npm - @etus/bhono-app - Versions diffs - 0.1.5 → 0.1.6 - Mend

@etus/bhono-app 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

package/templates/base/tests/unit/server/services/audits.test.ts ADDED Viewed

@@ -0,0 +1,141 @@
+// src/server/services/__tests__/audits.test.ts
+import { describe, it, expect, vi, beforeEach, type Mock } from 'vitest'
+import { auditsService, type AuditLogFilters } from '@server/services/audits'
+import type { ServiceContext, AuditLog } from '@server/types'
+import { createUserFixture, createSuperAdminFixture } from '@tests/fixtures/server'
+vi.mock('@server/db/sql', () => ({
+  queryOne: vi.fn(),
+  queryAll: vi.fn(),
+}))
+import { queryOne, queryAll } from '@server/db/sql'
+const db = {} as D1Database
+function createMockContext(overrides: Partial<ServiceContext> = {}): ServiceContext {
+  const user = createUserFixture({
+    id: 'ctx-user-123',
+    email: 'user@test.com',
+    name: 'Test User',
+  })
+  return {
+    accountId: 'account-123',
+    user,
+    userRole: 'ADMIN',
+    transactionId: 'tx-123',
+    ip: '127.0.0.1',
+    userAgent: 'TestAgent/1.0',
+    ...overrides,
+  }
+}
+function createSuperAdminContext(overrides: Partial<ServiceContext> = {}): ServiceContext {
+  const user = createSuperAdminFixture({
+    id: 'super-admin-123',
+    email: 'superadmin@test.com',
+    name: 'Super Admin',
+  })
+  return {
+    accountId: 'account-123',
+    user,
+    userRole: 'ADMIN',
+    transactionId: 'tx-123',
+    ip: '127.0.0.1',
+    userAgent: 'TestAgent/1.0',
+    ...overrides,
+  }
+}
+function createMockAuditLog(overrides: Partial<AuditLog> = {}): AuditLog {
+  return {
+    id: 'log-1',
+    transactionId: 'tx-1',
+    accountId: 'account-123',
+    userId: 'user-123',
+    entity: 'user',
+    entityId: 'user-456',
+    action: 'INSERT',
+    changes: { name: 'New Name' },
+    ipAddress: '127.0.0.1',
+    userAgent: 'TestAgent',
+    timestamp: '2025-01-01T00:00:00Z',
+    ...overrides,
+  }
+}
+describe('auditsService', () => {
+  let ctx: ServiceContext
+  let superAdminCtx: ServiceContext
+  beforeEach(() => {
+    vi.clearAllMocks()
+    ctx = createMockContext()
+    superAdminCtx = createSuperAdminContext()
+  })
+  describe('findAll', () => {
+    const defaultFilters: AuditLogFilters = { page: 1, limit: 10 }
+    it('should return paginated audit logs with correct meta', async () => {
+      const mockLogs = [
+        createMockAuditLog({ id: 'log-1', entity: 'user', action: 'INSERT' }),
+        createMockAuditLog({ id: 'log-2', entity: 'account', action: 'UPDATE' }),
+      ]
+      ;(queryOne as Mock).mockResolvedValueOnce({ count: 2 })
+      ;(queryAll as Mock).mockResolvedValueOnce(mockLogs.map((log) => ({
+        id: log.id,
+        transactionId: log.transactionId,
+        accountId: log.accountId,
+        userId: log.userId,
+        entity: log.entity,
+        entityId: log.entityId,
+        action: log.action,
+        changes: JSON.stringify(log.changes),
+        ipAddress: log.ipAddress,
+        userAgent: log.userAgent,
+        timestamp: log.timestamp,
+      })))
+      const result = await auditsService.findAll(db, superAdminCtx, defaultFilters)
+      expect(result.data).toHaveLength(2)
+      expect(result.meta.totalItems).toBe(2)
+    })
+    it('should include account filter for non-super-admin', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({ count: 0 })
+      ;(queryAll as Mock).mockResolvedValueOnce([])
+      await auditsService.findAll(db, ctx, defaultFilters)
+      expect((queryOne as Mock).mock.calls[0][2]).toContain(ctx.accountId)
+    })
+    it('should filter by entity when provided', async () => {
+      const mockLogs = [createMockAuditLog({ id: 'log-1', entity: 'user' })]
+      ;(queryOne as Mock).mockResolvedValueOnce({ count: 1 })
+      ;(queryAll as Mock).mockResolvedValueOnce(mockLogs.map((log) => ({
+        id: log.id,
+        transactionId: log.transactionId,
+        accountId: log.accountId,
+        userId: log.userId,
+        entity: log.entity,
+        entityId: log.entityId,
+        action: log.action,
+        changes: JSON.stringify(log.changes),
+        ipAddress: log.ipAddress,
+        userAgent: log.userAgent,
+        timestamp: log.timestamp,
+      })))
+      const result = await auditsService.findAll(db, superAdminCtx, { ...defaultFilters, entity: 'user' })
+      expect(result.data).toHaveLength(1)
+    })
+  })
+})

