@joystick.js/node-canary 0.0.0-canary.5 → 0.0.0-canary.50

package/_package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joystick.js/node",
-  "version": "1.0.0-beta.165",
+  "version": "1.0.0-beta.166",
   "developmentVersion": "1.0.0-beta.1419",
   "type": "module",
   "description": "A Node.js framework for building web apps.",

package/dist/app/accounts/getBrowserSafeUser.js

@@ -1,4 +1,5 @@
 import { isObject } from "../../validation/lib/typeValidators";
+import escapeKeyValuePair from "../../lib/escapeKeyValuePair.js";
 var getBrowserSafeUser_default = (user = null) => {
   if (!user || !isObject(user)) {
     return null;
@@ -16,7 +17,7 @@ var getBrowserSafeUser_default = (user = null) => {
       return fields;
     }
   }, {});
-  return browserSafeUser;
+  return escapeKeyValuePair(browserSafeUser);
 };
 export {
   getBrowserSafeUser_default as default

package/dist/app/accounts/hasLoginTokenExpired.js

@@ -5,8 +5,7 @@ var hasLoginTokenExpired_default = async (res, token = null, tokenExpiresAt = nu
     unsetAuthenticationCookie(res);
     return true;
   }
-  const _dayjs = process.env.NODE_ENV === "test" ? (await import("../../tests/mocks/dayjs")).default : null;
-  const hasExpired = process.env.NODE_ENV === "test" ? _dayjs().isAfter(_dayjs(tokenExpiresAt)) : dayjs().isAfter(dayjs(tokenExpiresAt));
+  const hasExpired = dayjs().isAfter(dayjs(tokenExpiresAt));
   if (hasExpired) {
     unsetAuthenticationCookie(res);
     return true;

package/dist/app/databases/mongodb/index.js

@@ -17,7 +17,7 @@ var mongodb_default = async (settings = {}, databasePort = 2610) => {
     const connectionOptions = {
       useNewUrlParser: true,
       useUnifiedTopology: true,
-      ssl: !process.env.NODE_ENV?.includes("development"),
+      ssl: !["development", "test"].includes(process.env.NODE_ENV),
       ...settings?.options || {}
     };
     if (settings?.options?.ca) {

package/dist/app/getBrowserSafeRequest.js

@@ -1,8 +1,9 @@
 import getBrowserSafeUser from "./accounts/getBrowserSafeUser";
+import escapeKeyValuePair from "../lib/escapeKeyValuePair.js";
 var getBrowserSafeRequest_default = (req = {}) => {
   const browserSafeRequest = {};
-  browserSafeRequest.params = req.params;
-  browserSafeRequest.query = req.query;
+  browserSafeRequest.params = escapeKeyValuePair(req.params);
+  browserSafeRequest.query = escapeKeyValuePair(req.query);
   browserSafeRequest.context = {
     user: getBrowserSafeUser(req.context.user)
   };

package/dist/app/index.js

@@ -53,6 +53,7 @@ class App {
     this.initWebsockets(options?.websockets || {});
     this.initDevelopmentRoutes();
     this.initAccounts();
+    this.initTests();
     this.initDeploy();
     this.initAPI(options?.api);
     this.initRoutes(options?.routes);
@@ -143,7 +144,9 @@ class App {
         process.BUILD_ERROR = JSON.parse(message);
       }
     });
-    console.log(`App running at: http://localhost:${express.port}`);
+    if (process.env.NODE_ENV !== "test") {
+      console.log(`App running at: http://localhost:${express.port}`);
+    }
   }
   setMachineId() {
     generateMachineId();
@@ -156,6 +159,13 @@ class App {
       fs.writeFileSync("./.joystick/PROCESS_ID", `${generateId(32)}`);
     }
   }
+  initTests() {
+    if (process.env.NODE_ENV === "test") {
+      this.express.app.get("/api/_test/bootstrap", async (req, res) => {
+        res.status(200).send({ ping: "pong" });
+      });
+    }
+  }
   initDeploy() {
     if (process.env.NODE_ENV === "production" && process.env.IS_PUSH_DEPLOYED) {
       this.express.app.get("/api/_push/pre-version", async (req, res) => {
@@ -401,7 +411,7 @@ class App {
     });
   }
   initDevelopmentRoutes() {
-    if (process.env.NODE_ENV === "development") {
+    if (["development", "test"].includes(process.env.NODE_ENV)) {
       this.express.app.get("/api/_joystick/sessions", async (req, res) => {
         const sessions = Array.from(this.sessions.entries())?.reduce((acc = {}, [key, value]) => {
           acc[key] = value;

