npm - @webwaka/core - Versions diffs - 1.3.0 - Mend

@webwaka/core 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/CHANGELOG.md +70 -0
package/dist/ai.d.ts +25 -0
package/dist/ai.d.ts.map +1 -0
package/dist/ai.js +53 -0
package/dist/ai.js.map +1 -0
package/dist/core/ai/AIEngine.d.ts +69 -0
package/dist/core/ai/AIEngine.d.ts.map +1 -0
package/dist/core/ai/AIEngine.js +185 -0
package/dist/core/ai/AIEngine.js.map +1 -0
package/dist/core/auth/index.d.ts +183 -0
package/dist/core/auth/index.d.ts.map +1 -0
package/dist/core/auth/index.js +369 -0
package/dist/core/auth/index.js.map +1 -0
package/dist/core/billing/index.d.ts +52 -0
package/dist/core/billing/index.d.ts.map +1 -0
package/dist/core/billing/index.js +91 -0
package/dist/core/billing/index.js.map +1 -0
package/dist/core/booking/index.d.ts +38 -0
package/dist/core/booking/index.d.ts.map +1 -0
package/dist/core/booking/index.js +60 -0
package/dist/core/booking/index.js.map +1 -0
package/dist/core/chat/index.d.ts +48 -0
package/dist/core/chat/index.d.ts.map +1 -0
package/dist/core/chat/index.js +83 -0
package/dist/core/chat/index.js.map +1 -0
package/dist/core/document/index.d.ts +41 -0
package/dist/core/document/index.d.ts.map +1 -0
package/dist/core/document/index.js +68 -0
package/dist/core/document/index.js.map +1 -0
package/dist/core/events/index.d.ts +64 -0
package/dist/core/events/index.d.ts.map +1 -0
package/dist/core/events/index.js +60 -0
package/dist/core/events/index.js.map +1 -0
package/dist/core/geolocation/index.d.ts +32 -0
package/dist/core/geolocation/index.d.ts.map +1 -0
package/dist/core/geolocation/index.js +50 -0
package/dist/core/geolocation/index.js.map +1 -0
package/dist/core/kyc/index.d.ts +37 -0
package/dist/core/kyc/index.d.ts.map +1 -0
package/dist/core/kyc/index.js +60 -0
package/dist/core/kyc/index.js.map +1 -0
package/dist/core/logger/index.d.ts +60 -0
package/dist/core/logger/index.d.ts.map +1 -0
package/dist/core/logger/index.js +91 -0
package/dist/core/logger/index.js.map +1 -0
package/dist/core/notifications/index.d.ts +41 -0
package/dist/core/notifications/index.d.ts.map +1 -0
package/dist/core/notifications/index.js +111 -0
package/dist/core/notifications/index.js.map +1 -0
package/dist/core/rbac/index.d.ts +43 -0
package/dist/core/rbac/index.d.ts.map +1 -0
package/dist/core/rbac/index.js +66 -0
package/dist/core/rbac/index.js.map +1 -0
package/dist/events.d.ts +23 -0
package/dist/events.d.ts.map +1 -0
package/dist/events.js +22 -0
package/dist/events.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +56 -0
package/dist/index.js.map +1 -0
package/dist/kyc.d.ts +12 -0
package/dist/kyc.d.ts.map +1 -0
package/dist/kyc.js +2 -0
package/dist/kyc.js.map +1 -0
package/dist/nanoid.d.ts +8 -0
package/dist/nanoid.d.ts.map +1 -0
package/dist/nanoid.js +15 -0
package/dist/nanoid.js.map +1 -0
package/dist/ndpr.d.ts +13 -0
package/dist/ndpr.d.ts.map +1 -0
package/dist/ndpr.js +19 -0
package/dist/ndpr.js.map +1 -0
package/dist/optimistic-lock.d.ts +11 -0
package/dist/optimistic-lock.d.ts.map +1 -0
package/dist/optimistic-lock.js +24 -0
package/dist/optimistic-lock.js.map +1 -0
package/dist/payment.d.ts +41 -0
package/dist/payment.d.ts.map +1 -0
package/dist/payment.js +116 -0
package/dist/payment.js.map +1 -0
package/dist/pin.d.ts +6 -0
package/dist/pin.d.ts.map +1 -0
package/dist/pin.js +18 -0
package/dist/pin.js.map +1 -0
package/dist/query-helpers.d.ts +18 -0
package/dist/query-helpers.d.ts.map +1 -0
package/dist/query-helpers.js +22 -0
package/dist/query-helpers.js.map +1 -0
package/dist/rate-limit.d.ts +13 -0
package/dist/rate-limit.d.ts.map +1 -0
package/dist/rate-limit.js +16 -0
package/dist/rate-limit.js.map +1 -0
package/dist/sms.d.ts +23 -0
package/dist/sms.d.ts.map +1 -0
package/dist/sms.js +60 -0
package/dist/sms.js.map +1 -0
package/dist/tax.d.ts +25 -0
package/dist/tax.d.ts.map +1 -0
package/dist/tax.js +31 -0
package/dist/tax.js.map +1 -0
package/package.json +99 -0
package/src/ai.test.ts +146 -0
