@pikku/core 0.12.2 → 0.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (282) hide show
  1. package/CHANGELOG.md +24 -0
  2. package/dist/crypto-utils.d.ts +10 -0
  3. package/dist/crypto-utils.js +62 -0
  4. package/dist/function/function-runner.js +4 -4
  5. package/dist/function/functions.types.d.ts +26 -1
  6. package/dist/function/functions.types.js +16 -0
  7. package/dist/handle-error.d.ts +1 -1
  8. package/dist/handle-error.js +7 -3
  9. package/dist/index.d.ts +14 -2
  10. package/dist/index.js +1 -1
  11. package/dist/pikku-state.js +3 -1
  12. package/dist/schema.js +1 -1
  13. package/dist/services/in-memory-workflow-service.d.ts +22 -3
  14. package/dist/services/in-memory-workflow-service.js +77 -1
  15. package/dist/services/workflow-service.d.ts +8 -2
  16. package/dist/testing/index.d.ts +2 -0
  17. package/dist/testing/index.js +1 -0
  18. package/dist/testing/service-tests.d.ts +31 -0
  19. package/dist/testing/service-tests.js +598 -0
  20. package/dist/types/core.types.d.ts +9 -1
  21. package/dist/types/state.types.d.ts +4 -2
  22. package/dist/utils/hash.d.ts +2 -0
  23. package/dist/utils/hash.js +23 -0
  24. package/dist/wirings/ai-agent/agent-dynamic-workflow.d.ts +6 -0
  25. package/dist/wirings/ai-agent/agent-dynamic-workflow.js +348 -0
  26. package/dist/wirings/ai-agent/ai-agent-memory.d.ts +1 -1
  27. package/dist/wirings/ai-agent/ai-agent-memory.js +6 -5
  28. package/dist/wirings/ai-agent/ai-agent-prepare.d.ts +10 -7
  29. package/dist/wirings/ai-agent/ai-agent-prepare.js +127 -47
  30. package/dist/wirings/ai-agent/ai-agent-runner.d.ts +4 -0
  31. package/dist/wirings/ai-agent/ai-agent-runner.js +381 -27
  32. package/dist/wirings/ai-agent/ai-agent-stream.d.ts +7 -2
  33. package/dist/wirings/ai-agent/ai-agent-stream.js +109 -46
  34. package/dist/wirings/ai-agent/ai-agent.types.d.ts +22 -1
  35. package/dist/wirings/ai-agent/index.d.ts +1 -2
  36. package/dist/wirings/ai-agent/index.js +1 -2
  37. package/dist/wirings/channel/channel-handler.js +5 -1
  38. package/dist/wirings/channel/channel.types.d.ts +1 -7
  39. package/dist/wirings/channel/local/local-channel-handler.d.ts +1 -1
  40. package/dist/wirings/channel/local/local-channel-handler.js +5 -3
  41. package/dist/wirings/channel/local/local-channel-runner.js +14 -4
  42. package/dist/wirings/channel/serverless/serverless-channel-runner.js +4 -1
  43. package/dist/wirings/cli/cli-runner.js +10 -2
  44. package/dist/wirings/cli/cli.types.d.ts +1 -0
  45. package/dist/wirings/http/http-routes.js +0 -1
  46. package/dist/wirings/http/http-runner.d.ts +1 -1
  47. package/dist/wirings/http/http-runner.js +25 -3
  48. package/dist/wirings/http/http.types.d.ts +3 -11
  49. package/dist/wirings/http/index.d.ts +2 -1
  50. package/dist/wirings/http/index.js +1 -0
  51. package/dist/wirings/http/pikku-fetch-http-request.d.ts +1 -0
  52. package/dist/wirings/http/pikku-fetch-http-request.js +3 -0
  53. package/dist/wirings/http/pikku-fetch-http-response.d.ts +1 -0
  54. package/dist/wirings/http/pikku-fetch-http-response.js +4 -4
  55. package/dist/wirings/http/web-request.d.ts +12 -0
  56. package/dist/wirings/http/web-request.js +85 -0
  57. package/dist/wirings/mcp/mcp-endpoint-registry.js +1 -1
  58. package/dist/wirings/mcp/mcp-runner.js +13 -1
  59. package/dist/wirings/rpc/rpc-runner.d.ts +30 -6
  60. package/dist/wirings/rpc/rpc-runner.js +36 -14
  61. package/dist/wirings/rpc/rpc-types.d.ts +6 -1
  62. package/dist/wirings/rpc/wire-addon.d.ts +1 -0
  63. package/dist/wirings/rpc/wire-addon.js +1 -1
  64. package/dist/wirings/scheduler/scheduler-runner.js +1 -0
  65. package/dist/wirings/workflow/graph/graph-validation.d.ts +3 -0
  66. package/dist/wirings/workflow/graph/graph-validation.js +175 -0
  67. package/dist/wirings/workflow/graph/index.d.ts +1 -0
  68. package/dist/wirings/workflow/graph/index.js +1 -0
  69. package/dist/wirings/workflow/index.d.ts +1 -1
