@scalekit-sdk/node 2.0.1 → 2.1.0

package/src/scalekit.ts

@@ -12,6 +12,7 @@ import PasswordlessClient from './passwordless';
 import UserClient from './user';
 import { IdpInitiatedLoginClaims, IdTokenClaim, User } from './types/auth';
 import { AuthenticationOptions, AuthenticationResponse, AuthorizationUrlOptions, GrantType, LogoutUrlOptions, RefreshTokenResponse ,TokenValidationOptions } from './types/scalekit';
+import { WebhookVerificationError, ScalekitValidateTokenFailureException } from './errors/base-exception';
 
 const authorizeEndpoint = "oauth/authorize";
 const logoutEndpoint = "oidc/logout";
@@ -226,7 +227,7 @@ export default class ScalekitClient {
   }
 
   /**
-   * Verifies the payload of the webhook
+   * Verify webhook payload
    * 
    * @param {string} secret The secret
    * @param {Record<string, string>} headers The headers
@@ -237,25 +238,40 @@ export default class ScalekitClient {
     const webhookId = headers['webhook-id'];
     const webhookTimestamp = headers['webhook-timestamp'];
     const webhookSignature = headers['webhook-signature'];
+    
     if (!webhookId || !webhookTimestamp || !webhookSignature) {
-      throw new Error("Missing required headers");
+      throw new WebhookVerificationError("Missing required headers");
+    }
+    
+    const secretParts = secret.split("_");
+    if (secretParts.length < 2) {
+      throw new WebhookVerificationError("Invalid secret");
     }
-    const timestamp = this.verifyTimestamp(webhookTimestamp);
-    const data = `${webhookId}.${Math.floor(timestamp.getTime() / 1000)}.${payload}`;
-    const secretBytes = Buffer.from(secret.split("_")[1], 'base64');
-    const computedSignature = this.computeSignature(secretBytes, data);
-    const receivedSignatures = webhookSignature.split(" ");
-    for (const versionedSignature of receivedSignatures) {
-      const [version, signature] = versionedSignature.split(",");
-      if (version !== WEBHOOK_SIGNATURE_VERSION) {
-        continue;
+    
+    try {
+      const timestamp = this.verifyTimestamp(webhookTimestamp);
+      const data = `${webhookId}.${Math.floor(timestamp.getTime() / 1000)}.${payload}`;
+      const secretBytes = Buffer.from(secretParts[1], 'base64');
+      const computedSignature = this.computeSignature(secretBytes, data);
+      const receivedSignatures = webhookSignature.split(" ");
+      
+      for (const versionedSignature of receivedSignatures) {
+        const [version, signature] = versionedSignature.split(",");
+        if (version !== WEBHOOK_SIGNATURE_VERSION) {
+          continue;
+        }
+        if (crypto.timingSafeEqual(Buffer.from(signature, 'base64'), Buffer.from(computedSignature, 'base64'))) {
+          return true;
+        }
       }
-      if (crypto.timingSafeEqual(Buffer.from(signature, 'base64'), Buffer.from(computedSignature, 'base64'))) {
-        return true;
+
+      throw new WebhookVerificationError("Invalid signature");
+    } catch (error) {
+      if (error instanceof WebhookVerificationError) {
+        throw error;
       }
+      throw new WebhookVerificationError("Invalid signature");
     }
-
-    throw new Error("Invalid Signature");
   }
 
   /**
@@ -265,7 +281,7 @@ export default class ScalekitClient {
    * @param {string} token The token to be validated
    * @param {TokenValidationOptions} options Optional validation options for issuer, audience, and scopes
    * @return {Promise<T>} Returns the token payload if valid
-   * @throws {Error} If token is invalid or missing required scopes
+   * @throws {ScalekitValidateTokenFailureException} If token is invalid or missing required scopes
    */
   async validateToken<T>(token: string, options?: TokenValidationOptions): Promise<T> {
     await this.coreClient.getJwks();
@@ -283,8 +299,8 @@ export default class ScalekitClient {
       }
 
       return payload;
-    } catch (_) {
-      throw new Error("Invalid token");
+    } catch (error) {
+      throw new ScalekitValidateTokenFailureException(error);
     }
   }
 
