@modular-rest/server 1.19.0 → 1.20.1

package/tests/helpers/test-app.ts

@@ -0,0 +1,182 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import supertest from 'supertest';
+import mongoose from 'mongoose';
+import { modelRegistry } from '../../src/services/data_provider/model_registry';
+import type { RestOptions } from '../../src/config';
+import { createRest } from '../../src/application';
+
+import crypto from 'crypto';
+
+const defaultMongoUri = process.env.MONGO_URL || 'mongodb://localhost:27017';
+
+// Generate a valid RSA keypair for the environment
+const generated = crypto.generateKeyPairSync('rsa', {
+  modulusLength: 2048,
+  publicKeyEncoding: { type: 'spki', format: 'pem' },
+  privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+});
+
+const fastKeyPair = {
+  public: generated.publicKey,
+  private: generated.privateKey,
+};
+
+export interface TestAppContext {
+  request: supertest.SuperTest<supertest.Test>;
+  uploadDir: string;
+  adminToken: string;
+  dbPrefix: string;
+  cleanup: () => Promise<void>;
+}
+
+export async function createIntegrationTestApp(
+  overrides: Partial<RestOptions> = {}
+): Promise<TestAppContext> {
+  const setupStart = Date.now();
+  console.log(`[test-app] Starting context creation...`);
+
+  // Clear model registry to ensure a fresh start with new db prefixes
+  await modelRegistry.clear();
+
+  const uploadDir = fs.mkdtempSync(path.join(os.tmpdir(), 'mrest-upload-'));
+  const dbPrefix = `mrest_test_${Date.now()}_${Math.random().toString(16).slice(2)}_`;
+
+  const options: RestOptions = {
+    dontListen: true, // Use app callback for supertest, no real server needed
+    port: 0,
+    mongo: {
+      mongoBaseAddress: defaultMongoUri,
+      dbPrefix,
+    },
+    uploadDirectoryConfig: {
+      directory: uploadDir,
+      urlPath: '/assets',
+    },
+    adminUser: {
+      email: 'admin@email.com',
+      password: '@dmin',
+    },
+    keypair: fastKeyPair, // Use pre-generated keys to avoid slow generation
+    ...overrides,
+  };
+
+  // Add timeout wrapper to catch hanging operations
+  let timeoutId: NodeJS.Timeout;
+  const createRestWithTimeout = Promise.race([
+    createRest(options),
+    new Promise<never>((_, reject) => {
+      timeoutId = setTimeout(
+        () =>
+          reject(
+            new Error(
+              `createRest timed out after 45s - check MongoDB connection. Prefix: ${dbPrefix}`
+            )
+          ),
+        45000
+      );
+    }),
+  ]) as Promise<{ app: any; server?: any }>;
+
+  let app: any;
+  let server: any;
+
+  try {
+    const result = await createRestWithTimeout;
+    if (timeoutId!) clearTimeout(timeoutId);
+    app = result.app;
+    server = result.server;
+    console.log(`[test-app] createRest resolved (+${Date.now() - setupStart}ms)`);
+
+    // Wait for database to be fully ready for queries
+    // This ensures createAdminUser queries don't hang
+    await new Promise(resolve => setTimeout(resolve, 500));
+  } catch (error) {
+    // Cleanup on failure
+    if (uploadDir) {
+      fs.rmSync(uploadDir, { recursive: true, force: true });
+    }
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    throw new Error(`Failed to create test app: ${errorMessage}.`);
+  }
+
+  const request = supertest(app.callback()) as unknown as supertest.SuperTest<supertest.Test>;
+
+  console.log(`[test-app] Attempting admin login... (+${Date.now() - setupStart}ms)`);
+  const loginRes = await request.post('/user/login').send({
+    id: options.adminUser?.email || 'admin@email.com',
+    idType: 'email',
+    password: options.adminUser?.password || '@dmin',
+  });
+
+  if (loginRes.status >= 300 || loginRes.body.status !== 'success' || !loginRes.body.token) {
+    console.error(`[test-app] Login failed:`, loginRes.status, loginRes.body);
+    await cleanupConnections(dbPrefix);
+    if (uploadDir) fs.rmSync(uploadDir, { recursive: true, force: true });
+    throw new Error(`Failed to login admin: ${loginRes.status} ${JSON.stringify(loginRes.body)}`);
+  }
+
+  const adminToken = loginRes.body.token as string;
+  console.log(`[test-app] Context creation complete (+${Date.now() - setupStart}ms)`);
+
+  const cleanup = async (): Promise<void> => {
+    if (server) {
+      await new Promise<void>(resolve => server.close(() => resolve()));
+    }
+
+    if (uploadDir) {
+      fs.rmSync(uploadDir, { recursive: true, force: true });
+    }
+
+    await modelRegistry.clear();
+    await cleanupConnections(dbPrefix);
+  };
+
+  return {
+    request,
+    uploadDir,
+    adminToken,
+    dbPrefix,
+    cleanup,
+  };
+}
+
+async function cleanupConnections(dbPrefix: string): Promise<void> {
+  await Promise.all(
+    mongoose.connections.map(async connection => {
+      const dbName = (connection as any).db?.databaseName;
+      if (dbName && dbPrefix && dbName.startsWith(dbPrefix)) {
+        try {
+          await (connection as any).dropDatabase();
+        } catch (err) {
+          // ignore drop errors during cleanup
+        }
+      }
+      if (connection.readyState !== 0) {
+        try {
+          await connection.close();
+        } catch (err) {
+          // ignore close errors during cleanup
+        }
+      }
+    })
+  );
+
+  await mongoose.disconnect().catch(() => {
+    /* ignore */
+  });
+}
+
+export function ensureUploadPath(uploadDir: string, format: string, tag: string): void {
+  fs.mkdirSync(path.join(uploadDir, format, tag), { recursive: true });
+}
+
+export function createTempFile(extension: string, content = 'file-content'): string {
+  const filePath = path.join(
+    fs.mkdtempSync(path.join(os.tmpdir(), 'mrest-file-')),
+    `temp.${extension}`
+  );
+  fs.writeFileSync(filePath, content);
+  return filePath;
+}

