@es-labs/jslib 0.0.1

package/express/controller/auth/oauth.js

@@ -0,0 +1,39 @@
+import { authFns, createToken, setTokensToHeader } from '../../../auth/index.js'
+
+const { AUTH_ERROR_URL } = process.env
+const OAUTH_OPTIONS = JSON.parse(process.env.OAUTH_OPTIONS || null) || {}
+// set callback URL on github to <schema://host:port>/api/oauth/callback
+// initiated from browser - window.location.replace('https://github.com/login/oauth/authorize?scope=user:email&client_id=XXXXXXXXXXXXXXXXXXXX')
+
+// /callback
+export const callbackOAuth = async (req, res) => {
+  try {
+    const { code, state } = req.query
+    const result = await fetch(OAUTH_OPTIONS.URL, {
+      method: 'POST',
+      headers: { Accept: 'application/json', 'Content-Type': 'application/json' },
+      body: JSON.stringify({ client_id: OAUTH_OPTIONS.CLIENT_ID, client_secret: OAUTH_OPTIONS.CLIENT_SECRET, code, state }),
+    })
+    const data = await result.json();
+    if (data.access_token) {
+      const resultUser = await fetch(OAUTH_OPTIONS.USER_URL, {
+        method: 'GET',
+        headers: { Authorization: `token ${data.access_token}`, },
+      })
+      const oauthUser = await resultUser.json();
+      const oauthId = oauthUser[OAUTH_OPTIONS.USER_ID] // github id, email
+  
+      const user = await authFns.findUser({ [OAUTH_OPTIONS.FIND_ID]: oauthId }) // match github id (or email?) with our user in our application
+      if (!user) return res.status(401).json({ message: 'Unauthorized' })
+  
+      const { id, groups } = user
+      const tokens = await createToken({ id, groups })
+      setTokensToHeader(res, tokens)
+      return res.redirect(OAUTH_OPTIONS.CALLBACK + '#' + tokens.access_token + ';' + tokens.refresh_token + ';' + JSON.stringify(tokens.user_meta)) // use url fragment...
+    }
+    return res.status(401).json({ message: 'Missing Token' })    
+  } catch (e) {
+    console.error('github auth err', e)
+    return AUTH_ERROR_URL ? res.redirect(AUTH_ERROR_URL) : res.status(401).json({ error: 'NOT Authenticated' })
+  }
+}

