npm - @solidxai/core - Versions diffs - 0.1.6-beta.9 → 0.1.7 - Mend

@solidxai/core 0.1.6-beta.9 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (311) hide show

package/src/subscribers/audit.subscriber.ts CHANGED Viewed

@@ -1,32 +1,20 @@
-import { forwardRef, Inject, Injectable, Scope } from '@nestjs/common';
-import { ModelMetadataHelperService } from 'src/helpers/model-metadata-helper.service';
+import { Injectable, Logger, Scope } from '@nestjs/common';
 import { lowerFirst } from 'src/helpers/string.helper';
-import { ModelMetadataRepository } from 'src/repository/model-metadata.repository';
+import { SolidRegistry } from 'src/helpers/solid-registry';
 import { DataSource, EntityMetadata, EntitySubscriberInterface, InsertEvent, RemoveEvent, UpdateEvent } from 'typeorm';
-import { ChatterMessageService } from '../services/chatter-message.service';
-type DeferredCall =
-    | { kind: 'insert'; args: Parameters<ChatterMessageService['postAuditMessageOnInsert']> }
-    | { kind: 'update'; args: Parameters<ChatterMessageService['postAuditMessageOnUpdate']> }
-    | { kind: 'delete'; args: Parameters<ChatterMessageService['postAuditMessageOnDelete']> };
+import { AuditQueuePayload } from 'src/jobs/chatter-queue-publisher.service';
+import { RequestContextService } from 'src/services/request-context.service';
+import { PublisherFactory } from 'src/services/queues/publisher-factory.service';
 @Injectable({scope: Scope.TRANSIENT})
-// @EventSubscriber()
 export class AuditSubscriber implements EntitySubscriberInterface {
+    private readonly logger = new Logger(AuditSubscriber.name);
     private dataSource: DataSource;
     constructor(
-        // @InjectDataSource()
-        // private readonly dataSource: DataSource,
-        private readonly chatterMessageService: ChatterMessageService,
-        // @InjectRepository(ModelMetadata)
-        // private readonly modelMetadataRepo: Repository<ModelMetadata>,
-        @Inject(forwardRef(() => ModelMetadataRepository))
-        private readonly modelMetadataRepo: ModelMetadataRepository,
-        private readonly modelMetadataHelperService: ModelMetadataHelperService,
-    ) {
-        // this.dataSource.subscribers.push(this);
-    }
+        private readonly publisherFactory: PublisherFactory<AuditQueuePayload>,
+        private readonly solidRegistry: SolidRegistry,
+        private readonly requestContextService: RequestContextService,
+    ) { }
     bindToDataSource(dataSource: DataSource) {
         this.dataSource = dataSource;
@@ -34,90 +22,61 @@ export class AuditSubscriber implements EntitySubscriberInterface {
     }
     // Per-transaction buffer (auto-GC when queryRunner is gone)
-    private perTxn = new WeakMap<any, DeferredCall[]>();
+    private perTxn = new WeakMap<any, AuditQueuePayload[]>();
-    private enqueue(event: { queryRunner: any }, call: DeferredCall) {
+    private enqueue(event: { queryRunner: any }, payload: AuditQueuePayload) {
         const qr = event.queryRunner;
         const arr = this.perTxn.get(qr) ?? [];
-        arr.push(call);
+        arr.push(payload);
         this.perTxn.set(qr, arr);
     }
-    private async shouldTrackAudit(entity: any, metadata: EntityMetadata): Promise<boolean> {
-        const model = await this.modelMetadataRepo.findOne({
-            where: {
-                singularName: lowerFirst(metadata.name)
-            },
-            relations: {
-                fields: true,
-                module: true
-            }
-        });
-        if (!model || !model.enableAuditTracking) {
-            return false;
-        }
-        const modelFields = await this.modelMetadataHelperService.loadFieldHierarchy(model.singularName)
-        const auditFields = modelFields.filter(field =>
-            field.enableAuditTracking &&
-            !['mediaSingle', 'mediaMultiple', 'richText', 'json'].includes(field.type) &&
-            !(field.type === 'relation' && field.relationType === 'one-to-many')
-        );
-        if (auditFields.length === 0) {
-            return false;
-        }
-        // if (!entity) {
-        //     console.warn(`[AuditSubscriber] Skipping audit for ${metadata.name} – entity is undefined or null`);
-        //     return false;
-        // }
+    private shouldTrackAudit(metadata: EntityMetadata): boolean {
+        return this.solidRegistry.isAuditableModel(lowerFirst(metadata.name));
+    }
-        return entity && auditFields.some(field => {
-            const fieldValue = entity[field.name];
