@jmruthers/pace-core 0.5.3 → 0.5.5

package/src/rbac/utils/__tests__/eventContext.unit.test.ts

@@ -0,0 +1,428 @@
+/**
+ * @file Event Context Utilities Tests
+ * @package @jmruthers/pace-core
+ * @module RBAC/EventContext/Tests
+ * @since 1.0.0
+ * 
+ * Comprehensive tests for event context utilities in the RBAC system.
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { SupabaseClient } from '@supabase/supabase-js';
+import { Database } from '../../../types/database';
+import { UUID, Scope } from '../../types';
+import {
+  getOrganisationFromEvent,
+  createScopeFromEvent,
+  isEventBasedScope,
+  isValidEventBasedScope
+} from '../eventContext';
+
+// Mock Supabase client
+const createMockSupabaseClient = () => {
+  const mockQuery = {
+    select: vi.fn().mockReturnThis(),
+    eq: vi.fn().mockReturnThis(),
+    single: vi.fn()
+  };
+
+  return {
+    from: vi.fn().mockReturnValue(mockQuery),
+    query: mockQuery
+  } as unknown as SupabaseClient<Database>;
+};
+
+describe('Event Context Utilities', () => {
+  let mockSupabase: SupabaseClient<Database>;
+  let mockQuery: any;
+
+  beforeEach(() => {
+    mockSupabase = createMockSupabaseClient();
+    mockQuery = mockSupabase.from('event');
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('getOrganisationFromEvent', () => {
+    it('should return organisation ID when event exists', async () => {
+      const eventId = 'event-123';
+      const organisationId = 'org-456';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: organisationId },
+        error: null
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, eventId);
+
+      expect(result).toBe(organisationId);
+      expect(mockSupabase.from).toHaveBeenCalledWith('event');
+      expect(mockQuery.select).toHaveBeenCalledWith('organisation_id');
+      expect(mockQuery.eq).toHaveBeenCalledWith('event_id', eventId);
+      expect(mockQuery.single).toHaveBeenCalled();
+    });
+
+    it('should return null when event does not exist', async () => {
+      const eventId = 'nonexistent-event';
+      
+      mockQuery.single.mockResolvedValue({
+        data: null,
+        error: { message: 'Event not found' }
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, eventId);
+
+      expect(result).toBeNull();
+    });
+
+    it('should return null when data is null', async () => {
+      const eventId = 'event-123';
+      
+      mockQuery.single.mockResolvedValue({
+        data: null,
+        error: null
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, eventId);
+
+      expect(result).toBeNull();
+    });
+
+    it('should handle database errors gracefully', async () => {
+      const eventId = 'event-123';
+      const dbError = new Error('Database connection failed');
+      
+      mockQuery.single.mockRejectedValue(dbError);
+
+      await expect(getOrganisationFromEvent(mockSupabase, eventId))
+        .rejects.toThrow('Database connection failed');
+    });
+
+    it('should handle empty organisation_id', async () => {
+      const eventId = 'event-123';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: null },
+        error: null
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, eventId);
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('createScopeFromEvent', () => {
+    it('should create complete scope when event exists', async () => {
+      const eventId = 'event-123';
+      const organisationId = 'org-456';
+      const appId = 'app-789';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: organisationId },
+        error: null
+      });
+
+      const result = await createScopeFromEvent(mockSupabase, eventId, appId);
+
+      expect(result).toEqual({
+        organisationId,
+        eventId,
+        appId
+      });
+    });
+
+    it('should create scope without appId when not provided', async () => {
+      const eventId = 'event-123';
+      const organisationId = 'org-456';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: organisationId },
+        error: null
+      });
+
+      const result = await createScopeFromEvent(mockSupabase, eventId);
+
+      expect(result).toEqual({
+        organisationId,
+        eventId,
+        appId: undefined
+      });
+    });
+
+    it('should return null when event does not exist', async () => {
+      const eventId = 'nonexistent-event';
+      
+      mockQuery.single.mockResolvedValue({
+        data: null,
+        error: { message: 'Event not found' }
+      });
+
+      const result = await createScopeFromEvent(mockSupabase, eventId);
+
+      expect(result).toBeNull();
+    });
+
+    it('should return null when organisation lookup fails', async () => {
+      const eventId = 'event-123';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: null },
+        error: null
+      });
+
+      const result = await createScopeFromEvent(mockSupabase, eventId);
+
+      expect(result).toBeNull();
+    });
+
+    it('should handle database errors gracefully', async () => {
+      const eventId = 'event-123';
+      const dbError = new Error('Database connection failed');
+      
+      mockQuery.single.mockRejectedValue(dbError);
+
+      await expect(createScopeFromEvent(mockSupabase, eventId))
+        .rejects.toThrow('Database connection failed');
+    });
+  });
+
+  describe('isEventBasedScope', () => {
+    it('should return true for event-based scope (no organisationId, has eventId)', () => {
+      const scope: Scope = {
+        eventId: 'event-123',
+        appId: 'app-456'
+      };
+
+      expect(isEventBasedScope(scope)).toBe(true);
+    });
+
+    it('should return false when organisationId is present', () => {
+      const scope: Scope = {
+        organisationId: 'org-123',
+        eventId: 'event-123',
+        appId: 'app-456'
+      };
+
+      expect(isEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when eventId is missing', () => {