package/dist/app/middleware/index.js

@@ -3,6 +3,7 @@ import compression from "compression";
 import cookieParser from "cookie-parser";
 import favicon from "serve-favicon";
 import fs from "fs";
+import { __package } from "../../index.js";
 import insecure from "./insecure.js";
 import requestMethods from "./requestMethods.js";
 import bodyParser from "./bodyParser.js";
@@ -14,11 +15,10 @@ import runUserQuery from "../accounts/runUserQuery.js";
 import replaceBackslashesWithForwardSlashes from "../../lib/replaceBackslashesWithForwardSlashes.js";
 import replaceFileProtocol from "../../lib/replaceFileProtocol.js";
 import getBuildPath from "../../lib/getBuildPath.js";
-import sanitizeQueryParameters from "./sanitizeQueryParameters.js";
 import session from "./session.js";
 import csp from "./csp.js";
 const cwd = replaceFileProtocol(replaceBackslashesWithForwardSlashes(process.cwd()));
-const faviconPath = process.env.NODE_ENV === "test" ? `${cwd}/src/tests/mocks/app/public/favicon.ico` : "public/favicon.ico";
+const faviconPath = "public/favicon.ico";
 var middleware_default = ({
   app,
   port,
@@ -41,7 +41,6 @@ var middleware_default = ({
     }
     next();
   });
-  app.use(sanitizeQueryParameters);
   app.use(requestMethods);
   if (cspConfig) {
     app.use((req, res, next) => csp(req, res, next, cspConfig));
@@ -54,7 +53,7 @@ var middleware_default = ({
   });
   app.use("/_joystick/utils/process.js", (_req, res) => {
     res.set("Content-Type", "text/javascript");
-    const processPolyfill = fs.readFileSync(`${cwd}/node_modules/@joystick.js/node/dist/app/utils/process.js`, "utf-8");
+    const processPolyfill = fs.readFileSync(`${__package}/app/utils/process.js`, "utf-8");
     res.send(processPolyfill.replace("${NODE_ENV}", process.env.NODE_ENV));
   });
   app.use("/_joystick/index.client.js", express.static(`${buildPath}index.client.js`, {
@@ -65,7 +64,7 @@ var middleware_default = ({
   app.use("/_joystick/ui", express.static(`${buildPath}ui`, { eTag: false, maxAge: "0" }));
   app.use("/_joystick/hmr/client.js", (_req, res) => {
     res.set("Content-Type", "text/javascript");
-    const hmrClient = fs.readFileSync(`${cwd}/node_modules/@joystick.js/node/dist/app/middleware/hmr/client.js`, "utf-8");
+    const hmrClient = fs.readFileSync(`${__package}/app/middleware/hmr/client.js`, "utf-8");
     res.send(hmrClient.replace("${process.env.PORT}", parseInt(process.env.PORT, 10) + 1));
   });
   app.use(favicon(faviconPath));

package/dist/app/middleware/render.js

@@ -8,6 +8,8 @@ import generateErrorPage from "../../lib/generateErrorPage.js";
 import replaceFileProtocol from "../../lib/replaceFileProtocol.js";
 import replaceBackslashesWithForwardSlashes from "../../lib/replaceBackslashesWithForwardSlashes.js";
 import getBuildPath from "../../lib/getBuildPath.js";
+import escapeHTML from "../../lib/escapeHTML.js";
+import escapeKeyValuePair from "../../lib/escapeKeyValuePair.js";
 const generateHash = (input = "") => {
   return crypto.createHash("sha256").update(input).digest("hex");
 };
@@ -65,10 +67,10 @@ const getCachedHTML = ({ cachePath, cacheFileName, currentDiff }) => {
 const getUrl = (request = {}) => {
   const [path = null] = request.url?.split("?");
   return {
-    params: request.params,
-    query: request.query,
-    route: request.route.path,
-    path
+    params: escapeKeyValuePair(request.params),
+    query: escapeKeyValuePair(request.query),
+    route: escapeHTML(request.route.path),
+    path: escapeHTML(path)
   };
 };
 const getFile = async (buildPath = "") => {

package/dist/app/sanitizeAPIResponse.js

@@ -1,10 +1,5 @@
 import util from "util";
-import { HTML_ENTITY_MAP } from "../lib/constants.js";
-const escapeHTML = (string = "") => {
-  return String(string).replace(/[&<>"'`=\/]/g, function(match) {
-    return HTML_ENTITY_MAP[match];
-  });
-};
+import escapeHTML from "../lib/escapeHTML.js";
 const sanitizeAPIResponse = (data = null) => {
   let sanitizedData = data;
   if (!util.isString(sanitizedData) && !util.isObject(sanitizedData) && !Array.isArray(sanitizedData)) {

package/dist/app/validateSession.js

@@ -3,6 +3,9 @@ var validateSession_default = (req = null, res = null, sessions = null) => {
   const sessionToken = req?.cookies?.joystickSession;
   const csrfToken = req?.headers["x-joystick-csrf"];
   const session = sessions?.get(sessionToken);
+  if (csrfToken === "joystick_test") {
+    return true;
+  }
   if (!session || session && session.csrf !== csrfToken) {
     res.status(403).send(JSON.stringify({
       errors: [formatAPIError(new Error("Unauthorized request."))]

