npm - @restforgejs/platform - Versions diffs - 4.1.1 → 4.3.1 - Mend

@restforgejs/platform 4.1.1 → 4.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (340) hide show

package/generators/tests/unit/cli/create-processor.test.js DELETED Viewed

@@ -1,319 +0,0 @@
-const test = require('node:test');
-const assert = require('node:assert');
-const fs = require('node:fs');
-const path = require('node:path');
-const os = require('node:os');
-const { spawnSync } = require('node:child_process');
-const REPO_ROOT = path.resolve(__dirname, '..', '..', '..');
-const CLI_SCRIPT = path.join(REPO_ROOT, 'cli', 'create-processor.js');
-const FIXTURES_DIR = path.join(REPO_ROOT, 'tests', 'fixtures', 'payloads');
-/**
- * Siapkan temp workspace dengan payload fixture, lalu jalankan generator.
- * Returns { workDir, routerPath, processorDir, exitCode, stdout, stderr }.
- */
-function runGenerator({ fixtureName, project, endpoint, extraArgs = [] }) {
-  const workDir = fs.mkdtempSync(path.join(os.tmpdir(), 'rf-cli-test-'));
-  const payloadDir = path.join(workDir, 'payload');
-  fs.mkdirSync(payloadDir, { recursive: true });
-  fs.copyFileSync(path.join(FIXTURES_DIR, fixtureName), path.join(payloadDir, fixtureName));
-  const result = spawnSync(process.execPath, [
-    CLI_SCRIPT,
-    `--project=${project}`,
-    `--endpoint=${endpoint}`,
-    `--payload=${fixtureName}`,
-    ...extraArgs
-  ], {
-    cwd: workDir,
-    encoding: 'utf-8',
-    env: { ...process.env, NODE_ENV: 'test' }
-  });
-  const routerPath = path.join(workDir, 'src', 'modules', project, `${endpoint}.js`);
-  const processorDir = path.join(workDir, 'src', 'modules', project, 'processor', endpoint);
-  return {
-    workDir,
-    routerPath,
-    processorDir,
-    exitCode: result.status,
-    stdout: result.stdout,
-    stderr: result.stderr
-  };
-}
-function cleanup(workDir) {
-  try {
-    fs.rmSync(workDir, { recursive: true, force: true });
-  } catch (err) {
-    // Best-effort cleanup saja.
-  }
-}
-test('router berisi SECURITY banner, validation block, dan masker helper', () => {
-  const run = runGenerator({
-    fixtureName: 'order-process.json',
-    project: 'sales',
-    endpoint: 'order-process'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0, `Generator exit with non-zero: ${run.stderr}`);
-    const router = fs.readFileSync(run.routerPath, 'utf-8');
-    // Banner SECURITY di atas route handler.
-    assert.match(router, /SECURITY: Validation di-enforce di router layer/);
-    assert.match(router, /JANGAN edit file router ini/);
-    // Masker helper di-inject.
-    assert.match(router, /SENSITIVE_FIELD_PATTERNS/);
-    assert.match(router, /function __maskSensitive/);
-    // Validation block menggunakan __validationErrors.
-    assert.match(router, /const __validationErrors = \[\];/);
-    assert.match(router, /'Field "so_id" wajib diisi'/);
-    assert.match(router, /harus berupa UUID yang valid/);
-    // Header mapping dengan type check.
-    assert.match(router, /typeof req\.headers\['x-app-code'\] === 'string'/);
-    // Enum whitelist untuk decision field.
-    assert.match(router, /\['approve', 'partial-approve'\]\.includes/);
-    // Debug log dibungkus NODE_ENV guard dan pakai __maskSensitive.
-    assert.match(router, /NODE_ENV !== 'production'/);
-    assert.match(router, /__maskSensitive\(input\)/);
-    // Error handler hanya pakai error.message (bukan full error).
-    assert.match(router, /console\.error\([^)]*error\.message\)/);
-    // Sintaks valid.
-    assert.doesNotThrow(() => new Function(fs.readFileSync(run.routerPath, 'utf-8')));
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('processor scaffold berisi SECURITY BOUNDARY docstring dan inline warning', () => {
-  const run = runGenerator({
-    fixtureName: 'order-process.json',
-    project: 'sales',
-    endpoint: 'order-process'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const scaffold = fs.readFileSync(path.join(run.processorDir, 'submit-order.js'), 'utf-8');
-    assert.match(scaffold, /SECURITY BOUNDARY \(jangan dilemahkan saat refactor\)/);
-    assert.match(scaffold, /parameterized placeholder/);
-    assert.match(scaffold, /Concat user input ke SQL string DILARANG/);
-    assert.match(scaffold, /Identifier dinamis \(kolom\/tabel\) WAJIB di-whitelist/);
-    assert.match(scaffold, /Field sensitif .+ JANGAN di-log plaintext/);
-    // Inline warning sebelum db.executeQuery.
