npm - @idevconn/create-icore - Versions diffs - 0.1.0 - Mend

@idevconn/create-icore 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/templates/libs/auth-strategies/supabase/eslint.config.mjs ADDED Viewed

@@ -0,0 +1,22 @@
+import baseConfig from '../../../eslint.config.mjs';
+export default [
+  ...baseConfig,
+  {
+    files: ['**/*.json'],
+    rules: {
+      '@nx/dependency-checks': [
+        'error',
+        {
+          ignoredFiles: [
+            '{projectRoot}/eslint.config.{js,cjs,mjs,ts,cts,mts}',
+            '{projectRoot}/vitest.config.{js,ts,mjs,mts}',
+          ],
+        },
+      ],
+    },
+    languageOptions: {
+      parser: await import('jsonc-eslint-parser'),
+    },
+  },
+];

package/templates/libs/auth-strategies/supabase/package.json ADDED Viewed

@@ -0,0 +1,16 @@
+{
+  "name": "@icore/auth-supabase",
+  "version": "0.0.1",
+  "private": true,
+  "type": "commonjs",
+  "main": "./src/index.js",
+  "types": "./src/index.d.ts",
+  "dependencies": {
+    "@icore/shared": "*",
+    "@supabase/supabase-js": "^2.0.0",
+    "tslib": "^2.3.0"
+  },
+  "devDependencies": {
+    "vitest": "^4.0.0"
+  }
+}

package/templates/libs/auth-strategies/supabase/project.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "name": "auth-supabase",
+  "$schema": "../../../node_modules/nx/schemas/project-schema.json",
+  "sourceRoot": "libs/auth-strategies/supabase/src",
+  "projectType": "library",
+  "tags": [],
+  "targets": {
+    "build": {
+      "executor": "@nx/js:tsc",
+      "outputs": ["{options.outputPath}"],
+      "options": {
+        "outputPath": "dist/libs/auth-strategies/supabase",
+        "main": "libs/auth-strategies/supabase/src/index.ts",
+        "tsConfig": "libs/auth-strategies/supabase/tsconfig.lib.json",
+        "assets": ["libs/auth-strategies/supabase/*.md"]
+      }
+    }
+  }
+}

package/templates/libs/auth-strategies/supabase/src/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './lib/supabase-auth.strategy';
2	+ export * from './lib/testing/mock-supabase';

package/templates/libs/auth-strategies/supabase/src/lib/__tests__/supabase-auth.contract.unit.test.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { runAuthContract } from '@icore/shared';
+import { SupabaseAuthStrategy } from '../supabase-auth.strategy';
+import { createMockSupabaseClient } from '../testing/mock-supabase';
+runAuthContract('SupabaseAuthStrategy', () => {
+  const client = createMockSupabaseClient();
+  return new SupabaseAuthStrategy({ client });
+});

package/templates/libs/auth-strategies/supabase/src/lib/supabase-auth.strategy.ts ADDED Viewed

