@tstdl/base 0.93.90 → 0.93.92

package/authentication/client/authentication.service.js

@@ -9,7 +9,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 import { Subject, filter, firstValueFrom, race, timer } from 'rxjs';
 import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
-import { isNode } from '../../environment.js';
 import { BadRequestError } from '../../errors/bad-request.error.js';
 import { ForbiddenError } from '../../errors/forbidden.error.js';
 import { InvalidTokenError } from '../../errors/invalid-token.error.js';
@@ -24,7 +23,7 @@ import { computed, signal, toObservable } from '../../signals/api.js';
 import { currentTimestampSeconds } from '../../utils/date-time.js';
 import { formatError } from '../../utils/format-error.js';
 import { timeout } from '../../utils/timing.js';
-import { assertDefinedPass, isDefined, isNullOrUndefined, isUndefined } from '../../utils/type-guards.js';
+import { assertDefinedPass, isDefined, isNotFunction, isNullOrUndefined, isUndefined } from '../../utils/type-guards.js';
 import { millisecondsPerSecond } from '../../utils/units.js';
 import { AUTHENTICATION_API_CLIENT, INITIAL_AUTHENTICATION_DATA } from './tokens.js';
 const tokenStorageKey = 'AuthenticationService:token';
@@ -47,7 +46,6 @@ const unrecoverableErrors = [
     NotSupportedError,
     UnauthorizedError,
 ];
-const localStorage = isNode ? undefined : globalThis.localStorage;
 /**
  * Handles authentication on client side.
  *
@@ -380,39 +378,51 @@ let AuthenticationClientService = class AuthenticationClientService {
             try {
                 const token = this.token();
                 if (isUndefined(token)) {
-                    // Wait for login, dispose, or forced refresh
-                    await firstValueFrom(race([this.definedToken$, this.disposeToken, this.forceRefreshToken]));
+                    // Wait for login or dispose.
+                    // We ignore forceRefreshToken here because we can't refresh without a token.
+                    await firstValueFrom(race([this.definedToken$, this.disposeToken]), { defaultValue: undefined });
                     continue;
                 }
                 const now = this.estimatedServerTimestampSeconds();
-                const needsRefresh = this.forceRefreshToken.isSet || (now >= (token.exp - refreshBufferSeconds));
+                const forceRefresh = this.forceRefreshToken.isSet;
+                const needsRefresh = forceRefresh || (now >= (token.exp - refreshBufferSeconds));
                 if (needsRefresh) {
-                    // Only take the lock when we actually intend to refresh.
-                    // Using tryUse(undefined, ...) ensures we try once and don't block if another instance is already refreshing.
+                    let lockAcquired = false;
                     await this.lock.tryUse(undefined, async () => {
-                        // Re-check conditions inside the lock to avoid redundant refreshes if another instance just did it.
+                        lockAcquired = true;
                         const currentToken = this.token();
                         const currentNow = this.estimatedServerTimestampSeconds();
                         const stillNeedsRefresh = isDefined(currentToken) && (this.forceRefreshToken.isSet || (currentNow >= (currentToken.exp - refreshBufferSeconds)));
                         if (stillNeedsRefresh) {
-                            this.forceRefreshToken.unset();
                             await this.refresh();
+                            this.forceRefreshToken.unset();
                         }
                     });
+                    if (!lockAcquired) {
+                        // Lock held by another instance, wait 5 seconds or until state/token changes.
+                        // We ignore forceRefreshToken here to avoid a busy loop if it is already set.
+                        await firstValueFrom(race([timer(5000), this.disposeToken, this.token$.pipe(filter((t) => t !== token))]), { defaultValue: undefined });
+                        continue;
+                    }
                 }
                 const delay = ((this.token()?.exp ?? 0) - this.estimatedServerTimestampSeconds() - refreshBufferSeconds) * millisecondsPerSecond;
-                // Ensure delay is at least 0 to avoid tight loop, or wait longer if not logged in.
-                // If not logged in after refresh attempt (e.g. session invalidated), we wait for login.
-                if (isUndefined(this.token()) || (delay < 0)) {
-                    await firstValueFrom(race([this.definedToken$, this.disposeToken, this.forceRefreshToken, timer(5000)]));
+                const wakeUpSignals = [
+                    this.disposeToken,
+                    this.token$.pipe(filter((t) => t != token)),
+                ];
+                if (!forceRefresh) {
+                    wakeUpSignals.push(this.forceRefreshToken);
+                }
+                if (delay > 0) {
+                    await firstValueFrom(race([timer(delay), ...wakeUpSignals]), { defaultValue: undefined });
                 }
                 else {
-                    await firstValueFrom(race([timer(delay), this.disposeToken, this.forceRefreshToken]));
+                    await firstValueFrom(race([timer(5000), ...wakeUpSignals]), { defaultValue: undefined });
                 }
             }
             catch (error) {
                 this.logger.error(error);
-                await firstValueFrom(race([timer(5000), this.disposeToken, this.forceRefreshToken]));
+                await firstValueFrom(race([timer(5000), this.disposeToken, this.token$.pipe(filter((t) => t !== this.token()))]), { defaultValue: undefined });
             }
         }
     }
@@ -454,7 +464,11 @@ let AuthenticationClientService = class AuthenticationClientService {
     }
     readFromStorage(key) {
         try {
-            const serialized = localStorage?.getItem(key);
+            const storage = globalThis.localStorage;
+            if (isUndefined(storage) || (isNotFunction(storage.getItem))) {
+                return undefined;
+            }
+            const serialized = storage.getItem(key);
             if (isNullOrUndefined(serialized)) {
                 return undefined;
             }
@@ -467,12 +481,16 @@ let AuthenticationClientService = class AuthenticationClientService {
     }
     writeToStorage(key, value) {
         try {
+            const storage = globalThis.localStorage;
+            if (isUndefined(storage) || (isNotFunction(storage.setItem)) || (isNotFunction(storage.removeItem))) {
+                return;
+            }
             if (isUndefined(value)) {
-                localStorage?.removeItem(key);
+                storage.removeItem(key);
             }
             else {
                 const serialized = JSON.stringify(value);
-                localStorage?.setItem(key, serialized);
+                storage.setItem(key, serialized);
             }
         }
         catch (error) {