-    assert.match(scaffold, /SECURITY: SQL executed dengan parameterized placeholder/);
-    assert.match(scaffold, /paramCount/);
-    // Sintaks valid.
-    assert.doesNotThrow(() => new Function(scaffold));
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('payload dengan password field: router auto-mask via default pattern', () => {
-  const run = runGenerator({
-    fixtureName: 'login-with-password.json',
-    project: 'auth',
-    endpoint: 'session'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const router = fs.readFileSync(run.routerPath, 'utf-8');
-    // Masker helper di-inject dengan pattern default.
-    assert.match(router, /SENSITIVE_FIELD_PATTERNS = \/\^\(password\|/);
-    // Eksekusi helper dari kode router untuk verifikasi runtime mask.
-    const helperCode = router.match(/const SENSITIVE_FIELD_PATTERNS[\s\S]+?^}/m)[0];
-    const runner = new Function(`${helperCode}\nreturn __maskSensitive(arguments[0]);`);
-    const masked = runner({ username: 'ibrahim', password: 'secret123' });
-    assert.strictEqual(masked.password, '***MASKED***');
-    assert.strictEqual(masked.username, 'ibrahim');
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('payload dengan request.validate:false: router emit komentar opt-out saja', () => {
-  const run = runGenerator({
-    fixtureName: 'dynamic-search-optout.json',
-    project: 'contact',
-    endpoint: 'search'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const router = fs.readFileSync(run.routerPath, 'utf-8');
-    assert.match(router, /Router validation di-opt-out via "request\.validate": false/);
-    // Tidak ada __validationErrors di router yang opt-out.
-    assert.doesNotMatch(router, /__validationErrors/);
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('custom sensitive keyword: safe keyword masuk regex, keyword berbahaya di-filter', () => {
-  const run = runGenerator({
-    fixtureName: 'custom-sensitive.json',
-    project: 'auth',
-    endpoint: 'signup'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const router = fs.readFileSync(run.routerPath, 'utf-8');
-    // Keyword "ktp_number" dan "npwp" adalah identifier aman -> masuk pattern.
-    assert.match(router, /ktp_number/);
-    assert.match(router, /npwp/);
-    // Keyword dengan meta character regex ('.*', '|') harus di-filter.
-    const patternLine = router.split('\n').find((l) => l.includes('SENSITIVE_FIELD_PATTERNS'));
-    assert.ok(patternLine, 'Pattern line harus ada');
-    assert.ok(!patternLine.includes('attack_name.*'), 'Keyword berbahaya attack_name.* tidak boleh masuk regex');
-    assert.ok(!patternLine.includes('another|field'), 'Keyword berbahaya another|field tidak boleh masuk regex');
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('regenerate tanpa --force: processor scaffold yang sudah ada tidak di-overwrite', () => {
-  const run = runGenerator({
-    fixtureName: 'order-process.json',
-    project: 'sales',
-    endpoint: 'order-process'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const scaffoldPath = path.join(run.processorDir, 'submit-order.js');
-    // Inject custom marker ke scaffold existing.
-    const customContent = fs.readFileSync(scaffoldPath, 'utf-8') + '\n// CUSTOM_CODE_MARKER';
-    fs.writeFileSync(scaffoldPath, customContent);
-    // Re-run generator tanpa --force.
-    const rerun = spawnSync(process.execPath, [
-      CLI_SCRIPT,
-      '--project=sales',
-      '--endpoint=order-process',
-      '--payload=order-process.json'
-    ], {
-      cwd: run.workDir,
-      encoding: 'utf-8',
-      env: { ...process.env, NODE_ENV: 'test' }
-    });
-    assert.strictEqual(rerun.status, 0, `Re-run exit with non-zero: ${rerun.stderr}`);
-    const preservedContent = fs.readFileSync(scaffoldPath, 'utf-8');
-    assert.match(preservedContent, /CUSTOM_CODE_MARKER/, 'Custom code harus tetap ada (skip-if-exists)');
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('attack vector: router menolak body tanpa required field (HTTP 400)', () => {
-  const run = runGenerator({
-    fixtureName: 'order-process.json',
-    project: 'sales',
-    endpoint: 'order-process'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const router = fs.readFileSync(run.routerPath, 'utf-8');
-    // Extract blok validation untuk submit-order dan eksekusi manual.
