@nexttylabs/echo 0.4.0 → 0.6.0

package/tests/api/organization-members.test.ts

@@ -1,340 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, expect, it } from "bun:test";
-import { buildRemoveMemberHandler } from "@/app/api/organizations/[orgId]/members/[memberId]/handler";
-import { buildUpdateMemberRoleHandler } from "@/app/api/organizations/[orgId]/members/[memberId]/handler";
-import { organizationMembers } from "@/lib/db/schema";
-
-type FakeDeps = Parameters<typeof buildRemoveMemberHandler>[0];
-
-type SelectLimitReturn = {
-  from: () => {
-    where: () => {
-      limit: (count: number) => Promise<Array<{ role: string }>>;
-    };
-  };
-};
-
-type SelectWhereReturn = {
-  from: () => {
-    where: () => Promise<Array<{ count: number }>>;
-  };
-};
-
-type DeleteReturn = {
-  where: () => Promise<void>;
-};
-
-type UpdateReturn = {
-  set: () => {
-    where: () => {
-      returning: () => Promise<Array<{ userId: string; role: string }>>;
-    };
-  };
-};
-
-type DepsOptions = {
-  sessionUserId?: string;
-  requesterRole?: string | null;
-  targetRole?: string | null;
-  adminCount?: number;
-};
-
-const makeDeps = (options: DepsOptions = {}) => {
-  const sessionUserId = options.sessionUserId ?? "user_1";
-  const requesterRole =
-    options.requesterRole === undefined ? "admin" : options.requesterRole;
-  const targetRole =
-    options.targetRole === undefined ? "member" : options.targetRole;
-  const adminCount = options.adminCount ?? 1;
-
-  const auth: FakeDeps["auth"] = {
-    api: {
-      getSession: async () => ({ user: { id: sessionUserId } }),
-    },
-  };
-
-  const memberResults: Array<Array<{ role: string }>> = [
-    requesterRole ? [{ role: requesterRole }] : [],
-    targetRole ? [{ role: targetRole }] : [],
-  ];
-
-  const select = (fields?: unknown) => {
-    if (fields) {
-      return {
-        from: () => ({
-          where: async () => [{ count: adminCount }],
-        }),
-      };
-    }
-
-    return {
-      from: () => ({
-        where: () => ({
-          limit: async () => memberResults.shift() ?? [],
-        }),
-      }),
-    };
-  };
-
-  let deleteCalled = false;
-  const del = (table?: unknown) => ({
-    where: async () => {
-      if (table === organizationMembers) {
-        deleteCalled = true;
-      }
-    },
-  });
-
-  const db: FakeDeps["db"] = {
-    select: select as unknown as () => SelectLimitReturn | SelectWhereReturn,
-    delete: del as unknown as () => DeleteReturn,
-  };
-
-  return {
-    auth,
-    db,
-    getDeleteCalled: () => deleteCalled,
-  } satisfies FakeDeps & { getDeleteCalled: () => boolean };
-};
-
-const makeUpdateDeps = (
-  options: DepsOptions & { updateResultRole?: string } = {},
-) => {
-  const base = makeDeps(options);
-  const updateRole = options.updateResultRole ?? "developer";
-
-  const update = () => ({
-    set: () => ({
-      where: () => ({
-        returning: async () => [{ userId: "user_2", role: updateRole }],
-      }),
-    }),
-  });
-
-  base.db.update = update as unknown as () => UpdateReturn;
-
-  return base;
-};
-
-describe("DELETE /api/organizations/:orgId/members/:memberId", () => {
-  it("rejects unauthenticated requests", async () => {
-    const deps = makeDeps();
-    deps.auth.api.getSession = async () => null;
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(401);
-  });
-
-  it("rejects non-admin members", async () => {
-    const deps = makeDeps({ requesterRole: "member" });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(403);
-  });
-
-  it("rejects non-members", async () => {
-    const deps = makeDeps({ requesterRole: null });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(403);
