@vltpkg/vsr 0.0.0-26

package/test/utils/packages.test.ts

@@ -0,0 +1,235 @@
+import { describe, it, expect, vi } from 'vitest'
+import {
+  packageSpec,
+  validatePackageName,
+  validateVersion,
+  satisfiesRange,
+  sortVersionsDescending,
+  getLatestVersion,
+  generateTarballFilename,
+  parsePackageIdentifier,
+} from '../../src/utils/packages.ts'
+import type { HonoContext } from '../../types.ts'
+
+describe('Package Utils', () => {
+  describe('packageSpec', () => {
+    it('should extract scoped package specification', () => {
+      const mockContext = {
+        req: {
+          param: vi.fn().mockReturnValue({
+            scope: '@myorg',
+            pkg: 'mypackage',
+          }),
+        },
+      } as unknown as HonoContext
+
+      const spec = packageSpec(mockContext)
+      expect(spec).toEqual({
+        name: '@myorg/mypackage',
+        scope: '@myorg',
+        pkg: 'mypackage',
+      })
+    })
+
+    it('should extract scoped package specification without @ prefix', () => {
+      const mockContext = {
+        req: {
+          param: vi.fn().mockReturnValue({
+            scope: 'myorg',
+            pkg: 'mypackage',
+          }),
+        },
+      } as unknown as HonoContext
+
+      const spec = packageSpec(mockContext)
+      expect(spec).toEqual({
+        name: '@myorg/mypackage',
+        scope: 'myorg',
+        pkg: 'mypackage',
+      })
+    })
+
+    it('should extract unscoped package specification', () => {
+      const mockContext = {
+        req: {
+          param: vi.fn().mockReturnValue({
+            scope: 'lodash',
+          }),
+        },
+      } as unknown as HonoContext
+
+      const spec = packageSpec(mockContext)
+      expect(spec).toEqual({
+        name: 'lodash',
+        pkg: 'lodash',
+      })
+    })
+
+    it('should return empty object for missing parameters', () => {
+      const mockContext = {
+        req: {
+          param: vi.fn().mockReturnValue({}),
+        },
+      } as unknown as HonoContext
+
+      const spec = packageSpec(mockContext)
+      expect(spec).toEqual({})
+    })
+  })
+
+  describe('generateTarballFilename', () => {
+    it('should generate filename for scoped package', () => {
+      const filename = generateTarballFilename(
+        '@myorg/mypackage',
+        '1.0.0',
+      )
+      expect(filename).toBe('mypackage-1.0.0.tgz')
+    })
+
+    it('should generate filename for unscoped package', () => {
+      const filename = generateTarballFilename('lodash', '4.17.21')
+      expect(filename).toBe('lodash-4.17.21.tgz')
+    })
+
+    it('should handle complex version numbers', () => {
+      const filename = generateTarballFilename(
+        'test-package',
+        '1.0.0-beta.1+build.123',
+      )
+      expect(filename).toBe('test-package-1.0.0-beta.1+build.123.tgz')
+    })
+  })
+
+  describe('validatePackageName', () => {
+    it('should validate correct package names', () => {
+      const result1 = validatePackageName('lodash')
+      expect(result1.valid).toBe(true)
+      expect(result1.errors).toEqual([])
+
+      const result2 = validatePackageName('@myorg/mypackage')
+      expect(result2.valid).toBe(true)
+      expect(result2.errors).toEqual([])
+
+      const result3 = validatePackageName('my-package')
+      expect(result3.valid).toBe(true)
+      expect(result3.errors).toEqual([])
+    })
+
+    it('should reject invalid package names', () => {
+      const result = validatePackageName('')
+      expect(result.valid).toBe(false)
+      expect(result.errors.length).toBeGreaterThan(0)
+
+      const result2 = validatePackageName('.invalid')
+      expect(result2.valid).toBe(false)
+      expect(result2.errors.length).toBeGreaterThan(0)
+    })
+
+    it('should handle package names with warnings', () => {
+      const result = validatePackageName('UPPERCASE')
