@dangao/bun-server 1.0.1 → 1.1.2

package/tests/security/oauth2-provider.test.ts

@@ -0,0 +1,269 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import { OAuth2AuthenticationProvider } from '../../src/security/providers/oauth2-provider';
+import { OAuth2Service } from '../../src/auth/oauth2';
+import { JWTUtil } from '../../src/auth/jwt';
+import type { OAuth2TokenRequest } from '../../src/auth/types';
+
+describe('OAuth2AuthenticationProvider', () => {
+  let jwtUtil: JWTUtil;
+  let oauth2Service: OAuth2Service;
+  let provider: OAuth2AuthenticationProvider;
+
+  beforeEach(() => {
+    jwtUtil = new JWTUtil({
+      secret: 'test-secret-key',
+      accessTokenExpiresIn: 3600,
+    });
+    oauth2Service = new OAuth2Service(jwtUtil, [
+      {
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUris: ['http://localhost/callback'],
+        grantTypes: ['authorization_code'],
+      },
+    ]);
+    provider = new OAuth2AuthenticationProvider(oauth2Service, jwtUtil);
+  });
+
+  test('should support oauth2 and authorization_code types', () => {
+    expect(provider.supports('oauth2')).toBe(true);
+    expect(provider.supports('authorization_code')).toBe(true);
+    expect(provider.supports('OAUTH2')).toBe(true);
+    expect(provider.supports('AUTHORIZATION_CODE')).toBe(true);
+    expect(provider.supports('jwt')).toBe(false);
+    expect(provider.supports('bearer')).toBe(false);
+  });
+
+  test('should authenticate with valid authorization code', async () => {
+    // 生成授权码
+    const code = oauth2Service.generateAuthorizationCode(
+      'test-client',
+      'http://localhost/callback',
+      'user-1',
+      'read write',
+    );
+
+    const tokenRequest: OAuth2TokenRequest = {
+      code,
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUri: 'http://localhost/callback',
+      grantType: 'authorization_code',
+    };
+
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).not.toBeNull();
+    expect(authentication?.authenticated).toBe(true);
+    expect(authentication?.principal.id).toBe('user-1');
+    expect(authentication?.principal.username).toBe('user-1'); // OAuth2Service 默认使用 userId 作为 username
+    expect(authentication?.credentials.type).toBe('oauth2');
+    expect(authentication?.credentials.data).toBeDefined();
+    expect(authentication?.credentials.data.accessToken).toBeDefined();
+    expect(authentication?.credentials.data.refreshToken).toBeDefined();
+    expect(authentication?.authorities).toEqual([]);
+  });
+
+  test('should return null for invalid grant type', async () => {
+    const tokenRequest: OAuth2TokenRequest = {
+      code: 'invalid-code',
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUri: 'http://localhost/callback',
+      grantType: 'refresh_token', // 不支持的 grant type
+    };
+
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should return null for invalid authorization code', async () => {
+    const tokenRequest: OAuth2TokenRequest = {
+      code: 'invalid-code',
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUri: 'http://localhost/callback',
+      grantType: 'authorization_code',
+    };
+
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should return null for invalid client credentials', async () => {
+    const code = oauth2Service.generateAuthorizationCode(
+      'test-client',
+      'http://localhost/callback',
+      'user-1',
+    );
+
+    const tokenRequest: OAuth2TokenRequest = {
+      code,
+      clientId: 'test-client',
+      clientSecret: 'wrong-secret', // 错误的 secret
+      redirectUri: 'http://localhost/callback',
+      grantType: 'authorization_code',
+    };
+
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should return null for invalid redirect URI', async () => {
+    const code = oauth2Service.generateAuthorizationCode(
+      'test-client',
+      'http://localhost/callback',
+      'user-1',
+    );
+
+    const tokenRequest: OAuth2TokenRequest = {
+      code,
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUri: 'http://localhost/wrong-callback', // 错误的 redirect URI
+      grantType: 'authorization_code',
+    };
+
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should return null for expired authorization code', async () => {
+    // 创建一个快速过期的 OAuth2Service
+    const expiredOAuth2Service = new OAuth2Service(jwtUtil, [
+      {
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUris: ['http://localhost/callback'],
+        grantTypes: ['authorization_code'],
+      },
+    ], {
+      expiresIn: 0.1, // 0.1 秒过期
+    });
+    const expiredProvider = new OAuth2AuthenticationProvider(
+      expiredOAuth2Service,
+      jwtUtil,
+    );
+
+    const code = expiredOAuth2Service.generateAuthorizationCode(
+      'test-client',
+      'http://localhost/callback',
+      'user-1',
+    );
+
+    // 等待授权码过期
+    await new Promise((resolve) => setTimeout(resolve, 200));
+
+    const tokenRequest: OAuth2TokenRequest = {
+      code,
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUri: 'http://localhost/callback',
+      grantType: 'authorization_code',
+    };
+
+    const authentication = await expiredProvider.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should return null for missing credentials', async () => {
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: null as any,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should return null for invalid credentials format', async () => {
+    const authentication = await provider.authenticate({
+      principal: '',
+      credentials: 'invalid-string' as any,
+      type: 'oauth2',
+    });
+
+    expect(authentication).toBeNull();
+  });
+
+  test('should include user roles when available', async () => {
+    // 创建带用户提供者的 OAuth2Service
+    const oauth2ServiceWithUser = new OAuth2Service(
+      jwtUtil,
+      [
+        {
+          clientId: 'test-client',
+          clientSecret: 'test-secret',
+          redirectUris: ['http://localhost/callback'],
+          grantTypes: ['authorization_code'],
+        },
+      ],
+      {},
+      async (userId: string) => {
+        return {
+          id: userId,
+          username: 'testuser',
+          roles: ['admin', 'user'],
+        };
+      },
+    );
+    const providerWithUser = new OAuth2AuthenticationProvider(
+      oauth2ServiceWithUser,
+      jwtUtil,
+    );
+
+    const code = oauth2ServiceWithUser.generateAuthorizationCode(
+      'test-client',
+      'http://localhost/callback',
+      'user-1',
+    );
+
+    const tokenRequest: OAuth2TokenRequest = {
+      code,
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUri: 'http://localhost/callback',
+      grantType: 'authorization_code',
+    };
+
+    const authentication = await providerWithUser.authenticate({
+      principal: '',
+      credentials: tokenRequest,
+      type: 'oauth2',
+    });
+
+    expect(authentication).not.toBeNull();
+    expect(authentication?.principal.roles).toEqual(['admin', 'user']);
+    expect(authentication?.authorities).toEqual(['admin', 'user']);
+  });
+});
+

