@pikku/core 0.12.4 → 0.12.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -1
- package/dist/dev/hot-reload.d.ts +10 -0
- package/dist/dev/hot-reload.js +158 -0
- package/dist/middleware-runner.d.ts +1 -0
- package/dist/middleware-runner.js +5 -0
- package/dist/permissions.d.ts +1 -0
- package/dist/permissions.js +5 -0
- package/dist/services/content-service.d.ts +2 -0
- package/dist/services/in-memory-workflow-service.d.ts +1 -0
- package/dist/services/in-memory-workflow-service.js +16 -11
- package/dist/services/workflow-service.d.ts +1 -0
- package/dist/wirings/ai-agent/ai-agent-prepare.js +16 -1
- package/dist/wirings/channel/channel-middleware-runner.d.ts +1 -0
- package/dist/wirings/channel/channel-middleware-runner.js +5 -0
- package/dist/wirings/http/http-runner.js +1 -1
- package/dist/wirings/workflow/pikku-workflow-service.d.ts +6 -0
- package/dist/wirings/workflow/pikku-workflow-service.js +51 -16
- package/dist/wirings/workflow/workflow.types.d.ts +2 -0
- package/package.json +5 -3
- package/src/crypto-utils.test.ts +214 -0
- package/src/crypto-utils.ts +213 -0
- package/src/dev/hot-reload.test.ts +484 -0
- package/src/dev/hot-reload.ts +212 -0
- package/src/errors/error-handler.ts +62 -0
- package/src/errors/error.test.ts +195 -0
- package/src/errors/errors.ts +374 -0
- package/src/errors/index.ts +2 -0
- package/src/factory-functions.test.ts +109 -0
- package/src/function/function-runner.test.ts +536 -0
- package/src/function/function-runner.ts +365 -0
- package/src/function/functions.types.ts +304 -0
- package/src/function/index.ts +5 -0
- package/src/handle-error.test.ts +424 -0
- package/src/handle-error.ts +69 -0
- package/src/index.ts +118 -0
- package/src/internal.ts +6 -0
- package/src/middleware/auth-apikey.test.ts +363 -0
- package/src/middleware/auth-apikey.ts +47 -0
- package/src/middleware/auth-bearer.test.ts +450 -0
- package/src/middleware/auth-bearer.ts +72 -0
- package/src/middleware/auth-cookie.test.ts +528 -0
- package/src/middleware/auth-cookie.ts +80 -0
- package/src/middleware/cors.test.ts +424 -0
- package/src/middleware/cors.ts +104 -0
- package/src/middleware/index.ts +5 -0
- package/src/middleware/remote-auth.test.ts +488 -0
- package/src/middleware/remote-auth.ts +68 -0
- package/src/middleware/timeout.ts +15 -0
- package/src/middleware-runner.test.ts +418 -0
- package/src/middleware-runner.ts +240 -0
- package/src/permissions.test.ts +434 -0
- package/src/permissions.ts +327 -0
- package/src/pikku-request.ts +23 -0
- package/src/pikku-response.ts +5 -0
- package/src/pikku-state.test.ts +224 -0
- package/src/pikku-state.ts +216 -0
- package/src/run-tests-script.test.ts +49 -0
- package/src/schema.test.ts +249 -0
- package/src/schema.ts +151 -0
- package/src/services/ai-agent-runner-service.ts +41 -0
- package/src/services/ai-run-state-service.ts +20 -0
- package/src/services/ai-storage-service.ts +39 -0
- package/src/services/content-service.ts +81 -0
- package/src/services/deployment-service.ts +22 -0
- package/src/services/gateway-service.ts +20 -0
- package/src/services/gopass-secrets.ts +98 -0
- package/src/services/in-memory-ai-run-state-service.ts +73 -0
- package/src/services/in-memory-trigger-service.ts +64 -0
- package/src/services/in-memory-workflow-service.test.ts +351 -0
- package/src/services/in-memory-workflow-service.ts +512 -0
- package/src/services/index.ts +56 -0
- package/src/services/jwt-service.ts +30 -0
- package/src/services/local-content.ts +120 -0
- package/src/services/local-gateway-service.ts +62 -0
- package/src/services/local-secrets.test.ts +80 -0
- package/src/services/local-secrets.ts +94 -0
- package/src/services/local-variables.test.ts +61 -0
- package/src/services/local-variables.ts +39 -0
