@dbos-inc/koa-serve 3.5.44-preview.gc094fdab44 → 3.6.5-preview

package/tests/argsource.test.ts

@@ -0,0 +1,150 @@
+import Koa from 'koa';
+import Router from '@koa/router';
+
+import { DBOS } from '@dbos-inc/dbos-sdk';
+
+import { ArgSources, DBOSKoa } from '../src';
+
+import request from 'supertest';
+import bodyParser from '@koa/bodyparser';
+
+const dhttp = new DBOSKoa();
+
+describe('httpserver-argsource-tests', () => {
+  let app: Koa;
+  let appRouter: Router;
+
+  beforeAll(async () => {
+    DBOS.setConfig({
+      name: 'dbos-koa-test',
+    });
+    return Promise.resolve();
+  });
+
+  beforeEach(async () => {
+    const _classes = [ArgTestEndpoints];
+    await DBOS.launch();
+    app = new Koa();
+    appRouter = new Router();
+    dhttp.registerWithApp(app, appRouter);
+  });
+
+  afterEach(async () => {
+    await DBOS.shutdown();
+  });
+
+  test('get-query', async () => {
+    const response1 = await request(app.callback()).get('/getquery?name=alice');
+    expect(response1.statusCode).toBe(200);
+    expect(response1.text).toBe('hello alice');
+    const response2 = await request(app.callback()).get('/getquery').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(400);
+  });
+
+  test('get-body', async () => {
+    const response1 = await request(app.callback()).get('/getbody?name=alice');
+    expect(response1.statusCode).toBe(400);
+    const response2 = await request(app.callback()).get('/getbody').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(200);
+    expect(response2.text).toBe('hello alice');
+  });
+
+  test('get-default', async () => {
+    const response1 = await request(app.callback()).get('/getdefault?name=alice');
+    expect(response1.statusCode).toBe(200);
+    expect(response1.text).toBe('hello alice');
+    const response2 = await request(app.callback()).get('/getdefault').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(400);
+  });
+
+  test('get-auto', async () => {
+    const response1 = await request(app.callback()).get('/getauto?name=alice');
+    expect(response1.statusCode).toBe(200);
+    expect(response1.text).toBe('hello alice');
+    const response2 = await request(app.callback()).get('/getauto').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(200);
+    expect(response2.text).toBe('hello alice');
+  });
+
+  test('post-query', async () => {
+    const response1 = await request(app.callback()).post('/postquery?name=alice');
+    expect(response1.statusCode).toBe(200);
+    expect(response1.text).toBe('hello alice');
+    const response2 = await request(app.callback()).post('/postquery').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(400);
+  });
+
+  test('post-body', async () => {
+    const response1 = await request(app.callback()).post('/postbody?name=alice');
+    expect(response1.statusCode).toBe(400);
+    const response2 = await request(app.callback()).post('/postbody').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(200);
+    expect(response2.text).toBe('hello alice');
+  });
+
+  test('post-default', async () => {
+    const response1 = await request(app.callback()).post('/postdefault?name=alice');
+    expect(response1.statusCode).toBe(400);
+    const response2 = await request(app.callback()).post('/postdefault').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(200);
+    expect(response2.text).toBe('hello alice');
+  });
+
+  test('post-auto', async () => {
+    const response1 = await request(app.callback()).post('/postauto?name=alice');
+    expect(response1.statusCode).toBe(200);
+    expect(response1.text).toBe('hello alice');
+    const response2 = await request(app.callback()).post('/postauto').send({ name: 'alice' });
+    expect(response2.statusCode).toBe(200);
+    expect(response2.text).toBe('hello alice');
+  });
+
+  @dhttp.koaBodyParser(
+    bodyParser({
+      enableTypes: ['json'],
+      parsedMethods: ['GET', 'POST'],
+    }),
+  )
+  @DBOSKoa.defaultArgRequired
+  class ArgTestEndpoints {
+    @dhttp.getApi('/getquery')
+    static async getQuery(@DBOSKoa.argSource(ArgSources.QUERY) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.getApi('/getbody')
+    static async getBody(@DBOSKoa.argSource(ArgSources.BODY) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.getApi('/getdefault')
+    static async getDefault(@DBOSKoa.argSource(ArgSources.DEFAULT) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.getApi('/getauto')
+    static async getAuto(@DBOSKoa.argSource(ArgSources.AUTO) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.postApi('/postquery')
+    static async postQuery(@DBOSKoa.argSource(ArgSources.QUERY) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.postApi('/postbody')
+    static async postBody(@DBOSKoa.argSource(ArgSources.BODY) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.postApi('/postdefault')
+    static async postDefault(@DBOSKoa.argSource(ArgSources.DEFAULT) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+
+    @dhttp.postApi('/postauto')
+    static async postAuto(@DBOSKoa.argSource(ArgSources.AUTO) name: string) {
+      return Promise.resolve(`hello ${name}`);
+    }
+  }
+});

