@sync-in/server 1.4.0 → 1.5.1

package/server/applications/sync/services/sync-clients-manager.service.spec.js

@@ -7,49 +7,589 @@ Object.defineProperty(exports, "__esModule", {
     value: true
 });
 const _axios = require("@nestjs/axios");
+const _common = require("@nestjs/common");
 const _testing = require("@nestjs/testing");
+const _nodecrypto = /*#__PURE__*/ _interop_require_default(require("node:crypto"));
+const _promises = /*#__PURE__*/ _interop_require_default(require("node:fs/promises"));
 const _authmethod = require("../../../authentication/models/auth-method");
 const _authmanagerservice = require("../../../authentication/services/auth-manager.service");
+const _functions = /*#__PURE__*/ _interop_require_wildcard(require("../../../common/functions"));
+const _shared = /*#__PURE__*/ _interop_require_wildcard(require("../../../common/shared"));
+const _configenvironment = require("../../../configuration/config.environment");
 const _cacheservice = require("../../../infrastructure/cache/services/cache.service");
+const _files = require("../../files/utils/files");
 const _usersqueriesservice = require("../../users/services/users-queries.service");
+const _auth = require("../constants/auth");
+const _store = require("../constants/store");
+const _sync = require("../constants/sync");
 const _syncclientsmanagerservice = require("./sync-clients-manager.service");
 const _syncqueriesservice = require("./sync-queries.service");
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+function _getRequireWildcardCache(nodeInterop) {
+    if (typeof WeakMap !== "function") return null;
+    var cacheBabelInterop = new WeakMap();
+    var cacheNodeInterop = new WeakMap();
+    return (_getRequireWildcardCache = function(nodeInterop) {
+        return nodeInterop ? cacheNodeInterop : cacheBabelInterop;
+    })(nodeInterop);
+}
+function _interop_require_wildcard(obj, nodeInterop) {
+    if (!nodeInterop && obj && obj.__esModule) {
+        return obj;
+    }
+    if (obj === null || typeof obj !== "object" && typeof obj !== "function") {
+        return {
+            default: obj
+        };
+    }
+    var cache = _getRequireWildcardCache(nodeInterop);
+    if (cache && cache.has(obj)) {
+        return cache.get(obj);
+    }
+    var newObj = {
+        __proto__: null
+    };
+    var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor;
+    for(var key in obj){
+        if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) {
+            var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null;
+            if (desc && (desc.get || desc.set)) {
+                Object.defineProperty(newObj, key, desc);
+            } else {
+                newObj[key] = obj[key];
+            }
+        }
+    }
+    newObj.default = obj;
+    if (cache) {
+        cache.set(obj, newObj);
+    }
+    return newObj;
+}
+// Pilotage permission via UserModel
+let mockHavePermission = true;
+jest.mock('../../users/models/user.model', ()=>({
+        UserModel: jest.fn().mockImplementation((props)=>({
+                ...props,
+                havePermission: ()=>mockHavePermission
+            }))
+    }));
+// Mock ciblé de convertHumanTimeToSeconds
+jest.mock('../../../common/functions', ()=>{
+    const actual = jest.requireActual('../../../common/functions');
+    return {
+        ...actual,
+        convertHumanTimeToSeconds: jest.fn()
+    };
+});
+// Mock currentTimeStamp
+jest.mock('../../../common/shared', ()=>({
+        currentTimeStamp: jest.fn()
+    }));
+// Mock FS et helper d'existence
+jest.mock('node:fs/promises', ()=>({
+        readFile: jest.fn()
+    }));
+jest.mock('../../files/utils/files', ()=>({
+        isPathExists: jest.fn()
+    }));
 describe(_syncclientsmanagerservice.SyncClientsManager.name, ()=>{
     let service;
+    // Mocks
+    let http;
+    let authManager;
+    let authMethod;
+    let usersQueries;
+    let syncQueries;
+    let cacheMock;
+    // Helpers
+    const setRepo = (repo)=>{
+        ;
+        _configenvironment.configuration.applications.appStore.repository = repo;
+    };
+    const makeClient = (overrides = {})=>({
+            id: 'cid',
+            ownerId: 1,
+            tokenExpiration: 2000,
