=none
+    for (let x = 0; x < size; x++) {
+      raw[y * rowBytes + 1 + x * 3] = 255; // R
+    }
+  }
+  const ihdr = Buffer.alloc(13);
+  ihdr.writeUInt32BE(size, 0);
+  ihdr.writeUInt32BE(size, 4);
+  ihdr[8] = 8;
+  ihdr[9] = 2; // RGB
+  return Buffer.concat([
+    Buffer.from([137, 80, 78, 71, 13, 10, 26, 10]),
+    chunk('IHDR', ihdr),
+    chunk('IDAT', deflateSync(raw)),
+    chunk('IEND', Buffer.alloc(0)),
+  ]);
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('serveImage', () => {
+  // -------------------------------------------------------------------------
+  // null data
+  // -------------------------------------------------------------------------
+
+  describe('null data', () => {
+    it('should return 204 when data is null', () => {
+      const response = serveImage(null, createCtx());
+      expect(response.status).toBe(204);
+      expect(response.body).toBeNull();
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // Basic response
+  // -------------------------------------------------------------------------
+
+  describe('basic response', () => {
+    it('should return webp content type', () => {
+      const response = serveImage(TINY_IMAGE, createCtx());
+      expect(response.headers.get('Content-Type')).toBe('image/webp');
+    });
+
+    it('should return 200 status', () => {
+      const response = serveImage(TINY_IMAGE, createCtx());
+      expect(response.status).toBe(200);
+    });
+
+    it('should include ETag header', () => {
+      const response = serveImage(TINY_IMAGE, createCtx());
+      const etag = response.headers.get('ETag');
+      expect(etag).not.toBeNull();
+      expect(etag).toStartWith('"');
+      expect(etag).toEndWith('"');
+    });
+
+    it('should return body as Uint8Array', async () => {
+      const response = serveImage(TINY_IMAGE, createCtx());
+      const body = await response.arrayBuffer();
+      expect(body.byteLength).toBeGreaterThan(0);
+    });
+
+    it('should produce consistent ETag for same data', () => {
+      const r1 = serveImage(TINY_IMAGE, createCtx());
+      const r2 = serveImage(TINY_IMAGE, createCtx());
+      expect(r1.headers.get('ETag')).toBe(r2.headers.get('ETag'));
+    });
+
+    it('should produce different ETag for different data', () => {
+      const otherImage = Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x00]);
+      const r1 = serveImage(TINY_IMAGE, createCtx());
+      const r2 = serveImage(otherImage, createCtx());
+      expect(r1.headers.get('ETag')).not.toBe(r2.headers.get('ETag'));
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // 304 Not Modified
+  // -------------------------------------------------------------------------
+
+  describe('304 Not Modified', () => {
+    it('should return 304 when If-None-Match matches ETag', () => {
+      const firstResponse = serveImage(TINY_IMAGE, createCtx());
+      const etag = firstResponse.headers.get('ETag');
+      if (!etag) {
+        throw new Error('Expected ETag header to be defined');
+      }
+
+      const ctx = createCtx(
+        {},
+        {
+          'If-None-Match': etag,
+        }
+      );
+      const response = serveImage(TINY_IMAGE, ctx);
+
+      expect(response.status).toBe(304);
+      expect(response.headers.get('ETag')).toBe(etag);
+    });
+
+    it('should return 200 when If-None-Match does not match', () => {
+      const ctx = createCtx(
+        {},
+        {
+          'If-None-Match': '"stale-etag"',
+        }
+      );
+      const response = serveImage(TINY_IMAGE, ctx);
+      expect(response.status).toBe(200);
+    });
+
+    it('should return 304 with null body', () => {
+      const firstResponse = serveImage(TINY_IMAGE, createCtx());
+      const etag = firstResponse.headers.get('ETag');
+      if (!etag) {
+        throw new Error('Expected ETag header to be defined');
+      }
+
+      const ctx = createCtx(
+        {},
+        {
+          'If-None-Match': etag,
+        }
+      );
+      const response = serveImage(TINY_IMAGE, ctx);
+      expect(response.status).toBe(304);
+      expect(response.body).toBeNull();
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // Cache-Control
+  // -------------------------------------------------------------------------
+
+  describe('Cache-Control', () => {
+    it('should default to 1-year max-age with immutable', () => {
+      const response = serveImage(TINY_IMAGE, createCtx());
+      const cc = response.headers.get('Cache-Control');
+      expect(cc).toBe('public, max-age=31536000, immutable');
+    });
+
+    it('should use custom maxAge with immutable', () => {
+      const response = serveImage(TINY_IMAGE, createCtx(), {
+        maxAge: 7200,
+      });
+      const cc = response.headers.get('Cache-Control');
+      expect(cc).toBe('public, max-age=7200, immutable');
+    });
+
+    it('should use no-cache when maxAge is 0', () => {
+      const response = serveImage(TINY_IMAGE, createCtx(), {
+        maxAge: 0,
+      });
+      const cc = response.headers.get('Cache-Control');
+      expect(cc).toBe('no-cache');
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // Query parameters (w, h, s) — resize via @cf-wasm/photon
+  // -------------------------------------------------------------------------
+
+  describe('query parameters', () => {
