@pikku/core 0.10.2 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (138) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/dist/errors/errors.d.ts +1 -1
  3. package/dist/errors/errors.js +3 -3
  4. package/dist/function/function-runner.d.ts +6 -7
  5. package/dist/function/function-runner.js +35 -16
  6. package/dist/function/functions.types.d.ts +23 -30
  7. package/dist/function/functions.types.js +9 -6
  8. package/dist/handle-error.d.ts +1 -1
  9. package/dist/handle-error.js +1 -1
  10. package/dist/index.d.ts +2 -0
  11. package/dist/index.js +2 -0
  12. package/dist/middleware/auth-apikey.d.ts +1 -0
  13. package/dist/middleware/auth-apikey.js +3 -3
  14. package/dist/middleware/auth-bearer.d.ts +1 -0
  15. package/dist/middleware/auth-bearer.js +3 -3
  16. package/dist/middleware/auth-cookie.d.ts +1 -0
  17. package/dist/middleware/auth-cookie.js +5 -5
  18. package/dist/middleware/timeout.d.ts +1 -0
  19. package/dist/middleware/timeout.js +3 -2
  20. package/dist/middleware-runner.d.ts +3 -6
  21. package/dist/middleware-runner.js +11 -11
  22. package/dist/permissions.d.ts +6 -6
  23. package/dist/permissions.js +15 -15
  24. package/dist/pikku-state.d.ts +7 -2
  25. package/dist/pikku-state.js +4 -0
  26. package/dist/services/index.d.ts +1 -0
  27. package/dist/services/index.js +1 -0
  28. package/dist/services/scheduler-service.d.ts +63 -0
  29. package/dist/services/scheduler-service.js +6 -0
  30. package/dist/services/user-session-service.d.ts +7 -3
  31. package/dist/services/user-session-service.js +8 -1
  32. package/dist/time-utils.d.ts +14 -0
  33. package/dist/time-utils.js +62 -0
  34. package/dist/types/core.types.d.ts +48 -35
  35. package/dist/types/core.types.js +3 -13
  36. package/dist/utils.d.ts +1 -1
  37. package/dist/utils.js +3 -3
  38. package/dist/wirings/channel/channel-common.js +2 -3
  39. package/dist/wirings/channel/channel-handler.d.ts +3 -2
  40. package/dist/wirings/channel/channel-handler.js +6 -9
  41. package/dist/wirings/channel/channel-runner.d.ts +2 -2
  42. package/dist/wirings/channel/channel.types.d.ts +10 -5
  43. package/dist/wirings/channel/local/local-channel-runner.d.ts +1 -1
  44. package/dist/wirings/channel/local/local-channel-runner.js +19 -26
  45. package/dist/wirings/channel/serverless/serverless-channel-runner.d.ts +1 -1
  46. package/dist/wirings/channel/serverless/serverless-channel-runner.js +41 -46
  47. package/dist/wirings/cli/channel/cli-channel-runner.js +1 -1
  48. package/dist/wirings/cli/cli-runner.d.ts +5 -5
  49. package/dist/wirings/cli/cli-runner.js +11 -29
  50. package/dist/wirings/cli/cli.types.d.ts +15 -11
  51. package/dist/wirings/http/http-runner.d.ts +6 -6
  52. package/dist/wirings/http/http-runner.js +25 -39
  53. package/dist/wirings/http/http.types.d.ts +5 -10
  54. package/dist/wirings/mcp/mcp-runner.d.ts +2 -2
  55. package/dist/wirings/mcp/mcp-runner.js +12 -19
  56. package/dist/wirings/mcp/mcp.types.d.ts +6 -0
  57. package/dist/wirings/queue/queue-runner.d.ts +3 -3
  58. package/dist/wirings/queue/queue-runner.js +7 -14
  59. package/dist/wirings/queue/queue.types.d.ts +4 -13
  60. package/dist/wirings/rpc/index.d.ts +1 -1
  61. package/dist/wirings/rpc/index.js +1 -1
  62. package/dist/wirings/rpc/rpc-runner.d.ts +13 -7
  63. package/dist/wirings/rpc/rpc-runner.js +50 -26
  64. package/dist/wirings/rpc/rpc-types.d.ts +1 -0
  65. package/dist/wirings/scheduler/scheduler-runner.d.ts +3 -3
  66. package/dist/wirings/scheduler/scheduler-runner.js +13 -24
