@gravito/satellite-membership 0.1.1

package/tests/PasskeysService.test.ts

@@ -0,0 +1,113 @@
+import { describe, expect, it } from 'bun:test'
+import type { PasskeysConfig } from '../src/Application/Services/PasskeysService'
+import { PasskeysService } from '../src/Application/Services/PasskeysService'
+import type { IMemberPasskeyRepository } from '../src/Domain/Contracts/IMemberPasskeyRepository'
+import { Member } from '../src/Domain/Entities/Member'
+import { MemberPasskey } from '../src/Domain/Entities/MemberPasskey'
+
+class InMemoryPasskeyRepository implements IMemberPasskeyRepository {
+  private store = new Map<string, MemberPasskey>()
+
+  async save(entity: MemberPasskey): Promise<void> {
+    this.store.set(entity.id, entity)
+  }
+
+  async findById(id: string): Promise<MemberPasskey | null> {
+    return this.store.get(id) ?? null
+  }
+
+  async findAll(): Promise<MemberPasskey[]> {
+    return Array.from(this.store.values())
+  }
+
+  async delete(id: string): Promise<void> {
+    this.store.delete(id)
+  }
+
+  async exists(id: string): Promise<boolean> {
+    return this.store.has(id)
+  }
+
+  async findByMemberId(memberId: string): Promise<MemberPasskey[]> {
+    return Array.from(this.store.values()).filter((entry) => entry.memberId === memberId)
+  }
+
+  async findByCredentialId(credentialId: string): Promise<MemberPasskey | null> {
+    return (
+      Array.from(this.store.values()).find((entry) => entry.credentialId === credentialId) ?? null
+    )
+  }
+
+  async deleteByCredentialId(credentialId: string): Promise<void> {
+    const entry = await this.findByCredentialId(credentialId)
+    if (entry) {
+      this.store.delete(entry.id)
+    }
+  }
+}
+
+function createSession() {
+  const store = new Map<string, string>()
+  return {
+    get(key: string) {
+      return store.get(key)
+    },
+    put(key: string, value: string) {
+      store.set(key, value)
+    },
+    forget(key: string) {
+      store.delete(key)
+    },
+    __store: store,
+  }
+}
+
+const config: PasskeysConfig = {
+  rpName: 'Test Membership',
+  rpID: 'localhost',
+  origin: 'http://localhost:3000',
+  timeout: 45000,
+  userVerification: 'preferred' as const,
+  attestationType: 'none' as const,
+}
+
+function createService() {
+  return new PasskeysService(new InMemoryPasskeyRepository(), config)
+}
+
+describe('PasskeysService', () => {
+  it('stores the generated registration challenge in the session', async () => {
+    const member = Member.create('member-1', 'Test User', 'test@example.com', 'hash')
+    const session = createSession()
+    const service = createService()
+
+    const options = await service.generateRegistrationOptions(member, session)
+    expect(options.challenge).toBeTruthy()
+    expect(session.__store.get('membership.passkeys.registration.challenge')).toBe(
+      options.challenge
+    )
+  })
+
+  it('includes stored credentials when generating authentication options', async () => {
+    const member = Member.create('member-2', 'Verifier', 'verify@example.com', 'hash')
+    const passkeyRepo = new InMemoryPasskeyRepository()
+    const service = new PasskeysService(passkeyRepo, config)
+    const credential = MemberPasskey.create({
+      memberId: member.id,
+      credentialId: Buffer.from('credential-123').toString('base64url'),
+      publicKey: Buffer.from('public-key').toString('base64'),
+      counter: 0,
+      transports: ['usb'],
+    })
+    await passkeyRepo.save(credential)
+
+    const session = createSession()
+    const options = await service.generateAuthenticationOptions(member, session)
+
+    expect(options.allowCredentials?.length).toBeGreaterThan(0)
+    expect(session.__store.get('membership.passkeys.authentication.challenge')).toBe(
+      options.challenge
+    )
+    expect(options.allowCredentials?.[0].id).toBe(credential.credentialId)
+  })
+})

