npm - @furystack/rest-service - Versions diffs - 4.0.19 - Mend

@furystack/rest-service 4.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/LICENSE +339 -0
package/README.md +219 -0
package/dist/actions/error-action.d.ts +14 -0
package/dist/actions/error-action.d.ts.map +1 -0
package/dist/actions/error-action.js +29 -0
package/dist/actions/error-action.js.map +1 -0
package/dist/actions/error-action.spec.d.ts +2 -0
package/dist/actions/error-action.spec.d.ts.map +1 -0
package/dist/actions/error-action.spec.js +51 -0
package/dist/actions/error-action.spec.js.map +1 -0
package/dist/actions/get-current-user.d.ts +11 -0
package/dist/actions/get-current-user.d.ts.map +1 -0
package/dist/actions/get-current-user.js +15 -0
package/dist/actions/get-current-user.js.map +1 -0
package/dist/actions/get-current-user.spec.d.ts +2 -0
package/dist/actions/get-current-user.spec.d.ts.map +1 -0
package/dist/actions/get-current-user.spec.js +20 -0
package/dist/actions/get-current-user.spec.js.map +1 -0
package/dist/actions/index.d.ts +7 -0
package/dist/actions/index.d.ts.map +1 -0
package/dist/actions/index.js +10 -0
package/dist/actions/index.js.map +1 -0
package/dist/actions/is-authenticated.d.ts +14 -0
package/dist/actions/is-authenticated.d.ts.map +1 -0
package/dist/actions/is-authenticated.js +17 -0
package/dist/actions/is-authenticated.js.map +1 -0
package/dist/actions/is-authenticated.spec.d.ts +2 -0
package/dist/actions/is-authenticated.spec.d.ts.map +1 -0
package/dist/actions/is-authenticated.spec.js +19 -0
package/dist/actions/is-authenticated.spec.js.map +1 -0
package/dist/actions/login-action.spec.d.ts +2 -0
package/dist/actions/login-action.spec.d.ts.map +1 -0
package/dist/actions/login-action.spec.js +35 -0
package/dist/actions/login-action.spec.js.map +1 -0
package/dist/actions/login.d.ts +16 -0
package/dist/actions/login.d.ts.map +1 -0
package/dist/actions/login.js +26 -0
package/dist/actions/login.js.map +1 -0
package/dist/actions/logout-action.spec.d.ts +2 -0
package/dist/actions/logout-action.spec.d.ts.map +1 -0
package/dist/actions/logout-action.spec.js +23 -0
package/dist/actions/logout-action.spec.js.map +1 -0
package/dist/actions/logout.d.ts +14 -0
package/dist/actions/logout.d.ts.map +1 -0
package/dist/actions/logout.js +20 -0
package/dist/actions/logout.js.map +1 -0
package/dist/actions/not-found-action.d.ts +10 -0
package/dist/actions/not-found-action.d.ts.map +1 -0
package/dist/actions/not-found-action.js +14 -0
package/dist/actions/not-found-action.js.map +1 -0
package/dist/actions/not-found-action.spec.d.ts +2 -0
package/dist/actions/not-found-action.spec.d.ts.map +1 -0
package/dist/actions/not-found-action.spec.js +17 -0
package/dist/actions/not-found-action.spec.js.map +1 -0
package/dist/add-cors-header.spec.d.ts +2 -0
package/dist/add-cors-header.spec.d.ts.map +1 -0
package/dist/add-cors-header.spec.js +99 -0
package/dist/add-cors-header.spec.js.map +1 -0
package/dist/api-manager.d.ts +61 -0
package/dist/api-manager.d.ts.map +1 -0
package/dist/api-manager.js +144 -0
package/dist/api-manager.js.map +1 -0
package/dist/authenticate.d.ts +5 -0
package/dist/authenticate.d.ts.map +1 -0
package/dist/authenticate.js +20 -0
package/dist/authenticate.js.map +1 -0
package/dist/authenticate.spec.d.ts +2 -0
package/dist/authenticate.spec.d.ts.map +1 -0
package/dist/authenticate.spec.js +59 -0
package/dist/authenticate.spec.js.map +1 -0
package/dist/authorize.d.ts +5 -0
package/dist/authorize.d.ts.map +1 -0
package/dist/authorize.js +22 -0
package/dist/authorize.js.map +1 -0
package/dist/authorize.spec.d.ts +2 -0
package/dist/authorize.spec.d.ts.map +1 -0
package/dist/authorize.spec.js +55 -0
package/dist/authorize.spec.js.map +1 -0
package/dist/endpoint-generators/create-delete-endpoint.d.ts +17 -0
package/dist/endpoint-generators/create-delete-endpoint.d.ts.map +1 -0
package/dist/endpoint-generators/create-delete-endpoint.js +24 -0
package/dist/endpoint-generators/create-delete-endpoint.js.map +1 -0
