npm - @donotdev/functions - Versions diffs - 0.0.9 → 0.0.11 - Mend

@donotdev/functions 0.0.9 → 0.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/package.json +31 -7
package/src/firebase/auth/setCustomClaims.ts +26 -4
package/src/firebase/baseFunction.ts +43 -20
package/src/firebase/billing/cancelSubscription.ts +9 -1
package/src/firebase/billing/changePlan.ts +8 -2
package/src/firebase/billing/createCustomerPortal.ts +16 -2
package/src/firebase/billing/refreshSubscriptionStatus.ts +3 -1
package/src/firebase/billing/webhookHandler.ts +13 -1
package/src/firebase/config/constants.ts +0 -3
package/src/firebase/crud/aggregate.ts +20 -5
package/src/firebase/crud/create.ts +31 -7
package/src/firebase/crud/get.ts +16 -8
package/src/firebase/crud/list.ts +70 -29
package/src/firebase/crud/update.ts +29 -7
package/src/firebase/oauth/exchangeToken.ts +30 -4
package/src/firebase/oauth/githubAccess.ts +8 -3
package/src/firebase/registerCrudFunctions.ts +15 -4
package/src/firebase/scheduled/checkExpiredSubscriptions.ts +20 -3
package/src/shared/__tests__/detectFirestore.test.ts +52 -0
package/src/shared/__tests__/errorHandling.test.ts +144 -0
package/src/shared/__tests__/idempotency.test.ts +95 -0
package/src/shared/__tests__/rateLimiter.test.ts +142 -0
package/src/shared/__tests__/validation.test.ts +172 -0
package/src/shared/billing/__tests__/createCheckout.test.ts +393 -0
package/src/shared/billing/__tests__/webhookHandler.test.ts +1091 -0
package/src/shared/billing/webhookHandler.ts +16 -7
package/src/shared/errorHandling.ts +16 -54
package/src/shared/firebase.ts +1 -25
package/src/shared/oauth/__tests__/exchangeToken.test.ts +116 -0
package/src/shared/oauth/__tests__/grantAccess.test.ts +237 -0
package/src/shared/schema.ts +7 -1
package/src/shared/utils/__tests__/functionWrapper.test.ts +122 -0
package/src/shared/utils/external/subscription.ts +10 -0
package/src/shared/utils/internal/auth.ts +140 -16
package/src/shared/utils/internal/rateLimiter.ts +101 -90
package/src/shared/utils/internal/validation.ts +47 -3
package/src/shared/utils.ts +154 -39
package/src/supabase/auth/deleteAccount.ts +59 -0
package/src/supabase/auth/getCustomClaims.ts +56 -0
package/src/supabase/auth/getUserAuthStatus.ts +64 -0
package/src/supabase/auth/removeCustomClaims.ts +75 -0
package/src/supabase/auth/setCustomClaims.ts +73 -0
package/src/supabase/baseFunction.ts +302 -0
package/src/supabase/billing/cancelSubscription.ts +57 -0
package/src/supabase/billing/changePlan.ts +62 -0
package/src/supabase/billing/createCheckoutSession.ts +82 -0
package/src/supabase/billing/createCustomerPortal.ts +58 -0
package/src/supabase/billing/refreshSubscriptionStatus.ts +89 -0
package/src/supabase/crud/aggregate.ts +169 -0
package/src/supabase/crud/create.ts +225 -0
package/src/supabase/crud/delete.ts +154 -0
package/src/supabase/crud/get.ts +89 -0
package/src/supabase/crud/index.ts +24 -0
package/src/supabase/crud/list.ts +357 -0
package/src/supabase/crud/update.ts +199 -0
package/src/supabase/helpers/authProvider.ts +45 -0
package/src/supabase/index.ts +73 -0
package/src/supabase/registerCrudFunctions.ts +180 -0
package/src/supabase/utils/idempotency.ts +141 -0
package/src/supabase/utils/monitoring.ts +187 -0
package/src/supabase/utils/rateLimiter.ts +216 -0
package/src/vercel/api/auth/get-custom-claims.ts +3 -2
package/src/vercel/api/auth/get-user-auth-status.ts +3 -2
package/src/vercel/api/auth/remove-custom-claims.ts +3 -2
package/src/vercel/api/auth/set-custom-claims.ts +5 -2
package/src/vercel/api/billing/cancel.ts +2 -1
package/src/vercel/api/billing/change-plan.ts +3 -1
package/src/vercel/api/billing/customer-portal.ts +4 -1
package/src/vercel/api/billing/refresh-subscription-status.ts +3 -1
package/src/vercel/api/billing/webhook-handler.ts +24 -4
package/src/vercel/api/crud/create.ts +14 -8
package/src/vercel/api/crud/delete.ts +15 -6
package/src/vercel/api/crud/get.ts +16 -8
package/src/vercel/api/crud/list.ts +22 -10
package/src/vercel/api/crud/update.ts +16 -10
package/src/vercel/api/oauth/check-github-access.ts +2 -5
package/src/vercel/api/oauth/grant-github-access.ts +1 -5
