@rebasepro/server-core 0.0.1-canary.4d4fb3e

package/test/query-parser.test.ts

@@ -0,0 +1,258 @@
+import { mapOperator, parseQueryOptions } from "../src/api/rest/query-parser";
+
+// ─────────────────────────────────────────────────────────────
+// mapOperator
+// ─────────────────────────────────────────────────────────────
+describe("mapOperator", () => {
+    it("maps PostgREST operators to Rebase operators", () => {
+        expect(mapOperator("eq")).toBe("==");
+        expect(mapOperator("neq")).toBe("!=");
+        expect(mapOperator("gt")).toBe(">");
+        expect(mapOperator("gte")).toBe(">=");
+        expect(mapOperator("lt")).toBe("<");
+        expect(mapOperator("lte")).toBe("<=");
+        expect(mapOperator("in")).toBe("in");
+        expect(mapOperator("nin")).toBe("not-in");
+        expect(mapOperator("cs")).toBe("array-contains");
+        expect(mapOperator("csa")).toBe("array-contains-any");
+    });
+
+    it("returns null for unknown operators", () => {
+        expect(mapOperator("like")).toBeNull();
+        expect(mapOperator("between")).toBeNull();
+        expect(mapOperator("")).toBeNull();
+    });
+});
+
+// ─────────────────────────────────────────────────────────────
+// parseQueryOptions — Pagination
+// ─────────────────────────────────────────────────────────────
+describe("parseQueryOptions — pagination", () => {
+    it("parses limit", () => {
+        const result = parseQueryOptions({ limit: "25" });
+        expect(result.limit).toBe(25);
+    });
+
+    it("parses offset", () => {
+        const result = parseQueryOptions({ offset: "50" });
+        expect(result.offset).toBe(50);
+    });
+
+    it("calculates offset from page number", () => {
+        const result = parseQueryOptions({ page: "3", limit: "10" });
+        expect(result.offset).toBe(20); // (3-1) * 10
+    });
+
+    it("uses default limit of 20 for page calculation when limit not set", () => {
+        const result = parseQueryOptions({ page: "2" });
+        expect(result.offset).toBe(20); // (2-1) * 20
+    });
+
+    it("handles no pagination params", () => {
+        const result = parseQueryOptions({});
+        expect(result.limit).toBeUndefined();
+        expect(result.offset).toBeUndefined();
+    });
+});
+
+// ─────────────────────────────────────────────────────────────
+// parseQueryOptions — PostgREST Filters
+// ─────────────────────────────────────────────────────────────
+describe("parseQueryOptions — PostgREST filters", () => {
+    it("parses equality filter (implicit eq)", () => {
+        const result = parseQueryOptions({ status: "published" });
+        expect(result.where?.status).toEqual(["==", "published"]);
+    });
+
+    it("parses eq operator explicitly", () => {
+        const result = parseQueryOptions({ status: "eq.published" });
+        expect(result.where?.status).toEqual(["==", "published"]);
+    });
+
+    it("parses gt with number coercion", () => {
+        const result = parseQueryOptions({ age: "gt.18" });
+        expect(result.where?.age).toEqual([">", 18]);
+    });
+
+    it("parses gte operator", () => {
+        const result = parseQueryOptions({ price: "gte.9.99" });
+        expect(result.where?.price).toEqual([">=", 9.99]);
+    });
+
+    it("parses lt operator", () => {
+        const result = parseQueryOptions({ count: "lt.100" });
+        expect(result.where?.count).toEqual(["<", 100]);
+    });
+
+    it("parses lte operator", () => {
+        const result = parseQueryOptions({ rating: "lte.5" });
+        expect(result.where?.rating).toEqual(["<=", 5]);
+    });
+
+    it("parses neq operator", () => {
+        const result = parseQueryOptions({ status: "neq.draft" });
+        expect(result.where?.status).toEqual(["!=", "draft"]);
+    });
+
+    it("parses boolean true", () => {
+        const result = parseQueryOptions({ active: "true" });
+        expect(result.where?.active).toEqual(["==", true]);
+    });
+
+    it("parses boolean false", () => {
+        const result = parseQueryOptions({ active: "false" });
+        expect(result.where?.active).toEqual(["==", false]);
+    });
+
+    it("parses null", () => {
