npm - @ondc/automation-mock-runner - Versions diffs - 1.3.42 → 1.3.44 - Mend

@ondc/automation-mock-runner 1.3.42 → 1.3.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/lib/MockRunner.d.ts +12 -2
package/dist/lib/MockRunner.js +53 -13
package/dist/lib/configHelper.js +21 -64
package/dist/lib/constants/function-registry.js +1 -1
package/dist/lib/helpers/default-helpers.d.ts +13 -0
package/dist/lib/helpers/default-helpers.js +173 -0
package/dist/lib/helpers/default-helpers.test.d.ts +9 -0
package/dist/lib/helpers/default-helpers.test.js +257 -0
package/dist/lib/helpers/index.d.ts +1 -0
package/dist/lib/helpers/index.js +47 -0
package/dist/lib/runners/node-runner.d.ts +15 -6
package/dist/lib/runners/node-runner.js +4 -0
package/dist/lib/runners/runner-factory.d.ts +3 -2
package/dist/lib/validators/code-validator.js +3 -1
package/dist/test/GenerateFetchAndTimeout.test.d.ts +4 -0
package/dist/test/GenerateFetchAndTimeout.test.js +240 -0
package/dist/test/MockRunner.test.js +64 -0
package/package.json +2 -2
package/public/node-worker.js +98 -6

package/dist/test/MockRunner.test.js CHANGED Viewed

@@ -655,4 +655,68 @@ describe("MockRunner", () => {
             expect(result.result.message.discountPercent).toBe(20);
         });
     });
+    describe("baseActionId extraction (GENERATED# prefix support)", () => {
+        let prefixedRunner;
+        beforeEach(async () => {
+            const baseConfig = {
+                meta: {
+                    domain: "ONDC:TRV14",
+                    version: "2.0.0",
+                    flowId: "prefix-test",
+                },
+                transaction_data: {
+                    transaction_id: "prefix-test-txn-id",
+                    latest_timestamp: "1970-01-01T00:00:00.000Z",
+                },
+                steps: [],
+                transaction_history: [],
+                validationLib: "",
+                helperLib: "",
+            };
+            const base = new MockRunner_1.MockRunner(baseConfig, true);
+            base.getConfig().steps.push(base.getDefaultStep("search", "search_0"));
+            prefixedRunner = new MockRunner_1.MockRunner(await (0, configHelper_1.createOptimizedMockConfig)(base.getConfig()), true);
+        });
+        it("runGeneratePayload: GENERATED#1#search_0 resolves to search_0", async () => {
+            const result = await prefixedRunner.runGeneratePayload("GENERATED#1#search_0", {});
+            expect(result.success).toBe(true);
+        });
+        it("runGeneratePayload: plain search_0 still works", async () => {
+            const result = await prefixedRunner.runGeneratePayload("search_0", {});
+            expect(result.success).toBe(true);
+        });
+        it("runGeneratePayloadWithSession: GENERATED#1#search_0 resolves to search_0", async () => {
+            const result = await prefixedRunner.runGeneratePayloadWithSession("GENERATED#1#search_0", { transaction_id: "some-txn" });
+            expect(result.success).toBe(true);
+        });
+        it("runValidatePayload: GENERATED#1#search_0 resolves to search_0", async () => {
+            const payload = {
+                context: { domain: "ONDC:TRV14", action: "search" },
+                message: {},
+            };
+            const result = await prefixedRunner.runValidatePayload("GENERATED#1#search_0", payload);
+            expect(result.success).toBe(true);
+        });
+        it("runValidatePayloadWithSession: GENERATED#1#search_0 resolves to search_0", async () => {
+            const result = await prefixedRunner.runValidatePayloadWithSession("GENERATED#1#search_0", { context: {}, message: {} }, {});
+            expect(result.success).toBe(true);
+        });
+        it("runMeetRequirements: GENERATED#1#search_0 resolves to search_0", async () => {
+            const result = await prefixedRunner.runMeetRequirements("GENERATED#1#search_0");
+            expect(result.success).toBe(true);
+        });
+        it("runMeetRequirementsWithSession: GENERATED#1#search_0 resolves to search_0", async () => {
+            const result = await prefixedRunner.runMeetRequirementsWithSession("GENERATED#1#search_0", {});
+            expect(result.success).toBe(true);
+        });
+        it("unknown prefixed action ID returns failure", async () => {
+            const result = await prefixedRunner.runGeneratePayload("GENERATED#1#unknown_action", {});
+            expect(result.success).toBe(false);
+            expect(result.error?.message).toContain("unknown_action");
+        });
+        it("deeply prefixed ID (multiple #) uses only the last segment", async () => {
+            const result = await prefixedRunner.runGeneratePayload("PREFIX#ANOTHER#search_0", {});
+            expect(result.success).toBe(true);
+        });
+    });
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@ondc/automation-mock-runner",
-	"version": "1.3.42",
+	"version": "1.3.44",
 	"description": "A TypeScript library for ONDC automation mock runner",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
@@ -45,7 +45,7 @@
 	"author": "ONDC Development Team <dev@ondc.org>",
 	"license": "ISC",
 	"engines": {
-		"node": ">=16.0.0"
+		"node": ">=18.0.0"
 	},
 	"repository": {
 		"type": "git",

