@wopr-network/platform-core 1.0.4 → 1.0.6

package/dist/auth/auth-route-handler.test.js

@@ -0,0 +1,191 @@
+import { Hono } from "hono";
+import { describe, expect, it, vi } from "vitest";
+/**
+ * Build a mock Auth whose `.handler` returns the given Response for any request.
+ * Also exposes `.api.getSession` for middleware compatibility.
+ */
+function mockAuthWithHandler(handlerResponse) {
+    const handler = vi.fn().mockResolvedValue(handlerResponse);
+    return {
+        handler,
+        api: {
+            getSession: vi.fn().mockResolvedValue(null),
+        },
+    };
+}
+/**
+ * Mount auth.handler on a Hono app at /api/auth/* -- mirrors the pattern
+ * used by consuming apps (wopr-platform, wopr-platform-ui).
+ */
+function createAuthApp(auth) {
+    const app = new Hono();
+    app.on(["GET", "POST"], "/api/auth/*", (c) => {
+        return auth.handler(c.req.raw);
+    });
+    return app;
+}
+// ---------------------------------------------------------------------------
+// GET /api/auth/get-session
+// ---------------------------------------------------------------------------
+describe("GET /api/auth/get-session", () => {
+    it("delegates to auth.handler and returns its response", async () => {
+        const sessionPayload = { user: { id: "u-1", email: "a@b.com" }, session: { id: "s-1" } };
+        const auth = mockAuthWithHandler(new Response(JSON.stringify(sessionPayload), {
+            status: 200,
+            headers: { "Content-Type": "application/json" },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/get-session");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body).toEqual(sessionPayload);
+        expect(auth.handler).toHaveBeenCalledOnce();
+    });
+    it("returns 401 when handler returns 401 (no session cookie)", async () => {
+        const auth = mockAuthWithHandler(new Response(JSON.stringify({ error: "Unauthorized" }), {
+            status: 401,
+            headers: { "Content-Type": "application/json" },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/get-session");
+        expect(res.status).toBe(401);
+        expect(auth.handler).toHaveBeenCalledOnce();
+    });
+});
+// ---------------------------------------------------------------------------
+// POST /api/auth/sign-up/email
+// ---------------------------------------------------------------------------
+describe("POST /api/auth/sign-up/email", () => {
+    it("delegates sign-up request to auth.handler", async () => {
+        const created = { user: { id: "u-new", email: "new@test.com" } };
+        const auth = mockAuthWithHandler(new Response(JSON.stringify(created), {
+            status: 200,
+            headers: { "Content-Type": "application/json" },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/sign-up/email", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                name: "Test User",
+                email: "new@test.com",
+                password: "strongpassword123",
+            }),
+        });
+        expect(res.status).toBe(200);
+        expect(auth.handler).toHaveBeenCalledOnce();
+        // Verify the raw Request was forwarded
+        const forwardedReq = auth.handler.mock.calls[0][0];
+        expect(forwardedReq).toBeInstanceOf(Request);
+        expect(new URL(forwardedReq.url).pathname).toBe("/api/auth/sign-up/email");
+        expect(forwardedReq.method).toBe("POST");
+    });
+    it("returns error when handler rejects invalid fields", async () => {
+        const auth = mockAuthWithHandler(new Response(JSON.stringify({ error: "Email is required" }), {
+            status: 400,
+            headers: { "Content-Type": "application/json" },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/sign-up/email", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        expect(res.status).toBe(400);
+        expect(auth.handler).toHaveBeenCalledOnce();
+    });
+});
+// ---------------------------------------------------------------------------
+// POST /api/auth/sign-in/email
