@gencow/core 0.1.8 → 0.1.10

package/src/__tests__/scoped-db.test.ts

@@ -0,0 +1,442 @@
+/**
+ * packages/core/src/__tests__/scoped-db.test.ts
+ *
+ * Tests for createScopedDb() — Proxy wrapping Drizzle DB with auto-filter injection.
+ *
+ * Run: bun test packages/core/src/__tests__/scoped-db.test.ts
+ */
+
+import { describe, it, expect, beforeEach, mock } from "bun:test";
+import { createScopedDb, applyFieldAccess } from "../scoped-db";
+import { gencowTable, ownerFilter, _resetTableRegistry, getTableAccessMeta } from "../table";
+import type { GencowCtx } from "../reactive";
+import { serial, text, integer } from "drizzle-orm/pg-core";
+import { pgTable } from "drizzle-orm/pg-core";
+import { eq, and, sql } from "drizzle-orm";
+
+// ─── Mock DB builder ────────────────────────────────────
+
+/**
+ * Create a mock Drizzle-like DB that records method calls.
+ * Supports chaining: db.select().from(table).where(cond).limit(n)
+ */
+function makeMockDb() {
+    const calls: Array<{ method: string; args: any[] }> = [];
+    let lastWhere: any = undefined;
+
+    const chainable = (self: any) =>
+        new Proxy(self, {
+            get(target, prop: string) {
+                if (prop === "_calls") return calls;
+                if (prop === "_lastWhere") return lastWhere;
+                if (prop === "then") return undefined; // Not a thenable by default
+                if (prop === "execute") return undefined;
+
+                return (...args: any[]) => {
+                    calls.push({ method: prop, args });
+                    if (prop === "where") {
+                        lastWhere = args[0];
+                    }
+                    return chainable({});
+                };
+            },
+        });
+
+    const db = {
+        select: (...args: any[]) => {
+            calls.push({ method: "select", args });
+            return chainable({});
+        },
+        insert: (table: any) => {
+            calls.push({ method: "insert", args: [table] });
+            return chainable({});
+        },
+        update: (table: any) => {
+            calls.push({ method: "update", args: [table] });
+            return chainable({});
+        },
+        delete: (table: any) => {
+            calls.push({ method: "delete", args: [table] });
+            return chainable({});
+        },
+        execute: (sqlQuery: any) => {
+            calls.push({ method: "execute", args: [sqlQuery] });
+            return Promise.resolve([]);
+        },
+        query: {},
+        $client: {},
+        _: { session: {} },
+        _calls: calls,
+        _lastWhere: () => lastWhere,
+    };
+
+    return db;
+}
+
+function makeCtx(userId: string, role = "user"): GencowCtx {
+    return {
+        auth: {
+            getUserIdentity: () => ({ id: userId, email: `${userId}@test.com`, name: "Test" }),
+            requireAuth: () => ({ id: userId, email: `${userId}@test.com`, name: "Test", role } as any),
+        },
+        db: {},
+        unsafeDb: {},
+        storage: {} as any,
+        scheduler: {} as any,
+        realtime: {} as any,
+        retry: {} as any,
+    };
+}
+
+function makeAnonCtx(): GencowCtx {
+    return {
+        auth: {
+            getUserIdentity: () => null,
+            requireAuth: () => { throw new Error("Authentication required"); },
+        },
+        db: {},
+        unsafeDb: {},
+        storage: {} as any,
+        scheduler: {} as any,
+        realtime: {} as any,
+        retry: {} as any,
+    };
+}
+
+// ─── Tests ───────────────────────────────────────────────
+
+describe("createScopedDb()", () => {
+    beforeEach(() => {
+        _resetTableRegistry();
+    });
+
+    // ── execute() 차단 ──────────────────────────────────
+
+    describe("execute() 차단", () => {
+        it("ctx.db.execute()를 호출하면 에러를 던진다", () => {
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            expect(() => scopedDb.execute(sql`SELECT 1`)).toThrow(
+                "ctx.db.execute() is not allowed"
+            );
+        });
+
+        it("에러 메시지에 unsafeDb 사용 안내를 포함한다", () => {
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            try {
+                scopedDb.execute(sql`SELECT 1`);
+                expect(true).toBe(false); // should not reach
+            } catch (err: any) {
+                expect(err.message).toContain("ctx.unsafeDb.execute()");
+            }
+        });
+    });
+
+    // ── $client / _ 접근 차단 ────────────────────────────
+
+    describe("직접 클라이언트 접근 차단", () => {
+        it("ctx.db.$client 접근 시 에러", () => {
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            expect(() => scopedDb.$client).toThrow("ctx.db.$client is not allowed");