  67. package/dist/wirings/scheduler/scheduler.types.d.ts +3 -8
  68. package/dist/wirings/workflow/index.d.ts +15 -0
  69. package/dist/wirings/workflow/index.js +14 -0
  70. package/dist/wirings/workflow/pikku-workflow-service.d.ts +160 -0
  71. package/dist/wirings/workflow/pikku-workflow-service.js +430 -0
  72. package/dist/wirings/workflow/workflow-runner.d.ts +34 -0
  73. package/dist/wirings/workflow/workflow-runner.js +65 -0
  74. package/dist/wirings/workflow/workflow.types.d.ts +332 -0
  75. package/dist/wirings/workflow/workflow.types.js +1 -0
  76. package/package.json +3 -4
  77. package/src/errors/errors.ts +3 -3
  78. package/src/factory-functions.test.ts +9 -36
  79. package/src/function/function-runner.test.ts +57 -68
  80. package/src/function/function-runner.ts +51 -28
  81. package/src/function/function-runner.ts.bak +188 -0
  82. package/src/function/functions.types.ts +69 -51
  83. package/src/handle-error.ts +1 -1
  84. package/src/index.ts +2 -0
  85. package/src/middleware/auth-apikey.test.ts +360 -0
  86. package/src/middleware/auth-apikey.ts +3 -7
  87. package/src/middleware/auth-bearer.test.ts +447 -0
  88. package/src/middleware/auth-bearer.ts +27 -33
  89. package/src/middleware/auth-cookie.test.ts +525 -0
  90. package/src/middleware/auth-cookie.ts +6 -6
  91. package/src/middleware/timeout.ts +4 -2
  92. package/src/middleware-runner.test.ts +58 -127
  93. package/src/middleware-runner.ts +13 -15
  94. package/src/permissions.test.ts +41 -45
  95. package/src/permissions.ts +21 -20
  96. package/src/pikku-state.ts +14 -2
  97. package/src/services/index.ts +1 -0
  98. package/src/services/scheduler-service.ts +76 -0
  99. package/src/services/user-session-service.ts +14 -4
  100. package/src/time-utils.ts +75 -0
  101. package/src/types/core.types.ts +92 -51
  102. package/src/utils.ts +4 -4
  103. package/src/wirings/channel/channel-common.ts +4 -7
  104. package/src/wirings/channel/channel-handler.ts +16 -22
  105. package/src/wirings/channel/channel-runner.ts +2 -2
  106. package/src/wirings/channel/channel.types.ts +14 -11
  107. package/src/wirings/channel/local/local-channel-runner.test.ts +5 -3
  108. package/src/wirings/channel/local/local-channel-runner.ts +23 -38
  109. package/src/wirings/channel/serverless/serverless-channel-runner.ts +51 -77
  110. package/src/wirings/cli/channel/cli-channel-runner.ts +1 -1
  111. package/src/wirings/cli/cli-runner.test.ts +7 -7
  112. package/src/wirings/cli/cli-runner.ts +25 -63
  113. package/src/wirings/cli/cli.types.ts +22 -16
  114. package/src/wirings/http/http-runner.test.ts +8 -8
  115. package/src/wirings/http/http-runner.ts +29 -56
  116. package/src/wirings/http/http.types.ts +5 -14
  117. package/src/wirings/mcp/mcp-runner.ts +23 -48
  118. package/src/wirings/mcp/mcp.types.ts +6 -0
  119. package/src/wirings/queue/queue-runner.test.ts +641 -0
  120. package/src/wirings/queue/queue-runner.ts +10 -24
  121. package/src/wirings/queue/queue.types.ts +5 -15
  122. package/src/wirings/rpc/index.ts +1 -1
  123. package/src/wirings/rpc/rpc-runner.ts +71 -32
  124. package/src/wirings/rpc/rpc-types.ts +1 -0
  125. package/src/wirings/scheduler/scheduler-runner.test.ts +627 -0
  126. package/src/wirings/scheduler/scheduler-runner.ts +24 -50
  127. package/src/wirings/scheduler/scheduler.types.ts +3 -9
  128. package/src/wirings/workflow/index.ts +43 -0
  129. package/src/wirings/workflow/pikku-workflow-service.ts +746 -0
  130. package/src/wirings/workflow/workflow-runner.ts +72 -0
  131. package/src/wirings/workflow/workflow.types.ts +422 -0