@@ -294,7 +310,7 @@ export default class ScalekitClient {
    * @param {string} token The token to verify
    * @param {string[]} requiredScopes The scopes that must be present in the token
    * @return {boolean} Returns true if all required scopes are present
-   * @throws {Error} If required scopes are missing, with details about which scopes are missing
+   * @throws {ScalekitValidateTokenFailureException} If required scopes are missing, with details about which scopes are missing
    */
   verifyScopes(token: string, requiredScopes: string[]): boolean {
     const payload = jose.decodeJwt(token);
@@ -303,7 +319,7 @@ export default class ScalekitClient {
     const missingScopes = requiredScopes.filter(scope => !scopes.includes(scope));
     
     if (missingScopes.length > 0) {
-      throw new Error(`Token missing required scopes: ${missingScopes.join(', ')}`);
+      throw new ScalekitValidateTokenFailureException(`Token missing required scopes: ${missingScopes.join(', ')}`);
     }
     
     return true;
@@ -332,13 +348,13 @@ export default class ScalekitClient {
     const now = Math.floor(Date.now() / 1000);
     const timestamp = parseInt(timestampStr, 10);
     if (isNaN(timestamp)) {
-      throw new Error("Invalid timestamp");
+      throw new WebhookVerificationError("Invalid Signature Headers");
     }
     if (now - timestamp > WEBHOOK_TOLERANCE_IN_SECONDS) {
-      throw new Error("Message timestamp too old");
+      throw new WebhookVerificationError("Message timestamp too old");
     }
     if (timestamp > now + WEBHOOK_TOLERANCE_IN_SECONDS) {
-      throw new Error("Message timestamp too new");
+      throw new WebhookVerificationError("Message timestamp too new");
     }
 
     return new Date(timestamp * 1000);

package/src/types/user.ts

@@ -7,7 +7,7 @@ export interface CreateUserRequest {
     lastName?: string;
   };
   metadata?: Record<string, string>;
-  sendActivationEmail?: boolean;
+  sendInvitationEmail?: boolean;
 }
 
 export interface UpdateUserRequest {

package/src/user.ts

@@ -25,7 +25,9 @@ import {
   ListOrganizationUsersRequest,
   ListOrganizationUsersResponse,
   CreateMembership,
-  UpdateMembership
+  UpdateMembership,
+  ResendInviteRequest,
+  ResendInviteResponse
 } from './pkg/grpc/scalekit/v1/users/users_pb';
 import { CreateUserRequest, UpdateUserRequest as UpdateUserRequestType } from './types/user';
 
@@ -67,8 +69,8 @@ export default class UserClient {
       user
     };
 
-    if (options.sendActivationEmail !== undefined) {
-      request.sendActivationEmail = options.sendActivationEmail;
+    if (options.sendInvitationEmail !== undefined) {
+      request.sendInvitationEmail = options.sendInvitationEmail;
     }
 
     const response = await this.coreClient.connectExec(
@@ -171,7 +173,7 @@ export default class UserClient {
    * @param {object} options The membership options
    * @param {string[]} options.roles The roles to assign
    * @param {Record<string, string>} options.metadata Optional metadata
-   * @param {boolean} options.sendActivationEmail Whether to send activation email
+   * @param {boolean} options.sendInvitationEmail Whether to send invitation email
    * @returns {Promise<CreateMembershipResponse>} The response with updated user
    */
   async createMembership(
@@ -180,7 +182,7 @@ export default class UserClient {
     options: {
       roles?: string[],
       metadata?: Record<string, string>,
-      sendActivationEmail?: boolean
+      sendInvitationEmail?: boolean
     } = {}
   ): Promise<CreateMembershipResponse> {
     const membership = new CreateMembership({
@@ -197,8 +199,8 @@ export default class UserClient {
       membership
     };
 