package/tests/router/data-provider.router.int.test.ts

@@ -0,0 +1,192 @@
+import { TestAppContext, createIntegrationTestApp } from '../helpers/test-app';
+
+describe('data-provider router integration', () => {
+  let ctx: TestAppContext;
+  let createdId: string;
+
+  beforeAll(async () => {
+    ctx = await createIntegrationTestApp();
+  });
+
+  afterAll(async () => {
+    if (ctx) {
+      await ctx.cleanup();
+    }
+  });
+
+  it('rejects request without authorization', async () => {
+    const res = await ctx.request.post('/data-provider/find').send({
+      database: 'cms',
+      collection: 'file',
+      query: {},
+    });
+    expect(res.status).toBe(401);
+  });
+
+  it('fails when database or collection is missing', async () => {
+    const res = await ctx.request
+      .post('/data-provider/find')
+      .set('authorization', ctx.adminToken)
+      .send({
+        query: {},
+      });
+    expect(res.status).toBe(412);
+    const body = JSON.parse(res.text);
+    expect(body.status).toBe('error');
+  });
+
+  it('inserts a document using /insert-one', async () => {
+    const res = await ctx.request
+      .post('/data-provider/insert-one')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        doc: {
+          originalName: 'test-file.txt',
+          fileName: 'test-uuid.txt',
+          format: 'text',
+          tag: 'test-tag',
+          size: 1024,
+          owner: 'admin-id',
+        },
+      });
+
+    expect(res.status).toBe(200);
+    expect(res.body.data).toBeDefined();
+    expect(res.body.data.originalName).toBe('test-file.txt');
+    createdId = res.body.data._id;
+  });
+
+  it('finds the inserted document using /find-one', async () => {
+    const res = await ctx.request
+      .post('/data-provider/find-one')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+      });
+
+    expect(res.status).toBe(200);
+    expect(res.body.data).toBeDefined();
+    expect(res.body.data._id).toBe(createdId);
+  });
+
+  it('updates the document using /update-one', async () => {
+    const res = await ctx.request
+      .post('/data-provider/update-one')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+        update: { $set: { originalName: 'updated-name.txt' } },
+      });
+
+    expect(res.status).toBe(200);
+    // Mongoose updateOne returns { n, nModified, ok }
+    expect(res.body.data.ok).toBe(1);
+
+    // Verify update
+    const verifyRes = await ctx.request
+      .post('/data-provider/find-one')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+      });
+    expect(verifyRes.body.data.originalName).toBe('updated-name.txt');
+  });
+
+  it('counts documents using /count', async () => {
+    const res = await ctx.request
+      .post('/data-provider/count')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+      });
+
+    expect(res.status).toBe(200);
+    expect(res.body.data).toBe(1);
+  });
+
+  it('finds multiple documents using /find', async () => {
+    const res = await ctx.request
+      .post('/data-provider/find')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+      });
+
+    expect(res.status).toBe(200);
+    expect(Array.isArray(res.body.data)).toBe(true);
+    expect(res.body.data.length).toBe(1);
+  });
+
+  it('finds by ids using /findByIds', async () => {
+    const res = await ctx.request
+      .post('/data-provider/findByIds')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        ids: [createdId],
+      });
+
+    expect(res.status).toBe(200);
+    expect(Array.isArray(res.body.data)).toBe(true);
+    expect(res.body.data.length).toBe(1);
+    expect(res.body.data[0]._id).toBe(createdId);
+  });
+
+  it('aggregates documents using /aggregate', async () => {
+    const res = await ctx.request
+      .post('/data-provider/aggregate')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        accessQuery: {},
+        pipelines: [{ $match: { tag: 'test-tag' } }], // Use string field to avoid ID casting issues for now
+      });
+
+    if (res.status !== 200) {
+      console.error('Aggregate Error:', res.text);
+    }
+
+    expect(res.status).toBe(200);
+    expect(Array.isArray(res.body.data)).toBe(true);
+    expect(res.body.data.length).toBeGreaterThan(0);
+  });
+
+  it('removes the document using /remove-one', async () => {
+    const res = await ctx.request
+      .post('/data-provider/remove-one')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+      });
+
+    expect(res.status).toBe(200);
+    expect(res.body.data.n).toBe(1);
+
+    // Verify removal
+    const verifyRes = await ctx.request
+      .post('/data-provider/find-one')
+      .set('authorization', ctx.adminToken)
+      .send({
+        database: 'cms',
+        collection: 'file',
+        query: { _id: createdId },
+      });
+    expect(verifyRes.body.data).toBeNull();
+  });
+});

