@terreno/api 0.0.18 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/CLAUDE.local.md +204 -0
- package/.cursor/rules/00-root.mdc +338 -0
- package/.github/copilot-instructions.md +333 -0
- package/AGENTS.md +23 -3
- package/README.md +73 -3
- package/dist/api.d.ts +68 -1
- package/dist/api.js +139 -4
- package/dist/api.test.js +906 -2
- package/dist/auth.js +3 -1
- package/dist/errors.js +14 -11
- package/dist/example.js +7 -7
- package/dist/githubAuth.test.js +3 -3
- package/dist/index.d.ts +2 -0
- package/dist/index.js +2 -0
- package/dist/openApi.test.js +8 -5
- package/dist/openApiBuilder.d.ts +69 -1
- package/dist/openApiBuilder.js +109 -5
- package/dist/openApiValidator.d.ts +296 -0
- package/dist/openApiValidator.js +698 -0
- package/dist/openApiValidator.test.d.ts +1 -0
- package/dist/openApiValidator.test.js +346 -0
- package/dist/plugins.test.js +3 -3
- package/dist/terrenoPlugin.d.ts +4 -0
- package/dist/terrenoPlugin.js +2 -0
- package/dist/tests.js +34 -24
- package/package.json +4 -1
- package/src/__snapshots__/openApi.test.ts.snap +399 -0
- package/src/__snapshots__/openApiBuilder.test.ts.snap +108 -0
- package/src/api.test.ts +743 -2
- package/src/api.ts +209 -3
- package/src/auth.ts +3 -1
- package/src/errors.ts +14 -11
- package/src/example.ts +7 -7
- package/src/githubAuth.test.ts +3 -3
- package/src/index.ts +2 -0
- package/src/openApi.test.ts +8 -5
- package/src/openApiBuilder.ts +188 -15
- package/src/openApiValidator.test.ts +241 -0
- package/src/openApiValidator.ts +860 -0
- package/src/plugins.test.ts +3 -3
- package/src/terrenoPlugin.ts +5 -0
- package/src/tests.ts +34 -24
- package/.cursorrules +0 -107
- package/.windsurfrules +0 -107
- package/dist/response.d.ts +0 -0
- package/dist/response.js +0 -1
- package/index.ts +0 -1
- package/src/response.ts +0 -0
package/dist/api.test.js
CHANGED
|
@@ -1145,8 +1145,12 @@ var transformers_1 = require("./transformers");
|
|
|
1145
1145
|
case 1:
|
|
1146
1146
|
mongoose = _a.sent();
|
|
1147
1147
|
softDeleteSchema = new mongoose.Schema({
|
|
1148
|
-
deleted: {
|
|
1149
|
-
|
|
1148
|
+
deleted: {
|
|
1149
|
+
default: false,
|
|
1150
|
+
description: "Whether this item has been soft deleted",
|
|
1151
|
+
type: Boolean,
|
|
1152
|
+
},
|
|
1153
|
+
name: { description: "The name of the item", type: String },
|
|
1150
1154
|
});
|
|
1151
1155
|
try {
|
|
1152
1156
|
SoftDeleteModel = mongoose.model("SoftDeleteTest");
|
|
@@ -1500,5 +1504,905 @@ var transformers_1 = require("./transformers");
|
|
|
1500
1504
|
}
|
|
1501
1505
|
});
|
|
1502
1506
|
}); });
|
|
1507
|
+
(0, bun_test_1.it)("array operation postUpdate error is handled", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1508
|
+
var res;
|
|
1509
|
+
return __generator(this, function (_a) {
|
|
1510
|
+
switch (_a.label) {
|
|
1511
|
+
case 0:
|
|
1512
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1513
|
+
allowAnonymous: true,
|
|
1514
|
+
permissions: {
|
|
1515
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
1516
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
1517
|
+
list: [permissions_1.Permissions.IsAdmin],
|
|
1518
|
+
read: [permissions_1.Permissions.IsAdmin],
|
|
1519
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
1520
|
+
},
|
|
1521
|
+
postUpdate: function () {
|
|
1522
|
+
throw new Error("postUpdate array failed");
|
|
1523
|
+
},
|
|
1524
|
+
}));
|
|
1525
|
+
server = (0, supertest_1.default)(app);
|
|
1526
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
|
|
1527
|
+
case 1:
|
|
1528
|
+
agent = _a.sent();
|
|
1529
|
+
return [4 /*yield*/, agent.post("/food/".concat(apple._id, "/tags")).send({ tags: "organic" }).expect(400)];
|
|
1530
|
+
case 2:
|
|
1531
|
+
res = _a.sent();
|
|
1532
|
+
(0, bun_test_1.expect)(res.body.title).toContain("PATCH Post Update error");
|
|
1533
|
+
return [2 /*return*/];
|
|
1534
|
+
}
|
|
1535
|
+
});
|
|
1536
|
+
}); });
|
|
1537
|
+
(0, bun_test_1.it)("array operation denied without update permission", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1538
|
+
var res;
|
|
1539
|
+
return __generator(this, function (_a) {
|
|
1540
|
+
switch (_a.label) {
|
|
1541
|
+
case 0:
|
|
1542
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1543
|
+
allowAnonymous: true,
|
|
1544
|
+
permissions: {
|
|
1545
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
1546
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
1547
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1548
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1549
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
1550
|
+
},
|
|
1551
|
+
}));
|
|
1552
|
+
server = (0, supertest_1.default)(app);
|
|
1553
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "notAdmin")];
|
|
1554
|
+
case 1:
|
|
1555
|
+
agent = _a.sent();
|
|
1556
|
+
return [4 /*yield*/, agent.post("/food/".concat(apple._id, "/tags")).send({ tags: "organic" }).expect(405)];
|
|
1557
|
+
case 2:
|
|
1558
|
+
res = _a.sent();
|
|
1559
|
+
(0, bun_test_1.expect)(res.body.title).toContain("Access to PATCH");
|
|
1560
|
+
return [2 /*return*/];
|
|
1561
|
+
}
|
|
1562
|
+
});
|
|
1563
|
+
}); });
|
|
1564
|
+
(0, bun_test_1.it)("array operation on non-existent document returns 404", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1565
|