-    if (options.sendActivationEmail !== undefined) {
-      request.sendActivationEmail = options.sendActivationEmail;
+    if (options.sendInvitationEmail !== undefined) {
+      request.sendInvitationEmail = options.sendInvitationEmail;
     }
 
     return this.coreClient.connectExec(
@@ -288,4 +290,29 @@ export default class UserClient {
       }
     );
   }
+
+  /**
+   * Resend an invitation to a user
+   * @param {string} organizationId The organization id
+   * @param {string} userId The user id
+   * @returns {Promise<ResendInviteResponse>} The response with the invite
+   */
+  async resendInvite(organizationId: string, userId: string): Promise<ResendInviteResponse> {
+    if (!organizationId) {
+      throw new Error('organizationId is required');
+    }
+    if (!userId) {
+      throw new Error('userId is required');
+    }
+
+    const request = new ResendInviteRequest({
+      organizationId,
+      id: userId
+    });
+
+    return this.coreClient.connectExec(
+      this.client.resendInvite,
+      request
+    );
+  }
 }

package/tests/README.md

@@ -0,0 +1,25 @@
+# Scalekit Node SDK Tests
+
+This directory contains the test suite for the Scalekit Node SDK.
+
+## Setup
+
+1. Create a `.env` file in the root directory with the following environment variables:
+
+```env
+# Required for client initialization
+SCALEKIT_ENVIRONMENT_URL= "Your Scalekit environment URL."
+SCALEKIT_CLIENT_ID= " Your Scalekit environment client id "
+SCALEKIT_CLIENT_SECRET= " Your Scalekit environment client secret "
+```
+
+2. Install dependencies:
+```bash
+npm install
+```
+
+## Running Tests
+
+- Run all tests: `npm test`
+- Run tests in watch mode: `npm run test:watch`
+

package/tests/connection.test.ts

@@ -0,0 +1,42 @@
+import ScalekitClient from '../src/scalekit';
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import { TestOrganizationManager } from './utils/test-data';
+
+describe('Connections', () => {
+  let client: ScalekitClient;
+  let testOrg: string;
+
+  beforeEach(async () => {
+    // Use global client
+    client = global.client;
+    
+    // Create test organization for each test
+    testOrg = await TestOrganizationManager.createTestOrganization(client);
+  });
+
+  afterEach(async () => {
+    // Clean up test organization
+    await TestOrganizationManager.cleanupTestOrganization(client, testOrg);
+  });
+
+  describe('listConnections', () => {
+    it('should list connections by organization', async () => {
+      const connections = await client.connection.listConnections(testOrg);
+
+      expect(connections).toBeDefined();
+      expect(connections.connections).toBeDefined();
+      expect(Array.isArray(connections.connections)).toBe(true);
+    });
+  });
+
+  describe('listConnectionsByDomain', () => {
+    it('should list connections by domain', async () => {
+      const domain = 'example.com';
+      const connections = await client.connection.listConnectionsByDomain(domain);
+
+      expect(connections).toBeDefined();
+      expect(connections.connections).toBeDefined();
+      expect(Array.isArray(connections.connections)).toBe(true);
+    });
+  });
+}); 

package/tests/directory.test.ts

@@ -0,0 +1,46 @@
+import ScalekitClient from '../src/scalekit';
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import { TestOrganizationManager } from './utils/test-data';
+
+describe('Directories', () => {
+  let client: ScalekitClient;
+  let testOrg: string;
+
+  beforeEach(async () => {
+    // Use global client
+    client = global.client;
+    
+    // Create test organization for each test
+    testOrg = await TestOrganizationManager.createTestOrganization(client);
+  });
+
+  afterEach(async () => {
+    // Clean up test organization
+    await TestOrganizationManager.cleanupTestOrganization(client, testOrg);
+  });
+
+  describe('listDirectories', () => {
+    it('should list directories', async () => {
+      const directories = await client.directory.listDirectories(testOrg);
+
+      expect(directories).toBeDefined();
+      expect(directories.directories).toBeDefined();
+      expect(Array.isArray(directories.directories)).toBe(true);
+    });
+  });
+
+  describe('getPrimaryDirectoryByOrganizationId', () => {
+    it('should get primary directory by organization id', async () => {
+      try {
+        const primaryDirectory = await client.directory.getPrimaryDirectoryByOrganizationId(testOrg);
+        
+        expect(primaryDirectory).toBeDefined();
+        expect(primaryDirectory.id).toBeDefined();
+        expect(primaryDirectory.organizationId).toBe(testOrg);
+      } catch (error) {
+        // Expected when no directories exist
+        expect(error).toBeDefined();
+      }
+    });
+  });
+}); 