-    // Cari chain validation di antara header mapping dan debug log.
-    const match = router.match(/const __validationErrors = \[\];[\s\S]+?if \(__validationErrors\.length[\s\S]+?\}\s*\n/);
-    assert.ok(match, 'Validation block harus ada di router');
-    const resObj = {
-      __status: 0, __payload: null,
-      status(c) { this.__status = c; return this; },
-      json(b) { this.__payload = b; return this; }
-    };
-    const fn = new Function('input', 'res', match[0]);
-    // Body kosong -> required so_id dan app_code hilang.
-    fn({}, resObj);
-    assert.strictEqual(resObj.__status, 400);
-    assert.ok(Array.isArray(resObj.__payload.errors));
-    const fields = resObj.__payload.errors.map(e => e.field);
-    assert.ok(fields.includes('so_id'), 'Errors harus mention so_id');
-    assert.ok(fields.includes('app_code'), 'Errors harus mention app_code');
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('attack vector: UUID injection payload ter-reject di router', () => {
-  const run = runGenerator({
-    fixtureName: 'order-process.json',
-    project: 'sales',
-    endpoint: 'order-process'
-  });
-  try {
-    assert.strictEqual(run.exitCode, 0);
-    const router = fs.readFileSync(run.routerPath, 'utf-8');
-    const match = router.match(/const __validationErrors = \[\];[\s\S]+?if \(__validationErrors\.length[\s\S]+?\}\s*\n/);
-    const resObj = {
-      __status: 0, __payload: null,
-      status(c) { this.__status = c; return this; },
-      json(b) { this.__payload = b; return this; }
-    };
-    const fn = new Function('input', 'res', match[0]);
-    // Payload serangan: so_id berisi SQL injection, bukan UUID.
-    fn({
-      so_id: "'; DROP TABLE sales_order; --",
-      app_code: 'sales-app'
-    }, resObj);
-    assert.strictEqual(resObj.__status, 400);
-    const uuidError = resObj.__payload.errors.find(e => e.field === 'so_id');
-    assert.ok(uuidError, 'so_id harus ada di errors');
-    assert.match(uuidError.message, /UUID yang valid/);
-  } finally {
-    cleanup(run.workDir);
-  }
-});
-test('payload invalid: generator reject dan exit non-zero', () => {
-  const workDir = fs.mkdtempSync(path.join(os.tmpdir(), 'rf-cli-test-'));
-  const payloadDir = path.join(workDir, 'payload');
-  fs.mkdirSync(payloadDir, { recursive: true });
-  // Payload dengan sensitive flag berisi non-boolean (reject di validator).
-  const bad = {
-    processor: [{
-      name: 'bad',
-      method: 'POST',
-      request: { body: { x: { type: 'string', sensitive: 'yes' } } }
-    }]
-  };
-  fs.writeFileSync(path.join(payloadDir, 'bad.json'), JSON.stringify(bad));
-  const result = spawnSync(process.execPath, [
-    CLI_SCRIPT,
-    '--project=test',
-    '--endpoint=bad',
-    '--payload=bad.json'
-  ], { cwd: workDir, encoding: 'utf-8', env: { ...process.env, NODE_ENV: 'test' } });
-  try {
-    assert.notStrictEqual(result.status, 0);
-    assert.match(result.stdout + result.stderr, /sensitive/);
-  } finally {
-    cleanup(workDir);
-  }
-});

package/generators/tests/unit/cli/dispatch-dashboard.test.js DELETED Viewed

@@ -1,149 +0,0 @@
-'use strict';
-const test = require('node:test');
-const assert = require('node:assert');
-const fs = require('node:fs');
-const path = require('node:path');
-const os = require('node:os');
-const { spawnSync } = require('node:child_process');
-const REPO_ROOT = path.resolve(__dirname, '..', '..', '..');
-const CLI_ENTRY = path.join(REPO_ROOT, 'restforge-cli.js');
-const SAMPLE_PAYLOAD_PATH = path.resolve(
-  REPO_ROOT,
-  '..',
-  'restforge',
-  'docs',
-  'architecture',
-  'dashboard-architecture',
-  'payload',
-  'dashboard-sales.json'
-);
-const SAMPLE_PAYLOAD_DIR = path.dirname(SAMPLE_PAYLOAD_PATH);
-const SAMPLE_QUERY_DIR = path.join(SAMPLE_PAYLOAD_DIR, 'query');
-/**
- * Buat tmp working dir lengkap dengan payload dashboard sample plus
- * file SQL referensi. Direplikasi dari create-dashboard.test.js agar
- * dispatch test self-contained dan tidak bergantung helper eksternal.