  132. package/tsconfig.tsbuildinfo +1 -1
  133. package/dist/services/file-channel-store.d.ts +0 -19
  134. package/dist/services/file-channel-store.js +0 -69
  135. package/dist/services/file-eventhub-store.d.ts +0 -17
  136. package/dist/services/file-eventhub-store.js +0 -71
  137. package/src/services/file-channel-store.ts +0 -86
  138. package/src/services/file-eventhub-store.ts +0 -90
@@ -1,67 +1,58 @@
1
- import { PikkuChannel } from '../wirings/channel/channel.types.js'
2
1
  import type {
3
2
  CoreServices,
4
3
  CoreSingletonServices,
5
4
  CoreUserSession,
6
- PikkuDocs,
7
5
  CorePikkuMiddleware,
6
+ PikkuWire,
7
+ PickRequired,
8
8
  } from '../types/core.types.js'
9
+ import { Session } from 'inspector'
9
10
 
10
11
  /**
11
12
  * Represents a core API function that performs an operation using core services and a user session.
12
13
  *
13
14
  * @template In - The input type.
14
15
  * @template Out - The output type.
15
- * @template ChannelData - The channel data type.
16
16
  * @template Services - The services type, defaults to `CoreServices`.
17
- * @template Session - The session type, defaults to `CoreUserSession`.
17
+ * @template Wire - The wire type, defaults to `PikkuWire<In, Out>`.
18
18
  */
19
19
  export type CorePikkuFunction<
20
20
  In,
21
21
  Out,
22
- ChannelData extends unknown | null = null,
23
- Services extends CoreSingletonServices = CoreServices &
24
- (ChannelData extends null
25
- ? {
26
- channel?: PikkuChannel<unknown, Out> | undefined
27
- }
28
- : {
29
- channel: PikkuChannel<ChannelData, Out>
30
- }),
31
- Session extends CoreUserSession = CoreUserSession,
22
+ Services extends CoreSingletonServices = CoreServices,
23
+ Wire extends PikkuWire<In, Out> = PikkuWire<In, Out, true, Session>,
32
24
  > = (
33
25
  services: Services,
34
26
  data: In,
35
- session: Session
36
- ) => ChannelData extends null ? Promise<Out> : Promise<Out> | Promise<void>
27
+ wire: Wire
28
+ ) => Wire['channel'] extends null ? Promise<Out> : Promise<Out> | Promise<void>
37
29
 
38
30
  /**
39
31
  * Represents a core API function that can be used without a session.
40
32
  *
41
33
  * @template In - The input type.
42
34
  * @template Out - The output type.
43
- * @template ChannelData - The channel data type.
44
35
  * @template Services - The services type, defaults to `CoreServices`.
45
- * @template Session - The session type, defaults to `CoreUserSession`.
36
+ * @template Wire - The wire type, defaults to `PikkuWire<In, Out>`.
46
37
  */
47
38
  export type CorePikkuFunctionSessionless<
48
39
  In,
49
40
  Out,
50
- ChannelData extends unknown | null = null,
51
- Services extends CoreSingletonServices = CoreServices &
52
- (ChannelData extends null
53
- ? {
54
- channel?: PikkuChannel<unknown, Out> | undefined
55
- }
56
- : {
57
- channel: PikkuChannel<ChannelData, Out>
58
- }),
59
- Session extends CoreUserSession = CoreUserSession,
41
+ Services extends CoreSingletonServices = CoreServices,
42
+ Wire extends PikkuWire<
43
+ In,
44
+ Out,
45
+ false,
46
+ CoreUserSession,
47
+ any,
48
+ any,
49
+ any
50
+ > = PikkuWire<In, Out, false, CoreUserSession, any, any, any>,
60
51
  > = (
61
52
  services: Services,
62
53
  data: In,
63
- session?: Session
64
- ) => ChannelData extends null ? Promise<Out> : Promise<Out> | Promise<void>
54
+ wire: Wire
55
+ ) => Wire['channel'] extends null ? Promise<Out> : Promise<Out> | Promise<void>
65
56
 
66
57
  /**
67
58
  * Represents a function that checks permissions for a given operation.