+        const result = parseQueryOptions({ deleted_at: "null" });
+        expect(result.where?.deleted_at).toEqual(["==", null]);
+    });
+
+    it("parses numeric strings as numbers", () => {
+        const result = parseQueryOptions({ quantity: "42" });
+        expect(result.where?.quantity).toEqual(["==", 42]);
+    });
+
+    it("parses in operator with array", () => {
+        const result = parseQueryOptions({ role: "in.(admin,editor,viewer)" });
+        expect(result.where?.role).toEqual(["in", ["admin", "editor", "viewer"]]);
+    });
+
+    it("parses in operator with numeric array", () => {
+        const result = parseQueryOptions({ priority: "in.(1,2,3)" });
+        expect(result.where?.priority).toEqual(["in", [1, 2, 3]]);
+    });
+
+    it("parses array-contains operator", () => {
+        const result = parseQueryOptions({ tags: "cs.javascript" });
+        expect(result.where?.tags).toEqual(["array-contains", "javascript"]);
+    });
+
+    it("skips reserved query keys", () => {
+        const result = parseQueryOptions({
+            limit: "10",
+            offset: "0",
+            orderBy: "name:asc",
+            status: "eq.active",
+        });
+        // Only status should be in where
+        expect(result.where?.status).toEqual(["==", "active"]);
+        expect(result.where?.limit).toBeUndefined();
+        expect(result.where?.offset).toBeUndefined();
+        expect(result.where?.orderBy).toBeUndefined();
+    });
+
+    it("handles string values with dots that are not operators (fallback to eq)", () => {
+        const result = parseQueryOptions({ email: "user@example.com" });
+        // "user@example" is not a valid operator, so fallback to eq
+        expect(result.where?.email).toBeDefined();
+    });
+
+    it("removes empty where object", () => {
+        const result = parseQueryOptions({ limit: "10" });
+        expect(result.where).toBeUndefined();
+    });
+});
+
+// ─────────────────────────────────────────────────────────────
+// parseQueryOptions — Legacy JSON where
+// ─────────────────────────────────────────────────────────────
+describe("parseQueryOptions — legacy JSON where", () => {
+    it("parses JSON where string", () => {
+        const result = parseQueryOptions({
+            where: JSON.stringify({ status: ["==", "published"] }),
+        });
+        expect(result.where?.status).toEqual(["==", "published"]);
+    });
+
+    it("accepts object where directly", () => {
+        const result = parseQueryOptions({
+            where: { status: ["==", "draft"] },
+        });
+        expect(result.where?.status).toEqual(["==", "draft"]);
+    });
+
+    it("throws for malformed JSON where", () => {
+        expect(() => parseQueryOptions({ where: "not valid json{" })).toThrow("Invalid 'where' filter");
+    });
+
+    it("throws for array where", () => {
+        expect(() => parseQueryOptions({ where: JSON.stringify([1, 2]) })).toThrow("Filter must be a JSON object");
+    });
+
+    it("throws for null where", () => {
+        expect(() => parseQueryOptions({ where: JSON.stringify(null) })).toThrow("Filter must be a JSON object");
+    });
+});
+
+// ─────────────────────────────────────────────────────────────
+// parseQueryOptions — Sorting
+// ─────────────────────────────────────────────────────────────
+describe("parseQueryOptions — sorting", () => {
+    it("parses JSON orderBy", () => {
+        const orderBy = JSON.stringify([{ field: "name", direction: "asc" }]);
+        const result = parseQueryOptions({ orderBy });
+        expect(result.orderBy).toEqual([{ field: "name", direction: "asc" }]);
+    });
+
+    it("parses simple field:direction format", () => {
+        const result = parseQueryOptions({ orderBy: "created_at:desc" });
+        expect(result.orderBy).toEqual([{ field: "created_at", direction: "desc" }]);
+    });
+
+    it("defaults direction to asc", () => {
+        const result = parseQueryOptions({ orderBy: "name" });
+        expect(result.orderBy).toEqual([{ field: "name", direction: "asc" }]);
+    });
+
+    it("handles no orderBy", () => {
+        const result = parseQueryOptions({});
