npm - @tstdl/base - Versions diffs - 0.93.90 → 0.93.91 - Mend

@tstdl/base 0.93.90 → 0.93.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/authentication/client/authentication.service.js CHANGED Viewed

@@ -9,7 +9,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 import { Subject, filter, firstValueFrom, race, timer } from 'rxjs';
 import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
-import { isNode } from '../../environment.js';
 import { BadRequestError } from '../../errors/bad-request.error.js';
 import { ForbiddenError } from '../../errors/forbidden.error.js';
 import { InvalidTokenError } from '../../errors/invalid-token.error.js';
@@ -24,7 +23,7 @@ import { computed, signal, toObservable } from '../../signals/api.js';
 import { currentTimestampSeconds } from '../../utils/date-time.js';
 import { formatError } from '../../utils/format-error.js';
 import { timeout } from '../../utils/timing.js';
-import { assertDefinedPass, isDefined, isNullOrUndefined, isUndefined } from '../../utils/type-guards.js';
+import { assertDefinedPass, isDefined, isNotFunction, isNullOrUndefined, isUndefined } from '../../utils/type-guards.js';
 import { millisecondsPerSecond } from '../../utils/units.js';
 import { AUTHENTICATION_API_CLIENT, INITIAL_AUTHENTICATION_DATA } from './tokens.js';
 const tokenStorageKey = 'AuthenticationService:token';
@@ -47,7 +46,6 @@ const unrecoverableErrors = [
     NotSupportedError,
     UnauthorizedError,
 ];
-const localStorage = isNode ? undefined : globalThis.localStorage;
 /**
  * Handles authentication on client side.
  *
@@ -380,39 +378,52 @@ let AuthenticationClientService = class AuthenticationClientService {
             try {
                 const token = this.token();
                 if (isUndefined(token)) {
-                    // Wait for login, dispose, or forced refresh
-                    await firstValueFrom(race([this.definedToken$, this.disposeToken, this.forceRefreshToken]));
+                    // Wait for login or dispose.
+                    // We ignore forceRefreshToken here because we can't refresh without a token.
+                    await firstValueFrom(race([this.definedToken$, this.disposeToken]));
                     continue;
                 }
                 const now = this.estimatedServerTimestampSeconds();
-                const needsRefresh = this.forceRefreshToken.isSet || (now >= (token.exp - refreshBufferSeconds));
+                const forceRefresh = this.forceRefreshToken.isSet;
+                const needsRefresh = forceRefresh || (now >= (token.exp - refreshBufferSeconds));
                 if (needsRefresh) {
-                    // Only take the lock when we actually intend to refresh.
-                    // Using tryUse(undefined, ...) ensures we try once and don't block if another instance is already refreshing.
+                    let lockAcquired = false;
                     await this.lock.tryUse(undefined, async () => {
-                        // Re-check conditions inside the lock to avoid redundant refreshes if another instance just did it.
+                        lockAcquired = true;
                         const currentToken = this.token();
                         const currentNow = this.estimatedServerTimestampSeconds();
                         const stillNeedsRefresh = isDefined(currentToken) && (this.forceRefreshToken.isSet || (currentNow >= (currentToken.exp - refreshBufferSeconds)));
                         if (stillNeedsRefresh) {
-                            this.forceRefreshToken.unset();
                             await this.refresh();
+                            this.forceRefreshToken.unset();
                         }
                     });
+                    if (!lockAcquired) {
+                        // Lock held by another instance, wait 5 seconds or until state/token changes.
+                        // We ignore forceRefreshToken here to avoid a busy loop if it is already set.
+                        await firstValueFrom(race([timer(5000), this.disposeToken, this.token$.pipe(filter((t) => t !== token))]));
+                        continue;
+                    }
                 }
                 const delay = ((this.token()?.exp ?? 0) - this.estimatedServerTimestampSeconds() - refreshBufferSeconds) * millisecondsPerSecond;
-                // Ensure delay is at least 0 to avoid tight loop, or wait longer if not logged in.
-                // If not logged in after refresh attempt (e.g. session invalidated), we wait for login.
-                if (isUndefined(this.token()) || (delay < 0)) {
-                    await firstValueFrom(race([this.definedToken$, this.disposeToken, this.forceRefreshToken, timer(5000)]));
+                const wakeUpSignals = [
+                    this.disposeToken,
+                    this.token$.pipe(filter((t) => t != token)),
+                ];
+                if (!forceRefresh) {
+                    wakeUpSignals.push(this.forceRefreshToken);
+                }
+                if (delay > 0) {
+                    await firstValueFrom(race([timer(delay), ...wakeUpSignals]));
                 }
                 else {
-                    await firstValueFrom(race([timer(delay), this.disposeToken, this.forceRefreshToken]));
+                    // If expired (or within buffer) and we didn't refresh (e.g. refresh failed or lock contention), wait a bit to avoid tight loop
+                    await firstValueFrom(race([timer(5000), ...wakeUpSignals]));
                 }
             }
             catch (error) {
                 this.logger.error(error);
-                await firstValueFrom(race([timer(5000), this.disposeToken, this.forceRefreshToken]));
+                await firstValueFrom(race([timer(5000), this.disposeToken, this.token$.pipe(filter((t) => t !== this.token()))]));
             }
         }
     }
@@ -454,7 +465,11 @@ let AuthenticationClientService = class AuthenticationClientService {
     }
     readFromStorage(key) {
         try {
-            const serialized = localStorage?.getItem(key);
+            const storage = globalThis.localStorage;
+            if (isUndefined(storage) || (isNotFunction(storage.getItem))) {
+                return undefined;
+            }
+            const serialized = storage.getItem(key);
             if (isNullOrUndefined(serialized)) {
                 return undefined;
             }
@@ -467,12 +482,16 @@ let AuthenticationClientService = class AuthenticationClientService {
     }
     writeToStorage(key, value) {
         try {
+            const storage = globalThis.localStorage;
+            if (isUndefined(storage) || (isNotFunction(storage.setItem)) || (isNotFunction(storage.removeItem))) {
+                return;
+            }
             if (isUndefined(value)) {
-                localStorage?.removeItem(key);
+                storage.removeItem(key);
             }
             else {
                 const serialized = JSON.stringify(value);
-                localStorage?.setItem(key, serialized);
+                storage.setItem(key, serialized);
             }
         }
         catch (error) {