  70. package/dist/wirings/workflow/pikku-workflow-service.d.ts +8 -2
  71. package/dist/wirings/workflow/pikku-workflow-service.js +1 -2
  72. package/dist/wirings/workflow/workflow.types.d.ts +10 -1
  73. package/lcov.info +18891 -0
  74. package/package.json +4 -2
  75. package/dist/wirings/ai-agent/ai-agent-assistant-ui.d.ts +0 -5
  76. package/dist/wirings/ai-agent/ai-agent-assistant-ui.js +0 -168
  77. package/src/crypto-utils.test.ts +0 -116
  78. package/src/crypto-utils.ts +0 -99
  79. package/src/errors/error-handler.ts +0 -62
  80. package/src/errors/error.test.ts +0 -195
  81. package/src/errors/errors.ts +0 -374
  82. package/src/errors/index.ts +0 -2
  83. package/src/factory-functions.test.ts +0 -109
  84. package/src/function/function-runner.test.ts +0 -536
  85. package/src/function/function-runner.ts +0 -365
  86. package/src/function/functions.types.ts +0 -267
  87. package/src/function/index.ts +0 -5
  88. package/src/handle-error.test.ts +0 -361
  89. package/src/handle-error.ts +0 -65
  90. package/src/index.ts +0 -104
  91. package/src/internal.ts +0 -6
  92. package/src/middleware/auth-apikey.test.ts +0 -363
  93. package/src/middleware/auth-apikey.ts +0 -47
  94. package/src/middleware/auth-bearer.test.ts +0 -450
  95. package/src/middleware/auth-bearer.ts +0 -72
  96. package/src/middleware/auth-cookie.test.ts +0 -528
  97. package/src/middleware/auth-cookie.ts +0 -80
  98. package/src/middleware/cors.test.ts +0 -424
  99. package/src/middleware/cors.ts +0 -104
  100. package/src/middleware/index.ts +0 -5
  101. package/src/middleware/remote-auth.test.ts +0 -488
  102. package/src/middleware/remote-auth.ts +0 -68
  103. package/src/middleware/timeout.ts +0 -15
  104. package/src/middleware-runner.test.ts +0 -418
  105. package/src/middleware-runner.ts +0 -234
  106. package/src/permissions.test.ts +0 -434
  107. package/src/permissions.ts +0 -319
  108. package/src/pikku-request.ts +0 -23
  109. package/src/pikku-response.ts +0 -5
  110. package/src/pikku-state.test.ts +0 -224
  111. package/src/pikku-state.ts +0 -214
  112. package/src/run-tests-script.test.ts +0 -49
  113. package/src/schema.test.ts +0 -249
  114. package/src/schema.ts +0 -151
  115. package/src/services/ai-agent-runner-service.ts +0 -41
  116. package/src/services/ai-run-state-service.ts +0 -20
  117. package/src/services/ai-storage-service.ts +0 -39
  118. package/src/services/content-service.ts +0 -76
  119. package/src/services/deployment-service.ts +0 -22
  120. package/src/services/gateway-service.ts +0 -20
  121. package/src/services/gopass-secrets.ts +0 -98
  122. package/src/services/in-memory-ai-run-state-service.ts +0 -73
  123. package/src/services/in-memory-trigger-service.ts +0 -64
  124. package/src/services/in-memory-workflow-service.test.ts +0 -351
  125. package/src/services/in-memory-workflow-service.ts +0 -395
  126. package/src/services/index.ts +0 -56
  127. package/src/services/jwt-service.ts +0 -30
  128. package/src/services/local-content.ts +0 -120
  129. package/src/services/local-gateway-service.ts +0 -62
  130. package/src/services/local-secrets.test.ts +0 -80
  131. package/src/services/local-secrets.ts +0 -94
  132. package/src/services/local-variables.test.ts +0 -61
  133. package/src/services/local-variables.ts +0 -39
  134. package/src/services/logger-console.test.ts +0 -118
  135. package/src/services/logger-console.ts +0 -98
  136. package/src/services/logger.ts +0 -57
  137. package/src/services/scheduler-service.ts +0 -86
  138. package/src/services/schema-service.ts +0 -33
  139. package/src/services/scoped-secret-service.test.ts +0 -74
  140. package/src/services/scoped-secret-service.ts +0 -41
  141. package/src/services/secret-service.ts +0 -38
  142. package/src/services/trigger-service.ts +0 -17
  143. package/src/services/typed-secret-service.test.ts +0 -93
  144. package/src/services/typed-secret-service.ts +0 -70