package/authentication/models/subject.model.js

@@ -7,13 +7,13 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
+import { match } from 'ts-pattern';
 import { defineEnum } from '../../enumeration/enumeration.js';
 import { formatPersonName } from '../../formats/formats.js';
 import { TenantEntity } from '../../orm/entity.js';
 import { Inheritance, Table, Unique } from '../../orm/index.js';
 import { TimestampProperty } from '../../orm/schemas/timestamp.js';
 import { Enumeration } from '../../schema/index.js';
-import { match } from 'ts-pattern';
 export const SubjectType = defineEnum('SubjectType', {
     System: 'system',
     User: 'user',

package/authentication/tests/authentication.client-service-methods.test.d.ts

@@ -0,0 +1 @@
+export {};

package/authentication/tests/authentication.client-service-methods.test.js

@@ -0,0 +1,131 @@
+import { describe, expect, test, vi, beforeEach, afterEach } from 'vitest';
+import { Subject } from 'rxjs';
+import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
+import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
+import { Lock } from '../../lock/index.js';
+import { Logger } from '../../logger/index.js';
+import { MessageBus } from '../../message-bus/index.js';
+import { Injector } from '../../injector/index.js';
+import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
+import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
+describe('AuthenticationClientService Methods', () => {
+    let injector;
+    let service;
+    let mockApiClient;
+    let mockLock;
+    let mockMessageBus;
+    let mockLogger;
+    beforeEach(() => {
+        const storage = new Map();
+        globalThis.localStorage = {
+            getItem: vi.fn((key) => storage.get(key) ?? null),
+            setItem: vi.fn((key, value) => storage.set(key, value)),
+            removeItem: vi.fn((key) => storage.delete(key)),
+            clear: vi.fn(() => storage.clear()),
+        };
+        configureDefaultSignalsImplementation();
+        injector = new Injector('TestInjector');
+        mockApiClient = {
+            login: vi.fn(),
+            refresh: vi.fn(),
+            impersonate: vi.fn(),
+            unimpersonate: vi.fn(),
+            changeSecret: vi.fn(),
+            initSecretReset: vi.fn(),
+            resetSecret: vi.fn(),
+            checkSecret: vi.fn(),
+            timestamp: vi.fn().mockResolvedValue(Math.floor(Date.now() / 1000)),
+            endSession: vi.fn().mockResolvedValue(undefined),
+        };
+        mockLock = {
+            tryUse: vi.fn(async (_timeout, callback) => {
+                const result = await callback({ lost: false });
+                return { success: true, result };
+            }),
+            use: vi.fn(async (_timeout, callback) => {
+                return await callback({ lost: false });
+            }),
+        };
+        mockMessageBus = {
+            publishAndForget: vi.fn(),
+            messages$: new Subject(),
+            dispose: vi.fn(),
+        };
+        mockLogger = {
+            error: vi.fn(),
+            warn: vi.fn(),
+            info: vi.fn(),
+            debug: vi.fn(),
+        };
+        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
+        injector.register(Lock, { useValue: mockLock });
+        injector.register(MessageBus, { useValue: mockMessageBus });
+        injector.register(Logger, { useValue: mockLogger });
+        const disposeToken = new CancellationToken();
+        injector.register(CancellationSignal, { useValue: disposeToken.signal });
+        service = injector.resolve(AuthenticationClientService);
+    });
+    afterEach(async () => {
+        await service.dispose();
+    });
+    test('impersonate should acquire lock and call api', async () => {
