@celilo/cli 0.1.0

package/src/capabilities/public-web-publish.test.ts

@@ -0,0 +1,458 @@
+/**
+ * Integration test for `publishStaticSite`'s clientConfig injection.
+ *
+ * The factory itself opens SSH connections and shells out to tar — we
+ * stub `child_process.execSync` so the test exercises only the parts
+ * that matter for D4: config.js generation, file write into sourceDir,
+ * and the composition order (register_route → write file → upload).
+ *
+ * Why `spyOn` instead of `mock.module`: bun:test's `mock.module()` is
+ * a runtime-global replacement that persists across every test file in
+ * the suite. Mocking `node:child_process` that way breaks unrelated
+ * tests (e.g. CommandTreeParser, deriveSecret) because their own
+ * `execSync` calls hit our stub. `spyOn` is auto-restored after each
+ * test and stays scoped to this file.
+ */
+
+import { afterEach, beforeEach, describe, expect, spyOn, test } from 'bun:test';
+import * as childProcess from 'node:child_process';
+import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { createPublicWeb } from '@celilo/capabilities';
+import type { HookLogger, RouteOps, WebRoute } from '@celilo/capabilities';
+import { createCapturingLogger } from '../hooks/logger';
+
+let execSyncSpy: ReturnType<typeof spyOn>;
+
+const noopLogger: HookLogger = {
+  info() {},
+  warn() {},
+  error() {},
+  success() {},
+};
+
+function makeRouteOps(): { ops: RouteOps; routes: WebRoute[] } {
+  const routes: WebRoute[] = [];
+  let nextId = 1;
+  const ops: RouteOps = {
+    getRoutes(moduleId) {
+      return routes.filter((r) => r.moduleId === moduleId);
+    },
+    getAllRoutes() {
+      return [...routes];
+    },
+    upsertRoute(route) {
+      const existing = routes.findIndex(
+        (r) => r.path === route.path && r.moduleId === route.moduleId,
+      );
+      const now = new Date();
+      const stored: WebRoute = {
+        id: existing >= 0 ? routes[existing].id : nextId++,
+        slug: route.slug,
+        moduleId: route.moduleId,
+        type: route.type,
+        path: route.path,
+        targetHost: route.targetHost ?? null,
+        targetPort: route.targetPort ?? null,
+        subdomain: route.subdomain ?? null,
+        websocket: route.websocket ?? false,
+        contentHash: route.contentHash ?? null,
+        createdAt: existing >= 0 ? routes[existing].createdAt : now,
+        updatedAt: now,
+      };
+      if (existing >= 0) {
+        routes[existing] = stored;
+      } else {
+        routes.push(stored);
+      }
+    },
+    deleteRoute(moduleId, path) {
+      const i = routes.findIndex((r) => r.moduleId === moduleId && r.path === path);
+      if (i >= 0) routes.splice(i, 1);
+    },
+    deleteRoutesBySlug(slug) {
+      for (let i = routes.length - 1; i >= 0; i--) {
+        if (routes[i].slug === slug) routes.splice(i, 1);
+      }
+    },
+    deleteRoutesByModule(moduleId) {
+      for (let i = routes.length - 1; i >= 0; i--) {
+        if (routes[i].moduleId === moduleId) routes.splice(i, 1);
+      }
+    },
+  };
+  return { ops, routes };
+}
+
+describe('publishStaticSite — clientConfig injection', () => {
+  let sourceDir: string;
+
+  beforeEach(() => {
+    // Stub execSync to a no-op for the duration of this test only.
+    // spyOn auto-restores when the test finishes, so other test files
+    // in the same suite get the real implementation.
+    execSyncSpy = spyOn(childProcess, 'execSync').mockReturnValue(Buffer.from(''));
+    sourceDir = mkdtempSync(join(tmpdir(), 'publish-static-site-'));
+    // Drop a fake build artifact so the upload "has something to do".
