@usageflow/core 0.2.5 → 0.2.6

package/test/base.test.ts

@@ -0,0 +1,290 @@
+import { test, describe, beforeEach, afterEach } from 'node:test';
+import assert from 'node:assert';
+import { UsageFlowAPI } from '../src/base';
+import { Route, UsageFlowRequest, RequestMetadata, RequestForAllocation } from '../src/types';
+
+// Mock socket manager
+class MockSocketManager {
+    connected = false;
+    async connect() {
+        this.connected = true;
+    }
+    isConnected() {
+        return this.connected;
+    }
+    async sendAsync<T>(payload: any): Promise<any> {
+        if (payload.type === 'get_application_policies') {
+            return {
+                type: 'success',
+                payload: { policies: [], total: 0 }
+            };
+        }
+        return { type: 'success', payload: {} };
+    }
+    send(payload: any) { }
+    close() { }
+    destroy() { }
+}
+
+// Create a concrete implementation for testing
+class TestUsageFlowAPI extends UsageFlowAPI {
+    constructor(config: any = { apiKey: 'test-key', poolSize: 1 }) {
+        super(config);
+        // Replace socket manager with mock
+        this.socketManager = new MockSocketManager() as any;
+    }
+}
+
+describe('UsageFlowAPI', () => {
+    let api: TestUsageFlowAPI;
+
+    beforeEach(() => {
+        api = new TestUsageFlowAPI();
+    });
+
+    afterEach(() => {
+        api.destroy();
+    });
+
+    test('should initialize with API key', () => {
+        assert.strictEqual(api.getApiKey(), 'test-key');
+    });
+
+    test('should get usageflow URL', () => {
+        assert.strictEqual(api.getUsageflowUrl(), 'https://api.usageflow.io');
+    });
+
+    test('should set web server type', () => {
+        api.setWebServer('fastify');
+        // Verify by checking route pattern behavior
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/test',
+            routeOptions: { url: '/test' },
+            headers: {}
+        };
+        const pattern = api.getRoutePattern(request);
+        assert.strictEqual(pattern, '/test');
+    });
+
+    test('should create routes map', () => {
+        const routes: Route[] = [
+            { method: 'GET', url: '/users' },
+            { method: 'POST', url: '/users' },
+            { method: 'GET', url: '/posts' }
+        ];
+        const routesMap = api.createRoutesMap(routes);
+
+        assert.strictEqual(routesMap['GET']['/users'], true);
+        assert.strictEqual(routesMap['POST']['/users'], true);
+        assert.strictEqual(routesMap['GET']['/posts'], true);
+    });
+
+    test('should check if route should be monitored', () => {
+        const routes: Route[] = [
+            { method: 'GET', url: '/users' },
+            { method: '*', url: '*' }
+        ];
+        const routesMap = api.createRoutesMap(routes);
+
+        assert.strictEqual(api.shouldMonitorRoute('GET', '/users', routesMap), true);
+        assert.strictEqual(api.shouldMonitorRoute('POST', '/posts', routesMap), true); // wildcard
+        assert.strictEqual(api.shouldMonitorRoute('GET', '/unknown', routesMap), true); // wildcard
+    });
+
+    test('should check if route should be skipped', () => {
+        const whitelistRoutes: Route[] = [
+            { method: 'GET', url: '/health' },
+            { method: '*', url: '/metrics' }
+        ];
+        const whitelistMap = api.createRoutesMap(whitelistRoutes);
+
+        assert.strictEqual(api.shouldSkipRoute('GET', '/health', whitelistMap), true);
+        assert.strictEqual(api.shouldSkipRoute('POST', '/metrics', whitelistMap), true);
+        assert.strictEqual(api.shouldSkipRoute('GET', '/users', whitelistMap), false);
+    });
+
+    test('should sanitize headers', () => {
+        const headers = {
+            'authorization': 'Bearer token123',
+            'x-api-key': 'secret-key',
+            'content-type': 'application/json',
+            'user-agent': 'test-agent'
+        };
+
+        const sanitized = api.sanitizeHeaders(headers);
+
+        assert.strictEqual(sanitized['authorization'], 'Bearer ****');
+        assert.strictEqual(sanitized['x-api-key'], '****');
+        assert.strictEqual(sanitized['content-type'], 'application/json');
+        assert.strictEqual(sanitized['user-agent'], 'test-agent');
+    });
+
+    test('should extract bearer token', () => {
+        assert.strictEqual(api.extractBearerToken('Bearer token123'), 'token123');
+        assert.strictEqual(api.extractBearerToken('bearer token123'), 'token123');
+        assert.strictEqual(api.extractBearerToken('Invalid token'), null);
+        assert.strictEqual(api.extractBearerToken(undefined), null);
+    });
+
+    test('should decode JWT unverified', () => {
+        // Create a simple JWT (header.payload.signature)
+        const header = Buffer.from(JSON.stringify({ alg: 'HS256', typ: 'JWT' })).toString('base64');