+            enabled: true,
+            info: {
+                type: 'desktop'
+            },
+            ...overrides
+        });
+    const makeUser = (overrides = {})=>({
+            id: 1,
+            isActive: true,
+            login: 'u',
+            email: 'u@x',
+            firstName: 'U',
+            lastName: 'X',
+            role: 1,
+            permissions: 'desktop',
+            ...overrides
+        });
     beforeAll(async ()=>{
+        http = {
+            axiosRef: jest.fn()
+        };
+        authManager = {
+            setCookies: jest.fn(),
+            getTokens: jest.fn()
+        };
+        authMethod = {
+            validateUser: jest.fn()
+        };
+        usersQueries = {
+            from: jest.fn(),
+            updateUserOrGuest: jest.fn()
+        };
+        syncQueries = {
+            getOrCreateClient: jest.fn(),
+            deleteClient: jest.fn(),
+            getClient: jest.fn(),
+            updateClientInfo: jest.fn(),
+            renewClientTokenAndExpiration: jest.fn(),
+            getClients: jest.fn()
+        };
+        cacheMock = {
+            genSlugKey: jest.fn().mockReturnValue('syncclientsmanager:checkappstore'),
+            get: jest.fn().mockResolvedValue(undefined),
+            set: jest.fn().mockResolvedValue(undefined),
+            del: jest.fn().mockResolvedValue(undefined)
+        };
         const module = await _testing.Test.createTestingModule({
             providers: [
                 _syncclientsmanagerservice.SyncClientsManager,
                 {
                     provide: _cacheservice.Cache,
-                    useValue: {}
+                    useValue: cacheMock
                 },
                 {
                     provide: _axios.HttpService,
-                    useValue: {}
+                    useValue: http
                 },
                 {
                     provide: _syncqueriesservice.SyncQueries,
-                    useValue: {}
+                    useValue: syncQueries
                 },
                 {
                     provide: _usersqueriesservice.UsersQueries,
-                    useValue: {}
+                    useValue: usersQueries
                 },
                 {
                     provide: _authmanagerservice.AuthManager,
-                    useValue: {}
+                    useValue: authManager
                 },
                 {
                     provide: _authmethod.AuthMethod,
-                    useValue: {}
+                    useValue: authMethod
                 }
             ]
         }).compile();
+        module.useLogger([
+            'fatal'
+        ]);
         service = module.get(_syncclientsmanagerservice.SyncClientsManager);
+        service.cache = cacheMock;
+    });
+    beforeEach(()=>{
+        jest.restoreAllMocks();
+        jest.clearAllMocks();
+        mockHavePermission = true;
+        _shared.currentTimeStamp.mockReturnValue(1_000);
+        _functions.convertHumanTimeToSeconds.mockImplementation((v)=>{
+            if (v === '90d') return 90 * 24 * 3600;
+            if (v === '180d') return 180 * 24 * 3600;
+            if (typeof v === 'number') return v;
+            return 0;
+        });
+        _files.isPathExists.mockReset();
+        _promises.default.readFile.mockReset();
+        syncQueries.updateClientInfo.mockResolvedValue(undefined);
+        usersQueries.updateUserOrGuest.mockResolvedValue(undefined);
+        service.cache = cacheMock;
+        cacheMock.get.mockResolvedValue(undefined);
+        cacheMock.get.mockClear();
+        cacheMock.set.mockClear();
+        cacheMock.del.mockClear();
+        cacheMock.genSlugKey.mockClear();
+        setRepo(_store.APP_STORE_REPOSITORY.PUBLIC);
+    });
+    it('should be defined', ()=>expect(service).toBeDefined());
+    describe('register', ()=>{
+        const baseDto = {
+            login: 'john',
+            password: 'secret',
+            clientId: 'client-1',
+            info: {
+                type: 'desktop',
+                version: '1.0.0'
+            }
+        };
+        test.each([
+            [
+                'Unauthorized when credentials are invalid',