@@ -0,0 +1,79 @@
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { AuthSession, AuthStrategy, VerifiedToken } from '@icore/shared';
+export interface SupabaseAuthStrategyOptions {
+  client: SupabaseClient;
+}
+export class SupabaseAuthStrategy implements AuthStrategy {
+  private readonly client: SupabaseClient;
+  constructor(opts: SupabaseAuthStrategyOptions) {
+    this.client = opts.client;
+  }
+  async signUp(email: string, password: string): Promise<AuthSession> {
+    const { data, error } = await this.client.auth.signUp({ email, password });
+    if (error || !data.session) {
+      throw new Error(error?.message ?? 'signup_failed');
+    }
+    return this.toSession(data.session);
+  }
+  async signIn(email: string, password: string): Promise<AuthSession> {
+    const { data, error } = await this.client.auth.signInWithPassword({ email, password });
+    if (error || !data.session) {
+      throw new Error(error?.message ?? 'invalid_credentials');
+    }
+    return this.toSession(data.session);
+  }
+  async refresh(refreshToken: string): Promise<AuthSession> {
+    const { data, error } = await this.client.auth.refreshSession({ refresh_token: refreshToken });
+    if (error || !data.session) {
+      throw new Error(error?.message ?? 'invalid_refresh_token');
+    }
+    return this.toSession(data.session);
+  }
+  async verifyToken(token: string): Promise<VerifiedToken> {
+    const { data, error } = await this.client.auth.getUser(token);
+    if (error || !data.user) {
+      throw new Error(error?.message ?? 'invalid_token');
+    }
+    const meta = (data.user as { app_metadata?: { role?: string } }).app_metadata;
+    return {
+      uid: data.user.id,
+      email: data.user.email,
+      role: meta?.role,
+    };
+  }
+  async setRole(uid: string, role: string): Promise<void> {
+    const { error } = await this.client.auth.admin.updateUserById(uid, {
+      app_metadata: { role },
+    });
+    if (error) throw new Error(error.message);
+  }
+  async getRole(uid: string): Promise<string | null> {
+    const { data, error } = await this.client.auth.admin.getUserById(uid);
+    if (error || !data.user) throw new Error(error?.message ?? 'user_missing');
+    const meta = data.user.app_metadata as { role?: string } | undefined;
+    return meta?.role ?? null;
+  }
+  private toSession(s: {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+    user: { id: string; email?: string | null } | null;
+  }): AuthSession {
+    return {
+      accessToken: s.access_token,
+      refreshToken: s.refresh_token,
+      expiresIn: s.expires_in,
+      user: { id: s.user?.id ?? '', email: s.user?.email ?? '' },
+    };
+  }
+}

package/templates/libs/auth-strategies/supabase/src/lib/testing/mock-supabase.ts ADDED Viewed

@@ -0,0 +1,107 @@
+import type { SupabaseClient } from '@supabase/supabase-js';
+interface FakeUser {
+  id: string;
+  email: string;
+  password: string;
+  role?: string;
+}
+interface FakeSession {
+  access_token: string;
+  refresh_token: string;
+  expires_in: number;
+  user: { id: string; email: string };
+}
+export function createMockSupabaseClient(): SupabaseClient {
+  const users = new Map<string, FakeUser>();
+  const accessToUid = new Map<string, string>();
+  const refreshToUid = new Map<string, string>();
+  function issueSession(user: FakeUser): FakeSession {
+    const access_token = `at_${user.id}_${accessToUid.size}_${Math.random()}`;
+    const refresh_token = `rt_${user.id}_${refreshToUid.size}_${Math.random()}`;
+    accessToUid.set(access_token, user.id);
+    refreshToUid.set(refresh_token, user.id);
+    return {
+      access_token,
+      refresh_token,
+      expires_in: 3600,
+      user: { id: user.id, email: user.email },
+    };
+  }
+  function findById(uid: string): FakeUser | undefined {
+    for (const u of users.values()) if (u.id === uid) return u;
+    return undefined;
+  }
+  const auth = {
+    async signUp({ email, password }: { email: string; password: string }) {
+      for (const u of users.values()) {
+        if (u.email === email) {
+          return { data: { user: null, session: null }, error: { message: 'user exists' } };
+        }
+      }
+      const user: FakeUser = { id: `uid_${users.size + 1}`, email, password };
+      users.set(user.id, user);
+      const session = issueSession(user);
+      return { data: { user: session.user, session }, error: null };
+    },
+    async signInWithPassword({ email, password }: { email: string; password: string }) {
+      for (const u of users.values()) {
+        if (u.email === email && u.password === password) {
+          const session = issueSession(u);
+          return { data: { user: session.user, session }, error: null };
+        }
+      }
+      return { data: { user: null, session: null }, error: { message: 'invalid credentials' } };
+    },
+    async refreshSession({ refresh_token }: { refresh_token: string }) {
+      const uid = refreshToUid.get(refresh_token);
+      if (!uid)
+        return { data: { session: null, user: null }, error: { message: 'invalid refresh' } };
+      refreshToUid.delete(refresh_token); // rotation
+      const user = findById(uid);
+      if (!user) return { data: { session: null, user: null }, error: { message: 'user missing' } };
+      const session = issueSession(user);
+      return { data: { user: session.user, session }, error: null };
+    },
+    async getUser(token?: string) {
+      if (!token) return { data: { user: null }, error: { message: 'missing token' } };
+      const uid = accessToUid.get(token);
+      if (!uid) return { data: { user: null }, error: { message: 'invalid token' } };
+      const user = findById(uid);
+      if (!user) return { data: { user: null }, error: { message: 'user missing' } };
+      return {
+        data: {
+          user: { id: user.id, email: user.email, app_metadata: { role: user.role } },
+        },
+        error: null,
+      };
+    },
+    admin: {
+      async updateUserById(uid: string, updates: { app_metadata?: { role?: string } }) {
+        const user = findById(uid);
+        if (!user) return { data: { user: null }, error: { message: 'user missing' } };
+        if (updates.app_metadata && typeof updates.app_metadata.role === 'string') {
+          user.role = updates.app_metadata.role;
+        }
+        return { data: { user: { id: user.id, email: user.email } }, error: null };
+      },
+      async getUserById(uid: string) {
+        const user = findById(uid);
+        if (!user) return { data: { user: null }, error: { message: 'user missing' } };
+        return {
+          data: {
+            user: { id: user.id, email: user.email, app_metadata: { role: user.role } },
+          },
+          error: null,
+        };
+      },
+    },
+  };
+  return { auth } as unknown as SupabaseClient;
+}