- package/src/services/logger-console.test.ts +118 -0
- package/src/services/logger-console.ts +98 -0
- package/src/services/logger.ts +57 -0
- package/src/services/scheduler-service.ts +86 -0
- package/src/services/schema-service.ts +33 -0
- package/src/services/scoped-secret-service.test.ts +74 -0
- package/src/services/scoped-secret-service.ts +41 -0
- package/src/services/secret-service.ts +38 -0
- package/src/services/trigger-service.ts +17 -0
- package/src/services/typed-secret-service.test.ts +93 -0
- package/src/services/typed-secret-service.ts +70 -0
- package/src/services/typed-variables-service.test.ts +73 -0
- package/src/services/typed-variables-service.ts +81 -0
- package/src/services/user-session-service.test.ts +113 -0
- package/src/services/user-session-service.ts +86 -0
- package/src/services/variables-service.ts +11 -0
- package/src/services/workflow-service.ts +96 -0
- package/src/testing/index.ts +2 -0
- package/src/testing/service-tests.ts +873 -0
- package/src/time-utils.test.ts +56 -0
- package/src/time-utils.ts +107 -0
- package/src/types/core.types.ts +478 -0
- package/src/types/state.types.ts +188 -0
- package/src/utils/hash.test.ts +68 -0
- package/src/utils/hash.ts +26 -0
- package/src/utils.test.ts +350 -0
- package/src/utils.ts +129 -0
- package/src/version.test.ts +80 -0
- package/src/version.ts +25 -0
- package/src/wirings/ai-agent/agent-dynamic-workflow.ts +469 -0
- package/src/wirings/ai-agent/ai-agent-helpers.test.ts +152 -0
- package/src/wirings/ai-agent/ai-agent-helpers.ts +76 -0
- package/src/wirings/ai-agent/ai-agent-memory.ts +310 -0
- package/src/wirings/ai-agent/ai-agent-model-config.test.ts +115 -0
- package/src/wirings/ai-agent/ai-agent-model-config.ts +43 -0
- package/src/wirings/ai-agent/ai-agent-prepare.ts +659 -0
- package/src/wirings/ai-agent/ai-agent-registry.test.ts +37 -0
- package/src/wirings/ai-agent/ai-agent-registry.ts +82 -0
- package/src/wirings/ai-agent/ai-agent-runner.test.ts +319 -0
- package/src/wirings/ai-agent/ai-agent-runner.ts +773 -0
- package/src/wirings/ai-agent/ai-agent-stream.test.ts +859 -0
- package/src/wirings/ai-agent/ai-agent-stream.ts +1153 -0
- package/src/wirings/ai-agent/ai-agent.types.ts +382 -0
- package/src/wirings/ai-agent/index.ts +37 -0
- package/src/wirings/channel/channel-common.ts +90 -0
- package/src/wirings/channel/channel-handler.ts +250 -0
- package/src/wirings/channel/channel-middleware-runner.ts +126 -0
- package/src/wirings/channel/channel-runner.ts +166 -0
- package/src/wirings/channel/channel-store.ts +29 -0
- package/src/wirings/channel/channel.types.ts +172 -0
- package/src/wirings/channel/define-channel-routes.ts +25 -0
- package/src/wirings/channel/eventhub-service.ts +34 -0
- package/src/wirings/channel/eventhub-store.ts +13 -0
- package/src/wirings/channel/index.ts +24 -0
- package/src/wirings/channel/local/index.ts +3 -0
- package/src/wirings/channel/local/local-channel-handler.ts +81 -0
- package/src/wirings/channel/local/local-channel-runner.test.ts +215 -0
- package/src/wirings/channel/local/local-channel-runner.ts +210 -0
- package/src/wirings/channel/local/local-eventhub-service.test.ts +95 -0
- package/src/wirings/channel/local/local-eventhub-service.ts +101 -0
- package/src/wirings/channel/log-channels.ts +20 -0
- package/src/wirings/channel/pikku-abstract-channel-handler.test.ts +54 -0
- package/src/wirings/channel/pikku-abstract-channel-handler.ts +45 -0
- package/src/wirings/channel/serverless/index.ts +5 -0
- package/src/wirings/channel/serverless/serverless-channel-runner.ts +289 -0
- package/src/wirings/cli/channel/cli-channel-runner.ts +136 -0
- package/src/wirings/cli/channel/index.ts +1 -0
- package/src/wirings/cli/cli-runner.test.ts +403 -0
- package/src/wirings/cli/cli-runner.ts +529 -0
