@rip-lang/server 1.3.98 → 1.3.100

package/tests/acme.rip

@@ -0,0 +1,124 @@
+# test-acme.rip — ACME challenges, store, and crypto tests
+
+import { test, eq, ok } from '../test.rip'
+import { createChallengeStore, handleChallengeRequest } from '../acme/store.rip'
+import { defaultCertDir, ensureDir, saveCert, loadCert, needsRenewal, listCerts } from '../acme/store.rip'
+import { b64url, generateAccountKeyPair, exportPublicJwk, thumbprint, signJws } from '../acme/crypto.rip'
+import { mkdtempSync, rmSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+
+# --- Challenge store ---
+
+test "createChallengeStore set/get/has/remove", ->
+  store = createChallengeStore()
+  eq store.has('tok1'), false
+  store.set('tok1', 'auth1')
+  eq store.has('tok1'), true
+  eq store.get('tok1'), 'auth1'
+  store.remove('tok1')
+  eq store.has('tok1'), false
+  eq store.get('tok1'), null
+
+test "handleChallengeRequest serves token", ->
+  store = createChallengeStore()
+  store.set('abc123', 'abc123.thumbprint')
+  url = new URL('http://example.com/.well-known/acme-challenge/abc123')
+  res = handleChallengeRequest(url, store)
+  ok res
+  eq res.status, 200
+
+test "handleChallengeRequest returns null for unknown token", ->
+  store = createChallengeStore()
+  url = new URL('http://example.com/.well-known/acme-challenge/unknown')
+  res = handleChallengeRequest(url, store)
+  eq res, null
+
+test "handleChallengeRequest returns null for non-challenge path", ->
+  store = createChallengeStore()
+  url = new URL('http://example.com/other/path')
+  res = handleChallengeRequest(url, store)
+  eq res, null
+
+# --- Cert store ---
+
+test "saveCert and loadCert round-trip", ->
+  dir = mkdtempSync(join(tmpdir(), 'rip-test-'))
+  saveCert(dir, 'test.com', 'CERT-PEM', 'KEY-PEM')
+  rec = loadCert(dir, 'test.com')
+  ok rec
+  eq rec.cert, 'CERT-PEM'
+  eq rec.key, 'KEY-PEM'
+  rmSync(dir, { recursive: true })
+
+test "loadCert returns null for missing domain", ->
+  dir = mkdtempSync(join(tmpdir(), 'rip-test-'))
+  rec = loadCert(dir, 'missing.com')
+  eq rec, null
+  rmSync(dir, { recursive: true })
+
+test "needsRenewal returns true for missing cert", ->
+  dir = mkdtempSync(join(tmpdir(), 'rip-test-'))
+  eq needsRenewal(dir, 'missing.com'), true
+  rmSync(dir, { recursive: true })
+
+test "listCerts returns domain directories", ->
+  dir = mkdtempSync(join(tmpdir(), 'rip-test-'))
+  saveCert(dir, 'a.com', 'C', 'K')
+  saveCert(dir, 'b.com', 'C', 'K')
+  certs = listCerts(dir)
+  ok certs.includes('a.com')
+  ok certs.includes('b.com')
+  rmSync(dir, { recursive: true })
+
+test "defaultCertDir returns a path", ->
+  d = defaultCertDir()
+  ok typeof d is 'string'
+  ok d.includes('.rip')
+
+# --- Crypto ---
+
+test "b64url encodes correctly", ->
+  eq b64url('hello'), 'aGVsbG8'
+  eq b64url(''), ''
+
+test "b64url strips padding", ->
+  encoded = b64url('a')
+  eq encoded.includes('='), false
+
+test "generateAccountKeyPair returns keypair", ->
+  pair = generateAccountKeyPair()
+  ok pair.publicKey
+  ok pair.privateKey
+
+test "exportPublicJwk returns EC P-256 JWK", ->
+  pair = generateAccountKeyPair()
+  jwk = exportPublicJwk(pair)
+  eq jwk.kty, 'EC'
+  eq jwk.crv, 'P-256'
+  ok jwk.x
+  ok jwk.y
+
+test "thumbprint returns 43-char base64url", ->
+  pair = generateAccountKeyPair()
+  jwk = exportPublicJwk(pair)
+  tp = thumbprint(jwk)
+  eq tp.length, 43
+
+test "signJws returns valid JWS structure", ->
+  pair = generateAccountKeyPair()
+  jwk = exportPublicJwk(pair)
+  jws = signJws({ test: true }, 'https://example.com', 'nonce1', pair.privateKey, jwk, null)
+  parsed = JSON.parse(jws)
+  ok parsed.protected
+  ok parsed.payload
+  ok parsed.signature
+
+test "signJws with kid omits jwk from header", ->
+  pair = generateAccountKeyPair()
+  jwk = exportPublicJwk(pair)
+  jws = signJws({}, 'https://example.com', 'nonce1', pair.privateKey, jwk, 'https://acme/acct/1')
+  parsed = JSON.parse(jws)
+  header = JSON.parse(Buffer.from(parsed.protected.replace(/-/g, '+').replace(/_/g, '/'), 'base64').toString())
+  eq header.kid, 'https://acme/acct/1'
+  eq header.jwk, undefined