+        expect(result.orderBy).toBeUndefined();
+    });
+});
+
+// ─────────────────────────────────────────────────────────────
+// parseQueryOptions — Relation includes
+// ─────────────────────────────────────────────────────────────
+describe("parseQueryOptions — includes", () => {
+    it("parses wildcard include", () => {
+        const result = parseQueryOptions({ include: "*" });
+        expect(result.include).toEqual(["*"]);
+    });
+
+    it("parses comma-separated includes", () => {
+        const result = parseQueryOptions({ include: "author,tags,category" });
+        expect(result.include).toEqual(["author", "tags", "category"]);
+    });
+
+    it("trims whitespace in includes", () => {
+        const result = parseQueryOptions({ include: " author , tags " });
+        expect(result.include).toEqual(["author", "tags"]);
+    });
+
+    it("handles no include", () => {
+        const result = parseQueryOptions({});
+        expect(result.include).toBeUndefined();
+    });
+});
+
+// ─────────────────────────────────────────────────────────────
+// parseQueryOptions — Field selection
+// ─────────────────────────────────────────────────────────────
+describe("parseQueryOptions — fields", () => {
+    it("parses comma-separated fields", () => {
+        const result = parseQueryOptions({ fields: "id,name,email" });
+        expect(result.fields).toEqual(["id", "name", "email"]);
+    });
+
+    it("trims whitespace", () => {
+        const result = parseQueryOptions({ fields: " id , name " });
+        expect(result.fields).toEqual(["id", "name"]);
+    });
+
+    it("handles no fields", () => {
+        const result = parseQueryOptions({});
+        expect(result.fields).toBeUndefined();
+    });
+});

package/test/rate-limiter.test.ts

@@ -0,0 +1,102 @@
+import { createRateLimiter } from "../src/auth/rate-limiter";
+import { Hono } from "hono";
+import { HonoEnv } from "../src/api/types";
+
+describe("Rate Limiter", () => {
+
+    function createTestApp(options: { windowMs?: number; limit?: number } = {}) {
+        const app = new Hono<HonoEnv>();
+        const limiter = createRateLimiter({
+            windowMs: options.windowMs ?? 60 * 1000, // 1 minute
+            limit: options.limit ?? 3,
+            keyGenerator: (c) => c.req.header("x-forwarded-for") || "test-ip",
+        });
+        app.use("/api/*", limiter);
+        app.get("/api/test", (c) => c.json({ ok: true }));
+        return app;
+    }
+
+    it("allows requests under the limit", async () => {
+        const app = createTestApp({ limit: 5 });
+
+        const res = await app.request("/api/test", {
+            headers: { "x-forwarded-for": "1.2.3.4" },
+        });
+
+        expect(res.status).toBe(200);
+        expect(res.headers.get("X-RateLimit-Limit")).toBe("5");
+        expect(res.headers.get("X-RateLimit-Remaining")).toBe("4");
+    });
+
+    it("returns 429 when limit is exceeded", async () => {
+        const app = createTestApp({ limit: 2 });
+
+        // First two should pass
+        await app.request("/api/test", { headers: { "x-forwarded-for": "10.0.0.1" } });
+        await app.request("/api/test", { headers: { "x-forwarded-for": "10.0.0.1" } });
+
+        // Third should be rate limited
+        const res = await app.request("/api/test", {
+            headers: { "x-forwarded-for": "10.0.0.1" },
+        });
+
+        expect(res.status).toBe(429);
+        const body = await res.json() as any;
+        expect(body.error.code).toBe("RATE_LIMITED");
+    });
+
+    it("includes Retry-After header when rate limited", async () => {
+        const app = createTestApp({ limit: 1 });
+
+        await app.request("/api/test", { headers: { "x-forwarded-for": "10.0.0.2" } });
+        const res = await app.request("/api/test", {
+            headers: { "x-forwarded-for": "10.0.0.2" },
+        });
+
+        expect(res.headers.get("Retry-After")).toBeDefined();
+        expect(res.headers.get("X-RateLimit-Remaining")).toBe("0");
+    });
+
+    it("tracks different IPs separately", async () => {
+        const app = createTestApp({ limit: 1 });
+
+        const res1 = await app.request("/api/test", {