- package/src/wirings/cli/cli.types.ts +358 -0
- package/src/wirings/cli/command-parser.test.ts +445 -0
- package/src/wirings/cli/command-parser.ts +504 -0
- package/src/wirings/cli/define-cli-commands.ts +24 -0
- package/src/wirings/cli/index.ts +19 -0
- package/src/wirings/gateway/gateway-runner.test.ts +474 -0
- package/src/wirings/gateway/gateway-runner.ts +411 -0
- package/src/wirings/gateway/gateway.types.ts +149 -0
- package/src/wirings/gateway/index.ts +13 -0
- package/src/wirings/http/http-routes.test.ts +322 -0
- package/src/wirings/http/http-routes.ts +197 -0
- package/src/wirings/http/http-runner.test.ts +144 -0
- package/src/wirings/http/http-runner.ts +588 -0
- package/src/wirings/http/http.types.ts +369 -0
- package/src/wirings/http/index.ts +28 -0
- package/src/wirings/http/log-http-routes.ts +22 -0
- package/src/wirings/http/pikku-fetch-http-request.test.ts +237 -0
- package/src/wirings/http/pikku-fetch-http-request.ts +170 -0
- package/src/wirings/http/pikku-fetch-http-response.test.ts +82 -0
- package/src/wirings/http/pikku-fetch-http-response.ts +147 -0
- package/src/wirings/http/routers/http-router.ts +13 -0
- package/src/wirings/http/routers/path-to-regex.test.ts +319 -0
- package/src/wirings/http/routers/path-to-regex.ts +126 -0
- package/src/wirings/http/web-request.test.ts +236 -0
- package/src/wirings/http/web-request.ts +104 -0
- package/src/wirings/mcp/index.ts +27 -0
- package/src/wirings/mcp/mcp-endpoint-registry.test.ts +389 -0
- package/src/wirings/mcp/mcp-endpoint-registry.ts +159 -0
- package/src/wirings/mcp/mcp-runner.ts +323 -0
- package/src/wirings/mcp/mcp.types.ts +216 -0
- package/src/wirings/node/index.ts +2 -0
- package/src/wirings/node/node.types.ts +23 -0
- package/src/wirings/oauth2/index.ts +3 -0
- package/src/wirings/oauth2/oauth2-client.test.ts +929 -0
- package/src/wirings/oauth2/oauth2-client.ts +335 -0
- package/src/wirings/oauth2/oauth2.types.ts +69 -0
- package/src/wirings/oauth2/wire-oauth2-credential.ts +23 -0
- package/src/wirings/queue/index.ts +31 -0
- package/src/wirings/queue/queue-runner.test.ts +710 -0
- package/src/wirings/queue/queue-runner.ts +192 -0
- package/src/wirings/queue/queue.types.ts +189 -0
- package/src/wirings/queue/register-queue-helper.ts +60 -0
- package/src/wirings/queue/validate-worker-config.test.ts +108 -0
- package/src/wirings/queue/validate-worker-config.ts +116 -0
- package/src/wirings/rpc/index.ts +4 -0
- package/src/wirings/rpc/rpc-runner.ts +460 -0
- package/src/wirings/rpc/rpc-types.ts +56 -0
- package/src/wirings/rpc/wire-addon.ts +21 -0
- package/src/wirings/scheduler/index.ts +11 -0
- package/src/wirings/scheduler/log-schedulers.ts +20 -0
- package/src/wirings/scheduler/scheduler-runner.test.ts +660 -0
- package/src/wirings/scheduler/scheduler-runner.ts +133 -0
- package/src/wirings/scheduler/scheduler.types.ts +53 -0
- package/src/wirings/secret/index.ts +9 -0
- package/src/wirings/secret/secret.types.ts +32 -0
- package/src/wirings/secret/validate-secret-definitions.test.ts +140 -0
- package/src/wirings/secret/validate-secret-definitions.ts +82 -0
- package/src/wirings/trigger/index.ts +10 -0
- package/src/wirings/trigger/pikku-trigger-service.ts +112 -0
- package/src/wirings/trigger/trigger-runner.test.ts +79 -0
- package/src/wirings/trigger/trigger-runner.ts +135 -0
- package/src/wirings/trigger/trigger.types.ts +178 -0
- package/src/wirings/variable/index.ts +8 -0
- package/src/wirings/variable/validate-variable-definitions.test.ts +91 -0
- package/src/wirings/variable/validate-variable-definitions.ts +69 -0
- package/src/wirings/variable/variable.types.ts +22 -0
- package/src/wirings/workflow/dsl/index.ts +31 -0
- package/src/wirings/workflow/dsl/workflow-dsl.types.ts +320 -0
