@dangao/bun-server 1.8.0 → 1.8.1

package/tests/security/guards/reflector.test.ts

@@ -0,0 +1,188 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import 'reflect-metadata';
+
+import { Reflector, REFLECTOR_TOKEN } from '../../../src/security/guards/reflector';
+
+const TEST_KEY = Symbol('test:metadata');
+const ROLES_KEY = Symbol('roles');
+
+describe('Reflector', () => {
+  let reflector: Reflector;
+
+  beforeEach(() => {
+    reflector = new Reflector();
+  });
+
+  describe('get', () => {
+    test('should get metadata from class', () => {
+      @Reflect.metadata(TEST_KEY, 'class-value')
+      class TestClass {}
+
+      const value = reflector.get<string>(TEST_KEY, TestClass);
+      expect(value).toBe('class-value');
+    });
+
+    test('should return undefined if no metadata', () => {
+      class TestClass {}
+
+      const value = reflector.get<string>(TEST_KEY, TestClass);
+      expect(value).toBeUndefined();
+    });
+  });
+
+  describe('getFromClass', () => {
+    test('should get metadata from class', () => {
+      @Reflect.metadata(ROLES_KEY, ['admin', 'user'])
+      class TestClass {}
+
+      const roles = reflector.getFromClass<string[]>(ROLES_KEY, TestClass);
+      expect(roles).toEqual(['admin', 'user']);
+    });
+
+    test('should return undefined for non-decorated class', () => {
+      class PlainClass {}
+
+      const value = reflector.getFromClass<string[]>(ROLES_KEY, PlainClass);
+      expect(value).toBeUndefined();
+    });
+  });
+
+  describe('getFromMethod', () => {
+    test('should get metadata from method', () => {
+      class TestClass {
+        @Reflect.metadata(ROLES_KEY, ['moderator'])
+        public testMethod(): void {}
+      }
+
+      const roles = reflector.getFromMethod<string[]>(
+        ROLES_KEY,
+        TestClass.prototype,
+        'testMethod',
+      );
+      expect(roles).toEqual(['moderator']);
+    });
+
+    test('should return undefined for non-decorated method', () => {
+      class TestClass {
+        public plainMethod(): void {}
+      }
+
+      const value = reflector.getFromMethod<string[]>(
+        ROLES_KEY,
+        TestClass.prototype,
+        'plainMethod',
+      );
+      expect(value).toBeUndefined();
+    });
+  });
+
+  describe('getAllAndMerge', () => {
+    test('should merge class and method metadata', () => {
+      @Reflect.metadata(ROLES_KEY, ['admin'])
+      class TestClass {
+        @Reflect.metadata(ROLES_KEY, ['user'])
+        public testMethod(): void {}
+      }
+
+      const roles = reflector.getAllAndMerge<string[]>(
+        ROLES_KEY,
+        TestClass,
+        'testMethod',
+      );
+      expect(roles).toContain('admin');
+      expect(roles).toContain('user');
+      expect(roles.length).toBe(2);
+    });
+
+    test('should return class metadata if method has none', () => {
+      @Reflect.metadata(ROLES_KEY, ['admin'])
+      class TestClass {
+        public plainMethod(): void {}
+      }
+
+      const roles = reflector.getAllAndMerge<string[]>(
+        ROLES_KEY,
+        TestClass,
+        'plainMethod',
+      );
+      expect(roles).toEqual(['admin']);
+    });
+
+    test('should return method metadata if class has none', () => {
+      class TestClass {
+        @Reflect.metadata(ROLES_KEY, ['user'])
+        public testMethod(): void {}
+      }
+
+      const roles = reflector.getAllAndMerge<string[]>(
+        ROLES_KEY,
+        TestClass,
+        'testMethod',
+      );
+      expect(roles).toEqual(['user']);
+    });
+
+    test('should return empty array if neither has metadata', () => {
+      class TestClass {
+        public plainMethod(): void {}
+      }
+
+      const roles = reflector.getAllAndMerge<string[]>(
+        ROLES_KEY,
+        TestClass,
+        'plainMethod',
+      );
+      expect(roles).toEqual([]);
+    });
+  });
+
+  describe('getAllAndOverride', () => {
+    test('should return method metadata when both exist', () => {
+      @Reflect.metadata(ROLES_KEY, 'class-value')
+      class TestClass {
+        @Reflect.metadata(ROLES_KEY, 'method-value')
+        public testMethod(): void {}
+      }
+
+      const value = reflector.getAllAndOverride<string>(
+        ROLES_KEY,
+        TestClass,