@@ -73,8 +64,16 @@ export type CorePikkuFunctionSessionless<
73
64
  export type CorePikkuPermission<
74
65
  In = any,
75
66
  Services extends CoreSingletonServices = CoreServices,
76
- Session extends CoreUserSession = CoreUserSession,
77
- > = (services: Services, data: In, session?: Session) => Promise<boolean>
67
+ Wire extends PikkuWire<
68
+ In,
69
+ never,
70
+ false,
71
+ CoreUserSession,
72
+ any,
73
+ never,
74
+ never
75
+ > = PikkuWire<In, never, false, CoreUserSession, never, never, never>,
76
+ > = (services: Services, data: In, wire: Wire) => Promise<boolean>
78
77
 
79
78
  /**
80
79
  * Configuration object for creating a permission with metadata
@@ -86,10 +85,15 @@ export type CorePikkuPermission<
86
85
  export type CorePikkuPermissionConfig<
87
86
  In = any,
88
87
  Services extends CoreSingletonServices = CoreServices,
89
- Session extends CoreUserSession = CoreUserSession,
88
+ Wire extends PikkuWire<In, never, false, CoreUserSession> = PikkuWire<
89
+ In,
90
+ never,
91
+ false,
92
+ CoreUserSession
93
+ >,
90
94
  > = {
91
95
  /** The permission function */
92
- func: CorePikkuPermission<In, Services, Session>
96
+ func: CorePikkuPermission<In, Services, Wire>
93
97
  /** Optional human-readable name for the permission */
94
98
  name?: string
95
99
  /** Optional description of what the permission checks */
@@ -104,8 +108,9 @@ export type CorePikkuPermissionConfig<
104
108
  * ```typescript
105
109
  * // Direct function syntax
106
110
  * export const adminPermission = pikkuPermission(
107
- * async ({ logger }, data, session) => {
108
- * return session?.role === 'admin'
111
+ * async ({ logger }, _data, { session }) => {
112
+ * const currentSession = await session.get()
113
+ * return currentSession?.role === 'admin'
109
114
  * }
110
115
  * )
111
116
  *
@@ -113,8 +118,9 @@ export type CorePikkuPermissionConfig<
113
118
  * export const adminPermission = pikkuPermission({
114
119
  * name: 'Admin Permission',
115
120
  * description: 'Checks if user has admin role',
116
- * func: async ({ logger }, data, session) => {
117
- * return session?.role === 'admin'
121
+ * func: async ({ logger }, _data, { session }) => {
122
+ * const currentSession = await session.get()
123
+ * return currentSession?.role === 'admin'
118
124
  * }
119
125
  * })
120
126
  * ```
@@ -122,12 +128,15 @@ export type CorePikkuPermissionConfig<
122
128
  export const pikkuPermission = <
123
129
  In = any,
124
130
  Services extends CoreSingletonServices = CoreServices,
125
- Session extends CoreUserSession = CoreUserSession,
131
+ Wire extends PickRequired<
132
+ PikkuWire<In, never, false, CoreUserSession>,
133
+ 'session'
134
+ > = PickRequired<PikkuWire<In, never, false, CoreUserSession>, 'session'>,
126
135
  >(
127
136
  permission:
128
- | CorePikkuPermission<In, Services, Session>
129
- | CorePikkuPermissionConfig<In, Services, Session>
130
- ): CorePikkuPermission<In, Services, Session> => {
137
+ | CorePikkuPermission<In, Services, Wire>
138
+ | CorePikkuPermissionConfig<In, Services, Wire>
139
+ ): CorePikkuPermission<In, Services, Wire> => {
131
140
  return typeof permission === 'function' ? permission : permission.func
132
141
  }
133
142
 
@@ -142,8 +151,13 @@ export const pikkuPermission = <
142
151
  export type CorePikkuPermissionFactory<
143
152
  In = any,
144
153
  Services extends CoreSingletonServices = CoreServices,
145
- Session extends CoreUserSession = CoreUserSession,
146
- > = (input: In) => CorePikkuPermission<any, Services, Session>
154
+ Wire extends PikkuWire<In, never, false, CoreUserSession> = PikkuWire<
