@marianmeres/ownsuite 1.0.3 → 2.1.0

package/dist/adapters/mock-auth.d.ts

@@ -0,0 +1,38 @@
+/**
+ * @module adapters/mock-auth
+ *
+ * In-memory mock implementations of AuthAdapter and ProfileAdapter.
+ * Drives the unit tests for AuthManager / ProfileManager / SessionManager
+ * without a real server. Consumers can also use it to build demos or
+ * storybooks that exercise the full suite.
+ *
+ * Deliberately small: everything is held in a shared `Store` object the
+ * adapters close over, so tests can peek at or mutate state directly.
+ */
+import type { AuthAdapter, OAuthConnection, ProfileAdapter } from "../types/mod.js";
+interface MockAccount {
+    email: string;
+    password: string;
+    roles: string[];
+    isVerified: boolean;
+    hasPassword: boolean;
+    oauthConnections: OAuthConnection[];
+}
+export interface MockAuthStore {
+    accounts: Map<string, MockAccount>;
+    /** If true, register/login return requiresVerification=true until the
+     *  email is explicitly verified via `verifyMockAccount()`. */
+    requireVerifiedEmail: boolean;
+    /** Last-issued JWT per email (just a synthetic string). */
+    jwtsByEmail: Map<string, string>;
+}
+export declare function createMockAuthStore(init?: {
+    requireVerifiedEmail?: boolean;
+    seed?: MockAccount[];
+}): MockAuthStore;
+export declare function createMockAuthAdapter(store: MockAuthStore): AuthAdapter;
+export declare function createMockProfileAdapter(store: MockAuthStore): ProfileAdapter;
+/** Test helper — mark a mock account as verified as if the user had clicked
+ *  the link in the verification email. */
+export declare function verifyMockAccount(store: MockAuthStore, email: string): void;
+export {};

