@effect-app/infra 4.0.0-beta.123 → 4.0.0-beta.125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist/Model/Repository/ext.d.ts +17 -10
- package/dist/Model/Repository/ext.d.ts.map +1 -1
- package/dist/Model/Repository/ext.js +21 -1
- package/dist/Model/Repository/internal/internal.d.ts +2 -2
- package/dist/Model/Repository/internal/internal.d.ts.map +1 -1
- package/dist/Model/Repository/internal/internal.js +5 -2
- package/dist/Model/Repository/service.d.ts +2 -2
- package/dist/Model/Repository/service.d.ts.map +1 -1
- package/dist/Operations.d.ts +1 -1
- package/dist/QueueMaker/memQueue.d.ts +5 -2
- package/dist/QueueMaker/memQueue.d.ts.map +1 -1
- package/dist/QueueMaker/memQueue.js +1 -1
- package/dist/QueueMaker/sbqueue.d.ts +5 -2
- package/dist/QueueMaker/sbqueue.d.ts.map +1 -1
- package/dist/QueueMaker/sbqueue.js +1 -1
- package/dist/RequestContext.d.ts +2 -2
- package/dist/Store/Memory.js +1 -1
- package/dist/Store/SQL/Pg.js +1 -1
- package/dist/Store/SQL.js +1 -1
- package/dist/api/internal/auth.d.ts +42 -4
- package/dist/api/internal/auth.d.ts.map +1 -1
- package/dist/api/internal/auth.js +160 -29
- package/dist/api/routing/middleware/middleware.d.ts.map +1 -1
- package/dist/api/routing/middleware/middleware.js +1 -1
- package/dist/api/routing.js +1 -1
- package/package.json +3 -7
- package/src/Model/Repository/ext.ts +39 -24
- package/src/Model/Repository/internal/internal.ts +4 -1
- package/src/Model/Repository/service.ts +4 -2
- package/src/QueueMaker/memQueue.ts +2 -2
- package/src/QueueMaker/sbqueue.ts +2 -2
- package/src/Store/Memory.ts +1 -1
- package/src/Store/SQL/Pg.ts +1 -1
- package/src/Store/SQL.ts +2 -2
- package/src/api/internal/auth.ts +242 -42
- package/src/api/routing/middleware/middleware.ts +1 -1
- package/src/api/routing.ts +1 -1
- package/test/auth.test.ts +101 -0
- package/test/rawQuery.test.ts +1 -1
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
import { describe, expect, it } from "@effect/vitest"
|
|
2
|
+
import { Effect } from "effect-app"
|
|
3
|
+
import { HttpHeaders } from "effect-app/http"
|
|
4
|
+
import { SignJWT } from "jose"
|
|
5
|
+
import { checkJWTI, InvalidRequestError, InvalidTokenError, UnauthorizedError } from "../src/api/internal/auth.js"
|
|
6
|
+
|
|
7
|
+
const issuer = "https://issuer.example.com/"
|
|
8
|
+
const audience = "effect-app"
|
|
9
|
+
const secret = "test-secret-test-secret-test-secret"
|
|
10
|
+
|
|
11
|
+
const makeToken = () =>
|
|
12
|
+
new SignJWT({ scope: "read:all" })
|
|
13
|
+
.setProtectedHeader({ alg: "HS256", typ: "at+jwt" })
|
|
14
|
+
.setIssuer(issuer)
|
|
15
|
+
.setAudience(audience)
|
|
16
|
+
.setIssuedAt()
|
|
17
|
+
.setExpirationTime("10m")
|
|
18
|
+
.sign(new TextEncoder().encode(secret))
|
|
19
|
+
|
|
20
|
+
describe("checkJWTI", () => {
|
|
21
|
+
it.effect(
|