package/tests/router/file.router.int.test.ts

@@ -0,0 +1,104 @@
+import fs from 'fs';
+import path from 'path';
+import { getCollection } from '../../src/services/data_provider/service';
+import { IFile } from '../../src/class/db_schemas';
+import {
+  TestAppContext,
+  createIntegrationTestApp,
+  createTempFile,
+  ensureUploadPath,
+} from '../helpers/test-app';
+
+describe('file router integration', () => {
+  let ctx: TestAppContext;
+  let createdFileId: string;
+  let storedPath: string;
+
+  beforeAll(async () => {
+    ctx = await createIntegrationTestApp();
+  });
+
+  afterAll(async () => {
+    if (ctx) {
+      await ctx.cleanup();
+    }
+  });
+
+  it('rejects upload without authorization', async () => {
+    const res = await ctx.request.post('/file').field('tag', 'avatar');
+    expect(res.status).toBe(401);
+  });
+
+  it('fails upload when tag is missing', async () => {
+    const res = await ctx.request.post('/file').set('authorization', ctx.adminToken);
+    expect(res.status).toBe(412);
+    expect(res.body.status).toBe('error');
+  });
+
+  it('fails upload when file field is missing', async () => {
+    const res = await ctx.request
+      .post('/file')
+      .set('authorization', ctx.adminToken)
+      .field('tag', 'avatar');
+
+    expect(res.status).toBe(412);
+    expect(res.body.status).toBe('fail');
+    expect(res.body.message).toBe('file field required');
+  });
+
+  it('uploads a file and stores metadata', async () => {
+    const tag = 'avatar';
+    const filePath = createTempFile('txt', 'hello-world');
+
+    // Ensure upload path exists for format/tag (service expects path to exist)
+    ensureUploadPath(ctx.uploadDir, 'plain', tag);
+
+    const res = await ctx.request
+      .post('/file')
+      .set('authorization', ctx.adminToken)
+      .field('tag', tag)
+      .attach('file', filePath);
+
+    expect(res.status).toBe(200);
+    expect(res.body.status).toBe('success');
+    expect(res.body.file).toBeDefined();
+
+    createdFileId = res.body.file._id;
+    expect(createdFileId).toBeTruthy();
+
+    const fileModel = getCollection<IFile>('cms', 'file');
+    const doc = await fileModel.findById(createdFileId).lean();
+
+    expect(doc).toBeTruthy();
+    expect(doc?.originalName).toBe('temp.txt');
+    expect(doc?.tag).toBe(tag);
+    expect(doc?.format).toBe('plain');
+
+    storedPath = path.join(ctx.uploadDir, doc!.format, doc!.tag, doc!.fileName);
+    expect(fs.existsSync(storedPath)).toBe(true);
+
+    fs.rmSync(path.dirname(filePath), { recursive: true, force: true });
+  });
+
+  it('deletes a file by id', async () => {
+    const res = await ctx.request
+      .delete('/file')
+      .set('authorization', ctx.adminToken)
+      .query({ id: createdFileId });
+
+    expect(res.status).toBe(200);
+    expect(res.body.status).toBe('success');
+
+    const fileModel = getCollection<IFile>('cms', 'file');
+    const doc = await fileModel.findById(createdFileId).lean();
+    expect(doc).toBeNull();
+
+    expect(storedPath ? fs.existsSync(storedPath) : false).toBe(false);