package/express/controller/auth/oidc.js

@@ -0,0 +1,87 @@
+import jwt from 'jsonwebtoken'
+import { createToken, setTokensToHeader } from '../../../auth/index.js'
+
+const { AUTH_ERROR_URL } = process.env
+const OIDC_OPTIONS = JSON.parse(process.env.OIDC_OPTIONS || null) || {}
+
+const AUTH_URL = OIDC_OPTIONS ? `${OIDC_OPTIONS.URL}/auth?` : ''
+const TOKEN_URL = OIDC_OPTIONS ? `${OIDC_OPTIONS.URL}/token` : ''
+
+// payload.append('client_secret', OIDC_OPTIONS.CLIENT_SECRET) // if keycloak client access type is confidential
+
+// TBD - verify endpoint for keycloak
+// https://stackoverflow.com/questions/48274251/keycloak-access-token-validation-end-point
+// curl --location --request POST 'https://HOST_KEYCLOAK/realms/master/protocol/openid-connect/token/introspect' \
+// --header 'Content-Type: application/x-www-form-urlencoded' \
+// --data-urlencode 'client_id=oficina-virtual' \
+// --data-urlencode 'client_secret=4ZeE2v' \
+// --data-urlencode 
+
+// GET /login
+export const login = async (req, res) => {
+  // &scope=openid%20offline_access // get id token and refresh token
+  // &redirect_uri=ourApp%3A%2Fcallback
+  // &state=237c671a-29d7-11eb-adc1-0242ac120002
+  const payload = new URLSearchParams()
+  payload.append('response_type', 'code')
+  payload.append('client_id', OIDC_OPTIONS.CLIENT_ID)
+  if (OIDC_OPTIONS.CLIENT_SECRET) payload.append('client_secret', OIDC_OPTIONS.CLIENT_SECRET)
+  // payload.append('redirect_uri', 'http://127.0.0.1:3000/api/oidc/auth')
+  // payload.append('state', 'c45566104a3c7676c1cb92c33b19ab9bd91180c6')
+  res.redirect(AUTH_URL + payload.toString())
+}
+ 
+// GET /auth
+// grant_type=authorization_code for now
+export const auth = async (req, res) => { // callback
+  try {
+    const { code, session_state } = req.query
+    let payload = `grant_type=authorization_code&code=${code}`
+      + `&redirect_uri=${OIDC_OPTIONS.CALLBACK}&client_id=${OIDC_OPTIONS.CLIENT_ID}`
+    if (OIDC_OPTIONS.CLIENT_SECRET) payload += `&client_secret=${OIDC_OPTIONS.CLIENT_SECRET}`
+    // add offline_access to get refresh token
+    const result = await fetch(TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Accept': 'application/json',
+        'Content-Type': 'application/x-www-form-urlencoded'
+      },
+      body: payload,
+    })
+    const data = await result.json();
+    let { access_token, refresh_token, ...user_meta } = data
+    if (OIDC_OPTIONS.REISSUE) {
+      const user = jwt.decode(access_token)
+      user.id = user[OIDC_OPTIONS.ID_NAME]
+      user.groups = user.resource_access.account.roles.join(',')
+      // TODO able to detect revoked?
+      const tokens = await createToken(user)
+      access_token = tokens.access_token
+      refresh_token = tokens.refresh_token
+    }
+    return res.redirect(OIDC_OPTIONS.CALLBACK + '#' + access_token + ';' + refresh_token + ';' + JSON.stringify(user_meta))
+  } catch (e) {
+    console.log(e)
+    return AUTH_ERROR_URL ? res.redirect(AUTH_ERROR_URL) : res.status(401).json({ error: 'NOT Authenticated' })
+  }
+}
+
+// GET /refresh
+export const refresh = async (req, res) => {
+  const headers = { 'Content-Type': 'application/x-www-form-urlencoded' }
+  const payload = new URLSearchParams()
+  payload.append('grant_type', 'refresh_token')
+  payload.append('refresh_token', req.cookies?.refresh_token || req.header('refresh_token') || req.query?.refresh_token)
+  payload.append('client_id', OIDC_OPTIONS.CLIENT_ID)
+  // add offline_access to get refresh token
+  const result = await fetch(TOKEN_URL, {
+    method: 'POST',
+    headers: { 'Accept': 'application/json', 'Content-Type': 'application/json', ...headers },
+    body: JSON.stringify(payload),
+  })
+  const data = await result.json();
+  const { access_token, refresh_token } = data
+  const tokens = { access_token, refresh_token }
+  setTokensToHeader(res, tokens)
+  res.json(tokens)
+}