-            return fieldValue !== undefined && fieldValue !== null;
-        });
+    private activeUserId(): number | null {
+        return this.requestContextService.getActiveUser()?.sub ?? null;
     }
     async afterInsert(event: InsertEvent<any>) {
-        if (await this.shouldTrackAudit(event.entity, event.metadata)) {
-            // await this.chatterMessageService.postAuditMessageOnInsert(event.entity, event.metadata);
-            this.enqueue(event, {
-                kind: 'insert',
-                args: [event.entity, event.metadata] as Parameters<ChatterMessageService['postAuditMessageOnInsert']>,
-            });
-        }
+        if (!this.shouldTrackAudit(event.metadata)) return;
+        this.enqueue(event, {
+            eventType: 'insert',
+            modelName: event.metadata.name,
+            entityId: event.entity?.id ?? null,
+            occurredAt: new Date().toISOString(),
+            after: event.entity ?? null,
+            userId: this.activeUserId(),
+        });
     }
     async afterUpdate(event: UpdateEvent<any>) {
-        if (await this.shouldTrackAudit(event.entity, event.metadata)) {
-            // await this.chatterMessageService.postAuditMessageOnUpdate(event.entity, event.metadata, event.databaseEntity, event.updatedColumns || []);
-            this.enqueue(event, {
-                kind: 'update',
-                args: [
-                    event.entity, // entity (after)
-                    event.metadata,
-                    event.databaseEntity, // entity (before)
-                    event.updatedColumns ?? [],
-                ] as Parameters<ChatterMessageService['postAuditMessageOnUpdate']>,
-            });
-        }
+        if (!this.shouldTrackAudit(event.metadata)) return;
+        this.enqueue(event, {
+            eventType: 'update',
+            modelName: event.metadata.name,
+            entityId: event.entity?.id ?? null,
+            occurredAt: new Date().toISOString(),
+            after: event.entity ?? null,
+            // databaseEntity is only populated when the entity was fetched first (save() path).
+            // QueryBuilder update() leaves this undefined; postAuditMessageOnUpdate guards for it.
+            before: event.databaseEntity ?? null,
+            updatedColumnNames: (event.updatedColumns ?? []).map(c => c.propertyName),
+            userId: this.activeUserId(),
+        });
     }
     async afterRemove(event: RemoveEvent<any>) {
-        if (await this.shouldTrackAudit(event.entity, event.metadata)) {
-            // await this.chatterMessageService.postAuditMessageOnDelete(event.entity, event.metadata, event.databaseEntity);
-            this.enqueue(event, {
-                kind: 'delete',
-                args: [
-                    event.entity,
-                    event.metadata,
-                    event.databaseEntity,
-                ] as Parameters<ChatterMessageService['postAuditMessageOnDelete']>,
-            });
-        }
+        if (!this.shouldTrackAudit(event.metadata)) return;
+        this.enqueue(event, {
+            eventType: 'delete',
+            modelName: event.metadata.name,
+            entityId: event.databaseEntity?.id ?? null,
+            occurredAt: new Date().toISOString(),
+            before: event.databaseEntity,
+            userId: this.activeUserId(),
+        });
     }
     // --------- transaction lifecycle ----------
@@ -125,191 +84,24 @@ export class AuditSubscriber implements EntitySubscriberInterface {
         const batch = this.perTxn.get(event.queryRunner) ?? [];
         this.perTxn.delete(event.queryRunner);
-        // Now we’re OUTSIDE the DB transaction — safe to do I/O/DB writes inside chatter service.
-        for (const item of batch) {
-            try {
-                switch (item.kind) {
-                    case 'insert': await this.chatterMessageService.postAuditMessageOnInsert(...item.args); break;
-                    case 'update': await this.chatterMessageService.postAuditMessageOnUpdate(...item.args); break;
-                    case 'delete': await this.chatterMessageService.postAuditMessageOnDelete(...item.args); break;
-                }
-            } catch (e) {
-                // Best effort: log and continue; your core txn was already committed
-                // Optionally: send to a generic error logger/metric here
+        // Now outside the DB transaction — safe to publish to the queue.
+        // allSettled: publish in parallel; a single failure does not block the rest.