package/templates/base/tests/unit/server/services/auth.test.ts ADDED Viewed

@@ -0,0 +1,179 @@
+// src/server/services/__tests__/auth.test.ts
+import { describe, it, expect, vi, beforeEach, type Mock } from 'vitest'
+import { authService } from '@server/services/auth'
+import type { GoogleUserInfo } from '@server/types/auth'
+import { UnauthorizedError } from '@server/lib/errors'
+vi.mock('@server/lib/tokens', () => ({
+  createAccessToken: vi.fn().mockResolvedValue('mock-access-token'),
+  generateRefreshToken: vi.fn().mockReturnValue('mock-refresh-token'),
+  hashToken: vi.fn().mockResolvedValue('hashed-token'),
+  getRefreshTokenExpiry: vi.fn().mockReturnValue(new Date('2025-01-07T00:00:00Z')),
+}))
+vi.mock('@server/lib/audit', () => ({
+  logAuthEvent: vi.fn().mockResolvedValue(),
+}))
+vi.mock('@server/db/sql', () => ({
+  queryOne: vi.fn(),
+  execute: vi.fn(),
+}))
+import { createAccessToken, generateRefreshToken, hashToken } from '@server/lib/tokens'
+import { logAuthEvent } from '@server/lib/audit'
+import { queryOne, execute } from '@server/db/sql'
+const db = {} as D1Database
+function createMockEnv() {
+  return {
+    APP_URL: 'http://localhost:8787',
+    JWT_SECRET: 'secret',
+    JWT_EXPIRY_MINUTES: '15',
+    GOOGLE_CLIENT_ID: 'id',
+    GOOGLE_CLIENT_SECRET: 'secret',
+    GOOGLE_REDIRECT_URI: 'http://localhost:8787',
+    REFRESH_TOKEN_EXPIRY_DAYS: '30',
+    SENDGRID_API_KEY: 'key',
+    SENDGRID_FROM_EMAIL: 'test@example.com',
+    ENVIRONMENT: 'test',
+  } as any
+}
+const mockAuthContext = {
+  transactionId: 'test-transaction-id',
+  ip: '127.0.0.1',
+  userAgent: 'IntegrationTest/1.0',
+}
+describe('authService', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+  describe('findOrCreateUser', () => {
+    it('should create a new user on first OAuth login', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'new_google_sub_123',
+        email: 'newuser@gmail.com',
+        email_verified: true,
+        name: 'New Google User',
+        picture: 'https://example.com/avatar.jpg',
+        given_name: 'New',
+        family_name: 'User',
+      }
+      const userRow = {
+        id: 'user-123',
+        googleId: googleUser.sub,
+        email: googleUser.email,
+        name: googleUser.name,
+        avatarUrl: googleUser.picture,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(userRow)
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+      expect(result.isNewUser).toBe(true)
+      expect(result.user.email).toBe(googleUser.email)
+      expect(createAccessToken).toHaveBeenCalled()
+      expect(generateRefreshToken).toHaveBeenCalled()
+      expect(hashToken).toHaveBeenCalled()
+      expect(execute).toHaveBeenCalled()
+      expect(logAuthEvent).toHaveBeenCalled()