package/tests/auth.test.ts

@@ -61,17 +61,17 @@ describe('httpserver-defsec-tests', () => {
 
   test('not-authenticated', async () => {
     const response = await request(app.callback()).get('/requireduser?name=alice');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(401);
   });
 
   test('not-you', async () => {
     const response = await request(app.callback()).get('/requireduser?name=alice&userid=go_away');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(401);
   });
 
   test('not-authorized', async () => {
     const response = await request(app.callback()).get('/requireduser?name=alice&userid=bob');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(403);
   });
 
   test('authorized', async () => {
@@ -83,6 +83,22 @@ describe('httpserver-defsec-tests', () => {
   test('cascade-authorized', async () => {
     const response = await request(app.callback()).get('/workflow?name=alice&userid=a_real_user');
     expect(response.statusCode).toBe(200);
+
+    const txnResponse = await request(app.callback()).get('/transaction?name=alice&userid=a_real_user');
+    expect(txnResponse.statusCode).toBe(200);
+  });
+
+  // We can directly test a transaction with passed in authorizedRoles.
+  test('direct-transaction-test', async () => {
+    await DBOS.withAuthedContext('user', ['user'], async () => {
+      const res = await TestEndpointDefSec.testStep('alice');
+      expect(res).toBe('hello 1');
+    });
+
+    // Unauthorized.
+    await expect(TestEndpointDefSec.testStep('alice')).rejects.toThrow(
+      new DBOSError.DBOSNotAuthorizedError('User does not have a role with permission to call testStep', 403),
+    );
   });
 
   async function authTestMiddleware(ctx: DBOSKoaAuthContext) {
@@ -147,7 +163,8 @@ describe('httpserver-defsec-tests', () => {
 
     @DBOS.step()
     static async testStep(name: string) {
-      return Promise.resolve(`hello ${name}`);
+      void name;
+      return Promise.resolve(`hello 1`);
     }
 
     @DBOS.workflow()
@@ -160,6 +177,11 @@ describe('httpserver-defsec-tests', () => {
     static async testWfEndpoint(name: string) {
       return await TestEndpointDefSec.testWorkflow(name);
     }
+
+    @dhttp.getApi('/transaction')
+    static async testTxnEndpoint(name: string) {
+      return await TestEndpointDefSec.testStep(name);
+    }
   }
 
   class SecondClass {

package/tests/endpoints.test.ts

@@ -4,7 +4,7 @@ import Router from '@koa/router';
 
 import { DBOS, Error as DBOSErrors, StatusString } from '@dbos-inc/dbos-sdk';
 
-import { DBOSKoa, DBOSKoaAuthContext, RequestIDHeader, WorkflowIDHeader } from '../src';
+import { DBOSKoa, DBOSKoaAuthContext, RequestIDHeader, WorkflowIDHeader, DBOSResponseError } from '../src';
 
 import request from 'supertest';
 