+    it('should handle empty query', () => {
+      const response = serveImage(TINY_IMAGE, createCtx({}));
+      expect(response.status).toBe(200);
+    });
+
+    it('should resize with ?s (square)', () => {
+      const validImage = makeTestPng(4);
+      const response = serveImage(
+        validImage,
+        createCtx({
+          s: 2,
+        })
+      );
+      expect(response.status).toBe(200);
+      expect(response.headers.get('Content-Type')).toBe('image/webp');
+    });
+
+    it('should resize with ?w only', () => {
+      const validImage = makeTestPng(4);
+      const response = serveImage(
+        validImage,
+        createCtx({
+          w: 3,
+        })
+      );
+      expect(response.status).toBe(200);
+    });
+
+    it('should resize with ?w and ?h', () => {
+      const validImage = makeTestPng(4);
+      const response = serveImage(
+        validImage,
+        createCtx({
+          w: 3,
+          h: 2,
+        })
+      );
+      expect(response.status).toBe(200);
+    });
+
+    it('should skip resize when no dimensions provided', () => {
+      const response = serveImage(TINY_IMAGE, createCtx({}));
+      expect(response.status).toBe(200);
+    });
+  });
+});

package/src/__tests__/setup.test.ts

@@ -0,0 +1,270 @@
+/**
+ * @brika/auth - Setup Tests
+ *
+ * Tests for openAuthDatabase and setupAuthServices.
+ * Verifies schema creation, indices, migrations, and DI registration.
+ */
+
+import { Database } from 'bun:sqlite';
+import { afterEach, describe, expect, it } from 'bun:test';
+import { container, inject } from '@brika/di';
+import { AuthService } from '../services/AuthService';
+import { ScopeService } from '../services/ScopeService';
+import { SessionService } from '../services/SessionService';
+import { UserService } from '../services/UserService';
+import { openAuthDatabase, setupAuthServices } from '../setup';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+interface TableInfo {
+  name: string;
+}
+
+interface IndexInfo {
+  name: string;
+}
+
+interface ColumnInfo {
+  name: string;
+  type: string;
+}
+
+function getTableNames(db: Database): string[] {
+  const rows = db
+    .query("SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%'")
+    .all() as TableInfo[];
+  return rows.map((r) => r.name);
+}
+
+function getIndexNames(db: Database): string[] {
+  const rows = db.query("SELECT name FROM sqlite_master WHERE type='index'").all() as IndexInfo[];
+  return rows.map((r) => r.name);
+}
+
+function getColumns(db: Database, table: string): string[] {
+  const rows = db.query(`PRAGMA table_info(${table})`).all() as ColumnInfo[];
+  return rows.map((r) => r.name);
+}
+
+// ---------------------------------------------------------------------------
+// openAuthDatabase
+// ---------------------------------------------------------------------------
+
+describe('openAuthDatabase', () => {
+  afterEach(() => {
+    container.clearInstances();
+  });
+
+  it('should create users table', () => {
+    const db = openAuthDatabase(':memory:');
+    const tables = getTableNames(db);
+    expect(tables).toContain('users');
+    db.close();
+  });
+
+  it('should create sessions table', () => {
+    const db = openAuthDatabase(':memory:');
+    const tables = getTableNames(db);
+    expect(tables).toContain('sessions');
+    db.close();
+  });
+
+  it('should create users table with expected columns', () => {
+    const db = openAuthDatabase(':memory:');
+    const columns = getColumns(db, 'users');
+    expect(columns).toContain('id');
+    expect(columns).toContain('email');
+    expect(columns).toContain('password_hash');
+    expect(columns).toContain('name');
+    expect(columns).toContain('role');
+    expect(columns).toContain('is_active');
+    expect(columns).toContain('created_at');
+    expect(columns).toContain('updated_at');
+    db.close();
+  });
+
+  it('should create sessions table with expected columns', () => {
+    const db = openAuthDatabase(':memory:');
+    const columns = getColumns(db, 'sessions');
+    expect(columns).toContain('id');
+    expect(columns).toContain('user_id');
+    expect(columns).toContain('token_hash');
+    expect(columns).toContain('ip');
+    expect(columns).toContain('user_agent');
+    expect(columns).toContain('created_at');
+    expect(columns).toContain('last_seen_at');
+    expect(columns).toContain('expires_at');
+    expect(columns).toContain('revoked_at');
+    db.close();
+  });
+
+  it('should create indices', () => {
+    const db = openAuthDatabase(':memory:');
+    const indices = getIndexNames(db);
+    expect(indices).toContain('idx_users_email');
+    expect(indices).toContain('idx_sessions_token_hash');
+    expect(indices).toContain('idx_sessions_user_id');
+    db.close();
+  });
+
+  it('should have avatar and scopes columns', () => {
+    const db = openAuthDatabase(':memory:');
+    const columns = getColumns(db, 'users');
+    expect(columns).toContain('avatar_data');
+    expect(columns).toContain('avatar_mime');
+    expect(columns).toContain('avatar_hash');
+    expect(columns).toContain('scopes');
+    db.close();
+  });
+
+  it('should attempt to set WAL journal mode', () => {
+    // In-memory databases don't support WAL (they report "memory"),
+    // but the code still runs the PRAGMA without error.