package/src/ai.ts +75 -0
package/src/core/ai/AIEngine.test.ts +386 -0
package/src/core/ai/AIEngine.ts +281 -0
package/src/core/auth/index.test.ts +268 -0
package/src/core/auth/index.ts +570 -0
package/src/core/billing/index.test.ts +154 -0
package/src/core/billing/index.ts +132 -0
package/src/core/booking/index.test.ts +153 -0
package/src/core/booking/index.ts +91 -0
package/src/core/chat/index.test.ts +159 -0
package/src/core/chat/index.ts +130 -0
package/src/core/document/index.test.ts +106 -0
package/src/core/document/index.ts +99 -0
package/src/core/events/index.test.ts +91 -0
package/src/core/events/index.ts +91 -0
package/src/core/geolocation/index.test.ts +70 -0
package/src/core/geolocation/index.ts +69 -0
package/src/core/kyc/index.test.ts +105 -0
package/src/core/kyc/index.ts +86 -0
package/src/core/logger/index.test.ts +110 -0
package/src/core/logger/index.ts +127 -0
package/src/core/notifications/index.test.ts +85 -0
package/src/core/notifications/index.ts +136 -0
package/src/core/rbac/index.test.ts +81 -0
package/src/core/rbac/index.ts +85 -0
package/src/events.test.ts +43 -0
package/src/events.ts +23 -0
package/src/index.test.ts +123 -0
package/src/index.ts +97 -0
package/src/kyc.ts +23 -0
package/src/nanoid.test.ts +43 -0
package/src/nanoid.ts +16 -0
package/src/ndpr.test.ts +68 -0
package/src/ndpr.ts +49 -0
package/src/optimistic-lock.test.ts +75 -0
package/src/optimistic-lock.ts +36 -0
package/src/payment.test.ts +152 -0
package/src/payment.ts +163 -0
package/src/pin.test.ts +57 -0
package/src/pin.ts +38 -0
package/src/query-helpers.test.ts +98 -0
package/src/query-helpers.ts +36 -0
package/src/rate-limit.test.ts +98 -0
package/src/rate-limit.ts +33 -0
package/src/sms.test.ts +112 -0
package/src/sms.ts +85 -0
package/src/tax.test.ts +85 -0
package/src/tax.ts +57 -0

package/src/core/auth/index.test.ts ADDED Viewed

@@ -0,0 +1,268 @@
+/**
+ * @webwaka/core — Auth Module Tests
+ * Blueprint Reference: Part 9.2 (Universal Architecture Standards)
+ *
+ * Tests cover:
+ *  - signJWT / verifyJWT round-trip
+ *  - Token expiry rejection
+ *  - Tampered token rejection
+ *  - jwtAuthMiddleware: public routes, missing header, invalid token, valid token
+ *  - requireRole: correct role, wrong role, missing user
+ *  - requirePermissions: SUPER_ADMIN bypass, missing permission, granted permission
+ *  - getTenantId / getAuthUser: present and missing
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import {
+  signJWT,
+  verifyJWT,
+  jwtAuthMiddleware,
+  requireRole,
+  requirePermissions,
+  getTenantId,
+  getAuthUser,
+  type JWTPayload,
+  type AuthUser,
+} from './index';
+// ─── Test Helpers ─────────────────────────────────────────────────────────────
+const TEST_SECRET = 'test-secret-key-for-unit-tests-only-32chars!!';
+const TEST_PAYLOAD: Omit<JWTPayload, 'iat' | 'exp'> = {
+  sub: 'user_001',
+  email: 'test@webwaka.com',
+  tenantId: 'tenant_abc',
+  role: 'TENANT_ADMIN',
+  permissions: ['read:products', 'write:products'],
+};
+function makeMockContext(overrides: {
+  authHeader?: string | null;
+  path?: string;
+  method?: string;
+  contextValues?: Record<string, unknown>;
+  env?: Record<string, unknown>;
+}) {
+  const contextValues: Record<string, unknown> = { ...(overrides.contextValues ?? {}) };
+  return {
+    req: {
+      method: overrides.method ?? 'GET',
+      path: overrides.path ?? '/api/test',
+      header: (name: string) => {
+        if (name === 'Authorization') return overrides.authHeader ?? undefined;
+        return undefined;
+      },
+    },
+    env: overrides.env ?? { JWT_SECRET: TEST_SECRET, ENVIRONMENT: 'test' },
+    json: (body: unknown, status?: number) => ({ body, status: status ?? 200 }),
+    header: vi.fn(),
+    get: (key: string) => contextValues[key],
+    set: (key: string, value: unknown) => { contextValues[key] = value; },
+  };
+}
+const mockNext = vi.fn(async () => {});
+// ─── signJWT / verifyJWT ──────────────────────────────────────────────────────