package/src/vercel/api/oauth/revoke-github-access.ts +7 -8
package/src/vercel/api/utils/cors.ts +13 -2
package/src/vercel/baseFunction.ts +40 -25

package/src/shared/__tests__/idempotency.test.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+// Mock detectFirestore to return false (force in-memory)
+vi.mock('../utils/detectFirestore.js', () => ({
+  isFirestoreConfigured: vi.fn(() => false),
+}));
+import {
+  createIdempotencyStore,
+  resetIdempotencyStore,
+} from '../billing/idempotency';
+describe('InMemoryIdempotency', () => {
+  beforeEach(() => {
+    resetIdempotencyStore();
+    vi.spyOn(console, 'warn').mockImplementation(() => {});
+    vi.spyOn(console, 'log').mockImplementation(() => {});
+  });
+  it('creates in-memory store when Firestore not configured', () => {
+    const store = createIdempotencyStore();
+    expect(store).toBeDefined();
+    expect(typeof store.isProcessed).toBe('function');
+    expect(typeof store.markProcessed).toBe('function');
+  });
+  it('returns singleton instance', () => {
+    const store1 = createIdempotencyStore();
+    const store2 = createIdempotencyStore();
+    expect(store1).toBe(store2);
+  });
+  it('reports event as not processed initially', async () => {
+    const store = createIdempotencyStore();
+    const result = await store.isProcessed('evt_001');
+    expect(result).toBe(false);
+  });
+  it('reports event as processed after marking', async () => {
+    const store = createIdempotencyStore();
+    await store.markProcessed('evt_002');
+    const result = await store.isProcessed('evt_002');
+    expect(result).toBe(true);
+  });
+  it('distinguishes between different events', async () => {
+    const store = createIdempotencyStore();
+    await store.markProcessed('evt_a');
+    expect(await store.isProcessed('evt_a')).toBe(true);
+    expect(await store.isProcessed('evt_b')).toBe(false);
+  });
+  it('warns once on first isProcessed call', async () => {
+    const warnSpy = vi.spyOn(console, 'warn');
+    const store = createIdempotencyStore();
+    await store.isProcessed('evt_x');
+    await store.isProcessed('evt_y');
+    // Should warn at least once about in-memory usage
+    const inMemoryWarns = warnSpy.mock.calls.filter(
+      (call) => typeof call[0] === 'string' && call[0].includes('in-memory')
+    );
+    expect(inMemoryWarns.length).toBeGreaterThanOrEqual(1);
+  });
+  it('auto-cleans after 1000 entries (keeps last entries)', async () => {
+    const store = createIdempotencyStore();
+    // Add 1001 entries
+    for (let i = 0; i < 1001; i++) {
+      await store.markProcessed(`evt_${i}`);
+    }
+    // First entry should have been evicted
+    expect(await store.isProcessed('evt_0')).toBe(false);
+    // Recent entry should still exist
+    expect(await store.isProcessed('evt_1000')).toBe(true);
+  });
+  it('resetIdempotencyStore clears singleton', () => {
+    const store1 = createIdempotencyStore();
+    resetIdempotencyStore();
+    const store2 = createIdempotencyStore();
+    expect(store1).not.toBe(store2);
+  });
+});

package/src/shared/__tests__/rateLimiter.test.ts ADDED Viewed

@@ -0,0 +1,142 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+// Mock firebase-functions/v2 logger
+vi.mock('firebase-functions/v2', () => ({
+  logger: {
+    warn: vi.fn(),
+    info: vi.fn(),
+    error: vi.fn(),
+    log: vi.fn(),
+  },
+}));
+// Mock @donotdev/firebase/server (not used in in-memory path, but imported)
+vi.mock('@donotdev/firebase/server', () => ({
+  getFirebaseAdminFirestore: vi.fn(),
+}));
+import {
+  checkRateLimit,
+  resetRateLimit,
+  getRateLimitStatus,
+  DEFAULT_RATE_LIMITS,
+} from '../utils/internal/rateLimiter';
+const TEST_CONFIG = {
+  maxAttempts: 3,
+  windowMs: 60_000,
+  blockDurationMs: 300_000,
+};
+describe('checkRateLimit (in-memory)', () => {
+  beforeEach(() => {
+    // Reset rate limit store between tests
+    resetRateLimit('test-key');
+    resetRateLimit('other-key');
+  });
+  it('allows first request', async () => {
+    const result = await checkRateLimit('test-key', TEST_CONFIG);
+    expect(result.allowed).toBe(true);
+    expect(result.remaining).toBe(2); // 3 max - 1 used