+        const token = { exp: Date.now() + 3600, jti: 'impersonated-token', subject: 'sub', impersonator: 'admin' };
+        mockApiClient.impersonate.mockResolvedValue(token);
+        await service.impersonate('target-subject');
+        expect(mockLock.use).toHaveBeenCalled();
+        expect(mockApiClient.impersonate).toHaveBeenCalledWith({ subject: 'target-subject', data: undefined });
+        expect(service.token()).toEqual(token);
+        expect(service.impersonated()).toBe(true);
+    });
+    test('impersonate should fail if already impersonating', async () => {
+        const token = { exp: Date.now() + 3600, jti: 'impersonated-token', subject: 'sub', impersonator: 'admin' };
+        service.setNewToken(token); // Force state
+        await expect(service.impersonate('another-target')).rejects.toThrow('Already impersonating');
+    });
+    test('unimpersonate should acquire lock and call api', async () => {
+        const token = { exp: Date.now() + 3600, jti: 'original-token', subject: 'admin' };
+        mockApiClient.unimpersonate.mockResolvedValue(token);
+        await service.unimpersonate();
+        expect(mockLock.use).toHaveBeenCalled();
+        expect(mockApiClient.unimpersonate).toHaveBeenCalled();
+        expect(service.token()).toEqual(token);
+    });
+    test('changeSecret should call api', async () => {
+        await service.changeSecret({ tenantId: 't', subject: 's' }, 'old', 'new');
+        expect(mockApiClient.changeSecret).toHaveBeenCalledWith({ tenantId: 't', subject: 's', currentSecret: 'old', newSecret: 'new' });
+    });
+    test('initResetSecret should call api', async () => {
+        await service.initResetSecret({ tenantId: 't', subject: 's' }, { some: 'data' });
+        expect(mockApiClient.initSecretReset).toHaveBeenCalledWith({ tenantId: 't', subject: 's', data: { some: 'data' } });
+    });
+    test('resetSecret should call api', async () => {
+        await service.resetSecret('token', 'new-secret');
+        expect(mockApiClient.resetSecret).toHaveBeenCalledWith({ token: 'token', newSecret: 'new-secret' });
+    });
+    test('updateRawTokens should update signals and storage', async () => {
+        service.updateRawTokens('raw', 'refresh', 'impersonator');
+        expect(service.rawToken()).toBe('raw');
+        expect(service.rawRefreshToken()).toBe('refresh');
+        expect(service.rawImpersonatorRefreshToken()).toBe('impersonator');
+        expect(globalThis.localStorage.setItem).toHaveBeenCalledWith('AuthenticationService:raw-token', JSON.stringify('raw'));
+    });
+    test('impersonate should rollback data on failure', async () => {
+        service.setAdditionalData({ role: 'admin' });
+        const originalData = service.authenticationData;
+        mockApiClient.impersonate.mockRejectedValue(new Error('Impersonation failed'));
+        await expect(service.impersonate('target')).rejects.toThrow('Impersonation failed');
+        // Should have restored original data
+        expect(service.authenticationData).toEqual(originalData);
+        expect(service.impersonatorAuthenticationData).toBeUndefined();
+    });
+    test('unimpersonate should handle failure', async () => {
+        mockApiClient.unimpersonate.mockRejectedValue(new Error('Unimpersonation failed'));
+        await expect(service.unimpersonate()).rejects.toThrow('Unimpersonation failed');
+    });
+    test('syncClock should handle errors gracefully', async () => {
+        mockApiClient.timestamp.mockRejectedValue(new Error('Time sync failed'));
+        await service.syncClock();
+        expect(mockLogger.warn).toHaveBeenCalledWith(expect.stringContaining('Failed to synchronize clock'));
+        expect(service.clockOffset).toBe(0);
+    });
+});

package/authentication/tests/authentication.client-service-refresh.test.d.ts

@@ -0,0 +1 @@
+export {};