+    })
+    it('should return existing user on subsequent OAuth login', async () => {
+      const env = createMockEnv()
+      const googleUser: GoogleUserInfo = {
+        sub: 'existing_sub_456',
+        email: 'existing@gmail.com',
+        email_verified: true,
+        name: 'Existing User',
+        picture: null,
+        given_name: 'Existing',
+        family_name: 'User',
+      }
+      const userRow = {
+        id: 'user-456',
+        googleId: googleUser.sub,
+        email: googleUser.email,
+        name: googleUser.name,
+        avatarUrl: null,
+        status: 'active',
+        providerIds: JSON.stringify(['google']),
+        isSuperAdmin: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        deletedAt: null,
+      }
+      ;(queryOne as Mock).mockResolvedValueOnce(userRow)
+      const result = await authService.findOrCreateUser(db, env, googleUser, mockAuthContext)
+      expect(result.isNewUser).toBe(false)
+      expect(result.user.id).toBe('user-456')
+      expect(execute).toHaveBeenCalled()
+    })
+  })
+  describe('refreshAccessToken', () => {
+    it('should return a new access token when refresh token is valid', async () => {
+      const env = createMockEnv()
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce({ id: 'token-1', userId: 'user-1', tokenHash: 'hashed-token' })
+        .mockResolvedValueOnce({
+          id: 'user-1',
+          googleId: 'google-1',
+          email: 'user@example.com',
+          name: 'User',
+          avatarUrl: null,
+          status: 'active',
+          providerIds: JSON.stringify(['google']),
+          isSuperAdmin: 0,
+          createdAt: new Date().toISOString(),
+          updatedAt: new Date().toISOString(),
+          deletedAt: null,
+        })
+      const result = await authService.refreshAccessToken(db, env, 'refresh-token', mockAuthContext)
+      expect(result.accessToken).toBe('mock-access-token')
+      expect(logAuthEvent).toHaveBeenCalled()
+    })
+    it('should throw for invalid refresh token', async () => {
+      const env = createMockEnv()
+      ;(queryOne as Mock).mockResolvedValueOnce(null)
+      await expect(
+        authService.refreshAccessToken(db, env, 'invalid-token', mockAuthContext)
+      ).rejects.toThrow(UnauthorizedError)
+    })
+  })
+  describe('revokeRefreshToken', () => {
+    it('should revoke refresh token and log logout', async () => {
+      const env = createMockEnv()
+      await authService.revokeRefreshToken(db, 'refresh-token', mockAuthContext, 'user-1')
+      expect(execute).toHaveBeenCalled()
+      expect(logAuthEvent).toHaveBeenCalled()
+    })
+  })
+})

package/templates/base/tests/unit/server/services/invitations.test.ts ADDED Viewed