package/public/node-worker.js CHANGED Viewed

@@ -1,8 +1,73 @@
-const { parentPort } = require("worker_threads");
+const { parentPort, workerData } = require("worker_threads");
 const vm = require("vm");
+const ALLOWED_FETCH_BASE_URLS = Array.isArray(workerData?.allowedFetchBaseUrls)
+	? workerData.allowedFetchBaseUrls
+	: [];
+// Parse + normalize allowlist entries once per worker.
+// Each entry contributes { origin, pathname } where pathname has no trailing
+// slash; matching requires request.origin === entry.origin AND the request
+// pathname is a strict segment-prefix of entry.pathname (so `/v1` matches
+// `/v1` and `/v1/foo` but NOT `/v10/foo`).
+const PARSED_ALLOWLIST = ALLOWED_FETCH_BASE_URLS.map((raw) => {
+	try {
+		const u = new URL(raw);
+		let pathname = u.pathname;
+		if (pathname.endsWith("/") && pathname !== "/") {
+			pathname = pathname.slice(0, -1);
+		}
+		return { origin: u.origin, pathname };
+	} catch {
+		return null;
+	}
+}).filter(Boolean);
+function isFetchAllowed(requestUrl) {
+	let parsed;
+	try {
+		parsed = new URL(requestUrl);
+	} catch {
+		return false;
+	}
+	let reqPath = parsed.pathname;
+	if (reqPath.endsWith("/") && reqPath !== "/") {
+		reqPath = reqPath.slice(0, -1);
+	}
+	for (const entry of PARSED_ALLOWLIST) {
+		if (parsed.origin !== entry.origin) continue;
+		if (entry.pathname === "" || entry.pathname === "/") return true;
+		if (reqPath === entry.pathname) return true;
+		if (reqPath.startsWith(entry.pathname + "/")) return true;
+	}
+	return false;
+}
+function makeScopedFetch() {
+	if (typeof globalThis.fetch !== "function") {
+		return undefined;
+	}
+	if (PARSED_ALLOWLIST.length === 0) {
+		return undefined;
+	}
+	return async function scopedFetch(input, init) {
+		const requestUrl =
+			typeof input === "string"
+				? input
+				: input && typeof input.url === "string"
+				? input.url
+				: String(input);
+		if (!isFetchAllowed(requestUrl)) {
+			throw new Error(
+				`fetch blocked: ${requestUrl} is not in the configured allowlist`,
+			);
+		}
+		return globalThis.fetch(input, { ...(init || {}), redirect: "error" });
+	};
+}
 // Create a secure sandbox context
-function createSandbox() {
+function createSandbox(functionName) {
 	const logs = [];
 	// Safe console implementation that captures logs
@@ -108,12 +173,17 @@ function createSandbox() {
 		decodeURIComponent,
 		// Utility functions for ONDC operations
 		setTimeout: (fn, delay) => {
-			if (delay < 1 || delay > 35 * 1000) {
-				throw new Error("Timeout must be between 1-35000ms");
+			if (delay < 1 || delay > 45 * 1000) {
+				throw new Error("Timeout must be between 1-45000ms");
 			}
 			return setTimeout(fn, delay);
 		},
 		clearTimeout,
+		// AbortController is a pure control-flow primitive with no I/O of its
+		// own — safe to expose unconditionally. Needed by helpers that pair
+		// `fetch` with a timeout (see generateConsentHandler).
+		AbortController,
+		AbortSignal,
 		// Blocked globals
 		require: undefined,
 		process: undefined,
@@ -128,6 +198,28 @@ function createSandbox() {
 		Function: undefined,
 	};
+	// Only `generate` gets outbound HTTP — validate/meetsRequirements/getSave
+	// stay pure. Fetch itself is still gated by the allowlist inside the wrapper.
+	if (functionName === "generate") {
+		const scopedFetch = makeScopedFetch();
+		if (scopedFetch) {
+			sandbox.fetch = scopedFetch;
+			if (typeof globalThis.URL === "function") sandbox.URL = globalThis.URL;
+			if (typeof globalThis.URLSearchParams === "function") {
+				sandbox.URLSearchParams = globalThis.URLSearchParams;
+			}
+			if (typeof globalThis.Headers === "function") {
+				sandbox.Headers = globalThis.Headers;
+			}
+			if (typeof globalThis.Request === "function") {
+				sandbox.Request = globalThis.Request;
+			}
+			if (typeof globalThis.Response === "function") {
+				sandbox.Response = globalThis.Response;
+			}
+		}
+	}
 	return { sandbox, logs };
 }
@@ -138,7 +230,7 @@ parentPort?.on("message", async (message) => {
 	try {
 		// Create fresh sandbox for each execution
-		const { sandbox, logs } = createSandbox();
+		const { sandbox, logs } = createSandbox(functionName);
 		// Create VM context with timeout
 		const context = vm.createContext(sandbox);
@@ -151,7 +243,7 @@ parentPort?.on("message", async (message) => {
 		// Execute the script
 		script.runInContext(context, {
-			timeout: timeout || 35000,
+			timeout: timeout || 45000,
 			breakOnSigint: true,
 		});