+        const payload = Buffer.from(JSON.stringify({ userId: '123', name: 'Test' })).toString('base64');
+        const token = `${header}.${payload}.signature`;
+
+        const decoded = api.decodeJwtUnverified(token);
+
+        assert.strictEqual(decoded?.userId, '123');
+        assert.strictEqual(decoded?.name, 'Test');
+    });
+
+    test('should return null for invalid JWT', () => {
+        assert.strictEqual(api.decodeJwtUnverified('invalid'), null);
+        assert.strictEqual(api.decodeJwtUnverified('header.payload'), null);
+    });
+
+    test('should get route pattern for Fastify', () => {
+        api.setWebServer('fastify');
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/test',
+            routeOptions: { url: '/test/:id' },
+            headers: {}
+        };
+        const pattern = api.getRoutePattern(request);
+        assert.strictEqual(pattern, '/test/:id');
+    });
+
+    test('should get route pattern for Express', () => {
+        api.setWebServer('express');
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/test',
+            path: '/test',
+            route: { path: '/test/:id' },
+            headers: {},
+            app: {} as any
+        };
+        const pattern = api.getRoutePattern(request);
+        assert.strictEqual(pattern, '/test/:id');
+    });
+
+    test('should guess ledger ID from path params', () => {
+        (api as any).apiConfigs = [{
+            url: '/users/:id',
+            method: 'GET',
+            identityFieldName: 'id',
+            identityFieldLocation: 'path_params'
+        }];
+
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/users',
+            path: '/users/123',
+            params: { id: '123' },
+            headers: {}
+        };
+
+        const ledgerId = api.guessLedgerId(request);
+        assert.strictEqual(ledgerId, 'GET /users/123 123');
+    });
+
+    test('should guess ledger ID from query params', () => {
+        (api as any).apiConfigs = [{
+            url: '/users',
+            method: 'GET',
+            identityFieldName: 'userId',
+            identityFieldLocation: 'query_params'
+        }];
+
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/users',
+            query: { userId: '456' },
+            headers: {}
+        };
+
+        const ledgerId = api.guessLedgerId(request);
+        assert.strictEqual(ledgerId, 'GET /users 456');
+    });
+
+    test('should guess ledger ID from body', () => {
+        (api as any).apiConfigs = [{
+            url: '/users',
+            method: 'POST',
+            identityFieldName: 'userId',
+            identityFieldLocation: 'body'
+        }];
+
+        const request: UsageFlowRequest = {
+            method: 'POST',
+            url: '/users',
+            body: { userId: '789' },
+            headers: {}
+        };
+
+        const ledgerId = api.guessLedgerId(request);
+        assert.strictEqual(ledgerId, 'POST /users 789');
+    });
+
+    test('should guess ledger ID from bearer token', () => {
+        (api as any).apiConfigs = [{
+            url: '/users',
+            method: 'GET',
+            identityFieldName: 'userId',
+            identityFieldLocation: 'bearer_token'
+        }];
+
+        const header = Buffer.from(JSON.stringify({ alg: 'HS256' })).toString('base64');
+        const payload = Buffer.from(JSON.stringify({ userId: 'token-user' })).toString('base64');
+        const token = `${header}.${payload}.signature`;
+
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/users',
+            headers: { authorization: `Bearer ${token}` }
+        };
+
+        const ledgerId = api.guessLedgerId(request);
+        assert.strictEqual(ledgerId, 'GET /users token-user');
+    });
+
+    test('should guess ledger ID from headers', () => {
+        (api as any).apiConfigs = [{
+            url: '/users',
+            method: 'GET',
+            identityFieldName: 'x-user-id',
+            identityFieldLocation: 'headers'
+        }];
+
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/users',
+            headers: { 'x-user-id': 'header-user' }
+        };
+
+        const ledgerId = api.guessLedgerId(request);
+        assert.strictEqual(ledgerId, 'GET /users header-user');
+    });
+
+    test('should return default ledger ID when no config matches', () => {
+        (api as any).apiConfigs = [];
+
+        const request: UsageFlowRequest = {
+            method: 'GET',
+            url: '/users',
+            headers: {}
+        };
+
+        const ledgerId = api.guessLedgerId(request);
+        assert.strictEqual(ledgerId, 'GET /users');
+    });
+
+    test('should destroy and clean up resources', () => {
+        api.destroy();
+        // Should not throw
+        assert.doesNotThrow(() => api.destroy());
+    });
+});
+