+  });
+
+  it('returns validation error when id is missing on delete', async () => {
+    const res = await ctx.request.delete('/file').set('authorization', ctx.adminToken);
+    expect(res.status).toBe(412);
+    expect(res.body.status).toBe('fail');
+  });
+});

package/tests/router/functions.router.int.test.ts

@@ -0,0 +1,91 @@
+import { TestAppContext, createIntegrationTestApp } from '../helpers/test-app';
+import { defineFunction } from '../../src/services/functions/service';
+
+describe('functions router integration', () => {
+  let ctx: TestAppContext;
+
+  const testFunction = defineFunction({
+    name: 'testAdd',
+    permissionTypes: ['user_access'],
+    callback: (args: { a: number; b: number }) => args.a + args.b,
+  });
+
+  beforeAll(async () => {
+    // Pass the test function to createRest via overrides
+    ctx = await createIntegrationTestApp({
+      functions: [testFunction],
+    });
+  });
+
+  afterAll(async () => {
+    if (ctx) {
+      await ctx.cleanup();
+    }
+  });
+
+  it('rejects execution without authorization', async () => {
+    const res = await ctx.request.post('/function/run').send({
+      name: 'testAdd',
+      args: { a: 1, b: 2 },
+    });
+    expect(res.status).toBe(401);
+  });
+
+  it('fails with missing fields', async () => {
+    const res = await ctx.request.post('/function/run').set('authorization', ctx.adminToken).send({
+      name: 'testAdd',
+    });
+    expect(res.status).toBe(412);
+    const body = JSON.parse(res.text);
+    expect(body.status).toBe('error');
+  });
+
+  it('runs a defined function successfully', async () => {
+    const res = await ctx.request
+      .post('/function/run')
+      .set('authorization', ctx.adminToken)
+      .send({
+        name: 'testAdd',
+        args: { a: 5, b: 10 },
+      });
+
+    if (res.status !== 200) {
+      console.error('Run Function Error:', res.body);
+    }
+
+    expect(res.status).toBe(200);
+    expect(res.body.status).toBe('success');
+    expect(res.body.data).toBe(15);
+  });
+
+  it('fails when function not found', async () => {
+    const res = await ctx.request.post('/function/run').set('authorization', ctx.adminToken).send({
+      name: 'nonExistent',
+      args: {},
+    });
+
+    expect(res.status).toBe(400);
+    expect(res.body.status).toBe('error');
+    expect(res.body.message).toContain('not found');
+  });
+
+  it('fails when user lacks permission', async () => {
+    // 1. Get anonymous token
+    const loginRes = await ctx.request.get('/user/loginAnonymous');
+    expect(loginRes.status).toBe(200);
+    const anonToken = loginRes.body.token;
+
+    // 2. Try to run testAdd (requires user_access) with anonymous token
+    const res = await ctx.request
+      .post('/function/run')
+      .set('authorization', anonToken)
+      .send({
+        name: 'testAdd',
+        args: { a: 1, b: 2 },
+      });
+
+    expect(res.status).toBe(400);
+    expect(res.body.status).toBe('error');
+    expect(res.body.message).toContain('does not have permission');
+  });
+});