package/express/controller/auth/own.js

@@ -0,0 +1,100 @@
+// own authentication
+import jwt from 'jsonwebtoken'
+import bcrypt from 'bcryptjs'
+import * as otplib from 'otplib';
+// import { authenticator } from 'otplib/authenticator';
+
+import { getSecret, createToken, setTokensToHeader, authFns } from '../../../auth/index.js'
+const {
+  COOKIE_HTTPONLY,
+  AUTH_USER_FIELD_LOGIN,
+  AUTH_USER_FIELD_PASSWORD,
+  AUTH_USER_FIELD_GAKEY,
+  AUTH_USER_FIELD_ID_FOR_JWT,
+  JWT_REFRESH_STORE,
+  USE_OTP,
+  JWT_ALG
+} = process.env
+
+const logout = async (req, res) => {
+  let id = null
+  try {
+    let access_token = null
+    let tmp = req.cookies?.Authorization || req.header('Authorization') || req.query?.Authorization
+    access_token = tmp.split(' ')[1]
+    const result = jwt.decode(access_token)
+    id = result.id
+    jwt.verify(access_token, getSecret('verify', 'access'), { algorithm: [JWT_ALG] }) // throw if expired or invalid
+  } catch (e) {
+    if (e.name !== 'TokenExpiredError') id = null
+  }
+  try {
+    if (id) {
+      await authFns.revokeRefreshToken(id) // clear
+      if (COOKIE_HTTPONLY) {
+        res.clearCookie('refresh_token')
+        res.clearCookie('Authorization')
+      }  
+      return res.status(200).json({ message: 'Logged Out' })  
+    }
+  } catch (e) { }
+  return res.status(500).json()  
+}
+
+const refresh = async (req, res) => {
+  // refresh logic all done in authUser
+  return res.status(401).json({ message: 'Error token revoked' })
+}
+
+
+const login = async (req, res) => {
+  try {
+    const user = await authFns.findUser({
+      [AUTH_USER_FIELD_LOGIN]: req.body[AUTH_USER_FIELD_LOGIN]
+    })
+    const password = req.body[AUTH_USER_FIELD_PASSWORD]
+    if (!user) return res.status(401).json({ message: 'Incorrect credentials...' })
+    if (!bcrypt.compareSync(password, user[AUTH_USER_FIELD_PASSWORD])) return res.status(401).json({ message: 'Incorrect credentials' })
+    if (user.revoked) return res.status(401).json({ message: 'Revoked credentials' })
+    const id = user[AUTH_USER_FIELD_ID_FOR_JWT]
+    if (!id) return res.status(401).json({ message: 'Authorization Format Error' })
+    if (USE_OTP) {
+      // Currently supports only Google Authenticator
+      // Fido2 can be added in future
+      return res.status(200).json({ otp: id })
+    }
+    const tokens = await createToken(user) // 5 minute expire for login
+    setTokensToHeader(res, tokens)
+    return res.status(200).json(tokens)
+  } catch (e) {
+    console.log('login err', e.toString())
+  }
+  return res.status(500).json()  
+}
+
+const otp = async (req, res) => { // need to be authentication, body { id: '', pin: '123456' }
+  try {
+    const { id, pin } = req.body
+    const user = await authFns.findUser({ id })
+    if (user) {
+      const gaKey = user[AUTH_USER_FIELD_GAKEY]
+      // if (USE_OTP !== 'TEST' ? otplib.authenticator.check(pin, gaKey) : String(pin) === '111111') { // NOTE: expiry will be determined by authenticator itself
+      if (USE_OTP !== 'TEST' ? authenticator.check(pin, gaKey) : String(pin) === '111111') { // NOTE: expiry will be determined by authenticator itself
+        const tokens = await createToken(user)
+        setTokensToHeader(res, tokens)
+        return res.status(200).json(tokens)
+      } else {
+        return res.status(401).json({ message: 'Error token wrong pin' })
+      }
+    }
+  } catch (e) { console.log('otp err', e.toString()) }
+  return res.status(401).json({ message: 'Error token revoked' })
+}
+
+
+export {
+  logout,
+  refresh,
+  login,
+  otp,
+}

package/express/controller/auth/saml.js

@@ -0,0 +1,74 @@
+// working SAML ADFS example
+// no refresh token, issue own OAuth2 like JWT server
+
+import { SAML } from '@node-saml/node-saml'
+import { createToken, setTokensToHeader } from '../../../auth/index.js'
+
+const { SAML_OPTIONS, SAML_JWT_MAP, SAML_CERTIFICATE, SAML_PRIVATE_KEY, AUTH_ERROR_URL } = process.env
+const samlJwtMap = JSON.parse(SAML_JWT_MAP || null)
+const samlOptions = JSON.parse(SAML_OPTIONS || null)
+
+if (samlOptions) {
+  if (SAML_CERTIFICATE) samlOptions.privateCert = SAML_CERTIFICATE
+  if (SAML_PRIVATE_KEY) {
+    samlOptions.privateKey = SAML_PRIVATE_KEY
+    samlOptions.decryptionPvk = SAML_PRIVATE_KEY
+  }
+}
+
+const saml = samlOptions ? new SAML(samlOptions) : null
+
+// /login
+export const login = async (req, res) => {
+  // return res.redirect('/' + token...) // for faking, bypass real callback
+  // console.debug(req.header('referer'), req.query.RelayState)
+  // getAuthorizeUrlAsync(RelayState: string, host: string | undefined, options: AuthOptions)
+  const authUrl = await saml?.getAuthorizeUrlAsync(req.query.RelayState) // validatePostResponseAsync (calls..., processValidlySignedPostRequestAsync)
+  res.redirect(authUrl);
+}
+
+// POST /callback
+export const auth = async (req, res) => {
+  try {
+    const parsedResponse = await saml?.validatePostResponseAsync(req.body)
+
+    // TEST
+    // console.log(typeof parsedResponse, parsedResponse)
+    // res.json({ message: 'testing node-saml ok', parsedResponse })
+
+    // Callback
+    try {
+      const TO = req.body.RelayState
+      const authenticated = !parsedResponse.loggedOut
+      const user = {
+        id: parsedResponse.profile[samlJwtMap.id], // id: req.user.nameID, // string
+        groups: parsedResponse.profile[samlJwtMap.groups], // groups: req.user.Role, // comma seperated string or array or object...
+      }
+      if (!TO) {
+        // if no RelayState, then it is a test
+        return res.status(200).json({
+          authenticated,
+          user
+        })
+      }
+      // console.log(TO, user, authenticated, samlJwtMap, parsedResponse['Role'])
+      if (authenticated) {
+        const tokens = await createToken(user)
+        setTokensToHeader(res, tokens)
+        return res.redirect(TO + '#' + tokens.access_token + ';' + tokens.refresh_token + ';' + JSON.stringify(tokens.user_meta)) // use url fragment...
+      } else {
+        return AUTH_ERROR_URL ? res.redirect(AUTH_ERROR_URL) : res.status(401).json({ error: 'NOT Authenticated' })
+      }
+    } catch (e) {
+    //   return AUTH_ERROR_URL ? res.redirect(AUTH_ERROR_URL) : res.status(500).json({ error: e.toString() })
+    }
+  } catch (e) {
+    console.log('SAML callback error', e)
+    res.json({
+      message: e.toString(),
+      note: 'Currently it always triggers invalid document signature fix is on the way'
+    })
+  }
+  res.send("ok");
+}
+