package/dist/email/templates/reset-password.js

@@ -1,6 +1,5 @@
 import ui from "@joystick.js/ui";
 const ResetPassword = ui.component({
-  id: process.env.NODE_ENV === "test" ? "testComponent1234" : null,
   render: ({ props }) => {
     return `
       <p>A password reset was requested for this email address (${props.emailAddress}). If you requested this reset, click the link below to reset your password:</p>

package/dist/index.js

@@ -1,5 +1,7 @@
-import sanitizeHTML from "sanitize-html";
 import fs from "fs";
+import { fileURLToPath } from "url";
+import { dirname } from "path";
+import sanitizeHTML from "sanitize-html";
 import _accounts from "./app/accounts";
 import _action from "./action/index.js";
 import _websockets from "./websockets";
@@ -27,16 +29,18 @@ const sanitize = {
     allowedTags: sanitizeHTML.defaults.allowedTags
   }
 };
+const currentFilePath = fileURLToPath(import.meta.url);
+const __package = dirname(currentFilePath);
 const __filename = nodeUrlPolyfills.__filename;
 const __dirname = nodeUrlPolyfills.__dirname;
 const id = generateId;
 const origin = getOrigin();
 const settings = loadSettings();
-console.log("HERE", fs.readFileSync(__dirname("dist/app/utils/process.js"), "utf-8"));
 global.joystick = {
   id: generateId,
   emitters: {},
   settings,
+  __package,
   __dirname,
   __filename
 };
@@ -58,6 +62,7 @@ var src_default = {
 export {
   __dirname,
   __filename,
+  __package,
   accounts,
   action,
   src_default as default,

package/dist/lib/escapeHTML.js

@@ -0,0 +1,9 @@
+import { HTML_ENTITY_MAP } from "./constants.js";
+var escapeHTML_default = (string = "") => {
+  return String(string).replace(/[&<>"'`=]/g, function(match) {
+    return HTML_ENTITY_MAP[match];
+  });
+};
+export {
+  escapeHTML_default as default
+};

package/dist/lib/escapeKeyValuePair.js

@@ -0,0 +1,13 @@
+import escapeHTML from "./escapeHTML.js";
+var escapeKeyValuePair_default = (target = {}) => {
+  const parameters = Object.entries(target || {});
+  for (let i = 0; i < parameters?.length; i += 1) {
+    const [key, value] = parameters[i];
+    delete target[key];
+    target[escapeHTML(key)] = escapeHTML(value);
+  }
+  return target;
+};
+export {
+  escapeKeyValuePair_default as default
+};

package/dist/lib/getBuildPath.js

@@ -1,6 +1,6 @@
 import fs from "fs";
 var getBuildPath_default = () => {
-  if (process.env.NODE_ENV === "development" || fs.existsSync(".joystick/build")) {
+  if (["development", "test"].includes(process.env.NODE_ENV) || fs.existsSync(".joystick/build")) {
     return ".joystick/build/";
   }
   return "";

package/dist/lib/getSSLCertificates.js

@@ -6,7 +6,7 @@ var getSSLCertificates_default = (ssl = null) => {
   const keyPath = process.env.IS_PUSH_DEPLOYED ? pushKeyPath : ssl?.key || null;
   const certExists = fs.existsSync(certPath);
   const keyExists = fs.existsSync(keyPath);
-  if (process.env.NODE_ENV === "development" || !certExists || !keyExists) {
+  if (["development", "test"].includes(process.env.NODE_ENV) || !certExists || !keyExists) {
     return null;
   }
   return {

package/dist/lib/log.js

@@ -1,9 +1,6 @@
 import chalk from "chalk";
 import rainbowRoad from "./rainbowRoad.js";
 var log_default = (message = "", options = {}) => {
-  if (process.env.NODE_ENV === "test") {
-    return;
-  }
   const colors = {
     info: "blue",
     success: "green",

package/dist/lib/nodeUrlPolyfills.js

@@ -1,16 +1,12 @@
-import { URL } from "url";
+import { fileURLToPath } from "url";
+import { dirname } from "path";
 var nodeUrlPolyfills_default = {
-  __filename: (url = null) => {
-    if (!url) {
-      return "";
-    }
-    return new URL("", url).pathname;
+  __filename: (url = "") => {
+    return fileURLToPath(url);
   },
-  __dirname: (url = null) => {
-    if (!url) {
-      return "";
-    }
-    return new URL(".", url).pathname;
+  __dirname: (url = "") => {
+    const currentFilePath = fileURLToPath(url);
+    return dirname(currentFilePath);
   }
 };
 export {