- */
-function setupTmpProject() {
-  const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'rf-dash-disp-'));
-  const tmpPayloadDir = path.join(tmpDir, 'payload');
-  const tmpQueryDir = path.join(tmpPayloadDir, 'query');
-  fs.mkdirSync(tmpQueryDir, { recursive: true });
-  fs.copyFileSync(
-    SAMPLE_PAYLOAD_PATH,
-    path.join(tmpPayloadDir, 'dashboard-sales.json')
-  );
-  for (const sqlFile of fs.readdirSync(SAMPLE_QUERY_DIR)) {
-    fs.copyFileSync(
-      path.join(SAMPLE_QUERY_DIR, sqlFile),
-      path.join(tmpQueryDir, sqlFile)
-    );
-  }
-  return tmpDir;
-}
-function cleanupTmpProject(tmpDir) {
-  try {
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  } catch (err) {
-    // Best-effort cleanup.
-  }
-}
-function runEntry(args, cwd) {
-  return spawnSync(process.execPath, [CLI_ENTRY, ...args], {
-    cwd: cwd || REPO_ROOT,
-    encoding: 'utf-8',
-    env: { ...process.env, NODE_ENV: 'test' }
-  });
-}
-// ===== Help routing =====
-test('help global menampilkan command dashboard di section Project Generation', () => {
-  const result = runEntry(['--help']);
-  assert.strictEqual(result.status, 0, `exit non-zero: ${result.stderr}`);
-  const out = result.stdout;
-  assert.match(out, /Project Generation:/);
-  assert.match(
-    out,
-    /dashboard\s+Generate dashboard endpoint module/,
-    'baris dashboard harus tercantum di section Project Generation'
-  );
-});
-test('dispatch dashboard --help: showHelp dari create-dashboard.js terpanggil', () => {
-  const result = runEntry(['dashboard', '--help']);
-  assert.strictEqual(result.status, 0, `exit non-zero: ${result.stderr}`);
-  const out = result.stdout;
-  assert.match(
-    out,
-    /Create Dashboard Tool - Help/,
-    'showHelp() create-dashboard harus muncul (marker banner)'
-  );
-  assert.match(
-    out,
-    /Dashboard name \(REQUIRED\)/,
-    'showHelp() create-dashboard harus mencantumkan opsi --name'
-  );
-});
-test('alias dash di-resolve ke dashboard (dash --help sama dengan dashboard --help)', () => {
-  const aliasResult = runEntry(['dash', '--help']);
-  assert.strictEqual(aliasResult.status, 0, `alias exit non-zero: ${aliasResult.stderr}`);
-  assert.match(
-    aliasResult.stdout,
-    /Create Dashboard Tool - Help/,
-    'alias dash harus dispatch ke create-dashboard showHelp'
-  );
-  assert.match(
-    aliasResult.stdout,
-    /Dashboard name \(REQUIRED\)/,
-    'alias dash harus tampilkan opsi --name dari create-dashboard showHelp'
-  );
-});
-// ===== Dispatch happy path =====
-test('dispatch happy path: dashboard via entry point menghasilkan dash module di tmp dir', () => {
-  const tmpDir = setupTmpProject();
-  try {
-    const result = runEntry([
-      'dashboard',
-      '--project=mini-inventory',
-      '--name=dash-sales',
-      '--payload=dashboard-sales'
-    ], tmpDir);
-    assert.strictEqual(result.status, 0, `dispatch exit non-zero: ${result.stderr}`);
-    const dashModulePath = path.join(
-      tmpDir, 'src', 'modules', 'mini-inventory', 'dash-sales.js'
-    );
-    assert.strictEqual(
-      fs.existsSync(dashModulePath),
-      true,
-      'dispatch via entry point harus menghasilkan dash-sales.js di tmp dir'
-    );
-  } finally {
-    cleanupTmpProject(tmpDir);
-  }
-});
-// ===== Regresi: unknown command =====
-test('unknown command tetap exit 1 dan stderr menyebut Unknown command', () => {
-  const result = runEntry(['unknown-cmd']);
-  assert.notStrictEqual(result.status, 0);
-  assert.match(
-    result.stderr,
-    /Unknown command/,
-    'stderr harus menyebut Unknown command saat command tidak dikenal'
-  );
-});