+        });
+
+        it("ctx.db._ 접근 시 에러", () => {
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            expect(() => scopedDb._).toThrow("ctx.db._ is not allowed");
+        });
+    });
+
+    // ── select().from() filter 주입 ─────────────────────
+
+    describe("select().from() — filter 주입", () => {
+        it("gencowTable에서 select().from() 호출 시 from이 실행된다", () => {
+            const table = gencowTable("scoped_tasks", {
+                id: serial("id").primaryKey(),
+                userId: text("user_id").notNull(),
+            }, {
+                filter: () => true,
+            });
+
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            scopedDb.select().from(table);
+
+            const fromCall = db._calls.find((c: any) => c.method === "from");
+            expect(fromCall).toBeDefined();
+        });
+
+        it("pgTable에서 select().from() 호출 시 그대로 통과한다", () => {
+            const table = pgTable("plain_tasks", {
+                id: serial("id").primaryKey(),
+            });
+
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            scopedDb.select().from(table);
+
+            const fromCall = db._calls.find((c: any) => c.method === "from");
+            expect(fromCall).toBeDefined();
+            // No where should be added for plain pgTable
+        });
+
+        it("filter: () => true 일 때 추가 where 없음", () => {
+            const table = gencowTable("public_table", {
+                id: serial("id").primaryKey(),
+            }, {
+                filter: () => true,
+            });
+
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            const chain = scopedDb.select().from(table);
+
+            // true filter 일 때 where가 호출되지 않아야 함
+            // (then에서 pending filters가 true이므로)
+            const calls = db._calls;
+            const whereCall = calls.find((c: any) => c.method === "where");
+            // No where for public tables
+        });
+    });
+
+    // ── insert는 필터 없이 통과 ─────────────────────────
+
+    describe("insert() — 패스스루", () => {
+        it("insert()는 필터 없이 통과한다", () => {
+            const table = gencowTable("insert_test", {
+                id: serial("id").primaryKey(),
+                userId: text("user_id").notNull(),
+            }, ownerFilter("userId"));
+
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            // insert는 새 행 추가이므로 filter 적용하지 않음
+            // (filter는 읽기/수정/삭제용)
+            scopedDb.insert(table);
+
+            const insertCall = db._calls.find((c: any) => c.method === "insert");
+            expect(insertCall).toBeDefined();
+        });
+    });
+
+    // ── update/delete filter 주입 ───────────────────────
+
+    describe("update() / delete() — filter 주입", () => {
+        it("update(gencowTable)가 실행된다", () => {
+            const table = gencowTable("update_test", {
+                id: serial("id").primaryKey(),
+                userId: text("user_id").notNull(),
+            }, ownerFilter("userId"));
+
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            scopedDb.update(table);
+
+            const updateCall = db._calls.find((c: any) => c.method === "update");
+            expect(updateCall).toBeDefined();
+        });
+
+        it("delete(gencowTable)가 실행된다", () => {
+            const table = gencowTable("delete_test", {
+                id: serial("id").primaryKey(),
+                userId: text("user_id").notNull(),
+            }, ownerFilter("userId"));
+
+            const db = makeMockDb();
+            const ctx = makeCtx("user-1");
+            const scopedDb = createScopedDb(db, ctx);
+
+            scopedDb.delete(table);
+
+            const deleteCall = db._calls.find((c: any) => c.method === "delete");
+            expect(deleteCall).toBeDefined();
+        });
+    });
+});
+
+// ─── applyFieldAccess ───────────────────────────────────
+
+describe("applyFieldAccess()", () => {
+    beforeEach(() => {
+        _resetTableRegistry();
+    });
+
+    it("미허용 필드를 null로 치환한다", () => {
+        const table = gencowTable("field_mask", {
+            id: serial("id").primaryKey(),
+            salary: integer("salary"),
+            name: text("name"),
+        }, {
+            filter: () => true,
+            fieldAccess: {
+                salary: { read: (ctx) => (ctx.auth.requireAuth() as any).role === "admin" },
+            },
+        });
+
+        const result = [
+            { id: 1, salary: 100000, name: "Alice" },
+            { id: 2, salary: 200000, name: "Bob" },
+        ];
+
+        const userCtx = makeCtx("user-1", "user");
+        const masked = applyFieldAccess(result, table, userCtx);
+