+        const results = await Promise.allSettled(
+            batch.map(payload => this.publisherFactory.publish({ payload }, 'ChatterQueuePublisher'))
+        );
+        results.forEach((result, i) => {
+            if (result.status === 'rejected') {
+                this.logger.error(
+                    `Failed to publish audit event for ${batch[i].modelName}#${batch[i].entityId}`,
+                    result.reason,
+                );
             }
-        }
+        });
     }
     afterTransactionRollback(event: { queryRunner: any }) {
-        // Drop buffered calls; the write never happened
+        // Drop buffered payloads; the write never happened.
         this.perTxn.delete(event.queryRunner);
     }
 }
-// import { DataSource, EntityMetadata, EntitySubscriberInterface, EventSubscriber, InsertEvent, RemoveEvent, UpdateEvent } from 'typeorm';
-// import { Injectable } from '@nestjs/common';
-// import { InjectDataSource, InjectRepository } from '@nestjs/typeorm';
-// import { Repository } from 'typeorm';
-// import { ModelMetadata } from '../entities/model-metadata.entity';
-// import { lowerFirst } from 'src/helpers/string.helper';
-// import { ModelMetadataHelperService } from 'src/helpers/model-metadata-helper.service';
-// import { ChatterMessagePayload } from 'src/jobs/chatter-queue-publisher.service';
-// import { RequestContextService } from 'src/services/request-context.service';
-// import { PublisherFactory } from 'src/services/queues/publisher-factory.service';
-// @EventSubscriber()
-// @Injectable()
-// export class AuditSubscriber implements EntitySubscriberInterface {
-//     private perTxn = new WeakMap<any, ChatterMessagePayload[]>();
-//     constructor(
-//         @InjectDataSource() private readonly dataSource: DataSource,
-//         @InjectRepository(ModelMetadata) private readonly modelMetadataRepo: Repository<ModelMetadata>,
-//         private readonly modelMetadataHelperService: ModelMetadataHelperService,
-//         private readonly requestContext: RequestContextService,
-//         private readonly publisherFactory: PublisherFactory<any>
-//     ) {
-//         this.dataSource.subscribers.push(this);
-//     }
-//     // --- small cache to avoid metadata queries on every row ---
-//     private modelCache = new Map<string, { enable: boolean; fields: Array<{ name: string; enableAuditTracking: boolean; type: string; relationType?: string }>; ts: number }>();
-//     private cacheTTLms = 60_000;
-//     private async shouldTrackAudit(entity: any, metadata: EntityMetadata): Promise<{ enable: boolean; auditFields?: string[] }> {
-//         const key = metadata.name;
-//         const now = Date.now();
-//         const cached = this.modelCache.get(key);
-//         if (cached && (now - cached.ts) < this.cacheTTLms) {
-//             if (!cached.enable) return { enable: false };
-//             const fields = cached.fields.filter(f =>
-//                 f.enableAuditTracking &&
-//                 !['mediaSingle', 'mediaMultiple', 'computed', 'richText', 'json'].includes(f.type) &&
-//                 !(f.type === 'relation' && f.relationType === 'one-to-many')
-//             );
-//             const present = fields.map(f => f.name).filter(n => entity?.[n] !== undefined);
-//             return { enable: present.length > 0, auditFields: present };
-//         }
-//         const model = await this.modelMetadataRepo.findOne({
-//             where: { singularName: lowerFirst(metadata.name) },
-//             relations: { fields: true, module: true },
-//         });
-//         const enable = !!model?.enableAuditTracking;
-//         const fields = model?.fields ?? [];
-//         this.modelCache.set(key, { enable, fields, ts: now });
-//         if (!enable) return { enable: false };
-//         const filtered = fields.filter(f =>
-//             f.enableAuditTracking &&
-//             !['mediaSingle', 'mediaMultiple', 'computed', 'richText', 'json'].includes(f.type) &&
-//             !(f.type === 'relation' && f.relationType === 'one-to-many')
-//         );
-//         const present = filtered.map(f => f.name).filter(n => entity?.[n] !== undefined);
-//         return { enable: present.length > 0, auditFields: present };
-//     }
-//     private push(event: { queryRunner: any }, msg: ChatterMessagePayload) {
-//         const arr = this.perTxn.get(event.queryRunner) ?? [];
-//         arr.push(msg);