  145. package/src/services/typed-variables-service.test.ts +0 -73
  146. package/src/services/typed-variables-service.ts +0 -81
  147. package/src/services/user-session-service.test.ts +0 -113
  148. package/src/services/user-session-service.ts +0 -86
  149. package/src/services/variables-service.ts +0 -11
  150. package/src/services/workflow-service.ts +0 -84
  151. package/src/time-utils.test.ts +0 -56
  152. package/src/time-utils.ts +0 -107
  153. package/src/types/core.types.ts +0 -470
  154. package/src/types/state.types.ts +0 -186
  155. package/src/utils.test.ts +0 -350
  156. package/src/utils.ts +0 -129
  157. package/src/version.test.ts +0 -80
  158. package/src/version.ts +0 -25
  159. package/src/wirings/ai-agent/ai-agent-assistant-ui.test.ts +0 -363
  160. package/src/wirings/ai-agent/ai-agent-assistant-ui.ts +0 -238
  161. package/src/wirings/ai-agent/ai-agent-helpers.test.ts +0 -152
  162. package/src/wirings/ai-agent/ai-agent-helpers.ts +0 -76
  163. package/src/wirings/ai-agent/ai-agent-memory.ts +0 -309
  164. package/src/wirings/ai-agent/ai-agent-model-config.test.ts +0 -115
  165. package/src/wirings/ai-agent/ai-agent-model-config.ts +0 -43
  166. package/src/wirings/ai-agent/ai-agent-prepare.ts +0 -522
  167. package/src/wirings/ai-agent/ai-agent-registry.test.ts +0 -37
  168. package/src/wirings/ai-agent/ai-agent-registry.ts +0 -82
  169. package/src/wirings/ai-agent/ai-agent-runner.test.ts +0 -317
  170. package/src/wirings/ai-agent/ai-agent-runner.ts +0 -251
  171. package/src/wirings/ai-agent/ai-agent-stream.test.ts +0 -652
  172. package/src/wirings/ai-agent/ai-agent-stream.ts +0 -1060
  173. package/src/wirings/ai-agent/ai-agent.types.ts +0 -360
  174. package/src/wirings/ai-agent/index.ts +0 -41
  175. package/src/wirings/channel/channel-common.ts +0 -90
  176. package/src/wirings/channel/channel-handler.ts +0 -241
  177. package/src/wirings/channel/channel-middleware-runner.ts +0 -120
  178. package/src/wirings/channel/channel-runner.ts +0 -166
  179. package/src/wirings/channel/channel-store.ts +0 -29
  180. package/src/wirings/channel/channel.types.ts +0 -178
  181. package/src/wirings/channel/define-channel-routes.ts +0 -25
  182. package/src/wirings/channel/eventhub-service.ts +0 -34
  183. package/src/wirings/channel/eventhub-store.ts +0 -13
  184. package/src/wirings/channel/index.ts +0 -24
  185. package/src/wirings/channel/local/index.ts +0 -3
  186. package/src/wirings/channel/local/local-channel-handler.ts +0 -79
  187. package/src/wirings/channel/local/local-channel-runner.test.ts +0 -215
  188. package/src/wirings/channel/local/local-channel-runner.ts +0 -200
  189. package/src/wirings/channel/local/local-eventhub-service.test.ts +0 -95
  190. package/src/wirings/channel/local/local-eventhub-service.ts +0 -101
  191. package/src/wirings/channel/log-channels.ts +0 -20
  192. package/src/wirings/channel/pikku-abstract-channel-handler.test.ts +0 -54
  193. package/src/wirings/channel/pikku-abstract-channel-handler.ts +0 -45
  194. package/src/wirings/channel/serverless/index.ts +0 -5
  195. package/src/wirings/channel/serverless/serverless-channel-runner.ts +0 -286
  196. package/src/wirings/cli/channel/cli-channel-runner.ts +0 -136
  197. package/src/wirings/cli/channel/index.ts +0 -1
  198. package/src/wirings/cli/cli-runner.test.ts +0 -403
  199. package/src/wirings/cli/cli-runner.ts +0 -519
  200. package/src/wirings/cli/cli.types.ts +0 -357
  201. package/src/wirings/cli/command-parser.test.ts +0 -445
  202. package/src/wirings/cli/command-parser.ts +0 -504
  203. package/src/wirings/cli/define-cli-commands.ts +0 -24
  204. package/src/wirings/cli/index.ts +0 -19
  205. package/src/wirings/gateway/gateway-runner.test.ts +0 -474
  206. package/src/wirings/gateway/gateway-runner.ts +0 -411
  207. package/src/wirings/gateway/gateway.types.ts +0 -149
  208. package/src/wirings/gateway/index.ts +0 -13
  209. package/src/wirings/http/http-routes.test.ts +0 -322