+// ---------------------------------------------------------------------------
+describe("POST /api/auth/sign-in/email", () => {
+    it("delegates sign-in request to auth.handler", async () => {
+        const session = { user: { id: "u-1" }, session: { id: "s-1", token: "tok" } };
+        const auth = mockAuthWithHandler(new Response(JSON.stringify(session), {
+            status: 200,
+            headers: {
+                "Content-Type": "application/json",
+                "Set-Cookie": "better-auth.session_token=tok; Path=/; HttpOnly",
+            },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/sign-in/email", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ email: "a@b.com", password: "password123456" }),
+        });
+        expect(res.status).toBe(200);
+        expect(auth.handler).toHaveBeenCalledOnce();
+        const forwardedReq = auth.handler.mock.calls[0][0];
+        expect(new URL(forwardedReq.url).pathname).toBe("/api/auth/sign-in/email");
+    });
+    it("returns 401 for invalid credentials", async () => {
+        const auth = mockAuthWithHandler(new Response(JSON.stringify({ error: "Invalid credentials" }), {
+            status: 401,
+            headers: { "Content-Type": "application/json" },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/sign-in/email", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ email: "a@b.com", password: "wrong" }),
+        });
+        expect(res.status).toBe(401);
+        expect(auth.handler).toHaveBeenCalledOnce();
+    });
+});
+// ---------------------------------------------------------------------------
+// POST /api/auth/sign-out
+// ---------------------------------------------------------------------------
+describe("POST /api/auth/sign-out", () => {
+    it("delegates sign-out request to auth.handler", async () => {
+        const auth = mockAuthWithHandler(new Response(JSON.stringify({ success: true }), {
+            status: 200,
+            headers: {
+                "Content-Type": "application/json",
+                "Set-Cookie": "better-auth.session_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT",
+            },
+        }));
+        const app = createAuthApp(auth);
+        const res = await app.request("/api/auth/sign-out", {
+            method: "POST",
+            headers: {
+                Cookie: "better-auth.session_token=existing-tok",
+            },
+        });
+        expect(res.status).toBe(200);
+        expect(auth.handler).toHaveBeenCalledOnce();
+        const forwardedReq = auth.handler.mock.calls[0][0];
+        expect(new URL(forwardedReq.url).pathname).toBe("/api/auth/sign-out");
+        expect(forwardedReq.method).toBe("POST");
+    });
+});
+// ---------------------------------------------------------------------------
+// Route matching
+// ---------------------------------------------------------------------------
+describe("auth route matching", () => {
+    it("does not match non-auth routes", async () => {
+        const auth = mockAuthWithHandler(new Response("ok"));
+        const app = createAuthApp(auth);
+        app.get("/api/other", (c) => c.json({ other: true }));
+        const res = await app.request("/api/other");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.other).toBe(true);
+        expect(auth.handler).not.toHaveBeenCalled();
+    });
+    it("forwards the raw Request object to auth.handler", async () => {
+        const auth = mockAuthWithHandler(new Response(JSON.stringify({ ok: true }), {
+            status: 200,
+            headers: { "Content-Type": "application/json" },
+        }));
+        const app = createAuthApp(auth);
+        await app.request("/api/auth/get-session", {
+            headers: { Cookie: "better-auth.session_token=test-tok" },
+        });
+        expect(auth.handler).toHaveBeenCalledOnce();
+        const forwardedReq = auth.handler.mock.calls[0][0];
+        expect(forwardedReq).toBeInstanceOf(Request);
+        expect(forwardedReq.headers.get("Cookie")).toBe("better-auth.session_token=test-tok");
+    });
+});