+            headers: { "x-forwarded-for": "ip-a" },
+        });
+        const res2 = await app.request("/api/test", {
+            headers: { "x-forwarded-for": "ip-b" },
+        });
+
+        expect(res1.status).toBe(200);
+        expect(res2.status).toBe(200);
+    });
+
+    it("decrements remaining count with each request", async () => {
+        const app = createTestApp({ limit: 3 });
+        const ip = "counter-ip";
+
+        const r1 = await app.request("/api/test", { headers: { "x-forwarded-for": ip } });
+        expect(r1.headers.get("X-RateLimit-Remaining")).toBe("2");
+
+        const r2 = await app.request("/api/test", { headers: { "x-forwarded-for": ip } });
+        expect(r2.headers.get("X-RateLimit-Remaining")).toBe("1");
+
+        const r3 = await app.request("/api/test", { headers: { "x-forwarded-for": ip } });
+        expect(r3.headers.get("X-RateLimit-Remaining")).toBe("0");
+    });
+
+    it("uses custom message", async () => {
+        const app = new Hono<HonoEnv>();
+        const limiter = createRateLimiter({
+            limit: 0,
+            message: "Slow down!",
+            keyGenerator: () => "always-same",
+        });
+        app.use("/api/*", limiter);
+        app.get("/api/test", (c) => c.json({ ok: true }));
+
+        const res = await app.request("/api/test");
+        const body = await res.json() as any;
+        expect(body.error.message).toBe("Slow down!");
+    });
+});

package/test/storage-local.test.ts

@@ -0,0 +1,278 @@
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+import { LocalStorageController } from "../src/storage/LocalStorageController";
+
+describe("LocalStorageController", () => {
+    let controller: LocalStorageController;
+    let tempDir: string;
+
+    beforeEach(async () => {
+        // Create a temporary directory for tests
+        tempDir = await fs.promises.mkdtemp(path.join(os.tmpdir(), "rebase-storage-test-"));
+        controller = new LocalStorageController({
+            basePath: tempDir
+        });
+    });
+
+    afterEach(async () => {
+        // Clean up temporary directory
+        await fs.promises.rm(tempDir, { recursive: true, force: true });
+    });
+
+    describe("constructor", () => {
+        it("should initialize with basePath", () => {
+            expect(controller.getBasePath()).toBe(tempDir);
+        });
+
+        it("should return 'local' as type", () => {
+            expect(controller.getType()).toBe("local");
+        });
+    });
+
+    describe("uploadFile", () => {
+        it("should upload a file and return metadata", async () => {
+            const content = Buffer.from("Hello, World!");
+            const file = new File([content], "test.txt", { type: "text/plain" });
+
+            const result = await controller.uploadFile({
+                file,
+                fileName: "test.txt",
+                path: "uploads"
+            });
+
+            expect(result.path).toContain("uploads");
+            expect(result.path).toContain("test.txt");
+
+            // Verify file exists on disk (uses default bucket)
+            const filePath = path.join(tempDir, "default", "uploads", "test.txt");
+            const exists = await fs.promises.access(filePath).then(() => true).catch(() => false);
+            expect(exists).toBe(true);
+        });
+
+        it("should create nested directories", async () => {
+            const content = Buffer.from("Nested content");
+            const file = new File([content], "nested.txt", { type: "text/plain" });
+
+            await controller.uploadFile({
+                file,
+                fileName: "nested.txt",
+                path: "level1/level2/level3"
+            });
+
+            const filePath = path.join(tempDir, "default", "level1", "level2", "level3", "nested.txt");
+            const exists = await fs.promises.access(filePath).then(() => true).catch(() => false);
+            expect(exists).toBe(true);
+        });
+
+        it("should handle custom bucket", async () => {
+            const content = Buffer.from("Bucket content");
+            const file = new File([content], "bucket.txt", { type: "text/plain" });