package/express/upload.js

@@ -0,0 +1,48 @@
+// import path from 'path'
+// path.extname('index.html')
+// returns '.html'
+// req.file / req.files[index]
+// {
+//   fieldname: 'kycfile',
+//   originalname: 'todo.txt',
+//   encoding: '7bit',
+//   mimetype: 'text/plain',
+//   destination: 'uploads/',
+//   filename: 'kycfile-1582238409067',
+//   path: 'uploads\\kycfile-1582238409067',
+//   size: 110
+// }
+
+import multer from 'multer'
+
+const memoryUpload = (options) => multer( Object.assign({
+  storage: multer.memoryStorage(),
+  limits: { files: 1, fileSize: 500000 }
+}, options) )
+
+// TBD
+
+const storageUpload = ({ folder, options }) => {
+  // validate binary file type... using npm file-type?
+  // https://dev.to/ayanabilothman/file-type-validation-in-multer-is-not-safe-3h8l
+  // const fileFilter = (req, file, cb) => {
+  //   if (['image/png', 'image/jpeg'].includes(file.mimetype)) {
+  //     cb(null, true);
+  //   } else {
+  //     cb(new Error('Invalid file type!'), false)
+  //   }
+  // }
+  return multer(Object.assign({
+    storage: multer.diskStorage({
+      // fileFilter
+      destination: (req, file, cb) => cb(null, folder),
+      filename: (req, file, cb) => cb(null, file.originalname) // file.fieldname, file.originalname
+    }),
+    limits: { files: 1, fileSize: 8000000 }
+  }, options))
+}
+
+export {
+  memoryUpload,
+  storageUpload,
+}

package/index.js

@@ -0,0 +1 @@
+// placeholder

package/iso/README.md

@@ -0,0 +1,4 @@
+## Isomorphic Javascript
+
+contains Javascript code that is useful for both Frontend And Backend
+