+      // This might be valid but with warnings, or invalid - let's be flexible
+      expect(typeof result.valid).toBe('boolean')
+      expect(Array.isArray(result.errors)).toBe(true)
+    })
+  })
+
+  describe('validateVersion', () => {
+    it('should validate correct semantic versions', () => {
+      expect(validateVersion('1.0.0')).toBe(true)
+      expect(validateVersion('0.1.2')).toBe(true)
+      expect(validateVersion('1.0.0-alpha.1')).toBe(true)
+      expect(validateVersion('1.0.0+build.123')).toBe(true)
+      expect(validateVersion('2.1.0-beta.1+exp.sha.5114f85')).toBe(
+        true,
+      )
+    })
+
+    it('should reject invalid semantic versions', () => {
+      expect(validateVersion('1.0')).toBe(false)
+      expect(validateVersion('1.0.0.0')).toBe(false)
+      expect(validateVersion('invalid')).toBe(false)
+      expect(validateVersion('')).toBe(false)
+    })
+
+    it('should handle edge cases in version validation', () => {
+      // Some semver libraries accept v prefix, so let's test what our function actually does
+      const vPrefixResult = validateVersion('v1.0.0')
+      expect(typeof vPrefixResult).toBe('boolean') // Just check it returns a boolean
+    })
+  })
+
+  describe('satisfiesRange', () => {
+    it('should check if version satisfies range', () => {
+      expect(satisfiesRange('1.0.0', '^1.0.0')).toBe(true)
+      expect(satisfiesRange('1.5.0', '^1.0.0')).toBe(true)
+      expect(satisfiesRange('2.0.0', '^1.0.0')).toBe(false)
+      expect(satisfiesRange('1.0.0', '~1.0.0')).toBe(true)
+      expect(satisfiesRange('1.0.5', '~1.0.0')).toBe(true)
+      expect(satisfiesRange('1.1.0', '~1.0.0')).toBe(false)
+    })
+
+    it('should handle invalid ranges gracefully', () => {
+      expect(satisfiesRange('1.0.0', 'invalid-range')).toBe(false)
+      expect(satisfiesRange('invalid-version', '^1.0.0')).toBe(false)
+    })
+  })
+
+  describe('sortVersionsDescending', () => {
+    it('should sort versions in descending order', () => {
+      const versions = ['1.0.0', '2.0.0', '1.5.0', '1.0.1']
+      const sorted = sortVersionsDescending(versions)
+      expect(sorted).toEqual(['2.0.0', '1.5.0', '1.0.1', '1.0.0'])
+    })
+
+    it('should handle empty array', () => {
+      const sorted = sortVersionsDescending([])
+      expect(sorted).toEqual([])
+    })
+
+    it('should handle single version', () => {
+      const sorted = sortVersionsDescending(['1.0.0'])
+      expect(sorted).toEqual(['1.0.0'])
+    })
+  })
+
+  describe('getLatestVersion', () => {
+    it('should return latest version from array', () => {
+      const versions = ['1.0.0', '2.0.0', '1.5.0', '1.0.1']
+      const latest = getLatestVersion(versions)
+      expect(latest).toBe('2.0.0')
+    })
+
+    it('should return null for empty array', () => {
+      const latest = getLatestVersion([])
+      expect(latest).toBeNull()
+    })
+
+    it('should handle single version', () => {
+      const latest = getLatestVersion(['1.0.0'])
+      expect(latest).toBe('1.0.0')
+    })
+  })
+
+  describe('parsePackageIdentifier', () => {
+    it('should parse unscoped package', () => {
+      const result = parsePackageIdentifier('lodash')
+      expect(result.name).toBe('lodash')
+      expect(result.fullName).toBe('lodash')
+      expect(result.scope).toBeUndefined()
+    })
+
+    it('should parse scoped package', () => {
+      const result = parsePackageIdentifier('@types/node')
+      expect(result.name).toBe('node')
+      expect(result.fullName).toBe('@types/node')
+      expect(result.scope).toBe('@types')
+    })
+
+    it('should handle complex scoped package names', () => {
+      const result = parsePackageIdentifier('@myorg/my-package-name')
+      expect(result.name).toBe('my-package-name')
+      expect(result.fullName).toBe('@myorg/my-package-name')
+      expect(result.scope).toBe('@myorg')
+    })
+  })
+})