|
22
|
+
"validates a bearer token from headers",
|
|
23
|
+
Effect.fnUntraced(function*() {
|
|
24
|
+
const token = yield* Effect.promise(() => makeToken())
|
|
25
|
+
|
|
26
|
+
yield* checkJWTI({
|
|
27
|
+
audience,
|
|
28
|
+
issuer,
|
|
29
|
+
secret,
|
|
30
|
+
strict: true,
|
|
31
|
+
tokenSigningAlg: "HS256"
|
|
32
|
+
})(HttpHeaders.fromRecordUnsafe({ authorization: `Bearer ${token}` }))
|
|
33
|
+
})
|
|
34
|
+
)
|
|
35
|
+
|
|
36
|
+
it.effect(
|
|
37
|
+
"fails on malformed authorization headers",
|
|
38
|
+
Effect.fnUntraced(function*() {
|
|
39
|
+
const error = yield* Effect.flip(
|
|
40
|
+
checkJWTI({
|
|
41
|
+
audience,
|
|
42
|
+
issuer,
|
|
43
|
+
secret,
|
|
44
|
+
tokenSigningAlg: "HS256"
|
|
45
|
+
})(HttpHeaders.fromRecordUnsafe({ authorization: "Basic abc" }))
|
|
46
|
+
)
|
|
47
|
+
|
|
48
|
+
expect(error).toBeInstanceOf(InvalidRequestError)
|
|
49
|
+
expect(error.status).toBe(400)
|
|
50
|
+
})
|
|
51
|
+
)
|
|
52
|
+
|
|
53
|
+
it.effect(
|
|
54
|
+
"fails when the token is missing",
|
|
55
|
+
Effect.fnUntraced(function*() {
|
|
56
|
+
const error = yield* Effect.flip(
|
|
57
|
+
checkJWTI({
|
|
58
|
+
audience,
|
|
59
|
+
issuer,
|
|
60
|
+
secret,
|
|
61
|
+
tokenSigningAlg: "HS256"
|
|
62
|
+
})(HttpHeaders.empty)
|
|
63
|
+
)
|
|
64
|
+
|
|
65
|
+
expect(error).toBeInstanceOf(UnauthorizedError)
|
|
66
|
+
expect(error.status).toBe(401)
|
|
67
|
+
})
|
|
68
|
+
)
|
|
69
|
+
|
|
70
|
+
it.effect(
|
|
71
|
+
"allows missing tokens when auth is optional",
|
|
72
|
+
Effect.fnUntraced(function*() {
|
|
73
|
+
yield* checkJWTI({
|
|
74
|
+
audience,
|
|
75
|
+
authRequired: false,
|
|
76
|
+
issuer,
|
|
77
|
+
secret,
|
|
78
|
+
tokenSigningAlg: "HS256"
|
|
79
|
+
})(HttpHeaders.empty)
|
|
80
|
+
})
|
|
81
|
+
)
|
|
82
|
+
|
|
83
|
+
it.effect(
|
|
84
|
+
"fails when the token signature is invalid",
|
|
85
|
+
Effect.fnUntraced(function*() {
|
|
86
|
+
const token = yield* Effect.promise(() => makeToken())
|
|
87
|
+
|
|
88
|
+
const error = yield* Effect.flip(
|
|
89
|
+
checkJWTI({
|
|
90
|
+
audience,
|
|
91
|
+
issuer,
|
|
92
|
+
secret: "wrong-secret-wrong-secret-wrong-secret",
|
|
93
|
+
tokenSigningAlg: "HS256"
|
|
94
|
+
})(HttpHeaders.fromRecordUnsafe({ authorization: `Bearer ${token}` }))
|
|
95
|
+
)
|
|
96
|
+
|
|
97
|
+
expect(error).toBeInstanceOf(InvalidTokenError)
|
|
98
|
+
expect(error.status).toBe(401)
|
|
99
|
+
})
|
|
100
|
+
)
|
|
101
|
+
})
|
package/test/rawQuery.test.ts
CHANGED
|
@@ -409,7 +409,7 @@ describe("removeByIds", () => {
|
|
|
409
409
|
|
|
410
410
|
yield* repo.saveAndPublish(items)
|
|
411
411
|
const itemsAfterSave = yield* repo.all
|
|
412
|
-
yield* repo.removeById(
|
|
412
|
+
yield* repo.removeById([items[0]!.id, items[1]!.id])
|
|
413
413
|
|
|
414
414
|
const items2 = yield* repo.all
|
|
415
415
|
|