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+export * from "./account/index.js";
 export * from "./admin/index.js";
 export * from "./auth/index.js";
 export { type ChargeOpts, type ChargeResult, type CheckoutOpts, type CheckoutSession, DrizzleWebhookSeenRepository, type Invoice, type IPaymentProcessor, type IWebhookSeenRepository, noOpReplayGuard, PaymentMethodOwnershipError, type PortalOpts, type SavedPaymentMethod, type SetupResult, type WebhookResult, } from "./billing/index.js";

package/dist/index.js

@@ -1,4 +1,6 @@
 // Database
+// Account (GDPR)
+export * from "./account/index.js";
 // Admin
 export * from "./admin/index.js";
 // Auth

package/dist/metering/emitter.d.ts

@@ -1,7 +1,7 @@
 import type { IMeterEventRepository } from "./meter-event-repository.js";
 import type { MeterEvent, MeterEventRow } from "./types.js";
 export interface IMeterEmitter {
-    emit(event: MeterEvent): void;
+    emit(event: MeterEvent): void | Promise<void>;
     flush(): Promise<number>;
     readonly pending: number;
     close(): void;
@@ -53,7 +53,7 @@ export declare class DrizzleMeterEmitter implements IMeterEmitter {
     private reconstituteCreditFields;
     private replayWALAsync;
     /** Emit a meter event. Non-blocking -- buffers in memory after WAL write. */
-    emit(event: MeterEvent): void;
+    emit(event: MeterEvent): Promise<void>;
     /** Flush buffered events to the database with retry and DLQ logic. */
     flush(): Promise<number>;
     /** Number of events currently buffered. */

package/dist/metering/emitter.js

@@ -94,13 +94,13 @@ export class DrizzleMeterEmitter {
         }
     }
     /** Emit a meter event. Non-blocking -- buffers in memory after WAL write. */
-    emit(event) {
+    async emit(event) {
         if (this.closed)
             return;
         // FAIL-CLOSED: Write to WAL first, then buffer.
-        // append() is synchronous (appendFileSync), so the WAL write completes
-        // before buffer.push() — crash safety is guaranteed.
-        const eventWithId = this.wal.append(event);
+        // append() is mutex-guarded to prevent TOCTOU races with remove().
+        // appendFileSync is still used inside the lock for crash safety.
+        const eventWithId = await this.wal.append(event);
         this.buffer.push(eventWithId);
         if (this.buffer.length >= this.batchSize) {
             void this.flush();

package/dist/metering/emitter.test.js

@@ -57,7 +57,7 @@ describe("DrizzleMeterEmitter — happy path", () => {
         }
     });
     it("writes a meter event to the database after flush", async () => {
-        emitter.emit(makeEvent({ tenant: "t1", capability: "voice" }));
+        await emitter.emit(makeEvent({ tenant: "t1", capability: "voice" }));
         expect(emitter.pending).toBe(1);
         const flushed = await emitter.flush();
         expect(flushed).toBe(1);
@@ -70,9 +70,9 @@ describe("DrizzleMeterEmitter — happy path", () => {
         expect(rows[0].charge).toBe(Credit.fromCents(2).toRaw());
     });
     it("persists multiple events in one flush", async () => {
-        emitter.emit(makeEvent({ tenant: "t1" }));
-        emitter.emit(makeEvent({ tenant: "t1" }));
-        emitter.emit(makeEvent({ tenant: "t2" }));
+        await emitter.emit(makeEvent({ tenant: "t1" }));
+        await emitter.emit(makeEvent({ tenant: "t1" }));
+        await emitter.emit(makeEvent({ tenant: "t2" }));
         const flushed = await emitter.flush();
         expect(flushed).toBe(3);
         const t1Rows = await emitter.queryEvents("t1");
@@ -89,7 +89,7 @@ describe("DrizzleMeterEmitter — happy path", () => {
         expect(emitter.pending).toBe(0);
     });
     it("persists sessionId, duration, usage, tier, and metadata", async () => {
-        emitter.emit(makeEvent({
+        await emitter.emit(makeEvent({
             sessionId: "sess-1",
             duration: 5000,
             usage: { units: 100, unitType: "tokens" },
@@ -119,7 +119,7 @@ describe("DrizzleMeterEmitter — DLQ failure paths", () => {
             maxRetries: 1,
         });
         await em.ready;
-        em.emit(makeEvent());
+        await em.emit(makeEvent());
         // Drop the table so flush fails
         await failPool.query("DROP TABLE meter_events CASCADE");
         await em.flush();
@@ -148,7 +148,7 @@ describe("DrizzleMeterEmitter — DLQ failure paths", () => {
             maxRetries: 2,
         });
         await em.ready;
-        em.emit(makeEvent());
+        await em.emit(makeEvent());
         // First flush fails
         await failPool.query("DROP TABLE meter_events CASCADE");
         await em.flush();