package/test/utils/response.test.ts

@@ -0,0 +1,184 @@
+import { describe, it, expect, vi } from 'vitest'
+import {
+  jsonError,
+  jsonSuccess,
+  notFound,
+  unauthorized,
+  forbidden,
+  internalServerError,
+} from '../../src/utils/response.ts'
+import type { HonoContext, ApiError } from '../../types.ts'
+
+describe('Response Utils', () => {
+  // Mock Hono context
+  const createMockContext = () => {
+    const mockJson = vi.fn()
+    return {
+      json: mockJson,
+      _mockJson: mockJson, // Keep reference for assertions
+    } as unknown as HonoContext & { _mockJson: any }
+  }
+
+  describe('jsonError', () => {
+    it('should create error response from string message', () => {
+      const mockContext = createMockContext()
+
+      jsonError(mockContext, 'Test error message', 400)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Test error message' },
+        400,
+      )
+    })
+
+    it('should create error response from ApiError object', () => {
+      const mockContext = createMockContext()
+      const errorObj: ApiError = {
+        error: 'Validation failed',
+        details: 'Invalid package name',
+      }
+
+      jsonError(mockContext, errorObj, 422)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        errorObj,
+        422,
+      )
+    })
+
+    it('should use default status code 400 when not provided', () => {
+      const mockContext = createMockContext()
+
+      jsonError(mockContext, 'Default error')
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Default error' },
+        400,
+      )
+    })
+  })
+
+  describe('jsonSuccess', () => {
+    it('should create success response with data', () => {
+      const mockContext = createMockContext()
+      const data = { name: 'test-package', version: '1.0.0' }
+
+      jsonSuccess(mockContext, data, 200)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(data, 200)
+    })
+
+    it('should use default status code 200 when not provided', () => {
+      const mockContext = createMockContext()
+      const data = { success: true }
+
+      jsonSuccess(mockContext, data)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(data, 200)
+    })
+
+    it('should handle null data', () => {
+      const mockContext = createMockContext()
+
+      jsonSuccess(mockContext, null)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(null, 200)
+    })
+  })
+
+  describe('notFound', () => {
+    it('should create 404 response with default message', () => {
+      const mockContext = createMockContext()
+
+      notFound(mockContext)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Not Found' },
+        404,
+      )
+    })
+
+    it('should create 404 response with custom message', () => {
+      const mockContext = createMockContext()
+
+      notFound(mockContext, 'Package not found')
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Package not found' },
+        404,
+      )
+    })
+  })
+
+  describe('unauthorized', () => {
+    it('should create 401 response with default message', () => {
+      const mockContext = createMockContext()
+
+      unauthorized(mockContext)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Unauthorized' },
+        401,
+      )
+    })
+
+    it('should create 401 response with custom message', () => {
+      const mockContext = createMockContext()
+
+      unauthorized(mockContext, 'Invalid token')
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Invalid token' },
+        401,
+      )
+    })
+  })
+
+  describe('forbidden', () => {
+    it('should create 403 response with default message', () => {
+      const mockContext = createMockContext()
+
+      forbidden(mockContext)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Forbidden' },
+        403,
+      )
+    })
+
+    it('should create 403 response with custom message', () => {
+      const mockContext = createMockContext()
+
+      forbidden(mockContext, 'Insufficient permissions')
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Insufficient permissions' },
+        403,
+      )
+    })
+  })
+
+  describe('internalServerError', () => {
+    it('should create 500 response with default message', () => {
+      const mockContext = createMockContext()
+
+      internalServerError(mockContext)
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Internal Server Error' },
+        500,
+      )
+    })
+
+    it('should create 500 response with custom message', () => {
+      const mockContext = createMockContext()
+
+      internalServerError(mockContext, 'Database connection failed')
+
+      expect(mockContext._mockJson).toHaveBeenCalledWith(
+        { error: 'Database connection failed' },
+        500,
+      )
+    })
+  })
+})