package/iso/__tests__/csv-utils.spec.js

@@ -0,0 +1,128 @@
+import assert from 'node:assert/strict';
+import { describe, it } from 'node:test';
+
+import {
+  arrayToCSVRow,
+  jsonToCSVHeader,
+  jsonToCSVRow,
+  jsonToCsv,
+  parseAndValidateCsv,
+  csvToJson,
+} from '../csv-utils.js';
+
+describe.skip('csv-utils.js', () => {
+  describe('arrayToCSVRow', () => {
+    it('should convert array of primitives to CSV row', () => {
+      assert.strictEqual(arrayToCSVRow([1, 'a', true]), '1,a,true');
+    });
+
+    it('should escape commas, quotes, and newlines in strings', () => {
+      assert.strictEqual(arrayToCSVRow(['a,b', 'c"d', 'e\nf']), '"a,b","c""d","e\nf"');
+    });
+
+    it('should stringify and escape objects', () => {
+      assert.strictEqual(arrayToCSVRow([{ x: 1, y: 'z' }]), '"{""x"":1,""y"":""z""}"');
+    });
+
+    it('should handle null and undefined as empty fields', () => {
+      assert.strictEqual(arrayToCSVRow([null, undefined, 'foo']), ',,foo');
+    });
+  });
+
+  describe('jsonToCSVHeader', () => {
+    it('should convert object keys to CSV header', () => {
+      assert.strictEqual(jsonToCSVHeader({ a: 1, b: 2 }), 'a,b');
+    });
+  });
+
+  describe('jsonToCSVRow', () => {
+    it('should convert object values to CSV row', () => {
+      assert.strictEqual(jsonToCSVRow({ a: 1, b: 'foo' }), '1,foo');
+    });
+
+    it('should escape values as needed', () => {
+      assert.strictEqual(jsonToCSVRow({ a: 'a,b', b: 'c"d' }), '"a,b","c""d"');
+    });
+  });
+
+  describe('jsonToCsv', () => {
+    it('should convert array of objects to CSV', () => {
+      const arr = [
+        { a: 1, b: 'foo' },
+        { a: 2, b: 'bar' },
+      ];
+      assert.strictEqual(jsonToCsv(arr, ',', '\n', true), 'a,b\n1,foo\n2,bar\n');
+    });
+
+    it('should throw on column mismatch unless ignoreColumnMismatch is true', () => {
+      const arr = [
+        { a: 1, b: 'foo' },
+        { a: 2 },
+      ];
+      assert.throws(() => jsonToCsv(arr));
+      assert.doesNotThrow(() => jsonToCsv(arr, ',', '\n', true));
+    });
+
+    it('should not add missing columns when ignoreColumnMismatch is true', () => {
+      const arr = [
+        { a: 1, b: 'foo' },
+        { a: 2 },
+      ];
+      assert.strictEqual(jsonToCsv(arr, ',', '\n', true), 'a,b\n1,foo\n2\n');
+    });
+  });
+
+  describe('csvToJson', () => {
+    it('should convert CSV to JSON array of objects', () => {
+      const csv = 'a,b\n1,foo\n2,bar\n';
+      const result = csvToJson({ _text: csv });
+      assert.deepStrictEqual(result, [
+        { a: '1', b: 'foo' },
+        { a: '2', b: 'bar' }
+      ]);
+    });
+
+    it('should handle quoted fields with commas and newlines', () => {
+      const csv = 'a,b\n1,"hello, world"\n2,"line1\nline2"\n';
+      const result = csvToJson({ _text: csv });
+      assert.strictEqual(result[0].b, 'hello, world');
+      assert.strictEqual(result[1].b, 'line1\nline2');
+    });
+
+    it('should throw on column mismatch unless ignoreColumnMismatch is true', () => {
+      const csv = 'a,b\n1,2,3\n';
+      assert.throws(() => csvToJson({ _text: csv }));
+      assert.doesNotThrow(() => csvToJson({ _text: csv, ignoreColumnMismatch: true }));
+    });
+  });
+
+  describe('parseAndValidateCsv', () => {
+    it('should validate well-formed CSV', () => {
+      const csv = 'a,b\n1,2\n3,4\n';
+      const result = parseAndValidateCsv(csv);
+      assert.strictEqual(result.valid, true);
+      assert.deepStrictEqual(result.rows, [['a', 'b'], ['1', '2'], ['3', '4']]);
+    });
+
+    it('should detect unclosed quotes', () => {
+      const csv = 'a,b\n"1,2\n3,4\n';
+      const result = parseAndValidateCsv(csv);
+      assert.strictEqual(result.valid, false);
+      assert.match(result.reason, /Unclosed quoted field/);
+    });
+
+    it('should detect corrupted JSON in fields', () => {
+      const csv = 'a,b\n{"x":1},[1,2\n';
+      const result = parseAndValidateCsv(csv);
+      assert.strictEqual(result.valid, false);
+      assert.match(result.reason, /Corrupted JSON/);
+    });
+
+    it('should validate JSON data', () => {
+      const csv = 'a,b\n1,"{ ""aa"": ""123"" }"\n';
+      const result = parseAndValidateCsv(csv);
+      assert.strictEqual(result.valid, true);
+      assert.deepStrictEqual(result.rows, [['a', 'b'], ['1', '{ "aa": "123" }']]);
+    });
+  });
+});

