@labdigital/commercetools-mock 1.11.0 → 2.1.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@labdigital/commercetools-mock",
   "author": "Michael van Tellingen",
-  "version": "1.11.0",
+  "version": "2.1.0",
   "license": "MIT",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -19,7 +19,7 @@
     }
   },
   "engines": {
-    "node": ">=16",
+    "node": ">=18",
     "pnpm": ">=8.6.5"
   },
   "packageManager": "pnpm@8.6.5",
@@ -39,7 +39,7 @@
     "express": "^4.18.2",
     "lodash.isequal": "^4.5.0",
     "morgan": "^1.10.0",
-    "nock": "^13.3.2",
+    "msw": "^2.0.0",
     "supertest": "^6.3.3",
     "uuid": "^9.0.0"
   },

package/src/constants.ts

@@ -1,4 +1,2 @@
-export const DEFAULT_API_HOSTNAME =
-	/^https:\/\/api\..*?\.commercetools.com:443$/
-export const DEFAULT_AUTH_HOSTNAME =
-	/^https:\/\/auth\..*?\.commercetools.com:443$/
+export const DEFAULT_API_HOSTNAME = 'https://api.*.commercetools.com'
+export const DEFAULT_AUTH_HOSTNAME = 'https://auth.*.commercetools.com'

package/src/ctMock.ts

@@ -1,7 +1,8 @@
-import nock from 'nock'
 import express, { NextFunction, Request, Response } from 'express'
 import supertest from 'supertest'
 import morgan from 'morgan'
+import { setupServer, SetupServer } from 'msw/node'
+import { http, HttpResponse } from 'msw'
 import { AbstractStorage, InMemoryStorage } from './storage/index.js'
 import { Services } from './types.js'
 import { CommercetoolsError } from './exceptions.js'
@@ -36,16 +37,15 @@ const DEFAULT_OPTIONS: CommercetoolsMockOptions = {
 	silent: false,
 }
 
+const _globalListeners: SetupServer[] = []
+
 export class CommercetoolsMock {
 	public app: express.Express
 	public options: CommercetoolsMockOptions
 
 	private _storage: AbstractStorage
 	private _oauth2: OAuth2Server
-	private _nockScopes: {
-		auth: nock.Scope | undefined
-		api: nock.Scope | undefined
-	} = { auth: undefined, api: undefined }
+	private _mswServer: SetupServer | undefined = undefined
 	private _services: Services | null
 	private _repositories: RepositoryMap | null
 	private _projectService?: ProjectService
@@ -67,19 +67,17 @@ export class CommercetoolsMock {
 
 	start() {
 		// Order is important here when the hostnames match
-		this.mockAuthHost()
-		this.mockApiHost()
+		this.clear()
+		this.startServer()
 	}
 
 	stop() {
-		this._nockScopes.auth?.persist(false)
-		this._nockScopes.auth = undefined
-
-		this._nockScopes.api?.persist(false)
-		this._nockScopes.api = undefined
+		this._mswServer?.close()
+		this._mswServer = undefined
 	}
 
 	clear() {
+		this._mswServer?.resetHandlers()
 		this._storage.clear()
 	}
 
@@ -108,6 +106,7 @@ export class CommercetoolsMock {
 
 	private createApp(options?: AppOptions): express.Express {
 		this._repositories = createRepositories(this._storage)
+		this._oauth2.setCustomerRepository(this._repositories.customer)
 
 		const app = express()
 
@@ -141,6 +140,14 @@ export class CommercetoolsMock {
 
 		app.use((err: Error, req: Request, resp: Response, next: NextFunction) => {
 			if (err instanceof CommercetoolsError) {
+				if (err.errors?.length > 0) {
+					return resp.status(err.statusCode).send({
+						statusCode: err.statusCode,
+						message: err.message,
+						errors: err.errors,
+					})
+				}
+
 				return resp.status(err.statusCode).send({
 					statusCode: err.statusCode,
 					message: err.message,
@@ -157,48 +164,81 @@ export class CommercetoolsMock {
 		return app
 	}
 
-	private mockApiHost() {
-		const app = this.app
+	private startServer() {
+		// Check if there are any other servers running
+		if (_globalListeners.length > 0) {
+			if (this._mswServer !== undefined) {
+				throw new Error('Server already started')
+			} else {
+				console.warn("Server wasn't stopped properly, clearing")
+				_globalListeners.forEach((listener) => listener.close())
+			}
+		}
 