package/tests/organization.test.ts

@@ -0,0 +1,65 @@
+import ScalekitClient from '../src/scalekit';
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import { TestDataGenerator, TestOrganizationManager } from './utils/test-data';
+
+describe('Organizations', () => {
+  let client: ScalekitClient;
+  let testOrg: string;
+
+  beforeEach(async () => {
+    // Use global client
+    client = global.client;
+    
+    // Create test organization for each test
+    testOrg = await TestOrganizationManager.createTestOrganization(client);
+  });
+
+  afterEach(async () => {
+    // Clean up test organization
+    await TestOrganizationManager.cleanupTestOrganization(client, testOrg);
+  });
+
+  describe('listOrganization', () => {
+    it('should list organizations', async () => {
+      const organizations = await client.organization.listOrganization(TestDataGenerator.generatePaginationParams());
+
+      expect(organizations).toBeDefined();
+      expect(organizations.organizations).toBeDefined();
+      expect(Array.isArray(organizations.organizations)).toBe(true);
+      expect(organizations.organizations.length).toBeGreaterThan(0);
+
+      // Verify basic organization attributes
+      const firstOrg = organizations.organizations[0];
+      expect(firstOrg.id).toBeDefined();
+      expect(firstOrg.displayName).toBeDefined();
+    });
+
+    it('should handle pagination', async () => {
+      const firstPage = await client.organization.listOrganization(TestDataGenerator.generatePaginationParams(5));
+
+      expect(firstPage).toBeDefined();
+      expect(firstPage.organizations.length).toBeLessThanOrEqual(5);
+
+      if (firstPage.nextPageToken) {
+        const secondPage = await client.organization.listOrganization({
+          pageSize: 5,
+          pageToken: firstPage.nextPageToken
+        });
+
+        expect(secondPage).toBeDefined();
+        expect(secondPage.organizations).toBeDefined();
+      }
+    });
+  });
+
+  describe('getOrganization', () => {
+    it('should get organization by ID', async () => {
+      const organization = await client.organization.getOrganization(testOrg);
+      
+      expect(organization).toBeDefined();
+      expect(organization.organization).toBeDefined();
+      expect(organization.organization?.id).toBe(testOrg);
+      expect(organization.organization?.displayName).toBeDefined();
+    });
+  });
+}); 