  210. package/src/wirings/http/http-routes.ts +0 -198
  211. package/src/wirings/http/http-runner.test.ts +0 -144
  212. package/src/wirings/http/http-runner.ts +0 -563
  213. package/src/wirings/http/http.types.ts +0 -378
  214. package/src/wirings/http/index.ts +0 -25
  215. package/src/wirings/http/log-http-routes.ts +0 -22
  216. package/src/wirings/http/pikku-fetch-http-request.test.ts +0 -237
  217. package/src/wirings/http/pikku-fetch-http-request.ts +0 -166
  218. package/src/wirings/http/pikku-fetch-http-response.test.ts +0 -82
  219. package/src/wirings/http/pikku-fetch-http-response.ts +0 -147
  220. package/src/wirings/http/routers/http-router.ts +0 -13
  221. package/src/wirings/http/routers/path-to-regex.test.ts +0 -319
  222. package/src/wirings/http/routers/path-to-regex.ts +0 -126
  223. package/src/wirings/mcp/index.ts +0 -27
  224. package/src/wirings/mcp/mcp-endpoint-registry.test.ts +0 -389
  225. package/src/wirings/mcp/mcp-endpoint-registry.ts +0 -159
  226. package/src/wirings/mcp/mcp-runner.ts +0 -305
  227. package/src/wirings/mcp/mcp.types.ts +0 -216
  228. package/src/wirings/node/index.ts +0 -2
  229. package/src/wirings/node/node.types.ts +0 -23
  230. package/src/wirings/oauth2/index.ts +0 -3
  231. package/src/wirings/oauth2/oauth2-client.test.ts +0 -929
  232. package/src/wirings/oauth2/oauth2-client.ts +0 -335
  233. package/src/wirings/oauth2/oauth2.types.ts +0 -69
  234. package/src/wirings/oauth2/wire-oauth2-credential.ts +0 -23
  235. package/src/wirings/queue/index.ts +0 -31
  236. package/src/wirings/queue/queue-runner.test.ts +0 -710
  237. package/src/wirings/queue/queue-runner.ts +0 -192
  238. package/src/wirings/queue/queue.types.ts +0 -189
  239. package/src/wirings/queue/register-queue-helper.ts +0 -60
  240. package/src/wirings/queue/validate-worker-config.test.ts +0 -108
  241. package/src/wirings/queue/validate-worker-config.ts +0 -116
  242. package/src/wirings/rpc/index.ts +0 -4
  243. package/src/wirings/rpc/rpc-runner.ts +0 -439
  244. package/src/wirings/rpc/rpc-types.ts +0 -51
  245. package/src/wirings/rpc/wire-addon.ts +0 -20
  246. package/src/wirings/scheduler/index.ts +0 -11
  247. package/src/wirings/scheduler/log-schedulers.ts +0 -20
  248. package/src/wirings/scheduler/scheduler-runner.test.ts +0 -660
  249. package/src/wirings/scheduler/scheduler-runner.ts +0 -132
  250. package/src/wirings/scheduler/scheduler.types.ts +0 -53
  251. package/src/wirings/secret/index.ts +0 -9
  252. package/src/wirings/secret/secret.types.ts +0 -32
  253. package/src/wirings/secret/validate-secret-definitions.test.ts +0 -140
  254. package/src/wirings/secret/validate-secret-definitions.ts +0 -82
  255. package/src/wirings/trigger/index.ts +0 -10
  256. package/src/wirings/trigger/pikku-trigger-service.ts +0 -112
  257. package/src/wirings/trigger/trigger-runner.test.ts +0 -79
  258. package/src/wirings/trigger/trigger-runner.ts +0 -135
  259. package/src/wirings/trigger/trigger.types.ts +0 -178
  260. package/src/wirings/variable/index.ts +0 -8
  261. package/src/wirings/variable/validate-variable-definitions.test.ts +0 -91
  262. package/src/wirings/variable/validate-variable-definitions.ts +0 -69
  263. package/src/wirings/variable/variable.types.ts +0 -22
  264. package/src/wirings/workflow/dsl/index.ts +0 -31
  265. package/src/wirings/workflow/dsl/workflow-dsl.types.ts +0 -320
  266. package/src/wirings/workflow/dsl/workflow-runner.ts +0 -28
  267. package/src/wirings/workflow/graph/graph-node.ts +0 -222
  268. package/src/wirings/workflow/graph/graph-runner.test.ts +0 -487
  269. package/src/wirings/workflow/graph/graph-runner.ts +0 -816
  270. package/src/wirings/workflow/graph/index.ts +0 -14
  271. package/src/wirings/workflow/graph/template.test.ts +0 -49
  272. package/src/wirings/workflow/graph/template.ts +0 -42
  273. package/src/wirings/workflow/graph/wire-workflow-graph.ts +0 -29