package/dist/endpoint-generators/create-delete-endpoint.spec.d.ts +2 -0
package/dist/endpoint-generators/create-delete-endpoint.spec.d.ts.map +1 -0
package/dist/endpoint-generators/create-delete-endpoint.spec.js +33 -0
package/dist/endpoint-generators/create-delete-endpoint.spec.js.map +1 -0
package/dist/endpoint-generators/create-get-collection-endpoint.d.ts +17 -0
package/dist/endpoint-generators/create-get-collection-endpoint.d.ts.map +1 -0
package/dist/endpoint-generators/create-get-collection-endpoint.js +26 -0
package/dist/endpoint-generators/create-get-collection-endpoint.js.map +1 -0
package/dist/endpoint-generators/create-get-collection-endpoint.spec.d.ts +2 -0
package/dist/endpoint-generators/create-get-collection-endpoint.spec.d.ts.map +1 -0
package/dist/endpoint-generators/create-get-collection-endpoint.spec.js +143 -0
package/dist/endpoint-generators/create-get-collection-endpoint.spec.js.map +1 -0
package/dist/endpoint-generators/create-get-entity-endpoint.d.ts +17 -0
package/dist/endpoint-generators/create-get-entity-endpoint.d.ts.map +1 -0
package/dist/endpoint-generators/create-get-entity-endpoint.js +29 -0
package/dist/endpoint-generators/create-get-entity-endpoint.js.map +1 -0
package/dist/endpoint-generators/create-get-entity-endpoint.spec.d.ts +2 -0
package/dist/endpoint-generators/create-get-entity-endpoint.spec.d.ts.map +1 -0
package/dist/endpoint-generators/create-get-entity-endpoint.spec.js +74 -0
package/dist/endpoint-generators/create-get-entity-endpoint.spec.js.map +1 -0
package/dist/endpoint-generators/create-patch-endpoint.d.ts +18 -0
package/dist/endpoint-generators/create-patch-endpoint.d.ts.map +1 -0
package/dist/endpoint-generators/create-patch-endpoint.js +26 -0
package/dist/endpoint-generators/create-patch-endpoint.js.map +1 -0
package/dist/endpoint-generators/create-patch-endpoint.spec.d.ts +2 -0
package/dist/endpoint-generators/create-patch-endpoint.spec.d.ts.map +1 -0
package/dist/endpoint-generators/create-patch-endpoint.spec.js +36 -0
package/dist/endpoint-generators/create-patch-endpoint.spec.js.map +1 -0
package/dist/endpoint-generators/create-post-endpoint.d.ts +18 -0
package/dist/endpoint-generators/create-post-endpoint.d.ts.map +1 -0
package/dist/endpoint-generators/create-post-endpoint.js +29 -0
package/dist/endpoint-generators/create-post-endpoint.js.map +1 -0
package/dist/endpoint-generators/create-post-endpoint.spec.d.ts +2 -0
package/dist/endpoint-generators/create-post-endpoint.spec.d.ts.map +1 -0
package/dist/endpoint-generators/create-post-endpoint.spec.js +34 -0
package/dist/endpoint-generators/create-post-endpoint.spec.js.map +1 -0
package/dist/endpoint-generators/index.d.ts +6 -0
package/dist/endpoint-generators/index.d.ts.map +1 -0
package/dist/endpoint-generators/index.js +9 -0
package/dist/endpoint-generators/index.js.map +1 -0
package/dist/endpoint-generators/utils.d.ts +9 -0
package/dist/endpoint-generators/utils.d.ts.map +1 -0
package/dist/endpoint-generators/utils.js +27 -0
package/dist/endpoint-generators/utils.js.map +1 -0
package/dist/http-authentication-settings.d.ts +17 -0
package/dist/http-authentication-settings.d.ts.map +1 -0
package/dist/http-authentication-settings.js +26 -0
package/dist/http-authentication-settings.js.map +1 -0
package/dist/http-user-context.d.ts +54 -0
package/dist/http-user-context.d.ts.map +1 -0
package/dist/http-user-context.js +153 -0
package/dist/http-user-context.js.map +1 -0
package/dist/http-user-context.spec.d.ts +4 -0
package/dist/http-user-context.spec.d.ts.map +1 -0
package/dist/http-user-context.spec.js +267 -0
package/dist/http-user-context.spec.js.map +1 -0
package/dist/incoming-message-extensions.d.ts +8 -0
package/dist/incoming-message-extensions.d.ts.map +1 -0
package/dist/incoming-message-extensions.js +14 -0
package/dist/incoming-message-extensions.js.map +1 -0
package/dist/incoming-message-extensions.spec.d.ts +2 -0
package/dist/incoming-message-extensions.spec.d.ts.map +1 -0
