@m5kdev/backend 0.6.0 → 0.7.0

package/dist/src/utils/trpc.test.js

@@ -0,0 +1,154 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const server_1 = require("@trpc/server");
+const trpc_1 = require("./trpc");
+jest.mock("better-auth/node", () => ({
+    fromNodeHeaders: (headers) => headers,
+}));
+function expectTRPCCode(fn, code) {
+    try {
+        fn();
+        throw new Error(`Expected TRPC error with code ${code}`);
+    }
+    catch (error) {
+        expect(error).toBeInstanceOf(server_1.TRPCError);
+        expect(error.code).toBe(code);
+    }
+}
+function createUser(overrides = {}) {
+    return {
+        id: "user-1",
+        role: "member",
+        email: "user@example.com",
+        emailVerified: true,
+        name: "User One",
+        createdAt: new Date(),
+        updatedAt: new Date(),
+        onboarding: null,
+        preferences: null,
+        flags: null,
+        stripeCustomerId: null,
+        paymentCustomerId: null,
+        paymentPlanTier: null,
+        paymentPlanExpiresAt: null,
+        ...overrides,
+    };
+}
+function createSession(overrides = {}) {
+    return {
+        id: "session-1",
+        userId: "user-1",
+        expiresAt: new Date(Date.now() + 60_000),
+        createdAt: new Date(),
+        updatedAt: new Date(),
+        token: "token",
+        ipAddress: null,
+        userAgent: null,
+        activeOrganizationId: null,
+        activeOrganizationRole: null,
+        activeTeamId: null,
+        activeTeamRole: null,
+        ...overrides,
+    };
+}
+function createRequestContext(overrides = {}) {
+    const user = overrides.user ?? createUser();
+    const session = overrides.session ?? createSession();
+    const actor = overrides.actor ??
+        (user && session
+            ? {
+                userId: user.id,
+                userRole: user.role,
+                organizationId: session.activeOrganizationId,
+                organizationRole: session.activeOrganizationRole,
+                teamId: session.activeTeamId,
+                teamRole: session.activeTeamRole,
+            }
+            : null);
+    return {
+        user,
+        session,
+        actor,
+        ...overrides,
+    };
+}
+describe("trpc auth helpers", () => {
+    it("stores a user-scoped actor on the request context while copying session ids", async () => {
+        const user = createUser();
+        const session = createSession({
+            activeOrganizationId: "org-1",
+            activeOrganizationRole: "owner",
+            activeTeamId: "team-1",
+            activeTeamRole: "manager",
+        });
+        const auth = {
+            api: {
+                getSession: jest.fn().mockResolvedValue({ user, session }),
+            },
+        };
+        const createContext = (0, trpc_1.createAuthContext)(auth);
+        const ctx = await createContext({
+            req: { headers: {} },
+        });
+        expect(ctx.actor).toEqual({
+            userId: "user-1",
+            userRole: "member",
+            organizationId: "org-1",
+            organizationRole: "owner",
+            teamId: "team-1",
+            teamRole: "manager",
+        });
+    });
+    it("throws FORBIDDEN when a broader actor scope is required than the session allows", () => {
+        const actor = (0, trpc_1.requireRequestActor)(createRequestContext({
+            user: createUser(),
+            session: createSession(),
+            actor: {
+                userId: "user-1",
+                userRole: "member",
+                organizationId: null,
+                organizationRole: null,
+                teamId: null,
+                teamRole: null,
+            },
+        }));
+        expect(actor.userId).toBe("user-1");
+        expectTRPCCode(() => (0, trpc_1.requireRequestActor)(createRequestContext({
+            user: createUser(),
+            session: createSession(),
+            actor: {
+                userId: "user-1",
+                userRole: "member",
+                organizationId: null,
+                organizationRole: null,
+                teamId: null,
+                teamRole: null,
+            },
+        }), "organization"), "FORBIDDEN");
+    });
+    it("throws UNAUTHORIZED when request user access is missing", () => {
+        expectTRPCCode(() => (0, trpc_1.requireRequestUser)({
+            user: null,
+            session: null,
+            actor: null,
+        }), "UNAUTHORIZED");
+    });
+    it("verifies admin access from the raw request user", () => {
+        const ctx = createRequestContext({
+            user: createUser({ role: "admin" }),
+            actor: {
+                userId: "user-1",
+                userRole: "admin",
+                organizationId: "org-1",
+                organizationRole: "owner",
+                teamId: null,
+                teamRole: null,
+            },
+        });
+        expect((0, trpc_1.verifyAdminProcedureContext)(ctx).user.role).toBe("admin");
+        expectTRPCCode(() => (0, trpc_1.verifyAdminProcedureContext)(createRequestContext({
+            user: createUser({ role: "member" }),
+            actor: ctx.actor,
+        })), "FORBIDDEN");
+    });
+});