+        'testMethod',
+      );
+      expect(value).toBe('method-value');
+    });
+
+    test('should return class metadata if method has none', () => {
+      @Reflect.metadata(ROLES_KEY, 'class-value')
+      class TestClass {
+        public plainMethod(): void {}
+      }
+
+      const value = reflector.getAllAndOverride<string>(
+        ROLES_KEY,
+        TestClass,
+        'plainMethod',
+      );
+      expect(value).toBe('class-value');
+    });
+
+    test('should return undefined if neither has metadata', () => {
+      class TestClass {
+        public plainMethod(): void {}
+      }
+
+      const value = reflector.getAllAndOverride<string>(
+        ROLES_KEY,
+        TestClass,
+        'plainMethod',
+      );
+      expect(value).toBeUndefined();
+    });
+  });
+
+  describe('REFLECTOR_TOKEN', () => {
+    test('should be a symbol', () => {
+      expect(typeof REFLECTOR_TOKEN).toBe('symbol');
+    });
+  });
+});

package/tests/security/security-filter.test.ts

@@ -0,0 +1,182 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import 'reflect-metadata';
+
+import {
+  createSecurityFilter,
+  getGuardRegistry,
+  registerReflector,
+} from '../../src/security/filter';
+import { AuthenticationManager } from '../../src/security/authentication-manager';
+import { JwtAuthenticationProvider } from '../../src/security/providers/jwt-provider';
+import { JWTUtil } from '../../src/auth/jwt';
+import { Context } from '../../src/core/context';
+import { Container } from '../../src/di/container';
+import { GuardRegistry } from '../../src/security/guards/guard-registry';
+import { Reflector, REFLECTOR_TOKEN } from '../../src/security/guards/reflector';
+import { GUARD_REGISTRY_TOKEN } from '../../src/security/guards/types';
+import { Auth } from '../../src/auth/decorators';
+
+describe('createSecurityFilter', () => {
+  let container: Container;
+  let jwtUtil: JWTUtil;
+  let authManager: AuthenticationManager;
+
+  beforeEach(() => {
+    container = new Container();
+    jwtUtil = new JWTUtil({
+      secret: 'test-secret-key-for-security-filter',
+      accessTokenExpiresIn: 3600,
+    });
+    authManager = new AuthenticationManager();
+    authManager.registerProvider(new JwtAuthenticationProvider(jwtUtil));
+  });
+
+  test('should allow request to excluded path', async () => {
+    const filter = createSecurityFilter({
+      authenticationManager: authManager,
+      excludePaths: ['/public', '/health'],
+    });
+
+    const request = new Request('http://localhost/public/data');
+    const context = new Context(request, container);
+
+    let passed = false;
+    await filter(context, async () => {
+      passed = true;
+      return new Response('OK');
+    });
+
+    expect(passed).toBe(true);
+  });
+
+  test('should authenticate valid token', async () => {
+    const filter = createSecurityFilter({
+      authenticationManager: authManager,
+      defaultAuthRequired: false,
+    });
+
+    const token = jwtUtil.generateAccessToken({
+      sub: 'user-123',
+      username: 'alice',
+    });
+
+    const request = new Request('http://localhost/api/data', {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    const context = new Context(request, container);
+
+    let passed = false;
+    await filter(context, async () => {
+      passed = true;
+      // Check auth was set on context
+      expect((context as any).auth).toBeDefined();
+      expect((context as any).auth.isAuthenticated).toBe(true);
+      return new Response('OK');
+    });
+
+    expect(passed).toBe(true);
+  });
+
+  test('should reject when auth required but no token', async () => {
+    const filter = createSecurityFilter({
+      authenticationManager: authManager,
+      defaultAuthRequired: true,
+      excludePaths: [],
+    });
+
+    const request = new Request('http://localhost/api/data');
+    const context = new Context(request, container);
+
+    await expect(
+      filter(context, async () => new Response('OK')),
+    ).rejects.toThrow();
+  });
+
+  test('should use custom token extractor', async () => {
+    let extractorCalled = false;
+    const filter = createSecurityFilter({
+      authenticationManager: authManager,
+      defaultAuthRequired: false,