package/dist/adapters/mock-auth.js

@@ -0,0 +1,237 @@
+/**
+ * @module adapters/mock-auth
+ *
+ * In-memory mock implementations of AuthAdapter and ProfileAdapter.
+ * Drives the unit tests for AuthManager / ProfileManager / SessionManager
+ * without a real server. Consumers can also use it to build demos or
+ * storybooks that exercise the full suite.
+ *
+ * Deliberately small: everything is held in a shared `Store` object the
+ * adapters close over, so tests can peek at or mutate state directly.
+ */
+export function createMockAuthStore(init = {}) {
+    const store = {
+        accounts: new Map(),
+        requireVerifiedEmail: init.requireVerifiedEmail ?? false,
+        jwtsByEmail: new Map(),
+    };
+    for (const a of init.seed ?? []) {
+        store.accounts.set(a.email, { ...a });
+    }
+    return store;
+}
+function mintJwt(email) {
+    return `mock.${btoa(email)}.${Date.now().toString(36)}`;
+}
+export function createMockAuthAdapter(store) {
+    return {
+        register(input, _ctx) {
+            if (store.accounts.has(input.email)) {
+                return Promise.reject(Object.assign(new Error("Conflict"), { status: 409 }));
+            }
+            const roles = (input.roles ?? ["user"]).filter((r) => !["admin", "root", "guest"].includes(r));
+            const effectiveRoles = roles.length > 0 ? roles : ["user"];
+            const account = {
+                email: input.email,
+                password: input.password,
+                roles: effectiveRoles,
+                isVerified: false,
+                hasPassword: true,
+                oauthConnections: [],
+            };
+            store.accounts.set(input.email, account);
+            if (store.requireVerifiedEmail) {
+                return Promise.resolve({
+                    email: input.email,
+                    roles: effectiveRoles,
+                    requiresVerification: true,
+                });
+            }
+            const jwt = mintJwt(input.email);
+            store.jwtsByEmail.set(input.email, jwt);
+            return Promise.resolve({
+                jwt,
+                email: input.email,
+                roles: effectiveRoles,
+                isVerified: account.isVerified,
+            });
+        },
+        login(input, _ctx) {
+            const acc = store.accounts.get(input.email);
+            if (!acc || acc.password !== input.password) {
+                return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+            }
+            if (store.requireVerifiedEmail && !acc.isVerified) {
+                return Promise.reject(Object.assign(new Error("EMAIL_NOT_VERIFIED"), {
+                    status: 403,
+                    code: "EMAIL_NOT_VERIFIED",
+                }));
+            }
+            const jwt = mintJwt(input.email);
+            store.jwtsByEmail.set(input.email, jwt);
+            return Promise.resolve({
+                jwt,
+                email: acc.email,
+                roles: acc.roles,
+                isVerified: acc.isVerified,
+            });
+        },
+        logout(ctx) {
+            // Revoke the JWT associated with this bearer.
+            const jwt = ctx.jwt;
+            if (jwt) {
+                for (const [email, j] of store.jwtsByEmail) {
+                    if (j === jwt) {
+                        store.jwtsByEmail.delete(email);
+                        break;
+                    }
+                }
+            }
+            return Promise.resolve();
+        },
+        oauthInitUrl(provider, opts) {
+            const qs = new URLSearchParams({ action: opts.action });
+            if (opts.redirect)
+                qs.set("redirect", opts.redirect);
+            if (opts.lang)
+                qs.set("lang", opts.lang);
+            return `mock://oauth/${provider}/init?${qs}`;
+        },
+        resendVerification(input, _ctx) {
+            // Silently succeed whether or not the account exists.
+            if (!store.accounts.has(input.email))
+                return Promise.resolve();
+            // No-op in the mock — verifyMockAccount() stands in for the user
+            // clicking the link.
+            return Promise.resolve();
+        },
+        requestPasswordReset(_input, _ctx) {
+            return Promise.resolve();
+        },
+        changePassword(input, ctx) {
+            const jwt = ctx.jwt;
+            let email;
+            if (jwt) {
+                for (const [e, j] of store.jwtsByEmail) {
+                    if (j === jwt) {
+                        email = e;