package/dist/incoming-message-extensions.spec.js +39 -0
package/dist/incoming-message-extensions.spec.js.map +1 -0
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/injector-extensions.d.ts +21 -0
package/dist/injector-extensions.d.ts.map +1 -0
package/dist/injector-extensions.js +14 -0
package/dist/injector-extensions.js.map +1 -0
package/dist/injector-extensions.spec.d.ts +2 -0
package/dist/injector-extensions.spec.d.ts.map +1 -0
package/dist/injector-extensions.spec.js +19 -0
package/dist/injector-extensions.spec.js.map +1 -0
package/dist/models/cors-options.d.ts +22 -0
package/dist/models/cors-options.d.ts.map +1 -0
package/dist/models/cors-options.js +3 -0
package/dist/models/cors-options.js.map +1 -0
package/dist/models/default-session.d.ts +14 -0
package/dist/models/default-session.d.ts.map +1 -0
package/dist/models/default-session.js +10 -0
package/dist/models/default-session.js.map +1 -0
package/dist/request-action-implementation.d.ts +54 -0
package/dist/request-action-implementation.d.ts.map +1 -0
package/dist/request-action-implementation.js +42 -0
package/dist/request-action-implementation.js.map +1 -0
package/dist/rest-service.integration.spec.d.ts +2 -0
package/dist/rest-service.integration.spec.d.ts.map +1 -0
package/dist/rest-service.integration.spec.js +129 -0
package/dist/rest-service.integration.spec.js.map +1 -0
package/dist/rest.integration.test.d.ts +58 -0
package/dist/rest.integration.test.d.ts.map +1 -0
package/dist/rest.integration.test.js +94 -0
package/dist/rest.integration.test.js.map +1 -0
package/dist/schema-validator/index.d.ts +3 -0
package/dist/schema-validator/index.d.ts.map +1 -0
package/dist/schema-validator/index.js +6 -0
package/dist/schema-validator/index.js.map +1 -0
package/dist/schema-validator/schema-validation-error.d.ts +10 -0
package/dist/schema-validator/schema-validation-error.d.ts.map +1 -0
package/dist/schema-validator/schema-validation-error.js +15 -0
package/dist/schema-validator/schema-validation-error.js.map +1 -0
package/dist/schema-validator/schema-validator.d.ts +20 -0
package/dist/schema-validator/schema-validator.d.ts.map +1 -0
package/dist/schema-validator/schema-validator.js +36 -0
package/dist/schema-validator/schema-validator.js.map +1 -0
package/dist/schema-validator/schema-validator.test.d.ts +2 -0
package/dist/schema-validator/schema-validator.test.d.ts.map +1 -0
package/dist/schema-validator/schema-validator.test.js +62 -0
package/dist/schema-validator/schema-validator.test.js.map +1 -0
package/dist/schema-validator/validate-examples.d.ts +37 -0
package/dist/schema-validator/validate-examples.d.ts.map +1 -0
package/dist/schema-validator/validate-examples.js +29 -0
package/dist/schema-validator/validate-examples.js.map +1 -0
package/dist/server-manager.d.ts +30 -0
package/dist/server-manager.d.ts.map +1 -0
package/dist/server-manager.js +71 -0
package/dist/server-manager.js.map +1 -0
package/dist/server-response-extensions.d.ts +21 -0
package/dist/server-response-extensions.d.ts.map +1 -0
package/dist/server-response-extensions.js +15 -0
package/dist/server-response-extensions.js.map +1 -0
package/dist/server-response-extensions.spec.d.ts +2 -0
package/dist/server-response-extensions.spec.d.ts.map +1 -0
package/dist/server-response-extensions.spec.js +49 -0
package/dist/server-response-extensions.spec.js.map +1 -0
package/dist/utils.d.ts +24 -0
package/dist/utils.d.ts.map +1 -0
package/dist/utils.js +66 -0
package/dist/utils.js.map +1 -0
package/dist/validate.d.ts +18 -0
package/dist/validate.d.ts.map +1 -0
package/dist/validate.integration.schema.d.ts +69 -0
package/dist/validate.integration.schema.d.ts.map +1 -0
package/dist/validate.integration.schema.js +3 -0
package/dist/validate.integration.schema.js.map +1 -0
package/dist/validate.integration.spec.d.ts +13 -0
package/dist/validate.integration.spec.d.ts.map +1 -0
package/dist/validate.integration.spec.js +223 -0
package/dist/validate.integration.spec.js.map +1 -0