  274. package/src/wirings/workflow/graph/workflow-graph.types.ts +0 -104
  275. package/src/wirings/workflow/index.ts +0 -81
  276. package/src/wirings/workflow/pikku-workflow-service.test.ts +0 -200
  277. package/src/wirings/workflow/pikku-workflow-service.ts +0 -1165
  278. package/src/wirings/workflow/workflow-helpers.test.ts +0 -129
  279. package/src/wirings/workflow/workflow-helpers.ts +0 -79
  280. package/src/wirings/workflow/workflow.types.ts +0 -266
  281. package/tsconfig.json +0 -14
  282. package/tsconfig.tsbuildinfo +0 -1
@@ -1,488 +0,0 @@
1
- import { describe, test, beforeEach } from 'node:test'
2
- import assert from 'node:assert'
3
- import { pikkuRemoteAuthMiddleware } from './remote-auth.js'
4
- import { UnauthorizedError } from '../errors/errors.js'
5
- import { resetPikkuState } from '../pikku-state.js'
6
- import { encryptJSON } from '../crypto-utils.js'
7
-
8
- beforeEach(() => {
9
- resetPikkuState()
10
- })
11
-
12
- const TEST_SECRET = 'test-remote-secret-key'
13
-
14
- const createMockSecrets = (secret?: string) => ({
15
- getSecret: async (key: string) => {
16
- if (key === 'PIKKU_REMOTE_SECRET' && secret !== undefined) {
17
- return secret
18
- }
19
- throw new Error(`Secret ${key} not found`)
20
- },
21
- })
22
-
23
- const createMockJWT = (payload?: any, shouldThrow = false) => ({
24
- decode: async (_token: string) => {
25
- if (shouldThrow) throw new Error('Invalid token')
26
- return payload
27
- },
28
- encode: async () => 'token',
29
- })
30
-
31
- const createMockRequest = (
32
- headers: Record<string, string> = {},
33
- path = '/api/test',
34
- method = 'POST'
35
- ) => ({
36
- header: (name: string) => headers[name.toLowerCase()] || headers[name],
37
- path: () => path,
38
- method: () => method,
39
- })
40
-
41
- describe('pikkuRemoteAuthMiddleware', () => {
42
- test('should call next when no http.request', async () => {
43
- let nextCalled = false
44
- await pikkuRemoteAuthMiddleware(
45
- { secrets: createMockSecrets(TEST_SECRET) } as any,
46
- { http: {} } as any,
47
- async () => {
48
- nextCalled = true
49
- }
50
- )
51
- assert.strictEqual(nextCalled, true)
52
- })
53
-
54
- test('should call next when no secrets service', async () => {
55
- let nextCalled = false
56
- await pikkuRemoteAuthMiddleware(
57
- {} as any,
58
- { http: { request: createMockRequest() } } as any,
59
- async () => {
60
- nextCalled = true
61
- }
62
- )
63
- assert.strictEqual(nextCalled, true)
64
- })
65
-
66
- test('should call next when PIKKU_REMOTE_SECRET not found', async () => {
67
- let nextCalled = false
68
- await pikkuRemoteAuthMiddleware(
69
- { secrets: createMockSecrets() } as any,
70
- { http: { request: createMockRequest() } } as any,
71
- async () => {
72
- nextCalled = true
73
- }
74
- )
75
- assert.strictEqual(nextCalled, true)
76
- })
77
-
78
- test('should throw when PIKKU_REMOTE_SECRET set but no jwt service', async () => {
79
- await assert.rejects(
80
- () =>
81
- pikkuRemoteAuthMiddleware(
82
- { secrets: createMockSecrets(TEST_SECRET) } as any,
83
- { http: { request: createMockRequest() } } as any,
84
- async () => {}
85
- ),
86
- { message: 'PIKKU_REMOTE_SECRET set but JWT service missing' }
87
- )
88
- })
89
-
90
- test('should throw UnauthorizedError when no authorization header', async () => {
91
- await assert.rejects(
92
- () =>
93
- pikkuRemoteAuthMiddleware(
94
- {
95
- secrets: createMockSecrets(TEST_SECRET),
96
- jwt: createMockJWT(),
97
- } as any,
98
- { http: { request: createMockRequest({}) } } as any,
99
- async () => {}
100
- ),
101
- (err: any) => err instanceof UnauthorizedError
102
- )
103
- })
104
-
105
- test('should throw UnauthorizedError for non-Bearer scheme', async () => {
106
- await assert.rejects(
107
- () =>
108
- pikkuRemoteAuthMiddleware(
109
- {
110
- secrets: createMockSecrets(TEST_SECRET),
111
- jwt: createMockJWT(),
112
- } as any,
113
- {
114
- http: {
115