+    const db = openAuthDatabase(':memory:');
+    const result = db.query('PRAGMA journal_mode').get() as {
+      journal_mode: string;
+    };
+    // :memory: databases can't use WAL, so journal_mode stays "memory"
+    expect(result.journal_mode).toBe('memory');
+    db.close();
+  });
+
+  it('should be idempotent (calling twice does not error)', () => {
+    const db = openAuthDatabase(':memory:');
+    // Simulate running the migrations again on an already-migrated database
+    // by closing and re-opening (not possible with :memory:, but we can just
+    // verify the ALTER TABLE catch blocks work by calling the function logic).
+    // The migrations use try/catch so they silently skip if columns exist.
+    // We verify by checking columns are still present.
+    const columns = getColumns(db, 'users');
+    expect(columns).toContain('avatar_data');
+    expect(columns).toContain('scopes');
+    db.close();
+  });
+
+  it('should create email unique constraint on users', () => {
+    const db = openAuthDatabase(':memory:');
+    const now = Date.now();
+    db.run(
+      "INSERT INTO users (id, email, name, role, is_active, created_at, updated_at) VALUES ('u1', 'a@b.com', 'A', 'user', 1, ?, ?)",
+      [now, now]
+    );
+    // Inserting duplicate email should fail
+    expect(() =>
+      db.run(
+        "INSERT INTO users (id, email, name, role, is_active, created_at, updated_at) VALUES ('u2', 'a@b.com', 'B', 'user', 1, ?, ?)",
+        [now, now]
+      )
+    ).toThrow();
+    db.close();
+  });
+
+  it('should create foreign key from sessions to users', () => {
+    const db = openAuthDatabase(':memory:');
+    const now = Date.now();
+    // Insert a user first
+    db.run(
+      "INSERT INTO users (id, email, name, role, is_active, created_at, updated_at) VALUES ('u1', 'a@b.com', 'A', 'user', 1, ?, ?)",
+      [now, now]
+    );
+    // Insert session referencing the user (should succeed)
+    db.run(
+      "INSERT INTO sessions (id, user_id, token_hash, created_at, last_seen_at, expires_at) VALUES ('s1', 'u1', 'hash1', ?, ?, ?)",
+      [now, now, now + 86400000]
+    );
+    const sessions = db.query('SELECT * FROM sessions WHERE user_id = ?').all('u1');
+    expect(sessions).toHaveLength(1);
+    db.close();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// setupAuthServices
+// ---------------------------------------------------------------------------
+
+describe('setupAuthServices', () => {
+  afterEach(() => {
+    container.clearInstances();
+  });
+
+  it('should register SessionService in the container', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db);
+
+    const service = inject(SessionService);
+    expect(service).toBeDefined();
+    expect(service).toBeInstanceOf(SessionService);
+    db.close();
+  });
+
+  it('should register UserService in the container', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db);
+
+    const service = inject(UserService);
+    expect(service).toBeDefined();
+    expect(service).toBeInstanceOf(UserService);
+    db.close();
+  });
+
+  it('should register ScopeService in the container', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db);
+
+    const service = inject(ScopeService);
+    expect(service).toBeDefined();
+    expect(service).toBeInstanceOf(ScopeService);
+    db.close();
+  });
+
+  it('should register AuthService in the container', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db);
+
+    const service = inject(AuthService);
+    expect(service).toBeDefined();
+    expect(service).toBeInstanceOf(AuthService);
+    db.close();
+  });
+
+  it('should accept custom session TTL', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db, {
+      session: {
+        ttl: 3600,
+      },
+    });
+
+    const sessionService = inject(SessionService);
+    expect(sessionService).toBeDefined();
+    // SessionService should have been constructed with the custom TTL
+    expect(sessionService.getSessionTTL()).toBe(3600);
+    db.close();
+  });
+
+  it('should use default session TTL when not provided', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db);
+
+    const sessionService = inject(SessionService);
+    // Default TTL is 604800 (7 days)
+    expect(sessionService.getSessionTTL()).toBe(604800);
+    db.close();
+  });
+
+  it('should allow full auth flow after setup (inject AuthService)', () => {
+    const db = openAuthDatabase(':memory:');
+    setupAuthServices(db);
+
+    // The AuthService should be resolvable and its dependencies should be wired
+    const authService = inject(AuthService);
+    expect(authService).toBeDefined();
+    expect(authService).toBeInstanceOf(AuthService);
+
+    // getCurrentUser should return null for unknown user (verifies the chain works)
+    expect(authService.getCurrentUser('nonexistent')).toBeNull();
+    db.close();
+  });
+});