package/templates/libs/auth-strategies/supabase/tsconfig.json ADDED Viewed

@@ -0,0 +1,24 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "compilerOptions": {
+    "module": "node16",
+    "moduleResolution": "node16",
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "importHelpers": true,
+    "noImplicitOverride": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "noPropertyAccessFromIndexSignature": true
+  },
+  "files": [],
+  "include": [],
+  "references": [
+    {
+      "path": "./tsconfig.lib.json"
+    },
+    {
+      "path": "./tsconfig.spec.json"
+    }
+  ]
+}

package/templates/libs/auth-strategies/supabase/tsconfig.lib.json ADDED Viewed

@@ -0,0 +1,23 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../../dist/out-tsc",
+    "declaration": true,
+    "types": ["node"]
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": [
+    "vite.config.ts",
+    "vite.config.mts",
+    "vitest.config.ts",
+    "vitest.config.mts",
+    "src/**/*.test.ts",
+    "src/**/*.spec.ts",
+    "src/**/*.test.tsx",
+    "src/**/*.spec.tsx",
+    "src/**/*.test.js",
+    "src/**/*.spec.js",
+    "src/**/*.test.jsx",
+    "src/**/*.spec.jsx"
+  ]
+}

package/templates/libs/auth-strategies/supabase/tsconfig.spec.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../../dist/out-tsc",
+    "types": ["vitest/globals", "vitest/importMeta", "vite/client", "node", "vitest"]
+  },
+  "include": [
+    "vite.config.ts",
+    "vite.config.mts",
+    "vitest.config.ts",
+    "vitest.config.mts",
+    "src/**/*.test.ts",
+    "src/**/*.spec.ts",
+    "src/**/*.test.tsx",
+    "src/**/*.spec.tsx",
+    "src/**/*.test.js",
+    "src/**/*.spec.js",
+    "src/**/*.test.jsx",
+    "src/**/*.spec.jsx",
+    "src/**/*.d.ts"
+  ]
+}