- request: createMockRequest({ authorization: 'Basic abc123' }),
116
- },
117
- } as any,
118
- async () => {}
119
- ),
120
- (err: any) => err instanceof UnauthorizedError
121
- )
122
- })
123
-
124
- test('should throw UnauthorizedError when Bearer has no token', async () => {
125
- await assert.rejects(
126
- () =>
127
- pikkuRemoteAuthMiddleware(
128
- {
129
- secrets: createMockSecrets(TEST_SECRET),
130
- jwt: createMockJWT(),
131
- } as any,
132
- {
133
- http: { request: createMockRequest({ authorization: 'Bearer' }) },
134
- } as any,
135
- async () => {}
136
- ),
137
- (err: any) => err instanceof UnauthorizedError
138
- )
139
- })
140
-
141
- test('should throw UnauthorizedError when JWT decode fails', async () => {
142
- await assert.rejects(
143
- () =>
144
- pikkuRemoteAuthMiddleware(
145
- {
146
- secrets: createMockSecrets(TEST_SECRET),
147
- jwt: createMockJWT(null, true),
148
- } as any,
149
- {
150
- http: {
151
- request: createMockRequest({
152
- authorization: 'Bearer valid-token',
153
- }),
154
- },
155
- } as any,
156
- async () => {}
157
- ),
158
- (err: any) => err instanceof UnauthorizedError
159
- )
160
- })
161
-
162
- test('should throw UnauthorizedError when audience is not pikku-remote', async () => {
163
- await assert.rejects(
164
- () =>
165
- pikkuRemoteAuthMiddleware(
166
- {
167
- secrets: createMockSecrets(TEST_SECRET),
168
- jwt: createMockJWT({ aud: 'wrong-audience' }),
169
- } as any,
170
- {
171
- http: {
172
- request: createMockRequest({
173
- authorization: 'Bearer valid-token',
174
- }),
175
- },
176
- } as any,
177
- async () => {}
178
- ),
179
- (err: any) => err instanceof UnauthorizedError
180
- )
181
- })
182
-
183
- test('should throw UnauthorizedError when audience is missing', async () => {
184
- await assert.rejects(
185
- () =>
186
- pikkuRemoteAuthMiddleware(
187
- {
188
- secrets: createMockSecrets(TEST_SECRET),
189
- jwt: createMockJWT({}),
190
- } as any,
191
- {
192
- http: {
193
- request: createMockRequest({
194
- authorization: 'Bearer valid-token',
195
- }),
196
- },
197
- } as any,
198
- async () => {}
199
- ),
200
- (err: any) => err instanceof UnauthorizedError
201
- )
202
- })
203
-
204
- test('should call next for valid token with correct audience', async () => {
205
- let nextCalled = false
206
- await pikkuRemoteAuthMiddleware(
207
- {
208
- secrets: createMockSecrets(TEST_SECRET),
209
- jwt: createMockJWT({ aud: 'pikku-remote' }),
210
- } as any,
211
- {
212
- http: {
213
- request: createMockRequest({ authorization: 'Bearer valid-token' }),
214
- },
215
- } as any,
216
- async () => {
217
- nextCalled = true
218
- }
219
- )
220
- assert.strictEqual(nextCalled, true)
221
- })
222
-
223
- test('should accept Authorization header (capitalized)', async () => {
224
- let nextCalled = false
225
- await pikkuRemoteAuthMiddleware(
226
- {
227
- secrets: createMockSecrets(TEST_SECRET),
228
- jwt: createMockJWT({ aud: 'pikku-remote' }),
229
- } as any,
230
- {
231
- http: {
232
- request: createMockRequest({ Authorization: 'Bearer valid-token' }),
233
- },
234
- } as any,
235
- async () => {
236
- nextCalled = true
237
- }
238
- )
239
- assert.strictEqual(nextCalled, true)
240
- })
241
-
242
- describe('RPC function authorization', () => {
243
- test('should throw UnauthorizedError when token fn does not match requested function', async () => {
244
- await assert.rejects(
245
- () =>
246
- pikkuRemoteAuthMiddleware(
247
- {
248
- secrets: createMockSecrets(TEST_SECRET),
249
- jwt: createMockJWT({ aud: 'pikku-remote', fn: 'allowedFunc' }),
250
- } as any,
251
- {
252
- http: {
253
- request: createMockRequest(
254
- { authorization: 'Bearer valid-token' },
255
- '/rpc/otherFunc'
256
- ),
257
- },
258
- } as any,
259
- async () => {}
260
- ),
261
- (err: any) => err instanceof UnauthorizedError
262
- )
263
- })
264
-
265
- test('should allow when token fn matches requested function', async () => {
266
- let nextCalled = false
267
