@c15t/backend 1.2.0-canary.8 → 1.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@c15t/backend",
-  "version": "1.2.0-canary.8",
+  "version": "1.2.0",
   "license": "GPL-3.0-only",
   "type": "module",
   "exports": {
@@ -19,6 +19,11 @@
       "import": "./dist/schema/index.js",
       "require": "./dist/schema/index.cjs"
     },
+    "./contracts": {
+      "types": "./dist/contracts/index.d.ts",
+      "import": "./dist/contracts.js",
+      "require": "./dist/contracts.cjs"
+    },
     "./pkgs/data-model/fields": {
       "types": "./dist/pkgs/data-model/fields/index.d.ts",
       "import": "./dist/pkgs/data-model/fields/index.js",
@@ -107,8 +112,8 @@
     "msw": "^2.7.6",
     "typescript": "^5.8.3",
     "vitest": "^3.1.1",
-    "@c15t/vitest-config": "1.0.0",
-    "@c15t/typescript-config": "0.0.1-beta.1"
+    "@c15t/typescript-config": "0.0.1-beta.1",
+    "@c15t/vitest-config": "1.0.0"
   },
   "publishConfig": {
     "access": "public"
@@ -117,7 +122,7 @@
     "build": "rslib build",
     "check-types": "tsc --noEmit",
     "dev": "rslib build --watch",
-    "fmt": "pnpm biome format --write . && biome check --formatter-enabled=false --linter-enabled=false --organize-imports-enabled=true --write",
+    "fmt": "pnpm biome format --write . && pnpm biome check --formatter-enabled=false --linter-enabled=false --organize-imports-enabled=true --write",
     "knip": "knip",
     "lint": "pnpm biome lint ./src",
     "start": "node dist/server.cjs",

package/rslib.config.ts

@@ -62,6 +62,7 @@ export default defineConfig({
 		entry: {
 			core: ['./src/core.ts'],
 			router: ['./src/router.ts'],
+			contracts: ['./src/contracts/index.ts'],
 			'schema/index': ['./src/schema/index.ts'],
 			'pkgs/data-model/fields/index': ['./src/pkgs/data-model/fields/index.ts'],
 			'pkgs/data-model/index': ['./src/pkgs/data-model/index.ts'],

package/src/__tests__/server.test.ts

@@ -0,0 +1,96 @@
+import { describe, expect, it } from 'vitest';
+import { type C15TOptions, c15tInstance } from '../core';
+
+const mockOptions: C15TOptions = {
+	appName: 'Consent.io Dashboard',
+	basePath: '/api/c15t',
+	trustedOrigins: [
+		'localhost',
+		'vercel.app',
+		'consent.io',
+		'https://test.consent.io',
+	],
+	cors: true,
+	advanced: {
+		cors: {
+			allowHeaders: ['content-type', 'x-request-id'],
+		},
+	},
+	logger: {
+		level: 'debug',
+	},
+};
+
+const createTestRequest = (
+	path = '/api/c15t/status',
+	method = 'GET',
+	headers?: Record<string, string>
+) => {
+	return new Request(`http://localhost${path}`, {
+		method,
+		headers: {
+			'content-type': 'application/json',
+			...(headers || {}),
+		},
+	});
+};
+
+describe('C15T /status endpoint', () => {
+	it('GET /api/c15t/status returns 200 and status payload', async () => {
+		const c15t = c15tInstance(mockOptions);
+		const request = createTestRequest();
+		const response = await c15t.handler(request);
+		expect(response.status).toBe(200);
+		const data = await response.json();
+		expect(data).toHaveProperty('status');
+	});
+
+	it('responds correctly to requests from allowed origins', async () => {
+		const c15t = c15tInstance(mockOptions);
+		const request = createTestRequest(undefined, undefined, {
+			origin: 'https://test.consent.io',
+		});
+		const response = await c15t.handler(request);
+		expect(response.status).toBe(200);
+		expect(response.headers.get('access-control-allow-origin')).toBe(
+			'https://test.consent.io'
+		);
+	});
+
+	it('rejects requests from disallowed origins', async () => {
+		const c15t = c15tInstance(mockOptions);
+		const request = createTestRequest(undefined, undefined, {
+			origin: 'https://malicious-site.com',
+		});
+		const response = await c15t.handler(request);
+		expect(response.headers.get('access-control-allow-origin')).toBeNull();
+	});
+
+	it('handles preflight requests correctly', async () => {
+		const c15t = c15tInstance(mockOptions);
+		const request = createTestRequest(undefined, 'OPTIONS', {
+			origin: 'https://test.consent.io',
+			'access-control-request-method': 'GET',
+		});
+		const response = await c15t.handler(request);
+		expect(response.status).toBe(204);
+		expect(response.headers.get('access-control-allow-origin')).toBe(
+			'https://test.consent.io'
+		);
+		expect(response.headers.get('access-control-allow-headers')).toContain(
+			'Content-Type, Authorization, x-request-id'
+		);
+	});
+});
+
+describe('C15T /docs endpoint', () => {
+	it('GET /api/c15t/docs returns 200 and HTML', async () => {
+		const c15t = c15tInstance(mockOptions);
+		const request = createTestRequest('/api/c15t/docs');
+		const response = await c15t.handler(request);
+		expect(response.status).toBe(200);
+		const text = await response.text();
+		expect(text).toContain('<!doctype html>');
+		expect(response.headers.get('content-type')).toContain('text/html');
+	});
+});

package/src/contracts/index.ts

@@ -12,6 +12,8 @@ const config = {
 	meta: metaContracts,
 };
 