package/tests/email-integration.test.ts

@@ -0,0 +1,161 @@
+import { beforeAll, describe, expect, it } from 'bun:test'
+import path from 'node:path'
+import { DB, Schema } from '@gravito/atlas'
+import { DevMailbox, MemoryTransport, OrbitSignal } from '@gravito/signal'
+import { RegisterMember } from '../src/Application/UseCases/RegisterMember'
+import { AtlasMemberRepository } from '../src/Infrastructure/Persistence/AtlasMemberRepository'
+
+describe('Membership Email Integration', () => {
+  const repo = new AtlasMemberRepository()
+  const mailbox = new DevMailbox()
+  const transport = new MemoryTransport(mailbox)
+
+  // Mock Core with Signal
+  const mockCore: any = {
+    hasher: {
+      make: async (_val: string) => `hashed_\${val}`,
+      check: async (_plain: string, hash: string) => `hashed_\${plain}` === hash,
+    },
+    hooks: {
+      actions: {} as Record<string, Function[]>,
+      addAction(name: string, cb: Function) {
+        this.actions[name] = this.actions[name] || []
+        this.actions[name].push(cb)
+      },
+      async doAction(name: string, data: any) {
+        if (this.actions[name]) {
+          for (const cb of this.actions[name]) {
+            await cb(data)
+          }
+        }
+      },
+    },
+    container: {
+      bindings: new Map(),
+      singleton(key: string, cb: Function) {
+        this.bindings.set(key, cb())
+      },
+      make(key: string) {
+        if (key === 'i18n') {
+          return { t: (k: string) => k }
+        }
+        return this.bindings.get(key)
+      },
+    },
+    logger: {
+      info: console.log,
+      error: console.error,
+      warn: console.warn,
+    },
+  }
+
+  // Setup Signal
+  const signal = new OrbitSignal({
+    transport,
+    from: { address: 'no-reply@gravito.dev', name: 'Gravito' },
+    viewsDir: path.resolve(import.meta.dir, '../views'),
+  })
+
+  // Setup UseCase
+  const registerUseCase = new RegisterMember(repo, mockCore)
+
+  beforeAll(async () => {
+    // 1. Database
+    DB.addConnection('default', { driver: 'sqlite', database: ':memory:' })
+    await Schema.create('members', (table) => {
+      table.string('id').primary()
+      table.string('name')
+      table.string('email').unique()
+      table.string('password_hash')
+      table.string('status')
+      table.text('roles')
+      table.string('verification_token')
+      table.timestamp('email_verified_at').nullable()
+      table.string('password_reset_token').nullable()
+      table.timestamp('password_reset_expires_at').nullable()
+      table.string('current_session_id').nullable()
+      table.string('remember_token').nullable()
+      table.timestamp('created_at').default('CURRENT_TIMESTAMP')
+      table.text('metadata').nullable()
+    })
+
+    // 2. Register Hook (Manually since we are not booting the full provider)
+    mockCore.hooks.addAction('membership:send-verification', async (data: any) => {
+      await signal.send(
+        new (await import('../src/Application/Mail/WelcomeMail')).WelcomeMail(
+          data.email,
+          data.token
+        )
+      )
+    })
+  })
+
+  it('註冊後應觸發發送驗證郵件且包含美化樣式', async () => {
+    const email = 'test@example.com'
+    await registerUseCase.execute({
+      name: 'Test User',
+      email,
+      passwordPlain: 'password',
+    })
+
+    const messages = mailbox.list()
+    expect(messages.length).toBe(1)
+    expect(messages[0].envelope.subject).toBe('membership.emails.welcome_subject')
+    // 驗證是否包含 CSS 樣式標籤 (代表模板已渲染)
+    expect(messages[0].html).toContain('<style>')
+    expect(messages[0].html).toContain('Gravito App')
+  })
+
+  it('觸發忘記密碼應發送重設郵件', async () => {
+    // 1. 註冊一個 Hook (模擬 ServiceProvider)
+    mockCore.hooks.addAction('membership:send-reset-password', async (data: any) => {
+      await signal.send(
+        new (await import('../src/Application/Mail/ForgotPasswordMail')).ForgotPasswordMail(
+          data.email,
+          data.token
+        )
+      )
+    })
+
+    mailbox.clear()
+
+    // 2. 模擬觸發 Hook
+    await mockCore.hooks.doAction('membership:send-reset-password', {
+      email: 'reset@example.com',
+      token: 'secret-token',
+    })
+
+    const messages = mailbox.list()
+    expect(messages.length).toBe(1)
+    expect(messages[0].envelope.subject).toBe('membership.emails.reset_password_subject')
+    expect(messages[0].html).toContain('secret-token')
+    expect(messages[0].html).toContain('reset_password_button')
+  })
+
+  it('等級變更後應發送晉級通知郵件', async () => {
+    mockCore.hooks.addAction('membership:level-changed', async (data: any) => {
+      await signal.send(
+        new (await import('../src/Application/Mail/MemberLevelChangedMail')).MemberLevelChangedMail(
+          data.email,
+          data.oldLevel,
+          data.newLevel
+        )
+      )
+    })
+
+    mailbox.clear()
+
+    await mockCore.hooks.doAction('membership:level-changed', {
+      email: 'vip@example.com',
+      oldLevel: 'Silver',
+      newLevel: 'Gold',
+    })
+
+    const messages = mailbox.list()
+    expect(messages.length).toBe(1)
+    expect(messages[0].envelope.subject).toBe('membership.emails.level_changed_subject')
+    expect(messages[0].html).toContain('Silver')
+    expect(messages[0].html).toContain('Gold')
+    expect(messages[0].html).toContain('level_changed_badge')
+  })
+})