155
+ In,
156
+ never,
157
+ false,
158
+ CoreUserSession
159
+ >,
160
+ > = (input: In) => CorePikkuPermission<any, Services, Wire>
147
161
 
148
162
  /**
149
163
  * Factory function for creating permission factories
@@ -154,8 +168,9 @@ export type CorePikkuPermissionFactory<
154
168
  * export const requireRole = pikkuPermissionFactory<{ role: string }>(({
155
169
  * role
156
170
  * }) => {
157
- * return pikkuPermission(async ({ logger }, data, session) => {
158
- * if (!session || session.role !== role) {
171
+ * return pikkuPermission(async ({ logger }, data, { session }) => {
172
+ * const currentSession = await session.get()
173
+ * if (!currentSession || currentSession.role !== role) {
159
174
  * logger.warn(`Permission denied: required role '${role}'`)
160
175
  * return false
161
176
  * }
@@ -176,21 +191,24 @@ export type CorePermissionGroup<PikkuPermission = CorePikkuPermission<any>> =
176
191
 
177
192
  export type CorePikkuFunctionConfig<
178
193
  PikkuFunction extends
179
- | CorePikkuFunction<any, any, any, any, any>
180
- | CorePikkuFunctionSessionless<any, any, any, any, any>,
194
+ | CorePikkuFunction<any, any, any, any>
195
+ | CorePikkuFunctionSessionless<any, any, any, any>,
181
196
  PikkuPermission extends CorePikkuPermission<
182
197
  any,
183
198
  any,
184
199
  any
185
200
  > = CorePikkuPermission<any>,
186
- PikkuMiddleware extends CorePikkuMiddleware<any> = CorePikkuMiddleware<any>,
201
+ PikkuMiddleware extends CorePikkuMiddleware<any, any> = CorePikkuMiddleware<
202
+ any,
203
+ any
204
+ >,
187
205
  > = {
188
206
  name?: string
207
+ tags?: string[]
189
208
  expose?: boolean
209
+ internal?: boolean
190
210
  func: PikkuFunction
191
211
  auth?: boolean
192
212
  permissions?: CorePermissionGroup<PikkuPermission>
193
213
  middleware?: PikkuMiddleware[]
194
- tags?: string[]
195
- docs?: PikkuDocs
196
214
  }
@@ -7,7 +7,7 @@ import { PikkuHTTP } from './wirings/http/http.types.js'
7
7
  * Handle errors that occur during route processing
8
8
  *
9
9
  * @param {any} e - The error that occurred
10
- * @param {PikkuHTTP | undefined} http - HTTP interaction object
10
+ * @param {PikkuHTTP | undefined} http - HTTP wire object
11
11
  * @param {string} trackerId - Unique ID for tracking this error
12
12
  * @param {Logger} logger - Logger service
13
13
  * @param {number[]} logWarningsForStatusCodes - HTTP status codes to log as warnings
package/src/index.ts CHANGED
@@ -10,11 +10,13 @@ export * from './services/schema-service.js'
10
10
  export * from './services/jwt-service.js'
11
11
  export * from './services/secret-service.js'
12
12
  export * from './services/user-session-service.js'
13
+ export * from './services/scheduler-service.js'
13
14
  export * from './wirings/http/index.js'
14
15
  export * from './wirings/channel/index.js'
15
16
  export * from './wirings/scheduler/index.js'
16
17
  export * from './wirings/rpc/index.js'
17
18
  export * from './wirings/queue/index.js'
19
+ export * from './wirings/workflow/index.js'
18
20
  export * from './wirings/mcp/index.js'
19
21
  export * from './wirings/cli/index.js'
20
22
  export * from './errors/index.js'
@@ -0,0 +1,360 @@
1
+ import { describe, test, beforeEach } from 'node:test'
2
+ import assert from 'node:assert/strict'
3
+ import { authAPIKey } from './auth-apikey.js'
4
+ import { resetPikkuState } from '../pikku-state.js'
5
+ import { CoreUserSession } from '../types/core.types.js'
6
+ import { PikkuSessionService } from '../services/user-session-service.js'
7
+
8
+ beforeEach(() => {
9