+    expect(result.blockRemainingSeconds).toBeNull();
+  });
+  it('decrements remaining on each request', async () => {
+    await checkRateLimit('test-key', TEST_CONFIG);
+    const result = await checkRateLimit('test-key', TEST_CONFIG);
+    expect(result.allowed).toBe(true);
+    expect(result.remaining).toBe(1); // 3 max - 2 used
+  });
+  it('blocks after max attempts exceeded', async () => {
+    // Use all 3 attempts
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    // 4th request should be blocked
+    const result = await checkRateLimit('test-key', TEST_CONFIG);
+    expect(result.allowed).toBe(false);
+    expect(result.remaining).toBe(0);
+    expect(result.blockRemainingSeconds).toBeGreaterThan(0);
+    expect(result.resetAt).toBeInstanceOf(Date);
+  });
+  it('isolates keys from each other', async () => {
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    // Different key should still be allowed
+    const result = await checkRateLimit('other-key', TEST_CONFIG);
+    expect(result.allowed).toBe(true);
+    expect(result.remaining).toBe(2);
+  });
+});
+describe('resetRateLimit', () => {
+  it('clears rate limit allowing new requests', async () => {
+    // Exhaust attempts
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    // Reset
+    resetRateLimit('test-key');
+    // Should be allowed again
+    const result = await checkRateLimit('test-key', TEST_CONFIG);
+    expect(result.allowed).toBe(true);
+    expect(result.remaining).toBe(2);
+  });
+});
+describe('getRateLimitStatus', () => {
+  beforeEach(() => {
+    resetRateLimit('test-key');
+  });
+  it('returns full remaining for unknown key', () => {
+    const result = getRateLimitStatus('unknown-key', TEST_CONFIG);
+    expect(result.allowed).toBe(true);
+    expect(result.remaining).toBe(3);
+    expect(result.resetAt).toBeNull();
+    expect(result.blockRemainingSeconds).toBeNull();
+  });
+  it('reflects current usage without consuming attempt', async () => {
+    await checkRateLimit('test-key', TEST_CONFIG);
+    await checkRateLimit('test-key', TEST_CONFIG);
+    const status = getRateLimitStatus('test-key', TEST_CONFIG);
+    expect(status.remaining).toBe(1);
+    // Check again — should be same (no attempt consumed)
+    const status2 = getRateLimitStatus('test-key', TEST_CONFIG);
+    expect(status2.remaining).toBe(1);
+  });
+});
+describe('DEFAULT_RATE_LIMITS', () => {
+  it('has checkout config', () => {
+    expect(DEFAULT_RATE_LIMITS.checkout.maxAttempts).toBe(5);
+    expect(DEFAULT_RATE_LIMITS.checkout.windowMs).toBe(60_000);
+  });
+  it('has webhook config', () => {
+    expect(DEFAULT_RATE_LIMITS.webhook.maxAttempts).toBe(100);
+  });
+  it('has auth config', () => {
+    expect(DEFAULT_RATE_LIMITS.auth.maxAttempts).toBe(10);
+  });
+  it('has api config', () => {
+    expect(DEFAULT_RATE_LIMITS.api.maxAttempts).toBe(100);
+  });
+});

package/src/shared/__tests__/validation.test.ts ADDED Viewed

@@ -0,0 +1,172 @@
+import { describe, it, expect, vi } from 'vitest';
+// Mock firebase-functions/v2 logger
+vi.mock('firebase-functions/v2', () => ({
+  logger: {
+    warn: vi.fn(),
+    info: vi.fn(),
+    error: vi.fn(),
+    log: vi.fn(),
+  },
+}));
+import {
+  validateGitHubUsername,
+  validateEmail,
+  validateStripePriceId,
+  validateStripeSessionId,
+  validateUrl,
+  validateMetadata,
+} from '../utils/validation';
+describe('validateGitHubUsername', () => {
+  it('accepts valid usernames', () => {
+    expect(validateGitHubUsername('octocat')).toBe(true);
+    expect(validateGitHubUsername('user-name')).toBe(true);
+    expect(validateGitHubUsername('a')).toBe(true);
+    expect(validateGitHubUsername('user123')).toBe(true);
+  });
+  it('rejects invalid usernames', () => {
+    expect(validateGitHubUsername('')).toBe(false);
+    expect(validateGitHubUsername('-leadingdash')).toBe(false);
+    expect(validateGitHubUsername('has spaces')).toBe(false);
+    expect(validateGitHubUsername('special@char')).toBe(false);
+  });
+  it('rejects username exceeding 39 characters', () => {
+    const longName = 'a'.repeat(40);