+      const scope: Scope = {
+        appId: 'app-456'
+      };
+
+      expect(isEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when both organisationId and eventId are missing', () => {
+      const scope: Scope = {
+        appId: 'app-456'
+      };
+
+      expect(isEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when eventId is null', () => {
+      const scope: Scope = {
+        eventId: null,
+        appId: 'app-456'
+      };
+
+      expect(isEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when eventId is undefined', () => {
+      const scope: Scope = {
+        eventId: undefined,
+        appId: 'app-456'
+      };
+
+      expect(isEventBasedScope(scope)).toBe(false);
+    });
+  });
+
+  describe('isValidEventBasedScope', () => {
+    it('should return true for valid event-based scope', () => {
+      const scope: Scope = {
+        eventId: 'event-123',
+        appId: 'app-456'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(true);
+    });
+
+    it('should return false when eventId is missing', () => {
+      const scope: Scope = {
+        appId: 'app-456'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when eventId is null', () => {
+      const scope: Scope = {
+        eventId: null,
+        appId: 'app-456'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when eventId is undefined', () => {
+      const scope: Scope = {
+        eventId: undefined,
+        appId: 'app-456'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return false when organisationId is present (not event-based)', () => {
+      const scope: Scope = {
+        organisationId: 'org-123',
+        eventId: 'event-123',
+        appId: 'app-456'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(false);
+    });
+
+    it('should return true for event-based scope without appId', () => {
+      const scope: Scope = {
+        eventId: 'event-123'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(true);
+    });
+  });
+
+  describe('Edge Cases and Error Handling', () => {
+    it('should handle malformed event IDs', async () => {
+      const malformedEventId = '';
+      
+      mockQuery.single.mockResolvedValue({
+        data: null,
+        error: { message: 'Invalid event ID' }
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, malformedEventId);
+
+      expect(result).toBeNull();
+    });
+
+    it('should handle very long event IDs', async () => {
+      const longEventId = 'a'.repeat(1000);
+      const organisationId = 'org-456';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: organisationId },
+        error: null
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, longEventId);
+
+      expect(result).toBe(organisationId);
+      expect(mockQuery.eq).toHaveBeenCalledWith('event_id', longEventId);
+    });
+
+    it('should handle special characters in event IDs', async () => {
+      const specialEventId = 'event-123!@#$%^&*()';
+      const organisationId = 'org-456';
+      
+      mockQuery.single.mockResolvedValue({
+        data: { organisation_id: organisationId },
+        error: null
+      });
+
+      const result = await getOrganisationFromEvent(mockSupabase, specialEventId);
+
+      expect(result).toBe(organisationId);
+      expect(mockQuery.eq).toHaveBeenCalledWith('event_id', specialEventId);
+    });
+
+    it('should handle concurrent calls to getOrganisationFromEvent', async () => {
+      const eventId1 = 'event-123';
+      const eventId2 = 'event-456';
+      const organisationId1 = 'org-123';
+      const organisationId2 = 'org-456';
+      
+      mockQuery.single
+        .mockResolvedValueOnce({
+          data: { organisation_id: organisationId1 },
+          error: null
+        })
+        .mockResolvedValueOnce({
+          data: { organisation_id: organisationId2 },
+          error: null
+        });
+
+      const [result1, result2] = await Promise.all([
+        getOrganisationFromEvent(mockSupabase, eventId1),
+        getOrganisationFromEvent(mockSupabase, eventId2)
+      ]);
+
+      expect(result1).toBe(organisationId1);
+      expect(result2).toBe(organisationId2);
+    });
+
+    it('should handle concurrent calls to createScopeFromEvent', async () => {
+      const eventId1 = 'event-123';
+      const eventId2 = 'event-456';
+      const organisationId1 = 'org-123';
+      const organisationId2 = 'org-456';
+      const appId1 = 'app-123';
+      const appId2 = 'app-456';
+      
+      mockQuery.single
+        .mockResolvedValueOnce({
+          data: { organisation_id: organisationId1 },
+          error: null
+        })
+        .mockResolvedValueOnce({
+          data: { organisation_id: organisationId2 },
+          error: null
+        });
+
+      const [result1, result2] = await Promise.all([
+        createScopeFromEvent(mockSupabase, eventId1, appId1),
+        createScopeFromEvent(mockSupabase, eventId2, appId2)
+      ]);
+
+      expect(result1).toEqual({
+        organisationId: organisationId1,
+        eventId: eventId1,
+        appId: appId1
+      });
+      expect(result2).toEqual({
+        organisationId: organisationId2,
+        eventId: eventId2,
+        appId: appId2
+      });
+    });
+  });
+
+  describe('Type Safety', () => {
+    it('should handle UUID types correctly', () => {
+      const validUUID = '123e4567-e89b-12d3-a456-426614174000';
+      const scope: Scope = {
+        eventId: validUUID,
+        appId: validUUID
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(true);
+    });
+
+    it('should handle string types correctly', () => {
+      const stringId = 'event-123';
+      const scope: Scope = {
+        eventId: stringId,
+        appId: 'app-456'
+      };
+
+      expect(isValidEventBasedScope(scope)).toBe(true);
+    });
+  });
+});