-  });
-
-  it("returns 404 when target member missing", async () => {
-    const deps = makeDeps({ targetRole: null });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(404);
-  });
-
-  it("blocks removing the last admin", async () => {
-    const deps = makeDeps({ targetRole: "admin", adminCount: 1 });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    const json = await res.json();
-    expect(res.status).toBe(400);
-    expect(json.error).toBe("组织至少需要一个管理员");
-  });
-
-  it("blocks self removal", async () => {
-    const deps = makeDeps({ sessionUserId: "user_2" });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    const json = await res.json();
-    expect(res.status).toBe(400);
-    expect(json.error).toBe("不能移除自己");
-  });
-
-  it("removes member when allowed", async () => {
-    const deps = makeDeps({ targetRole: "member", adminCount: 2 });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(200);
-    expect(deps.getDeleteCalled()).toBe(true);
-  });
-
-  it("allows removing an admin when more than one admin exists", async () => {
-    const deps = makeDeps({ targetRole: "admin", adminCount: 2 });
-    const handler = buildRemoveMemberHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "DELETE",
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(200);
-    expect(deps.getDeleteCalled()).toBe(true);
-  });
-});
-
-describe("PUT /api/organizations/:orgId/members/:memberId", () => {
-  it("rejects unauthenticated requests", async () => {
-    const deps = makeUpdateDeps();
-    deps.auth.api.getSession = async () => null;
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "developer" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(401);
-  });
-
-  it("rejects non-admin members", async () => {
-    const deps = makeUpdateDeps({ requesterRole: "member" });
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "developer" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(403);
-  });
-
-  it("rejects non-members", async () => {
-    const deps = makeUpdateDeps({ requesterRole: null });
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "developer" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(403);
-  });
-
-  it("returns 400 for invalid role", async () => {
-    const deps = makeUpdateDeps();
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "guest" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(400);
-  });
-
-  it("returns 404 when target member missing", async () => {
-    const deps = makeUpdateDeps({ targetRole: null });
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "developer" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    expect(res.status).toBe(404);
-  });
-
-  it("blocks demoting the last admin", async () => {
-    const deps = makeUpdateDeps({ targetRole: "admin", adminCount: 1 });
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "developer" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    const json = await res.json();
-    expect(res.status).toBe(400);
-    expect(json.error).toBe("组织至少需要一个管理员");
-  });
-
-  it("updates role when allowed", async () => {
-    const deps = makeUpdateDeps({
-      targetRole: "developer",
-      adminCount: 2,
-      updateResultRole: "product_manager",
-    });
-    const handler = buildUpdateMemberRoleHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations/org_1/members/user_2", {
-        method: "PUT",
-        body: JSON.stringify({ role: "product_manager" }),
-      }),
-      { params: { orgId: "org_1", memberId: "user_2" } },
-    );
-    const json = await res.json();
-    expect(res.status).toBe(200);
-    expect(json.data.role).toBe("product_manager");
-  });
-});