package/dist/ssr/index.js

@@ -1,4 +1,5 @@
 import fs from "fs";
+import { __package } from "../index.js";
 import get from "../api/get";
 import set from "../api/set";
 import getBrowserSafeRequest from "../app/getBrowserSafeRequest";
@@ -184,7 +185,7 @@ const getBaseCSS = (baseHTMLName = "") => {
   try {
     const customBaseCSSPathForEmail = baseHTMLName ? `${process.cwd()}/email/base_${baseHTMLName}.css` : null;
     const customDefaultBaseCSSPathForEmail = `${process.cwd()}/email/base.css`;
-    const defaultBaseCSSPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.css` : `${process.cwd()}/node_modules/@joystick.js/node/dist/email/templates/base.css`;
+    const defaultBaseCSSPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.css` : `${__package}/email/templates/base.css`;
     let baseCSSPathToFetch = defaultBaseCSSPathForEmail;
     if (fs.existsSync(customDefaultBaseCSSPathForEmail)) {
       baseCSSPathToFetch = customDefaultBaseCSSPathForEmail;
@@ -242,7 +243,7 @@ const getBaseHTML = (isEmailRender = false, baseEmailHTMLName = "") => {
     if (isEmailRender) {
       const customBaseHTMLPathForEmail = baseEmailHTMLName ? `${process.cwd()}/email/base_${baseEmailHTMLName}.html` : null;
       const customDefaultBaseHTMLPathForEmail = `${process.cwd()}/email/base.html`;
-      const defaultBaseHTMLPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.html` : `${process.cwd()}/node_modules/@joystick.js/node/dist/email/templates/base.html`;
+      const defaultBaseHTMLPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.html` : `${__package}/email/templates/base.html`;
       baseHTMLPathToFetch = defaultBaseHTMLPathForEmail;
       if (fs.existsSync(customDefaultBaseHTMLPathForEmail)) {
         baseHTMLPathToFetch = customDefaultBaseHTMLPathForEmail;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joystick.js/node-canary",
-  "version": "0.0.0-canary.5",
+  "version": "0.0.0-canary.50",
   "type": "module",
   "description": "A Node.js framework for building web apps.",
   "main": "./dist/index.js",