package/tests/grand-review.ts

@@ -0,0 +1,176 @@
+import path from 'node:path'
+import { DB, Schema } from '@gravito/atlas'
+import { PlanetCore, setApp } from '@gravito/core'
+import { OrbitSignal } from '@gravito/signal'
+import type { LoginMember } from '../src/Application/UseCases/LoginMember'
+import type { RegisterMember } from '../src/Application/UseCases/RegisterMember'
+import { verifySingleDevice } from '../src/Interface/Http/Middleware/VerifySingleDevice'
+import { MembershipServiceProvider } from '../src/index'
+
+/**
+ * 🛰️ Gravito Membership "Grand Review" (大校閱)
+ *
+ * 此腳本模擬全系統在 Launchpad 環境下的運行狀況
+ */
+async function grandReview() {
+  console.log('\n🚀 [Grand Review] 啟動全系統校閱流程...')
+
+  // 1. 初始化核心與軌道
+  const core = await PlanetCore.boot({
+    config: {
+      APP_NAME: 'Membership Review',
+      PORT: 3001,
+      'membership.auth.single_device': true, // 開啟多設備限制
+      'membership.branding.name': 'Review Admiral', // 自定義品牌
+      'membership.branding.primary_color': '#10b981', // 自定義顏色 (綠色)
+      'app.url': 'https://review.local',
+      'database.default': 'sqlite',
+      'database.connections.sqlite': {
+        driver: 'sqlite',
+        database: ':memory:',
+      },
+    },
+    orbits: [
+      new OrbitSignal({
+        devMode: true,
+        from: { address: 'system@gravito.dev', name: 'Gravito Core' },
+        viewsDir: path.resolve(import.meta.dir, '../views'),
+      }),
+    ],
+  })
+
+  // 1.2 強制設置全局 app 實例，供 Mailable 內部使用
+  setApp(core)
+
+  // 1.5 初始化 Atlas
+  DB.addConnection('default', {
+    driver: 'sqlite',
+    database: ':memory:',
+  })
+
+  // 2. 註冊服務
+  core.container.instance('i18n', {
+    t: (k: string) => k,
+    addResource: () => {},
+    on: () => {},
+  })
+
+  // 取得真正的 Repository
+  const realRepo = new (
+    await import('../src/Infrastructure/Persistence/AtlasMemberRepository')
+  ).AtlasMemberRepository()
+  core.container.instance('membership.repo', realRepo)
+
+  // Mock Auth (Sentinel)
+  const mockAuth = {
+    guard: () => ({
+      attempt: async () => true,
+      user: async () => {
+        // 從 Repo 抓出剛才註冊的人
+        const members = await realRepo.findAll()
+        return members[0]
+      },
+      logout: async () => {},
+    }),
+  }
+  core.container.instance('auth', mockAuth)
+
+  await core.use(new MembershipServiceProvider())
+  await core.bootstrap()
+
+  console.log('✅ [System] 核心與衛星模組已就緒。')
+
+  // 3. 準備資料庫 (執行遷移)
+  console.log('📦 [Database] 正在建立會員資料表...')
+  await Schema.create('members', (table) => {
+    table.string('id').primary()
+    table.string('name')
+    table.string('email').unique()
+    table.string('password_hash')