package/templates/libs/auth-strategies/supabase/vitest.config.mts ADDED Viewed

@@ -0,0 +1,22 @@
+import { defineConfig } from 'vitest/config';
+import { nxViteTsPaths } from '@nx/vite/plugins/nx-tsconfig-paths.plugin';
+import { nxCopyAssetsPlugin } from '@nx/vite/plugins/nx-copy-assets.plugin';
+export default defineConfig(() => ({
+  root: __dirname,
+  cacheDir: '../../../node_modules/.vite/libs/auth-strategies/supabase',
+  plugins: [nxViteTsPaths(), nxCopyAssetsPlugin(['*.md'])],
+  test: {
+    name: 'auth-supabase',
+    watch: false,
+    globals: true,
+    environment: 'node',
+    include: ['{src,tests}/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
+    passWithNoTests: true,
+    reporters: ['default'],
+    coverage: {
+      reportsDirectory: '../../../coverage/libs/auth-strategies/supabase',
+      provider: 'v8' as const,
+    },
+  },
+}));

package/templates/libs/shared/README.md ADDED Viewed

@@ -0,0 +1,11 @@
+# shared
+This library was generated with [Nx](https://nx.dev).
+## Building
+Run `nx build shared` to build the library.
+## Running unit tests
+Run `nx test shared` to execute the unit tests via [Vitest](https://vitest.dev/).

package/templates/libs/shared/eslint.config.mjs ADDED Viewed

@@ -0,0 +1,24 @@
+import baseConfig from '../../eslint.config.mjs';
+export default [
+  ...baseConfig,
+  {
+    files: ['**/*.json'],
+    rules: {
+      '@nx/dependency-checks': [
+        'error',
+        {
+          ignoredFiles: [
+            '{projectRoot}/eslint.config.{js,cjs,mjs,ts,cts,mts}',
+            '{projectRoot}/vitest.config.{js,ts,mjs,mts}',
+            '{projectRoot}/src/**/*.{spec,test}.{js,ts,jsx,tsx}',
+            '{projectRoot}/src/**/__tests__/**/*.{js,ts,jsx,tsx}',
+          ],
+        },
+      ],
+    },
+    languageOptions: {
+      parser: await import('jsonc-eslint-parser'),
+    },
+  },
+];

package/templates/libs/shared/package.json ADDED Viewed

@@ -0,0 +1,14 @@
+{
+  "name": "@icore/shared",
+  "version": "0.0.1",
+  "private": true,
+  "type": "commonjs",
+  "main": "./src/index.js",
+  "types": "./src/index.d.ts",
+  "dependencies": {
+    "@casl/ability": "^7.0.0",
+    "@nestjs/microservices": "^11.0.0",
+    "tslib": "^2.3.0",
+    "vitest": "^4.0.0"
+  }
+}

package/templates/libs/shared/project.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "name": "shared",
+  "$schema": "../../node_modules/nx/schemas/project-schema.json",
+  "sourceRoot": "libs/shared/src",
+  "projectType": "library",
+  "tags": [],
+  "targets": {
+    "build": {
+      "executor": "@nx/js:tsc",
+      "outputs": ["{options.outputPath}"],
+      "options": {
+        "outputPath": "dist/libs/shared",
+        "main": "libs/shared/src/index.ts",
+        "tsConfig": "libs/shared/tsconfig.lib.json",
+        "assets": ["libs/shared/*.md"]
+      }
+    }
+  }
+}