package/tests/passwordless.test.ts

@@ -0,0 +1,108 @@
+import ScalekitClient from '../src/scalekit';
+import { TemplateType } from '../src/pkg/grpc/scalekit/v1/auth/passwordless_pb';
+import { describe, it, expect, beforeEach } from '@jest/globals';
+import { TestDataGenerator } from './utils/test-data';
+
+describe('Passwordless', () => {
+  let client: ScalekitClient;
+
+  beforeEach(() => {
+    // Use global client
+    client = global.client;
+  });
+
+  describe('sendPasswordlessEmail', () => {
+    it('should send passwordless email with basic parameters', async () => {
+      const email = TestDataGenerator.generateUniqueEmail();
+      
+      const response = await client.passwordless.sendPasswordlessEmail(email, TestDataGenerator.generatePasswordlessEmailData());
+
+      expect(response).toBeDefined();
+      expect(response.authRequestId).toBeDefined();
+      expect(response.expiresAt).toBeDefined();
+      expect(response.expiresIn).toBe(3600);
+      expect(response.passwordlessType).toBeDefined();
+    });
+
+    it('should send passwordless email with template variables', async () => {
+      const email = TestDataGenerator.generateUniqueEmail();
+      
+      const response = await client.passwordless.sendPasswordlessEmail(email, TestDataGenerator.generatePasswordlessEmailWithTemplateData());
+
+      expect(response).toBeDefined();
+      expect(response.authRequestId).toBeDefined();
+    });
+
+    it('should throw error for invalid email', async () => {
+      await expect(
+        client.passwordless.sendPasswordlessEmail('', {
+          template: TemplateType.SIGNIN
+        })
+      ).rejects.toThrow('Email must be a valid string');
+    });
+
+    it('should throw error for invalid template type', async () => {
+      const email = TestDataGenerator.generateUniqueEmail();
+      
+      await expect(
+        client.passwordless.sendPasswordlessEmail(email, {
+          template: 'INVALID_TEMPLATE' as any
+        })
+      ).rejects.toThrow('Invalid template type');
+    });
+  });
+
+  describe('verifyPasswordlessEmail', () => {
+    it('should throw error when neither code nor linkToken is provided', async () => {
+      await expect(
+        client.passwordless.verifyPasswordlessEmail({})
+      ).rejects.toThrow('Either code or linkToken must be provided');
+    });
+
+    it('should verify with code', async () => {
+      // Mock code for testing - expected to fail
+      const credential = TestDataGenerator.generateCredentialData('code');
+      
+      try {
+        const response = await client.passwordless.verifyPasswordlessEmail(credential);
+        expect(response).toBeDefined();
+      } catch (error) {
+        // Expected failure with mock code
+        expect(error).toBeDefined();
+      }
+    });
+
+    it('should verify with linkToken', async () => {
+      // Mock linkToken for testing - expected to fail
+      const credential = TestDataGenerator.generateCredentialData('linkToken');
+      
+      try {
+        const response = await client.passwordless.verifyPasswordlessEmail(credential);
+        expect(response).toBeDefined();
+      } catch (error) {
+        // Expected failure with mock linkToken
+        expect(error).toBeDefined();
+      }
+    });
+  });
+
+  describe('resendPasswordlessEmail', () => {
+    it('should resend passwordless email', async () => {
+      // Send initial passwordless email
+      const email = TestDataGenerator.generateUniqueEmail();
+      
+      const sendResponse = await client.passwordless.sendPasswordlessEmail(email, TestDataGenerator.generatePasswordlessEmailData());
+
+      // Resend the email
+      const resendResponse = await client.passwordless.resendPasswordlessEmail(
+        sendResponse.authRequestId
+      );
+
+      expect(resendResponse).toBeDefined();
+      expect(resendResponse.authRequestId).toBeDefined();
+      expect(resendResponse.expiresAt).toBeDefined();
+      expect(resendResponse.expiresIn).toBeDefined();
+      expect(resendResponse.passwordlessType).toBeDefined();
+    });
+  });
+}); 