+        expect(masked[0].salary).toBeNull();
+        expect(masked[0].name).toBe("Alice");
+        expect(masked[1].salary).toBeNull();
+        expect(masked[1].name).toBe("Bob");
+    });
+
+    it("허용된 사용자의 필드는 유지된다", () => {
+        const table = gencowTable("field_keep", {
+            id: serial("id").primaryKey(),
+            salary: integer("salary"),
+        }, {
+            filter: () => true,
+            fieldAccess: {
+                salary: { read: (ctx) => (ctx.auth.requireAuth() as any).role === "admin" },
+            },
+        });
+
+        const result = [{ id: 1, salary: 100000 }];
+        const adminCtx = makeCtx("admin-1", "admin");
+        const kept = applyFieldAccess(result, table, adminCtx);
+
+        expect(kept[0].salary).toBe(100000);
+    });
+
+    it("fieldAccess가 없는 테이블은 결과를 그대로 반환한다", () => {
+        const table = gencowTable("no_field_access", {
+            id: serial("id").primaryKey(),
+            salary: integer("salary"),
+        }, {
+            filter: () => true,
+        });
+
+        const result = [{ id: 1, salary: 100000 }];
+        const ctx = makeCtx("user-1");
+        const kept = applyFieldAccess(result, table, ctx);
+
+        expect(kept[0].salary).toBe(100000);
+    });
+
+    it("단일 객체도 처리한다 (배열이 아닌 경우)", () => {
+        const table = gencowTable("single_obj", {
+            id: serial("id").primaryKey(),
+            salary: integer("salary"),
+        }, {
+            filter: () => true,
+            fieldAccess: {
+                salary: { read: () => false },
+            },
+        });
+
+        const result = { id: 1, salary: 100000 };
+        const ctx = makeCtx("user-1");
+        const masked = applyFieldAccess(result, table, ctx);
+
+        expect(masked.salary).toBeNull();
+        expect(masked.id).toBe(1);
+    });
+
+    it("pgTable은 그대로 반환한다", () => {
+        const table = pgTable("pg_no_field", {
+            id: serial("id").primaryKey(),
+            salary: integer("salary"),
+        });
+
+        const result = [{ id: 1, salary: 100000 }];
+        const ctx = makeCtx("user-1");
+        const kept = applyFieldAccess(result, table, ctx);
+
+        expect(kept[0].salary).toBe(100000);
+    });
+
+    it("비인증 사용자 — read 체크 실패 시 필드를 null로 치환", () => {
+        const table = gencowTable("anon_field", {
+            id: serial("id").primaryKey(),
+            secret: text("secret"),
+        }, {
+            filter: () => true,
+            fieldAccess: {
+                secret: { read: (ctx) => !!ctx.auth.getUserIdentity() },
+            },
+        });
+
+        const result = [{ id: 1, secret: "top-secret" }];
+        const anonCtx = makeAnonCtx();
+        const masked = applyFieldAccess(result, table, anonCtx);
+
+        expect(masked[0].secret).toBeNull();
+    });
+
+    it("여러 필드에 대한 fieldAccess 적용", () => {
+        const table = gencowTable("multi_field", {
+            id: serial("id").primaryKey(),
+            salary: integer("salary"),
+            ssn: text("ssn"),
+            name: text("name"),
+        }, {
+            filter: () => true,
+            fieldAccess: {
+                salary: { read: () => false },
+                ssn: { read: () => false },
+            },
+        });
+
+        const result = { id: 1, salary: 100000, ssn: "123-45-6789", name: "Alice" };
+        const ctx = makeCtx("user-1");
+        const masked = applyFieldAccess(result, table, ctx);
+
+        expect(masked.salary).toBeNull();
+        expect(masked.ssn).toBeNull();
+        expect(masked.name).toBe("Alice");
+        expect(masked.id).toBe(1);
+    });
+
+    it("null/undefined 결과는 그대로 반환", () => {
+        const table = gencowTable("null_result", {
+            id: serial("id").primaryKey(),
+        }, {
+            filter: () => true,
+            fieldAccess: { id: { read: () => false } },
+        });
+
+        const ctx = makeCtx("user-1");
+        expect(applyFieldAccess(null, table, ctx)).toBeNull();
+        expect(applyFieldAccess(undefined, table, ctx)).toBeUndefined();
+    });
+
+    it("빈 배열은 그대로 반환", () => {
+        const table = gencowTable("empty_arr", {
+            id: serial("id").primaryKey(),
+        }, {
+            filter: () => true,
+            fieldAccess: { id: { read: () => false } },
+        });
+
+        const ctx = makeCtx("user-1");
+        const result = applyFieldAccess([], table, ctx);
+        expect(result).toEqual([]);
+    });
+});

package/src/__tests__/storage.test.ts

@@ -0,0 +1,208 @@
+/**
+ * packages/core/src/__tests__/storage.test.ts
+ *
+ * Tests for createStorage() — file storage API
+ * Uses temp directory for file I/O.