package/tests/helpers.rip

@@ -0,0 +1,90 @@
+# test-helpers.rip — edge/helpers and forwarding response factory tests
+
+import { test, eq, ok } from '../test.rip'
+import { formatPort, maybeAddSecurityHeaders, buildStatusBody, buildRipdevUrl } from '../edge/forwarding.rip'
+import { watchUnavailableResponse, serverBusyResponse, serviceUnavailableResponse, gatewayTimeoutResponse, queueTimeoutResponse } from '../edge/forwarding.rip'
+
+# --- formatPort ---
+
+test "formatPort hides default HTTPS port", ->
+  eq formatPort('https', 443), ''
+
+test "formatPort hides default HTTP port", ->
+  eq formatPort('http', 80), ''
+
+test "formatPort shows non-default port", ->
+  eq formatPort('https', 3443), ':3443'
+  eq formatPort('http', 8080), ':8080'
+
+# --- maybeAddSecurityHeaders ---
+
+test "maybeAddSecurityHeaders sets HSTS when active", ->
+  headers = new Headers()
+  maybeAddSecurityHeaders(true, true, headers)
+  ok headers.has('strict-transport-security')
+
+test "maybeAddSecurityHeaders skips when not HTTPS", ->
+  headers = new Headers()
+  maybeAddSecurityHeaders(false, true, headers)
+  eq headers.has('strict-transport-security'), false
+
+test "maybeAddSecurityHeaders skips when HSTS disabled", ->
+  headers = new Headers()
+  maybeAddSecurityHeaders(true, false, headers)
+  eq headers.has('strict-transport-security'), false
+
+test "maybeAddSecurityHeaders does not overwrite existing", ->
+  headers = new Headers({ 'strict-transport-security': 'custom' })
+  maybeAddSecurityHeaders(true, true, headers)
+  eq headers.get('strict-transport-security'), 'custom'
+
+# --- buildRipdevUrl ---
+
+test "buildRipdevUrl with default port", ->
+  url = buildRipdevUrl('myapp', 'https', 443, formatPort)
+  eq url, 'https://myapp.ripdev.io'
+
+test "buildRipdevUrl with custom port", ->
+  url = buildRipdevUrl('myapp', 'https', 3443, formatPort)
+  eq url, 'https://myapp.ripdev.io:3443'
+
+# --- buildStatusBody ---
+
+test "buildStatusBody returns valid JSON", ->
+  hostIndex = new Map([['localhost', 'app1']])
+  body = buildStatusBody(Date.now() - 5000, 2, hostIndex, '1.0.0', 'myapp', 80, 443, (-> Date.now()))
+  parsed = JSON.parse(body)
+  eq parsed.status, 'healthy'
+  eq parsed.workers, 2
+  eq parsed.app, 'myapp'
+  ok parsed.hosts.includes('localhost')
+
+test "buildStatusBody degraded when no workers", ->
+  hostIndex = new Map()
+  body = buildStatusBody(Date.now(), 0, hostIndex, '1.0', 'app', 80, null, (-> Date.now()))
+  parsed = JSON.parse(body)
+  eq parsed.status, 'degraded'
+
+# --- Response factories ---
+
+test "watchUnavailableResponse returns 503", ->
+  res = watchUnavailableResponse()
+  eq res.status, 503
+  eq res.headers.get('Retry-After'), '2'
+
+test "serverBusyResponse returns 503", ->
+  res = serverBusyResponse()
+  eq res.status, 503
+  eq res.headers.get('Retry-After'), '1'
+
+test "serviceUnavailableResponse returns 503", ->
+  res = serviceUnavailableResponse()
+  eq res.status, 503
+
+test "gatewayTimeoutResponse returns 504", ->
+  res = gatewayTimeoutResponse()
+  eq res.status, 504
+
+test "queueTimeoutResponse returns 504", ->
+  res = queueTimeoutResponse()
+  eq res.status, 504