-		this._nockScopes.api = nock(this.options.apiHost)
-			.persist()
-			.get(/.*/)
-			.reply(async function (uri) {
-				const response = await supertest(app)
-					.get(uri)
-					.set(copyHeaders(this.req.headers))
-				return [response.status, response.body]
-			})
-			.post(/.*/)
-			.reply(async function (uri, body) {
-				const response = await supertest(app)
-					.post(uri)
-					.set(copyHeaders(this.req.headers))
+		const app = this.app
+		this._mswServer = setupServer(
+			http.post(`${this.options.authHost}/oauth/*`, async ({ request }) => {
+				const text = await request.text()
+				const url = new URL(request.url)
+				const res = await supertest(app)
+					.post(url.pathname + '?' + url.searchParams.toString())
+					.set(copyHeaders(request.headers))
+					.send(text)
+
+				return new HttpResponse(res.text, {
+					status: res.status,
+					headers: res.headers,
+				})
+			}),
+			http.get(`${this.options.apiHost}/*`, async ({ request }) => {
+				const body = await request.text()
+				const url = new URL(request.url)
+				const res = await supertest(app)
+					.get(url.pathname + '?' + url.searchParams.toString())
+					.set(copyHeaders(request.headers))
 					.send(body)
-				return [response.status, response.body]
-			})
-			.delete(/.*/)
-			.reply(async function (uri, body) {
-				const response = await supertest(app)
-					.delete(uri)
-					.set(copyHeaders(this.req.headers))
+				return new HttpResponse(res.text, {
+					status: res.status,
+					headers: res.headers,
+				})
+			}),
+			http.post(`${this.options.apiHost}/*`, async ({ request }) => {
+				const body = await request.text()
+				const url = new URL(request.url)
+				const res = await supertest(app)
+					.post(url.pathname + '?' + url.searchParams.toString())
+					.set(copyHeaders(request.headers))
+					.send(body)
+				return new HttpResponse(res.text, {
+					status: res.status,
+					headers: res.headers,
+				})
+			}),
+			http.delete(`${this.options.apiHost}/*`, async ({ request }) => {
+				const body = await request.text()
+				const url = new URL(request.url)
+				const res = await supertest(app)
+					.delete(url.pathname + '?' + url.searchParams.toString())
+					.set(copyHeaders(request.headers))
 					.send(body)
-				return [response.status, response.body]
-			})
-	}
-
-	private mockAuthHost() {
-		const app = this.app
 
-		this._nockScopes.auth = nock(this.options.authHost)
-			.persist()
-			.post(/^\/oauth\/.*/)
-			.reply(async function (uri, body) {
-				const response = await supertest(app)
-					.post(uri + '?' + body)
-					.set(copyHeaders(this.req.headers))
-					.send()
-				return [response.status, response.body]
+				return new HttpResponse(res.text, {
+					status: res.status,
+					headers: res.headers,
+				})
 			})
+		)
+		this._mswServer.listen({
+			// We need to allow requests done by supertest
+			onUnhandledRequest: (request, print) => {
+				const url = new URL(request.url)
+				if (url.hostname === '127.0.0.1') {
+					return
+				}
+				print.error()
+			},
+		})
+
+		_globalListeners.push(this._mswServer)
 	}
 }

package/src/exceptions.ts

@@ -1,15 +1,19 @@
 export abstract class BaseError {
 	abstract message: string
+	abstract errors?: BaseError[]
 }
 
 export class CommercetoolsError<T extends BaseError> extends Error {
 	info: T
 	statusCode: number
 
+	errors: BaseError[]
+
 	constructor(info: T, statusCode = 400) {
 		super(info.message)
 		this.info = info
 		this.statusCode = statusCode || 500
+		this.errors = info.errors ?? []
 	}
 }
 

package/src/index.test.ts

@@ -1,27 +1,63 @@
 import { type InvalidTokenError } from '@commercetools/platform-sdk'
 import { CommercetoolsMock } from './index.js'
-import { afterEach, beforeEach, expect, test } from 'vitest'
-import nock from 'nock'
+import { expect, test } from 'vitest'
 import got from 'got'
 
