@dangao/bun-server 1.8.0 → 1.8.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dangao/bun-server",
-  "version": "1.8.0",
+  "version": "1.8.1",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/tests/auth/auth-decorators.test.ts

@@ -0,0 +1,241 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import 'reflect-metadata';
+
+import {
+  Auth,
+  getAuthMetadata,
+  requiresAuth,
+  checkRoles,
+  type AuthConfig,
+} from '../../src/auth/decorators';
+
+describe('Auth Decorator', () => {
+  describe('@Auth', () => {
+    test('should set auth metadata with default options', () => {
+      class TestController {
+        @Auth()
+        public protectedMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'protectedMethod');
+      expect(metadata).toBeDefined();
+      expect(metadata?.required).toBe(true);
+      expect(metadata?.roles).toEqual([]);
+      expect(metadata?.allowAnonymous).toBe(false);
+    });
+
+    test('should set auth metadata with required=false', () => {
+      class TestController {
+        @Auth({ required: false })
+        public optionalAuthMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'optionalAuthMethod');
+      expect(metadata?.required).toBe(false);
+    });
+
+    test('should set auth metadata with roles', () => {
+      class TestController {
+        @Auth({ roles: ['admin', 'moderator'] })
+        public adminMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'adminMethod');
+      expect(metadata?.roles).toEqual(['admin', 'moderator']);
+    });
+
+    test('should set auth metadata with allowAnonymous', () => {
+      class TestController {
+        @Auth({ allowAnonymous: true })
+        public publicMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'publicMethod');
+      expect(metadata?.allowAnonymous).toBe(true);
+    });
+
+    test('should set all options together', () => {
+      const config: AuthConfig = {
+        required: true,
+        roles: ['admin'],
+        allowAnonymous: false,
+      };
+
+      class TestController {
+        @Auth(config)
+        public fullConfigMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'fullConfigMethod');
+      expect(metadata?.required).toBe(true);
+      expect(metadata?.roles).toEqual(['admin']);
+      expect(metadata?.allowAnonymous).toBe(false);
+    });
+
+    test('should handle multiple methods with different configs', () => {
+      class TestController {
+        @Auth({ roles: ['admin'] })
+        public adminMethod(): void {}
+
+        @Auth({ roles: ['user'] })
+        public userMethod(): void {}
+
+        @Auth({ allowAnonymous: true })
+        public publicMethod(): void {}
+      }
+
+      const adminMetadata = getAuthMetadata(TestController.prototype, 'adminMethod');
+      const userMetadata = getAuthMetadata(TestController.prototype, 'userMethod');
+      const publicMetadata = getAuthMetadata(TestController.prototype, 'publicMethod');
+
+      expect(adminMetadata?.roles).toEqual(['admin']);
+      expect(userMetadata?.roles).toEqual(['user']);
+      expect(publicMetadata?.allowAnonymous).toBe(true);
+    });
+  });
+
+  describe('getAuthMetadata', () => {
+    test('should return undefined for non-decorated method', () => {
+      class TestController {
+        public normalMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'normalMethod');
+      expect(metadata).toBeUndefined();
+    });
+
+    test('should return metadata for decorated method', () => {
+      class TestController {
+        @Auth({ roles: ['admin'] })
+        public protectedMethod(): void {}
+      }
+
+      const metadata = getAuthMetadata(TestController.prototype, 'protectedMethod');
+      expect(metadata).toBeDefined();
+      expect(metadata?.roles).toEqual(['admin']);
+    });
+  });
+
+  describe('requiresAuth', () => {
+    test('should return false for non-decorated method', () => {
+      class TestController {
+        public normalMethod(): void {}
+      }
+
+      const requires = requiresAuth(TestController.prototype, 'normalMethod');
+      expect(requires).toBe(false);
+    });
+
+    test('should return true for decorated method with default config', () => {
+      class TestController {
+        @Auth()
+        public protectedMethod(): void {}
+      }
+
+      const requires = requiresAuth(TestController.prototype, 'protectedMethod');
+      expect(requires).toBe(true);
+    });
+
+    test('should return true when required is explicitly true', () => {
+      class TestController {
+        @Auth({ required: true })
+        public protectedMethod(): void {}
+      }
+
+      const requires = requiresAuth(TestController.prototype, 'protectedMethod');
+      expect(requires).toBe(true);
+    });
+
+    test('should return false when required is false', () => {
+      class TestController {
+        @Auth({ required: false })
+        public optionalMethod(): void {}
+      }
+
+      const requires = requiresAuth(TestController.prototype, 'optionalMethod');
+      expect(requires).toBe(false);
+    });
+  });
+
+  describe('checkRoles', () => {