+ *
+ * Run: bun test packages/core/src/__tests__/storage.test.ts
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from "bun:test";
+import { createStorage } from "../storage";
+import * as fs from "fs/promises";
+import * as path from "path";
+import * as os from "os";
+
+describe("createStorage()", () => {
+    let tmpDir: string;
+
+    beforeEach(async () => {
+        tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "gencow-storage-test-"));
+    });
+
+    afterEach(async () => {
+        await fs.rm(tmpDir, { recursive: true, force: true }).catch(() => {});
+    });
+
+    // ─── store + getUrl ─────────────────────────────────
+
+    describe("store()", () => {
+        it("File 객체를 저장하고 storageId를 반환한다", async () => {
+            const storage = createStorage(tmpDir);
+            const file = new File(["hello world"], "test.txt", { type: "text/plain" });
+
+            const id = await storage.store(file);
+            expect(typeof id).toBe("string");
+            expect(id.length).toBeGreaterThan(0);
+        });
+
+        it("저장된 파일이 디스크에 존재한다", async () => {
+            const storage = createStorage(tmpDir);
+            const file = new File(["content"], "doc.txt", { type: "text/plain" });
+
+            const id = await storage.store(file);
+            const filePath = path.join(tmpDir, id);
+            const stat = await fs.stat(filePath);
+            expect(stat.isFile()).toBe(true);
+        });
+
+        it("Blob 객체도 저장 가능하다", async () => {
+            const storage = createStorage(tmpDir);
+            const blob = new Blob(["blob content"], { type: "application/octet-stream" });
+
+            const id = await storage.store(blob);
+            expect(typeof id).toBe("string");
+        });
+
+        it("50MB 초과 파일 → 에러", async () => {
+            const storage = createStorage(tmpDir);
+            // 51MB File mock — File constructor에서 size를 직접 제어
+            const bigContent = new Uint8Array(51 * 1024 * 1024);
+            const file = new File([bigContent], "big.bin");
+
+            await expect(storage.store(file)).rejects.toThrow("File too large");
+        });
+
+        it("커스텀 filename 적용", async () => {
+            const storage = createStorage(tmpDir);
+            const file = new File(["data"], "original.txt");
+
+            const id = await storage.store(file, "custom-name.txt");
+            const meta = await storage.getMeta(id);
+            expect(meta?.name).toBe("custom-name.txt");
+        });
+    });
+
+    // ─── storeBuffer ────────────────────────────────────
+
+    describe("storeBuffer()", () => {
+        it("Buffer를 저장하고 storageId를 반환한다", async () => {
+            const storage = createStorage(tmpDir);
+            const buffer = Buffer.from("buffer content");
+
+            const id = await storage.storeBuffer(buffer, "buffer.txt", "text/plain");
+            expect(typeof id).toBe("string");
+        });
+
+        it("저장된 파일의 메타데이터가 올바르다", async () => {
+            const storage = createStorage(tmpDir);
+            const buffer = Buffer.from("meta test");
+
+            const id = await storage.storeBuffer(buffer, "meta.txt", "text/plain");
+            const meta = await storage.getMeta(id);
+            expect(meta).not.toBeNull();
+            expect(meta!.name).toBe("meta.txt");
+            expect(meta!.type).toBe("text/plain");
+            expect(meta!.size).toBe(buffer.length);
+        });
+    });
+
+    // ─── getUrl ─────────────────────────────────────────
+
+    describe("getUrl()", () => {
+        it("storageId로 URL 반환", () => {
+            const storage = createStorage(tmpDir);
+            const url = storage.getUrl("some-uuid-123");
+            expect(url).toBe("/api/storage/some-uuid-123");