package/src/styles/core.css

@@ -7,6 +7,9 @@
   --font-serif: "Open Sans", sans-serif;
   --font-mono: "Reddit Mono", monospace;
 }
+@theme static {
+  --app-width: 90rem;
+}
 
 @theme inline {
   /* Semantic token mapping */

package/src/utils/__tests__/appConfig.unit.test.ts

@@ -0,0 +1,55 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { setAppConfig, getAppConfig, getCurrentAppName, getCurrentAppId } from '../appConfig';
+
+describe('App Configuration Utilities', () => {
+  beforeEach(() => {
+    // Clear any existing config by resetting the module
+    vi.resetModules();
+  });
+
+  it('should set app configuration', () => {
+    const config = {
+      appName: 'Test App',
+      appId: 'test-app'
+    };
+
+    setAppConfig(config);
+    
+    // Verify the config was set by getting it back
+    const result = getAppConfig();
+    expect(result).toEqual(config);
+  });
+
+  it('should get app configuration', () => {
+    const config = {
+      appName: 'Test App',
+      appId: 'test-app'
+    };
+
+    setAppConfig(config);
+    const result = getAppConfig();
+    expect(result).toEqual(config);
+  });
+
+  it('should get current app name', () => {
+    const config = {
+      appName: 'Test App',
+      appId: 'test-app'
+    };
+
+    setAppConfig(config);
+    const result = getCurrentAppName();
+    expect(result).toBe('Test App');
+  });
+
+  it('should get current app id', () => {
+    const config = {
+      appName: 'Test App',
+      appId: 'test-app'
+    };
+
+    setAppConfig(config);
+    const result = getCurrentAppId();
+    expect(result).toBe('test-app');
+  });
+}); 