package/tests/api/organizations.test.ts

@@ -1,149 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, it, expect } from "bun:test";
-import { buildCreateOrganizationHandler } from "@/app/api/organizations/handler";
-import { organizations } from "@/lib/db/schema";
-
-type FakeDeps = Parameters<typeof buildCreateOrganizationHandler>[0];
-
-type SelectReturn = {
-  from: () => {
-    where: () => {
-      limit: (count: number) => Promise<unknown[]>;
-    };
-  };
-};
-
-type InsertReturn = {
-  values: (values: Record<string, unknown>) => {
-    returning: () => Promise<Array<{ id: string; slug: string }>>;
-  };
-};
-
-const makeDeps = () => {
-  const auth: FakeDeps["auth"] = {
-    api: {
-      getSession: async () => ({ user: { id: "user_1", role: "admin" } }),
-    },
-  };
-
-  const select = () => ({
-    from: () => ({
-      where: () => ({
-        limit: async () => [],
-      }),
-    }),
-  });
-
-  let organizationValues: Record<string, unknown> | null = null;
-
-  const insert = (table?: unknown) => ({
-    values: (values: Record<string, unknown>) => {
-      if (table === organizations) {
-        organizationValues = values;
-      }
-      return {
-        returning: async () => [{ id: "org_1", slug: "acme-1234" }],
-      };
-    },
-  });
-
-  const db: FakeDeps["db"] = {
-    select: select as unknown as () => SelectReturn,
-    transaction: async (fn) =>
-      fn({
-        insert: insert as unknown as () => InsertReturn,
-      }),
-  };
-
-  return { auth, db, getOrganizationValues: () => organizationValues } satisfies FakeDeps &
-    {
-      getOrganizationValues: () => Record<string, unknown> | null;
-    };
-};
-
-const makeDepsWithCollision = () => {
-  const deps = makeDeps();
-  let callCount = 0;
-  const select = () => ({
-    from: () => ({
-      where: () => ({
-        limit: async () => {
-          callCount += 1;
-          return callCount === 1 ? [{ id: "org_existing" }] : [];
-        },
-      }),
-    }),
-  });
-
-  deps.db.select = select as unknown as () => SelectReturn;
-  return deps;
-};
-
-describe("POST /api/organizations", () => {
-  it("rejects unauthenticated requests", async () => {
-    const deps = makeDeps();
-    deps.auth.api.getSession = async () => null;
-    const handler = buildCreateOrganizationHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations", { method: "POST" }),
-    );
-    expect(res.status).toBe(401);
-  });
-
-  it("creates organization and admin membership", async () => {
-    const deps = makeDeps();
-    const handler = buildCreateOrganizationHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations", {
-        method: "POST",
-        body: JSON.stringify({ name: "Acme", description: "Test" }),
-      }),
-    );
-    const json = await res.json();
-    expect(res.status).toBe(201);
-    expect(json.data.slug).toBeDefined();
-    expect(deps.getOrganizationValues()?.description).toBe("Test");
-  });
-
-  it("retries slug generation when collision occurs", async () => {
-    const handler = buildCreateOrganizationHandler(makeDepsWithCollision());
-    const res = await handler(
-      new Request("http://localhost/api/organizations", {
-        method: "POST",
-        body: JSON.stringify({ name: "Acme" }),
-      }),
-    );
-    expect(res.status).toBe(201);
-  });
-
-  it("returns 403 for non-admin users", async () => {
-    const deps = makeDeps();
-    deps.auth.api.getSession = async () => ({
-      user: { id: "user_1", role: "customer" },
-    });
-    const handler = buildCreateOrganizationHandler(deps);
-    const res = await handler(
-      new Request("http://localhost/api/organizations", {
-        method: "POST",
-        body: JSON.stringify({ name: "Acme" }),
-      }),
-    );
-    expect(res.status).toBe(403);
-  });
-});