+                null,
+                _common.HttpStatus.UNAUTHORIZED
+            ],
+            [
+                'Forbidden when user lacks DESKTOP_APP permission',
+                {
+                    id: 10,
+                    login: 'john',
+                    havePermission: ()=>false
+                },
+                _common.HttpStatus.FORBIDDEN
+            ]
+        ])('should throw %s', async (_label, user, status)=>{
+            authMethod.validateUser.mockResolvedValue(user);
+            await expect(service.register(baseDto, '1.2.3.4')).rejects.toMatchObject({
+                status
+            });
+        });
+        it('should return client token when registration succeeds', async ()=>{
+            authMethod.validateUser.mockResolvedValue({
+                id: 10,
+                login: 'john',
+                havePermission: ()=>true
+            });
+            syncQueries.getOrCreateClient.mockResolvedValue('token-abc');
+            const r = await service.register(baseDto, '1.2.3.4');
+            expect(r).toEqual({
+                clientToken: 'token-abc'
+            });
+            expect(syncQueries.getOrCreateClient).toHaveBeenCalledWith(10, 'client-1', baseDto.info, '1.2.3.4');
+        });
+        it('should throw Internal Server Error when persistence fails', async ()=>{
+            authMethod.validateUser.mockResolvedValue({
+                id: 10,
+                login: 'john',
+                havePermission: ()=>true
+            });
+            syncQueries.getOrCreateClient.mockRejectedValue(new Error('db error'));
+            await expect(service.register(baseDto, '1.2.3.4')).rejects.toMatchObject({
+                status: _common.HttpStatus.INTERNAL_SERVER_ERROR
+            });
+        });
+    });
+    describe('unregister', ()=>{
+        it('should delete client without error', async ()=>{
+            syncQueries.deleteClient.mockResolvedValue(undefined);
+            await expect(service.unregister({
+                id: 1,
+                clientId: 'c1'
+            })).resolves.toBeUndefined();
+            expect(syncQueries.deleteClient).toHaveBeenCalledWith(1, 'c1');
+        });
+        it('should throw Internal Server Error when deletion fails', async ()=>{
+            syncQueries.deleteClient.mockRejectedValue(new Error('db error'));
+            await expect(service.unregister({
+                id: 1,
+                clientId: 'c1'
+            })).rejects.toMatchObject({
+                status: _common.HttpStatus.INTERNAL_SERVER_ERROR
+            });
+        });
+    });
+    describe('authenticate', ()=>{
+        const ip = '9.9.9.9';
+        const dto = {
+            clientId: 'cid',
+            token: 'ctok'
+        };
+        it('should forbid when client is unknown', async ()=>{
+            syncQueries.getClient.mockResolvedValue(undefined);
+            await expect(service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {})).rejects.toMatchObject({
+                status: _common.HttpStatus.FORBIDDEN,
+                response: 'Client is unknown'
+            });
+        });
+        it('should forbid when client is disabled', async ()=>{
+            syncQueries.getClient.mockResolvedValue(makeClient({
+                enabled: false,
+                tokenExpiration: 5000
+            }));
+            await expect(service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {})).rejects.toMatchObject({
+                status: _common.HttpStatus.FORBIDDEN,
+                response: 'Client is disabled'
+            });
+        });
+        it('should forbid when client token is expired', async ()=>{
+            ;
+            _shared.currentTimeStamp.mockReturnValue(1000);
+            syncQueries.getClient.mockResolvedValue(makeClient({
+                tokenExpiration: 1000
+            }));
+            await expect(service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {})).rejects.toMatchObject({
+                status: _common.HttpStatus.FORBIDDEN,
+                response: _auth.CLIENT_TOKEN_EXPIRED_ERROR
+            });
+        });
+        it('should forbid when owner user does not exist', async ()=>{