+
+            await controller.uploadFile({
+                file,
+                fileName: "bucket.txt",
+                path: "files",
+                bucket: "custom-bucket"
+            });
+
+            const filePath = path.join(tempDir, "custom-bucket", "files", "bucket.txt");
+            const exists = await fs.promises.access(filePath).then(() => true).catch(() => false);
+            expect(exists).toBe(true);
+        });
+
+        it("should store metadata alongside file", async () => {
+            const content = Buffer.from("With metadata");
+            const file = new File([content], "meta.txt", { type: "text/plain" });
+
+            await controller.uploadFile({
+                file,
+                fileName: "meta.txt",
+                path: "uploads",
+                metadata: { customField: "customValue" }
+            });
+
+            // Implementation uses .metadata.json extension
+            const metadataPath = path.join(tempDir, "default", "uploads", "meta.txt.metadata.json");
+            const exists = await fs.promises.access(metadataPath).then(() => true).catch(() => false);
+            expect(exists).toBe(true);
+        });
+    });
+
+    describe("getFile", () => {
+        it("should retrieve an uploaded file using local:// URL format", async () => {
+            const content = Buffer.from("Retrieve me");
+            const file = new File([content], "retrieve.txt", { type: "text/plain" });
+
+            const uploadResult = await controller.uploadFile({
+                file,
+                fileName: "retrieve.txt",
+                path: "uploads"
+            });
+
+            // Use the storageUrl from upload result (local:// format)
+            const retrieved = await controller.getFile(uploadResult.storageUrl!);
+
+            expect(retrieved).not.toBeNull();
+            expect(retrieved?.name).toBe("retrieve.txt");
+        });
+
+        it("should return null for non-existent file", async () => {
+            const result = await controller.getFile("local://default/nonexistent/file.txt");
+            expect(result).toBeNull();
+        });
+    });
+
+    describe("deleteFile", () => {
+        it("should delete an uploaded file using local:// URL format", async () => {
+            const content = Buffer.from("Delete me");
+            const file = new File([content], "delete.txt", { type: "text/plain" });
+
+            const uploadResult = await controller.uploadFile({
+                file,
+                fileName: "delete.txt",
+                path: "uploads"
+            });
+
+            // Verify file exists
+            const filePath = path.join(tempDir, "default", "uploads", "delete.txt");
+            let exists = await fs.promises.access(filePath).then(() => true).catch(() => false);
+            expect(exists).toBe(true);
+
+            // Delete the file using local:// URL format
+            await controller.deleteFile(uploadResult.storageUrl!);
+
+            // Verify file no longer exists
+            exists = await fs.promises.access(filePath).then(() => true).catch(() => false);
+            expect(exists).toBe(false);
+        });
+
+        it("should not throw when deleting non-existent file", async () => {
+            await expect(controller.deleteFile("local://default/nonexistent/file.txt")).resolves.not.toThrow();
+        });
+
+        it("should also delete metadata file", async () => {
+            const content = Buffer.from("Delete with metadata");
+            const file = new File([content], "withmeta.txt", { type: "text/plain" });
+
+            const uploadResult = await controller.uploadFile({
+                file,
+                fileName: "withmeta.txt",
+                path: "uploads",
+                metadata: { key: "value" }
+            });
+
+            await controller.deleteFile(uploadResult.storageUrl!);
+
+            const metadataPath = path.join(tempDir, "default", "uploads", "withmeta.txt.metadata.json");
+            const exists = await fs.promises.access(metadataPath).then(() => true).catch(() => false);