-//         this.perTxn.set(event.queryRunner, arr);
-//     }
-//     async afterInsert(event: InsertEvent<any>) {
-//         if (!event.entity) return;
-//         const enable = await this.shouldTrackAudit(event.entity, event.metadata);
-//         if (!enable) return;
-//         const payload: ChatterMessagePayload = {
-//             eventType: 'insert',
-//             model: event.metadata.name,
-//             entityId: String(event.entity.id ?? event.entity.uuid ?? ''),
-//             occurredAt: new Date().toISOString(),
-//             after: this.safeCopy(event.entity),
-//             userId: this.getUserId(),
-//         };
-//         this.push(event, payload);
-//     }
-//     async afterUpdate(event: UpdateEvent<any>) {
-//         // Updated entity may be null if you used raw query; fall back to databaseEntity
-//         const current = event.entity ?? {};
-//         const before = event.databaseEntity ?? {};
-//         const { enable, auditFields } = await this.shouldTrackAudit(current, event.metadata);
-//         if (!enable) return;
-//         const changedCols = (event.updatedColumns || []).map(c => c.propertyName);
-//         const payload: ChatterMessagePayload = {
-//             eventType: 'update',
-//             model: event.metadata.name,
-//             entityId: String((current as any).id ?? (before as any).id ?? ''),
-//             occurredAt: new Date().toISOString(),
-//             before: this.pick(before, auditFields || changedCols),
-//             after: this.pick(current, auditFields || changedCols),
-//             diff: changedCols,
-//             userId: this.getUserId(),
-//         };
-//         this.push(event, payload);
-//     }
-//     async afterRemove(event: RemoveEvent<any>) {
-//         const base = event.entity ?? event.databaseEntity;
-//         if (!base) return;
-//         const { enable } = await this.shouldTrackAudit(base, event.metadata);
-//         if (!enable) return;
-//         const payload: ChatterMessagePayload = {
-//             eventType: 'delete',
-//             model: event.metadata.name,
-//             entityId: String((base as any).id ?? ''),
-//             occurredAt: new Date().toISOString(),
-//             before: this.safeCopy(base),
-//             userId: this.getUserId(),
-//         };
-//         this.push(event, payload);
-//     }
-//     // Publish AFTER the transaction commits -> no idle-in-transaction
-//     async afterTransactionCommit(event: { queryRunner: any }) {
-//         const batch = this.perTxn.get(event.queryRunner) ?? [];
-//         this.perTxn.delete(event.queryRunner);
-//         for (const msg of batch) {
-//             try {
-//                 await this.publisherFactory.publish({ payload: msg, parentEntity: msg.model, parentEntityId: msg.entityId }, 'ChatterQueuePublisher');
-//             } catch (err) {
-//                 // log + optionally send to a DLQ or retry queue
-//                 // do NOT throw; commit already happened
-//                 // your RabbitMqPublisher likely tracks failures in MqMessage tables anyway
-//             }
-//         }
-//     }
-//     afterTransactionRollback(event: { queryRunner: any }) {
-//         this.perTxn.delete(event.queryRunner);
-//     }
-//     // --- small helpers to keep payloads JSON-safe and small ---
-//     private safeCopy(obj: any) {
-//         try {
-//             return JSON.parse(JSON.stringify(obj));
-//         } catch {
-//             return {}; // strip circular refs
-//         }
-//     }
-//     private pick(obj: any, keys: string[]) {
-//         const out: any = {};
-//         for (const k of keys) out[k] = obj?.[k];
-//         return this.safeCopy(out);
-//     }
-//     private getUserId(): string | null {
-//         const activeUser = this.requestContext.getActiveUser();
-//         if (activeUser?.sub)
-//             return String(activeUser.sub);
-//     }
-// }

package/src/subscribers/computed-entity-field.subscriber.ts CHANGED Viewed

@@ -78,9 +78,9 @@ export class ComputedEntityFieldSubscriber implements EntitySubscriberInterface
             modelName
         );
         //TODO: We can add a feature i.e dependsOn, where we can check if the computed field depends on other computed fields and evaluate them first
-        await Promise.all(
-            computedFieldsTobeEvaluated.map(c => this.evaluateComputedField(this.attachContext(c, eventContext), entity, currentOperation))