+export { config as contracts };
+
 export const os = implement(config);
 
 export type ContractsOutputs = InferContractRouterOutputs<typeof config>;

package/src/core.ts

@@ -296,16 +296,31 @@ export const c15tInstance = <PluginTypes extends C15TPlugin[] = C15TPlugin[]>(
 
 		// Use oRPC handler to handle the request with our enhanced context
 		const handlerContext = orpcContext as Record<string, unknown>;
+
+		orpcContext.logger.debug?.('Handling prefix', {
+			prefix: (options.basePath as `/${string}`) || '/',
+		});
+
 		const { matched, response } = await rpcHandler.handle(request, {
-			prefix: '/',
+			prefix: (options.basePath as `/${string}`) || '/',
 			context: handlerContext,
 		});
 
 		// Return the response if handler matched
 		if (matched && response) {
+			orpcContext.logger.debug('Handler matched', {
+				request,
+				matched,
+				response,
+			});
 			return response;
 		}
 
+		orpcContext.logger.debug('No handler matched', {
+			request,
+			matched,
+			response,
+		});
 		// If no handler matched, return 404
 		return new Response('Not Found', { status: 404 });
 	};
@@ -316,6 +331,11 @@ export const c15tInstance = <PluginTypes extends C15TPlugin[] = C15TPlugin[]>(
 	const handler = async (request: Request): Promise<Response> => {
 		try {
 			const url = new URL(request.url);
+			// Add this debug log:
+			createLogger(options.logger)?.debug?.('Incoming request', {
+				method: request.method,
+				pathname: url.pathname,
+			});
 
 			// Check for OpenAPI spec or docs UI requests
 			const openApiResponse = await handleOpenApiSpecRequest(url);
@@ -335,6 +355,19 @@ export const c15tInstance = <PluginTypes extends C15TPlugin[] = C15TPlugin[]>(
 			}
 			const ctx = ctxResult.value;
 
+			// After options/baseURL/basePath is set/used
+			const basePath = options.basePath || options.baseURL || '/';
+			createLogger(options.logger)?.debug?.('[c15t] Using basePath/baseURL', {
+				basePath,
+			});
+
+			// Add this debug log:
+			createLogger(options.logger)?.debug?.('[c15t] Routing request', {
+				method: request.method,
+				url: request.url,
+				prefix: basePath,
+			});
+
 			// Handle API request
 			return await handleApiRequest(request, ctx);
 		} catch (error) {

package/src/middleware/cors/cors.test.ts

@@ -1,4 +1,3 @@
-import {} from 'msw';
 import { setupServer } from 'msw/node';
 import { afterAll, afterEach, beforeAll, describe, expect, it } from 'vitest';
 import { c15tInstance } from '../../core';

package/src/middleware/openapi/config.ts

@@ -4,12 +4,15 @@ import packageJson from '../../../package.json';
 /**
  * Default OpenAPI configuration
  */
-export const createOpenAPIConfig = (options: C15TOptions) => ({
-	enabled: true,
-	specPath: '/spec.json',
-	docsPath: '/docs',
-	...(options.openapi || {}),
-});
+export const createOpenAPIConfig = (options: C15TOptions) => {
+	const basePath = options.basePath || '';
+	return {
+		enabled: true,
+		specPath: `${basePath}/spec.json`,
+		docsPath: `${basePath}/docs`,
+		...(options.openapi || {}),
+	};
+};
 
 /**
  * Default OpenAPI options
@@ -20,6 +23,6 @@ export const createDefaultOpenAPIOptions = (options: C15TOptions) => ({
 		version: packageJson.version,
 		description: 'API for consent management',
 	},
-	servers: [{ url: '/' }],
+	servers: [{ url: options.basePath || '/' }],
 	security: [{ bearerAuth: [] }],
 });

package/src/schema/consent-policy/registry.ts

@@ -1,8 +1,7 @@
 import { getWithHooks } from '~/pkgs/data-model';
 import type { Where } from '~/pkgs/db-adapters';
-import type { GenericEndpointContext, RegistryContext } from '~/pkgs/types';
-
 import { DoubleTieError, ERROR_CODES } from '~/pkgs/results';
+import type { GenericEndpointContext, RegistryContext } from '~/pkgs/types';
 import { validateEntityOutput } from '../definition';
 import type { ConsentPolicy, PolicyType } from './schema';
 