+            expect(exists).toBe(false);
+        });
+    });
+
+    describe("list", () => {
+        beforeEach(async () => {
+            // Upload some test files
+            for (let i = 1; i <= 5; i++) {
+                const file = new File([`Content ${i}`], `file${i}.txt`, { type: "text/plain" });
+                await controller.uploadFile({
+                    file,
+                    fileName: `file${i}.txt`,
+                    path: "listtest"
+                });
+            }
+        });
+
+        it("should list files in a directory", async () => {
+            const result = await controller.list("listtest", { bucket: "default" });
+
+            // Items should be the actual files (not metadata files)
+            expect(result.items.length).toBeGreaterThanOrEqual(5);
+        });
+
+        it("should return empty list for non-existent directory", async () => {
+            const result = await controller.list("nonexistent", { bucket: "default" });
+
+            expect(result.items).toHaveLength(0);
+        });
+    });
+
+    describe("getDownloadURL", () => {
+        it("should return download URL for existing file", async () => {
+            const content = Buffer.from("Download me");
+            const file = new File([content], "download.txt", { type: "text/plain" });
+
+            const uploadResult = await controller.uploadFile({
+                file,
+                fileName: "download.txt",
+                path: "uploads"
+            });
+
+            // Use the storageUrl from upload result
+            const result = await controller.getDownloadURL(uploadResult.storageUrl!);
+
+            expect(result.url).toBeTruthy();
+            expect(result.fileNotFound).toBeFalsy();
+        });
+
+        it("should return fileNotFound for non-existent file", async () => {
+            const result = await controller.getDownloadURL("local://default/nonexistent/file.txt");
+
+            expect(result.fileNotFound).toBe(true);
+        });
+    });
+
+    describe("getAbsolutePath", () => {
+        it("should return absolute filesystem path without bucket", () => {
+            const absPath = controller.getAbsolutePath("uploads/test.txt");
+
+            // getAbsolutePath uses getFullPath which doesn't include bucket unless specified
+            expect(absPath).toBe(path.join(tempDir, "uploads", "test.txt"));
+        });
+
+        it("should handle custom bucket", () => {
+            const absPath = controller.getAbsolutePath("uploads/test.txt", "custom");
+
+            expect(absPath).toBe(path.join(tempDir, "custom", "uploads", "test.txt"));
+        });
+    });
+
+    describe("validateFile", () => {
+        it("should accept valid file", () => {
+            const file = new File(["content"], "valid.txt", { type: "text/plain" });
+
+            // Should not throw
+            expect(() => {
+                (controller as {validateFile: (f: File) => void}).validateFile(file);
+            }).not.toThrow();
+        });
+
+        it("should reject file exceeding max size", () => {
+            // Create a controller with small max size
+            const smallController = new LocalStorageController({
+                basePath: tempDir,
+                maxFileSize: 10 // 10 bytes
+            });
+
+            const largeContent = Buffer.alloc(100);
+            const file = new File([largeContent], "large.txt", { type: "text/plain" });
+
+            expect(() => {
+                (smallController as {validateFile: (f: File) => void}).validateFile(file);
+            }).toThrow(/exceeds/i);
+        });
+
+        it("should reject disallowed file types", () => {
+            const controllerWithTypes = new LocalStorageController({
+                basePath: tempDir,
+                allowedMimeTypes: ["image/png", "image/jpeg"]
+            });
+
+            const file = new File(["content"], "script.js", { type: "application/javascript" });
+
+            expect(() => {
+                (controllerWithTypes as {validateFile: (f: File) => void}).validateFile(file);
+            }).toThrow(/not allowed/i);
+        });
+    });
+});