package/dist/validate.integration.spec.schema.json +749 -0
package/dist/validate.js +49 -0
package/dist/validate.js.map +1 -0
package/package.json +56 -0
package/src/actions/error-action.spec.ts +54 -0
package/src/actions/error-action.ts +34 -0
package/src/actions/get-current-user.spec.ts +23 -0
package/src/actions/get-current-user.ts +15 -0
package/src/actions/index.ts +6 -0
package/src/actions/is-authenticated.spec.ts +18 -0
package/src/actions/is-authenticated.ts +13 -0
package/src/actions/login-action.spec.ts +41 -0
package/src/actions/login.ts +26 -0
package/src/actions/logout-action.spec.ts +27 -0
package/src/actions/logout.ts +16 -0
package/src/actions/not-found-action.spec.ts +17 -0
package/src/actions/not-found-action.ts +13 -0
package/src/add-cors-header.spec.ts +133 -0
package/src/api-manager.ts +222 -0
package/src/authenticate.spec.ts +78 -0
package/src/authenticate.ts +22 -0
package/src/authorize.spec.ts +69 -0
package/src/authorize.ts +19 -0
package/src/endpoint-generators/create-delete-endpoint.spec.ts +34 -0
package/src/endpoint-generators/create-delete-endpoint.ts +25 -0
package/src/endpoint-generators/create-get-collection-endpoint.spec.ts +164 -0
package/src/endpoint-generators/create-get-collection-endpoint.ts +28 -0
package/src/endpoint-generators/create-get-entity-endpoint.spec.ts +75 -0
package/src/endpoint-generators/create-get-entity-endpoint.ts +29 -0
package/src/endpoint-generators/create-patch-endpoint.spec.ts +36 -0
package/src/endpoint-generators/create-patch-endpoint.ts +27 -0
package/src/endpoint-generators/create-post-endpoint.spec.ts +32 -0
package/src/endpoint-generators/create-post-endpoint.ts +30 -0
package/src/endpoint-generators/index.ts +5 -0
package/src/endpoint-generators/utils.ts +34 -0
package/src/http-authentication-settings.ts +23 -0
package/src/http-user-context.spec.ts +299 -0
package/src/http-user-context.ts +160 -0
package/src/incoming-message-extensions.spec.ts +41 -0
package/src/incoming-message-extensions.ts +19 -0
package/src/index.ts +16 -0
package/src/injector-extensions.spec.ts +19 -0
package/src/injector-extensions.ts +35 -0
package/src/models/cors-options.ts +21 -0
package/src/models/default-session.ts +14 -0
package/src/request-action-implementation.ts +70 -0
package/src/rest-service.integration.spec.ts +166 -0
package/src/rest.integration.test.ts +112 -0
package/src/schema-validator/index.ts +2 -0
package/src/schema-validator/schema-validation-error.ts +11 -0
package/src/schema-validator/schema-validator.test.ts +72 -0
package/src/schema-validator/schema-validator.ts +31 -0
package/src/schema-validator/validate-examples.ts +38 -0
package/src/server-manager.ts +88 -0
package/src/server-response-extensions.spec.ts +53 -0
package/src/server-response-extensions.ts +30 -0
package/src/utils.ts +65 -0
package/src/validate.integration.schema.ts +50 -0
package/src/validate.integration.spec.schema.json +779 -0
package/src/validate.integration.spec.ts +218 -0
package/src/validate.ts +60 -0

package/src/api-manager.ts ADDED Viewed

@@ -0,0 +1,222 @@
+import { Disposable, PathHelper, usingAsync } from '@furystack/utils'
+import { deserializeQueryString, RestApi } from '@furystack/rest'
+import { Injectable, Injector } from '@furystack/inject'
+import { ServerManager, OnRequest } from './server-manager'
+import { pathToRegexp, match } from 'path-to-regexp'
+import { NotFoundAction } from './actions/not-found-action'
+import { CorsOptions } from './models/cors-options'
+import { Utils } from './utils'
+import { ErrorAction } from './actions/error-action'
+import './server-response-extensions'
+import { IdentityContext, User } from '@furystack/core'
+import { HttpUserContext } from './http-user-context'
+import { RequestAction } from './request-action-implementation'
+export type RestApiImplementation<T extends RestApi> = {
+  [TMethod in keyof T]: {
+    [TUrl in keyof T[TMethod]]: T[TMethod][TUrl] extends { result: unknown } ? RequestAction<T[TMethod][TUrl]> : never