- package/src/wirings/workflow/dsl/workflow-runner.ts +28 -0
- package/src/wirings/workflow/graph/graph-node.ts +222 -0
- package/src/wirings/workflow/graph/graph-runner.test.ts +487 -0
- package/src/wirings/workflow/graph/graph-runner.ts +816 -0
- package/src/wirings/workflow/graph/graph-validation.test.ts +170 -0
- package/src/wirings/workflow/graph/graph-validation.ts +237 -0
- package/src/wirings/workflow/graph/index.ts +19 -0
- package/src/wirings/workflow/graph/template.test.ts +49 -0
- package/src/wirings/workflow/graph/template.ts +42 -0
- package/src/wirings/workflow/graph/wire-workflow-graph.ts +29 -0
- package/src/wirings/workflow/graph/workflow-graph.types.ts +104 -0
- package/src/wirings/workflow/index.ts +82 -0
- package/src/wirings/workflow/pikku-workflow-service.test.ts +200 -0
- package/src/wirings/workflow/pikku-workflow-service.ts +1229 -0
- package/src/wirings/workflow/workflow-helpers.test.ts +129 -0
- package/src/wirings/workflow/workflow-helpers.ts +79 -0
- package/src/wirings/workflow/workflow.types.ts +276 -0
- package/tsconfig.json +14 -0
- package/tsconfig.tsbuildinfo +1 -0
- package/lcov.info +0 -18891
|
@@ -0,0 +1,450 @@
|
|
|
1
|
+
import { describe, test, beforeEach } from 'node:test'
|
|
2
|
+
import assert from 'node:assert/strict'
|
|
3
|
+
import { authBearer } from './auth-bearer.js'
|
|
4
|
+
import { resetPikkuState } from '../pikku-state.js'
|
|
5
|
+
import type { CoreUserSession } from '../types/core.types.js'
|
|
6
|
+
import {
|
|
7
|
+
PikkuSessionService,
|
|
8
|
+
createMiddlewareSessionWireProps,
|
|
9
|
+
} from '../services/user-session-service.js'
|
|
10
|
+
import { InvalidSessionError } from '../errors/errors.js'
|
|
11
|
+
|
|
12
|
+
beforeEach(() => {
|
|
13
|
+
resetPikkuState()
|
|
14
|
+
})
|
|
15
|
+
|
|
16
|
+
const createMockHTTPRequest = (headers: Record<string, string> = {}) => ({
|
|
17
|
+
header: (name: string) => {
|
|
18
|
+
// Check both lowercase and exact case
|
|
19
|
+
return headers[name.toLowerCase()] || headers[name] || null
|
|
20
|
+
},
|
|
21
|
+
})
|
|
22
|
+
|
|
23
|
+
const createMockHTTPResponse = () => ({
|
|
24
|
+
cookie: () => {},
|
|
25
|
+
})
|
|
26
|
+
|
|
27
|
+
describe('authBearer middleware', () => {
|
|
28
|
+
test('should extract and decode JWT bearer token from Authorization header', async () => {
|
|
29
|
+
const mockUserSession: CoreUserSession = { userId: 'user123' }
|
|
30
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
31
|
+
const jwtService = {
|
|
32
|
+
encode: async () => 'token',
|
|
33
|
+
decode: async (token: string) => {
|
|
34
|
+
assert.equal(token, 'jwt-token')
|
|
35
|
+
return mockUserSession
|
|
36
|
+
},
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
const middleware = authBearer()
|
|
40
|
+
let nextCalled = false
|
|
41
|
+
|
|
42
|
+
await middleware(
|
|
43
|
+
{ jwt: jwtService } as any,
|
|
44
|
+
{
|
|
45
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
46
|
+
http: {
|
|
47
|
+
request: createMockHTTPRequest({
|
|
48
|
+
authorization: 'Bearer jwt-token',
|
|
49
|
+
}),
|
|
50
|
+
response: createMockHTTPResponse(),
|
|
51
|
+
},
|
|
52
|
+
} as any,
|
|
53
|
+
async () => {
|
|
54
|
+
nextCalled = true
|
|
55
|
+
}
|
|
56
|
+
)
|
|
57
|
+
|
|
58
|
+
assert.equal(nextCalled, true)
|
|
59
|
+
assert.deepEqual(SessionService.get(), mockUserSession)
|
|
60
|
+
})
|
|
61
|
+
|
|
62
|
+
test('should handle case-insensitive Authorization header', async () => {
|
|
63
|
+
const mockUserSession: CoreUserSession = { userId: 'user456' }
|
|
64
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
65
|
+
const jwtService = {
|
|
66
|
+
encode: async () => 'token',
|
|
67
|
+
decode: async (token: string) => {
|
|
68
|
+
assert.equal(token, 'jwt-token-2')