+    writeFileSync(join(sourceDir, 'index.html'), '<html></html>', 'utf-8');
+  });
+
+  afterEach(() => {
+    execSyncSpy.mockRestore();
+    rmSync(sourceDir, { recursive: true, force: true });
+  });
+
+  test('writes config.js into sourceDir before upload when clientConfig is provided', async () => {
+    const { ops } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    const result = await cap.publishStaticSite({
+      path: '/lunacycle',
+      sourceDir,
+      clientConfig: {
+        AUTHENTIK_URL: 'https://auth.example.com/application/o',
+        CLIENT_ID: 'lunacycle-web',
+        REDIRECT_URI: 'https://www.example.com/lunacycle/auth/callback',
+      },
+    });
+
+    expect(result.success).toBe(true);
+    expect(result.path).toBe('/lunacycle');
+
+    const configPath = join(sourceDir, 'config.js');
+    expect(existsSync(configPath)).toBe(true);
+
+    const configContents = readFileSync(configPath, 'utf-8');
+    expect(configContents).toContain('window.__MODULE_CONFIG__ =');
+    expect(configContents).toContain('"AUTHENTIK_URL":"https://auth.example.com/application/o"');
+    expect(configContents).toContain('"CLIENT_ID":"lunacycle-web"');
+    expect(configContents).toContain(
+      '"REDIRECT_URI":"https://www.example.com/lunacycle/auth/callback"',
+    );
+    expect(configContents.startsWith('// Generated by Celilo')).toBe(true);
+  });
+
+  test('does not write config.js when clientConfig is omitted', async () => {
+    const { ops } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await cap.publishStaticSite({
+      path: '/lunacycle',
+      sourceDir,
+      // no clientConfig
+    });
+
+    expect(existsSync(join(sourceDir, 'config.js'))).toBe(false);
+  });
+
+  test('registers the route as static and records moduleId/path', async () => {
+    const { ops, routes } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await cap.publishStaticSite({
+      path: '/lunacycle',
+      sourceDir,
+    });
+
+    const stored = routes.find((r) => r.path === '/lunacycle');
+    expect(stored).toBeDefined();
+    expect(stored?.type).toBe('static');
+    expect(stored?.moduleId).toBe('lunacycle');
+    expect(stored?.slug).toBe('lunacycle');
+  });
+
+  test('fails fast when sourceDir does not exist', async () => {
+    const { ops } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await expect(
+      cap.publishStaticSite({
+        path: '/lunacycle',
+        sourceDir: '/nonexistent/path/that/should/not/exist',
+        clientConfig: { FOO: 'bar' },
+      }),
+    ).rejects.toThrow('sourceDir does not exist');
+  });
+
+  test('fails validation before touching the filesystem', async () => {
+    const { ops } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await expect(
+      cap.publishStaticSite({
+        path: '', // bad — caught by validator before any side effects
+        sourceDir,
+      }),
+    ).rejects.toThrow('Invalid publishStaticSite request');
+
+    // The doomed call must not have written config.js or registered a route.
+    expect(existsSync(join(sourceDir, 'config.js'))).toBe(false);
+  });
+});
+
+describe('registerReverseProxy', () => {
+  beforeEach(() => {
+    execSyncSpy = spyOn(childProcess, 'execSync').mockReturnValue(Buffer.from(''));
+  });
+
+  afterEach(() => {
+    execSyncSpy.mockRestore();
+  });
+
+  test('registers a reverse_proxy route and returns the path', async () => {
+    const { ops, routes } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    const result = await cap.registerReverseProxy({
+      path: '/lunacycle/api',
+      targetHost: '10.0.20.42',
+      targetPort: 8080,
+      websocket: true,
+    });
+
+    expect(result.success).toBe(true);
+    expect(result.path).toBe('/lunacycle/api');
+
+    const stored = routes.find((r) => r.path === '/lunacycle/api');
+    expect(stored).toBeDefined();
+    expect(stored?.type).toBe('reverse_proxy');
+    expect(stored?.targetHost).toBe('10.0.20.42');
+    expect(stored?.targetPort).toBe(8080);
+    expect(stored?.websocket).toBe(true);
+  });
+
+  test('rejects invalid request before touching routeOps', async () => {
+    const { ops, routes } = makeRouteOps();
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger: noopLogger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await expect(
