@hogsend/cli 0.10.0 → 0.12.0

package/src/__tests__/admin-recovery.test.ts

@@ -0,0 +1,193 @@
+import { randomUUID } from "node:crypto";
+import { createDatabase, user } from "@hogsend/db";
+import { createAuth } from "@hogsend/engine/auth";
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import {
+  type AdminRecovery,
+  createAdminRecovery,
+} from "../lib/admin-recovery.js";
+
+/**
+ * Integration test for the shell-gated admin recovery primitive. Runs against
+ * the migrated test DB (postgresql://test:test@localhost:5434/test). It proves
+ * the FULL security contract:
+ *  - create then a sign-in-equivalent password verify succeeds (correct scrypt
+ *    hashing end to end via better-auth's own verify),
+ *  - reset rotates the password (old fails, new verifies),
+ *  - the stored credential is a hash, NEVER plaintext,
+ *  - create of an existing email and reset of a missing email fail clearly,
+ *  - list returns only non-secret columns.
+ *
+ * Skips gracefully (reported as infra-error by the runner) if the DB is absent.
+ */
+
+const DATABASE_URL =
+  process.env.DATABASE_URL ?? "postgresql://test:test@localhost:5434/test";
+const SECRET = "test-secret-admin-recovery-0123456789abcdef";
+
+async function dbReachable(): Promise<boolean> {
+  const { db, client } = createDatabase({ url: DATABASE_URL });
+  try {
+    await db.select({ id: user.id }).from(user).limit(1);
+    return true;
+  } catch {
+    return false;
+  } finally {
+    await client.end();
+  }
+}
+
+let reachable = false;
+let recovery: AdminRecovery;
+// Verification harness: a separate auth instance whose $context.password.verify
+// reproduces what a real sign-in does, without standing up the HTTP app.
+let verifyPassword: (email: string, password: string) => Promise<boolean>;
+let credentialHash: (email: string) => Promise<string | null>;
+let cleanup: (email: string) => Promise<void>;
+
+const emails: string[] = [];
+function freshEmail(): string {
+  const e = `admin-${randomUUID()}@example.test`;
+  emails.push(e);
+  return e;
+}
+
+beforeAll(async () => {
+  reachable = await dbReachable();
+  if (!reachable) return;
+
+  recovery = createAdminRecovery({ databaseUrl: DATABASE_URL, secret: SECRET });
+
+  const auth = createAuth({
+    db: createDatabase({ url: DATABASE_URL }).db,
+    secret: SECRET,
+    baseURL: "http://localhost:3002",
+  });
+  const ctx = await auth.$context;
+
+  verifyPassword = async (email, password) => {
+    const found = await ctx.internalAdapter.findUserByEmail(email, {
+      includeAccounts: true,
+    });
+    const cred = found?.accounts?.find((a) => a.providerId === "credential");
+    if (!cred?.password) return false;
+    return ctx.password.verify({ password, hash: cred.password });
+  };
+
+  credentialHash = async (email) => {
+    const found = await ctx.internalAdapter.findUserByEmail(email, {
+      includeAccounts: true,
+    });
+    const cred = found?.accounts?.find((a) => a.providerId === "credential");
+    return cred?.password ?? null;
+  };
+
+  cleanup = async (email) => {
+    const found = await ctx.internalAdapter.findUserByEmail(email);
+    if (!found) return;
+    // Delete via the internal adapter; account/session FKs cascade on user
+    // delete, but drop accounts first to be safe across adapters.
+    await ctx.internalAdapter.deleteAccounts(found.user.id);
+    await ctx.internalAdapter.deleteUser(found.user.id);
+  };
+}, 30_000);
+
+afterAll(async () => {
+  if (!reachable) return;
+  for (const email of emails) {
+    try {
+      await cleanup(email);
+    } catch {
+      // best-effort teardown
+    }
+  }
+  await recovery.close();
+}, 30_000);
+
+describe("admin-recovery", () => {
+  it("creates an admin whose password verifies via better-auth", async () => {
+    if (!reachable) {
+      console.warn("test DB unreachable; skipping admin-recovery integration");
+      return;
+    }
+    const email = freshEmail();
+    const created = await recovery.create({
+      email,
+      password: "correct-horse-battery",
+    });
+    expect(created.email).toBe(email);
+    expect(created.id).toBeTruthy();
+    // name defaults to the email local-part.
+    expect(created.name).toBe(email.split("@")[0]);
+
+    // End-to-end: the stored hash verifies the correct password (scrypt).
+    expect(await verifyPassword(email, "correct-horse-battery")).toBe(true);
+    // and rejects the wrong one.