+
var fakeId, res;
|
|
1566
|
+
return __generator(this, function (_a) {
|
|
1567
|
+
switch (_a.label) {
|
|
1568
|
+
case 0:
|
|
1569
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1570
|
+
allowAnonymous: true,
|
|
1571
|
+
permissions: {
|
|
1572
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
1573
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
1574
|
+
list: [permissions_1.Permissions.IsAdmin],
|
|
1575
|
+
read: [permissions_1.Permissions.IsAdmin],
|
|
1576
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
1577
|
+
},
|
|
1578
|
+
}));
|
|
1579
|
+
server = (0, supertest_1.default)(app);
|
|
1580
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
|
|
1581
|
+
case 1:
|
|
1582
|
+
agent = _a.sent();
|
|
1583
|
+
fakeId = "000000000000000000000000";
|
|
1584
|
+
return [4 /*yield*/, agent.post("/food/".concat(fakeId, "/tags")).send({ tags: "organic" }).expect(404)];
|
|
1585
|
+
case 2:
|
|
1586
|
+
res = _a.sent();
|
|
1587
|
+
(0, bun_test_1.expect)(res.body.title).toContain("Could not find document to PATCH");
|
|
1588
|
+
return [2 /*return*/];
|
|
1589
|
+
}
|
|
1590
|
+
});
|
|
1591
|
+
}); });
|
|
1592
|
+
(0, bun_test_1.it)("array operation denied when user cannot update specific doc", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1593
|
+
var res;
|
|
1594
|
+
return __generator(this, function (_a) {
|
|
1595
|
+
switch (_a.label) {
|
|
1596
|
+
case 0:
|
|
1597
|
+
// Create food owned by admin, then try to update as notAdmin
|
|
1598
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1599
|
+
allowAnonymous: true,
|
|
1600
|
+
permissions: {
|
|
1601
|
+
create: [permissions_1.Permissions.IsAuthenticated],
|
|
1602
|
+
delete: [permissions_1.Permissions.IsAuthenticated],
|
|
1603
|
+
list: [permissions_1.Permissions.IsAuthenticated],
|
|
1604
|
+
read: [permissions_1.Permissions.IsAuthenticated],
|
|
1605
|
+
update: [permissions_1.Permissions.IsOwner],
|
|
1606
|
+
},
|
|
1607
|
+
}));
|
|
1608
|
+
server = (0, supertest_1.default)(app);
|
|
1609
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "notAdmin")];
|
|
1610
|
+
case 1:
|
|
1611
|
+
// Login as notAdmin and try to update admin's food (apple)
|
|
1612
|
+
agent = _a.sent();
|
|
1613
|
+
return [4 /*yield*/, agent.post("/food/".concat(apple._id, "/tags")).send({ tags: "organic" }).expect(403)];
|
|
1614
|
+
case 2:
|
|
1615
|
+
res = _a.sent();
|
|
1616
|
+
(0, bun_test_1.expect)(res.body.title).toContain("Patch not allowed");
|
|
1617
|
+
return [2 /*return*/];
|
|
1618
|
+
}
|
|
1619
|
+
});
|
|
1620
|
+
}); });
|
|
1621
|
+
(0, bun_test_1.it)("array operation transform error is handled", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1622
|
+
var res;
|
|
1623
|
+
return __generator(this, function (_a) {
|
|
1624
|
+
switch (_a.label) {
|
|
1625
|
+
case 0:
|
|
1626
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1627
|
+
allowAnonymous: true,
|
|
1628
|
+
permissions: {
|
|
1629
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
1630
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
1631
|
+
list: [permissions_1.Permissions.IsAdmin],
|
|
1632
|
+
read: [permissions_1.Permissions.IsAdmin],
|
|
1633
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
1634
|
+
},
|
|
1635
|
+
transformer: (0, transformers_1.AdminOwnerTransformer)({
|
|
1636
|
+
adminWriteFields: ["name"],
|
|
1637
|
+
}),
|
|
1638
|
+
}));
|
|
1639
|
+
server = (0, supertest_1.default)(app);
|
|
1640
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
|
|
1641
|
+
case 1:
|
|
1642
|
+
agent = _a.sent();
|
|
1643
|
+
return [4 /*yield*/, agent.post("/food/".concat(apple._id, "/tags")).send({ tags: "organic" }).expect(403)];
|
|
1644
|
+
case 2:
|
|
1645
|
+
res = _a.sent();
|
|
1646
|
+
(0, bun_test_1.expect)(res.body.title).toContain("cannot write fields");
|
|
1647
|
+
return [2 /*return*/];
|
|
1648
|
+
}
|
|
1649
|
+
});
|
|
1650
|
+
}); });
|
|
1651
|
+
});
|
|
1652
|
+
(0, bun_test_1.describe)("transformer errors", function () {
|
|
1653
|
+
var admin;
|
|
1654
|
+
var spinach;
|
|
1655
|
+
var agent;
|
|
1656
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1657
|
+
var _a;
|
|
1658
|
+
return __generator(this, function (_b) {
|
|
1659
|
+
switch (_b.label) {
|
|
1660
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
1661
|
+
case 1:
|
|
1662
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
|
|
1663
|
+
return [4 /*yield*/, tests_1.FoodModel.create({
|
|
1664
|
+
calories: 1,
|
|
1665
|
+
created: new Date("2021-12-03T00:00:20.000Z"),
|
|
1666
|
+
hidden: false,
|
|
1667
|
+
name: "Spinach",
|
|
1668
|
+
ownerId: admin._id,
|
|
1669
|
+
source: {
|
|
1670
|
+
name: "Brand",
|
|
1671
|
+
},
|
|
1672
|
+
})];
|
|
1673
|
+
case 2:
|
|
1674
|
+
spinach = _b.sent();
|
|
1675
|
+
app = (0, tests_1.getBaseServer)();
|
|
1676
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
1677
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
1678
|
+
return [2 /*return*/];
|
|
1679
|
+
}
|
|
1680
|
+
});
|
|
1681
|
+
}); });
|
|
1682
|
+
(0, bun_test_1.it)("transform error in create is handled", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1683
|
+
var res;
|
|
1684
|
+
return __generator(this, function (_a) {
|
|
1685
|
+
switch (_a.label) {
|
|
1686
|
+
case 0:
|
|
1687