-beforeEach(() => {
-	nock.disableNetConnect()
-	nock.enableNetConnect('127.0.0.1') // supertest
-})
-afterEach(() => {
-	nock.enableNetConnect()
-	nock.cleanAll()
+test('node:fetch client', async () => {
+	const ctMock = new CommercetoolsMock({
+		enableAuthentication: true,
+		validateCredentials: true,
+		apiHost: 'https://localhost',
+		authHost: 'https://localhost:8080',
+	})
+	ctMock.start()
+
+	const authHeader = 'Basic ' + Buffer.from('foo:bar').toString('base64')
+	let response = await fetch('https://localhost:8080/oauth/token', {
+		method: 'POST',
+		headers: {
+			'Content-Type': 'application/x-www-form-urlencoded',
+			Authorization: authHeader,
+		},
+		body: new URLSearchParams({
+			grant_type: 'client_credentials',
+			scope: 'manage_project:commercetools-node-mock',
+		}),
+	})
+
+	const authBody = await response.json()
+	expect(response.status).toBe(200)
+
+	const token = authBody.access_token
+	response = await fetch('https://localhost/my-project/orders', {
+		headers: {
+			Authorization: `Bearer ${token}`,
+		},
+	})
+
+	const body = await response.json()
+	expect(response.status).toBe(200)
+	expect(body).toStrictEqual({
+		count: 0,
+		total: 0,
+		offset: 0,
+		limit: 20,
+		results: [],
+	})
+	ctMock.stop()
 })
 
-test('Default mock endpoints', async () => {
+test('got client', async () => {
 	const ctMock = new CommercetoolsMock({
 		enableAuthentication: true,
 		validateCredentials: true,
+		apiHost: 'https://localhost',
+		authHost: 'https://localhost:8080',
 	})
 	ctMock.start()
 
 	let response = await got.post<{ access_token: string }>(
-		'https://auth.europe-west1.gcp.commercetools.com/oauth/token',
+		'https://localhost:8080/oauth/token',
 		{
 			searchParams: {
 				grant_type: 'client_credentials',
@@ -36,15 +72,12 @@ test('Default mock endpoints', async () => {
 
 	const token = response.body.access_token
 	expect(response.body.access_token).toBeDefined()
-	response = await got.get(
-		'https://api.europe-west1.gcp.commercetools.com/my-project/orders',
-		{
-			headers: {
-				Authorization: `Bearer ${token}`,
-			},
-			responseType: 'json',
-		}
-	)
+	response = await got.get('https://localhost/my-project/orders', {
+		headers: {
+			Authorization: `Bearer ${token}`,
+		},
+		responseType: 'json',
+	})
 	expect(response.statusCode).toBe(200)
 	expect(response.body).toStrictEqual({
 		count: 0,
@@ -192,6 +225,7 @@ test('apiHost mock proxy: querystring', async () => {
 			expand: 'custom.type',
 		},
 	})
+
 	expect(response.statusCode).toBe(200)
 	expect(response.body).toStrictEqual({
 		count: 0,

package/src/lib/password.ts

@@ -0,0 +1,7 @@
+export const validatePassword = (
+	clearPassword: string,
+	hashedPassword: string
+) => hashPassword(clearPassword) === hashedPassword
+
+export const hashPassword = (clearPassword: string) =>
+	Buffer.from(clearPassword).toString('base64')

package/src/lib/proxy.ts

@@ -1,12 +1,12 @@
-export const copyHeaders = (headers: Record<string, string>) => {
-	const validHeaders = ['accept', 'host', 'authorization']
+export const copyHeaders = (headers: Headers) => {
+	const validHeaders = ['accept', 'host', 'authorization', 'content-type']
 	const result: Record<string, string> = {}
 
-	Object.entries(headers).forEach(([key, value]) => {
+	for (const [key, value] of headers.entries()) {
 		if (validHeaders.includes(key.toLowerCase())) {
 			result[key] = value
 		}
-	})
+	}
 
 	return result
 }

package/src/oauth/server.ts

@@ -10,18 +10,45 @@ import { CommercetoolsError, InvalidRequestError } from '../exceptions.js'
 import { InvalidClientError, UnsupportedGrantType } from './errors.js'
 import { OAuth2Store } from './store.js'
 import { getBearerToken } from './helpers.js'
+import { CustomerRepository } from '../repositories/customer.js'
+import { hashPassword } from '../lib/password.js'
+
+type AuthRequest = Request & {
+	credentials: {
+		clientId: string
+		clientSecret: string
+	}
+}
 
 export class OAuth2Server {
 	store: OAuth2Store
+	private customerRepository: CustomerRepository
 
 	constructor(options: { enabled: boolean; validate: boolean }) {
 		this.store = new OAuth2Store(options.validate)
 	}
 