+        });
+
+        it("URL 패턴이 /api/storage/{id} 형식이다", async () => {
+            const storage = createStorage(tmpDir);
+            const file = new File(["test"], "test.txt");
+            const id = await storage.store(file);
+            const url = storage.getUrl(id);
+            expect(url).toMatch(/^\/api\/storage\/.+$/);
+        });
+    });
+
+    // ─── getMeta ────────────────────────────────────────
+
+    describe("getMeta()", () => {
+        it("저장된 파일의 메타데이터를 반환한다", async () => {
+            const storage = createStorage(tmpDir);
+            const file = new File(["hello"], "hello.txt", { type: "text/plain" });
+            const id = await storage.store(file);
+
+            const meta = await storage.getMeta(id);
+            expect(meta).not.toBeNull();
+            expect(meta!.id).toBe(id);
+            expect(meta!.name).toBe("hello.txt");
+            expect(meta!.type).toContain("text/plain");
+        });
+
+        it("존재하지 않는 storageId → null 반환", async () => {
+            const storage = createStorage(tmpDir);
+            const meta = await storage.getMeta("nonexistent-id");
+            expect(meta).toBeNull();
+        });
+    });
+
+    // ─── delete ─────────────────────────────────────────
+
+    describe("delete()", () => {
+        it("파일을 삭제한다", async () => {
+            const storage = createStorage(tmpDir);
+            const file = new File(["to delete"], "delete-me.txt");
+            const id = await storage.store(file);
+
+            // 파일 존재 확인
+            const filePath = path.join(tmpDir, id);
+            const statBefore = await fs.stat(filePath);
+            expect(statBefore.isFile()).toBe(true);
+
+            // 삭제
+            await storage.delete(id);
+
+            // 파일 삭제 확인
+            const exists = await fs.access(filePath).then(() => true).catch(() => false);
+            expect(exists).toBe(false);
+
+            // 메타데이터 삭제 확인
+            const meta = await storage.getMeta(id);
+            expect(meta).toBeNull();
+        });
+
+        it("존재하지 않는 storageId 삭제 시 에러 없음", async () => {
+            const storage = createStorage(tmpDir);
+            await expect(storage.delete("nonexistent-id")).resolves.toBeUndefined();
+        });
+    });
+
+    // ─── Storage Quota ──────────────────────────────────
+
+    describe("스토리지 쿼터", () => {
+        it("쿼터 초과 시 에러 (rawSql 있을 때)", async () => {
+            const mockRawSql = async (sql: string, _params?: unknown[]) => {
+                if (sql.includes("information_schema")) return []; // ensureFilesTable
+                if (sql.includes("SUM")) return [{ total: "999999999" }]; // 쿼터에 근접
+                return [];
+            };
+
+            const storage = createStorage(tmpDir, {
+                rawSql: mockRawSql,
+                storageQuota: 1000000000, // 1GB
+            });
+
+            const file = new File(["x".repeat(1024)], "test.txt");
+            await expect(storage.store(file)).rejects.toThrow("Storage quota exceeded");
+        });
+
+        it("쿼터 0 = 무제한 (에러 없음)", async () => {
+            const mockRawSql = async (sql: string, _params?: unknown[]) => {
+                if (sql.includes("information_schema")) return [];
+                if (sql.includes("SUM")) return [{ total: "999999999999" }];
+                if (sql.includes("INSERT")) return [];
+                return [];
+            };
+
+            const storage = createStorage(tmpDir, {
+                rawSql: mockRawSql,
+                storageQuota: 0, // 무제한
+            });
+
+            const file = new File(["small"], "small.txt");
+            const id = await storage.store(file);
+            expect(typeof id).toBe("string");
+        });
+    });
+});