+      extractToken: (ctx) => {
+        extractorCalled = true;
+        return ctx.getHeader('X-Custom-Token');
+      },
+    });
+
+    const token = jwtUtil.generateAccessToken({ sub: 'user-1' });
+    const request = new Request('http://localhost/api/data', {
+      headers: { 'X-Custom-Token': token },
+    });
+    const context = new Context(request, container);
+
+    await filter(context, async () => new Response('OK'));
+
+    expect(extractorCalled).toBe(true);
+    expect((context as any).auth.isAuthenticated).toBe(true);
+  });
+
+  test('should handle invalid bearer token format', async () => {
+    const filter = createSecurityFilter({
+      authenticationManager: authManager,
+      defaultAuthRequired: false,
+    });
+
+    const request = new Request('http://localhost/api/data', {
+      headers: { Authorization: 'InvalidFormat' },
+    });
+    const context = new Context(request, container);
+
+    let passed = false;
+    await filter(context, async () => {
+      passed = true;
+      return new Response('OK');
+    });
+
+    expect(passed).toBe(true);
+    expect((context as any).auth.isAuthenticated).toBe(false);
+  });
+});
+
+describe('getGuardRegistry', () => {
+  test('should return existing registry if registered', () => {
+    const container = new Container();
+    const existingRegistry = new GuardRegistry();
+    container.registerInstance(GUARD_REGISTRY_TOKEN, existingRegistry);
+
+    const registry = getGuardRegistry(container);
+    expect(registry).toBe(existingRegistry);
+  });
+
+  test('should create and register new registry if not exists', () => {
+    const container = new Container();
+
+    const registry = getGuardRegistry(container);
+    expect(registry).toBeInstanceOf(GuardRegistry);
+
+    // Should be registered now
+    const secondCall = getGuardRegistry(container);
+    expect(secondCall).toBe(registry);
+  });
+});
+
+describe('registerReflector', () => {
+  test('should return existing reflector if registered', () => {
+    const container = new Container();
+    const existingReflector = new Reflector();
+    container.registerInstance(REFLECTOR_TOKEN, existingReflector);
+
+    const reflector = registerReflector(container);
+    expect(reflector).toBe(existingReflector);
+  });
+
+  test('should create and register new reflector if not exists', () => {
+    const container = new Container();
+
+    const reflector = registerReflector(container);
+    expect(reflector).toBeInstanceOf(Reflector);
+
+    // Should be registered now
+    const secondCall = registerReflector(container);
+    expect(secondCall).toBe(reflector);
+  });
+});

package/tests/security/security-module-extended.test.ts

@@ -0,0 +1,133 @@
+import { describe, expect, test, beforeEach, afterEach } from 'bun:test';
+import 'reflect-metadata';
+
+import { SecurityModule } from '../../src/security/security-module';
+import { MODULE_METADATA_KEY } from '../../src/di/module';
+import { GuardRegistry } from '../../src/security/guards/guard-registry';
+import { JWT_UTIL_TOKEN, OAUTH2_SERVICE_TOKEN } from '../../src/auth/controller';
+import { GUARD_REGISTRY_TOKEN, type Guard, type ExecutionContext } from '../../src/security/guards/types';
+import { REFLECTOR_TOKEN } from '../../src/security/guards/reflector';
+
+describe('SecurityModule', () => {
+  beforeEach(() => {
+    SecurityModule.reset();
+  });
+
+  afterEach(() => {
+    SecurityModule.reset();
+  });
+
+  describe('forRoot', () => {
+    test('should create module with JWT config', () => {
+      SecurityModule.forRoot({
+        jwt: {
+          secret: 'test-secret',
+          accessTokenExpiresIn: 3600,
+        },
+      });
+
+      const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+      expect(metadata.providers).toBeDefined();
+      expect(metadata.exports).toContain(JWT_UTIL_TOKEN);
+    });
+
+    test('should create module with OAuth2 config', () => {
+      SecurityModule.forRoot({
+        jwt: { secret: 'secret' },
+        oauth2Clients: [
+          {
+            clientId: 'test-client',
+            clientSecret: 'test-secret',
+            redirectUris: ['http://localhost/callback'],
+            grantTypes: ['authorization_code'],