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1688
|
+
allowAnonymous: true,
|
|
1689
|
+
permissions: {
|
|
1690
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1691
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1692
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1693
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1694
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1695
|
+
},
|
|
1696
|
+
transformer: (0, transformers_1.AdminOwnerTransformer)({
|
|
1697
|
+
// Only allow 'name' to be written, so 'calories' will throw
|
|
1698
|
+
anonWriteFields: ["name"],
|
|
1699
|
+
}),
|
|
1700
|
+
}));
|
|
1701
|
+
server = (0, supertest_1.default)(app);
|
|
1702
|
+
return [4 /*yield*/, server.post("/food").send({ calories: 15, name: "Broccoli" }).expect(400)];
|
|
1703
|
+
case 1:
|
|
1704
|
+
res = _a.sent();
|
|
1705
|
+
(0, bun_test_1.expect)(res.body.title).toContain("cannot write fields");
|
|
1706
|
+
return [2 /*return*/];
|
|
1707
|
+
}
|
|
1708
|
+
});
|
|
1709
|
+
}); });
|
|
1710
|
+
(0, bun_test_1.it)("transform error in patch is handled", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1711
|
+
var res;
|
|
1712
|
+
return __generator(this, function (_a) {
|
|
1713
|
+
switch (_a.label) {
|
|
1714
|
+
case 0:
|
|
1715
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1716
|
+
allowAnonymous: true,
|
|
1717
|
+
permissions: {
|
|
1718
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1719
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1720
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1721
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1722
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1723
|
+
},
|
|
1724
|
+
transformer: (0, transformers_1.AdminOwnerTransformer)({
|
|
1725
|
+
// Only allow 'name' to be written, so 'calories' will throw
|
|
1726
|
+
anonWriteFields: ["name"],
|
|
1727
|
+
}),
|
|
1728
|
+
}));
|
|
1729
|
+
server = (0, supertest_1.default)(app);
|
|
1730
|
+
return [4 /*yield*/, server.patch("/food/".concat(spinach._id)).send({ calories: 100 }).expect(403)];
|
|
1731
|
+
case 1:
|
|
1732
|
+
res = _a.sent();
|
|
1733
|
+
(0, bun_test_1.expect)(res.body.title).toContain("cannot write fields");
|
|
1734
|
+
return [2 /*return*/];
|
|
1735
|
+
}
|
|
1736
|
+
});
|
|
1737
|
+
}); });
|
|
1738
|
+
(0, bun_test_1.it)("model.create validation error is handled", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1739
|
+
var RequiredModel, res;
|
|
1740
|
+
return __generator(this, function (_a) {
|
|
1741
|
+
switch (_a.label) {
|
|
1742
|
+
case 0: return [4 /*yield*/, Promise.resolve().then(function () { return __importStar(require("./tests")); })];
|
|
1743
|
+
case 1:
|
|
1744
|
+
RequiredModel = (_a.sent()).RequiredModel;
|
|
1745
|
+
app.use("/required", (0, api_1.modelRouter)(RequiredModel, {
|
|
1746
|
+
allowAnonymous: true,
|
|
1747
|
+
permissions: {
|
|
1748
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1749
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1750
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1751
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1752
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1753
|
+
},
|
|
1754
|
+
}));
|
|
1755
|
+
server = (0, supertest_1.default)(app);
|
|
1756
|
+
return [4 /*yield*/, server.post("/required").send({ about: "test" }).expect(400)];
|
|
1757
|
+
case 2:
|
|
1758
|
+
res = _a.sent();
|
|
1759
|
+
(0, bun_test_1.expect)(res.body.title).toContain("Required");
|
|
1760
|
+
return [2 /*return*/];
|
|
1761
|
+
}
|
|
1762
|
+
});
|
|
1763
|
+
}); });
|
|
1764
|
+
(0, bun_test_1.it)("preDelete hook throwing APIError is re-thrown", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1765
|
+
var res;
|
|
1766
|
+
return __generator(this, function (_a) {
|
|
1767
|
+
switch (_a.label) {
|
|
1768
|
+
case 0:
|
|
1769
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1770
|
+
allowAnonymous: true,
|
|
1771
|
+
permissions: {
|
|
1772
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1773
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1774
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1775
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1776
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1777
|
+
},
|
|
1778
|
+
preDelete: function () {
|
|
1779
|
+
throw new errors_1.APIError({
|
|
1780
|
+
disableExternalErrorTracking: true,
|
|
1781
|
+
status: 400,
|
|
1782
|
+
title: "Custom preDelete APIError",
|
|
1783
|
+
});
|
|
1784
|
+
},
|
|
1785
|
+
}));
|
|
1786
|
+
server = (0, supertest_1.default)(app);
|
|
1787
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "notAdmin")];
|
|
1788
|
+
case 1:
|
|
1789
|
+
agent = _a.sent();
|
|
1790
|
+
return [4 /*yield*/, agent.delete("/food/".concat(spinach._id)).expect(400)];
|
|
1791
|
+
case 2:
|
|
1792
|
+
res = _a.sent();
|
|
1793
|
+
(0, bun_test_1.expect)(res.body.title).toBe("Custom preDelete APIError");
|
|
1794
|
+
(0, bun_test_1.expect)(res.body.disableExternalErrorTracking).toBe(true);
|
|
1795
|
+
return [2 /*return*/];
|
|
1796
|
+
}
|
|
1797
|
+
});
|
|
1798
|
+
}); });
|
|
1799
|
+
});
|
|
1800
|
+
(0, bun_test_1.describe)("special query params", function () {
|
|
1801
|
+
var admin;
|
|
1802
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1803