@@ -97,12 +97,17 @@ describe('httpserver-tests', () => {
   });
 
   test('post-test-custom-body', async () => {
-    const response = await request(app.callback())
+    let response = await request(app.callback())
       .post('/testpost')
       .set('Content-Type', 'application/custom-content-type')
       .send(JSON.stringify({ name: 'alice' }));
     expect(response.statusCode).toBe(200);
     expect(response.text).toBe('hello alice');
+    response = await request(app.callback())
+      .post('/testpost')
+      .set('Content-Type', 'application/rejected-custom-content-type')
+      .send(JSON.stringify({ name: 'alice' }));
+    expect(response.statusCode).toBe(400);
   });
 
   test('put-test', async () => {
@@ -112,12 +117,17 @@ describe('httpserver-tests', () => {
   });
 
   test('put-test-custom-body', async () => {
-    const response = await request(app.callback())
+    let response = await request(app.callback())
       .put('/testput')
       .set('Content-Type', 'application/custom-content-type')
       .send(JSON.stringify({ name: 'alice' }));
     expect(response.statusCode).toBe(200);
     expect(response.text).toBe('hello alice');
+    response = await request(app.callback())
+      .put('/testput')
+      .set('Content-Type', 'application/rejected-custom-content-type')
+      .send(JSON.stringify({ name: 'alice' }));
+    expect(response.statusCode).toBe(400);
   });
 
   test('patch-test', async () => {
@@ -127,12 +137,17 @@ describe('httpserver-tests', () => {
   });
 
   test('patch-test-custom-body', async () => {
-    const response = await request(app.callback())
+    let response = await request(app.callback())
       .patch('/testpatch')
       .set('Content-Type', 'application/custom-content-type')
       .send(JSON.stringify({ name: 'alice' }));
     expect(response.statusCode).toBe(200);
     expect(response.text).toBe('hello alice');
+    response = await request(app.callback())
+      .patch('/testpatch')
+      .set('Content-Type', 'application/rejected-custom-content-type')
+      .send(JSON.stringify({ name: 'alice' }));
+    expect(response.statusCode).toBe(400);
   });
 
   test('endpoint-step', async () => {
@@ -144,7 +159,7 @@ describe('httpserver-tests', () => {
   test('endpoint-workflow', async () => {
     const response = await request(app.callback()).post('/workflow?name=alice');
     expect(response.statusCode).toBe(200);
-    expect(response.text).toBe('alice');
+    expect(response.text).toBe('hello alice');
   });
 
   test('endpoint-error', async () => {
@@ -155,19 +170,19 @@ describe('httpserver-tests', () => {
   test('endpoint-handler', async () => {
     const response = await request(app.callback()).get('/handler/alice');
     expect(response.statusCode).toBe(200);
-    expect(response.text).toBe('alice');
+    expect(response.text).toBe('hello alice');
   });
 
   test('endpoint-testStartWorkflow', async () => {
     const response = await request(app.callback()).get('/testStartWorkflow/alice');
     expect(response.statusCode).toBe(200);
-    expect(response.text).toBe('alice');
+    expect(response.text).toBe('hello alice');
   });
 
   test('endpoint-testInvokeWorkflow', async () => {
     const response = await request(app.callback()).get('/testInvokeWorkflow/alice');
     expect(response.statusCode).toBe(200);
-    expect(response.text).toBe('alice');
+    expect(response.text).toBe('hello alice');
   });
 
   // This feels unclean, but supertest doesn't expose the error message the people we want. See:
@@ -178,11 +193,17 @@ describe('httpserver-tests', () => {
 
   test('response-error', async () => {
     const response = await request(app.callback()).get('/dbos-error');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(503);
     expect((response as unknown as Res).res.statusMessage).toBe('customize error');
     expect(response.body.message).toBe('customize error');
   });
 