+  }
+}
+export interface ImplementApiOptions<T extends RestApi> {
+  api: RestApiImplementation<T>
+  injector: Injector
+  hostName?: string
+  root: string
+  port: number
+  cors?: CorsOptions
+  deserializeQueryParams?: (param: string) => any
+}
+export type CompiledApi = {
+  [K: string]: {
+    [R: string]: { fullPath: string; regex: RegExp; action: RequestAction<any> }
+  }
+}
+export type OnRequestOptions = OnRequest & {
+  compiledApi: CompiledApi
+  hostName?: string
+  port: number
+  rootApiPath: string
+  injector: Injector
+  cors?: CorsOptions
+  supportedMethods: string[]
+  deserializeQueryParams?: (param: string) => any
+}
+@Injectable({ lifetime: 'singleton' })
+export class ApiManager implements Disposable {
+  private readonly apis = new Map<string, CompiledApi>()
+  public dispose() {
+    this.apis.clear()
+  }
+  private getSuportedMethods<T extends RestApi>(api: RestApiImplementation<T>): string[] {
+    return Object.keys(api) as any
+  }
+  private compileApi<T extends RestApi>(api: RestApiImplementation<T>, root: string) {
+    const compiledApi = {} as CompiledApi
+    this.getSuportedMethods(api).forEach((method) => {
+      const endpoint = {}
+      Object.entries((api as any)[method]).forEach(([path, action]) => {
+        const fullPath = `/${PathHelper.joinPaths(root, path)}`
+        const regex = pathToRegexp(fullPath)
+        ;(endpoint as any)[path] = { regex, action, fullPath }
+      })
+      ;(compiledApi as any)[method] = endpoint
+    })
+    return compiledApi
+  }
+  public async addApi<T extends RestApi>({
+    api,
+    hostName,
+    port,
+    root,
+    cors,
+    injector,
+    deserializeQueryParams,
+  }: ImplementApiOptions<T>) {
+    const supportedMethods = this.getSuportedMethods(api)
+    const rootApiPath = PathHelper.normalize(root)
+    const server = await this.serverManager.getOrCreate({ hostName, port })
+    const compiledApi = this.compileApi(api, root)
+    server.apis.push({
+      shouldExec: (msg) =>
+        this.shouldExecRequest({
+          ...msg,
+          method: msg.req.method?.toUpperCase(),
+          rootApiPath,
+          supportedMethods,
+          url: PathHelper.normalize(msg.req.url || ''),
+        }),
+      onRequest: (msg) =>
+        this.onMessage({
+          ...msg,
+          compiledApi,
+          rootApiPath,
+          port,
+          supportedMethods,
+          cors,
+          injector,
+          hostName,
+          deserializeQueryParams,
+        }),
+    })
+  }
+  public shouldExecRequest(options: {
+    method?: string
+    url?: string
+    rootApiPath: string
+    supportedMethods: string[]
+  }): boolean {
+    return options.method &&
+      options.url &&
+      (options.supportedMethods.includes(options.method) || options.method === 'OPTIONS') &&
+      PathHelper.normalize(options.url).startsWith(options.rootApiPath)
+      ? true
+      : false
+  }
+  private getActionFromEndpoint(compiledEndpoint: CompiledApi, fullUrl: URL, method: string) {
+    return (Object.values(compiledEndpoint[method]).find((route) => (route as any).regex.test(fullUrl.pathname)) ||
+      undefined) as
+      | {
+          action: RequestAction<{ body: {}; result: {}; query: {}; url: {}; headers: {} }>
+          regex: RegExp
+          fullPath: string
+        }
+      | undefined
+  }
+  private async executeAction({
+    injector,
+    req,
+    res,
+    fullUrl,
+    action,
+    regex,
+    fullPath,
+    deserializeQueryParams,
+  }: OnRequestOptions & {
+    fullUrl: URL
+    action: RequestAction<{ body: {}; result: {}; query: {}; url: {}; headers: {} }>
+    regex: RegExp
+    fullPath: string
+  }) {
+    await usingAsync(injector.createChild(), async (i) => {
+      const utils = i.getInstance(Utils)
+      const httpUserContext = i.getInstance(HttpUserContext)
+      i.setExplicitInstance<IdentityContext>(
+        {