+          },
+        ],
+      });
+
+      const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+      expect(metadata.exports).toContain(OAUTH2_SERVICE_TOKEN);
+    });
+
+    test('should register guard registry', () => {
+      SecurityModule.forRoot({
+        jwt: { secret: 'secret' },
+      });
+
+      const guardRegistry = SecurityModule.getGuardRegistry();
+      expect(guardRegistry).toBeInstanceOf(GuardRegistry);
+    });
+
+    test('should export guard registry and reflector', () => {
+      SecurityModule.forRoot({
+        jwt: { secret: 'secret' },
+      });
+
+      const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+      expect(metadata.exports).toContain(GUARD_REGISTRY_TOKEN);
+      expect(metadata.exports).toContain(REFLECTOR_TOKEN);
+    });
+
+    test('should support exclude paths', () => {
+      SecurityModule.forRoot({
+        jwt: { secret: 'secret' },
+        excludePaths: ['/public', '/health'],
+      });
+
+      const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+      expect(metadata.middlewares.length).toBeGreaterThan(0);
+    });
+  });
+
+  describe('getGuardRegistry', () => {
+    test('should return null before forRoot', () => {
+      const registry = SecurityModule.getGuardRegistry();
+      expect(registry).toBeNull();
+    });
+
+    test('should return registry after forRoot', () => {
+      SecurityModule.forRoot({ jwt: { secret: 'secret' } });
+      const registry = SecurityModule.getGuardRegistry();
+      expect(registry).not.toBeNull();
+    });
+  });
+
+  describe('addGlobalGuards', () => {
+    test('should add guards to registry', () => {
+      SecurityModule.forRoot({ jwt: { secret: 'secret' } });
+
+      class TestGuard implements Guard {
+        public async canActivate(context: ExecutionContext): Promise<boolean> {
+          return true;
+        }
+      }
+
+      SecurityModule.addGlobalGuards(TestGuard);
+
+      const registry = SecurityModule.getGuardRegistry();
+      expect(registry).not.toBeNull();
+    });
+
+    test('should not throw when registry not initialized', () => {
+      class TestGuard implements Guard {
+        public async canActivate(context: ExecutionContext): Promise<boolean> {
+          return true;
+        }
+      }
+
+      expect(() => SecurityModule.addGlobalGuards(TestGuard)).not.toThrow();
+    });
+  });
+
+  describe('reset', () => {
+    test('should clear registry and metadata', () => {
+      SecurityModule.forRoot({ jwt: { secret: 'secret' } });
+      expect(SecurityModule.getGuardRegistry()).not.toBeNull();
+
+      SecurityModule.reset();
+
+      expect(SecurityModule.getGuardRegistry()).toBeNull();
+      const metadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule);
+      expect(metadata).toBeUndefined();
+    });
+  });
+});

package/tests/session/memory-session-store.test.ts

@@ -0,0 +1,172 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+
+import { MemorySessionStore, type Session } from '../../src/session/types';
+
+describe('MemorySessionStore', () => {
+  let store: MemorySessionStore;
+
+  beforeEach(() => {
+    store = new MemorySessionStore();
+  });
+
+  function createSession(id: string, data: Record<string, unknown> = {}): Session {
+    const now = Date.now();
+    return {
+      id,
+      data,
+      createdAt: now,
+      lastAccessedAt: now,
+      expiresAt: now + 3600000, // 1 hour
+    };
+  }
+
+  describe('get', () => {
+    test('should return undefined for non-existent session', async () => {
+      const session = await store.get('non-existent');
+      expect(session).toBeUndefined();
+    });
+
+    test('should return session if exists and not expired', async () => {
+      const session = createSession('test-1', { user: 'alice' });
+      await store.set(session, 3600000);
+
+      const retrieved = await store.get('test-1');
+      expect(retrieved).toBeDefined();
+      expect(retrieved?.data.user).toBe('alice');
+    });
+
+    test('should return undefined for expired session', async () => {
+      const session = createSession('test-2');
+      await store.set(session, 50); // 50ms TTL
+
+      // Wait for expiration
+      await new Promise((resolve) => setTimeout(resolve, 100));