+    table.string('status').default('pending')
+    table.text('roles').default('["member"]')
+    table.string('verification_token').nullable()
+    table.timestamp('email_verified_at').nullable()
+    table.string('password_reset_token').nullable()
+    table.timestamp('password_reset_expires_at').nullable()
+    table.string('current_session_id').nullable()
+    table.string('remember_token').nullable()
+    table.timestamp('created_at').default('CURRENT_TIMESTAMP')
+    table.timestamp('updated_at').nullable()
+    table.text('metadata').nullable()
+  })
+
+  const _repo = core.container.make<any>('membership.repo')
+  const register = core.container.make<RegisterMember>('membership.register')
+  const login = core.container.make<LoginMember>('membership.login')
+
+  // --- 測試案例 A: 註冊與郵件發送 ---
+  console.log('\n🧪 [Test A] 模擬新會員註冊...')
+  const email = 'commander@gravito.dev'
+  await register.execute({
+    name: 'Gravito Commander',
+    email: email,
+    passwordPlain: 'mission-critical-123',
+  })
+
+  console.log('📬 [Signal] 請檢查上方日誌，應包含美化後的 Welcome Mail HTML。')
+
+  // --- 測試案例 B: 多設備限制 ---
+  console.log('\n🧪 [Test B] 模擬多設備登入限制...')
+
+  // 模擬 Session A
+  const mockSessionA = {
+    id: () => 'session_device_1',
+    get: (k: string) => (k === 'login_web_auth_session' ? email : null),
+    put: () => {},
+    regenerate: () => {},
+  }
+  core.container.instance('session', mockSessionA)
+
+  console.log('📱 設備 1 正在登入...')
+  await login.execute({ email, passwordPlain: 'mission-critical-123' })
+
+  // 模擬 Session B (另一個設備)
+  const mockSessionB = {
+    id: () => 'session_device_2',
+    get: (k: string) => (k === 'login_web_auth_session' ? email : null),
+    put: () => {},
+    regenerate: () => {},
+  }
+  core.container.instance('session', mockSessionB)
+
+  console.log('💻 設備 2 (新設備) 正在登入...')
+  await login.execute({ email, passwordPlain: 'mission-critical-123' })
+
+  // 模擬設備 1 的後續請求，應被攔截
+  console.log('🛡️  驗證設備 1 是否被強制登出...')
+  core.container.instance('session', mockSessionA) // 切換回設備 1 的環境
+
+  // 建立模擬 Context
+  const mockContext: any = {
+    get: (key: string) => {
+      if (key === 'core') {
+        return core
+      }
+      return null
+    },
+    req: { header: () => 'application/json' },
+    json: (d: any) => d,
+  }
+
+  try {
+    await verifySingleDevice(mockContext, async () => {
+      console.log('❌ [Fail] 設備 1 居然還能訪問！')
+    })
+  } catch (err: any) {
+    console.log(`✅ [Pass] 設備 1 被攔截，錯誤訊息: ${err.message}`)
+  }
+
+  console.log('\n🏁 [Grand Review] 校閱完成！所有系統運作正常。')
+  process.exit(0)
+}
+
+grandReview().catch((err) => {
+  console.error('💥 校閱過程中發生崩潰:', err)
+  process.exit(1)
+})