package/iso/__tests__/datetime.spec.js

@@ -0,0 +1,101 @@
+import assert from 'node:assert/strict';
+import { describe, it } from 'node:test';
+import {
+  dateStrAddDay,
+  dateStrAddDayISO,
+  getLocaleDateTimeTzISO,
+  getLocaleDateISO,
+  getLocaleTimeISO,
+  getTzOffsetISO,
+  getYmdhmsUtc,
+  getDayOfWeek
+} from '../datetime.js';
+
+describe.skip('datetime.js', () => {
+  describe('dateStrAddDay', () => {
+    it('should add days to ISO date string and return [YYYY, MM, DD]', () => {
+      const result = dateStrAddDay('2023-01-01T00:00:00Z', 2);
+      assert.deepStrictEqual(result, ['2023', '01', '03']);
+    });
+    it('should default to 0 days', () => {
+      const result = dateStrAddDay('2023-01-01T00:00:00Z');
+      assert.deepStrictEqual(result, ['2023', '01', '01']);
+    });
+  });
+
+  describe('dateStrAddDayISO', () => {
+    it('should add days and return ISO string', () => {
+      const result = dateStrAddDayISO('2023-01-01T00:00:00Z', 1);
+      assert.ok(result.startsWith('2023-01-02'));
+    });
+    it('should default to 0 days', () => {
+      const result = dateStrAddDayISO('2023-01-01T00:00:00Z');
+      assert.ok(result.startsWith('2023-01-01'));
+    });
+  });
+
+  describe('getLocaleDateTimeTzISO', () => {
+    it('should return formatted date-time with timezone', () => {
+      const dt = '2023-10-24T11:40:15Z';
+      const tz = 'Asia/Singapore';
+      const result = getLocaleDateTimeTzISO(dt, tz);
+      assert.match(result, /\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} GMT\+8/);
+    });
+  });
+
+  describe('getLocaleDateISO', () => {
+    it('should return local date in ISO format', () => {
+      const dt = '2023-10-24T11:40:15Z';
+      const tz = 'Asia/Singapore';
+      const result = getLocaleDateISO(dt, tz);
+      assert.match(result, /\d{4}-\d{2}-\d{2}/);
+    });
+  });
+
+  describe('getLocaleTimeISO', () => {
+    it('should return local time in ISO format', () => {
+      const dt = '2023-10-24T11:40:15Z';
+      const tz = 'Asia/Singapore';
+      const result = getLocaleTimeISO(dt, tz);
+      assert.match(result, /\d{2}:\d{2}:\d{2}/);
+    });
+  });
+
+  describe('getTzOffsetISO', () => {
+    it('should return timezone offset in ISO format', () => {
+      const date = new Date('2023-01-01T00:00:00Z');
+      const result = getTzOffsetISO(date);
+      assert.match(result, /^[+-]\d{2}:\d{2}$/);
+    });
+    it('should default to current date', () => {
+      const result = getTzOffsetISO();
+      assert.match(result, /^[+-]\d{2}:\d{2}$/);
+    });
+  });
+
+  describe('getYmdhmsUtc', () => {
+    it('should return UTC timestamp in YYYYMMDD_HHmmssZ format', () => {
+      const date = new Date('2023-01-01T12:34:56Z');
+      const result = getYmdhmsUtc(date);
+      assert.strictEqual(result, '20230101_123456Z');
+    });
+    it('should default to current date', () => {
+      const result = getYmdhmsUtc();
+      assert.match(result, /\d{8}_\d{6}Z/);
+    });
+  });
+
+  describe('getDayOfWeek', () => {
+    it('should return correct day index for UTC', () => {
+      const date = '2023-01-01T00:00:00Z'; // Sunday
+      const result = getDayOfWeek(date);
+      assert.strictEqual(result, 0);
+    });
+    it('should return correct day index for timezone', () => {
+      const date = '2023-01-01T00:00:00Z';
+      const tz = 'Asia/Singapore';
+      const result = getDayOfWeek(date, tz);
+      assert.ok(result >= 0 && result <= 6);
+    });
+  });
+});