package/tests/metrics.rip

@@ -0,0 +1,73 @@
+# ==============================================================================
+# test-metrics.rip — edge/metrics.rip tests
+# ==============================================================================
+
+import { test, eq, ok, near } from '../test.rip'
+import { createMetrics } from '../edge/metrics.rip'
+
+test "createMetrics returns object with counters", ->
+  m = createMetrics()
+  eq m.requests, 0
+  eq m.forwarded, 0
+  eq m.responses2xx, 0
+  eq m.queueShed, 0
+
+test "counter increments", ->
+  m = createMetrics()
+  m.requests++
+  m.requests++
+  m.forwarded++
+  eq m.requests, 2
+  eq m.forwarded, 1
+
+test "recordStatus tracks 2xx", ->
+  m = createMetrics()
+  m.recordStatus(200)
+  m.recordStatus(201)
+  m.recordStatus(204)
+  eq m.responses2xx, 3
+  eq m.responses4xx, 0
+
+test "recordStatus tracks 4xx and 5xx", ->
+  m = createMetrics()
+  m.recordStatus(404)
+  m.recordStatus(500)
+  m.recordStatus(503)
+  eq m.responses4xx, 1
+  eq m.responses5xx, 2
+
+test "recordLatency and percentiles with single value", ->
+  m = createMetrics()
+  m.recordLatency(0.05)
+  p = m.percentiles()
+  near p.p50, 0.05
+  near p.p95, 0.05
+  near p.p99, 0.05
+
+test "percentiles with multiple values", ->
+  m = createMetrics()
+  for i in [1..100]
+    m.recordLatency(i / 1000)
+  p = m.percentiles()
+  ok p.p50 >= 0.045 and p.p50 <= 0.055
+  ok p.p95 >= 0.090 and p.p95 <= 0.100
+  ok p.p99 >= 0.095 and p.p99 <= 0.105
+
+test "percentiles empty returns zeros", ->
+  m = createMetrics()
+  p = m.percentiles()
+  eq p.p50, 0
+  eq p.p95, 0
+  eq p.p99, 0
+
+test "snapshot returns expected shape", ->
+  m = createMetrics()
+  m.requests = 100
+  m.responses2xx = 90
+  m.responses5xx = 10
+  snap = m.snapshot(Date.now() - 60000, null)
+  ok snap.uptime >= 59 and snap.uptime <= 61
+  eq snap.counters.requests, 100
+  eq snap.counters.responses['2xx'], 90
+  eq snap.counters.responses['5xx'], 10
+  eq snap.apps, []