|
+
var _a;
|
|
1804
|
+
return __generator(this, function (_b) {
|
|
1805
|
+
switch (_b.label) {
|
|
1806
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
1807
|
+
case 1:
|
|
1808
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
|
|
1809
|
+
return [4 /*yield*/, tests_1.FoodModel.create({
|
|
1810
|
+
calories: 1,
|
|
1811
|
+
created: new Date("2021-12-03T00:00:20.000Z"),
|
|
1812
|
+
hidden: false,
|
|
1813
|
+
name: "Spinach",
|
|
1814
|
+
ownerId: admin._id,
|
|
1815
|
+
})];
|
|
1816
|
+
case 2:
|
|
1817
|
+
_b.sent();
|
|
1818
|
+
app = (0, tests_1.getBaseServer)();
|
|
1819
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
1820
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
1821
|
+
return [2 /*return*/];
|
|
1822
|
+
}
|
|
1823
|
+
});
|
|
1824
|
+
}); });
|
|
1825
|
+
(0, bun_test_1.it)("period query param is stripped from query", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1826
|
+
var res;
|
|
1827
|
+
return __generator(this, function (_a) {
|
|
1828
|
+
switch (_a.label) {
|
|
1829
|
+
case 0:
|
|
1830
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1831
|
+
allowAnonymous: true,
|
|
1832
|
+
permissions: {
|
|
1833
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1834
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1835
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1836
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1837
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1838
|
+
},
|
|
1839
|
+
queryFields: ["name", "period"],
|
|
1840
|
+
queryFilter: function (_user, query) {
|
|
1841
|
+
// Simulate a queryFilter that accepts and processes period
|
|
1842
|
+
if (query === null || query === void 0 ? void 0 : query.period) {
|
|
1843
|
+
// Period is processed but shouldn't be passed to mongo
|
|
1844
|
+
return query;
|
|
1845
|
+
}
|
|
1846
|
+
return query !== null && query !== void 0 ? query : {};
|
|
1847
|
+
},
|
|
1848
|
+
}));
|
|
1849
|
+
server = (0, supertest_1.default)(app);
|
|
1850
|
+
return [4 /*yield*/, server.get("/food?period=weekly").expect(200)];
|
|
1851
|
+
case 1:
|
|
1852
|
+
res = _a.sent();
|
|
1853
|
+
(0, bun_test_1.expect)(res.body.data).toBeDefined();
|
|
1854
|
+
return [2 /*return*/];
|
|
1855
|
+
}
|
|
1856
|
+
});
|
|
1857
|
+
}); });
|
|
1858
|
+
(0, bun_test_1.it)("query with false value", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1859
|
+
var res;
|
|
1860
|
+
return __generator(this, function (_a) {
|
|
1861
|
+
switch (_a.label) {
|
|
1862
|
+
case 0:
|
|
1863
|
+
// Create a food that is hidden
|
|
1864
|
+
return [4 /*yield*/, tests_1.FoodModel.create({
|
|
1865
|
+
calories: 50,
|
|
1866
|
+
created: new Date("2021-12-04T00:00:20.000Z"),
|
|
1867
|
+
hidden: true,
|
|
1868
|
+
name: "HiddenFood",
|
|
1869
|
+
ownerId: admin._id,
|
|
1870
|
+
})];
|
|
1871
|
+
case 1:
|
|
1872
|
+
// Create a food that is hidden
|
|
1873
|
+
_a.sent();
|
|
1874
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1875
|
+
allowAnonymous: true,
|
|
1876
|
+
permissions: {
|
|
1877
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1878
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1879
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1880
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1881
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1882
|
+
},
|
|
1883
|
+
queryFields: ["name", "hidden"],
|
|
1884
|
+
}));
|
|
1885
|
+
server = (0, supertest_1.default)(app);
|
|
1886
|
+
return [4 /*yield*/, server.get("/food?hidden=false").expect(200)];
|
|
1887
|
+
case 2:
|
|
1888
|
+
res = _a.sent();
|
|
1889
|
+
(0, bun_test_1.expect)(res.body.data.every(function (f) { return f.hidden === false; })).toBe(true);
|
|
1890
|
+
return [2 /*return*/];
|
|
1891
|
+
}
|
|
1892
|
+
});
|
|
1893
|
+
}); });
|
|
1894
|
+
(0, bun_test_1.it)("$search query triggers special handling code path", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1895
|
+
var res;
|
|
1896
|
+
return __generator(this, function (_a) {
|
|
1897
|
+
switch (_a.label) {
|
|
1898
|
+
case 0:
|
|
1899
|
+
// The $search code path just accesses the collection but doesn't do anything with it
|
|
1900
|
+
// This test verifies the code path is exercised
|
|
1901
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1902
|
+
allowAnonymous: true,
|
|
1903
|
+
permissions: {
|
|
1904
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1905
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1906
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1907
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1908
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1909
|
+
},
|
|
1910
|
+
// Need to include $search in queryFields for it to pass validation
|
|
1911
|
+
queryFields: ["name", "$search"],
|
|
1912
|
+
}));
|
|
1913
|
+
server = (0, supertest_1.default)(app);
|
|
1914
|
+
return [4 /*yield*/, server.get("/food?$search=test")];
|
|
1915
|
+
case 1:
|
|
1916
|
+
res = _a.sent();
|
|
1917
|
+
// May return 500 because $search is passed to Mongo which doesn't support it without Atlas
|
|
1918
|
+
// The important thing is we've exercised the code path
|
|
1919
|
+
(0, bun_test_1.expect)(res.status === 200 || res.status === 500).toBe(true);
|
|
1920
|
+
return [2 /*return*/];
|
|
1921
|
+
}
|
|
1922
|