+            syncQueries.getClient.mockResolvedValue(makeClient());
+            syncQueries.updateClientInfo.mockRejectedValueOnce(new Error('update-fails')); // silence expected
+            usersQueries.from.mockResolvedValue(null);
+            await expect(service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {})).rejects.toMatchObject({
+                status: _common.HttpStatus.FORBIDDEN,
+                response: 'User does not exist'
+            });
+        });
+        it('should forbid when owner account is inactive', async ()=>{
+            syncQueries.getClient.mockResolvedValue(makeClient());
+            usersQueries.from.mockResolvedValue(makeUser({
+                isActive: false
+            }));
+            await expect(service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {})).rejects.toMatchObject({
+                status: _common.HttpStatus.FORBIDDEN,
+                response: 'Account suspended or not authorized'
+            });
+        });
+        it('should forbid when owner lacks DESKTOP_APP permission', async ()=>{
+            mockHavePermission = false;
+            syncQueries.getClient.mockResolvedValue(makeClient());
+            usersQueries.from.mockResolvedValue(makeUser({
+                permissions: '',
+                role: 999
+            }));
+            await expect(service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {})).rejects.toMatchObject({
+                status: _common.HttpStatus.FORBIDDEN,
+                response: 'Missing permission'
+            });
+        });
+        it('should perform COOKIE authentication and renew client token when needed', async ()=>{
+            syncQueries.getClient.mockResolvedValue(makeClient({
+                ownerId: 7
+            }));
+            usersQueries.from.mockResolvedValue(makeUser({
+                id: 7,
+                login: 'john',
+                email: 'john@doe',
+                firstName: 'John',
+                lastName: 'Doe'
+            }));
+            usersQueries.updateUserOrGuest.mockRejectedValueOnce(new Error('update-access-fail')); // silence expected
+            authManager.setCookies.mockResolvedValue({
+                access_token: 'a',
+                refresh_token: 'b'
+            });
+            jest.spyOn(service, 'renewTokenAndExpiration').mockResolvedValue('new-client-token');
+            const reply = {};
+            const r = await service.authenticate(_auth.CLIENT_AUTH_TYPE.COOKIE, dto, ip, reply);
+            expect(authManager.setCookies).toHaveBeenCalledTimes(1);
+            expect(service.renewTokenAndExpiration).toHaveBeenCalledTimes(1);
+            expect(r.client_token_update).toBe('new-client-token');
+        });
+        it('should perform TOKEN authentication and not renew when not needed', async ()=>{
+            syncQueries.getClient.mockResolvedValue(makeClient({
+                ownerId: 8
+            }));
+            usersQueries.from.mockResolvedValue(makeUser({
+                id: 8,
+                login: 'alice',
+                email: 'alice@doe',
+                firstName: 'Alice'
+            }));
+            authManager.getTokens.mockResolvedValue({
+                access_token: 'x',
+                refresh_token: 'y'
+            });
+            jest.spyOn(service, 'renewTokenAndExpiration').mockResolvedValue(undefined);
+            const r = await service.authenticate(_auth.CLIENT_AUTH_TYPE.TOKEN, dto, ip, {});
+            expect(authManager.getTokens).toHaveBeenCalledTimes(1);
+            expect(r.client_token_update).toBeUndefined();
+        });
+        it('should throw when auth type is unknown (else branch)', async ()=>{
+            syncQueries.getClient.mockResolvedValue(makeClient({
+                ownerId: 9
+            }));
+            usersQueries.from.mockResolvedValue(makeUser({
+                id: 9,
+                login: 'bob',
+                email: 'bob@doe',
+                firstName: 'Bob'
+            }));
+            jest.spyOn(service, 'renewTokenAndExpiration').mockResolvedValue(undefined);
+            await expect(service.authenticate('unknown', {
+                clientId: 'cid',
+                token: 'ctok'