-        )
+        for (const computedField of computedFieldsTobeEvaluated) {
+            await this.evaluateComputedField(this.attachContext(computedField, eventContext), entity, currentOperation);
+        }
     }
     private handleComputedFieldEvaluationJob(entity: any, currentOperation: ComputedFieldTriggerOperation, modelName: string, eventContext?: TypeOrmEventContext) {

package/src/subscribers/created-by-updated-by.subscriber.ts CHANGED Viewed

@@ -1,11 +1,9 @@
 import { Injectable, Scope } from "@nestjs/common";
 import { InjectDataSource } from "@nestjs/typeorm";
-import { User } from "src/entities/user.entity";
-import { ActiveUserData } from "src/interfaces/active-user-data.interface";
 import { RequestContextService } from "src/services/request-context.service";
-import { DataSource, EntitySubscriberInterface, EventSubscriber, InsertEvent, UpdateEvent } from "typeorm";
+import { DataSource, EntitySubscriberInterface, InsertEvent, UpdateEvent } from "typeorm";
-@Injectable({scope: Scope.TRANSIENT})
+@Injectable({ scope: Scope.TRANSIENT })
 // @EventSubscriber()
 export class CreatedByUpdatedBySubscriber implements EntitySubscriberInterface {
     private dataSource: DataSource;
@@ -30,7 +28,7 @@ export class CreatedByUpdatedBySubscriber implements EntitySubscriberInterface {
         await this.stampUserField(event, false);
     }
-    private async stampUserField(event: InsertEvent<any> | UpdateEvent<any>, isInsert: boolean){
+    private async stampUserField(event: InsertEvent<any> | UpdateEvent<any>, isInsert: boolean) {
         if (!event.entity) {
             return;
         }
@@ -40,21 +38,29 @@ export class CreatedByUpdatedBySubscriber implements EntitySubscriberInterface {
             return;
         }
-        const loadedUser = await this.loadUser(activeUserOrUndefined as unknown as ActiveUserData);
+        // const loadedUser = await this.loadUser(activeUserOrUndefined as unknown as ActiveUserData);
+        // if (isInsert) {
+        //     event.entity.createdBy = loadedUser?.id;
+        //     event.entity.updatedBy = loadedUser?.id; // For insert, we set both createdBy and updatedBy to the same user
+        // }
+        // else {
+        //     event.entity.updatedBy = loadedUser?.id;
+        // }
         if (isInsert) {
-            event.entity.createdBy = loadedUser?.id;
-            event.entity.updatedBy = loadedUser?.id; // For insert, we set both createdBy and updatedBy to the same user
+            event.entity.createdBy = activeUserOrUndefined?.sub;
+            event.entity.updatedBy = activeUserOrUndefined?.sub; // For insert, we set both createdBy and updatedBy to the same user
         }
         else {
-            event.entity.updatedBy = loadedUser?.id;
+            event.entity.updatedBy = activeUserOrUndefined?.sub;
         }
     }
-    private async loadUser(activeUser: ActiveUserData): Promise<User> {
-        const userRepo = this.defaultDataSource.getRepository(User); // Assuming 'User' is the entity name for users in your application
-        const loadedUser = await userRepo.findOne({
-            where: { id: activeUser.sub }, // Assuming 'sub' is the user ID in the JWT token
-        });
-        return loadedUser;;
-    }
+    // private async loadUser(activeUser: ActiveUserData): Promise<User> {
+    //     const userRepo = this.defaultDataSource.getRepository(User); // Assuming 'User' is the entity name for users in your application
+    //     const loadedUser = await userRepo.findOne({
+    //         where: { id: activeUser.sub }, // Assuming 'sub' is the user ID in the JWT token
+    //     });
+    //     return loadedUser;;
+    // }
 }

package/src/winston.logger.ts CHANGED Viewed

@@ -4,9 +4,10 @@ import { Logger } from 'winston';
 import { Inject } from '@nestjs/common';
 import { WINSTON_MODULE_PROVIDER } from 'nest-winston';
 import * as winston from 'winston';
+import { Environment } from './decorators/disallow-in-production.decorator';
 export const WinstonLoggerConfig = {
-    level: 'debug', // Allow all log levels for debugging
+    level: process.env.LOG_LEVEL || (process.env.ENV === Environment.Production ? 'warn' : 'debug'),
     format: winston.format.combine(
         winston.format.timestamp(),
         winston.format.errors({ stack: true }),

package/dist-tests/api/authenticate.spec.js DELETED Viewed