+describe('signJWT / verifyJWT', () => {
+  it('signs and verifies a token round-trip', async () => {
+    const token = await signJWT(TEST_PAYLOAD, TEST_SECRET);
+    expect(token.split('.')).toHaveLength(3);
+    const decoded = await verifyJWT(token, TEST_SECRET);
+    expect(decoded).not.toBeNull();
+    expect(decoded!.sub).toBe('user_001');
+    expect(decoded!.tenantId).toBe('tenant_abc');
+    expect(decoded!.role).toBe('TENANT_ADMIN');
+    expect(decoded!.email).toBe('test@webwaka.com');
+    expect(decoded!.permissions).toEqual(['read:products', 'write:products']);
+  });
+  it('rejects a token signed with a different secret', async () => {
+    const token = await signJWT(TEST_PAYLOAD, TEST_SECRET);
+    const decoded = await verifyJWT(token, 'wrong-secret');
+    expect(decoded).toBeNull();
+  });
+  it('rejects an expired token', async () => {
+    const token = await signJWT(TEST_PAYLOAD, TEST_SECRET, -1); // expired 1 second ago
+    const decoded = await verifyJWT(token, TEST_SECRET);
+    expect(decoded).toBeNull();
+  });
+  it('rejects a tampered payload', async () => {
+    const token = await signJWT(TEST_PAYLOAD, TEST_SECRET);
+    const parts = token.split('.');
+    // Tamper with the payload
+    const tamperedPayload = btoa(JSON.stringify({ ...TEST_PAYLOAD, role: 'SUPER_ADMIN', iat: 0, exp: 9999999999 }))
+      .replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+    const tamperedToken = `${parts[0]}.${tamperedPayload}.${parts[2]}`;
+    const decoded = await verifyJWT(tamperedToken, TEST_SECRET);
+    expect(decoded).toBeNull();
+  });
+  it('rejects a malformed token', async () => {
+    expect(await verifyJWT('not-a-jwt', TEST_SECRET)).toBeNull();
+    expect(await verifyJWT('a.b', TEST_SECRET)).toBeNull();
+    expect(await verifyJWT('', TEST_SECRET)).toBeNull();
+  });
+});
+// ─── jwtAuthMiddleware ────────────────────────────────────────────────────────
+describe('jwtAuthMiddleware', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  it('allows public routes without a token', async () => {
+    const middleware = jwtAuthMiddleware({ publicRoutes: [{ path: '/health' }] });
+    const ctx = makeMockContext({ path: '/health', authHeader: null });
+    await middleware(ctx as any, mockNext);
+    expect(mockNext).toHaveBeenCalled();
+  });
+  it('rejects requests with no Authorization header', async () => {
+    const middleware = jwtAuthMiddleware();
+    const ctx = makeMockContext({ authHeader: null });
+    const result = await middleware(ctx as any, mockNext) as any;
+    expect(result.status).toBe(401);
+    expect(mockNext).not.toHaveBeenCalled();
+  });
+  it('rejects requests with malformed Authorization header', async () => {
+    const middleware = jwtAuthMiddleware();
+    const ctx = makeMockContext({ authHeader: 'Token abc123' });
+    const result = await middleware(ctx as any, mockNext) as any;
+    expect(result.status).toBe(401);
+  });
+  it('rejects requests with an invalid JWT', async () => {
+    const middleware = jwtAuthMiddleware();
+    const ctx = makeMockContext({ authHeader: 'Bearer invalid.token.here' });
+    const result = await middleware(ctx as any, mockNext) as any;
+    expect(result.status).toBe(401);
+  });
+  it('accepts a valid JWT and injects user and tenantId into context', async () => {
+    const token = await signJWT(TEST_PAYLOAD, TEST_SECRET);
+    const middleware = jwtAuthMiddleware();
+    const contextValues: Record<string, unknown> = {};
+    const ctx = {
+      req: {
+        method: 'GET',
+        path: '/api/products',
+        header: (name: string) => name === 'Authorization' ? `Bearer ${token}` : undefined,
+      },
+      env: { JWT_SECRET: TEST_SECRET, ENVIRONMENT: 'test' },
+      json: vi.fn(),
+      header: vi.fn(),
+      get: (key: string) => contextValues[key],
+      set: (key: string, value: unknown) => { contextValues[key] = value; },
+    };
+    await middleware(ctx as any, mockNext);