+ resetPikkuState()
10
+ })
11
+
12
+ const createMockHTTPRequest = (
13
+ headers: Record<string, string> = {},
14
+ query: Record<string, string> = {}
15
+ ) => ({
16
+ header: (name: string) => headers[name.toLowerCase()] || null,
17
+ query: () => query,
18
+ })
19
+
20
+ const createMockHTTPResponse = () => ({
21
+ cookie: () => {},
22
+ })
23
+
24
+ describe('authAPIKey middleware', () => {
25
+ test('should extract API key from x-api-key header when source is "header"', async () => {
26
+ const mockUserSession: CoreUserSession = { userId: 'user123' }
27
+ const SessionService = new PikkuSessionService<CoreUserSession>()
28
+ const jwtService = {
29
+ encode: async () => 'token',
30
+ decode: async (token: string) => {
31
+ assert.equal(token, 'my-api-key')
32
+ return mockUserSession
33
+ },
34
+ }
35
+
36
+ const middleware = authAPIKey({ source: 'header' })
37
+ let nextCalled = false
38
+
39
+ await middleware(
40
+ { jwt: jwtService } as any,
41
+ {
42
+ http: {
43
+ request: createMockHTTPRequest({ 'x-api-key': 'my-api-key' }),
44
+ response: createMockHTTPResponse(),
45
+ },
46
+ session: SessionService,
47
+ } as any,
48
+ async () => {
49
+ nextCalled = true
50
+ }
51
+ )
52
+
53
+ assert.equal(nextCalled, true)
54
+ assert.deepEqual(SessionService.get(), mockUserSession)
55
+ })
56
+
57
+ test('should extract API key from query parameter when source is "query"', async () => {
58
+ const mockUserSession: CoreUserSession = { userId: 'user456' }
59
+ const SessionService = new PikkuSessionService<CoreUserSession>()
60
+ const jwtService = {
61
+ encode: async () => 'token',
62
+ decode: async (token: string) => {
63
+ assert.equal(token, 'query-api-key')
64
+ return mockUserSession
65
+ },
66
+ }
67
+
68
+ const middleware = authAPIKey({ source: 'query' })
69
+ let nextCalled = false
70
+
71
+ await middleware(
72
+ { jwt: jwtService } as any,
73
+ {
74
+ http: {
75
+ request: createMockHTTPRequest({}, { apiKey: 'query-api-key' }),
76
+ response: createMockHTTPResponse(),
77
+ },
78
+ session: SessionService,
79
+ } as any,
80
+ async () => {
81
+ nextCalled = true
82
+ }
83
+ )
84
+
85
+ assert.equal(nextCalled, true)
86
+ assert.deepEqual(SessionService.get(), mockUserSession)
87
+ })
88
+
89
+ test('should prefer header over query when source is "all" and both are present', async () => {
90
+ const mockUserSession: CoreUserSession = { userId: 'user789' }
91
+ const SessionService = new PikkuSessionService<CoreUserSession>()
92
+ const jwtService = {
93
+ encode: async () => 'token',
94
+ decode: async (token: string) => {
95
+ // Should use header value, not query value
96
+ assert.equal(token, 'header-key')
97
+ return mockUserSession
98
+ },
99
+ }
100
+
101
+ const middleware = authAPIKey({ source: 'all' })
102
+ let nextCalled = false
103
+
104
+ await middleware(
105
+ { jwt: jwtService } as any,
106
+ {
107
+ http: {
108
+ request: createMockHTTPRequest(
109
+ { 'x-api-key': 'header-key' },
110
+ { apiKey: 'query-key' }
111
+ ),
112
+ response: createMockHTTPResponse(),
113
+ },
114
+ session: SessionService,
115
+ } as any,
116
+ async () => {
117
+ nextCalled = true
118
+ }
119
+ )
120
+
121
+ assert.equal(nextCalled, true)
122
+ assert.deepEqual(SessionService.get(), mockUserSession)
123
+ })
124
+
125
+ test('should fallback to query when header is missing and source is "all"', async () => {
126
+ const mockUserSession: CoreUserSession = { userId: 'user999' }
127
+ const SessionService = new PikkuSessionService<CoreUserSession>()
128
+ const jwtService = {
129
+ encode: async () => 'token',
130