+          getCurrentUser: <TUser extends User>() => httpUserContext.getCurrentUser(req) as Promise<TUser>,
+          isAuthorized: (...roles) => httpUserContext.isAuthorized(req, ...roles),
+          isAuthenticated: () => httpUserContext.isAuthenticated(req),
+        },
+        IdentityContext,
+      )
+      try {
+        const actionResult = await action({
+          request: req,
+          response: res,
+          injector: i,
+          getBody: () => utils.readPostBody<any>(req),
+          headers: req.headers,
+          getQuery: () =>
+            deserializeQueryParams ? deserializeQueryParams(fullUrl.search) : deserializeQueryString(fullUrl.search),
+          getUrlParams: () => {
+            if (!req.url || !regex) {
+              throw new Error('Error parsing request parameters. Missing URL or RegExp.')
+            }
+            const matcher = match(fullPath, { decode: decodeURIComponent })
+            const { params } = matcher(fullUrl.pathname) as any
+            return params
+          },
+        })
+        res.sendActionResult(actionResult)
+      } catch (error) {
+        const errorActionResult = await ErrorAction({
+          request: req,
+          response: res,
+          injector: i,
+          getBody: async () => error,
+        })
+        res.sendActionResult(errorActionResult)
+      }
+      return
+    })
+  }
+  private async onMessage(options: OnRequestOptions) {
+    const fullUrl = new URL(
+      PathHelper.joinPaths(
+        'http://',
+        `${options.hostName || ServerManager.DEFAULT_HOST}:${options.port}`,
+        options.req.url as string,
+      ),
+    )
+    options.cors && options.injector.getInstance(Utils).addCorsHeaders(options.cors, options.req, options.res)
+    if (options.req.method === 'OPTIONS') {
+      options.res.writeHead(200)
+      options.res.end()
+      return
+    }
+    const action = this.getActionFromEndpoint(options.compiledApi, fullUrl, options.req.method?.toUpperCase() as string)
+    if (action) {
+      await this.executeAction({ ...options, ...action, fullUrl })
+    } else {
+      options.res.sendActionResult(
+        await NotFoundAction({ injector: options.injector, request: options.req, response: options.res }),
+      )
+    }
+  }
+  constructor(private readonly serverManager: ServerManager) {}
+}

package/src/authenticate.spec.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import { IncomingMessage } from 'http'
+import { Injector } from '@furystack/inject'
+import { usingAsync } from '@furystack/utils'
+import { HttpUserContext } from './http-user-context'
+import { Authenticate } from './authenticate'
+import { ServerResponse } from 'http'
+import { IdentityContext } from '@furystack/core'
+import { EmptyResult } from './request-action-implementation'
+describe('Authenticate', () => {
+  const response = {} as any as ServerResponse
+  const request = { url: 'http://google.com' } as IncomingMessage
+  it('Should return 403 w/o basic auth header, when unauthorized and basic auth is disabled', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      const isAuthenticatedAction = jest.fn(async () => false)
+      i.setExplicitInstance(
+        { isAuthenticated: isAuthenticatedAction, getCurrentUser: async () => Promise.reject(':(') },
+        IdentityContext,
+      )
+      i.setExplicitInstance(
+        {
+          authentication: { enableBasicAuth: false },
+        },
+        HttpUserContext,
+      )
+      const exampleAuthenticatedAction = jest.fn(async (_args: any) => EmptyResult())
+      const authorized = Authenticate()(exampleAuthenticatedAction)
+      const result = await authorized({ injector: i, request, response })
+      expect(result.statusCode).toBe(401)
+      expect(result.chunk).toEqual({ error: 'unauthorized' })
+      expect(result.headers).toEqual({ 'Content-Type': 'application/json' })
+      expect(exampleAuthenticatedAction).not.toBeCalled()
+    })
+  })