+
});
|
|
1923
|
+
}); });
|
|
1924
|
+
(0, bun_test_1.it)("$autocomplete query triggers special handling code path", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1925
|
+
var res;
|
|
1926
|
+
return __generator(this, function (_a) {
|
|
1927
|
+
switch (_a.label) {
|
|
1928
|
+
case 0:
|
|
1929
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
1930
|
+
allowAnonymous: true,
|
|
1931
|
+
permissions: {
|
|
1932
|
+
create: [permissions_1.Permissions.IsAny],
|
|
1933
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
1934
|
+
list: [permissions_1.Permissions.IsAny],
|
|
1935
|
+
read: [permissions_1.Permissions.IsAny],
|
|
1936
|
+
update: [permissions_1.Permissions.IsAny],
|
|
1937
|
+
},
|
|
1938
|
+
queryFields: ["name", "$autocomplete"],
|
|
1939
|
+
}));
|
|
1940
|
+
server = (0, supertest_1.default)(app);
|
|
1941
|
+
return [4 /*yield*/, server.get("/food?$autocomplete=test")];
|
|
1942
|
+
case 1:
|
|
1943
|
+
res = _a.sent();
|
|
1944
|
+
(0, bun_test_1.expect)(res.status === 200 || res.status === 500).toBe(true);
|
|
1945
|
+
return [2 /*return*/];
|
|
1946
|
+
}
|
|
1947
|
+
});
|
|
1948
|
+
}); });
|
|
1949
|
+
});
|
|
1950
|
+
(0, bun_test_1.describe)("addPopulateToQuery", function () {
|
|
1951
|
+
(0, bun_test_1.it)("returns query unchanged with no populate paths", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1952
|
+
var query, result;
|
|
1953
|
+
return __generator(this, function (_a) {
|
|
1954
|
+
switch (_a.label) {
|
|
1955
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
1956
|
+
case 1:
|
|
1957
|
+
_a.sent();
|
|
1958
|
+
query = tests_1.FoodModel.find({});
|
|
1959
|
+
result = (0, api_1.addPopulateToQuery)(query, undefined);
|
|
1960
|
+
(0, bun_test_1.expect)(result).toBe(query);
|
|
1961
|
+
return [2 /*return*/];
|
|
1962
|
+
}
|
|
1963
|
+
});
|
|
1964
|
+
}); });
|
|
1965
|
+
(0, bun_test_1.it)("returns query unchanged with empty populate paths", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1966
|
+
var query, result;
|
|
1967
|
+
return __generator(this, function (_a) {
|
|
1968
|
+
switch (_a.label) {
|
|
1969
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
1970
|
+
case 1:
|
|
1971
|
+
_a.sent();
|
|
1972
|
+
query = tests_1.FoodModel.find({});
|
|
1973
|
+
result = (0, api_1.addPopulateToQuery)(query, []);
|
|
1974
|
+
(0, bun_test_1.expect)(result).toBe(query);
|
|
1975
|
+
return [2 /*return*/];
|
|
1976
|
+
}
|
|
1977
|
+
});
|
|
1978
|
+
}); });
|
|
1979
|
+
(0, bun_test_1.it)("applies multiple populate paths", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
1980
|
+
var query, result;
|
|
1981
|
+
return __generator(this, function (_a) {
|
|
1982
|
+
switch (_a.label) {
|
|
1983
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
1984
|
+
case 1:
|
|
1985
|
+
_a.sent();
|
|
1986
|
+
query = tests_1.FoodModel.find({});
|
|
1987
|
+
result = (0, api_1.addPopulateToQuery)(query, [
|
|
1988
|
+
{ fields: ["email"], path: "ownerId" },
|
|
1989
|
+
{ fields: ["name"], path: "eatenBy" },
|
|
1990
|
+
]);
|
|
1991
|
+
// The result should be a query with populate applied
|
|
1992
|
+
(0, bun_test_1.expect)(result).toBeDefined();
|
|
1993
|
+
return [2 /*return*/];
|
|
1994
|
+
}
|
|
1995
|
+
});
|
|
1996
|
+
}); });
|
|
1997
|
+
});
|
|
1998
|
+
(0, bun_test_1.describe)("soft delete with isDeleted plugin", function () {
|
|
1999
|
+
var admin;
|
|
2000
|
+
var agent;
|
|
2001
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2002
|
+
var _a;
|
|
2003
|
+
return __generator(this, function (_b) {
|
|
2004
|
+
switch (_b.label) {
|
|
2005
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
2006
|
+
case 1:
|
|
2007
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
|
|
2008
|
+
app = (0, tests_1.getBaseServer)();
|
|
2009
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
2010
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
2011
|
+
return [2 /*return*/];
|
|
2012
|
+
}
|
|
2013
|
+
});
|
|
2014
|
+
}); });
|
|
2015
|
+
(0, bun_test_1.it)("soft deletes user with deleted field", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2016
|
+
var res, deletedUser;
|
|
2017
|
+
return __generator(this, function (_a) {
|
|
2018
|
+
switch (_a.label) {
|
|
2019
|
+
case 0:
|
|
2020
|
+
// UserModel has the isDisabledPlugin which adds a 'disabled' field,
|
|
2021
|
+
// but we need to test the 'deleted' field check.
|
|
2022
|
+
// Let's use a model that has the deleted field.
|
|
2023
|
+
app.use("/users", (0, api_1.modelRouter)(tests_1.UserModel, {
|
|
2024
|
+
allowAnonymous: true,
|
|
2025
|
+
permissions: {
|
|
2026
|
+
create: [permissions_1.Permissions.IsAny],
|
|
2027
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
2028
|
+
list: [permissions_1.Permissions.IsAny],
|
|
2029
|
+
read: [permissions_1.Permissions.IsAny],
|
|
2030
|
+
update: [permissions_1.Permissions.IsAny],
|
|
2031
|
+
},
|
|
2032
|
+
}));
|
|
2033
|
+
server = (0, supertest_1.default)(app);
|
|
2034
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "notAdmin")];
|
|
2035
|
+
case 1:
|
|
2036
|
+
agent = _a.sent();
|
|
2037
|
+
return [4 /*yield*/, agent.delete("/users/".concat(admin._id)).expect(204)];
|
|
2038
|
+
case 2:
|
|
2039
|
+
res = _a.sent();
|
|
2040
|
+
(0, bun_test_1.expect)(res.body).toEqual({});
|
|
2041
|
+