package/authentication/tests/authentication.client-service-refresh.test.js

@@ -0,0 +1,124 @@
+import { Subject } from 'rxjs';
+import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
+import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
+import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
+import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
+import { Injector } from '../../injector/index.js';
+import { Lock } from '../../lock/index.js';
+import { Logger } from '../../logger/index.js';
+import { MessageBus } from '../../message-bus/index.js';
+import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
+import { timeout } from '../../utils/timing.js';
+describe('AuthenticationClientService Refresh Loop Reproduction', () => {
+    let injector;
+    let service;
+    let mockApiClient;
+    let mockLock;
+    let mockMessageBus;
+    let mockLogger;
+    beforeEach(() => {
+        const storage = new Map();
+        globalThis.localStorage = {
+            getItem: vi.fn((key) => storage.get(key) ?? null),
+            setItem: vi.fn((key, value) => storage.set(key, value)),
+            removeItem: vi.fn((key) => storage.delete(key)),
+            clear: vi.fn(() => storage.clear()),
+        };
+        configureDefaultSignalsImplementation();
+        injector = new Injector('Test');
+        mockApiClient = {
+            login: vi.fn(),
+            refresh: vi.fn(),
+            timestamp: vi.fn().mockResolvedValue(Math.floor(Date.now() / 1000)),
+            endSession: vi.fn().mockResolvedValue(undefined),
+        };
+        mockLock = {
+            tryUse: vi.fn(async (_timeout, callback) => {
+                const result = await callback({ lost: false });
+                return { success: true, result };
+            }),
+            use: vi.fn(async (_timeout, callback) => {
+                return await callback({ lost: false });
+            }),
+        };
+        mockMessageBus = {
+            publishAndForget: vi.fn(),
+            messages$: new Subject(),
+            dispose: vi.fn(),
+        };
+        mockLogger = {
+            error: vi.fn(),
+            warn: vi.fn(),
+            info: vi.fn(),
+            debug: vi.fn(),
+        };
+        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
+        injector.register(Lock, { useValue: mockLock });
+        injector.register(MessageBus, { useValue: mockMessageBus });
+        injector.register(Logger, { useValue: mockLogger });
+        const disposeToken = new CancellationToken();
+        injector.register(CancellationSignal, { useValue: disposeToken.signal });
+    });
+    afterEach(async () => {
+        await service.dispose();
+    });
+    test('Zombie Timer: loop should wake up immediately when token changes', async () => {
+        // 1. Mock a long expiration
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 3600, jti: 'initial' };
+        // Set in storage so initialize() (called by resolve) loads it
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        service = injector.resolve(AuthenticationClientService);
+        // Wait for loop to enter the race condition (wait phase)
+        await timeout(100);
+        // 2. Change token
+        const newToken = { exp: now + 3600, jti: 'new' };
+        mockApiClient.refresh.mockResolvedValue(newToken);
+        service.requestRefresh(); // This should trigger immediate wake up
+        // Wait for loop to process
+        await timeout(100);
+        expect(mockApiClient.refresh).toHaveBeenCalled();
+    });
+    test('Forced Refresh Loss: forceRefreshToken should not be cleared on failure', async () => {
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 3600, jti: 'initial' };
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        service = injector.resolve(AuthenticationClientService);
+        await timeout(100);
+        // 1. Mock refresh failure
+        mockApiClient.refresh.mockRejectedValue(new Error('Network Error'));
+        service.requestRefresh();
+        // Wait for loop to attempt refresh and fail
+        await timeout(200);
+        expect(mockApiClient.refresh).toHaveBeenCalled();
+        expect(service.forceRefreshToken.isSet).toBe(true); // Should STILL be set
+    });
+    test('Lock Contention Backoff: should wait 5 seconds and not busy-loop', async () => {
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 5, jti: 'initial' }; // Expiring soon
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        // 1. Mock lock already held
+        mockLock.tryUse.mockResolvedValue(undefined); // lockAcquired = false
+        const startTime = Date.now();
+        service = injector.resolve(AuthenticationClientService);
+        // We expect it to try once, fail to get lock, and then wait 5 seconds.
+        await timeout(300);
+        expect(mockLock.tryUse).toHaveBeenCalledTimes(1);
+        // Check if it's still waiting (not finished loop)
+        const duration = Date.now() - startTime;
+        expect(duration).toBeLessThan(1000);
+    });
+    test('Busy Loop: should not busy loop when forceRefreshToken is set and lock is held', async () => {
+        const now = Math.floor(Date.now() / 1000);
+        const initialToken = { exp: now + 3600, jti: 'initial' };
+        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
+        // Mock lock already held
+        mockLock.tryUse.mockResolvedValue(undefined);
+        service = injector.resolve(AuthenticationClientService);
+        await timeout(100);
+        service.requestRefresh(); // Set the flag
+        await timeout(300);
+        // If it busy loops, this will be much higher than 1.
+        expect(mockLock.tryUse.mock.calls.length).toBeLessThan(5);
+    });
+});