package/tests/router/jwt.router.int.test.ts

@@ -0,0 +1,69 @@
+import { TestAppContext, createIntegrationTestApp } from '../helpers/test-app';
+import * as JWT from '../../src/services/jwt/service';
+
+describe('jwt router integration', () => {
+  let ctx: TestAppContext;
+
+  beforeAll(async () => {
+    ctx = await createIntegrationTestApp();
+  });
+
+  afterAll(async () => {
+    if (ctx) {
+      await ctx.cleanup();
+    }
+  });
+
+  it('GET /verify/ready returns success', async () => {
+    const res = await ctx.request.get('/verify/ready');
+    expect(res.status).toBe(200);
+    expect(res.body.status).toBe('success');
+  });
+
+  it('POST /verify/token fails with missing token', async () => {
+    const res = await ctx.request.post('/verify/token').send({});
+    expect(res.status).toBe(412);
+    expect(res.body.status).toBe('error');
+  });
+
+  it('POST /verify/token succeeds with valid token', async () => {
+    // Generate a token
+    const payload = { id: 'test-user', email: 'test@email.com' };
+    const token = await JWT.main.sign(payload);
+
+    const res = await ctx.request.post('/verify/token').send({ token });
+    expect(res.status).toBe(200);
+    expect(res.body.status).toBe('success');
+    expect(res.body.user.id).toBe(payload.id);
+    expect(res.body.user.email).toBe(payload.email);
+  });
+
+  it('POST /verify/token fails with invalid token', async () => {
+    const res = await ctx.request.post('/verify/token').send({ token: 'invalid-token' });
+    expect(res.status).toBe(412);
+    expect(res.body.status).toBe('error');
+  });
+
+  it('POST /verify/checkAccess fails with missing fields', async () => {
+    const res = await ctx.request.post('/verify/checkAccess').send({ token: 'something' });
+    expect(res.status).toBe(412);
+    expect(res.body.status).toBe('error');
+  });
+
+  it('POST /verify/checkAccess succeeds for admin', async () => {
+    // Use the admin token from context
+    // We need to extract the token string (it might have 'Bearer ' prefix if we set it that way,
+    // but in createIntegrationTestApp it is just the token)
+    const token = ctx.adminToken;
+
+    const res = await ctx.request.post('/verify/checkAccess').send({
+      token,
+      permissionField: 'advanced_settings', // Admin should have this
+    });
+
+    // If global.services is not set, this will likely return 500 or 412 depending on error handling
+    expect(res.status).toBe(200);
+    expect(res.body.status).toBe('success');
+    expect(res.body.access).toBe(true);
+  });
+});