- await pikkuRemoteAuthMiddleware(
268
- {
269
- secrets: createMockSecrets(TEST_SECRET),
270
- jwt: createMockJWT({ aud: 'pikku-remote', fn: 'myFunc' }),
271
- } as any,
272
- {
273
- http: {
274
- request: createMockRequest(
275
- { authorization: 'Bearer valid-token' },
276
- '/rpc/myFunc'
277
- ),
278
- },
279
- } as any,
280
- async () => {
281
- nextCalled = true
282
- }
283
- )
284
- assert.strictEqual(nextCalled, true)
285
- })
286
-
287
- test('should allow any RPC call when token has no fn claim', async () => {
288
- let nextCalled = false
289
- await pikkuRemoteAuthMiddleware(
290
- {
291
- secrets: createMockSecrets(TEST_SECRET),
292
- jwt: createMockJWT({ aud: 'pikku-remote' }),
293
- } as any,
294
- {
295
- http: {
296
- request: createMockRequest(
297
- { authorization: 'Bearer valid-token' },
298
- '/rpc/anyFunc'
299
- ),
300
- },
301
- } as any,
302
- async () => {
303
- nextCalled = true
304
- }
305
- )
306
- assert.strictEqual(nextCalled, true)
307
- })
308
-
309
- test('should skip fn check for non-RPC paths even if fn in token', async () => {
310
- let nextCalled = false
311
- await pikkuRemoteAuthMiddleware(
312
- {
313
- secrets: createMockSecrets(TEST_SECRET),
314
- jwt: createMockJWT({ aud: 'pikku-remote', fn: 'someFunc' }),
315
- } as any,
316
- {
317
- http: {
318
- request: createMockRequest(
319
- { authorization: 'Bearer valid-token' },
320
- '/api/other'
321
- ),
322
- },
323
- } as any,
324
- async () => {
325
- nextCalled = true
326
- }
327
- )
328
- assert.strictEqual(nextCalled, true)
329
- })
330
-
331
- test('should handle URI-encoded function names', async () => {
332
- let nextCalled = false
333
- await pikkuRemoteAuthMiddleware(
334
- {
335
- secrets: createMockSecrets(TEST_SECRET),
336
- jwt: createMockJWT({ aud: 'pikku-remote', fn: 'my func' }),
337
- } as any,
338
- {
339
- http: {
340
- request: createMockRequest(
341
- { authorization: 'Bearer valid-token' },
342
- '/rpc/my%20func'
343
- ),
344
- },
345
- } as any,
346
- async () => {
347
- nextCalled = true
348
- }
349
- )
350
- assert.strictEqual(nextCalled, true)
351
- })
352
- })
353
-
354
- describe('session decryption', () => {
355
- test('should decrypt and set session when payload.session exists', async () => {
356
- const sessionData = { userId: 'user-1', role: 'admin' }
357
- const encryptedSession = await encryptJSON(TEST_SECRET, {
358
- session: sessionData,
359
- })
360
- let receivedSession: any
361
-
362
- await pikkuRemoteAuthMiddleware(
363
- {
364
- secrets: createMockSecrets(TEST_SECRET),
365
- jwt: createMockJWT({
366
- aud: 'pikku-remote',
367
- session: encryptedSession,
368
- }),
369
- } as any,
370
- {
371
- http: {
372
- request: createMockRequest({ authorization: 'Bearer valid-token' }),
373
- },
374
- setSession: async (session: any) => {
375
- receivedSession = session
376
- },
377
- } as any,
378
- async () => {}
379
- )
380
-
381
- assert.deepStrictEqual(receivedSession, sessionData)
382
- })
383
-
384
- test('should throw UnauthorizedError when session decryption fails', async () => {
385
- await assert.rejects(
386
- () =>
387
- pikkuRemoteAuthMiddleware(
388
- {
389
- secrets: createMockSecrets(TEST_SECRET),
390
- jwt: createMockJWT({
391
- aud: 'pikku-remote',
392
- session: 'invalid-encrypted-data',
393
- }),
394
- } as any,
395
- {
396
- http: {
397
- request: createMockRequest({
398
- authorization: 'Bearer valid-token',
399
- }),
400
- },
401
- setSession: async () => {},
402
- } as any,
403
- async () => {}
404
- ),
405
- (err: any) => err instanceof UnauthorizedError
406
- )
407
- })
408
-
409
- test('should skip setSession when setSession is not available', async () => {
410
- const encryptedSession = await encryptJSON(TEST_SECRET, {
411
- session: { userId: 'u1' },
412
- })
413
- let nextCalled = false
414
-
415
- await pikkuRemoteAuthMiddleware(
416
- {
417
- secrets: createMockSecrets(TEST_SECRET),
418
- jwt: createMockJWT({
419