@@ -31,12 +30,24 @@ import type { ConsentPolicy, PolicyType } from './schema';
  */
 async function generatePolicyPlaceholder(name: string, date: Date) {
 	const content = `[PLACEHOLDER] This is an automatically generated version of the ${name} policy.\n\nThis placeholder content should be replaced with actual policy terms before being presented to users.\n\nGenerated on: ${date.toISOString()}`;
-	const encoder = new TextEncoder();
-	const data = encoder.encode(content);
-	const hashBuffer = await crypto.subtle.digest('SHA-256', data);
-	const contentHash = Array.from(new Uint8Array(hashBuffer))
-		.map((b) => b.toString(16).padStart(2, '0'))
-		.join('');
+
+	let contentHash: string;
+	try {
+		// Use Web Crypto API which is available in both browsers and edge environments
+		const encoder = new TextEncoder();
+		const data = encoder.encode(content);
+		const hashBuffer = await crypto.subtle.digest('SHA-256', data);
+		contentHash = Array.from(new Uint8Array(hashBuffer))
+			.map((b) => b.toString(16).padStart(2, '0'))
+			.join('');
+	} catch (error) {
+		throw new DoubleTieError('Failed to generate policy content hash', {
+			code: ERROR_CODES.INTERNAL_SERVER_ERROR,
+			status: 500,
+			cause: error instanceof Error ? error : new Error(String(error)),
+		});
+	}
+
 	return { content, contentHash };
 }
 
@@ -271,55 +282,67 @@ export function policyRegistry({ adapter, ...ctx }: RegistryContext) {
 			// Use a transaction to prevent race conditions
 			return await adapter.transaction({
 				callback: async (txAdapter) => {
-					const now = new Date();
-					const txRegistry = policyRegistry({
-						adapter: txAdapter,
-						...ctx,
-					});
+					try {
+						const now = new Date();
+						const txRegistry = policyRegistry({
+							adapter: txAdapter,
+							...ctx,
+						});
 
-					// Find latest policy with exact name match directly from database
-					const rawLatestPolicy = await txAdapter.findOne({
-						model: 'consentPolicy',
-						where: [
-							{ field: 'isActive', value: true },
-							{
-								field: 'type',
-								value: type,
+						// Find latest policy with exact name match directly from database
+						const rawLatestPolicy = await txAdapter.findOne({
+							model: 'consentPolicy',
+							where: [
+								{ field: 'isActive', value: true },
+								{
+									field: 'type',
+									value: type,
+								},
+							],
+							sortBy: {
+								field: 'effectiveDate',
+								direction: 'desc',
 							},
-						],
-						sortBy: {
-							field: 'effectiveDate',
-							direction: 'desc',
-						},
-					});
+						});
 
-					const latestPolicy = rawLatestPolicy
-						? validateEntityOutput(
-								'consentPolicy',
-								rawLatestPolicy,
-								ctx.options
-							)
-						: null;
+						const latestPolicy = rawLatestPolicy
+							? validateEntityOutput(
+									'consentPolicy',
+									rawLatestPolicy,
+									ctx.options
+								)
+							: null;
 
-					if (latestPolicy) {
-						return latestPolicy;
-					}
+						if (latestPolicy) {
+							return latestPolicy;
+						}
 
-					// Generate policy content and hash
-					const { content: defaultContent, contentHash } =
-						await generatePolicyPlaceholder(type, now);
+						// Generate policy content and hash
+						const { content: defaultContent, contentHash } =
+							await generatePolicyPlaceholder(type, now);
 
-					return txRegistry.createConsentPolicy({
-						version: '1.0.0',
-						type,
-						name: type,
-						effectiveDate: now,
-						content: defaultContent,
-						contentHash,
-						isActive: true,
-						updatedAt: now,
-						expirationDate: null,
-					});
+						return txRegistry.createConsentPolicy({
+							version: '1.0.0',
+							type,
+							name: type,
+							effectiveDate: now,
+							content: defaultContent,
+							contentHash,
+							isActive: true,
+							updatedAt: now,
+							expirationDate: null,
+						});
+					} catch (error) {
+						// Log the error for debugging purposes
+						ctx.logger.error('Error in findOrCreatePolicy transaction:', error);
+
+						// Rethrow as a DoubleTieError with appropriate context
+						throw new DoubleTieError('Failed to find or create policy', {
+							code: ERROR_CODES.INTERNAL_SERVER_ERROR,
+							status: 500,
+							cause: error instanceof Error ? error : new Error(String(error)),
+						});
+					}
 				},
 			});
 		},

package/.turbo/turbo-fmt.log

@@ -1,7 +0,0 @@
-
-
-> @c15t/backend@1.2.0-canary.7 fmt /Users/christopherburns/glados/k/c15t/packages/backend
-> pnpm biome format --write . && biome check --formatter-enabled=false --linter-enabled=false --organize-imports-enabled=true --write
-
-Formatted 162 files in 39ms. No fixes applied.
-Checked 162 files in 15ms. No fixes applied.