+  test('datavalidation-error', async () => {
+    const response = await request(app.callback()).get('/query');
+    expect(response.statusCode).toBe(400);
+    expect(response.body.details.dbosErrorCode).toBe(9);
+  });
+
   test('dbos-redirect', async () => {
     const response = await request(app.callback()).get('/redirect');
     expect(response.statusCode).toBe(302);
@@ -210,17 +231,17 @@ describe('httpserver-tests', () => {
 
   test('not-authenticated', async () => {
     const response = await request(app.callback()).get('/requireduser?name=alice');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(401);
   });
 
   test('not-you', async () => {
     const response = await request(app.callback()).get('/requireduser?name=alice&userid=go_away');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(401);
   });
 
   test('not-authorized', async () => {
     const response = await request(app.callback()).get('/requireduser?name=alice&userid=bob');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(403);
   });
 
   test('authorized', async () => {
@@ -230,17 +251,17 @@ describe('httpserver-tests', () => {
 
   test('not-authenticated2', async () => {
     const response = await request(app.callback()).get('/requireduser2?name=alice');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(401);
   });
 
   test('not-you2', async () => {
     const response = await request(app.callback()).get('/requireduser2?name=alice&userid=go_away');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(401);
   });
 
   test('not-authorized2', async () => {
     const response = await request(app.callback()).get('/requireduser2?name=alice&userid=bob');
-    expect(response.statusCode).toBe(500);
+    expect(response.statusCode).toBe(403);
   });
 
   test('authorized2', async () => {
@@ -254,12 +275,12 @@ describe('httpserver-tests', () => {
       .post('/workflow?name=bob')
       .set({ 'dbos-idempotency-key': workflowID });
     expect(response.statusCode).toBe(200);
-    expect(response.text).toBe('bob');
+    expect(response.text).toBe('hello bob');
 
     // Retrieve the workflow with WFID.
     const retrievedHandle = DBOS.retrieveWorkflow(workflowID);
     expect(retrievedHandle).not.toBeNull();
-    await expect(retrievedHandle.getResult()).resolves.toBe('bob');
+    await expect(retrievedHandle.getResult()).resolves.toBe('hello bob');
     await expect(retrievedHandle.getStatus()).resolves.toMatchObject({
       status: StatusString.SUCCESS,
     });
@@ -269,12 +290,12 @@ describe('httpserver-tests', () => {
     const workflowID = randomUUID();
     const response = await request(app.callback()).get('/handler/bob').set({ 'dbos-idempotency-key': workflowID });
     expect(response.statusCode).toBe(200);
-    expect(response.text).toBe('bob');
+    expect(response.text).toBe('hello bob');
 
     // Retrieve the workflow with WFID.
     const retrievedHandle = DBOS.retrieveWorkflow(workflowID);
     expect(retrievedHandle).not.toBeNull();
-    await expect(retrievedHandle.getResult()).resolves.toBe('bob');
+    await expect(retrievedHandle.getResult()).resolves.toBe('hello bob');
     await expect(retrievedHandle.getStatus()).resolves.toMatchObject({
       status: StatusString.SUCCESS,
     });
@@ -311,6 +332,7 @@ describe('httpserver-tests', () => {
       parsedMethods: ['POST', 'PUT', 'PATCH', 'GET', 'DELETE'],
     }),
   )
+  @DBOSKoa.defaultArgRequired
   class TestEndpoints {
     @dhttp.getApi('/hello')
     static async hello() {
@@ -339,12 +361,6 @@ describe('httpserver-tests', () => {
       return Promise.resolve(url);
     }
 
-    @dhttp.getApi('/dbos-error')
-    @DBOS.workflow()
-    static async dbosErr() {
-      return Promise.reject(new Error('customize error'));
-    }
-
     @dhttp.getApi('/query')
     static async helloQuery(name: string) {
       DBOS.logger.info(`query with name ${name}`); // Test logging.
@@ -390,6 +406,12 @@ describe('httpserver-tests', () => {
       return Promise.resolve(`hello ${name}`);
     }
 