- aud: 'pikku-remote',
420
- session: encryptedSession,
421
- }),
422
- } as any,
423
- {
424
- http: {
425
- request: createMockRequest({ authorization: 'Bearer valid-token' }),
426
- },
427
- } as any,
428
- async () => {
429
- nextCalled = true
430
- }
431
- )
432
-
433
- assert.strictEqual(nextCalled, true)
434
- })
435
-
436
- test('should skip setSession when decrypted.session is falsy', async () => {
437
- const encryptedSession = await encryptJSON(TEST_SECRET, { session: null })
438
- let setSessionCalled = false
439
-
440
- await pikkuRemoteAuthMiddleware(
441
- {
442
- secrets: createMockSecrets(TEST_SECRET),
443
- jwt: createMockJWT({
444
- aud: 'pikku-remote',
445
- session: encryptedSession,
446
- }),
447
- } as any,
448
- {
449
- http: {
450
- request: createMockRequest({ authorization: 'Bearer valid-token' }),
451
- },
452
- setSession: async () => {
453
- setSessionCalled = true
454
- },
455
- } as any,
456
- async () => {}
457
- )
458
-
459
- assert.strictEqual(setSessionCalled, false)
460
- })
461
-
462
- test('should not call setSession when no session in payload', async () => {
463
- let setSessionCalled = false
464
- let nextCalled = false
465
-
466
- await pikkuRemoteAuthMiddleware(
467
- {
468
- secrets: createMockSecrets(TEST_SECRET),
469
- jwt: createMockJWT({ aud: 'pikku-remote' }),
470
- } as any,
471
- {
472
- http: {
473
- request: createMockRequest({ authorization: 'Bearer valid-token' }),
474
- },
475
- setSession: async () => {
476
- setSessionCalled = true
477
- },
478
- } as any,
479
- async () => {
480
- nextCalled = true
481
- }
482
- )
483
-
484
- assert.strictEqual(setSessionCalled, false)
485
- assert.strictEqual(nextCalled, true)
486
- })
487
- })
488
- })
@@ -1,68 +0,0 @@
1
- import { UnauthorizedError } from '../errors/errors.js'
2
- import { pikkuMiddleware } from '../types/core.types.js'
3
- import { decryptJSON } from '../crypto-utils.js'
4
-
5
- export const pikkuRemoteAuthMiddleware = pikkuMiddleware(
6
- async ({ secrets, jwt }, { http, setSession }, next) => {
7
- if (!http?.request || !secrets) {
8
- return next()
9
- }
10
-
11
- let secret: string
12
- try {
13
- secret = await secrets.getSecret('PIKKU_REMOTE_SECRET')
14
- } catch {
15
- return next()
16
- }
17
- if (!jwt) {
18
- throw new Error('PIKKU_REMOTE_SECRET set but JWT service missing')
19
- }
20
-
21
- const authHeader =
22
- http.request.header('authorization') ||
23
- http.request.header('Authorization')
24
-
25
- if (!authHeader) {
26
- throw new UnauthorizedError()
27
- }
28
-
29
- const [scheme, token] = authHeader.split(' ')
30
- if (scheme !== 'Bearer' || !token) {
31
- throw new UnauthorizedError()
32
- }
33
-
34
- let payload: any
35
- try {
36
- payload = await jwt.decode(token)
37
- } catch {
38
- throw new UnauthorizedError()
39
- }
40
-
41
- if (payload?.aud !== 'pikku-remote') {
42
- throw new UnauthorizedError()
43
- }
44
-
45
- if (payload?.fn && http.request.path().startsWith('/rpc/')) {
46
- const fn = decodeURIComponent(http.request.path().slice('/rpc/'.length))
47
- if (fn && payload.fn !== fn) {
48
- throw new UnauthorizedError()
49
- }
50
- }
51
-
52
- if (payload?.session) {
53
- try {
54
- const decrypted = await decryptJSON<{ session?: unknown }>(
55
- secret,
56
- payload.session
57
- )
58
- if (decrypted?.session && setSession) {
59
- await setSession(decrypted.session)
60
- }
61
- } catch {
62
- throw new UnauthorizedError()
63
- }
64
- }
65
-
66
- return next()
67
- }
68
- )
@@ -1,15 +0,0 @@
1
- import { RequestTimeoutError } from '../errors/errors.js'
2
- import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
3
-
4
- export const timeout = () =>
5
- pikkuMiddlewareFactory<{ timeout: number }>(({ timeout }) =>
6
- pikkuMiddleware(async (_services, _wire, next) => {
7
- const timeoutId = setTimeout(() => {
8
- throw new RequestTimeoutError()
9
- }, timeout)
10
-
11
- await next()
12
-
13
- clearTimeout(timeoutId)
14
- })
15
- )