package/tests/proxy.rip

@@ -0,0 +1,99 @@
+# proxy.rip — reverse proxy and config loader tests
+
+import { test, eq, ok } from '../test.rip'
+import { normalizeAppConfig, applyConfig } from '../edge/config.rip'
+import { createAppRegistry, registerApp, resolveHost, getAppState } from '../edge/registry.rip'
+import { broadcastBinary, createHub, addClient } from '../edge/realtime.rip'
+import { setEventJsonMode, logEvent } from '../control/lifecycle.rip'
+
+# --- Config normalization ---
+
+test "normalizeAppConfig sets defaults", ->
+  config = normalizeAppConfig('myapp', {}, '/base')
+  eq config.id, 'myapp'
+  eq config.maxQueue, 512
+  eq config.queueTimeoutMs, 30000
+  eq config.readTimeoutMs, 30000
+  eq config.hosts.length, 0
+
+test "normalizeAppConfig preserves explicit values", ->
+  config = normalizeAppConfig('api', { hosts: ['api.com'], workers: 8, maxQueue: 2048 }, '/base')
+  eq config.hosts[0], 'api.com'
+  eq config.workers, 8
+  eq config.maxQueue, 2048
+
+test "normalizeAppConfig resolves relative entry path", ->
+  config = normalizeAppConfig('app', { entry: './index.rip' }, '/srv/apps')
+  ok config.entry.startsWith('/')
+  ok config.entry.includes('index.rip')
+
+test "normalizeAppConfig keeps absolute entry path", ->
+  config = normalizeAppConfig('app', { entry: '/opt/app/index.rip' }, '/srv')
+  eq config.entry, '/opt/app/index.rip'
+
+# --- Config apply ---
+
+test "applyConfig registers apps in registry", ->
+  registry = createAppRegistry()
+  config =
+    apps:
+      web: { hosts: ['example.com'], workers: 4 }
+      api: { hosts: ['api.example.com'], workers: 2 }
+  registered = applyConfig(config, registry, registerApp, '/srv')
+  eq registered.length, 2
+  eq resolveHost(registry, 'example.com'), 'web'
+  eq resolveHost(registry, 'api.example.com'), 'api'
+
+test "applyConfig handles empty apps", ->
+  registry = createAppRegistry()
+  registered = applyConfig({ apps: {} }, registry, registerApp, '/srv')
+  eq registered.length, 0
+
+# --- Binary broadcast ---
+
+test "broadcastBinary delivers to group members", ->
+  hub = createHub()
+  received = []
+  addClient(hub, 'c1', { send: ((data) -> received.push(data)) })
+  addClient(hub, 'c2', { send: ((data) -> received.push(data)) })
+  # Subscribe both to /room
+  hub.members.get('c1').add('/room')
+  hub.members.get('c2').add('/room')
+  hub.members.set('/room', new Set(['c1', 'c2']))
+  # Broadcast binary
+  buf = new Uint8Array([1, 2, 3, 4])
+  broadcastBinary(hub, ['/room'], buf, null)
+  eq received.length, 2
+
+test "broadcastBinary excludes sender", ->
+  hub = createHub()
+  received = { c1: [], c2: [] }
+  addClient(hub, 'c1', { send: ((data) -> received.c1.push(data)) })
+  addClient(hub, 'c2', { send: ((data) -> received.c2.push(data)) })
+  hub.members.get('c1').add('/room')
+  hub.members.get('c2').add('/room')
+  hub.members.set('/room', new Set(['c1', 'c2']))
+  broadcastBinary(hub, ['/room'], new Uint8Array([5, 6]), 'c1')
+  eq received.c1.length, 0
+  eq received.c2.length, 1
+
+test "broadcastBinary to direct client", ->
+  hub = createHub()
+  received = []
+  addClient(hub, 'c1', { send: ((data) -> received.push(data)) })
+  hub.members.set('c1', new Set())
+  broadcastBinary(hub, ['c1'], new Uint8Array([7, 8]), null)
+  eq received.length, 1
+
+# --- Event logger ---
+
+test "logEvent emits without error", ->
+  setEventJsonMode(false)
+  logEvent('test_event', { key: 'val' })
+  ok true
+
+test "logEvent JSON mode emits without error", ->
+  setEventJsonMode(true)
+  logEvent('test_event', { key: 'val' })
+  setEventJsonMode(false)
+  ok true