|
|
69
|
+
return mockUserSession
|
|
70
|
+
},
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
const middleware = authBearer()
|
|
74
|
+
let nextCalled = false
|
|
75
|
+
|
|
76
|
+
await middleware(
|
|
77
|
+
{ jwt: jwtService } as any,
|
|
78
|
+
{
|
|
79
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
80
|
+
http: {
|
|
81
|
+
request: createMockHTTPRequest({
|
|
82
|
+
Authorization: 'Bearer jwt-token-2',
|
|
83
|
+
}),
|
|
84
|
+
response: createMockHTTPResponse(),
|
|
85
|
+
},
|
|
86
|
+
} as any,
|
|
87
|
+
async () => {
|
|
88
|
+
nextCalled = true
|
|
89
|
+
}
|
|
90
|
+
)
|
|
91
|
+
|
|
92
|
+
assert.equal(nextCalled, true)
|
|
93
|
+
assert.deepEqual(SessionService.get(), mockUserSession)
|
|
94
|
+
})
|
|
95
|
+
|
|
96
|
+
test('should validate static token when token option is provided', async () => {
|
|
97
|
+
const mockUserSession: CoreUserSession = {
|
|
98
|
+
userId: 'static-user',
|
|
99
|
+
role: 'admin',
|
|
100
|
+
}
|
|
101
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
102
|
+
const jwtService = {
|
|
103
|
+
encode: async () => 'token',
|
|
104
|
+
decode: async () => {
|
|
105
|
+
// Should not be called in static token mode
|
|
106
|
+
assert.fail('JWT decode should not be called in static token mode')
|
|
107
|
+
return null
|
|
108
|
+
},
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
const middleware = authBearer({
|
|
112
|
+
token: {
|
|
113
|
+
value: 'my-static-token',
|
|
114
|
+
userSession: mockUserSession,
|
|
115
|
+
},
|
|
116
|
+
})
|
|
117
|
+
let nextCalled = false
|
|
118
|
+
|
|
119
|
+
await middleware(
|
|
120
|
+
{ jwt: jwtService } as any,
|
|
121
|
+
{
|
|
122
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
123
|
+
http: {
|
|
124
|
+
request: createMockHTTPRequest({
|
|
125
|
+
authorization: 'Bearer my-static-token',
|
|
126
|
+
}),
|
|
127
|
+
response: createMockHTTPResponse(),
|
|
128
|
+
},
|
|
129
|
+
} as any,
|
|
130
|
+
async () => {
|
|
131
|
+
nextCalled = true
|
|
132
|
+
}
|
|
133
|
+
)
|
|
134
|
+
|
|
135
|
+
assert.equal(nextCalled, true)
|
|
136
|
+
assert.deepEqual(SessionService.get(), mockUserSession)
|
|
137
|
+
})
|
|
138
|
+
|
|
139
|
+
test('should throw InvalidSessionError when scheme is not Bearer', async () => {
|
|
140
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
141
|
+
const jwtService = {
|
|
142
|
+
encode: async () => 'token',
|
|
143
|
+
decode: async () => ({ userId: 'test' }),
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
const middleware = authBearer()
|
|
147
|
+
|
|
148
|
+
await assert.rejects(
|
|
149
|
+
async () => {
|
|
150
|
+
await middleware(
|
|
151
|
+
{ jwt: jwtService } as any,
|
|
152
|
+
{
|
|
153
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
154
|
+
http: {
|
|
155
|
+
request: createMockHTTPRequest({
|
|
156
|
+
authorization: 'Basic some-token',
|
|
157
|
+
}),
|
|
158
|
+
response: createMockHTTPResponse(),
|
|
159
|
+
},
|
|
160
|
+
} as any,
|
|
161
|
+
async () => {}
|
|
162
|
+
)
|
|
163
|
+
},
|
|
164
|
+
(error: any) => {
|
|
165
|
+
assert(error instanceof InvalidSessionError)
|
|
166
|
+
return true
|
|
167
|
+
}
|
|
168
|
+
)
|
|
169
|
+
})
|
|
170
|
+
|
|
171
|
+
test('should throw InvalidSessionError when bearer token is missing', async () => {
|
|
172
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
173
|
+
const jwtService = {
|
|
174
|
+
encode: async () => 'token',
|
|
175
|
+
decode: async () => ({ userId: 'test' }),
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
const middleware = authBearer()
|
|
179
|
+
|
|
180
|
+
await assert.rejects(
|
|
181
|
+
async () => {
|
|
182
|
+
await middleware(
|
|
183
|
+
{ jwt: jwtService } as any,
|
|
184
|
+
{
|
|
185