package/authentication/models/subject.model.js CHANGED Viewed

@@ -7,13 +7,13 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
+import { match } from 'ts-pattern';
 import { defineEnum } from '../../enumeration/enumeration.js';
 import { formatPersonName } from '../../formats/formats.js';
 import { TenantEntity } from '../../orm/entity.js';
 import { Inheritance, Table, Unique } from '../../orm/index.js';
 import { TimestampProperty } from '../../orm/schemas/timestamp.js';
 import { Enumeration } from '../../schema/index.js';
-import { match } from 'ts-pattern';
 export const SubjectType = defineEnum('SubjectType', {
     System: 'system',
     User: 'user',

package/authentication/tests/authentication.client-service-methods.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/authentication/tests/authentication.client-service-methods.test.js ADDED Viewed

@@ -0,0 +1,131 @@
+import { describe, expect, test, vi, beforeEach, afterEach } from 'vitest';
+import { Subject } from 'rxjs';
+import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
+import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
+import { Lock } from '../../lock/index.js';
+import { Logger } from '../../logger/index.js';
+import { MessageBus } from '../../message-bus/index.js';
+import { Injector } from '../../injector/index.js';
+import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
+import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
+describe('AuthenticationClientService Methods', () => {
+    let injector;
+    let service;
+    let mockApiClient;
+    let mockLock;
+    let mockMessageBus;
+    let mockLogger;
+    beforeEach(() => {
+        const storage = new Map();
+        globalThis.localStorage = {
+            getItem: vi.fn((key) => storage.get(key) ?? null),
+            setItem: vi.fn((key, value) => storage.set(key, value)),
+            removeItem: vi.fn((key) => storage.delete(key)),
+            clear: vi.fn(() => storage.clear()),
+        };
+        configureDefaultSignalsImplementation();
+        injector = new Injector('TestInjector');
+        mockApiClient = {
+            login: vi.fn(),
+            refresh: vi.fn(),
+            impersonate: vi.fn(),
+            unimpersonate: vi.fn(),
+            changeSecret: vi.fn(),
+            initSecretReset: vi.fn(),
+            resetSecret: vi.fn(),
+            checkSecret: vi.fn(),
+            timestamp: vi.fn().mockResolvedValue(Math.floor(Date.now() / 1000)),
+            endSession: vi.fn().mockResolvedValue(undefined),
+        };
+        mockLock = {
+            tryUse: vi.fn(async (_timeout, callback) => {
+                const result = await callback({ lost: false });
+                return { success: true, result };
+            }),
+            use: vi.fn(async (_timeout, callback) => {
+                return await callback({ lost: false });
+            }),
+        };
+        mockMessageBus = {
+            publishAndForget: vi.fn(),
+            messages$: new Subject(),
+            dispose: vi.fn(),
+        };
+        mockLogger = {
+            error: vi.fn(),
+            warn: vi.fn(),
+            info: vi.fn(),
+            debug: vi.fn(),
+        };
+        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
+        injector.register(Lock, { useValue: mockLock });
+        injector.register(MessageBus, { useValue: mockMessageBus });
+        injector.register(Logger, { useValue: mockLogger });
+        const disposeToken = new CancellationToken();
+        injector.register(CancellationSignal, { useValue: disposeToken.signal });
+        service = injector.resolve(AuthenticationClientService);
+    });
+    afterEach(async () => {
+        await service.dispose();
+    });
+    test('impersonate should acquire lock and call api', async () => {