+    expect(validateGitHubUsername(longName)).toBe(false);
+  });
+  it('accepts username at max 39 characters', () => {
+    const maxName = 'a'.repeat(39);
+    expect(validateGitHubUsername(maxName)).toBe(true);
+  });
+});
+describe('validateEmail', () => {
+  it('accepts valid emails', () => {
+    expect(validateEmail('user@example.com')).toBe(true);
+    expect(validateEmail('name+tag@domain.co')).toBe(true);
+    expect(validateEmail('a@b.c')).toBe(true);
+  });
+  it('rejects invalid emails', () => {
+    expect(validateEmail('')).toBe(false);
+    expect(validateEmail('noemail')).toBe(false);
+    expect(validateEmail('@missing.local')).toBe(false);
+    expect(validateEmail('missing@')).toBe(false);
+    expect(validateEmail('has space@test.com')).toBe(false);
+  });
+});
+describe('validateStripePriceId', () => {
+  it('accepts valid price IDs', () => {
+    expect(validateStripePriceId('price_1234567890')).toBe(true);
+    expect(validateStripePriceId('price_abc')).toBe(true);
+  });
+  it('rejects invalid price IDs', () => {
+    expect(validateStripePriceId('price_')).toBe(false);
+    expect(validateStripePriceId('prod_123')).toBe(false);
+    expect(validateStripePriceId('')).toBe(false);
+    expect(validateStripePriceId('123')).toBe(false);
+  });
+});
+describe('validateStripeSessionId', () => {
+  it('accepts valid session IDs', () => {
+    expect(validateStripeSessionId('cs_test_abc123')).toBe(true);
+    expect(validateStripeSessionId('cs_live_xyz')).toBe(true);
+  });
+  it('rejects invalid session IDs', () => {
+    expect(validateStripeSessionId('cs_')).toBe(false);
+    expect(validateStripeSessionId('sess_123')).toBe(false);
+    expect(validateStripeSessionId('')).toBe(false);
+  });
+});
+describe('validateUrl', () => {
+  it('accepts valid HTTP/HTTPS URLs', () => {
+    expect(validateUrl('https://example.com')).toBe('https://example.com');
+    expect(validateUrl('http://localhost:3000')).toBe('http://localhost:3000');
+    expect(validateUrl('https://app.example.com/path?q=1')).toBe(
+      'https://app.example.com/path?q=1'
+    );
+  });
+  it('rejects invalid URLs', () => {
+    expect(() => validateUrl('not-a-url')).toThrow();
+    expect(() => validateUrl('')).toThrow();
+  });
+  it('rejects non-HTTP protocols', () => {
+    expect(() => validateUrl('ftp://example.com')).toThrow('Invalid protocol');
+    expect(() => validateUrl('file:///etc/passwd')).toThrow('Invalid protocol');
+  });
+  it('includes custom name in error message', () => {
+    expect(() => validateUrl('bad', 'Success URL')).toThrow('Invalid Success URL');
+  });
+});
+describe('validateMetadata', () => {
+  it('passes through valid string metadata', () => {
+    const result = validateMetadata({ key: 'value', name: 'test' });
+    expect(result).toEqual({ key: 'value', name: 'test' });
+  });
+  it('rejects non-string values', () => {
+    expect(() => validateMetadata({ key: 123 as any })).toThrow(
+      "must be a string"
+    );
+    expect(() => validateMetadata({ key: true as any })).toThrow(
+      "must be a string"
+    );
+  });
+  it('sanitizes script tags', () => {
+    const result = validateMetadata({
+      xss: '<script>alert("xss")</script>',
+    });
+    expect(result.xss).not.toContain('<script');
+  });
+  it('sanitizes javascript: protocol', () => {
+    const result = validateMetadata({
+      link: 'javascript:alert(1)',
+    });
+    expect(result.link).not.toContain('javascript:');
+  });
+  it('sanitizes inline event handlers', () => {
+    const result = validateMetadata({
+      html: 'onclick=alert(1)',
+    });
+    expect(result.html).not.toContain('onclick=');
+  });
+  it('rejects values exceeding 1000 characters', () => {
+    const longValue = 'a'.repeat(1001);
+    expect(() => validateMetadata({ key: longValue })).toThrow('too long');
+  });
+  it('rejects keys exceeding 100 characters', () => {
+    const longKey = 'k'.repeat(101);
+    expect(() => validateMetadata({ [longKey]: 'value' })).toThrow('too long');
+  });
+  it('handles empty metadata object', () => {
+    const result = validateMetadata({});
+    expect(result).toEqual({});
+  });
+});