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
186
|
+
http: {
|
|
187
|
+
request: createMockHTTPRequest({
|
|
188
|
+
authorization: 'Bearer',
|
|
189
|
+
}),
|
|
190
|
+
response: createMockHTTPResponse(),
|
|
191
|
+
},
|
|
192
|
+
} as any,
|
|
193
|
+
async () => {}
|
|
194
|
+
)
|
|
195
|
+
},
|
|
196
|
+
(error: any) => {
|
|
197
|
+
assert(error instanceof InvalidSessionError)
|
|
198
|
+
return true
|
|
199
|
+
}
|
|
200
|
+
)
|
|
201
|
+
})
|
|
202
|
+
|
|
203
|
+
test('should throw InvalidSessionError when authorization header has no space', async () => {
|
|
204
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
205
|
+
const jwtService = {
|
|
206
|
+
encode: async () => 'token',
|
|
207
|
+
decode: async () => ({ userId: 'test' }),
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
const middleware = authBearer()
|
|
211
|
+
|
|
212
|
+
await assert.rejects(
|
|
213
|
+
async () => {
|
|
214
|
+
await middleware(
|
|
215
|
+
{ jwt: jwtService } as any,
|
|
216
|
+
{
|
|
217
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
218
|
+
http: {
|
|
219
|
+
request: createMockHTTPRequest({
|
|
220
|
+
authorization: 'BearerToken',
|
|
221
|
+
}),
|
|
222
|
+
response: createMockHTTPResponse(),
|
|
223
|
+
},
|
|
224
|
+
} as any,
|
|
225
|
+
async () => {}
|
|
226
|
+
)
|
|
227
|
+
},
|
|
228
|
+
(error: any) => {
|
|
229
|
+
assert(error instanceof InvalidSessionError)
|
|
230
|
+
return true
|
|
231
|
+
}
|
|
232
|
+
)
|
|
233
|
+
})
|
|
234
|
+
|
|
235
|
+
test('should not set session when JWT decode returns null', async () => {
|
|
236
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
237
|
+
const jwtService = {
|
|
238
|
+
encode: async () => 'token',
|
|
239
|
+
decode: async () => null,
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
const middleware = authBearer()
|
|
243
|
+
let nextCalled = false
|
|
244
|
+
|
|
245
|
+
await middleware(
|
|
246
|
+
{ jwt: jwtService } as any,
|
|
247
|
+
{
|
|
248
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
249
|
+
http: {
|
|
250
|
+
request: createMockHTTPRequest({
|
|
251
|
+
authorization: 'Bearer invalid-token',
|
|
252
|
+
}),
|
|
253
|
+
response: createMockHTTPResponse(),
|
|
254
|
+
},
|
|
255
|
+
} as any,
|
|
256
|
+
async () => {
|
|
257
|
+
nextCalled = true
|
|
258
|
+
}
|
|
259
|
+
)
|
|
260
|
+
|
|
261
|
+
assert.equal(nextCalled, true)
|
|
262
|
+
assert.equal(SessionService.get(), undefined)
|
|
263
|
+
})
|
|
264
|
+
|
|
265
|
+
test('should not set session when static token does not match', async () => {
|
|
266
|
+
const mockUserSession: CoreUserSession = { userId: 'static-user' }
|
|
267
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
268
|
+
const jwtService = {
|
|
269
|
+
encode: async () => 'token',
|
|
270
|
+
decode: async () => {
|
|
271
|
+
// Should not be called when static token is provided
|
|
272
|
+
assert.fail('JWT decode should not be called in static token mode')
|
|
273
|
+
return null
|
|
274
|
+
},
|
|
275
|
+
}
|
|
276
|
+
|
|
277
|
+
const middleware = authBearer({
|
|
278
|
+
token: {
|
|
279
|
+
value: 'correct-token',
|
|
280
|
+
userSession: mockUserSession,
|
|
281
|
+
},
|
|
282
|
+
})
|
|
283
|
+
let nextCalled = false
|
|
284
|
+
|
|
285
|
+
await middleware(
|
|
286
|
+
{ jwt: jwtService } as any,
|
|
287
|
+
{
|
|
288
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
289
|
+
http: {
|
|
290
|
+
request: createMockHTTPRequest({
|
|
291
|
+
authorization: 'Bearer wrong-token',
|
|
292
|
+
}),
|
|
293
|
+
response: createMockHTTPResponse(),
|
|
294
|
+
},
|
|
295
|
+
} as any,
|
|
296
|
+
async () => {
|
|
297
|
+
nextCalled = true
|
|
298
|
+
}
|
|
299
|
+
)
|
|
300
|
+
|
|
301
|
+
assert.equal(nextCalled, true)
|
|
302
|
+
assert.equal(SessionService.get(), undefined)