+
+      const retrieved = await store.get('test-2');
+      expect(retrieved).toBeUndefined();
+    });
+  });
+
+  describe('set', () => {
+    test('should set session successfully', async () => {
+      const session = createSession('test-3', { count: 42 });
+      const result = await store.set(session, 3600000);
+      expect(result).toBe(true);
+
+      const retrieved = await store.get('test-3');
+      expect(retrieved?.data.count).toBe(42);
+    });
+
+    test('should update expiresAt and lastAccessedAt', async () => {
+      const session = createSession('test-4');
+      const before = Date.now();
+      await store.set(session, 60000);
+
+      const retrieved = await store.get('test-4');
+      expect(retrieved?.lastAccessedAt).toBeGreaterThanOrEqual(before);
+      expect(retrieved?.expiresAt).toBeGreaterThan(Date.now());
+    });
+
+    test('should overwrite existing session', async () => {
+      const session1 = createSession('test-5', { version: 1 });
+      await store.set(session1, 3600000);
+
+      const session2 = createSession('test-5', { version: 2 });
+      await store.set(session2, 3600000);
+
+      const retrieved = await store.get('test-5');
+      expect(retrieved?.data.version).toBe(2);
+    });
+  });
+
+  describe('delete', () => {
+    test('should delete existing session', async () => {
+      const session = createSession('test-6');
+      await store.set(session, 3600000);
+
+      const deleted = await store.delete('test-6');
+      expect(deleted).toBe(true);
+
+      const retrieved = await store.get('test-6');
+      expect(retrieved).toBeUndefined();
+    });
+
+    test('should return false for non-existent session', async () => {
+      const deleted = await store.delete('non-existent');
+      expect(deleted).toBe(false);
+    });
+  });
+
+  describe('has', () => {
+    test('should return true for existing session', async () => {
+      const session = createSession('test-7');
+      await store.set(session, 3600000);
+
+      const exists = await store.has('test-7');
+      expect(exists).toBe(true);
+    });
+
+    test('should return false for non-existent session', async () => {
+      const exists = await store.has('non-existent');
+      expect(exists).toBe(false);
+    });
+
+    test('should return false for expired session', async () => {
+      const session = createSession('test-8');
+      await store.set(session, 50); // 50ms TTL
+
+      // Wait for expiration
+      await new Promise((resolve) => setTimeout(resolve, 100));
+
+      const exists = await store.has('test-8');
+      expect(exists).toBe(false);
+    });
+  });
+
+  describe('touch', () => {
+    test('should update lastAccessedAt', async () => {
+      const session = createSession('test-9');
+      await store.set(session, 3600000);
+
+      const beforeTouch = await store.get('test-9');
+      const lastAccessedBefore = beforeTouch?.lastAccessedAt;
+
+      await new Promise((resolve) => setTimeout(resolve, 10));
+      await store.touch('test-9');
+
+      const afterTouch = await store.get('test-9');
+      expect(afterTouch?.lastAccessedAt).toBeGreaterThanOrEqual(lastAccessedBefore!);
+    });
+
+    test('should return false for non-existent session', async () => {
+      const result = await store.touch('non-existent');
+      expect(result).toBe(false);
+    });
+
+    test('should return false for expired session', async () => {
+      const session = createSession('test-10');
+      await store.set(session, 50); // 50ms TTL
+
+      // Wait for expiration
+      await new Promise((resolve) => setTimeout(resolve, 100));
+
+      const result = await store.touch('test-10');
+      expect(result).toBe(false);
+    });
+  });
+
+  describe('clear', () => {
+    test('should clear all sessions', async () => {
+      await store.set(createSession('s1'), 3600000);
+      await store.set(createSession('s2'), 3600000);
+      await store.set(createSession('s3'), 3600000);
+
+      const result = await store.clear();
+      expect(result).toBe(true);
+
+      expect(await store.has('s1')).toBe(false);
+      expect(await store.has('s2')).toBe(false);
+      expect(await store.has('s3')).toBe(false);
+    });
+  });
+});