+            }, ip, {})).rejects.toBeInstanceOf(TypeError);
+        });
     });
-    it('should be defined', ()=>{
-        expect(service).toBeDefined();
+    describe('getClients', ()=>{
+        it('should proxy to SyncQueries.getClients', async ()=>{
+            const fake = [
+                {
+                    id: 'c1',
+                    paths: []
+                }
+            ];
+            syncQueries.getClients.mockResolvedValue(fake);
+            const r = await service.getClients({
+                id: 1,
+                clientId: 'c1'
+            });
+            expect(r).toBe(fake);
+            expect(syncQueries.getClients).toHaveBeenCalledWith({
+                id: 1,
+                clientId: 'c1'
+            });
+        });
+    });
+    describe('renewTokenAndExpiration', ()=>{
+        const owner = {
+            id: 1,
+            login: 'bob'
+        };
+        it('should return undefined when token expiration is far enough', async ()=>{
+            ;
+            _shared.currentTimeStamp.mockReturnValue(1_000);
+            _functions.convertHumanTimeToSeconds.mockImplementation((v)=>v === '90d' ? 90 * 24 * 3600 : 0);
+            const client = {
+                id: 'cid',
+                tokenExpiration: 1_000 + 90 * 24 * 3600 + 1
+            };
+            expect(await service.renewTokenAndExpiration(client, owner)).toBeUndefined();
+        });
+        it('should renew token and return new value when close to expiration', async ()=>{
+            ;
+            _shared.currentTimeStamp.mockReturnValue(1_000);
+            _functions.convertHumanTimeToSeconds.mockImplementation((v)=>v === '90d' ? 90 * 24 * 3600 : v === '180d' ? 180 * 24 * 3600 : 0);
+            const client = {
+                id: 'cid',
+                tokenExpiration: 1_000 + 90 * 24 * 3600 - 1
+            };
+            syncQueries.renewClientTokenAndExpiration.mockResolvedValue(undefined);
+            const r = await service.renewTokenAndExpiration(client, owner);
+            expect(typeof r).toBe('string');
+            expect(r).toBeTruthy();
+            expect(syncQueries.renewClientTokenAndExpiration).toHaveBeenCalledWith('cid', r, expect.any(Number));
+        });
+        it('should throw Bad Request when renewal persistence fails', async ()=>{
+            ;
+            _shared.currentTimeStamp.mockReturnValue(1_000);
+            const client = {
+                id: 'cid',
+                tokenExpiration: 1_000
+            };
+            jest.spyOn(_nodecrypto.default, 'randomUUID').mockReturnValue('uuid-err');
+            syncQueries.renewClientTokenAndExpiration.mockRejectedValue(new Error('db fail'));
+            await expect(service.renewTokenAndExpiration(client, owner)).rejects.toMatchObject({
+                status: _common.HttpStatus.BAD_REQUEST
+            });
+        });
+    });
+    describe('deleteClient', ()=>{
+        it('should delete client successfully', async ()=>{
+            syncQueries.deleteClient.mockResolvedValue(undefined);
+            await expect(service.deleteClient({
+                id: 5
+            }, 'cid')).resolves.toBeUndefined();
+            expect(syncQueries.deleteClient).toHaveBeenCalledWith(5, 'cid');
+        });
+        it('should throw Internal Server Error when deletion fails', async ()=>{
+            syncQueries.deleteClient.mockRejectedValue(new Error('db error'));
+            await expect(service.deleteClient({
+                id: 5
+            }, 'cid')).rejects.toMatchObject({
+                status: _common.HttpStatus.INTERNAL_SERVER_ERROR
+            });
+        });
+    });
+    describe('checkAppStore', ()=>{
+        it('should return PUBLIC manifest when HTTP fetch succeeds', async ()=>{
+            setRepo(_store.APP_STORE_REPOSITORY.PUBLIC);
+            http.axiosRef.mockResolvedValue({
+                data: {
+                    platform: {
+                        win: []
+                    }
+                }
+            });
+            const manifest = await service.checkAppStore();
+            expect(manifest).toBeTruthy();
+            expect(manifest.repository).toBe(_store.APP_STORE_REPOSITORY.PUBLIC);