+    expect(await verifyPassword(email, "wrong-password")).toBe(false);
+
+    // The stored credential is a hash, NEVER plaintext.
+    const hash = await credentialHash(email);
+    expect(hash).toBeTruthy();
+    expect(hash).not.toBe("correct-horse-battery");
+    expect(hash).not.toContain("correct-horse-battery");
+    // better-auth scrypt format is `salt:derivedKey` (both hex).
+    expect(hash).toMatch(/^[0-9a-f]+:[0-9a-f]+$/i);
+  }, 30_000);
+
+  it("fails to create a duplicate email and points at reset", async () => {
+    if (!reachable) return;
+    const email = freshEmail();
+    await recovery.create({ email, password: "first-password-123" });
+    await expect(
+      recovery.create({ email, password: "another-password-123" }),
+    ).rejects.toThrow(/already exists.*reset/i);
+  }, 30_000);
+
+  it("resets the password: old fails, new verifies", async () => {
+    if (!reachable) return;
+    const email = freshEmail();
+    await recovery.create({ email, password: "original-pass-123" });
+    expect(await verifyPassword(email, "original-pass-123")).toBe(true);
+
+    const reset = await recovery.reset({
+      email,
+      password: "rotated-pass-456",
+    });
+    expect(reset.email).toBe(email);
+
+    expect(await verifyPassword(email, "original-pass-123")).toBe(false);
+    expect(await verifyPassword(email, "rotated-pass-456")).toBe(true);
+
+    // Still a hash after reset, never plaintext.
+    const hash = await credentialHash(email);
+    expect(hash).not.toContain("rotated-pass-456");
+    expect(hash).toMatch(/^[0-9a-f]+:[0-9a-f]+$/i);
+  }, 30_000);
+
+  it("fails to reset a missing email and points at create", async () => {
+    if (!reachable) return;
+    await expect(
+      recovery.reset({
+        email: `missing-${randomUUID()}@example.test`,
+        password: "whatever-123",
+      }),
+    ).rejects.toThrow(/No admin.*create/i);
+  }, 30_000);
+
+  it("lists admins with only non-secret columns", async () => {
+    if (!reachable) return;
+    const email = freshEmail();
+    await recovery.create({ email, password: "listed-pass-123" });
+    const admins = await recovery.list();
+    const row = admins.find((a) => a.email === email);
+    expect(row).toBeTruthy();
+    expect(Object.keys(row ?? {}).sort()).toEqual([
+      "createdAt",
+      "email",
+      "id",
+      "name",
+    ]);
+    // No password/hash key ever leaks into the summary shape.
+    expect("password" in (row ?? {})).toBe(false);
+  }, 30_000);
+});

package/src/__tests__/dev.test.ts

@@ -0,0 +1,323 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  devCommand,
+  fetchDomainLine,
+  renderDomainLine,
+} from "../commands/dev.js";
+import type { CommandContext } from "../commands/types.js";
+import type { ResolvedConfig } from "../lib/config.js";
+import type { AdminClient, DataPlaneClient, Query } from "../lib/http.js";
+import type { Output } from "../lib/output.js";
+
+vi.mock("../lib/proc.js", () => ({
+  spawnManaged: vi.fn(),
+  shutdownAll: vi.fn(async () => {}),
+  waitForHttp: vi.fn(async () => {}),
+}));
+
+import { spawnManaged } from "../lib/proc.js";
+
+/** Sentinel thrown by the stubbed `out.fail` instead of process.exit(1). */
+class FailSignal extends Error {
+  constructor(readonly failMessage: string) {
+    super(failMessage);
+    this.name = "FailSignal";
+  }
+}
+
+interface Captured {
+  logs: string[];
+  jsonDocs: unknown[];
+}
+
+function makeCtx(opts: {
+  argv: string[];
+  json?: boolean;
+  adminKey?: string;
+  get?: (path: string, query?: Query) => Promise<unknown>;
+  post?: (path: string, body: unknown) => Promise<unknown>;
+}): { ctx: CommandContext; captured: Captured } {
+  const captured: Captured = { logs: [], jsonDocs: [] };
+
+  const out: Output = {
+    interactive: false,
+    isJson: opts.json ?? false,
+    intro: () => {},
+    step: async <T>(_label: string, fn: () => Promise<T>) => fn(),
+    note: (body: string) => {
+      captured.logs.push(body);
+    },
+    table: () => {},
+    kv: () => {},