+        const token = { exp: Date.now() + 3600, jti: 'impersonated-token', subject: 'sub', impersonator: 'admin' };
+        mockApiClient.impersonate.mockResolvedValue(token);
+        await service.impersonate('target-subject');
+        expect(mockLock.use).toHaveBeenCalled();
+        expect(mockApiClient.impersonate).toHaveBeenCalledWith({ subject: 'target-subject', data: undefined });
+        expect(service.token()).toEqual(token);
+        expect(service.impersonated()).toBe(true);
+    });
+    test('impersonate should fail if already impersonating', async () => {
+        const token = { exp: Date.now() + 3600, jti: 'impersonated-token', subject: 'sub', impersonator: 'admin' };
+        service.setNewToken(token); // Force state
+        await expect(service.impersonate('another-target')).rejects.toThrow('Already impersonating');
+    });
+    test('unimpersonate should acquire lock and call api', async () => {
+        const token = { exp: Date.now() + 3600, jti: 'original-token', subject: 'admin' };
+        mockApiClient.unimpersonate.mockResolvedValue(token);
+        await service.unimpersonate();
+        expect(mockLock.use).toHaveBeenCalled();
+        expect(mockApiClient.unimpersonate).toHaveBeenCalled();
+        expect(service.token()).toEqual(token);
+    });
+    test('changeSecret should call api', async () => {
+        await service.changeSecret({ tenantId: 't', subject: 's' }, 'old', 'new');
+        expect(mockApiClient.changeSecret).toHaveBeenCalledWith({ tenantId: 't', subject: 's', currentSecret: 'old', newSecret: 'new' });
+    });
+    test('initResetSecret should call api', async () => {
+        await service.initResetSecret({ tenantId: 't', subject: 's' }, { some: 'data' });
+        expect(mockApiClient.initSecretReset).toHaveBeenCalledWith({ tenantId: 't', subject: 's', data: { some: 'data' } });
+    });
+    test('resetSecret should call api', async () => {
+        await service.resetSecret('token', 'new-secret');
+        expect(mockApiClient.resetSecret).toHaveBeenCalledWith({ token: 'token', newSecret: 'new-secret' });
+    });
+    test('updateRawTokens should update signals and storage', async () => {
+        service.updateRawTokens('raw', 'refresh', 'impersonator');
+        expect(service.rawToken()).toBe('raw');
+        expect(service.rawRefreshToken()).toBe('refresh');
+        expect(service.rawImpersonatorRefreshToken()).toBe('impersonator');
+        expect(globalThis.localStorage.setItem).toHaveBeenCalledWith('AuthenticationService:raw-token', JSON.stringify('raw'));
+    });
+    test('impersonate should rollback data on failure', async () => {
+        service.setAdditionalData({ role: 'admin' });
+        const originalData = service.authenticationData;
+        mockApiClient.impersonate.mockRejectedValue(new Error('Impersonation failed'));
+        await expect(service.impersonate('target')).rejects.toThrow('Impersonation failed');
+        // Should have restored original data
+        expect(service.authenticationData).toEqual(originalData);
+        expect(service.impersonatorAuthenticationData).toBeUndefined();
+    });
+    test('unimpersonate should handle failure', async () => {
+        mockApiClient.unimpersonate.mockRejectedValue(new Error('Unimpersonation failed'));
+        await expect(service.unimpersonate()).rejects.toThrow('Unimpersonation failed');
+    });
+    test('syncClock should handle errors gracefully', async () => {
+        mockApiClient.timestamp.mockRejectedValue(new Error('Time sync failed'));
+        await service.syncClock();
+        expect(mockLogger.warn).toHaveBeenCalledWith(expect.stringContaining('Failed to synchronize clock'));
+        expect(service.clockOffset).toBe(0);
+    });
+});