package/tests/{read.test.rip → read.rip}

@@ -7,7 +7,7 @@
 # Each test is self-contained: t(name, input, expected, fn)
 # No HTTP server needed — uses requestContext.run() directly.
 #
-# Run: rip packages/server/tests/read.test.rip
+# Run: rip packages/server/test/tests/read.rip
 #
 
 import { read, requestContext } from '../api.rip'
@@ -33,16 +33,16 @@ t = (name, was, now, fn) ->
       actual = fn()
       if deepEq(actual, now)
         passed++
-        console.log "✓ #{name}"
+        p "✓ #{name}"
       else
         failed++
-        console.log "✗ #{name}"
-        console.log "    was:      #{stringify(was)}"
-        console.log "    expected: #{stringify(now)}"
-        console.log "    actual:   #{stringify(actual)}"
+        p "✗ #{name}"
+        p "    was:      #{stringify(was)}"
+        p "    expected: #{stringify(now)}"
+        p "    actual:   #{stringify(actual)}"
     catch err
       failed++
-      console.log "✗ #{name} — threw: #{err.message}"
+      p "✗ #{name} — threw: #{err.message}"
 
 # f(name, was, fn) — expect a throw
 f = (name, was, fn) ->
@@ -51,10 +51,10 @@ f = (name, was, fn) ->
     try
       fn()
       failed++
-      console.log "✗ #{name} — expected throw"
+      p "✗ #{name} — expected throw"
     catch
       passed++
-      console.log "✓ #{name}"
+      p "✓ #{name}"
 
 # ==============================================================================
 # read() basics (no validator)
@@ -250,5 +250,4 @@ t "required w/ miss()"      , undefined, 'ok' -> read 'v', 'email!', -> 'ok'
 # Results
 # ==============================================================================
 
-console.log "\n#{passed} passed, #{failed} failed (#{total} total)"
-process.exit(if failed > 0 then 1 else 0)
+p "\n#{passed} passed, #{failed} failed (#{total} total)"