@@ -1,119 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const test_1 = require("@playwright/test");
-const env_1 = require("../helpers/env");
-const baseURL = process.env.API_BASE_URL ?? "http://localhost:3000";
-const TEST_USER_EMAIL = (0, env_1.getRequiredEnv)("TEST_USER_EMAIL");
-const TEST_USER_PASSWORD = (0, env_1.getRequiredEnv)("TEST_USER_PASSWORD");
-function base64UrlDecode(input) {
-    const normalized = input.replace(/-/g, "+").replace(/_/g, "/");
-    const padded = normalized.length % 4 === 0
-        ? normalized
-        : normalized.padEnd(normalized.length + (4 - (normalized.length % 4)), "=");
-    return Buffer.from(padded, "base64").toString("utf-8");
-}
-function validateJwt(token) {
-    const parts = token.split(".");
-    if (parts.length !== 3) {
-        throw new Error("JWT must have three dot-separated parts.");
-    }
-    const headerJson = JSON.parse(base64UrlDecode(parts[0]));
-    const payloadJson = JSON.parse(base64UrlDecode(parts[1]));
-    if (!headerJson || typeof headerJson !== "object") {
-        throw new Error("JWT header must be a JSON object.");
-    }
-    if (!payloadJson || typeof payloadJson !== "object") {
-        throw new Error("JWT payload must be a JSON object.");
-    }
-    if (typeof payloadJson.exp !== "number") {
-        throw new Error("JWT payload.exp must be a number.");
-    }
-    return payloadJson;
-}
-(0, test_1.test)("API: authenticate succeeds with valid credentials", async () => {
-    const api = await test_1.request.newContext({
-        baseURL,
-        extraHTTPHeaders: {
-            accept: "*/*",
-            "content-type": "application/json",
-        },
-    });
-    try {
-        const res = await api.post("/api/iam/authenticate", {
-            data: {
-                email: TEST_USER_EMAIL,
-                username: "",
-                password: TEST_USER_PASSWORD,
-            },
-        });
-        (0, test_1.expect)(res.status()).toBe(200);
-        const json = await res.json();
-        (0, test_1.expect)(json.statusCode).toBe(200);
-        (0, test_1.expect)(Array.isArray(json.message)).toBe(true);
-        (0, test_1.expect)(json.message.length).toBe(0);
-        (0, test_1.expect)(json.error).toBe("");
-        const user = json.data?.user;
-        (0, test_1.expect)(user, "Expected data.user to be an object.").toBeTruthy();
-        (0, test_1.expect)(typeof user).toBe("object");
-        const email = user?.email;
-        (0, test_1.expect)(typeof email).toBe("string");
-        if (email === TEST_USER_EMAIL) {
-            (0, test_1.expect)(email).toBe(TEST_USER_EMAIL);
-        }
-        else {
-            (0, test_1.expect)(email.length).toBeGreaterThan(0);
-        }
-        (0, test_1.expect)(typeof user?.mobile).toBe("string");
-        (0, test_1.expect)(typeof user?.username).toBe("string");
-        (0, test_1.expect)(typeof user?.forcePasswordChange).toBe("boolean");
-        (0, test_1.expect)(typeof user?.id).toBe("number");
-        const roles = user?.roles;
-        (0, test_1.expect)(Array.isArray(roles)).toBe(true);
-        if (Array.isArray(roles)) {
-            (0, test_1.expect)(roles.every((role) => typeof role === "string")).toBe(true);
-            (0, test_1.expect)(roles).toContain("Admin");
-        }
-        const accessToken = json.data?.accessToken;
-        const refreshToken = json.data?.refreshToken;
-        (0, test_1.expect)(typeof accessToken).toBe("string");
-        (0, test_1.expect)(typeof refreshToken).toBe("string");
-        const accessPayload = validateJwt(accessToken);
-        const refreshPayload = validateJwt(refreshToken);
-        (0, test_1.expect)(typeof accessPayload.exp).toBe("number");
-        (0, test_1.expect)(typeof refreshPayload.exp).toBe("number");
-    }
-    finally {
-        await api.dispose();
-    }
-});
-(0, test_1.test)("API: authenticate fails with wrong password", async () => {
-    const api = await test_1.request.newContext({
-        baseURL,
-        extraHTTPHeaders: {
-            accept: "*/*",
-            "content-type": "application/json",
-        },
-    });
-    try {
-        const res = await api.post("/api/iam/authenticate", {
-            data: {
-                email: TEST_USER_EMAIL,
-                username: "",
-                password: `${TEST_USER_PASSWORD}__wrong`,
-            },
-        });
-        (0, test_1.expect)(res.status()).toBe(401);
-        const json = await res.json();