+      cap.registerReverseProxy({
+        path: '/lunacycle/api',
+        targetHost: '',
+        targetPort: 8080,
+      }),
+    ).rejects.toThrow('Invalid registerReverseProxy request');
+
+    expect(routes).toHaveLength(0);
+  });
+});
+
+describe('auto-logging — end-to-end through createPublicWeb', () => {
+  let sourceDir: string;
+
+  beforeEach(() => {
+    execSyncSpy = spyOn(childProcess, 'execSync').mockReturnValue(Buffer.from(''));
+    sourceDir = mkdtempSync(join(tmpdir(), 'autolog-publish-'));
+    writeFileSync(join(sourceDir, 'index.html'), '<html></html>', 'utf-8');
+  });
+
+  afterEach(() => {
+    execSyncSpy.mockRestore();
+    rmSync(sourceDir, { recursive: true, force: true });
+  });
+
+  test('successful primitive call emits → and ✓ markers via the captured logger', async () => {
+    const { logger, messages } = createCapturingLogger();
+    const { ops } = makeRouteOps();
+
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await cap.register_route({
+      type: 'reverse_proxy',
+      path: '/lunacycle/api',
+      targetHost: '10.0.20.42',
+      targetPort: 8080,
+    });
+
+    const messageTexts = messages.map((m) => m.message);
+    expect(messageTexts).toContain('→ public_web.register_route');
+    expect(messageTexts).toContain('✓ public_web.register_route');
+    // The error marker must NOT appear on a successful call.
+    expect(messageTexts.some((m) => m.startsWith('✗'))).toBe(false);
+  });
+
+  test('failed primitive call emits ✗ marker and re-throws', async () => {
+    const { logger, messages } = createCapturingLogger();
+    const { ops } = makeRouteOps();
+
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    // Bad path triggers the validator inside register_route, which
+    // throws — the wrapper should catch, log, and re-throw.
+    await expect(
+      cap.register_route({
+        type: 'static',
+        path: 'no-leading-slash', // invalid
+      }),
+    ).rejects.toThrow('Invalid route');
+
+    const errorMessage = messages.find((m) => m.level === 'error');
+    expect(errorMessage).toBeDefined();
+    expect(errorMessage?.message).toContain('✗ public_web.register_route');
+    expect(errorMessage?.message).toContain('Invalid route');
+  });
+
+  test('high-level call composes its primitives and logs each step', async () => {
+    const { logger, messages } = createCapturingLogger();
+    const { ops } = makeRouteOps();
+
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await cap.publishStaticSite({ path: '/lunacycle', sourceDir });
+
+    const messageTexts = messages.map((m) => m.message);
+    // The high-level call itself logs.
+    expect(messageTexts).toContain('→ public_web.publishStaticSite');
+    expect(messageTexts).toContain('✓ public_web.publishStaticSite');
+    // It also composes register_route + upload_static_assets internally.
+    // Those run via the unwrapped reference (`capability.<method>` from
+    // inside the factory closure), so they do NOT produce extra arrow
+    // markers — only the outer publishStaticSite call is logged.
+    // This keeps high-level calls a single semantic step in logs.
+    expect(messageTexts.filter((m) => m.startsWith('→'))).toHaveLength(1);
+    expect(messageTexts.filter((m) => m.startsWith('✓'))).toHaveLength(1);
+  });
+
+  test('does not log payloads or result values', async () => {
+    const { logger, messages } = createCapturingLogger();
+    const { ops } = makeRouteOps();
+
+    const cap = createPublicWeb({
+      moduleId: 'lunacycle',
+      logger,
+      config: {
+        container_ip: '10.0.10.20/24',
+        hostname: 'www',
+        primary_domain: 'example.com',
+        email: 'admin@example.com',
+      },
+      secrets: {},
+      routeOps: ops,
+    });
+
+    await cap.register_route({
+      type: 'reverse_proxy',
+      path: '/lunacycle/api',
+      targetHost: '10.0.20.42',
+      targetPort: 8080,
+    });
+
+    // None of the request fields should appear in the log lines.
+    for (const m of messages) {
+      expect(m.message).not.toContain('10.0.20.42');
+      expect(m.message).not.toContain('8080');
+      expect(m.message).not.toContain('lunacycle/api');
+    }
+  });
+});