+                        break;
+                    }
+                }
+            }
+            if (!email) {
+                return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+            }
+            const acc = store.accounts.get(email);
+            if (!acc) {
+                return Promise.reject(Object.assign(new Error("NotFound"), { status: 404 }));
+            }
+            if (acc.password !== input.current_password) {
+                return Promise.reject(Object.assign(new Error("BadRequest"), { status: 400 }));
+            }
+            acc.password = input.new_password;
+            return Promise.resolve();
+        },
+        deleteAccount(_input, ctx) {
+            const jwt = ctx.jwt;
+            if (!jwt) {
+                return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+            }
+            for (const [email, j] of store.jwtsByEmail) {
+                if (j === jwt) {
+                    store.accounts.delete(email);
+                    store.jwtsByEmail.delete(email);
+                    return Promise.resolve({ deleted: true });
+                }
+            }
+            return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+        },
+    };
+}
+export function createMockProfileAdapter(store) {
+    function emailFromCtx(ctx) {
+        const jwt = ctx.jwt;
+        if (!jwt)
+            return null;
+        for (const [email, j] of store.jwtsByEmail) {
+            if (j === jwt)
+                return email;
+        }
+        return null;
+    }
+    return {
+        get(ctx) {
+            const email = emailFromCtx(ctx);
+            if (!email) {
+                return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+            }
+            const acc = store.accounts.get(email);
+            if (!acc) {
+                return Promise.reject(Object.assign(new Error("NotFound"), { status: 404 }));
+            }
+            return Promise.resolve({
+                email: acc.email,
+                roles: acc.roles,
+                isVerified: acc.isVerified,
+                hasPassword: acc.hasPassword,
+                oauthConnections: [...acc.oauthConnections],
+            });
+        },
+        update(input, ctx) {
+            const email = emailFromCtx(ctx);
+            if (!email) {
+                return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+            }
+            const acc = store.accounts.get(email);
+            if (!acc) {
+                return Promise.reject(Object.assign(new Error("NotFound"), { status: 404 }));
+            }
+            if (input.email && input.email !== acc.email) {
+                if (store.requireVerifiedEmail)
+                    acc.isVerified = false;
+                store.accounts.delete(acc.email);
+                acc.email = input.email;
+                store.accounts.set(acc.email, acc);
+                // Refresh JWT mapping too.
+                const jwt = store.jwtsByEmail.get(email);
+                if (jwt) {
+                    store.jwtsByEmail.delete(email);
+                    store.jwtsByEmail.set(acc.email, jwt);
+                }
+            }
+            return Promise.resolve({
+                email: acc.email,
+                roles: acc.roles,
+                isVerified: acc.isVerified,
+                hasPassword: acc.hasPassword,
+                oauthConnections: [...acc.oauthConnections],
+            });
+        },
+        listOAuth(ctx) {
+            const email = emailFromCtx(ctx);
+            if (!email)
+                return Promise.resolve([]);
+            const acc = store.accounts.get(email);
+            return Promise.resolve(acc ? [...acc.oauthConnections] : []);
+        },
+        unlinkOAuth(provider, ctx) {
+            const email = emailFromCtx(ctx);
+            if (!email) {
+                return Promise.reject(Object.assign(new Error("Unauthorized"), { status: 401 }));
+            }
+            const acc = store.accounts.get(email);
+            if (!acc) {
+                return Promise.reject(Object.assign(new Error("NotFound"), { status: 404 }));
+            }
+            acc.oauthConnections = acc.oauthConnections.filter((c) => c.provider !== provider);
+            return Promise.resolve();
+        },
+    };
+}
+/** Test helper — mark a mock account as verified as if the user had clicked
+ *  the link in the verification email. */
+export function verifyMockAccount(store, email) {
+    const acc = store.accounts.get(email);
+    if (acc)
+        acc.isVerified = true;
+}