package/test/socket.test.ts

@@ -0,0 +1,72 @@
+import { test, describe, beforeEach, afterEach } from 'node:test';
+import assert from 'node:assert';
+import { UsageFlowSocketManger } from '../src/socket';
+import { UsageFlowSocketMessage } from '../src/types';
+
+describe('UsageFlowSocketManger', () => {
+    let socketManager: UsageFlowSocketManger = null as any;
+
+    beforeEach(() => {
+        socketManager = new UsageFlowSocketManger('test-api-key', 1);
+    });
+
+    afterEach(() => {
+        socketManager.destroy();
+    });
+
+    test('should initialize with API key', () => {
+        assert.ok(socketManager);
+    });
+
+    test('should check connection status', () => {
+        // Initially not connected
+        assert.strictEqual(socketManager.isConnected(), false);
+    });
+
+    test('should handle connection failure gracefully', async () => {
+        // This will fail because we don't have a real WebSocket server
+        // But it should not throw
+        try {
+            await socketManager.connect();
+        } catch (error) {
+            // Expected to fail without real server
+        }
+        // Should handle gracefully
+        assert.ok(true);
+    });
+
+    test('should close connections', () => {
+        // Should not throw
+        assert.doesNotThrow(() => socketManager.close());
+    });
+
+    test('should destroy and clean up', () => {
+        // Should not throw
+        assert.doesNotThrow(() => socketManager.destroy());
+    });
+
+    test('should handle send when not connected', () => {
+        const message: UsageFlowSocketMessage = {
+            type: 'get_application_policies',
+            payload: null
+        };
+
+        // Should throw when not connected
+        assert.throws(() => {
+            socketManager.send(message);
+        }, /WebSocket not connected/);
+    });
+
+    test('should handle sendAsync when not connected', async () => {
+        const message: UsageFlowSocketMessage = {
+            type: 'get_application_policies',
+            payload: null
+        };
+
+        // Should throw when not connected
+        await assert.rejects(async () => {
+            await socketManager.sendAsync(message);
+        }, /WebSocket not connected/);
+    });
+});
+

package/test/src/base.d.ts

@@ -0,0 +1,62 @@
+import { Route, UsageFlowConfig, RoutesMap, Headers, RequestForAllocation, RequestMetadata, UsageFlowRequest, UsageFlowAPIConfig } from "./types";
+import { UsageFlowSocketManger } from "./socket";
+export declare abstract class UsageFlowAPI {
+    protected apiKey: string | null;
+    protected usageflowUrl: string;
+    protected webServer: 'express' | 'fastify' | 'nestjs';
+    protected apiConfigs: UsageFlowConfig[];
+    private configUpdateInterval;
+    socketManager: UsageFlowSocketManger | null;
+    private applicationId;
+    constructor(config?: UsageFlowAPIConfig);
+    /**
+     * Initialize the UsageFlow API with credentials
+     * @param apiKey - Your UsageFlow API key
+     * @param usageflowUrl - The UsageFlow API URL (default: https://api.usageflow.io)
+     * @param poolSize - Number of WebSocket connections in the pool (default: 5)
+     */
+    private init;
+    setWebServer(webServer: 'express' | 'fastify' | 'nestjs'): void;
+    getApiKey(): string | null;
+    getUsageflowUrl(): string;
+    /**
+     * Start background config update process
+     */
+    private startConfigUpdater;
+    getRoutePattern(request: UsageFlowRequest): string;
+    guessLedgerId(request: UsageFlowRequest, overrideUrl?: string): string;
+    private fetchApiPolicies;
+    useAllocationRequest(payload: RequestForAllocation): Promise<void>;
+    allocationRequest(request: UsageFlowRequest, payload: RequestForAllocation, metadata: RequestMetadata): Promise<void>;
+    /**
+     * Convert routes list to a map for faster lookup
+     */
+    createRoutesMap(routes: Route[]): RoutesMap;
+    /**
+     * Check if the route should be skipped based on whitelist
+     */
+    shouldSkipRoute(method: string, url: string, whitelistMap: RoutesMap): boolean;
+    /**
+     * Check if the route should be monitored
+     */
+    shouldMonitorRoute(method: string, url: string, routesMap: RoutesMap): boolean;
+    /**
+     * Sanitize sensitive information from headers
+     */
+    sanitizeHeaders(headers: Headers): Headers;
+    /**
+     * Clean up resources when shutting down
+     */
+    destroy(): void;
+    extractBearerToken(authHeader?: string): string | null;
+    /**
+     * Get header value from headers object (handles both Record and Headers types)
+     */
+    private getHeaderValue;
+    /**
+     * Decodes a JWT token without verifying the signature
+     * @param token The JWT token to decode
+     * @returns The decoded claims or null if invalid
+     */
+    decodeJwtUnverified(token: string): Record<string, any> | null;
+}