+    test('should return true when no roles required', () => {
+      class TestController {
+        @Auth()
+        public anyAuthMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'anyAuthMethod', ['user']);
+      expect(hasAccess).toBe(true);
+    });
+
+    test('should return true when roles is empty array', () => {
+      class TestController {
+        @Auth({ roles: [] })
+        public anyAuthMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'anyAuthMethod', ['user']);
+      expect(hasAccess).toBe(true);
+    });
+
+    test('should return true when user has required role', () => {
+      class TestController {
+        @Auth({ roles: ['admin'] })
+        public adminMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'adminMethod', ['admin']);
+      expect(hasAccess).toBe(true);
+    });
+
+    test('should return true when user has one of required roles', () => {
+      class TestController {
+        @Auth({ roles: ['admin', 'moderator'] })
+        public modMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'modMethod', ['moderator']);
+      expect(hasAccess).toBe(true);
+    });
+
+    test('should return false when user lacks required role', () => {
+      class TestController {
+        @Auth({ roles: ['admin'] })
+        public adminMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'adminMethod', ['user']);
+      expect(hasAccess).toBe(false);
+    });
+
+    test('should return false when user has no roles', () => {
+      class TestController {
+        @Auth({ roles: ['admin'] })
+        public adminMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'adminMethod', []);
+      expect(hasAccess).toBe(false);
+    });
+
+    test('should return true for non-decorated method', () => {
+      class TestController {
+        public normalMethod(): void {}
+      }
+
+      const hasAccess = checkRoles(TestController.prototype, 'normalMethod', []);
+      expect(hasAccess).toBe(true);
+    });
+
+    test('should handle default empty userRoles parameter', () => {
+      class TestController {
+        @Auth({ roles: ['admin'] })
+        public adminMethod(): void {}
+      }
+
+      // checkRoles 默认参数为空数组
+      const hasAccess = checkRoles(TestController.prototype, 'adminMethod');
+      expect(hasAccess).toBe(false);
+    });
+  });
+});

package/tests/auth/oauth2-service.test.ts

@@ -0,0 +1,318 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import 'reflect-metadata';
+
+import { OAuth2Service } from '../../src/auth/oauth2';
+import { JWTUtil } from '../../src/auth/jwt';
+import type { OAuth2Client, UserInfo } from '../../src/auth/types';
+
+describe('OAuth2Service', () => {
+  let jwtUtil: JWTUtil;
+  let oauth2Service: OAuth2Service;
+  let testClient: OAuth2Client;
+
+  beforeEach(() => {
+    jwtUtil = new JWTUtil({
+      secret: 'test-secret-key-for-oauth2-testing',
+      accessTokenExpiresIn: 3600,
+      refreshTokenExpiresIn: 86400,
+    });
+
+    testClient = {
+      clientId: 'test-client',
+      clientSecret: 'test-secret',
+      redirectUris: ['http://localhost:3000/callback'],
+      grantTypes: ['authorization_code'],
+      scopes: ['read', 'write'],
+    };
+
+    oauth2Service = new OAuth2Service(jwtUtil, [testClient]);
+  });
+
+  describe('registerClient', () => {
+    test('should register a new client', () => {
+      const newClient: OAuth2Client = {
+        clientId: 'new-client',
+        clientSecret: 'new-secret',
+        redirectUris: ['http://example.com/callback'],
+        grantTypes: ['authorization_code'],
+      };
+
+      oauth2Service.registerClient(newClient);
+
+      // Verify by trying to validate a request with this client
+      const result = oauth2Service.validateAuthorizationRequest({
+        clientId: 'new-client',
+        responseType: 'code',
+        redirectUri: 'http://example.com/callback',
+      });
+
+      expect(result.valid).toBe(true);
+    });
+  });
+
+  describe('validateAuthorizationRequest', () => {
+    test('should return valid for correct request', () => {
+      const result = oauth2Service.validateAuthorizationRequest({
+        clientId: 'test-client',
+        responseType: 'code',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result.valid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    test('should return invalid for unknown client', () => {
+      const result = oauth2Service.validateAuthorizationRequest({
+        clientId: 'unknown-client',
+        responseType: 'code',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result.valid).toBe(false);
+      expect(result.error).toBe('invalid_client');
+    });
+
+    test('should return invalid for unsupported response type', () => {
+      const result = oauth2Service.validateAuthorizationRequest({
+        clientId: 'test-client',
+        responseType: 'token' as any,
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result.valid).toBe(false);
+      expect(result.error).toBe('unsupported_response_type');
+    });
+
+    test('should return invalid for wrong redirect uri', () => {