+            expect(http.axiosRef).toHaveBeenCalled();
+        });
+        it('should return null when PUBLIC manifest fetch fails', async ()=>{
+            setRepo(_store.APP_STORE_REPOSITORY.PUBLIC);
+            http.axiosRef.mockRejectedValue(new Error('network'));
+            expect(await service.checkAppStore()).toBeNull();
+        });
+        it('should return null when LOCAL manifest file does not exist', async ()=>{
+            setRepo(_store.APP_STORE_REPOSITORY.LOCAL);
+            _files.isPathExists.mockResolvedValue(false);
+            expect(await service.checkAppStore()).toBeNull();
+        });
+        it('should return LOCAL manifest with rewritten URLs when file is valid', async ()=>{
+            setRepo(_store.APP_STORE_REPOSITORY.LOCAL);
+            _files.isPathExists.mockResolvedValue(true);
+            const raw = {
+                platform: {
+                    win: [
+                        {
+                            package: 'desktop-win.exe'
+                        },
+                        {
+                            package: 'cli-win.zip'
+                        }
+                    ],
+                    linux: [
+                        {
+                            package: 'desktop-linux.AppImage'
+                        }
+                    ]
+                }
+            };
+            _promises.default.readFile.mockResolvedValue(JSON.stringify(raw));
+            const manifest = await service.checkAppStore();
+            expect(manifest.repository).toBe(_store.APP_STORE_REPOSITORY.LOCAL);
+            expect(manifest.platform.win[0].url.startsWith(_store.APP_STORE_DIRNAME)).toBe(true);
+            expect(manifest.platform.win[0].url.endsWith('desktop-win.exe')).toBe(true);
+            expect(manifest.platform.win[1].url.startsWith(_store.APP_STORE_DIRNAME)).toBe(true);
+            expect(manifest.platform.win[1].url.endsWith('cli-win.zip')).toBe(true);
+            expect(manifest.platform.linux[0].url.startsWith(_store.APP_STORE_DIRNAME)).toBe(true);
+            expect(manifest.platform.linux[0].url.endsWith('desktop-linux.AppImage')).toBe(true);
+        });
+        it('should return null when LOCAL manifest cannot be parsed', async ()=>{
+            setRepo(_store.APP_STORE_REPOSITORY.LOCAL);
+            _files.isPathExists.mockResolvedValue(true);
+            _promises.default.readFile.mockRejectedValue(new Error('fs error'));
+            expect(await service.checkAppStore()).toBeNull();
+        });
+        it('should rewrite desktop packages under desktop/os when package starts with "desktop"', async ()=>{
+            setRepo(_store.APP_STORE_REPOSITORY.LOCAL);
+            _files.isPathExists.mockResolvedValue(true);
+            const raw = {
+                platform: {
+                    win: [
+                        {
+                            package: `${_sync.SYNC_CLIENT_TYPE.DESKTOP}-win.exe`
+                        }
+                    ],
+                    mac: [
+                        {
+                            package: `${_sync.SYNC_CLIENT_TYPE.DESKTOP}-mac.dmg`
+                        }
+                    ],
+                    linux: [
+                        {
+                            package: `${_sync.SYNC_CLIENT_TYPE.DESKTOP}-linux.AppImage`
+                        }
+                    ]
+                }
+            };
+            _promises.default.readFile.mockResolvedValue(JSON.stringify(raw));
+            const manifest = await service.checkAppStore();
+            expect(manifest).toBeTruthy();
+            expect(manifest.repository).toBe(_store.APP_STORE_REPOSITORY.LOCAL);
+            expect(manifest.platform.win[0].url).toBe(`${_store.APP_STORE_DIRNAME}/${_sync.SYNC_CLIENT_TYPE.DESKTOP}/win/${_sync.SYNC_CLIENT_TYPE.DESKTOP}-win.exe`);
+            expect(manifest.platform.mac[0].url).toBe(`${_store.APP_STORE_DIRNAME}/${_sync.SYNC_CLIENT_TYPE.DESKTOP}/mac/${_sync.SYNC_CLIENT_TYPE.DESKTOP}-mac.dmg`);
+            expect(manifest.platform.linux[0].url).toBe(`${_store.APP_STORE_DIRNAME}/${_sync.SYNC_CLIENT_TYPE.DESKTOP}/linux/${_sync.SYNC_CLIENT_TYPE.DESKTOP}-linux.AppImage`);
+        });
     });
 });