+    @dhttp.getApi('/dbos-error')
+    @DBOS.step()
+    static async dbosErr() {
+      return Promise.reject(new DBOSResponseError('customize error', 503));
+    }
+
     @dhttp.getApi('/handler/:name')
     static async testHandler(name: string) {
       const workflowID: string = DBOSKoa.koaContext.get(WorkflowIDHeader);
@@ -420,27 +442,29 @@ describe('httpserver-tests', () => {
     @dhttp.postApi('/workflow')
     @DBOS.workflow()
     static async testWorkflow(name: string) {
-      return TestEndpoints.testStep(name);
+      return TestEndpoints.testStep(`hello ${name}`);
     }
 
     @dhttp.postApi('/error')
     @DBOS.workflow()
     static async testWorkflowError(name: string) {
-      await Promise.resolve();
-      throw Error(name);
+      void name;
+      // This workflow should encounter duplicate primary key error.
+      throw new Error('fail');
+      return Promise.resolve('');
     }
 
     @dhttp.getApi('/requireduser')
     @DBOS.requiredRole(['user'])
     static async testAuth(name: string) {
       if (DBOS.authenticatedUser !== 'a_real_user') {
-        throw new Error('uid not a real user!');
+        throw new DBOSResponseError('uid not a real user!', 400);
       }
       if (!DBOS.authenticatedRoles.includes('user')) {
-        throw new Error("roles don't include user!");
+        throw new DBOSResponseError("roles don't include user!", 400);
       }
       if (DBOS.assumedRole !== 'user') {
-        throw new Error('Should never happen! Not assumed to be user');
+        throw new DBOSResponseError('Should never happen! Not assumed to be user', 400);
       }
       return Promise.resolve(`Please say hello to ${name}`);
     }
@@ -449,13 +473,13 @@ describe('httpserver-tests', () => {
     @DBOS.requiredRole(['user'])
     static async testAuth2(name: string) {
       if (DBOS.authenticatedUser !== 'a_real_user') {
-        throw new Error('uid not a real user!');
+        throw new DBOSResponseError('uid not a real user!', 400);
       }
       if (!DBOS.authenticatedRoles.includes('user')) {
-        throw new Error("roles don't include user!");
+        throw new DBOSResponseError("roles don't include user!", 400);
       }
       if (DBOS.assumedRole !== 'user') {
-        throw new Error('Should never happen! Not assumed to be user');
+        throw new DBOSResponseError('Should never happen! Not assumed to be user', 400);
       }
       return Promise.resolve(`Please say hello to ${name}`);
     }

package/tests/steps.test.ts

@@ -56,9 +56,14 @@ describe('registerstep', () => {
     expect(response1.statusCode).toBe(200);
     const response2 = await request(app.callback()).get('/api/i2?user=jeremy');
     expect(response2.statusCode).toBe(200);
+    const response3 = await request(app.callback()).get('/api/i1');
+    expect(response3.statusCode).toBe(400);
+    const response4 = await request(app.callback()).get('/api/i2');
+    expect(response4.statusCode).toBe(400);
   });
 });
 
+@DBOSKoa.defaultArgValidate
 class KnexKoa {
   @customstep()
   @dhttp.getApi('/api/i2')

package/tests/transactions.test.ts

@@ -77,9 +77,14 @@ describe('KnexDataSource', () => {
     expect(response1.statusCode).toBe(200);
     const response2 = await request(app.callback()).get('/api/i2?user=jeremy');
     expect(response2.statusCode).toBe(200);
+    const response3 = await request(app.callback()).get('/api/i1');
+    expect(response3.statusCode).toBe(400);
+    const response4 = await request(app.callback()).get('/api/i2');
+    expect(response4.statusCode).toBe(400);
   });
 });
 
+@DBOSKoa.defaultArgValidate
 class KnexKoa {
   @knexds.transaction()
   @dhttp.getApi('/api/i2')