package/tests/integration.test.ts

@@ -0,0 +1,75 @@
+import { beforeAll, describe, expect, it } from 'bun:test'
+import { DB, Schema } from '@gravito/atlas'
+import { RegisterMember } from '../src/Application/UseCases/RegisterMember'
+import { AtlasMemberRepository } from '../src/Infrastructure/Persistence/AtlasMemberRepository'
+
+describe('Membership Satellite Integration', () => {
+  const repo = new AtlasMemberRepository()
+
+  // Mock Core
+  const mockCore: any = {
+    hasher: {
+      make: async (val: string) => `hashed_${val}`,
+      check: async (plain: string, hash: string) => `hashed_${plain}` === hash,
+    },
+    hooks: {
+      doAction: async () => {},
+    },
+    container: {
+      make: (key: string) => {
+        if (key === 'i18n') {
+          return { t: (k: string) => k }
+        }
+        return null
+      },
+    },
+  }
+
+  const registerUseCase = new RegisterMember(repo, mockCore)
+
+  beforeAll(async () => {
+    // 1. 配置 SQLite 記憶體資料庫
+    DB.addConnection('default', {
+      driver: 'sqlite',
+      database: ':memory:',
+    })
+
+    // 2. 建立測試用的資料表
+    await Schema.dropIfExists('members')
+    await Schema.create('members', (table) => {
+      table.string('id').primary()
+      table.string('name')
+      table.string('email').unique()
+      table.string('password_hash')
+      table.string('status')
+      table.text('roles').default('["member"]')
+      table.string('verification_token').nullable()
+      table.timestamp('email_verified_at').nullable()
+      table.string('password_reset_token').nullable()
+      table.timestamp('password_reset_expires_at').nullable()
+      table.string('current_session_id').nullable()
+      table.string('remember_token').nullable()
+      table.timestamp('created_at').default('CURRENT_TIMESTAMP')
+      table.timestamp('updated_at').nullable()
+      table.text('metadata').nullable()
+    })
+  })
+
+  it('應該能成功註冊新會員', async () => {
+    const input = {
+      name: 'Carl',
+      email: `carl-${Date.now()}@example.com`,
+      passwordPlain: 'secret123',
+    }
+
+    const result = await registerUseCase.execute(input)
+
+    expect(result.id).toBeDefined()
+    expect(result.email).toBe(input.email)
+
+    // 驗證是否真的存入 Repository
+    const savedMember = await repo.findById(result.id)
+    expect(savedMember).not.toBeNull()
+    expect(savedMember?.name).toBe(input.name)
+  })
+})

package/tests/member.test.ts

@@ -0,0 +1,47 @@
+import { describe, expect, it } from 'bun:test'
+import { Member, MemberStatus } from '../src/Domain/Entities/Member'
+
+describe('Member Domain Entity', () => {
+  it('應該能正確建立新會員實體且預設狀態為 PENDING', () => {
+    const member = Member.create('user-1', 'Carl', 'carl@example.com', 'hash-123')
+
+    expect(member.id).toBe('user-1')
+    expect(member.name).toBe('Carl')
+    expect(member.email).toBe('carl@example.com')
+    expect(member.status).toBe(MemberStatus.PENDING)
+    expect(member.createdAt).toBeInstanceOf(Date)
+  })
+
+  it('執行 verifyEmail() 後狀態應該變更為 ACTIVE', () => {
+    const member = Member.create('u1', 'N', 'e', 'h')
+
+    member.verifyEmail()
+
+    expect(member.status).toBe(MemberStatus.ACTIVE)
+  })
+
+  it('應該支援 metadata 的存取與擴充', () => {
+    // 模擬從資料庫重建包含 metadata 的實體
+    const member = Member.reconstitute('u1', {
+      name: 'Carl',
+      email: 'c',
+      passwordHash: 'h',
+      status: MemberStatus.ACTIVE,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      metadata: {
+        vat_number: '12345678',
+        level: 'gold',
+      },
+    })
+
+    expect(member.metadata.vat_number).toBe('12345678')
+    expect(member.metadata.level).toBe('gold')
+  })
+
+  it('當無 metadata 時應該回傳空物件而非 undefined', () => {
+    const member = Member.create('u1', 'N', 'e', 'h')
+    expect(member.metadata).toBeDefined()
+    expect(Object.keys(member.metadata).length).toBe(0)
+  })
+})