package/tests/scalekit.test.ts

@@ -0,0 +1,104 @@
+import ScalekitClient from '../src/scalekit';
+import { AuthenticationOptions } from '../src/types/scalekit';
+import { describe, it, expect, beforeEach } from '@jest/globals';
+import { TestDataGenerator } from './utils/test-data';
+
+describe('ScalekitClient', () => {
+  let client: ScalekitClient;
+
+  beforeEach(() => {
+    // Use global client
+    client = global.client;
+  });
+
+  describe('constructor', () => {
+    it('should initialize with correct parameters', () => {
+      expect(client).toBeInstanceOf(ScalekitClient);
+      expect(client.organization).toBeDefined();
+      expect(client.user).toBeDefined();
+      expect(client.connection).toBeDefined();
+      expect(client.directory).toBeDefined();
+      expect(client.passwordless).toBeDefined();
+      expect(client.domain).toBeDefined();
+    });
+  });
+
+  describe('getAuthorizationUrl', () => {
+    it('should generate authorization URL with basic parameters', () => {
+      const redirectUri = 'https://example.com/callback';
+      const url = client.getAuthorizationUrl(redirectUri);
+      
+      expect(url).toContain('oauth/authorize');
+      expect(url).toContain(`redirect_uri=${encodeURIComponent(redirectUri)}`);
+      expect(url).toContain('response_type=code');
+    });
+
+    it('should include optional parameters when provided', () => {
+      const redirectUri = 'https://example.com/callback';
+      const options = TestDataGenerator.generateAuthorizationUrlOptions();
+      
+      const url = client.getAuthorizationUrl(redirectUri, options);
+      
+      expect(url).toContain('scope=openid%20profile');
+      expect(url).toContain('state=test-state');
+      expect(url).toContain('nonce=test-nonce');
+      expect(url).toContain('prompt=login');
+    });
+
+    it('should handle PKCE parameters', () => {
+      const redirectUri = 'https://example.com/callback';
+      const options = TestDataGenerator.generatePKCEParams();
+      
+      const url = client.getAuthorizationUrl(redirectUri, options);
+      
+      expect(url).toContain('code_challenge=test-challenge');
+      expect(url).toContain('code_challenge_method=S256');
+    });
+  });
+
+  describe('verifyWebhookPayload', () => {
+    it('should verify valid webhook payload', () => {
+      const webhookData = TestDataGenerator.generateWebhookData();
+      
+      const result = client.verifyWebhookPayload(webhookData.secret, webhookData.headers, webhookData.payload);
+      expect(result).toBe(true);
+    });
+
+    it('should throw error for invalid signature', () => {
+      const webhookData = TestDataGenerator.generateWebhookData();
+      
+      // Generate invalid signature using wrong payload data
+      const crypto = require('crypto');
+      const wrongData = `${webhookData.webhookId}.${webhookData.timestamp}.wrong-payload`;
+      const hmac = crypto.createHmac('sha256', Buffer.from('test-secret', 'base64'));
+      hmac.update(wrongData);
+      const wrongSignature = hmac.digest('base64');
+      const signature = `v1,${wrongSignature}`;
+      
+      const headers = {
+        'webhook-id': webhookData.webhookId,
+        'webhook-timestamp': webhookData.timestamp,
+        'webhook-signature': signature
+      };
+      
+      expect(() => {
+        client.verifyWebhookPayload(webhookData.secret, headers, webhookData.payload);
+      }).toThrow('Invalid Signature');
+    });
+  });
+
+  describe('validateAccessToken', () => {
+    it('should validate access token', async () => {
+      // Mock token for testing - expected to fail
+      const token = 'mock-token';
+      
+      try {
+        const result = await client.validateAccessToken(token);
+        expect(typeof result).toBe('boolean');
+      } catch (error) {
+        // Expected failure with mock token
+        expect(error).toBeDefined();
+      }
+    });
+  });
+}); 

package/tests/setup.ts

@@ -0,0 +1,34 @@
+import ScalekitClient from '../src/scalekit';
+import dotenv from 'dotenv';
+
+// Import Jest globals
+import { beforeAll } from '@jest/globals';
+
+// Load environment variables
+dotenv.config();
+
+// Global test configuration
+declare global {
+  var client: ScalekitClient;
+}
+
+beforeAll(() => {
+  // Validate required environment variables
+  const environmentUrl = process.env.SCALEKIT_ENVIRONMENT_URL;
+  const clientId = process.env.SCALEKIT_CLIENT_ID;
+  const clientSecret = process.env.SCALEKIT_CLIENT_SECRET;
+
+  // Check for required environment variables
+  if (!environmentUrl) {
+    throw new Error('SCALEKIT_ENVIRONMENT_URL environment variable is required');
+  }
+  if (!clientId) {
+    throw new Error('SCALEKIT_CLIENT_ID environment variable is required');
+  }
+  if (!clientSecret) {
+    throw new Error('SCALEKIT_CLIENT_SECRET environment variable is required');
+  }
+
+  // Initialize test client
+  global.client = new ScalekitClient(environmentUrl, clientId, clientSecret);
+});