+    expect(mockNext).toHaveBeenCalled();
+    expect(contextValues['user']).toMatchObject({
+      userId: 'user_001',
+      tenantId: 'tenant_abc',
+      role: 'TENANT_ADMIN',
+    });
+    expect(contextValues['tenantId']).toBe('tenant_abc');
+  });
+});
+// ─── requireRole ─────────────────────────────────────────────────────────────
+describe('requireRole', () => {
+  beforeEach(() => vi.clearAllMocks());
+  const makeCtxWithUser = (role: string) => {
+    const user: AuthUser = { userId: 'u1', email: 'a@b.com', role, tenantId: 't1', permissions: [] };
+    return {
+      get: (key: string) => key === 'user' ? user : undefined,
+      json: (body: unknown, status?: number) => ({ body, status: status ?? 200 }),
+    };
+  };
+  it('allows a user with the correct role', async () => {
+    const middleware = requireRole(['TENANT_ADMIN', 'SUPER_ADMIN']);
+    await middleware(makeCtxWithUser('TENANT_ADMIN') as any, mockNext);
+    expect(mockNext).toHaveBeenCalled();
+  });
+  it('blocks a user with an incorrect role', async () => {
+    const middleware = requireRole(['SUPER_ADMIN']);
+    const result = await middleware(makeCtxWithUser('CUSTOMER') as any, mockNext) as any;
+    expect(result.status).toBe(403);
+    expect(mockNext).not.toHaveBeenCalled();
+  });
+  it('returns 401 if no user in context', async () => {
+    const middleware = requireRole(['SUPER_ADMIN']);
+    const ctx = { get: () => undefined, json: (body: unknown, status?: number) => ({ body, status }) };
+    const result = await middleware(ctx as any, mockNext) as any;
+    expect(result.status).toBe(401);
+  });
+});
+// ─── requirePermissions ───────────────────────────────────────────────────────
+describe('requirePermissions', () => {
+  beforeEach(() => vi.clearAllMocks());
+  const makeCtxWithPerms = (role: string, permissions: string[]) => {
+    const user: AuthUser = { userId: 'u1', email: 'a@b.com', role, tenantId: 't1', permissions };
+    return {
+      get: (key: string) => key === 'user' ? user : undefined,
+      json: (body: unknown, status?: number) => ({ body, status: status ?? 200 }),
+    };
+  };
+  it('allows SUPER_ADMIN regardless of permissions', async () => {
+    const middleware = requirePermissions(['delete:tenants']);
+    await middleware(makeCtxWithPerms('SUPER_ADMIN', []) as any, mockNext);
+    expect(mockNext).toHaveBeenCalled();
+  });
+  it('allows a user with all required permissions', async () => {
+    const middleware = requirePermissions(['read:products', 'write:products']);
+    await middleware(makeCtxWithPerms('STAFF', ['read:products', 'write:products', 'read:orders']) as any, mockNext);
+    expect(mockNext).toHaveBeenCalled();
+  });
+  it('blocks a user missing a required permission', async () => {
+    const middleware = requirePermissions(['delete:products']);
+    const result = await middleware(makeCtxWithPerms('STAFF', ['read:products']) as any, mockNext) as any;
+    expect(result.status).toBe(403);
+  });
+});
+// ─── getTenantId / getAuthUser ────────────────────────────────────────────────
+describe('getTenantId', () => {
+  it('returns tenantId from context', () => {
+    const ctx = { get: (key: string) => key === 'tenantId' ? 'tenant_xyz' : undefined };
+    expect(getTenantId(ctx as any)).toBe('tenant_xyz');
+  });
+  it('throws if tenantId is not in context', () => {
+    const ctx = { get: () => undefined };
+    expect(() => getTenantId(ctx as any)).toThrow();
+  });
+});
+describe('getAuthUser', () => {
+  it('returns user from context', () => {
+    const user: AuthUser = { userId: 'u1', email: 'a@b.com', role: 'STAFF', tenantId: 't1', permissions: [] };
+    const ctx = { get: (key: string) => key === 'user' ? user : undefined };
+    expect(getAuthUser(ctx as any)).toEqual(user);
+  });
+  it('throws if user is not in context', () => {
+    const ctx = { get: () => undefined };
+    expect(() => getAuthUser(ctx as any)).toThrow();
+  });
+});