return [4 /*yield*/, tests_1.UserModel.findById(admin._id)];
|
|
2042
|
+
case 3:
|
|
2043
|
+
deletedUser = _a.sent();
|
|
2044
|
+
(0, bun_test_1.expect)(deletedUser).toBeNull();
|
|
2045
|
+
return [2 /*return*/];
|
|
2046
|
+
}
|
|
2047
|
+
});
|
|
2048
|
+
}); });
|
|
2049
|
+
});
|
|
2050
|
+
(0, bun_test_1.describe)("populate in create", function () {
|
|
2051
|
+
var admin;
|
|
2052
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2053
|
+
var _a;
|
|
2054
|
+
return __generator(this, function (_b) {
|
|
2055
|
+
switch (_b.label) {
|
|
2056
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
2057
|
+
case 1:
|
|
2058
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
|
|
2059
|
+
return [4 /*yield*/, tests_1.FoodModel.create({
|
|
2060
|
+
calories: 1,
|
|
2061
|
+
created: new Date("2021-12-03T00:00:20.000Z"),
|
|
2062
|
+
hidden: false,
|
|
2063
|
+
name: "Spinach",
|
|
2064
|
+
ownerId: admin._id,
|
|
2065
|
+
})];
|
|
2066
|
+
case 2:
|
|
2067
|
+
_b.sent();
|
|
2068
|
+
app = (0, tests_1.getBaseServer)();
|
|
2069
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
2070
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
2071
|
+
return [2 /*return*/];
|
|
2072
|
+
}
|
|
2073
|
+
});
|
|
2074
|
+
}); });
|
|
2075
|
+
(0, bun_test_1.it)("handles populate with valid path in create", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2076
|
+
var res;
|
|
2077
|
+
return __generator(this, function (_a) {
|
|
2078
|
+
switch (_a.label) {
|
|
2079
|
+
case 0:
|
|
2080
|
+
// Test that valid populate works in create flow
|
|
2081
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
2082
|
+
allowAnonymous: true,
|
|
2083
|
+
permissions: {
|
|
2084
|
+
create: [permissions_1.Permissions.IsAny],
|
|
2085
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
2086
|
+
list: [permissions_1.Permissions.IsAny],
|
|
2087
|
+
read: [permissions_1.Permissions.IsAny],
|
|
2088
|
+
update: [permissions_1.Permissions.IsAny],
|
|
2089
|
+
},
|
|
2090
|
+
populatePaths: [{ fields: ["email"], path: "ownerId" }],
|
|
2091
|
+
}));
|
|
2092
|
+
server = (0, supertest_1.default)(app);
|
|
2093
|
+
return [4 /*yield*/, server
|
|
2094
|
+
.post("/food")
|
|
2095
|
+
.send({ calories: 15, name: "Broccoli", ownerId: admin._id })
|
|
2096
|
+
.expect(201)];
|
|
2097
|
+
case 1:
|
|
2098
|
+
res = _a.sent();
|
|
2099
|
+
(0, bun_test_1.expect)(res.body.data.name).toBe("Broccoli");
|
|
2100
|
+
// Verify populate worked - ownerId should be an object with email
|
|
2101
|
+
(0, bun_test_1.expect)(res.body.data.ownerId.email).toBe(admin.email);
|
|
2102
|
+
return [2 /*return*/];
|
|
2103
|
+
}
|
|
2104
|
+
});
|
|
2105
|
+
}); });
|
|
2106
|
+
});
|
|
2107
|
+
(0, bun_test_1.describe)("save error handling", function () {
|
|
2108
|
+
var admin;
|
|
2109
|
+
var spinach;
|
|
2110
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2111
|
+
var _a;
|
|
2112
|
+
return __generator(this, function (_b) {
|
|
2113
|
+
switch (_b.label) {
|
|
2114
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
2115
|
+
case 1:
|
|
2116
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
|
|
2117
|
+
return [4 /*yield*/, tests_1.FoodModel.create({
|
|
2118
|
+
calories: 1,
|
|
2119
|
+
created: new Date("2021-12-03T00:00:20.000Z"),
|
|
2120
|
+
hidden: false,
|
|
2121
|
+
name: "Spinach",
|
|
2122
|
+
ownerId: admin._id,
|
|
2123
|
+
source: {
|
|
2124
|
+
name: "Brand",
|
|
2125
|
+
},
|
|
2126
|
+
})];
|
|
2127
|
+
case 2:
|
|
2128
|
+
spinach = _b.sent();
|
|
2129
|
+
app = (0, tests_1.getBaseServer)();
|
|
2130
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
2131
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
2132
|
+
return [2 /*return*/];
|
|
2133
|
+
}
|
|
2134
|
+
});
|
|
2135
|
+
}); });
|
|
2136
|
+
(0, bun_test_1.it)("handles patch save error with validation failure", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2137
|
+
var res;
|
|
2138
|
+
return __generator(this, function (_a) {
|
|
2139
|
+
switch (_a.label) {
|
|
2140
|
+
case 0:
|
|
2141
|
+
// The FoodModel has strict: "throw" which will cause validation errors for unknown fields
|
|
2142
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
2143
|
+
allowAnonymous: true,
|
|
2144
|
+
permissions: {
|
|
2145
|
+
create: [permissions_1.Permissions.IsAny],
|
|
2146
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
2147
|
+
list: [permissions_1.Permissions.IsAny],
|
|
2148
|
+
read: [permissions_1.Permissions.IsAny],
|
|
2149
|
+
update: [permissions_1.Permissions.IsAny],
|
|
2150
|
+
},
|
|
2151
|
+
}));
|
|
2152
|
+
server = (0, supertest_1.default)(app);
|
|
2153
|
+
return [4 /*yield*/, server
|
|
2154
|
+
.patch("/food/".concat(spinach._id))
|
|
2155
|
+
.send({ invalidField: "value" })
|
|
2156
|
+
.expect(400)];
|
|
2157
|
+
case 1:
|
|
2158
|
+
res = _a.sent();
|
|
2159
|
+
(0, bun_test_1.expect)(res.body.title).toContain("preUpdate hook save error");
|
|
2160
|
+
return [2 /*return*/];
|
|
2161
|
+
}
|
|
2162
|
+
});
|
|
2163
|
+
}); });
|
|
2164
|
+
});
|
|
2165
|
+
(0, bun_test_1.describe)("body undefined after transform without preCreate", function () {
|
|
2166
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2167
|
+
return __generator(this, function (_a) {
|
|
2168
|
+
switch (_a.label) {
|
|
2169