+	setCustomerRepository(repository: CustomerRepository) {
+		this.customerRepository = repository
+	}
+
 	createRouter() {
 		const router = express.Router()
 		router.use(bodyParser.urlencoded({ extended: true }))
+		router.use(this.validateClientCredentials.bind(this))
 		router.post('/token', this.tokenHandler.bind(this))
+		router.post(
+			'/:projectKey/customers/token',
+			this.customerTokenHandler.bind(this)
+		)
+		router.post(
+			'/:projectKey/in-store/key=:storeKey/customers/token',
+			this.inStoreCustomerTokenHandler.bind(this)
+		)
+		router.post(
+			'/:projectKey/anonymous/token',
+			this.anonymousTokenHandler.bind(this)
+		)
 		return router
 	}
 
@@ -56,7 +83,12 @@ export class OAuth2Server {
 			next()
 		}
 	}
-	async tokenHandler(request: Request, response: Response, next: NextFunction) {
+
+	async validateClientCredentials(
+		request: AuthRequest,
+		response: Response,
+		next: NextFunction
+	) {
 		const authHeader = request.header('Authorization')
 		if (!authHeader) {
 			return next(
@@ -84,6 +116,19 @@ export class OAuth2Server {
 			)
 		}
 
+		request.credentials = {
+			clientId: credentials.name,
+			clientSecret: credentials.pass,
+		}
+
+		next()
+	}
+
+	async tokenHandler(
+		request: AuthRequest,
+		response: Response,
+		next: NextFunction
+	) {
 		const grantType = request.query.grant_type || request.body.grant_type
 		if (!grantType) {
 			return next(
@@ -99,8 +144,15 @@ export class OAuth2Server {
 
 		if (grantType === 'client_credentials') {
 			const token = this.store.getClientToken(
-				credentials.name,
-				credentials.pass,
+				request.credentials.clientId,
+				request.credentials.clientSecret,
+				request.query.scope?.toString()
+			)
+			return response.status(200).send(token)
+		} else if (grantType === 'refresh_token') {
+			const token = this.store.getClientToken(
+				request.credentials.clientId,
+				request.credentials.clientSecret,
 				request.query.scope?.toString()
 			)
 			return response.status(200).send(token)
@@ -116,4 +168,86 @@ export class OAuth2Server {
 			)
 		}
 	}
+	async customerTokenHandler(
+		request: AuthRequest,
+		response: Response,
+		next: NextFunction
+	) {
+		const grantType = request.query.grant_type || request.body.grant_type
+		if (!grantType) {
+			return next(
+				new CommercetoolsError<InvalidRequestError>(
+					{
+						code: 'invalid_request',
+						message: 'Missing required parameter: grant_type.',
+					},
+					400
+				)
+			)
+		}
+
+		if (grantType === 'password') {
+			const username = request.query.username || request.body.username
+			const password = hashPassword(
+				request.query.password || request.body.password
+			)
+			const scope =
+				request.query.scope?.toString() || request.body.scope?.toString()
+
+			const result = this.customerRepository.query(
+				{ projectKey: request.params.projectKey },
+				{
+					where: [`email = "${username}"`, `password = "${password}"`],
+				}
+			)
+
+			if (result.count === 0) {
+				return next(
+					new CommercetoolsError<any>(
+						{
+							code: 'invalid_customer_account_credentials',
+							message: 'Customer account with the given credentials not found.',
+						},
+						400
+					)
+				)
+			}
+
+			const customer = result.results[0]
+			const token = this.store.getCustomerToken(scope, customer.id)
+			return response.status(200).send(token)
+		}
+	}
+
+	async inStoreCustomerTokenHandler(
+		request: Request,
+		response: Response,
+		next: NextFunction
+	) {
+		return next(
+			new CommercetoolsError<InvalidClientError>(
+				{
+					code: 'invalid_client',
+					message: 'Not implemented yet in commercetools-mock',
+				},
+				401
+			)
+		)
+	}
+
+	async anonymousTokenHandler(
+		request: Request,
+		response: Response,
+		next: NextFunction
+	) {
+		return next(
+			new CommercetoolsError<InvalidClientError>(
+				{
+					code: 'invalid_client',
+					message: 'Not implemented yet in commercetools-mock',
+				},
+				401
+			)
+		)
+	}
 }