+    log: (msg: string) => {
+      captured.logs.push(msg);
+    },
+    json: (payload: unknown) => {
+      captured.jsonDocs.push(payload);
+    },
+    outro: () => {},
+    fail: (message: string): never => {
+      throw new FailSignal(message);
+    },
+  };
+
+  const cfg = {
+    baseUrl: "http://localhost:3002",
+    adminKey: opts.adminKey,
+    dataKey: "hsk_data",
+  } as ResolvedConfig;
+
+  const http = {
+    cfg,
+    get: (path: string, query?: Query) =>
+      (opts.get ?? (() => Promise.reject(new Error("unexpected GET"))))(
+        path,
+        query,
+      ),
+    post: () => Promise.reject(new Error("unexpected POST")),
+    patch: () => Promise.reject(new Error("unexpected PATCH")),
+    del: () => Promise.reject(new Error("unexpected DELETE")),
+  } as AdminClient;
+
+  const dataHttp = {
+    cfg,
+    get: () => Promise.reject(new Error("unexpected data GET")),
+    post: (path: string, body: unknown) =>
+      (opts.post ?? (() => Promise.reject(new Error("unexpected data POST"))))(
+        path,
+        body,
+      ),
+    put: () => Promise.reject(new Error("unexpected PUT")),
+    del: () => Promise.reject(new Error("unexpected DELETE")),
+  } as DataPlaneClient;
+
+  const ctx: CommandContext = {
+    argv: opts.argv,
+    cfg,
+    http,
+    dataHttp,
+    out,
+    json: opts.json ?? false,
+  };
+
+  return { ctx, captured };
+}
+
+let cwd: string;
+
+beforeEach(() => {
+  cwd = mkdtempSync(join(tmpdir(), "hogsend-dev-"));
+  vi.mocked(spawnManaged).mockClear();
+  vi.unstubAllGlobals();
+});
+
+afterEach(() => {
+  rmSync(cwd, { recursive: true, force: true });
+  vi.unstubAllGlobals();
+});
+
+describe("hogsend dev --help", () => {
+  it("prints usage and exits cleanly", async () => {
+    const { ctx, captured } = makeCtx({ argv: ["--help"] });
+    await devCommand.run(ctx);
+    const all = captured.logs.join("\n");
+    expect(all).toContain("hogsend dev");
+    expect(all).toContain("--fire");
+    expect(all).toContain("--no-worker");
+    expect(all).toContain("--no-infra");
+    expect(vi.mocked(spawnManaged)).not.toHaveBeenCalled();
+  });
+});
+
+describe("hogsend dev app detection", () => {
+  it("fails with 'not a Hogsend app' in an empty directory", async () => {
+    const { ctx } = makeCtx({ argv: ["--cwd", cwd] });
+    await expect(devCommand.run(ctx)).rejects.toThrow(/not a Hogsend app/i);
+    expect(vi.mocked(spawnManaged)).not.toHaveBeenCalled();
+  });
+
+  it("names the missing worker:dev script", async () => {
+    writeFileSync(
+      join(cwd, "package.json"),
+      JSON.stringify({
+        name: "app",
+        scripts: { dev: "tsx watch src/index.ts" },
+        dependencies: { "@hogsend/engine": "^0.11.0" },
+      }),
+    );
+    const { ctx } = makeCtx({ argv: ["--cwd", cwd] });
+    await expect(devCommand.run(ctx)).rejects.toThrow(/worker:dev/);
+  });
+
+  it("names the missing @hogsend/engine dependency", async () => {
+    writeFileSync(
+      join(cwd, "package.json"),
+      JSON.stringify({
+        name: "app",
+        scripts: { dev: "x", "worker:dev": "y" },
+        dependencies: {},
+      }),
+    );
+    const { ctx } = makeCtx({ argv: ["--cwd", cwd] });
+    await expect(devCommand.run(ctx)).rejects.toThrow(/@hogsend\/engine/);
+  });
+});
+
+describe("hogsend dev --fire", () => {
+  it("delegates to the events send path without booting anything", async () => {
+    vi.stubGlobal(
+      "fetch",
+      vi.fn(async () => ({ ok: true })),
+    );
+    let seenPath: string | undefined;
+    let seenBody: unknown;
+    const { ctx } = makeCtx({
+      argv: ["--fire", "signup", "--email", "a@b.com", "--prop", "plan=pro"],
+      post: async (path, body) => {
+        seenPath = path;
+        seenBody = body;
+        return { stored: true, exits: [] };
+      },
+    });
+    await devCommand.run(ctx);
+    expect(seenPath).toBe("/v1/events");
+    expect(seenBody).toEqual({
+      name: "signup",
+      email: "a@b.com",
+      eventProperties: { plan: "pro" },
+    });