package/dist/adapters/mock.d.ts

@@ -2,9 +2,10 @@
  * @module adapters/mock
  *
  * In-memory mock adapter for testing. Stores rows in a local Map keyed by
- * `model_id`, applies an optional latency, and can inject failures. Useful
- * for unit tests without a real server, and for exercising the manager's
- * optimistic-update rollback path deterministically.
+ * `model_id`, applies an optional latency, honors `ctx.signal` for
+ * cancellation, and can inject failures. Useful for unit tests without a
+ * real server, and for exercising the manager's optimistic-update rollback
+ * path deterministically.
  */
 import type { OwnedCollectionAdapter } from "../types/adapter.js";
 export interface MockAdapterOptions<TRow> {
@@ -24,6 +25,12 @@ export interface MockAdapterOptions<TRow> {
     getRowId?: (row: TRow) => string;
     /** Factory for new row ids (defaults to `crypto.randomUUID`). */
     newId?: () => string;
+    /**
+     * If true (default), `create` rejects payloads that include a
+     * `model_id` — matches the production server contract where the server
+     * is authoritative over ids. Set to `false` to bypass for legacy tests.
+     */
+    rejectClientId?: boolean;
 }
 /**
  * Build an in-memory `OwnedCollectionAdapter` for tests.

package/dist/adapters/mock.js

@@ -2,68 +2,122 @@
  * @module adapters/mock
  *
  * In-memory mock adapter for testing. Stores rows in a local Map keyed by
- * `model_id`, applies an optional latency, and can inject failures. Useful
- * for unit tests without a real server, and for exercising the manager's
- * optimistic-update rollback path deterministically.
+ * `model_id`, applies an optional latency, honors `ctx.signal` for
+ * cancellation, and can inject failures. Useful for unit tests without a
+ * real server, and for exercising the manager's optimistic-update rollback
+ * path deterministically.
  */
 const defaultGetRowId = (r) => {
     const rec = r;
     const id = rec.model_id ?? rec.id;
-    if (typeof id !== "string") {
-        throw new Error("MockAdapter: row has no string `model_id` or `id`; pass `getRowId`");
+    if (typeof id !== "string" || id === "") {
+        throw new Error("MockAdapter: row has no non-empty string `model_id` or `id`; pass `getRowId`");
     }
     return id;
 };
+function safeClone(value) {
+    if (value === null || value === undefined)
+        return value;
+    try {
+        return structuredClone(value);
+    }
+    catch {
+        try {
+            return JSON.parse(JSON.stringify(value));
+        }
+        catch {
+            return value;
+        }
+    }
+}
+/** Throw an AbortError-shaped error if the signal was aborted. */
+function throwIfAborted(signal) {
+    if (signal?.aborted) {
+        const reason = signal.reason;
+        const err = new Error(typeof reason === "string" ? `mock: aborted (${reason})` : "mock: aborted");
+        err.name = "AbortError";
+        throw err;
+    }
+}
 /**
  * Build an in-memory `OwnedCollectionAdapter` for tests.
  */
 export function createMockOwnedCollectionAdapter(options = {}) {
-    const { delayMs = 0, failOn = {}, getRowId = defaultGetRowId, newId = () => crypto.randomUUID(), } = options;
+    const { delayMs = 0, failOn = {}, getRowId = defaultGetRowId, newId = () => crypto.randomUUID(), rejectClientId = true, } = options;
     const store = new Map();
     for (const r of options.seed ?? [])
         store.set(getRowId(r), r);
-    const sleep = () => delayMs > 0
-        ? new Promise((res) => setTimeout(res, delayMs))
-        : Promise.resolve();
+    /**
+     * Latency helper that also observes abort. Returns when either the
+     * delay elapses or the signal fires — the caller then checks
+     * `throwIfAborted` to convert to an error.
+     */
+    const sleep = (signal) => {
+        if (delayMs <= 0)
+            return Promise.resolve();
+        return new Promise((resolve) => {
+            const t = setTimeout(resolve, delayMs);
+            signal?.addEventListener("abort", () => {
+                clearTimeout(t);
+                resolve();
+            }, { once: true });
+        });
+    };
     return {
-        async list(_ctx, _query) {
-            await sleep();
+        async list(ctx, _query) {
+            await sleep(ctx.signal);
+            throwIfAborted(ctx.signal);
             if (failOn.list)
                 throw new Error("mock: list failed");
-            const rows = [...store.values()];
+            const rows = [...store.values()].map((r) => safeClone(r));
             return { data: rows, meta: { total: rows.length } };
         },
-        async getOne(id, _ctx) {
-            await sleep();
+        async getOne(id, ctx) {
+            await sleep(ctx.signal);
+            throwIfAborted(ctx.signal);
             if (failOn.getOne)
                 throw new Error("mock: getOne failed");
             const row = store.get(id);
             if (!row)
                 throw new Error(`mock: row ${id} not found`);
-            return { data: row };
+            return { data: safeClone(row) };
         },
-        async create(data, _ctx) {
-            await sleep();
+        async create(data, ctx) {
+            await sleep(ctx.signal);
+            throwIfAborted(ctx.signal);
             if (failOn.create)
                 throw new Error("mock: create failed");
+            const input = data;
+            if (rejectClientId &&
+                input !== null &&
+                typeof input === "object" &&
+                "model_id" in input) {
+                throw new Error("mock: create payload must not include `model_id` — the server assigns the id");
+            }
             const id = newId();
-            const row = { ...data, model_id: id };
+            const cloned = safeClone(data);
+            const row = { ...cloned, model_id: id };
             store.set(id, row);
-            return { data: row };
+            return { data: safeClone(row) };
         },
-        async update(id, data, _ctx) {
-            await sleep();
+        async update(id, data, ctx) {
+            await sleep(ctx.signal);
+            throwIfAborted(ctx.signal);
             if (failOn.update)
                 throw new Error("mock: update failed");
             const existing = store.get(id);
             if (!existing)
                 throw new Error(`mock: row ${id} not found`);
-            const merged = { ...existing, ...data };
+            const merged = {
+                ...existing,
+                ...safeClone(data),
+            };
             store.set(id, merged);
-            return { data: merged };
+            return { data: safeClone(merged) };
         },
-        async delete(id, _ctx) {
-            await sleep();
+        async delete(id, ctx) {
+            await sleep(ctx.signal);
+            throwIfAborted(ctx.signal);
             if (failOn.delete)
                 throw new Error("mock: delete failed");
             return store.delete(id);