package/test/whoami.test.ts

@@ -0,0 +1,119 @@
+import { describe, it, expect } from 'vitest'
+import { env } from 'cloudflare:test'
+import { app } from '../src/index.ts'
+
+// Default admin token from the database schema (unused in current tests)
+// const ADMIN_TOKEN = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
+// const ADMIN_USERNAME = 'admin'
+
+describe('Whoami Endpoint', () => {
+  describe('Authentication Behavior', () => {
+    it('should require authentication for root whoami endpoint', async () => {
+      const res = await app.request('/-/whoami', {}, env)
+      // Should return 200 with 'anonymous' when no auth provided
+      expect(res.status).toBe(200)
+      const data = await res.json()
+      expect(data).toHaveProperty('username')
+      expect(data.username).toBe('anonymous') // No auth = anonymous
+    })
+
+    it('should require authentication for upstream whoami endpoints', async () => {
+      const res = await app.request('/npm/-/whoami', {}, env)
+      expect(res.status).toBe(200)
+      const data = await res.json()
+      expect(data).toHaveProperty('username')
+      expect(data.username).toBe('anonymous') // No auth = anonymous
+    })
+
+    it('should handle malformed authorization header gracefully', async () => {
+      const res = await app.request(
+        '/-/whoami',
+        {
+          headers: {
+            Authorization: 'InvalidFormat',
+          },
+        },
+        env,
+      )
+      expect(res.status).toBe(200)
+      const data = await res.json()
+      expect(data.username).toBe('anonymous') // Invalid auth = anonymous
+    })
+
+    it('should handle invalid token gracefully', async () => {
+      const res = await app.request(
+        '/-/whoami',
+        {
+          headers: {
+            Authorization: 'Bearer invalid-token-12345',
+          },
+        },
+        env,
+      )
+      expect(res.status).toBe(200)
+      const data = await res.json()
+      expect(data.username).toBe('anonymous') // Invalid token = anonymous
+    })
+  })
+
+  describe('Endpoint Availability', () => {
+    it('should be available on root registry path', async () => {
+      const res = await app.request('/-/whoami', {}, env)
+      expect(res.status).toBe(200)
+      expect(res.headers.get('content-type')).toContain(
+        'application/json',
+      )
+    })
+
+    it('should be available on npm upstream path', async () => {
+      const res = await app.request('/npm/-/whoami', {}, env)
+      expect(res.status).toBe(200)
+      expect(res.headers.get('content-type')).toContain(
+        'application/json',
+      )
+    })
+
+    it('should be available on jsr upstream path', async () => {
+      const res = await app.request('/jsr/-/whoami', {}, env)
+      expect(res.status).toBe(200)
+      expect(res.headers.get('content-type')).toContain(
+        'application/json',
+      )
+    })
+
+    it('should be available on custom upstream path', async () => {
+      const res = await app.request('/custom/-/whoami', {}, env)
+      expect(res.status).toBe(200)
+      expect(res.headers.get('content-type')).toContain(
+        'application/json',
+      )
+    })
+  })
+
+  describe('Response Format', () => {
+    it('should return correct JSON structure', async () => {
+      const res = await app.request('/-/whoami', {}, env)
+      expect(res.status).toBe(200)
+      const data = await res.json()
+      expect(data).toHaveProperty('username')
+      expect(typeof data.username).toBe('string')
+    })
+
+    it('should return consistent format across all upstream paths', async () => {
+      const paths = [
+        '/-/whoami',
+        '/npm/-/whoami',
+        '/jsr/-/whoami',
+        '/custom/-/whoami',
+      ]
+
+      for (const path of paths) {
+        const res = await app.request(path, {}, env)
+        expect(res.status).toBe(200)
+        const data = await res.json()
+        expect(data).toHaveProperty('username')
+        expect(typeof data.username).toBe('string')
+      }
+    })
+  })
+})

package/tsconfig.json

@@ -0,0 +1,16 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "target": "es2022",
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "resolveJsonModule": true,
+    "declaration": false,
+    "declarationMap": false,
+    "sourceMap": true,
+    "noEmit": true
+  },
+  "include": ["src/**/*", "config.ts", "types.ts"]
+}

package/tsconfig.worker.json

@@ -0,0 +1,3 @@
+{
+  "extends": "./tsconfig.json"
+}

package/typedoc.mjs

@@ -0,0 +1,2 @@
+import config from '../../www/docs/typedoc.workspace.mjs'
+export default config(import.meta.dirname)