package/authentication/tests/authentication.client-service-refresh.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/authentication/tests/authentication.client-service-refresh.test.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { Subject } from 'rxjs';
+import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
+import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
+import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
+import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
+import { Injector } from '../../injector/index.js';
+import { Lock } from '../../lock/index.js';
+import { Logger } from '../../logger/index.js';
+import { MessageBus } from '../../message-bus/index.js';
+import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
+import { timeout } from '../../utils/timing.js';
+describe('AuthenticationClientService Refresh Loop Reproduction', () => {
+    let injector;
+    let service;
+    let mockApiClient;
+    let mockLock;
+    let mockMessageBus;
+    let mockLogger;
+    beforeEach(() => {
+        const storage = new Map();
+        globalThis.localStorage = {
+            getItem: vi.fn((key) => storage.get(key) ?? null),
+            setItem: vi.fn((key, value) => storage.set(key, value)),
+            removeItem: vi.fn((key) => storage.delete(key)),
+            clear: vi.fn(() => storage.clear()),
+        };
+        configureDefaultSignalsImplementation();
+        injector = new Injector('Test');
+        mockApiClient = {
+            login: vi.fn(),
+            refresh: vi.fn(),
+            timestamp: vi.fn().mockResolvedValue(Math.floor(Date.now() / 1000)),
+            endSession: vi.fn().mockResolvedValue(undefined),
+        };
+        mockLock = {
+            tryUse: vi.fn(async (_timeout, callback) => {
+                const result = await callback({ lost: false });
+                return { success: true, result };
+            }),
+            use: vi.fn(async (_timeout, callback) => {
+                return await callback({ lost: false });
+            }),
+        };
+        mockMessageBus = {
+            publishAndForget: vi.fn(),
+            messages$: new Subject(),
+            dispose: vi.fn(),
+        };
+        mockLogger = {
+            error: vi.fn(),
+            warn: vi.fn(),
+            info: vi.fn(),
+            debug: vi.fn(),
+        };
+        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
+        injector.register(Lock, { useValue: mockLock });
+        injector.register(MessageBus, { useValue: mockMessageBus });
+        injector.register(Logger, { useValue: mockLogger });
+        const disposeToken = new CancellationToken();
+        injector.register(CancellationSignal, { useValue: disposeToken.signal });
+    });
+    afterEach(async () => {
+        await service.dispose();
+    });
+    test('Zombie Timer: loop should wake up immediately when token changes', async () => {
+        // 1. Mock a long expiration
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 3600, jti: 'initial' };
+        // Set in storage so initialize() (called by resolve) loads it
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        service = injector.resolve(AuthenticationClientService);
+        // Wait for loop to enter the race condition (wait phase)
+        await timeout(100);
+        // 2. Change token
+        const newToken = { exp: now + 3600, jti: 'new' };
+        mockApiClient.refresh.mockResolvedValue(newToken);
+        service.requestRefresh(); // This should trigger immediate wake up
+        // Wait for loop to process
+        await timeout(100);
+        expect(mockApiClient.refresh).toHaveBeenCalled();
+    });
+    test('Forced Refresh Loss: forceRefreshToken should not be cleared on failure', async () => {
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 3600, jti: 'initial' };
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        service = injector.resolve(AuthenticationClientService);
+        await timeout(100);
+        // 1. Mock refresh failure
+        mockApiClient.refresh.mockRejectedValue(new Error('Network Error'));
+        service.requestRefresh();
+        // Wait for loop to attempt refresh and fail
+        await timeout(200);
+        expect(mockApiClient.refresh).toHaveBeenCalled();
+        expect(service.forceRefreshToken.isSet).toBe(true); // Should STILL be set
+    });
+    test('Lock Contention Backoff: should wait 5 seconds and not busy-loop', async () => {
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 5, jti: 'initial' }; // Expiring soon
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        // 1. Mock lock already held
+        mockLock.tryUse.mockResolvedValue(undefined); // lockAcquired = false
+        const startTime = Date.now();
+        service = injector.resolve(AuthenticationClientService);
+        // We expect it to try once, fail to get lock, and then wait 5 seconds.
+        await timeout(300);
+        expect(mockLock.tryUse).toHaveBeenCalledTimes(1);
+        // Check if it's still waiting (not finished loop)
+        const duration = Date.now() - startTime;
+        expect(duration).toBeLessThan(1000);
+    });
+    test('Busy Loop: should not busy loop when forceRefreshToken is set and lock is held', async () => {
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 3600, jti: 'initial' };
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        // Mock lock already held
+        mockLock.tryUse.mockResolvedValue(undefined);
+        service = injector.resolve(AuthenticationClientService);
+        await timeout(100);
+        service.requestRefresh(); // Set the flag
+        await timeout(300);
+        // If it busy loops, this will be much higher than 1.
+        expect(mockLock.tryUse.mock.calls.length).toBeLessThan(5);
+    });
+});