|
|
303
|
+
})
|
|
304
|
+
|
|
305
|
+
test('should skip middleware when session already exists', async () => {
|
|
306
|
+
const existingSession: CoreUserSession = { userId: 'existing' }
|
|
307
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
308
|
+
SessionService.setInitial(existingSession)
|
|
309
|
+
|
|
310
|
+
let decodeCalled = false
|
|
311
|
+
const jwtService = {
|
|
312
|
+
encode: async () => 'token',
|
|
313
|
+
decode: async () => {
|
|
314
|
+
decodeCalled = true
|
|
315
|
+
return { userId: 'new' }
|
|
316
|
+
},
|
|
317
|
+
}
|
|
318
|
+
|
|
319
|
+
const middleware = authBearer()
|
|
320
|
+
let nextCalled = false
|
|
321
|
+
|
|
322
|
+
await middleware(
|
|
323
|
+
{ jwt: jwtService } as any,
|
|
324
|
+
{
|
|
325
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
326
|
+
http: {
|
|
327
|
+
request: createMockHTTPRequest({
|
|
328
|
+
authorization: 'Bearer some-token',
|
|
329
|
+
}),
|
|
330
|
+
response: createMockHTTPResponse(),
|
|
331
|
+
},
|
|
332
|
+
} as any,
|
|
333
|
+
async () => {
|
|
334
|
+
nextCalled = true
|
|
335
|
+
}
|
|
336
|
+
)
|
|
337
|
+
|
|
338
|
+
assert.equal(nextCalled, true)
|
|
339
|
+
assert.equal(decodeCalled, false)
|
|
340
|
+
assert.deepEqual(SessionService.get(), existingSession)
|
|
341
|
+
})
|
|
342
|
+
|
|
343
|
+
test('should skip middleware when http.request is not available', async () => {
|
|
344
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
345
|
+
const jwtService = {
|
|
346
|
+
encode: async () => 'token',
|
|
347
|
+
decode: async () => ({ userId: 'test' }),
|
|
348
|
+
}
|
|
349
|
+
|
|
350
|
+
const middleware = authBearer()
|
|
351
|
+
let nextCalled = false
|
|
352
|
+
|
|
353
|
+
await middleware(
|
|
354
|
+
{ jwt: jwtService } as any,
|
|
355
|
+
{ ...createMiddlewareSessionWireProps(SessionService) } as any,
|
|
356
|
+
async () => {
|
|
357
|
+
nextCalled = true
|
|
358
|
+
}
|
|
359
|
+
)
|
|
360
|
+
|
|
361
|
+
assert.equal(nextCalled, true)
|
|
362
|
+
assert.equal(SessionService.get(), undefined)
|
|
363
|
+
})
|
|
364
|
+
|
|
365
|
+
test('should continue without session when authorization header is missing', async () => {
|
|
366
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
367
|
+
const jwtService = {
|
|
368
|
+
encode: async () => 'token',
|
|
369
|
+
decode: async () => ({ userId: 'test' }),
|
|
370
|
+
}
|
|
371
|
+
|
|
372
|
+
const middleware = authBearer()
|
|
373
|
+
let nextCalled = false
|
|
374
|
+
|
|
375
|
+
await middleware(
|
|
376
|
+
{ jwt: jwtService } as any,
|
|
377
|
+
{
|
|
378
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
379
|
+
http: {
|
|
380
|
+
request: createMockHTTPRequest({}),
|
|
381
|
+
response: createMockHTTPResponse(),
|
|
382
|
+
},
|
|
383
|
+
} as any,
|
|
384
|
+
async () => {
|
|
385
|
+
nextCalled = true
|
|
386
|
+
}
|
|
387
|
+
)
|
|
388
|
+
|
|
389
|
+
assert.equal(nextCalled, true)
|
|
390
|
+
assert.equal(SessionService.get(), undefined)
|
|
391
|
+
})
|
|
392
|
+
|
|
393
|
+
test('should not decode when jwtService is not available in JWT mode', async () => {
|
|
394
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
395
|
+
|
|
396
|
+
const middleware = authBearer()
|
|
397
|
+
let nextCalled = false
|
|
398
|
+
|
|
399
|
+
await middleware(
|
|
400
|
+
{ jwt: undefined } as any,
|
|
401
|
+
{
|
|
402
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
403
|
+
http: {
|
|
404
|
+
request: createMockHTTPRequest({
|
|
405
|
+
authorization: 'Bearer some-token',
|
|
406
|
+
}),
|
|
407
|
+
response: createMockHTTPResponse(),
|
|
408
|
+
},
|
|
409
|
+
} as any,
|
|
410
|
+
async () => {
|
|
411
|
+
nextCalled = true
|
|
412
|
+
}
|
|
413
|
+
)
|
|
414
|
+
|
|
415
|
+
assert.equal(nextCalled, true)