package/tests/api/register.test.ts

@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, it, expect } from "bun:test";
-import { APIError } from "better-auth/api";
-import { buildRegisterHandler } from "@/app/api/auth/register/handler";
-
-type FakeDeps = Parameters<typeof buildRegisterHandler>[0];
-
-const makeDeps = () => {
-  const auth: FakeDeps["auth"] = {
-    api: {
-      signUpEmail: async () => ({
-        headers: new Headers({
-          "set-cookie": "session=token; Path=/; HttpOnly",
-        }),
-        response: {
-          token: "token",
-          user: { id: "user_1", email: "john@example.com", name: "John" },
-        },
-      }),
-    },
-  };
-
-  const db: FakeDeps["db"] = {
-    transaction: async (fn) =>
-      fn({
-        insert: () => ({ values: () => ({ execute: async () => {} }) }),
-      }),
-    delete: () => ({ where: () => ({ execute: async () => {} }) }),
-  };
-
-  return { auth, db } satisfies FakeDeps;
-};
-
-describe("POST /api/auth/register", () => {
-  it("registers a user and sets cookie", async () => {
-    const handler = buildRegisterHandler(makeDeps());
-    const req = new Request("http://localhost/api/auth/register", {
-      method: "POST",
-      body: JSON.stringify({
-        name: "John",
-        email: "john@example.com",
-        password: "Password123",
-      }),
-    });
-
-    const res = await handler(req);
-    const json = await res.json();
-
-    expect(res.status).toBe(201);
-    expect(json.data.user.email).toBe("john@example.com");
-    expect(res.headers.get("set-cookie")).toContain("session=");
-  });
-
-  it("returns 409 when email exists", async () => {
-    const deps = makeDeps();
-    deps.auth.api.signUpEmail = async () => {
-      throw new APIError("UNPROCESSABLE_ENTITY", {
-        message: "User already exists. Use another email.",
-      });
-    };
-
-    const handler = buildRegisterHandler(deps);
-    const req = new Request("http://localhost/api/auth/register", {
-      method: "POST",
-      body: JSON.stringify({
-        name: "John",
-        email: "john@example.com",
-        password: "Password123",
-      }),
-    });
-
-    const res = await handler(req);
-    const json = await res.json();
-
-    expect(res.status).toBe(409);
-    expect(json.code).toBe("EMAIL_EXISTS");
-  });
-
-  it("validates email and password", async () => {
-    const handler = buildRegisterHandler(makeDeps());
-    const req = new Request("http://localhost/api/auth/register", {
-      method: "POST",
-      body: JSON.stringify({
-        name: "John",
-        email: "bad-email",
-        password: "weak",
-      }),
-    });
-
-    const res = await handler(req);
-    const json = await res.json();
-
-    expect(res.status).toBe(400);
-    expect(json.code).toBe("VALIDATION_ERROR");
-  });
-});

package/tests/api/upload.test.ts

@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, expect, it } from "bun:test";
-import { buildUploadHandler } from "@/app/api/upload/handler";
-import { attachments } from "@/lib/db/schema";
-
-const makeDeps = () => {
-  const inserted: Record<string, unknown>[] = [];
-  const db = {
-    insert: (table?: unknown) => ({
-      values: (values: Record<string, unknown>) => {
-        if (table === attachments) {
-          inserted.push(values);
-        }
-        return {
-          returning: async () => [
-            {
-              attachmentId: 1,
-              ...values,
-              createdAt: new Date(),
-            },
-          ],
-        };
-      },
-    }),
-  };
-
-  const saveFile = async (file: File) => ({
-    fileName: file.name,
-    filePath: `uploads/${file.name}`,
-    fullPath: `/tmp/${file.name}`,
-  });
-
-  const validateFile = (file: File) =>
-    file.type === "text/plain"
-      ? { valid: false, error: "不支持的文件类型", code: "INVALID_FILE_TYPE" as const }
-      : { valid: true, mimeType: file.type as "image/png" };
-
-  return { db, saveFile, validateFile, inserted };
-};
-
-describe("POST /api/upload", () => {
-  it("rejects invalid file types", async () => {
-    const deps = makeDeps();
-    deps.validateFile = () => ({
-      valid: false,
-      error: "不支持的文件类型",
-      code: "INVALID_FILE_TYPE",
-    });
-    const handler = buildUploadHandler(deps);
-
-    const form = new FormData();
-    form.append("files", new File(["x"], "bad.txt", { type: "text/plain" }));
-    form.append("feedbackId", "1");
-
-    const res = await handler(
-      new Request("http://localhost/api/upload", {
-        method: "POST",
-        body: form,
-      }),
-    );
-
-    const json = await res.json();
-    expect(res.status).toBe(400);
-    expect(json.code).toBe("VALIDATION_ERROR");
-  });
-
-  it("uploads valid files", async () => {
-    const deps = makeDeps();
-    const handler = buildUploadHandler(deps);
-
-    const form = new FormData();
-    form.append("files", new File(["x"], "good.png", { type: "image/png" }));
-    form.append("feedbackId", "1");
-
-    const res = await handler(
-      new Request("http://localhost/api/upload", {
-        method: "POST",
-        body: form,
-      }),
-    );
-
-    const json = await res.json();
-    expect(res.status).toBe(201);
-    expect(json.data[0].attachmentId).toBe(1);
-    expect(deps.inserted.length).toBe(1);
-  });
-});