@@ -0,0 +1,165 @@
+// src/server/services/__tests__/invitations.test.ts
+import { describe, it, expect, vi, beforeEach, type Mock } from 'vitest'
+import { invitationsService } from '@server/services/invitations'
+import type { ServiceContext } from '@server/types'
+import { createUserFixture, createAccountFixture } from '@tests/fixtures/server'
+import { ConflictError, NotFoundError } from '@server/lib/errors'
+vi.mock('@server/lib/email', () => ({
+  sendInvitationEmail: vi.fn(),
+}))
+vi.mock('@server/lib/audit', () => ({
+  logAuthEvent: vi.fn(),
+}))
+vi.mock('@server/db/sql', () => ({
+  queryOne: vi.fn(),
+  queryAll: vi.fn(),
+  execute: vi.fn(),
+}))
+import { sendInvitationEmail } from '@server/lib/email'
+import { logAuthEvent } from '@server/lib/audit'
+import { queryOne, queryAll, execute } from '@server/db/sql'
+const db = {} as D1Database
+function createMockContext(overrides: Partial<ServiceContext> = {}): ServiceContext {
+  const user = createUserFixture({
+    id: 'ctx-user-123',
+    email: 'context@example.com',
+    name: 'Context User',
+  })
+  return {
+    accountId: 'account-123',
+    user,
+    userRole: 'ADMIN',
+    transactionId: 'tx-123',
+    ip: '127.0.0.1',
+    userAgent: 'TestAgent/1.0',
+    ...overrides,
+  }
+}
+function createMockEnv() {
+  return {
+    APP_URL: 'http://localhost:8787',
+    SENDGRID_API_KEY: 'test',
+    SENDGRID_FROM_EMAIL: 'test@example.com',
+  } as any
+}
+describe('invitationsService', () => {
+  let ctx: ServiceContext
+  beforeEach(() => {
+    vi.clearAllMocks()
+    ctx = createMockContext()
+  })
+  describe('create', () => {
+    it('should link existing user instead of creating invitation', async () => {
+      const env = createMockEnv()
+      const existingUser = createUserFixture({ id: 'user-1', email: 'user@example.com' })
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce({ id: existingUser.id, email: existingUser.email, name: existingUser.name })
+      const result = await invitationsService.create(db, env, ctx, {
+        email: existingUser.email,
+        role: 'VIEWER',
+      })
+      expect(result.linked).toBe(true)
+      expect(execute).toHaveBeenCalled()
+      expect(sendInvitationEmail).not.toHaveBeenCalled()
+    })
+    it('should create invitation when user not found', async () => {
+      const env = createMockEnv()
+      const account = createAccountFixture({ id: 'account-123', name: 'Account' })
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce({ name: account.name })
+      const result = await invitationsService.create(db, env, ctx, {
+        email: 'invite@example.com',
+        role: 'VIEWER',
+      })
+      expect(result.invited).toBe(true)
+      expect(sendInvitationEmail).toHaveBeenCalled()
+    })
+    it('should reject when pending invitation exists', async () => {
+      const env = createMockEnv()
+      ;(queryOne as Mock)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce({ id: 'inv-1' })
+      await expect(
+        invitationsService.create(db, env, ctx, {
+          email: 'invite@example.com',
+          role: 'VIEWER',
+        })
+      ).rejects.toThrow(ConflictError)
+    })
+  })
+  describe('list', () => {
+    it('should list invitations', async () => {
+      ;(queryAll as Mock).mockResolvedValueOnce([
+        {
+          id: 'inv-1',
+          email: 'invite@example.com',
+          role: 'VIEWER',
+          invitedById: 'user-1',
+          inviterName: 'Inviter',
+          expiresAt: new Date().toISOString(),
+          createdAt: new Date().toISOString(),
+        },
+      ])
+      const result = await invitationsService.list(db, ctx)
+      expect(result).toHaveLength(1)
+    })
+  })
+  describe('revoke', () => {
+    it('should revoke existing invitation', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({ id: 'inv-1' })
+      await invitationsService.revoke(db, ctx, 'inv-1')
+      expect(execute).toHaveBeenCalled()
+    })
+    it('should throw if invitation not found', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce(null)
+      await expect(invitationsService.revoke(db, ctx, 'inv-1')).rejects.toThrow(NotFoundError)
+    })
+  })
+  describe('accept', () => {
+    it('should accept invitation and log auth event', async () => {
+      ;(queryOne as Mock).mockResolvedValueOnce({ id: 'inv-1', accountId: 'account-123', role: 'VIEWER' })
+      await invitationsService.accept(db, 'inv-1', 'user-1', {
+        transactionId: 'tx',
+      })
+      expect(execute).toHaveBeenCalled()
+      expect(logAuthEvent).toHaveBeenCalled()
+    })
+  })
+})