package/src/utils/__tests__/audit.unit.test.ts

@@ -0,0 +1,69 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import {
+  auditLogger,
+  logAuthEvent,
+  logPermissionEvent,
+  logSecurityEvent
+} from '../audit';
+
+describe('Audit Logger Utility', () => {
+  beforeEach(() => {
+    auditLogger.clearEvents();
+    vi.restoreAllMocks();
+  });
+
+  it('logs a generic event and stores it', () => {
+    auditLogger.log({ type: 'auth', action: 'login', user: 'alice' });
+    const events = auditLogger.getEvents();
+    expect(events.length).toBe(1);
+    expect(events[0].type).toBe('auth');
+    expect(events[0].action).toBe('login');
+    expect(events[0].user).toBe('alice');
+  });
+
+  it('logs an auth event via logAuthEvent', () => {
+    logAuthEvent('login', 'bob', { ip: '127.0.0.1' });
+    const events = auditLogger.getEvents();
+    expect(events.length).toBe(1);
+    expect(events[0].type).toBe('auth');
+    expect(events[0].action).toBe('login');
+    expect(events[0].user).toBe('bob');
+    expect(events[0].details).toEqual({ ip: '127.0.0.1' });
+  });
+
+  it('logs a permission event via logPermissionEvent', () => {
+    logPermissionEvent('grant', 'carol', { resource: 'file' });
+    const events = auditLogger.getEvents();
+    expect(events.length).toBe(1);
+    expect(events[0].type).toBe('permission');
+    expect(events[0].action).toBe('grant');
+    expect(events[0].user).toBe('carol');
+    expect(events[0].details).toEqual({ resource: 'file' });
+  });
+
+  it('logs a security event via logSecurityEvent', () => {
+    logSecurityEvent('breach', 'dave', { severity: 'high' });
+    const events = auditLogger.getEvents();
+    expect(events.length).toBe(1);
+    expect(events[0].type).toBe('security');
+    expect(events[0].action).toBe('breach');
+    expect(events[0].user).toBe('dave');
+    expect(events[0].details).toEqual({ severity: 'high' });
+  });
+
+  it('can retrieve only security events', async () => {
+    auditLogger.log({ type: 'auth', action: 'login' });
+    auditLogger.log({ type: 'security', action: 'breach' });
+    auditLogger.log({ type: 'security', action: 'scan' });
+    const securityEvents = await auditLogger.getSecurityEvents();
+    expect(securityEvents.length).toBe(2);
+    expect(securityEvents.every(e => e.type === 'security')).toBe(true);
+  });
+
+  it('clears events', () => {
+    auditLogger.log({ type: 'auth', action: 'login' });
+    expect(auditLogger.getEvents().length).toBe(1);
+    auditLogger.clearEvents();
+    expect(auditLogger.getEvents().length).toBe(0);
+  });
+}); 

package/src/utils/__tests__/auth-utils.unit.test.ts

@@ -0,0 +1,70 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import {
+  signInWithEmail,
+  signUpWithEmail,
+  resetPassword,
+  updatePassword,
+  auditLogger
+} from '../auth-utils';
+
+describe('Auth Utils', () => {
+  beforeEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it('signInWithEmail logs and returns error', async () => {
+    const result = await signInWithEmail({ email: 'test@example.com', password: 'pw' });
+    expect(result).toHaveProperty('error');
+    expect(result.error).toBeInstanceOf(Error);
+  });
+
+  it('signUpWithEmail logs and returns error', async () => {
+    const result = await signUpWithEmail({ email: 'new@example.com', password: 'pw' });
+    expect(result).toHaveProperty('error');
+    expect(result.error).toBeInstanceOf(Error);
+  });
+
+  it('resetPassword logs and returns error', async () => {
+    const result = await resetPassword('reset@example.com');
+    expect(result).toHaveProperty('error');
+    expect(result.error).toBeInstanceOf(Error);
+  });
+
+  it('updatePassword calls supabaseClient.auth.updateUser and returns error if thrown', async () => {
+    const updateUser = vi.fn().mockResolvedValue({ error: undefined });
+    const supabaseClient = { auth: { updateUser } } as any;
+    const result = await updatePassword(supabaseClient, 'newpw');
+    expect(updateUser).toHaveBeenCalledWith({ password: 'newpw' });
+    expect(result).toEqual({ error: undefined });
+  });
+
+  it('updatePassword returns error if thrown', async () => {
+    const updateUser = vi.fn().mockRejectedValue(new Error('fail'));
+    const supabaseClient = { auth: { updateUser } } as any;
+    const result = await updatePassword(supabaseClient, 'pw');
+    expect(result.error).toBeInstanceOf(Error);
+    if (result.error) {
+      expect(result.error.message).toBe('fail');
+    }
+  });
+
+  it('auditLogger.log logs event', () => {
+    // Test that the function exists and can be called without error
+    expect(() => auditLogger.log('event', { foo: 'bar' })).not.toThrow();
+  });
+
+  it('auditLogger.logAuthEvent logs auth event', () => {
+    // Test that the function exists and can be called without error
+    expect(() => auditLogger.logAuthEvent('user1', 'LOGIN', { ip: '1.2.3.4' })).not.toThrow();
+  });
+
+  it('auditLogger.logPermissionEvent logs permission check', () => {
+    // Test that the function exists and can be called without error
+    expect(() => auditLogger.logPermissionEvent('user2', 'admin', true)).not.toThrow();
+  });
+
+  it('auditLogger.logEvent logs generic event', () => {
+    // Test that the function exists and can be called without error
+    expect(() => auditLogger.logEvent({ action: 'SOMETHING', details: { foo: 1 } })).not.toThrow();
+  });
+});