package/templates/libs/shared/src/__tests__/transport.unit.test.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { describe, expect, it, beforeEach, afterEach } from 'vitest';
+import { Transport } from '@nestjs/microservices';
+import { buildTransport } from '../transport';
+const ORIG = { ...process.env };
+describe('buildTransport', () => {
+  beforeEach(() => {
+    for (const k of Object.keys(process.env)) {
+      if (k.startsWith('AUTH_')) delete process.env[k];
+    }
+  });
+  afterEach(() => {
+    for (const k of Object.keys(process.env)) {
+      if (k.startsWith('AUTH_')) delete process.env[k];
+    }
+    Object.assign(process.env, ORIG);
+  });
+  it('defaults to TCP when ${PREFIX}_TRANSPORT is unset', () => {
+    process.env.AUTH_HOST = '127.0.0.1';
+    process.env.AUTH_PORT = '4001';
+    const opts = buildTransport('AUTH');
+    expect(opts.transport).toBe(Transport.TCP);
+    const tcp = opts.options as { host: string; port: number };
+    expect(tcp.host).toBe('127.0.0.1');
+    expect(tcp.port).toBe(4001);
+  });
+  it('selects Redis when ${PREFIX}_TRANSPORT=redis', () => {
+    process.env.AUTH_TRANSPORT = 'redis';
+    process.env.AUTH_REDIS_URL = 'redis://localhost:6379';
+    const opts = buildTransport('AUTH');
+    expect(opts.transport).toBe(Transport.REDIS);
+    const redis = opts.options as { url: string };
+    expect(redis.url).toBe('redis://localhost:6379');
+  });
+  it('selects NATS when ${PREFIX}_TRANSPORT=nats', () => {
+    process.env.AUTH_TRANSPORT = 'nats';
+    process.env.AUTH_NATS_URL = 'nats://localhost:4222,nats://localhost:4223';
+    const opts = buildTransport('AUTH');
+    expect(opts.transport).toBe(Transport.NATS);
+    const nats = opts.options as { servers: string[] };
+    expect(nats.servers).toEqual(['nats://localhost:4222', 'nats://localhost:4223']);
+  });
+  it('throws on unknown transport', () => {
+    process.env.AUTH_TRANSPORT = 'sqs';
+    expect(() => buildTransport('AUTH')).toThrow(/sqs/);
+  });
+  it('throws when a required env var is missing', () => {
+    process.env.AUTH_TRANSPORT = 'redis';
+    expect(() => buildTransport('AUTH')).toThrow(/AUTH_REDIS_URL/);
+  });
+});

package/templates/libs/shared/src/abilities/__tests__/ability.unit.test.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { describe, expect, it } from 'vitest';
+import { defineAbilitiesFor, emptyAbility } from '../ability';
+describe('defineAbilitiesFor', () => {
+  it('grants admin manage on all', () => {
+    const ability = defineAbilitiesFor({ id: 'u1', role: 'admin' });
+    expect(ability.can('manage', 'all')).toBe(true);
+    expect(ability.can('delete', 'User')).toBe(true);
+  });
+  it('denies regular user by default', () => {
+    const ability = defineAbilitiesFor({ id: 'u2', role: 'user' });
+    expect(ability.can('manage', 'all')).toBe(false);
+    expect(ability.can('read', 'User')).toBe(false);
+  });
+  it('denies everything for null user', () => {
+    const ability = defineAbilitiesFor(null);
+    expect(ability.can('read', 'Profile')).toBe(false);
+  });
+});
+describe('emptyAbility', () => {
+  it('denies everything', () => {
+    const ability = emptyAbility();
+    expect(ability.can('manage', 'all')).toBe(false);
+  });
+});

package/templates/libs/shared/src/abilities/ability.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { AbilityBuilder, createMongoAbility, type MongoAbility } from '@casl/ability';
+import type { AbilityAction, AbilitySubject } from './subjects';
+export type AppAbility = MongoAbility<[AbilityAction, AbilitySubject]>;
+export interface AbilityUser {
+  id: string;
+  role: 'admin' | 'user';
+}
+export function defineAbilitiesFor(user: AbilityUser | null): AppAbility {
+  const { can, build } = new AbilityBuilder<AppAbility>(createMongoAbility);
+  if (user?.role === 'admin') {
+    can('manage', 'all');
+  }
+  return build();
+}
+export function emptyAbility(): AppAbility {
+  return createMongoAbility<[AbilityAction, AbilitySubject]>([]);
+}

package/templates/libs/shared/src/abilities/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './ability';
2	+ export * from './subjects';

package/templates/libs/shared/src/abilities/subjects.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export type AbilityAction = 'manage' \| 'create' \| 'read' \| 'update' \| 'delete';
2	+ export type AbilitySubject = 'all' \| 'User' \| 'Profile';

package/templates/libs/shared/src/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './abilities';
+export * from './strategies';
+export * from './transport';

package/templates/libs/shared/src/strategies/__tests__/fake-auth.contract.unit.test.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { FakeAuthStrategy } from '../fakes/fake-auth';
+import { runAuthContract } from '../contract/auth-contract';
+runAuthContract('FakeAuthStrategy', () => new FakeAuthStrategy());