+      const result = oauth2Service.validateAuthorizationRequest({
+        clientId: 'test-client',
+        responseType: 'code',
+        redirectUri: 'http://evil.com/callback',
+      });
+
+      expect(result.valid).toBe(false);
+      expect(result.error).toBe('invalid_redirect_uri');
+    });
+  });
+
+  describe('generateAuthorizationCode', () => {
+    test('should generate a code', () => {
+      const code = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+        'read write',
+      );
+
+      expect(code).toBeDefined();
+      expect(typeof code).toBe('string');
+      expect(code.length).toBe(32);
+    });
+
+    test('should generate unique codes', () => {
+      const code1 = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+      );
+      const code2 = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-456',
+      );
+
+      expect(code1).not.toBe(code2);
+    });
+  });
+
+  describe('exchangeCodeForToken', () => {
+    test('should exchange valid code for tokens', async () => {
+      const code = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+        'read',
+      );
+
+      const result = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result).not.toBeNull();
+      expect(result?.accessToken).toBeDefined();
+      expect(result?.refreshToken).toBeDefined();
+      expect(result?.tokenType).toBe('Bearer');
+      expect(result?.scope).toBe('read');
+    });
+
+    test('should return null for wrong grant type', async () => {
+      const result = await oauth2Service.exchangeCodeForToken({
+        grantType: 'client_credentials' as any,
+        code: 'some-code',
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result).toBeNull();
+    });
+
+    test('should return null for invalid code', async () => {
+      const result = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code: 'invalid-code',
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result).toBeNull();
+    });
+
+    test('should return null for wrong client secret', async () => {
+      const code = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+      );
+
+      const result = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'wrong-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result).toBeNull();
+    });
+
+    test('should return null for wrong redirect uri', async () => {
+      const code = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+      );
+
+      const result = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://different.com/callback',
+      });
+
+      expect(result).toBeNull();
+    });
+
+    test('should not allow code reuse', async () => {
+      const code = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+      );
+
+      // First exchange should work
+      const result1 = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result1).not.toBeNull();
+
+      // Second exchange should fail
+      const result2 = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result2).toBeNull();
+    });
+  });
+
+  describe('refreshToken', () => {
+    test('should refresh token', async () => {
+      const code = oauth2Service.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+      );
+
+      const tokenResponse = await oauth2Service.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(tokenResponse?.refreshToken).toBeDefined();
+
+      const refreshResult = await oauth2Service.refreshToken(tokenResponse!.refreshToken!);
+
+      expect(refreshResult).not.toBeNull();
+      expect(refreshResult?.accessToken).toBeDefined();
+      expect(refreshResult?.refreshToken).toBeDefined();
+    });
+
+    test('should return null for invalid refresh token', async () => {
+      const result = await oauth2Service.refreshToken('invalid-token');
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('with userProvider', () => {
+    test('should use userProvider for token generation', async () => {
+      const userProvider = async (userId: string): Promise<UserInfo | null> => {
+        if (userId === 'user-123') {
+          return {
+            id: userId,
+            username: 'alice',
+            roles: ['admin', 'user'],
+          };
+        }
+        return null;
+      };
+
+      const serviceWithProvider = new OAuth2Service(
+        jwtUtil,
+        [testClient],
+        {},
+        userProvider,
+      );
+
+      const code = serviceWithProvider.generateAuthorizationCode(
+        'test-client',
+        'http://localhost:3000/callback',
+        'user-123',
+      );
+
+      const result = await serviceWithProvider.exchangeCodeForToken({
+        grantType: 'authorization_code',
+        code,
+        clientId: 'test-client',
+        clientSecret: 'test-secret',
+        redirectUri: 'http://localhost:3000/callback',
+      });
+
+      expect(result).not.toBeNull();
+
+      // Verify the token contains the user info
+      const decoded = jwtUtil.verify(result!.accessToken);
+      expect(decoded?.username).toBe('alice');
+      expect(decoded?.roles).toContain('admin');
+    });
+  });
+});