-        (0, test_1.expect)(json.statusCode).toBe(401);
-        (0, test_1.expect)(json.statusCodeMessage).toBe("Unauthorized");
-        (0, test_1.expect)(json.message).toBe("Invalid credentials");
-        (0, test_1.expect)(json.error).toBe("Invalid credentials");
-        (0, test_1.expect)(json.data?.statusCode).toBe(401);
-        (0, test_1.expect)(json.data?.error).toBe("Unauthorized");
-        (0, test_1.expect)(json.data?.message).toBe("Invalid credentials");
-    }
-    finally {
-        await api.dispose();
-    }
-});
-//# sourceMappingURL=authenticate.spec.js.map

package/dist-tests/api/authenticate.spec.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate.spec.js","sourceRoot":"","sources":["../../tests/api/authenticate.spec.ts"],"names":[],"mappings":";;AAAA,2CAAyD;AACzD,wCAAgD;AAOhD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;AACpE,MAAM,eAAe,GAAG,IAAA,oBAAc,EAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,kBAAkB,GAAG,IAAA,oBAAc,EAAC,oBAAoB,CAAC,CAAC;AAEhE,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,MAAM,GACV,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QACzB,CAAC,CAAC,UAAU;QACZ,CAAC,CAAC,UAAU,CAAC,MAAM,CACjB,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EACjD,GAAG,CACJ,CAAC;IACN,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1D,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,OAAO,WAAW,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,WAAyB,CAAC;AACnC,CAAC;AAED,IAAA,WAAI,EAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;IACnE,MAAM,GAAG,GAAG,MAAM,cAAO,CAAC,UAAU,CAAC;QACnC,OAAO;QACP,gBAAgB,EAAE;YAChB,MAAM,EAAE,KAAK;YACb,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE;YAClD,IAAI,EAAE;gBACJ,KAAK,EAAE,eAAe;gBACtB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,kBAAkB;aAC7B;SACF,CAAC,CAAC;QAEH,IAAA,aAAM,EAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAE9B,IAAA,aAAM,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,IAAA,aAAM,EAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAA,aAAM,EAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpC,IAAA,aAAM,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE5B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,IAA2C,CAAC;QACpE,IAAA,aAAM,EAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC,UAAU,EAAE,CAAC;QACjE,IAAA,aAAM,EAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;QAC1B,IAAA,aAAM,EAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpC,IAAI,KAAK,KAAK,eAAe,EAAE,CAAC;YAC9B,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YAEN,IAAA,aAAM,EAAE,KAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC;QAED,IAAA,aAAM,EAAC,OAAO,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,OAAO,IAAI,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAA,aAAM,EAAC,OAAO,IAAI,EAAE,mBAAmB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzD,IAAA,aAAM,EAAC,OAAO,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEvC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;QAC1B,IAAA,aAAM,EAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,IAAA,aAAM,EAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC;QAC7C,IAAA,aAAM,EAAC,OAAO,WAAW,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAA,aAAM,EAAC,OAAO,YAAY,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE3C,MAAM,aAAa,GAAG,WAAW,CAAC,WAAqB,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,WAAW,CAAC,YAAsB,CAAC,CAAC;QAE3D,IAAA,aAAM,EAAC,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAA,aAAM,EAAC,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC;YAAS,CAAC;QACT,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,WAAI,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;IAC7D,MAAM,GAAG,GAAG,MAAM,cAAO,CAAC,UAAU,CAAC;QACnC,OAAO;QACP,gBAAgB,EAAE;YAChB,MAAM,EAAE,KAAK;YACb,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE;YAClD,IAAI,EAAE;gBACJ,KAAK,EAAE,eAAe;gBACtB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,GAAG,kBAAkB,SAAS;aACzC;SACF,CAAC,CAAC;QAEH,IAAA,aAAM,EAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAE9B,IAAA,aAAM,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,IAAA,aAAM,EAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpD,IAAA,aAAM,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACjD,IAAA,aAAM,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC/C,IAAA,aAAM,EAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,IAAA,aAAM,EAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC9C,IAAA,aAAM,EAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACzD,CAAC;YAAS,CAAC;QACT,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC,CAAC,CAAC","sourcesContent":["import { expect, request, test } from \"@playwright/test\";\nimport { getRequiredEnv } from \"../helpers/env\";\n\ntype JwtPayload = {\n exp?: number;\n [key: string]: unknown;\n};\n\nconst baseURL = process.env.API_BASE_URL ?? \"http://localhost:3000\";\nconst TEST_USER_EMAIL = getRequiredEnv(\"TEST_USER_EMAIL\");\nconst TEST_USER_PASSWORD = getRequiredEnv(\"TEST_USER_PASSWORD\");\n\nfunction base64UrlDecode(input: string): string {\n const normalized = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const padded =\n normalized.length % 4 === 0\n ? normalized\n : normalized.padEnd(\n normalized.length + (4 - (normalized.length % 4)),\n \"=\"\n );\n return Buffer.from(padded, \"base64\").toString(\"utf-8\");\n}\n\nfunction validateJwt(token: string): JwtPayload {\n const parts = token.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"JWT must have three dot-separated parts.\");\n }\n\n const headerJson = JSON.parse(base64UrlDecode(parts[0]));\n const payloadJson = JSON.parse(base64UrlDecode(parts[1]));\n\n if (!headerJson || typeof headerJson !== \"object\") {\n throw new Error(\"JWT header must be a JSON object.\");\n }\n\n if (!payloadJson || typeof payloadJson !== \"object\") {\n throw new Error(\"JWT payload must be a JSON object.\");\n }\n\n if (typeof payloadJson.exp !== \"number\") {\n throw new Error(\"JWT payload.exp must be a number.\");\n }\n\n return payloadJson as JwtPayload;\n}\n\ntest(\"API: authenticate succeeds with valid credentials\", async () => {\n const api = await request.newContext({\n baseURL,\n extraHTTPHeaders: {\n accept: \"*/*\",\n \"content-type\": \"application/json\",\n },\n });\n\n try {\n const res = await api.post(\"/api/iam/authenticate\", {\n data: {\n email: TEST_USER_EMAIL,\n username: \"\",\n password: TEST_USER_PASSWORD,\n },\n });\n\n expect(res.status()).toBe(200);\n const json = await res.json();\n\n expect(json.statusCode).toBe(200);\n expect(Array.isArray(json.message)).toBe(true);\n expect(json.message.length).toBe(0);\n expect(json.error).toBe(\"\");\n\n const user = json.data?.user as Record<string, unknown> | undefined;\n expect(user, \"Expected data.user to be an object.\").toBeTruthy();\n expect(typeof user).toBe(\"object\");\n\n const email = user?.email;\n expect(typeof email).toBe(\"string\");\n if (email === TEST_USER_EMAIL) {\n expect(email).toBe(TEST_USER_EMAIL);\n } else {\n // If your API returns a fixed system email, replace this with an exact match.\n expect((email as string).length).toBeGreaterThan(0);\n }\n\n expect(typeof user?.mobile).toBe(\"string\");\n expect(typeof user?.username).toBe(\"string\");\n expect(typeof user?.forcePasswordChange).toBe(\"boolean\");\n expect(typeof user?.id).toBe(\"number\");\n\n const roles = user?.roles;\n expect(Array.isArray(roles)).toBe(true);\n if (Array.isArray(roles)) {\n expect(roles.every((role) => typeof role === \"string\")).toBe(true);\n expect(roles).toContain(\"Admin\");\n }\n\n const accessToken = json.data?.accessToken;\n const refreshToken = json.data?.refreshToken;\n expect(typeof accessToken).toBe(\"string\");\n expect(typeof refreshToken).toBe(\"string\");\n\n const accessPayload = validateJwt(accessToken as string);\n const refreshPayload = validateJwt(refreshToken as string);\n\n expect(typeof accessPayload.exp).toBe(\"number\");\n expect(typeof refreshPayload.exp).toBe(\"number\");\n } finally {\n await api.dispose();\n }\n});\n\ntest(\"API: authenticate fails with wrong password\", async () => {\n const api = await request.newContext({\n baseURL,\n extraHTTPHeaders: {\n accept: \"*/*\",\n \"content-type\": \"application/json\",\n },\n });\n\n try {\n const res = await api.post(\"/api/iam/authenticate\", {\n data: {\n email: TEST_USER_EMAIL,\n username: \"\",\n password: `${TEST_USER_PASSWORD}__wrong`,\n },\n });\n\n expect(res.status()).toBe(401);\n const json = await res.json();\n\n expect(json.statusCode).toBe(401);\n expect(json.statusCodeMessage).toBe(\"Unauthorized\");\n expect(json.message).toBe(\"Invalid credentials\");\n expect(json.error).toBe(\"Invalid credentials\");\n expect(json.data?.statusCode).toBe(401);\n expect(json.data?.error).toBe(\"Unauthorized\");\n expect(json.data?.message).toBe(\"Invalid credentials\");\n } finally {\n await api.dispose();\n }\n});\n"]}