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
2170
|
+
case 1:
|
|
2171
|
+
_a.sent();
|
|
2172
|
+
app = (0, tests_1.getBaseServer)();
|
|
2173
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
2174
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
2175
|
+
return [2 /*return*/];
|
|
2176
|
+
}
|
|
2177
|
+
});
|
|
2178
|
+
}); });
|
|
2179
|
+
(0, bun_test_1.it)("handles undefined body after transform when no preCreate", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2180
|
+
var res;
|
|
2181
|
+
return __generator(this, function (_a) {
|
|
2182
|
+
switch (_a.label) {
|
|
2183
|
+
case 0:
|
|
2184
|
+
// Create a transformer that returns undefined
|
|
2185
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
2186
|
+
allowAnonymous: true,
|
|
2187
|
+
permissions: {
|
|
2188
|
+
create: [permissions_1.Permissions.IsAny],
|
|
2189
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
2190
|
+
list: [permissions_1.Permissions.IsAny],
|
|
2191
|
+
read: [permissions_1.Permissions.IsAny],
|
|
2192
|
+
update: [permissions_1.Permissions.IsAny],
|
|
2193
|
+
},
|
|
2194
|
+
transformer: {
|
|
2195
|
+
transform: function () { return undefined; },
|
|
2196
|
+
},
|
|
2197
|
+
}));
|
|
2198
|
+
server = (0, supertest_1.default)(app);
|
|
2199
|
+
return [4 /*yield*/, server.post("/food").send({ calories: 15, name: "Broccoli" }).expect(400)];
|
|
2200
|
+
case 1:
|
|
2201
|
+
res = _a.sent();
|
|
2202
|
+
(0, bun_test_1.expect)(res.body.title).toBe("Invalid request body");
|
|
2203
|
+
(0, bun_test_1.expect)(res.body.detail).toBe("Body is undefined");
|
|
2204
|
+
return [2 /*return*/];
|
|
2205
|
+
}
|
|
2206
|
+
});
|
|
2207
|
+
}); });
|
|
2208
|
+
});
|
|
2209
|
+
(0, bun_test_1.describe)("soft delete with deleted field", function () {
|
|
2210
|
+
var _admin;
|
|
2211
|
+
var agent;
|
|
2212
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2213
|
+
var _a;
|
|
2214
|
+
return __generator(this, function (_b) {
|
|
2215
|
+
switch (_b.label) {
|
|
2216
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
2217
|
+
case 1:
|
|
2218
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), _admin = _a[0];
|
|
2219
|
+
app = (0, tests_1.getBaseServer)();
|
|
2220
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
2221
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
2222
|
+
return [2 /*return*/];
|
|
2223
|
+
}
|
|
2224
|
+
});
|
|
2225
|
+
}); });
|
|
2226
|
+
(0, bun_test_1.it)("soft deletes document with deleted field using isDeletedPlugin", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2227
|
+
var mongoose, softDeleteSchema, SoftDeleteModel, testDoc, softDeleted;
|
|
2228
|
+
return __generator(this, function (_a) {
|
|
2229
|
+
switch (_a.label) {
|
|
2230
|
+
case 0: return [4 /*yield*/, Promise.resolve().then(function () { return __importStar(require("mongoose")); })];
|
|
2231
|
+
case 1:
|
|
2232
|
+
mongoose = _a.sent();
|
|
2233
|
+
softDeleteSchema = new mongoose.Schema({
|
|
2234
|
+
deleted: { default: false, type: Boolean },
|
|
2235
|
+
name: String,
|
|
2236
|
+
});
|
|
2237
|
+
try {
|
|
2238
|
+
SoftDeleteModel = mongoose.model("SoftDeleteTest");
|
|
2239
|
+
}
|
|
2240
|
+
catch (_b) {
|
|
2241
|
+
SoftDeleteModel = mongoose.model("SoftDeleteTest", softDeleteSchema);
|
|
2242
|
+
}
|
|
2243
|
+
// Clean up any existing documents
|
|
2244
|
+
return [4 /*yield*/, SoftDeleteModel.deleteMany({})];
|
|
2245
|
+
case 2:
|
|
2246
|
+
// Clean up any existing documents
|
|
2247
|
+
_a.sent();
|
|
2248
|
+
return [4 /*yield*/, SoftDeleteModel.create({ name: "TestItem" })];
|
|
2249
|
+
case 3:
|
|
2250
|
+
testDoc = _a.sent();
|
|
2251
|
+
app.use("/softdelete", (0, api_1.modelRouter)(SoftDeleteModel, {
|
|
2252
|
+
allowAnonymous: true,
|
|
2253
|
+
permissions: {
|
|
2254
|
+
create: [permissions_1.Permissions.IsAny],
|
|
2255
|
+
delete: [permissions_1.Permissions.IsAny],
|
|
2256
|
+
list: [permissions_1.Permissions.IsAny],
|
|
2257
|
+
read: [permissions_1.Permissions.IsAny],
|
|
2258
|
+
update: [permissions_1.Permissions.IsAny],
|
|
2259
|
+
},
|
|
2260
|
+
}));
|
|
2261
|
+
server = (0, supertest_1.default)(app);
|
|
2262
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "notAdmin")];
|
|
2263
|
+
case 4:
|
|
2264
|
+
agent = _a.sent();
|
|
2265
|
+
// Delete should soft delete (set deleted: true) instead of hard delete
|
|
2266
|
+
return [4 /*yield*/, agent.delete("/softdelete/".concat(testDoc._id)).expect(204)];
|
|
2267
|
+
case 5:
|
|
2268
|
+
// Delete should soft delete (set deleted: true) instead of hard delete
|
|
2269
|
+
_a.sent();
|
|
2270
|
+
return [4 /*yield*/, SoftDeleteModel.findById(testDoc._id)];
|
|
2271
|
+
case 6:
|
|
2272
|
+
softDeleted = _a.sent();
|
|
2273
|
+
(0, bun_test_1.expect)(softDeleted).not.toBeNull();
|
|
2274
|
+
(0, bun_test_1.expect)(softDeleted === null || softDeleted === void 0 ? void 0 : softDeleted.deleted).toBe(true);
|
|
2275
|
+
// Clean up
|
|
2276
|
+
return [4 /*yield*/, SoftDeleteModel.deleteMany({})];
|
|
2277
|
+
case 7:
|
|
2278
|
+
// Clean up
|
|
2279
|
+
_a.sent();
|
|
2280
|
+
return [2 /*return*/];
|
|
2281
|
+
}
|
|
2282
|
+
});
|
|
2283
|
+
}); });
|
|
2284
|
+
});
|
|
2285
|
+
(0, bun_test_1.describe)("array operation with undefined preUpdate return", function () {
|
|
2286
|
+
var admin;