+    expect(vi.mocked(spawnManaged)).not.toHaveBeenCalled();
+  });
+
+  it("supports --fire=<event> syntax", async () => {
+    vi.stubGlobal(
+      "fetch",
+      vi.fn(async () => ({ ok: true })),
+    );
+    let seenBody: unknown;
+    const { ctx } = makeCtx({
+      argv: ["--fire=signup", "--user-id", "u_1"],
+      post: async (_path, body) => {
+        seenBody = body;
+        return { stored: true, exits: [] };
+      },
+    });
+    await devCommand.run(ctx);
+    expect(seenBody).toEqual({ name: "signup", userId: "u_1" });
+  });
+
+  it("fails when --fire has no event name", async () => {
+    const { ctx } = makeCtx({ argv: ["--fire"] });
+    await expect(devCommand.run(ctx)).rejects.toThrow(
+      /--fire requires an event name/,
+    );
+  });
+
+  it("fails with a friendly hint when the instance is down", async () => {
+    vi.stubGlobal(
+      "fetch",
+      vi.fn(async () => {
+        throw new Error("ECONNREFUSED");
+      }),
+    );
+    const { ctx } = makeCtx({
+      argv: ["--fire", "signup", "--user-id", "u_1"],
+    });
+    await expect(devCommand.run(ctx)).rejects.toThrow(
+      /is hogsend dev running/i,
+    );
+    expect(vi.mocked(spawnManaged)).not.toHaveBeenCalled();
+  });
+});
+
+describe("renderDomainLine", () => {
+  it("renders a yellow test-mode line with the redirect target", () => {
+    const line = renderDomainLine({
+      domain: "mysite.com",
+      status: { state: "pending" },
+      testMode: { active: true, redirectTo: "doug@x.dev" },
+    });
+    expect(line).toContain("Test mode active");
+    expect(line).toContain("doug@x.dev");
+    expect(line).toContain("pending");
+  });
+
+  it("renders a verified domain line", () => {
+    const line = renderDomainLine({
+      domain: "mysite.com",
+      status: { state: "verified" },
+      testMode: { active: false, redirectTo: null },
+    });
+    expect(line).toContain("mysite.com");
+    expect(line).toContain("verified");
+  });
+
+  it("returns null when there is nothing to say", () => {
+    expect(
+      renderDomainLine({
+        domain: null,
+        status: null,
+        testMode: { active: false, redirectTo: null },
+      }),
+    ).toBeNull();
+  });
+});
+
+describe("fetchDomainLine (guarded soft-consume of /v1/admin/domain)", () => {
+  it("returns null without calling HTTP when no admin key is configured", async () => {
+    const get = vi.fn();
+    const { ctx } = makeCtx({ argv: [], get });
+    await expect(fetchDomainLine(ctx)).resolves.toBeNull();
+    expect(get).not.toHaveBeenCalled();
+  });
+
+  it("returns null when the route 404s (engine without domain-setup)", async () => {
+    const { ctx } = makeCtx({
+      argv: [],
+      adminKey: "hsk_admin",
+      get: async () => {
+        const err = new Error("request failed with status 404");
+        (err as Error & { status: number }).status = 404;
+        throw err;
+      },
+    });
+    await expect(fetchDomainLine(ctx)).resolves.toBeNull();
+  });
+
+  it("returns the rendered line on success", async () => {
+    const { ctx } = makeCtx({
+      argv: [],
+      adminKey: "hsk_admin",
+      get: async (path) => {
+        expect(path).toBe("/v1/admin/domain");
+        return {
+          domain: "mysite.com",
+          status: { state: "verified" },
+          testMode: { active: false, redirectTo: null },
+        };
+      },
+    });
+    const line = await fetchDomainLine(ctx);
+    expect(line).toContain("mysite.com");
+  });
+
+  it("returns null on a malformed response body", async () => {
+    const { ctx } = makeCtx({
+      argv: [],
+      adminKey: "hsk_admin",
+      get: async () => "weird",
+    });
+    await expect(fetchDomainLine(ctx)).resolves.toBeNull();
+  });
+});
+
+describe("hogsend dev infra gating", () => {
+  it("requires package.json before doing anything else (cwd is a dir)", async () => {
+    mkdirSync(join(cwd, "sub"));
+    const { ctx } = makeCtx({ argv: ["--cwd", join(cwd, "sub")] });
+    await expect(devCommand.run(ctx)).rejects.toThrow(/package\.json/);
+  });
+});