package/dist/app/accounts/roles/index.test.js

@@ -1,123 +0,0 @@
-import { jest } from "@jest/globals";
-import { killPortProcess } from "kill-port-process";
-import setAppSettingsForTest from "../../../tests/lib/setAppSettingsForTest";
-import startTestDatabase from "../../../tests/lib/databases/start";
-import stopTestDatabase from "../../../tests/lib/databases/stop";
-import { beforeEach, expect, test } from "@jest/globals";
-import roles from "./index";
-import accounts from "../index";
-jest.mock("../../../../node_modules/dayjs", () => {
-  const _dayjs = jest.requireActual("../../../../node_modules/dayjs");
-  const _utc = jest.requireActual("../../../../node_modules/dayjs/plugin/utc");
-  _dayjs.extend(_utc);
-  return () => _dayjs("2022-01-01T00:00:00.000Z");
-});
-setAppSettingsForTest({
-  "config": {
-    "databases": [
-      {
-        "provider": "mongodb",
-        "users": true,
-        "options": {}
-      }
-    ],
-    "i18n": {
-      "defaultLanguage": "en-US"
-    },
-    "middleware": {},
-    "email": {
-      "from": "app@test.com",
-      "smtp": {
-        "host": "fake.email.com",
-        "port": 587,
-        "username": "test",
-        "password": "password"
-      }
-    }
-  },
-  "global": {},
-  "public": {},
-  "private": {}
-});
-global.joystick = {
-  settings: {
-    config: {
-      databases: [{
-        "provider": "mongodb",
-        "users": true,
-        "options": {}
-      }]
-    }
-  }
-};
-const app = (await import("../../index")).default;
-let instance;
-describe("app/accounts/roles/index.js", () => {
-  beforeAll(async () => {
-    process.env.PORT = 3600;
-  });
-  beforeEach(async () => {
-    instance = await app({});
-  });
-  afterEach(async () => {
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    await killPortProcess(process.env.PORT);
-  });
-  afterAll(async () => {
-  });
-  test("roles.add adds role to roles collection in database", async () => {
-    await roles.add("admin");
-    const roleExists = await process.databases.mongodb.collection("roles").findOne({ role: "admin" });
-    expect(!!roleExists).toBe(true);
-  });
-  test("roles.remove removes role from roles collection in database", async () => {
-    await roles.add("admin");
-    await roles.remove("admin");
-    const roleExists = await process.databases.mongodb.collection("roles").findOne({ role: "admin" });
-    expect(!!roleExists).toBe(false);
-  });
-  test("roles.list returns a list of roles in the roles collection in database", async () => {
-    await roles.add("admin");
-    await roles.add("manager");
-    await roles.add("employee");
-    const rolesInDatabase = await roles.list();
-    await roles.remove("admin");
-    await roles.remove("manager");
-    await roles.remove("employee");
-    expect(rolesInDatabase).toEqual(["admin", "manager", "employee"]);
-  });
-  test("roles.grant adds role to user in users collection in database", async () => {
-    await process.databases.mongodb.collection("users").deleteOne({ emailAddress: "test@test.com" });
-    const user = await accounts.signup({ emailAddress: "test@test.com", password: "password" });
-    await roles.grant(user?.userId, "admin");
-    await roles.grant(user?.userId, "rolethatdoesntexist");
-    const userAfterGrant = await process.databases.mongodb.collection("users").findOne({ _id: user?.userId });
-    const rolesCreated = await process.databases.mongodb.collection("roles").find().toArray();
-    expect(userAfterGrant?.roles?.includes("admin")).toBe(true);
-    expect(rolesCreated?.length).toBe(2);
-  });
-  test("roles.revoke removes role from user in users collection in database", async () => {
-    await process.databases.mongodb.collection("users").deleteOne({ emailAddress: "test@test.com" });
-    const user = await accounts.signup({ emailAddress: "test@test.com", password: "password" });
-    await roles.grant(user?.userId, "admin");
-    await roles.revoke(user?.userId, "admin");
-    const userAfterGrant = await process.databases.mongodb.collection("users").findOne({ _id: user?.userId });
-    expect(userAfterGrant?.roles?.includes("admin")).toBe(false);
-  });
-  test("roles.userHasRole returns true if user has role", async () => {
-    await process.databases.mongodb.collection("users").deleteOne({ emailAddress: "test@test.com" });
-    const user = await accounts.signup({ emailAddress: "test@test.com", password: "password" });
-    await roles.grant(user?.userId, "admin");
-    const userHasRole = await roles.userHasRole(user?.userId, "admin");
-    expect(userHasRole).toBe(true);
-  });
-  test("roles.userHasRole returns false if user does not have role", async () => {
-    await process.databases.mongodb.collection("users").deleteOne({ emailAddress: "test@test.com" });
-    const user = await accounts.signup({ emailAddress: "test@test.com", password: "password" });
-    await roles.grant(user?.userId, "admin");
-    const userHasRole = await roles.userHasRole(user?.userId, "manager");
-    expect(userHasRole).toBe(false);
-  });
-});