package/http/server/http-server.d.ts

@@ -7,8 +7,14 @@ export type HttpServerRequestContext<Context = unknown> = {
 };
 export declare abstract class HttpServer<Context = unknown> implements AsyncIterable<HttpServerRequestContext<Context>>, AsyncDisposable {
     abstract readonly connectedSocketsCount: number;
-    abstract readonly port: number;
-    abstract readonly address: string;
+    /**
+     * The port the server is listening on, or `null` if not listening.
+     */
+    abstract readonly port: number | null;
+    /**
+     * The address the server is listening on, or `null` if not listening.
+     */
+    abstract readonly address: string | null;
     abstract listen(port: number): Promise<void>;
     abstract close(timeout: number): Promise<void>;
     abstract [Symbol.asyncIterator](): AsyncIterator<HttpServerRequestContext<Context>>;

package/http/server/node/node-http-server.d.ts

@@ -9,8 +9,8 @@ export declare class NodeHttpServer extends HttpServer<NodeHttpServerContext> im
     #private;
     private untrackConnectedSockets?;
     get connectedSocketsCount(): number;
-    get port(): number;
-    get address(): string;
+    get port(): number | null;
+    get address(): string | null;
     [afterResolve](): void;
     [Symbol.asyncDispose](): Promise<void>;
     listen(port: number): Promise<void>;

package/http/server/node/node-http-server.js

@@ -35,10 +35,10 @@ let NodeHttpServer = NodeHttpServer_1 = class NodeHttpServer extends HttpServer
         return this.#sockets.size;
     }
     get port() {
-        return this.#httpServer.address().port;
+        return this.#httpServer.address()?.port ?? null;
     }
     get address() {
-        return this.#httpServer.address().address;
+        return this.#httpServer.address()?.address ?? null;
     }
     [afterResolve]() {
         this.#httpServer.on('request', (request, response) => this.#requestIterable.feed({ request, response }));

package/module/modules/web-server.module.d.ts

@@ -3,7 +3,7 @@ import { Injector } from '../../injector/injector.js';
 import type { resolveArgumentType } from '../../injector/interfaces.js';
 import { Module } from '../module.js';
 export declare class WebServerModuleConfiguration {
-    port: number;
+    port?: number;
 }
 export declare class WebServerModule extends Module {
     private readonly config;

package/module/modules/web-server.module.js

@@ -37,7 +37,7 @@ let WebServerModule = class WebServerModule extends Module {
     }
     async _run(cancellationSignal) {
         this.initialize();
-        await this.httpServer.listen(this.config.port);
+        await this.httpServer.listen(this.config.port ?? 8000);
         const closePromise = cancellationSignal.$set.then(async () => {
             await this.httpServer[Symbol.asyncDispose]();
         });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tstdl/base",
-  "version": "0.93.90",
+  "version": "0.93.92",
   "author": "Patrick Hein",
   "publishConfig": {
     "access": "public"

package/unit-test/integration-setup.js

@@ -21,7 +21,7 @@ import { configureDefaultSignalsImplementation } from '../signals/implementation
 import { configurePostgresTaskQueue, migratePostgresTaskQueueSchema } from '../task-queue/postgres/index.js';
 import * as configParser from '../utils/config-parser.js';
 import { objectEntries } from '../utils/object/object.js';
-import { isDefined } from '../utils/type-guards.js';
+import { isDefined, isNotNull } from '../utils/type-guards.js';
 /**
  * Standard setup for integration tests.
  */
@@ -109,7 +109,7 @@ export async function setupIntegrationTest(options = {}) {
                 authenticationApiClient: AuthenticationApiClient,
                 registerMiddleware: true,
             }, injector);
-            if (options.modules?.webServer ?? options.modules?.api ?? options.modules?.authentication) {
+            if (options.modules.webServer ?? options.modules.api ?? options.modules.authentication) {
                 const port = options.api?.port ?? 0;
                 configureWebServerModule({ port, injector });
                 const webServerModule = await injector.resolveAsync(WebServerModule);
@@ -118,7 +118,7 @@ export async function setupIntegrationTest(options = {}) {
                 // Wait for server to be listening
                 while (true) {
                     try {
-                        if (isDefined(httpServer.port)) {
+                        if (isNotNull(httpServer.port)) {
                             break;
                         }
                     }