+ decode: async (token: string) => {
131
+ assert.equal(token, 'query-fallback')
132
+ return mockUserSession
133
+ },
134
+ }
135
+
136
+ const middleware = authAPIKey({ source: 'all' })
137
+ let nextCalled = false
138
+
139
+ await middleware(
140
+ { jwt: jwtService } as any,
141
+ {
142
+ http: {
143
+ request: createMockHTTPRequest({}, { apiKey: 'query-fallback' }),
144
+ response: createMockHTTPResponse(),
145
+ },
146
+ session: SessionService,
147
+ } as any,
148
+ async () => {
149
+ nextCalled = true
150
+ }
151
+ )
152
+
153
+ assert.equal(nextCalled, true)
154
+ assert.deepEqual(SessionService.get(), mockUserSession)
155
+ })
156
+
157
+ test('should not set session when API key is not found', async () => {
158
+ const SessionService = new PikkuSessionService<CoreUserSession>()
159
+ const jwtService = {
160
+ encode: async () => 'token',
161
+ decode: async () => null,
162
+ }
163
+
164
+ const middleware = authAPIKey({ source: 'header' })
165
+ let nextCalled = false
166
+
167
+ await middleware(
168
+ { jwt: jwtService } as any,
169
+ {
170
+ http: {
171
+ request: createMockHTTPRequest({}),
172
+ response: createMockHTTPResponse(),
173
+ },
174
+ session: SessionService,
175
+ } as any,
176
+ async () => {
177
+ nextCalled = true
178
+ }
179
+ )
180
+
181
+ assert.equal(nextCalled, true)
182
+ assert.equal(SessionService.get(), undefined)
183
+ })
184
+
185
+ test('should not set session when JWT decode returns null', async () => {
186
+ const SessionService = new PikkuSessionService<CoreUserSession>()
187
+ const jwtService = {
188
+ encode: async () => 'token',
189
+ decode: async () => null,
190
+ }
191
+
192
+ const middleware = authAPIKey({ source: 'header' })
193
+ let nextCalled = false
194
+
195
+ await middleware(
196
+ { jwt: jwtService } as any,
197
+ {
198
+ http: {
199
+ request: createMockHTTPRequest({ 'x-api-key': 'invalid-key' }),
200
+ response: createMockHTTPResponse(),
201
+ },
202
+ session: SessionService,
203
+ } as any,
204
+ async () => {
205
+ nextCalled = true
206
+ }
207
+ )
208
+
209
+ assert.equal(nextCalled, true)
210
+ assert.equal(SessionService.get(), undefined)
211
+ })
212
+
213
+ test('should skip middleware when session already exists', async () => {
214
+ const existingSession: CoreUserSession = { userId: 'existing' }
215
+ const SessionService = new PikkuSessionService<CoreUserSession>()
216
+ SessionService.setInitial(existingSession)
217
+
218
+ let decodeCalled = false
219
+ const jwtService = {
220
+ encode: async () => 'token',
221
+ decode: async () => {
222
+ decodeCalled = true
223
+ return { userId: 'new' }
224
+ },
225
+ }
226
+
227
+ const middleware = authAPIKey({ source: 'header' })
228
+ let nextCalled = false
229
+
230
+ await middleware(
231
+ { jwt: jwtService } as any,
232
+ {
233
+ http: {
234
+ request: createMockHTTPRequest({ 'x-api-key': 'some-key' }),
235
+ response: createMockHTTPResponse(),
236
+ },
237
+ session: SessionService,
238
+ } as any,
239
+ async () => {
240
+ nextCalled = true
241
+ }
242
+ )
243
+
244
+ assert.equal(nextCalled, true)
245
+ assert.equal(decodeCalled, false)
246
+ assert.deepEqual(SessionService.get(), existingSession)
247
+ })
248
+
249
+ test('should skip middleware when http.request is not available', async () => {
250
+ const SessionService = new PikkuSessionService<CoreUserSession>()
251
+ const jwtService = {
252
+ encode: async () => 'token',
253
+ decode: async () => ({ userId: 'test' }),
254
+ }
255
+
256
+ const middleware = authAPIKey({ source: 'header' })
257
+ let nextCalled = false
258
+
259
+ await middleware(