|
|
416
|
+
assert.equal(SessionService.get(), undefined)
|
|
417
|
+
})
|
|
418
|
+
|
|
419
|
+
test('should work in static token mode even when jwtService is not available', async () => {
|
|
420
|
+
const mockUserSession: CoreUserSession = { userId: 'static-user' }
|
|
421
|
+
const SessionService = new PikkuSessionService<CoreUserSession>()
|
|
422
|
+
|
|
423
|
+
const middleware = authBearer({
|
|
424
|
+
token: {
|
|
425
|
+
value: 'static-token',
|
|
426
|
+
userSession: mockUserSession,
|
|
427
|
+
},
|
|
428
|
+
})
|
|
429
|
+
let nextCalled = false
|
|
430
|
+
|
|
431
|
+
await middleware(
|
|
432
|
+
{ jwt: undefined } as any,
|
|
433
|
+
{
|
|
434
|
+
...createMiddlewareSessionWireProps(SessionService),
|
|
435
|
+
http: {
|
|
436
|
+
request: createMockHTTPRequest({
|
|
437
|
+
authorization: 'Bearer static-token',
|
|
438
|
+
}),
|
|
439
|
+
response: createMockHTTPResponse(),
|
|
440
|
+
},
|
|
441
|
+
} as any,
|
|
442
|
+
async () => {
|
|
443
|
+
nextCalled = true
|
|
444
|
+
}
|
|
445
|
+
)
|
|
446
|
+
|
|
447
|
+
assert.equal(nextCalled, true)
|
|
448
|
+
assert.deepEqual(SessionService.get(), mockUserSession)
|
|
449
|
+
})
|
|
450
|
+
})
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { InvalidSessionError } from '../errors/errors.js'
|
|
2
|
+
import type { CoreUserSession } from '../types/core.types.js'
|
|
3
|
+
import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Bearer token middleware that extracts and validates tokens from the Authorization header.
|
|
7
|
+
*
|
|
8
|
+
* Supports two modes:
|
|
9
|
+
* - JWT decoding (default): Decodes bearer tokens using the JWT service
|
|
10
|
+
* - Static token: Provide a `token` object with a value and userSession for simple token validation
|
|
11
|
+
*
|
|
12
|
+
* @param options.token - Optional static token configuration { value: string, userSession: CoreUserSession }
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import { authBearer } from '@pikku/core/middleware'
|
|
17
|
+
*
|
|
18
|
+
* // JWT mode (default)
|
|
19
|
+
* addHTTPMiddleware('*', [
|
|
20
|
+
* authBearer()
|
|
21
|
+
* ])
|
|
22
|
+
*
|
|
23
|
+
* // Static token mode
|
|
24
|
+
* addHTTPMiddleware('*', [
|
|
25
|
+
* authBearer({
|
|
26
|
+
* token: {
|
|
27
|
+
* value: process.env.API_TOKEN,
|
|
28
|
+
* userSession: { userId: 'system', role: 'admin' }
|
|
29
|
+
* }
|
|
30
|
+
* })
|
|
31
|
+
* ])
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
export const authBearer = pikkuMiddlewareFactory<{
|
|
35
|
+
token?: {
|
|
36
|
+
value: string
|
|
37
|
+
userSession: CoreUserSession
|
|
38
|
+
}
|
|
39
|
+
}>(({ token } = {}) =>
|
|
40
|
+
pikkuMiddleware(
|
|
41
|
+
async ({ jwt: jwtService }, { http, setSession, session }, next) => {
|
|
42
|
+
if (!http?.request || !setSession || session) {
|
|
43
|
+
return next()
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
const authHeader =
|
|
47
|
+
http.request.header('authorization') ||
|
|
48
|
+
http.request.header('Authorization')
|
|
49
|
+
|
|
50
|
+
if (authHeader) {
|
|
51
|
+
const [scheme, bearerToken] = authHeader.split(' ')
|
|
52
|
+
if (scheme !== 'Bearer' || !bearerToken) {
|
|
53
|
+
throw new InvalidSessionError()
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
let userSession: CoreUserSession | null = null
|
|
57
|
+
|
|
58
|
+
if (token && bearerToken === token.value) {
|
|
59
|
+
userSession = token.userSession
|
|
60
|
+
} else if (jwtService && !token) {
|
|
61
|
+
userSession = await jwtService.decode(bearerToken)
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
if (userSession) {
|
|
65
|
+
setSession?.(userSession)
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
return next()
|
|
70
|
+
}
|
|
71
|
+
)
|
|
72
|
+
)
|