package/src/oauth/store.ts

@@ -26,6 +26,19 @@ export class OAuth2Store {
 		return token
 	}
 
+	getCustomerToken(scope: string, customerId: string) {
+		const token: Token = {
+			access_token: randomBytes(16).toString('base64'),
+			token_type: 'Bearer',
+			expires_in: 172800,
+			scope: scope
+				? `${scope} custome_id:${customerId}`
+				: `customer_id: ${customerId}`,
+		}
+		this.tokens.push(token)
+		return token
+	}
+
 	validateToken(token: string) {
 		if (!this.validate) return true
 

package/src/repositories/customer.ts

@@ -4,6 +4,7 @@ import type {
 	CustomerDraft,
 	CustomerSetAuthenticationModeAction,
 	CustomerSetCustomFieldAction,
+	DuplicateFieldError,
 	InvalidInputError,
 	InvalidJsonInputError,
 } from '@commercetools/platform-sdk'
@@ -14,6 +15,7 @@ import {
 	AbstractResourceRepository,
 	type RepositoryContext,
 } from './abstract.js'
+import { hashPassword } from '../lib/password.js'
 
 export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 	getTypeId() {
@@ -21,13 +23,32 @@ export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 	}
 
 	create(context: RepositoryContext, draft: CustomerDraft): Customer {
+		// Check uniqueness
+		const results = this._storage.query(context.projectKey, this.getTypeId(), {
+			where: [`email="${draft.email.toLocaleLowerCase()}"`],
+		})
+		if (results.count > 0) {
+			throw new CommercetoolsError<any>({
+				code: 'CustomerAlreadyExists',
+				statusCode: 400,
+				message:
+					'There is already an existing customer with the provided email.',
+				errors: [
+					{
+						code: 'DuplicateField',
+						message: `Customer with email '${draft.email}' already exists.`,
+						duplicateValue: draft.email,
+						field: 'email',
+					} as DuplicateFieldError,
+				],
+			})
+		}
+
 		const resource: Customer = {
 			...getBaseResourceProperties(),
 			authenticationMode: draft.authenticationMode || 'Password',
-			email: draft.email,
-			password: draft.password
-				? Buffer.from(draft.password).toString('base64')
-				: undefined,
+			email: draft.email.toLowerCase(),
+			password: draft.password ? hashPassword(draft.password) : undefined,
 			isEmailVerified: draft.isEmailVerified || false,
 			addresses: [],
 		}
@@ -36,11 +57,14 @@ export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 	}
 
 	getMe(context: RepositoryContext): Customer | undefined {
+		// grab the first customer you can find for now. In the future we should
+		// use the customer id from the scope of the token
 		const results = this._storage.query(
 			context.projectKey,
 			this.getTypeId(),
 			{}
-		) // grab the first customer you can find
+		)
+
 		if (results.count > 0) {
 			return results.results[0] as Customer
 		}
@@ -76,9 +100,7 @@ export class CustomerRepository extends AbstractResourceRepository<'customer'> {
 				return
 			}
 			if (authMode === 'Password') {
-				resource.password = password
-					? Buffer.from(password).toString('base64')
-					: undefined
+				resource.password = password ? hashPassword(password) : undefined
 				return
 			}
 			throw new CommercetoolsError<InvalidJsonInputError>(

package/src/services/my-customer.ts

@@ -2,6 +2,7 @@ import { Request, Response, Router } from 'express'
 import { CustomerRepository } from '../repositories/customer.js'
 import { getRepositoryContext } from '../repositories/helpers.js'
 import AbstractService from './abstract.js'
+import { hashPassword } from '../lib/password.js'
 
 export class MyCustomerService extends AbstractService {
 	public repository: CustomerRepository
@@ -51,7 +52,7 @@ export class MyCustomerService extends AbstractService {
 
 	signIn(request: Request, response: Response) {
 		const { email, password } = request.body
-		const encodedPassword = Buffer.from(password).toString('base64')
+		const encodedPassword = hashPassword(password)
 
 		const result = this.repository.query(getRepositoryContext(request), {
 			where: [`email = "${email}"`, `password = "${encodedPassword}"`],