package/tests/security/security-module.test.ts

@@ -0,0 +1,143 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import { SecurityModule } from '../../src/security/security-module';
+import { MODULE_METADATA_KEY } from '../../src/di/module';
+import { JWT_UTIL_TOKEN, OAUTH2_SERVICE_TOKEN } from '../../src/auth/controller';
+import { AuthenticationManager } from '../../src/security/authentication-manager';
+import 'reflect-metadata';
+
+describe('SecurityModule', () => {
+  beforeEach(() => {
+    // 清除模块元数据
+    Reflect.deleteMetadata(MODULE_METADATA_KEY, SecurityModule);
+  });
+
+  test('should create module with forRoot', () => {
+    const module = SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+    });
+
+    expect(module).toBe(SecurityModule);
+  });
+
+  test('should register JWT and OAuth2 services', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+      oauth2Clients: [
+        {
+          clientId: 'test-client',
+          clientSecret: 'test-secret',
+          redirectUris: ['http://localhost/callback'],
+          grantTypes: ['authorization_code'],
+        },
+      ],
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata).toBeDefined();
+    expect(metadata.providers).toBeDefined();
+
+    const jwtProvider = metadata.providers.find(
+      (p: any) => p.provide === JWT_UTIL_TOKEN,
+    );
+    expect(jwtProvider).toBeDefined();
+
+    const oauth2Provider = metadata.providers.find(
+      (p: any) => p.provide === OAUTH2_SERVICE_TOKEN,
+    );
+    expect(oauth2Provider).toBeDefined();
+
+    const authManagerProvider = metadata.providers.find(
+      (p: any) => p.provide === AuthenticationManager,
+    );
+    expect(authManagerProvider).toBeDefined();
+  });
+
+  test('should register security filter middleware', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata.middlewares).toBeDefined();
+    expect(metadata.middlewares.length).toBeGreaterThan(0);
+  });
+
+  test('should register OAuth2 controller when enabled', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+      enableOAuth2Endpoints: true,
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata.controllers).toBeDefined();
+    expect(metadata.controllers.length).toBeGreaterThan(0);
+  });
+
+  test('should not register OAuth2 controller when disabled', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+      enableOAuth2Endpoints: false,
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata.controllers).toBeDefined();
+    expect(metadata.controllers.length).toBe(0);
+  });
+
+  test('should export services', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata.exports).toBeDefined();
+    expect(metadata.exports).toContain(JWT_UTIL_TOKEN);
+    expect(metadata.exports).toContain(OAUTH2_SERVICE_TOKEN);
+    expect(metadata.exports).toContain(AuthenticationManager);
+  });
+
+  test('should use custom exclude paths', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+      excludePaths: ['/public', '/health'],
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata).toBeDefined();
+  });
+
+  test('should use custom OAuth2 prefix', () => {
+    SecurityModule.forRoot({
+      jwt: {
+        secret: 'test-secret',
+        accessTokenExpiresIn: 3600,
+      },
+      oauth2Prefix: '/auth',
+    });
+
+    const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+    expect(metadata).toBeDefined();
+  });
+});
+