package/tests/unit.test.ts

@@ -0,0 +1,7 @@
+import { describe, expect, it } from 'bun:test'
+
+describe('Membership', () => {
+  it('should work', () => {
+    expect(true).toBe(true)
+  })
+})

package/tests/update-settings.test.ts

@@ -0,0 +1,101 @@
+import { beforeAll, describe, expect, it } from 'bun:test'
+import { DB, Schema } from '@gravito/atlas'
+import { UpdateSettings } from '../src/Application/UseCases/UpdateSettings'
+import { Member, MemberStatus } from '../src/Domain/Entities/Member'
+import { AtlasMemberRepository } from '../src/Infrastructure/Persistence/AtlasMemberRepository'
+
+describe('Membership UpdateSettings Integration', () => {
+  const repo = new AtlasMemberRepository()
+  let updateUseCase: UpdateSettings
+
+  // Mock Core with Hasher
+  const mockCore: any = {
+    hasher: {
+      make: async (val: string) => `hashed_${val}`,
+      check: async (plain: string, hash: string) => `hashed_${plain}` === hash,
+    },
+    hooks: {
+      doAction: async () => {},
+    },
+  }
+
+  beforeAll(async () => {
+    DB.addConnection('default', { driver: 'sqlite', database: ':memory:' })
+    await Schema.dropIfExists('members')
+    await Schema.create('members', (table) => {
+      table.string('id').primary()
+      table.string('name')
+      table.string('email').unique()
+      table.string('password_hash')
+      table.string('status')
+      table.text('roles').default('["member"]')
+      table.string('verification_token').nullable()
+      table.timestamp('email_verified_at').nullable()
+      table.string('password_reset_token').nullable()
+      table.timestamp('password_reset_expires_at').nullable()
+      table.string('current_session_id').nullable()
+      table.string('remember_token').nullable()
+      table.timestamp('created_at').default('CURRENT_TIMESTAMP')
+      table.timestamp('updated_at').nullable()
+      table.text('metadata').nullable()
+    })
+
+    updateUseCase = new UpdateSettings(repo, mockCore)
+  })
+
+  it('should update profile and merge metadata', async () => {
+    // 1. Create initial member
+    const initialHash = await mockCore.hasher.make('old-pass')
+    const member = Member.reconstitute('u1', {
+      name: 'Old Name',
+      email: 'test@test.com',
+      passwordHash: initialHash,
+      status: MemberStatus.ACTIVE,
+      roles: ['member'],
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      metadata: { initial: 'data' },
+    })
+    await repo.save(member)
+
+    // 2. Perform update
+    const result = await updateUseCase.execute({
+      memberId: 'u1',
+      name: 'New Name',
+      metadata: { theme: 'dark' },
+    })
+
+    expect(result.name).toBe('New Name')
+    expect(result.metadata?.initial).toBe('data')
+    expect(result.metadata?.theme).toBe('dark')
+  })
+
+  it('should securely change password', async () => {
+    const pass = await mockCore.hasher.make('current-pass')
+    const member = Member.create('u2', 'N', 'e2@e.com', pass)
+    await repo.save(member)
+
+    // Should throw if current password wrong
+    try {
+      await updateUseCase.execute({
+        memberId: 'u2',
+        currentPassword: 'wrong',
+        newPassword: 'new',
+      })
+      expect(true).toBe(false) // Should not reach here
+    } catch (e: any) {
+      expect(e.message).toBe('Invalid current password')
+    }
+
+    // Should succeed if correct
+    await updateUseCase.execute({
+      memberId: 'u2',
+      currentPassword: 'current-pass',
+      newPassword: 'secure-new-pass',
+    })
+
+    const updated = await repo.findById('u2')
+    const isNewPassValid = await mockCore.hasher.check('secure-new-pass', updated?.passwordHash)
+    expect(isNewPassValid).toBe(true)
+  })
+})