+  it('Should return 403 with basic auth headers when unauthorized and basic auth is enabled', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      const isAuthenticatedAction = jest.fn(async () => false)
+      i.setExplicitInstance(
+        {
+          isAuthenticated: isAuthenticatedAction,
+          getCurrentUser: async () => Promise.reject(':('),
+          authentication: { enableBasicAuth: true },
+        },
+        HttpUserContext,
+      )
+      const exampleAuthenticatedAction = jest.fn(async (_args: any) => EmptyResult())
+      const authorized = Authenticate()(exampleAuthenticatedAction)
+      const result = await authorized({ injector: i, request, response })
+      expect(result.statusCode).toBe(401)
+      expect(result.chunk).toEqual({ error: 'unauthorized' })
+      expect(result.headers).toEqual({ 'Content-Type': 'application/json', 'WWW-Authenticate': 'Basic' })
+      expect(exampleAuthenticatedAction).not.toBeCalled()
+    })
+  })
+  it('Should exec the original action if authorized', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      const isAuthenticatedAction = jest.fn(async () => true)
+      i.setExplicitInstance(
+        { isAuthenticated: isAuthenticatedAction, getCurrentUser: async () => Promise.reject(':(') },
+        IdentityContext,
+      )
+      const exampleAuthenticatedAction = jest.fn(async (_args: any) => EmptyResult())
+      const authorized = Authenticate()(exampleAuthenticatedAction)
+      const params = { injector: i, body: undefined, query: undefined, request, response }
+      const result = await authorized(params)
+      expect(result.statusCode).toBe(200)
+      expect(result.chunk).toBe(undefined)
+      expect(exampleAuthenticatedAction).toBeCalledWith(params)
+    })
+  })
+})

package/src/authenticate.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { sleepAsync } from '@furystack/utils'
+import { HttpUserContext } from './http-user-context'
+import { ActionResult, JsonResult, RequestAction, RequestActionOptions } from './request-action-implementation'
+export const Authenticate =
+  () =>
+  <T extends { result: unknown }>(action: RequestAction<T>): RequestAction<T> => {
+    return async (args: RequestActionOptions<T>): Promise<ActionResult<T>> => {
+      const authenticated = await args.injector.isAuthenticated()
+      if (!authenticated) {
+        await sleepAsync(Math.random() * 1000)
+        return JsonResult(
+          { error: 'unauthorized' },
+          401,
+          args.injector.getInstance(HttpUserContext).authentication.enableBasicAuth
+            ? { 'WWW-Authenticate': 'Basic' }
+            : {},
+        ) as unknown as ActionResult<T>
+      }
+      return (await action(args)) as any
+    }
+  }

package/src/authorize.spec.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { IncomingMessage } from 'http'
+import { Injector } from '@furystack/inject'
+import { usingAsync } from '@furystack/utils'
+import { User, IdentityContext } from '@furystack/core'
+import { Authorize } from './authorize'
+import { ServerResponse } from 'http'
+import { EmptyResult } from './request-action-implementation'
+describe('Authorize', () => {
+  const response = {} as any as ServerResponse
+  const request = { url: 'http://google.com' } as IncomingMessage
+  it('Should return 403 when failed to get current user', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      const isAuthorizedAction = jest.fn(async () => false)
+      i.setExplicitInstance(
+        { isAuthorized: isAuthorizedAction, getCurrentUser: () => Promise.reject(':(') },
+        IdentityContext,
+      )
+      const exampleAuthorizedAction = jest.fn(async (_args: any) => EmptyResult())
+      const authorized = Authorize('Role1')(exampleAuthorizedAction)
+      const result = await authorized({ injector: i, request, response })
+      expect(result.statusCode).toBe(403)
+      expect(result.chunk).toEqual({ error: 'forbidden' })