package/dist/app/index.test.js

@@ -1,575 +0,0 @@
-import { afterAll, afterEach, beforeAll, expect, jest, test } from "@jest/globals";
-import { mockRequest, mockResponse } from "jest-mock-req-res";
-import { killPortProcess } from "kill-port-process";
-import assertRoutesDoNotExistInRegexes from "../tests/lib/assertRoutesDoNotExistInRegexes";
-import assertRoutesExistInRegexes from "../tests/lib/assertRoutesExistInRegexes";
-import setAppSettingsForTest from "../tests/lib/setAppSettingsForTest";
-import startTestDatabase from "../tests/lib/databases/start";
-import stopTestDatabase from "../tests/lib/databases/stop";
-import getRouteRegexes from "../tests/lib/getRouteRegexes";
-jest.mock("../../node_modules/crypto-extra", () => {
-  return {
-    randomString: () => "abc1234"
-  };
-});
-jest.mock("../../node_modules/bcrypt", () => {
-  return {
-    hashSync: () => "hashed$password",
-    compareSync: () => {
-      return true;
-    }
-  };
-});
-jest.mock("../../node_modules/dayjs", () => {
-  const _dayjs = jest.requireActual("../../node_modules/dayjs");
-  const _utc = jest.requireActual("../../node_modules/dayjs/plugin/utc");
-  _dayjs.extend(_utc);
-  return () => _dayjs("2022-01-01T00:00:00.000Z");
-});
-const nodemailer = {
-  smtp: {
-    sendMail: jest.fn()
-  }
-};
-jest.mock("../../node_modules/nodemailer", () => {
-  return {
-    createTransport: jest.fn(() => {
-      return {
-        sendMail: nodemailer.smtp.sendMail
-      };
-    })
-  };
-});
-jest.mock("../../node_modules/@joystick.js/ui/dist/component/generateId.js", () => {
-  return "component1234";
-});
-setAppSettingsForTest({
-  "config": {
-    "databases": [
-      {
-        "provider": "mongodb",
-        "users": true,
-        "options": {}
-      }
-    ],
-    "i18n": {
-      "defaultLanguage": "en-US"
-    },
-    "middleware": {},
-    "email": {
-      "from": "app@test.com",
-      "smtp": {
-        "host": "fake.email.com",
-        "port": 587,
-        "username": "test",
-        "password": "password"
-      }
-    }
-  },
-  "global": {},
-  "public": {},
-  "private": {}
-});
-const dayjs = (await import("dayjs")).default;
-const app = (await import("./index")).default;
-const generateId = (await import("../lib/generateId")).default;
-global.joystick = {
-  settings: {
-    config: {
-      databases: [{
-        "provider": "mongodb",
-        "users": true,
-        "options": {}
-      }]
-    }
-  }
-};
-describe("index.js", () => {
-  beforeAll(async () => {
-    process.env.PORT = 3600;
-    await startTestDatabase("mongodb");
-  });
-  afterEach(async () => {
-    await killPortProcess(process.env.PORT);
-  });
-  afterAll(async () => {
-    await stopTestDatabase();
-  });
-  test("registers render-related routes", async () => {
-    const instance = await app({});
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/_joystick/heartbeat",
-        "/_joystick/utils/process.js",
-        "/_joystick/index.client.js",
-        "/_joystick/index.css",
-        "/_joystick/ui",
-        "/_joystick/hmr/client.js"
-      ]);
-    }
-  });
-  test("registers accounts-related routes", async () => {
-    const instance = await app({});
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/api/_accounts/login",
-        "/api/_accounts/logout",
-        "/api/_accounts/signup",
-        "/api/_accounts/recover-password",
-        "/api/_accounts/reset-password"
-      ]);
-    }
-  });
-  test("registers getter routes", async () => {
-    const instance = await app({
-      api: {
-        getters: {
-          posts: {
-            input: {},
-            get: () => {
-            }
-          },
-          post: {
-            input: {},
-            get: () => {
-            }
-          }
-        }
-      }
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/api/_getters/posts",
-        "/api/_getters/post"
-      ]);
-    }
-  });
-  test("registers setter routes", async () => {
-    const instance = await app({
-      api: {
-        setters: {
-          createPost: {
-            input: {},
-            set: () => {
-            }
-          },
-          updatePost: {
-            input: {},
-            set: () => {
-            }
-          }
-        }
-      }
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/api/_setters/createPost",
-        "/api/_setters/updatePost"
-      ]);
-    }
-  });
-  test("registers custom routes if passed as function", async () => {
-    const instance = await app({
-      routes: {
-        "/latest": () => {
-        },
-        "/profile/:_id": () => {
-        },
-        "/category/:category/posts": () => {
-        }
-      }
-    });
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/latest",
-        "/profile/123",
-        "/category/tutorials/posts"
-      ]);
-    }
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-  });
-  test("does not register custom routes if passed as function not set to a function", async () => {
-    const instance = await app({
-      routes: {
-        "/latest": "function",
-        "/profile/:_id": "function",
-        "/category/:category/posts": "function"
-      }
-    });
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesDoNotExistInRegexes(routeRegexes, [
-        "/latest",
-        "/profile/123",
-        "/category/tutorials/posts"
-      ]);
-    }
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-  });
-  test("registers custom routes if passed as an object", async () => {
-    const instance = await app({
-      routes: {
-        "/latest": {
-          method: "GET",
-          handler: () => {
-          }
-        },
-        "/profile/:_id": {
-          method: "POST",
-          handler: () => {
-          }
-        },
-        "/category/:category/posts": {
-          method: "PUT",
-          handler: () => {
-          }
-        }
-      }
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/latest",
-        "/profile/123",
-        "/category/tutorials/posts"
-      ]);
-    }
-  });
-  test("does not register custom routes if passed as an object without a valid method", async () => {
-    const instance = await app({
-      routes: {
-        "/latest": {
-          method: "CAT"
-        },
-        "/profile/:_id": {
-          handler: () => {
-          }
-        },
-        "/category/:category/posts": {
-          method: "PUT",
-          handler: () => {
-          }
-        }
-      }
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesDoNotExistInRegexes(routeRegexes, [
-        "/latest",
-        "/profile/123"
-      ]);
-      assertRoutesExistInRegexes(routeRegexes, [
-        "/category/tutorials/posts"
-      ]);
-    }
-  });
-  test("does not register custom routes if passed as an object without a handler function", async () => {
-    const instance = await app({
-      routes: {
-        "/latest": {
-          method: "GET"
-        },
-        "/profile/:_id": {
-          method: "POST"
-        },
-        "/category/:category/posts": {
-          method: "PUT"
-        }
-      }
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    if (instance?.app?._router) {
-      const routeRegexes = getRouteRegexes(instance.app._router.stack);
-      assertRoutesDoNotExistInRegexes(routeRegexes, [
-        "/latest",
-        "/profile/123",
-        "/category/tutorials/posts"
-      ]);
-    }
-  });
-  test("sets build errors on process", async () => {
-    const instance = await app({});
-    const testMessage = { id: generateId() };
-    process.emit("message", JSON.stringify(testMessage));
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    expect(process.BUILD_ERROR).toEqual(testMessage);
-  });
-  test("if callback function is assigned to function-based route, it is called as expected", async () => {
-    const instance = await app({
-      routes: {
-        "/test": (req2, res2) => {
-          res2.status(200).send("Called as expected.");
-        }
-      }
-    });
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/test";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest();
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.status).toHaveBeenCalledWith(200);