package/http/server/http-server.d.ts CHANGED Viewed

@@ -7,8 +7,14 @@ export type HttpServerRequestContext<Context = unknown> = {
 };
 export declare abstract class HttpServer<Context = unknown> implements AsyncIterable<HttpServerRequestContext<Context>>, AsyncDisposable {
     abstract readonly connectedSocketsCount: number;
-    abstract readonly port: number;
-    abstract readonly address: string;
+    /**
+     * The port the server is listening on, or `null` if not listening.
+     */
+    abstract readonly port: number | null;
+    /**
+     * The address the server is listening on, or `null` if not listening.
+     */
+    abstract readonly address: string | null;
     abstract listen(port: number): Promise<void>;
     abstract close(timeout: number): Promise<void>;
     abstract [Symbol.asyncIterator](): AsyncIterator<HttpServerRequestContext<Context>>;

package/http/server/node/node-http-server.d.ts CHANGED Viewed

@@ -9,8 +9,8 @@ export declare class NodeHttpServer extends HttpServer<NodeHttpServerContext> im
     #private;
     private untrackConnectedSockets?;
     get connectedSocketsCount(): number;
-    get port(): number;
-    get address(): string;
+    get port(): number | null;
+    get address(): string | null;
     [afterResolve](): void;
     [Symbol.asyncDispose](): Promise<void>;
     listen(port: number): Promise<void>;

package/http/server/node/node-http-server.js CHANGED Viewed

@@ -35,10 +35,10 @@ let NodeHttpServer = NodeHttpServer_1 = class NodeHttpServer extends HttpServer
         return this.#sockets.size;
     }
     get port() {
-        return this.#httpServer.address().port;
+        return this.#httpServer.address()?.port ?? null;
     }
     get address() {
-        return this.#httpServer.address().address;
+        return this.#httpServer.address()?.address ?? null;
     }
     [afterResolve]() {
         this.#httpServer.on('request', (request, response) => this.#requestIterable.feed({ request, response }));

package/module/modules/web-server.module.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import { Injector } from '../../injector/injector.js';
 import type { resolveArgumentType } from '../../injector/interfaces.js';
 import { Module } from '../module.js';
 export declare class WebServerModuleConfiguration {
-    port: number;
+    port?: number;
 }
 export declare class WebServerModule extends Module {
     private readonly config;

package/module/modules/web-server.module.js CHANGED Viewed

@@ -37,7 +37,7 @@ let WebServerModule = class WebServerModule extends Module {
     }
     async _run(cancellationSignal) {
         this.initialize();
-        await this.httpServer.listen(this.config.port);
+        await this.httpServer.listen(this.config.port ?? 8000);
         const closePromise = cancellationSignal.$set.then(async () => {
             await this.httpServer[Symbol.asyncDispose]();
         });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tstdl/base",
-  "version": "0.93.90",
+  "version": "0.93.91",
   "author": "Patrick Hein",
   "publishConfig": {
     "access": "public"

package/unit-test/integration-setup.js CHANGED Viewed

@@ -21,7 +21,7 @@ import { configureDefaultSignalsImplementation } from '../signals/implementation
 import { configurePostgresTaskQueue, migratePostgresTaskQueueSchema } from '../task-queue/postgres/index.js';
 import * as configParser from '../utils/config-parser.js';
 import { objectEntries } from '../utils/object/object.js';
-import { isDefined } from '../utils/type-guards.js';
+import { isDefined, isNotNull } from '../utils/type-guards.js';
 /**
  * Standard setup for integration tests.
  */
@@ -109,7 +109,7 @@ export async function setupIntegrationTest(options = {}) {
                 authenticationApiClient: AuthenticationApiClient,
                 registerMiddleware: true,
             }, injector);
-            if (options.modules?.webServer ?? options.modules?.api ?? options.modules?.authentication) {
+            if (options.modules.webServer ?? options.modules.api ?? options.modules.authentication) {
                 const port = options.api?.port ?? 0;
                 configureWebServerModule({ port, injector });
                 const webServerModule = await injector.resolveAsync(WebServerModule);
@@ -118,7 +118,7 @@ export async function setupIntegrationTest(options = {}) {
                 // Wait for server to be listening
                 while (true) {
                     try {
-                        if (isDefined(httpServer.port)) {
+                        if (isNotNull(httpServer.port)) {
                             break;
                         }
                     }