|
|
2287
|
+
var apple;
|
|
2288
|
+
var agent;
|
|
2289
|
+
(0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2290
|
+
var _a;
|
|
2291
|
+
return __generator(this, function (_b) {
|
|
2292
|
+
switch (_b.label) {
|
|
2293
|
+
case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
|
|
2294
|
+
case 1:
|
|
2295
|
+
_a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
|
|
2296
|
+
return [4 /*yield*/, tests_1.FoodModel.create({
|
|
2297
|
+
calories: 100,
|
|
2298
|
+
categories: [
|
|
2299
|
+
{ name: "Fruit", show: true },
|
|
2300
|
+
{ name: "Popular", show: false },
|
|
2301
|
+
],
|
|
2302
|
+
created: new Date("2021-12-03T00:00:30.000Z"),
|
|
2303
|
+
hidden: false,
|
|
2304
|
+
name: "Apple",
|
|
2305
|
+
ownerId: admin._id,
|
|
2306
|
+
tags: ["healthy", "cheap"],
|
|
2307
|
+
})];
|
|
2308
|
+
case 2:
|
|
2309
|
+
apple = _b.sent();
|
|
2310
|
+
app = (0, tests_1.getBaseServer)();
|
|
2311
|
+
(0, auth_1.setupAuth)(app, tests_1.UserModel);
|
|
2312
|
+
(0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
|
|
2313
|
+
return [2 /*return*/];
|
|
2314
|
+
}
|
|
2315
|
+
});
|
|
2316
|
+
}); });
|
|
2317
|
+
(0, bun_test_1.it)("array operation preUpdate returning undefined for array POST throws error", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2318
|
+
var res;
|
|
2319
|
+
return __generator(this, function (_a) {
|
|
2320
|
+
switch (_a.label) {
|
|
2321
|
+
case 0:
|
|
2322
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
2323
|
+
allowAnonymous: true,
|
|
2324
|
+
permissions: {
|
|
2325
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
2326
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
2327
|
+
list: [permissions_1.Permissions.IsAdmin],
|
|
2328
|
+
read: [permissions_1.Permissions.IsAdmin],
|
|
2329
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
2330
|
+
},
|
|
2331
|
+
preUpdate: function () { return undefined; },
|
|
2332
|
+
}));
|
|
2333
|
+
server = (0, supertest_1.default)(app);
|
|
2334
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
|
|
2335
|
+
case 1:
|
|
2336
|
+
agent = _a.sent();
|
|
2337
|
+
return [4 /*yield*/, agent.post("/food/".concat(apple._id, "/tags")).send({ tags: "organic" }).expect(403)];
|
|
2338
|
+
case 2:
|
|
2339
|
+
res = _a.sent();
|
|
2340
|
+
(0, bun_test_1.expect)(res.body.title).toBe("Update not allowed");
|
|
2341
|
+
(0, bun_test_1.expect)(res.body.detail).toBe("A body must be returned from preUpdate");
|
|
2342
|
+
return [2 /*return*/];
|
|
2343
|
+
}
|
|
2344
|
+
});
|
|
2345
|
+
}); });
|
|
2346
|
+
(0, bun_test_1.it)("array operation preUpdate returning null for array PATCH throws error", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2347
|
+
var res;
|
|
2348
|
+
return __generator(this, function (_a) {
|
|
2349
|
+
switch (_a.label) {
|
|
2350
|
+
case 0:
|
|
2351
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
2352
|
+
allowAnonymous: true,
|
|
2353
|
+
permissions: {
|
|
2354
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
2355
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
2356
|
+
list: [permissions_1.Permissions.IsAdmin],
|
|
2357
|
+
read: [permissions_1.Permissions.IsAdmin],
|
|
2358
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
2359
|
+
},
|
|
2360
|
+
preUpdate: function () { return null; },
|
|
2361
|
+
}));
|
|
2362
|
+
server = (0, supertest_1.default)(app);
|
|
2363
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
|
|
2364
|
+
case 1:
|
|
2365
|
+
agent = _a.sent();
|
|
2366
|
+
return [4 /*yield*/, agent
|
|
2367
|
+
.patch("/food/".concat(apple._id, "/tags/healthy"))
|
|
2368
|
+
.send({ tags: "unhealthy" })
|
|
2369
|
+
.expect(403)];
|
|
2370
|
+
case 2:
|
|
2371
|
+
res = _a.sent();
|
|
2372
|
+
(0, bun_test_1.expect)(res.body.title).toBe("Update not allowed");
|
|
2373
|
+
return [2 /*return*/];
|
|
2374
|
+
}
|
|
2375
|
+
});
|
|
2376
|
+
}); });
|
|
2377
|
+
(0, bun_test_1.it)("array operation preUpdate error for array DELETE is handled", function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
2378
|
+
var res;
|
|
2379
|
+
return __generator(this, function (_a) {
|
|
2380
|
+
switch (_a.label) {
|
|
2381
|
+
case 0:
|
|
2382
|
+
app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
|
|
2383
|
+
allowAnonymous: true,
|
|
2384
|
+
permissions: {
|
|
2385
|
+
create: [permissions_1.Permissions.IsAdmin],
|
|
2386
|
+
delete: [permissions_1.Permissions.IsAdmin],
|
|
2387
|
+
list: [permissions_1.Permissions.IsAdmin],
|
|
2388
|
+
read: [permissions_1.Permissions.IsAdmin],
|
|
2389
|
+
update: [permissions_1.Permissions.IsAdmin],
|
|
2390
|
+
},
|
|
2391
|
+
preUpdate: function () {
|
|
2392
|
+
throw new Error("preUpdate error during delete");
|
|
2393
|
+
},
|
|
2394
|
+
}));
|
|
2395
|
+
server = (0, supertest_1.default)(app);
|
|
2396
|
+
return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
|
|
2397
|
+
case 1:
|
|
2398
|
+
agent = _a.sent();
|
|
2399
|
+
return [4 /*yield*/, agent.delete("/food/".concat(apple._id, "/tags/healthy")).expect(400)];
|
|
2400
|
+
case 2:
|
|
2401
|
+
res = _a.sent();
|
|
2402
|
+
(0, bun_test_1.expect)(res.body.title).toContain("preUpdate hook error");
|
|
2403
|
+
return [2 /*return*/];
|
|
2404
|
+
}
|
|
2405
|
+
});
|
|
2406
|
+
}); });
|
|
1503
2407
|
});
|
|
1504
2408
|
});
|