260
+ { jwt: jwtService } as any,
261
+ { session: SessionService } as any,
262
+ async () => {
263
+ nextCalled = true
264
+ }
265
+ )
266
+
267
+ assert.equal(nextCalled, true)
268
+ assert.equal(SessionService.get(), undefined)
269
+ })
270
+
271
+ test('should not decode when jwtService is not available', async () => {
272
+ const SessionService = new PikkuSessionService<CoreUserSession>()
273
+
274
+ const middleware = authAPIKey({ source: 'header' })
275
+ let nextCalled = false
276
+
277
+ await middleware(
278
+ { jwt: undefined } as any,
279
+ {
280
+ http: {
281
+ request: createMockHTTPRequest({ 'x-api-key': 'some-key' }),
282
+ response: createMockHTTPResponse(),
283
+ },
284
+ session: SessionService,
285
+ } as any,
286
+ async () => {
287
+ nextCalled = true
288
+ }
289
+ )
290
+
291
+ assert.equal(nextCalled, true)
292
+ assert.equal(SessionService.get(), undefined)
293
+ })
294
+
295
+ test('should not look in query when source is "header" even if header is missing', async () => {
296
+ const SessionService = new PikkuSessionService<CoreUserSession>()
297
+ let decodeCalled = false
298
+ const jwtService = {
299
+ encode: async () => 'token',
300
+ decode: async () => {
301
+ decodeCalled = true
302
+ return { userId: 'test' }
303
+ },
304
+ }
305
+
306
+ const middleware = authAPIKey({ source: 'header' })
307
+ let nextCalled = false
308
+
309
+ await middleware(
310
+ { jwt: jwtService } as any,
311
+ {
312
+ http: {
313
+ request: createMockHTTPRequest({}, { apiKey: 'query-key' }),
314
+ response: createMockHTTPResponse(),
315
+ },
316
+ session: SessionService,
317
+ } as any,
318
+ async () => {
319
+ nextCalled = true
320
+ }
321
+ )
322
+
323
+ assert.equal(nextCalled, true)
324
+ assert.equal(decodeCalled, false)
325
+ assert.equal(SessionService.get(), undefined)
326
+ })
327
+
328
+ test('should not look in header when source is "query" even if query is missing', async () => {
329
+ const SessionService = new PikkuSessionService<CoreUserSession>()
330
+ let decodeCalled = false
331
+ const jwtService = {
332
+ encode: async () => 'token',
333
+ decode: async () => {
334
+ decodeCalled = true
335
+ return { userId: 'test' }
336
+ },
337
+ }
338
+
339
+ const middleware = authAPIKey({ source: 'query' })
340
+ let nextCalled = false
341
+
342
+ await middleware(
343
+ { jwt: jwtService } as any,
344
+ {
345
+ http: {
346
+ request: createMockHTTPRequest({ 'x-api-key': 'header-key' }),
347
+ response: createMockHTTPResponse(),
348
+ },
349
+ session: SessionService,
350
+ } as any,
351
+ async () => {
352
+ nextCalled = true
353
+ }
354
+ )
355
+
356
+ assert.equal(nextCalled, true)
357
+ assert.equal(decodeCalled, false)
358
+ assert.equal(SessionService.get(), undefined)
359
+ })
360
+ })
@@ -21,12 +21,8 @@ export const authAPIKey = pikkuMiddlewareFactory<{
21
21
  source: 'header' | 'query' | 'all'
22
22
  }>(({ source }) =>
23
23
  pikkuMiddleware(
24
- async (
25
- { userSession: userSessionService, jwt: jwtService },
26
- { http },
27
- next
28
- ) => {
29
- if (!http?.request || userSessionService.get()) {
24
+ async ({ jwt: jwtService }, { http, session: SessionService }, next) => {
25
+ if (!http?.request || !SessionService || SessionService.get()) {
30
26
  return next()
31
27
  }
32
28
 
@@ -41,7 +37,7 @@ export const authAPIKey = pikkuMiddlewareFactory<{
41
37
  if (apiKey && jwtService) {
42
38
  const userSession = await jwtService.decode(apiKey)
43
39
  if (userSession) {
44
- userSessionService.setInitial(userSession)
40
+ SessionService.setInitial(userSession)
45
41
  }
46
42
  }
47
43