-      expect(res.send).toHaveBeenCalledWith("Called as expected.");
-    }
-  });
-  test("if callback function is assigned to an object-based route, it is called as expected", async () => {
-    const instance = await app({
-      routes: {
-        "/test": {
-          method: "GET",
-          handler: (req2, res2) => {
-            res2.status(200).send("Called as expected.");
-          }
-        }
-      }
-    });
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/test";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest();
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.status).toHaveBeenCalledWith(200);
-      expect(res.send).toHaveBeenCalledWith("Called as expected.");
-    }
-  });
-  test("verify that a /_accounts/authenticated request will return true if passed a valid cookie", async () => {
-    const instance = await app({});
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/authenticated";
-    });
-    const req = mockRequest({
-      cookies: {
-        joystickLoginToken: "testToken123",
-        joystickLoginTokenExpiresAt: dayjs().add(1, "minute").format()
-      }
-    });
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.status).toHaveBeenCalledWith(200);
-      expect(res.send).toHaveBeenCalledWith('{"status":200,"authenticated":true}');
-    }
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-  });
-  test("verify that a /_accounts/authenticated request will return false if passed an invalid cookie", async () => {
-    const instance = await app({});
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/authenticated";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest({
-      cookies: {
-        joystickLoginToken: "testToken123",
-        joystickLoginTokenExpiresAt: jest.requireActual("../../node_modules/dayjs")().subtract(1, "minute").format()
-      }
-    });
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.status).toHaveBeenCalledWith(401);
-      expect(res.send).toHaveBeenCalledWith('{"status":401,"authenticated":false}');
-    }
-  });
-  test("verify that a /_accounts/signup request will set a cookie and return a user if passed a valid signup request", async () => {
-    const instance = await app({});
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/signup";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest({
-      body: {
-        emailAddress: "test@test.com",
-        password: "password",
-        metadata: {}
-      }
-    });
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.cookie).toHaveBeenCalledWith("joystickLoginToken", "abc1234", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(res.cookie).toHaveBeenCalledWith("joystickLoginTokenExpiresAt", "2022-01-31T00:00:00Z", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(res.status).toHaveBeenCalledWith(200);
-      expect(res.send).toHaveBeenCalledWith('{"_id":"abc1234","password":"hashed$password","emailAddress":"test@test.com"}');
-    }
-  });
-  test("verify that a /_accounts/login request will set a cookie and return a user if passed a valid login request", async () => {
-    const instance = await app({});
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/login";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest({
-      body: {
-        emailAddress: "test@test.com",
-        password: "password"
-      }
-    });
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.cookie).toHaveBeenCalledWith("joystickLoginToken", "abc1234", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(res.cookie).toHaveBeenCalledWith("joystickLoginTokenExpiresAt", "2022-01-31T00:00:00Z", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(res.status).toHaveBeenCalledWith(200);
-      expect(res.send).toHaveBeenCalledWith('{"_id":"abc1234","emailAddress":"test@test.com"}');
-    }
-  });
-  test("verify that a /_accounts/logout request deletes the cookie", async () => {
-    const instance = await app({});
-    const loginRoute = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/login";
-    });
-    const logoutRoute = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/logout";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const loginRequest = mockRequest({
-      body: {
-        emailAddress: "test@test.com",
-        password: "password"
-      }
-    });
-    const loginResponse = mockResponse();
-    const loginHandler = loginRoute?.route?.stack[0] && loginRoute?.route?.stack[0].handle;
-    const logoutRequest = mockRequest();
-    const logoutResponse = mockResponse();
-    const logoutHandler = logoutRoute?.route?.stack[0] && logoutRoute?.route?.stack[0].handle;
-    if (loginHandler && logoutHandler) {
-      await loginHandler(loginRequest, loginResponse, () => {
-      });
-      await logoutHandler(logoutRequest, logoutResponse, () => {
-      });
-      expect(loginResponse.cookie).toHaveBeenCalledWith("joystickLoginToken", "abc1234", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(loginResponse.cookie).toHaveBeenCalledWith("joystickLoginTokenExpiresAt", "2022-01-31T00:00:00Z", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(logoutResponse.cookie).toHaveBeenCalledWith("joystickLoginToken", null, { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(logoutResponse.cookie).toHaveBeenCalledWith("joystickLoginTokenExpiresAt", null, { secure: true, httpOnly: true, expires: dayjs().toDate() });
-    }
-  });
-  test("verify that a /_accounts/recover-password request attempts to send an email", async () => {
-    const instance = await app({});
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/recover-password";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest({
-      body: {
-        emailAddress: "test@test.com"
-      }
-    });
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(nodemailer.smtp.sendMail).toHaveBeenCalledWith({
-        from: "app@test.com",
-        to: "test@test.com",
-        subject: "Reset Your Password",
-        html: `<!doctype html>
-<html class="no-js" lang="en">
-  <head>
-    <meta charset="utf-8">
-    <title>Joystick</title>
-    
-  </head>
-  <body style="color: #000; font-family: 'Helvetica Neue', 'Helvetica', 'Arial', sans-serif; font-size: 16px; line-height: 24px;">
-    <div id="email"><div js-c="testComponent1234">
-      <p>A password reset was requested for this email address (test@test.com). If you requested this reset, click the link below to reset your password:</p>
-      <p><a href="http://localhost:3600/reset-password/abc1234">Reset Password</a></p>
-    </div></div>
-  </body>
-</html>
-`,
-        text: "A password reset was requested for this email address (test@test.com). If you\nrequested this reset, click the link below to reset your password:\n\nReset Password [http://localhost:3600/reset-password/abc1234]"
-      });
-    }
-  });
-  test("verify that a /_accounts/reset-password request sets a cookie and returns the user", async () => {
-    const instance = await app({});
-    const route = instance?.app?._router?.stack.find((stackItem) => {
-      return stackItem?.route?.path === "/api/_accounts/reset-password";
-    });
-    if (instance?.server?.close && typeof instance.server.close === "function") {
-      instance.server.close();
-    }
-    const req = mockRequest({
-      body: {
-        token: "abc1234",
-        password: "test@test.com"
-      }
-    });
-    const res = mockResponse();
-    const handler = route?.route?.stack[0] && route?.route?.stack[0].handle;
-    if (handler) {
-      await handler(req, res, () => {
-      });
-      expect(res.cookie).toHaveBeenCalledWith("joystickLoginToken", "abc1234", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(res.cookie).toHaveBeenCalledWith("joystickLoginTokenExpiresAt", "2022-01-31T00:00:00Z", { secure: true, httpOnly: true, expires: dayjs().toDate() });
-      expect(res.status).toHaveBeenCalledWith(200);
-      expect(res.send).toHaveBeenCalledWith('{"_id":"abc1234","password":"hashed$password","emailAddress":"test@test.com","sessions":[{"token":"abc1234","tokenExpiresAt":"2022-01-31T00:00:00Z"}],"passwordResetTokens":[]}');
-    }
-  });
-});