package/tests/realtime.rip

@@ -0,0 +1,147 @@
+# realtime.rip — edge/realtime.rip unit tests
+
+import { test, eq, ok } from '../test.rip'
+import { createHub, generateClientId, addClient, removeClient, processResponse, handlePublish, getRealtimeStats } from '../edge/realtime.rip'
+
+# --- Hub lifecycle ---
+
+test "createHub returns empty hub", ->
+  hub = createHub()
+  eq hub.sockets.size, 0
+  eq hub.members.size, 0
+  eq hub.deliveries, 0
+
+test "generateClientId returns 32-char hex", ->
+  id = generateClientId()
+  eq id.length, 32
+  ok /^[0-9a-f]+$/.test(id)
+
+test "generateClientId is unique", ->
+  a = generateClientId()
+  b = generateClientId()
+  ok a isnt b
+
+# --- Client management ---
+
+test "addClient stores socket and creates membership", ->
+  hub = createHub()
+  ws = { send: (->), readyState: 1 }
+  addClient(hub, 'c1', ws)
+  eq hub.sockets.size, 1
+  eq hub.sockets.get('c1'), ws
+  ok hub.members.has('c1')
+
+test "removeClient cleans up socket and memberships", ->
+  hub = createHub()
+  addClient(hub, 'c1', { send: (->), readyState: 1 })
+  # Subscribe c1 to a group
+  processResponse(hub, JSON.stringify({ '+': ['room1'], '@': ['c1'] }), 'c1')
+  ok hub.members.has('room1')
+  # Remove client
+  removeClient(hub, 'c1')
+  eq hub.sockets.size, 0
+  eq hub.members.has('c1'), false
+
+# --- Membership via processResponse ---
+
+test "subscribe adds client to group", ->
+  hub = createHub()
+  addClient(hub, 'c1', { send: (->), readyState: 1 })
+  processResponse(hub, JSON.stringify({ '+': ['room1'] }), 'c1')
+  ok hub.members.has('room1')
+  ok hub.members.get('room1').has('c1')
+  ok hub.members.get('c1').has('room1')
+
+test "unsubscribe removes client from group", ->
+  hub = createHub()
+  addClient(hub, 'c1', { send: (->), readyState: 1 })
+  processResponse(hub, JSON.stringify({ '+': ['room1'] }), 'c1')
+  processResponse(hub, JSON.stringify({ '-': ['room1'] }), 'c1')
+  eq hub.members.has('room1'), false
+
+test "subscribe to multiple groups", ->
+  hub = createHub()
+  addClient(hub, 'c1', { send: (->), readyState: 1 })
+  processResponse(hub, JSON.stringify({ '+': ['room1', 'room2'] }), 'c1')
+  ok hub.members.get('c1').has('room1')
+  ok hub.members.get('c1').has('room2')
+
+# --- Message delivery ---
+
+test "deliver to direct client target", ->
+  hub = createHub()
+  received = []
+  addClient(hub, 'c1', { send: ((msg) -> received.push(msg)) })
+  addClient(hub, 'c2', { send: ((msg) -> received.push(msg)) })
+  # c1 sends, targeting c2 directly
+  processResponse(hub, JSON.stringify({ '@': ['c2'], 'chat': 'hello' }), 'c1')
+  eq received.length, 1
+  parsed = JSON.parse(received[0])
+  eq parsed.chat, 'hello'
+
+test "deliver to channel group members", ->
+  hub = createHub()
+  received = { c1: [], c2: [] }
+  addClient(hub, 'c1', { send: ((msg) -> received.c1.push(msg)) })
+  addClient(hub, 'c2', { send: ((msg) -> received.c2.push(msg)) })
+  # Subscribe both to /room
+  processResponse(hub, JSON.stringify({ '+': ['/room'] }), 'c1')
+  processResponse(hub, JSON.stringify({ '+': ['/room'] }), 'c2')
+  # Send to /room
+  processResponse(hub, JSON.stringify({ '@': ['/room'], 'msg': 'hi' }), null)
+  ok received.c1.length > 0
+  ok received.c2.length > 0
+
+test "sender exclusion via > key", ->
+  hub = createHub()
+  received = { c1: [], c2: [] }
+  addClient(hub, 'c1', { send: ((msg) -> received.c1.push(msg)) })
+  addClient(hub, 'c2', { send: ((msg) -> received.c2.push(msg)) })
+  # Both in /room
+  processResponse(hub, JSON.stringify({ '+': ['/room'] }), 'c1')
+  processResponse(hub, JSON.stringify({ '+': ['/room'] }), 'c2')
+  # Send from c1, exclude c1
+  processResponse(hub, JSON.stringify({ '>': ['c1'], '@': ['/room'], 'msg': 'hi' }), null)
+  eq received.c1.length, 0
+  ok received.c2.length > 0
+
+# --- External publish ---
+
+test "handlePublish delivers without clientId", ->
+  hub = createHub()
+  received = []
+  addClient(hub, 'c1', { send: ((msg) -> received.push(msg)) })
+  handlePublish(hub, JSON.stringify({ '@': ['c1'], 'event': 'data' }))
+  eq received.length, 1
+
+# --- Stats ---
+
+test "getRealtimeStats reflects hub state", ->
+  hub = createHub()
+  addClient(hub, 'c1', { send: (->), readyState: 1 })
+  addClient(hub, 'c2', { send: (->), readyState: 1 })
+  stats = getRealtimeStats(hub)
+  eq stats.clients, 2
+  eq stats.connections, 2
+
+# --- Array response ---
+
+test "processResponse handles array of items", ->
+  hub = createHub()
+  received = []
+  addClient(hub, 'c1', { send: ((msg) -> received.push(msg)) })
+  # Array with two items
+  processResponse(hub, JSON.stringify([
+    { '+': ['room1'] }
+    { '@': ['c1'], 'a': 1 }
+  ]), 'c1')
+  ok hub.members.get('c1').has('room1')
+  eq received.length, 1
+
+# --- Invalid JSON ---
+
+test "processResponse handles invalid JSON gracefully", ->
+  hub = createHub()
+  processResponse(hub, 'not json', 'c1')
+  # Should not throw — just log error
+  eq hub.sockets.size, 0