+      expect(exampleAuthorizedAction).not.toBeCalled()
+    })
+  })
+  it('Should return 403 if the current user does not have the role', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      const isAuthorizedAction = jest.fn(async () => false)
+      i.setExplicitInstance(
+        {
+          isAuthorized: isAuthorizedAction,
+          getCurrentUser: async () => Promise.resolve<User>({ username: 'a', roles: ['Role1'] }),
+        },
+        IdentityContext,
+      )
+      const exampleAuthorizedAction = jest.fn(async (_args: any) => EmptyResult())
+      const authorized = Authorize('Role2')(exampleAuthorizedAction)
+      const result = await authorized({ injector: i, request, response })
+      expect(result.statusCode).toBe(403)
+      expect(result.chunk).toEqual({ error: 'forbidden' })
+      expect(exampleAuthorizedAction).not.toBeCalled()
+    })
+  })
+  it('Should exec the original action if authorized', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      const isAuthorizedAction = jest.fn(async () => true)
+      i.setExplicitInstance(
+        {
+          isAuthorized: isAuthorizedAction,
+          getCurrentUser: async () => Promise.resolve<User>({ username: 'a', roles: ['Role1'] }),
+        },
+        IdentityContext,
+      )
+      const exampleAuthorizedAction = jest.fn(async (_args: any) => EmptyResult())
+      const authorized = Authorize('Role1')(exampleAuthorizedAction)
+      const params = { injector: i, body: undefined, query: undefined, request, response }
+      const result = await authorized(params)
+      expect(result.statusCode).toBe(200)
+      expect(result.chunk).toBe(undefined)
+      expect(exampleAuthorizedAction).toBeCalledWith(params)
+    })
+  })
+})

package/src/authorize.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { sleepAsync } from '@furystack/utils'
+import { ActionResult, JsonResult, RequestAction, RequestActionOptions } from './request-action-implementation'
+export const Authorize =
+  (...roles: string[]) =>
+  <T extends { result: unknown }>(action: RequestAction<T>): RequestAction<T> => {
+    return async (options: RequestActionOptions<T>): Promise<ActionResult<T>> => {
+      try {
+        const authorized = await options.injector.isAuthorized(...roles)
+        if (!authorized) {
+          await sleepAsync(Math.random() * 1000)
+          return JsonResult({ error: 'forbidden' }, 403) as any
+        }
+      } catch (error) {
+        return JsonResult({ error: 'forbidden' }, 403) as any
+      }
+      return (await action(options)) as any
+    }
+  }

package/src/endpoint-generators/create-delete-endpoint.spec.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { usingAsync } from '@furystack/utils'
+import { Injector } from '@furystack/inject'
+import { DeleteEndpoint } from '@furystack/rest'
+import { createDeleteEndpoint } from './create-delete-endpoint'
+import got from 'got'
+import { MockClass, setupContext } from './utils'
+describe('createDeleteEndpoint', () => {
+  it('Should delete the entity and report the success', async () => {
+    await usingAsync(new Injector(), async (i) => {
+      setupContext(i)
+      await i.useRestService<{ DELETE: { '/:id': DeleteEndpoint<MockClass, 'id'> } }>({
+        root: '/api',
+        port: 1111,
+        api: {
+          DELETE: {
+            '/:id': createDeleteEndpoint({ model: MockClass, primaryKey: 'id' }),
+          },
+        },
+      })
+      await i.getDataSetFor(MockClass, 'id').add(i, { id: 'mock', value: 'mock' })
+      const countBeforeDelete = await i.getDataSetFor(MockClass, 'id').count(i)
+      expect(countBeforeDelete).toBe(1)
+      const response = await got('http://127.0.0.1:1111/api/mock', { method: 'DELETE' })
+      expect(response.statusCode).toBe(204)
+      expect(response.body).toBe('')
+      const countAfterDelete = await i.getDataSetFor(MockClass, 'id').count(i)
+      expect(countAfterDelete).toBe(0)
+    })
+  })
+})