package/dist/app/middleware/sanitizeQueryParameters.js

@@ -1,16 +0,0 @@
-var sanitizeQueryParameters_default = (req, res, next) => {
-  const queryParameters = Object.entries(req?.query);
-  const htmlRegex = new RegExp(/<(?:"[^"]*"['"]*|'[^']*'['"]*|[^'">])+>/g);
-  for (let i = 0; i < queryParameters?.length; i += 1) {
-    const [key, value] = queryParameters[i];
-    const keyHTMLMatches = key?.match(htmlRegex);
-    const valueHTMLMatches = value?.match(htmlRegex);
-    if (keyHTMLMatches?.length > 0 || valueHTMLMatches?.length > 0) {
-      delete req.query[key];
-    }
-  }
-  next();
-};
-export {
-  sanitizeQueryParameters_default as default
-};

package/dist/email/send.test.js

@@ -1,37 +0,0 @@
-import { jest } from "@jest/globals";
-import chalk from "chalk";
-import send from "./send";
-import setAppSettingsForTest from "../tests/lib/setAppSettingsForTest";
-setAppSettingsForTest({
-  "config": {
-    "databases": [
-      {
-        "provider": "mongodb",
-        "users": true,
-        "options": {}
-      }
-    ],
-    "i18n": {
-      "defaultLanguage": "en-US"
-    },
-    "middleware": {},
-    "email": {
-      "from": "app@test.com",
-      "smtp": {}
-    }
-  },
-  "global": {},
-  "public": {},
-  "private": {}
-});
-console.warn = jest.fn();
-describe("send.js", () => {
-  test("console.warns an error when bad smtp settings are passed", async () => {
-    const result = await send({ template: "test", props: {} });
-    expect(result).toBe(null);
-    expect(console.warn.mock.calls).toEqual([
-      [chalk.redBright("Invalid SMTP settings: config.smtp not defined in settings.test.js")],
-      [chalk.redBright("Cannot send email, invalid SMTP settings.")]
-    ]);
-  });
-});