package/dist/adapters/mod.d.ts

@@ -1 +1,3 @@
 export * from "./mock.js";
+export * from "./mock-auth.js";
+export * from "./stack-account.js";

package/dist/adapters/mod.js

@@ -1 +1,3 @@
 export * from "./mock.js";
+export * from "./mock-auth.js";
+export * from "./stack-account.js";

package/dist/adapters/stack-account.d.ts

@@ -0,0 +1,38 @@
+/**
+ * @module adapters/stack-account
+ *
+ * Default implementations of `AuthAdapter` and `ProfileAdapter` that target
+ * the `@marianmeres/stack-account` REST surface:
+ *
+ *   POST /api/account/register
+ *   POST /api/account/login
+ *   POST /api/account/logout
+ *   GET  /api/account/oauth/[provider]/init
+ *   POST /api/account/verify/resend
+ *   POST /api/account/password/reset
+ *   POST /api/account/password/change
+ *   GET/PUT/DELETE /api/account/me
+ *   GET  /api/account/me/oauth
+ *   DELETE /api/account/me/oauth/[provider]
+ *
+ * Apps whose server mounts stack-account at this path can just do:
+ *
+ *   const suite = createOwnsuite({
+ *     adapters: {
+ *       auth: createStackAccountAuthAdapter({ baseUrl: "/api/account" }),
+ *       profile: createStackAccountProfileAdapter({ baseUrl: "/api/account" }),
+ *     },
+ *   });
+ *
+ * Apps with custom routes should write their own adapter against the
+ * AuthAdapter / ProfileAdapter interfaces.
+ */
+import type { AuthAdapter, ProfileAdapter } from "../types/mod.js";
+export interface StackAccountAdapterOptions {
+    /** Base URL of the mounted stack-account app. Default: "/api/account". */
+    baseUrl?: string;
+    /** Override the `fetch` implementation (useful for tests / SSR). */
+    fetch?: typeof fetch;
+}
+export declare function createStackAccountAuthAdapter(opts?: StackAccountAdapterOptions): AuthAdapter;
+export declare function createStackAccountProfileAdapter(opts?: StackAccountAdapterOptions): ProfileAdapter;