package/templates/libs/shared/src/strategies/__tests__/fake-storage.contract.unit.test.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { FakeStorageStrategy } from '../fakes/fake-storage';
+import { runStorageContract } from '../contract/storage-contract';
+runStorageContract('FakeStorageStrategy', () => new FakeStorageStrategy());

package/templates/libs/shared/src/strategies/auth.ts ADDED Viewed

@@ -0,0 +1,21 @@
+export interface AuthSession {
+  accessToken: string;
+  refreshToken: string;
+  expiresIn: number;
+  user: { id: string; email: string };
+}
+export interface VerifiedToken {
+  uid: string;
+  email?: string;
+  role?: string;
+}
+export interface AuthStrategy {
+  verifyToken(token: string): Promise<VerifiedToken>;
+  signIn(email: string, password: string): Promise<AuthSession>;
+  signUp(email: string, password: string): Promise<AuthSession>;
+  refresh(refreshToken: string): Promise<AuthSession>;
+  setRole(uid: string, role: string): Promise<void>;
+  getRole(uid: string): Promise<string | null>;
+}

package/templates/libs/shared/src/strategies/contract/auth-contract.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import { describe, expect, it, beforeEach } from 'vitest';
+import type { AuthStrategy } from '../auth';
+export function runAuthContract(name: string, factory: () => AuthStrategy): void {
+  describe(`AuthStrategy contract: ${name}`, () => {
+    let strategy: AuthStrategy;
+    beforeEach(() => {
+      strategy = factory();
+    });
+    it('signUp returns a session for new user', async () => {
+      const session = await strategy.signUp('a@x.com', 'pw12345!');
+      expect(session.accessToken).toBeTruthy();
+      expect(session.refreshToken).toBeTruthy();
+      expect(session.user.email).toBe('a@x.com');
+    });
+    it('signIn returns a session after signUp', async () => {
+      await strategy.signUp('b@x.com', 'pw12345!');
+      const session = await strategy.signIn('b@x.com', 'pw12345!');
+      expect(session.user.email).toBe('b@x.com');
+    });
+    it('verifyToken resolves the uid from a signUp token', async () => {
+      const session = await strategy.signUp('c@x.com', 'pw12345!');
+      const verified = await strategy.verifyToken(session.accessToken);
+      expect(verified.uid).toBe(session.user.id);
+    });
+    it('verifyToken rejects bogus token', async () => {
+      await expect(strategy.verifyToken('not-a-token')).rejects.toThrow();
+    });
+    it('refresh issues a new session for the same user', async () => {
+      const first = await strategy.signUp('d@x.com', 'pw12345!');
+      const next = await strategy.refresh(first.refreshToken);
+      expect(next.user.id).toBe(first.user.id);
+    });
+    it('used refresh token is rejected after rotation', async () => {
+      const first = await strategy.signUp('f@x.com', 'pw12345!');
+      await strategy.refresh(first.refreshToken);
+      await expect(strategy.refresh(first.refreshToken)).rejects.toThrow();
+    });
+    it('setRole writes a role visible on verifyToken', async () => {
+      const session = await strategy.signUp('e@x.com', 'pw12345!');
+      await strategy.setRole(session.user.id, 'admin');
+      const reLogged = await strategy.signIn('e@x.com', 'pw12345!');
+      const verified = await strategy.verifyToken(reLogged.accessToken);
+      expect(verified.role).toBe('admin');
+    });
+    it('getRole returns null when no role has been set', async () => {
+      const session = await strategy.signUp('g@x.com', 'pw12345!');
+      expect(await strategy.getRole(session.user.id)).toBeNull();
+    });
+    it('getRole returns the role most recently set via setRole', async () => {
+      const session = await strategy.signUp('h@x.com', 'pw12345!');
+      await strategy.setRole(session.user.id, 'admin');
+      expect(await strategy.getRole(session.user.id)).toBe('admin');
+    });
+  });
+}