package/dist/adapters/stack-account.js

@@ -0,0 +1,149 @@
+/**
+ * @module adapters/stack-account
+ *
+ * Default implementations of `AuthAdapter` and `ProfileAdapter` that target
+ * the `@marianmeres/stack-account` REST surface:
+ *
+ *   POST /api/account/register
+ *   POST /api/account/login
+ *   POST /api/account/logout
+ *   GET  /api/account/oauth/[provider]/init
+ *   POST /api/account/verify/resend
+ *   POST /api/account/password/reset
+ *   POST /api/account/password/change
+ *   GET/PUT/DELETE /api/account/me
+ *   GET  /api/account/me/oauth
+ *   DELETE /api/account/me/oauth/[provider]
+ *
+ * Apps whose server mounts stack-account at this path can just do:
+ *
+ *   const suite = createOwnsuite({
+ *     adapters: {
+ *       auth: createStackAccountAuthAdapter({ baseUrl: "/api/account" }),
+ *       profile: createStackAccountProfileAdapter({ baseUrl: "/api/account" }),
+ *     },
+ *   });
+ *
+ * Apps with custom routes should write their own adapter against the
+ * AuthAdapter / ProfileAdapter interfaces.
+ */
+function resolveFetch(opts) {
+    return opts?.fetch ?? (globalThis.fetch.bind(globalThis));
+}
+function join(base, path) {
+    if (!base)
+        return path;
+    if (base.endsWith("/"))
+        return `${base.slice(0, -1)}${path}`;
+    return `${base}${path}`;
+}
+function authHeaders(ctx) {
+    return ctx.jwt ? { Authorization: `Bearer ${ctx.jwt}` } : {};
+}
+async function postJson(doFetch, url, body, ctx) {
+    const res = await doFetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            ...authHeaders(ctx),
+        },
+        body: JSON.stringify(body),
+        signal: ctx.signal,
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw Object.assign(new Error(text || res.statusText), {
+            status: res.status,
+            body: text,
+        });
+    }
+    return (await res.json());
+}
+async function requestJson(doFetch, url, init, ctx) {
+    const res = await doFetch(url, {
+        ...init,
+        headers: {
+            ...(init.headers ?? {}),
+            ...authHeaders(ctx),
+            ...(init.body
+                ? { "Content-Type": "application/json" }
+                : {}),
+        },
+        signal: ctx.signal,
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw Object.assign(new Error(text || res.statusText), {
+            status: res.status,
+            body: text,
+        });
+    }
+    if (res.status === 204)
+        return undefined;
+    return (await res.json());
+}
+export function createStackAccountAuthAdapter(opts = {}) {
+    const base = opts.baseUrl ?? "/api/account";
+    const doFetch = resolveFetch(opts);
+    return {
+        async register(input, ctx) {
+            const r = await postJson(doFetch, join(base, "/register"), input, ctx);
+            return r.data;
+        },
+        async login(input, ctx) {
+            const r = await postJson(doFetch, join(base, "/login"), input, ctx);
+            return r.data;
+        },
+        async logout(ctx) {
+            await requestJson(doFetch, join(base, "/logout"), { method: "POST" }, ctx);
+        },
+        oauthInitUrl(provider, options, _ctx) {
+            const qs = new URLSearchParams({ action: options.action });
+            if (options.redirect)
+                qs.set("redirect", options.redirect);
+            if (options.lang)
+                qs.set("lang", options.lang);
+            return `${join(base, `/oauth/${provider}/init`)}?${qs}`;
+        },
+        async resendVerification(input, ctx) {
+            await postJson(doFetch, join(base, "/verify/resend"), input, ctx);
+        },
+        async requestPasswordReset(input, ctx) {
+            await postJson(doFetch, join(base, "/password/reset"), input, ctx);
+        },
+        async changePassword(input, ctx) {
+            await postJson(doFetch, join(base, "/password/change"), input, ctx);
+        },
+        async deleteAccount(input, ctx) {
+            await requestJson(doFetch, join(base, "/me"), {
+                method: "DELETE",
+                body: JSON.stringify(input),
+            }, ctx);
+            return { deleted: true };
+        },
+    };
+}
+export function createStackAccountProfileAdapter(opts = {}) {
+    const base = opts.baseUrl ?? "/api/account";
+    const doFetch = resolveFetch(opts);
+    return {
+        async get(ctx) {
+            const r = await requestJson(doFetch, join(base, "/me"), { method: "GET" }, ctx);
+            return r.data;
+        },
+        async update(input, ctx) {
+            const r = await requestJson(doFetch, join(base, "/me"), {
+                method: "PUT",
+                body: JSON.stringify(input),
+            }, ctx);
+            return r.data;
+        },
+        async listOAuth(ctx) {
+            const r = await requestJson(doFetch, join(base, "/me/oauth"), { method: "GET" }, ctx);
+            return r.data ?? [];
+        },
+        async unlinkOAuth(provider, ctx) {
+            await requestJson(doFetch, join(base, `/me/oauth/${provider}`), { method: "DELETE" }, ctx);
+        },
+    };
+}