@xiboplayer/xmds 0.6.13 → 0.7.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xiboplayer/xmds",
-  "version": "0.6.13",
+  "version": "0.7.1",
   "description": "XMDS SOAP client for Xibo CMS communication",
   "type": "module",
   "main": "./src/index.js",
@@ -12,7 +12,7 @@
     "./schedule-parser": "./src/schedule-parser.js"
   },
   "dependencies": {
-    "@xiboplayer/utils": "0.6.13"
+    "@xiboplayer/utils": "0.7.1"
   },
   "devDependencies": {
     "vitest": "^2.0.0"

package/src/rest-client.js

@@ -29,9 +29,10 @@ export class RestClient {
     this._tokenExpiresAt = 0;
     this._displayId = null;
 
-    // ETag-based HTTP caching
+    // ETag-based HTTP caching (capped at _maxCacheSize entries)
     this._etags = new Map();
     this._responseCache = new Map();
+    this._maxCacheSize = 100;
 
     log.info('Using REST transport');
   }
@@ -61,6 +62,19 @@ export class RestClient {
        window.location.hostname === 'localhost');
   }
 
+  /**
+   * Store a response in the ETag cache, evicting the oldest entry if full.
+   */
+  _cacheSet(path, etag, data) {
+    if (this._etags.size >= this._maxCacheSize) {
+      const oldest = this._etags.keys().next().value;
+      this._etags.delete(oldest);
+      this._responseCache.delete(oldest);
+    }
+    this._etags.set(path, etag);
+    this._responseCache.set(path, data);
+  }
+
   // ─── JWT auth ─────────────────────────────────────────────────
 
   /**
@@ -95,6 +109,14 @@ export class RestClient {
     log.info(`Authenticated as display ${this._displayId}`);
   }
 
+  /**
+   * Get current token synchronously (may be null or expired).
+   * @returns {string|null}
+   */
+  getToken() {
+    return this._token;
+  }
+
   /**
    * Get a valid JWT token, refreshing if expired or missing.
    */
@@ -108,7 +130,7 @@ export class RestClient {
   /**
    * Make an authenticated GET request with ETag caching.
    */
-  async restGet(path, queryParams = {}) {
+  async restGet(path, queryParams = {}, _retrying = false) {
     const token = await this._getToken();
     const url = new URL(`${this.getRestBaseUrl()}${path}`);
     for (const [key, value] of Object.entries(queryParams)) {
@@ -131,8 +153,11 @@ export class RestClient {
 
     // Token expired mid-flight — re-auth and retry once
     if (response.status === 401) {
+      if (_retrying) {
+        throw new Error(`REST GET ${path} failed: 401 Unauthorized (after re-auth)`);
+      }
       this._token = null;
-      return this.restGet(path, queryParams);
+      return this.restGet(path, queryParams, true);
     }
 
     if (response.status === 304) {
@@ -148,11 +173,6 @@ export class RestClient {
       throw new Error(`REST GET ${path} failed: ${response.status} ${response.statusText} ${errorBody}`);
     }
 
-    const etag = response.headers.get('ETag');
-    if (etag) {
-      this._etags.set(cacheKey, etag);
-    }
-
     const contentType = response.headers.get('Content-Type') || '';
     let data;
     if (contentType.includes('application/json')) {
@@ -161,14 +181,18 @@ export class RestClient {
       data = await response.text();
     }
 
-    this._responseCache.set(cacheKey, data);
+    const etag = response.headers.get('ETag');
+    if (etag) {
+      this._cacheSet(cacheKey, etag, data);
+    }
+
     return data;
   }
 
   /**
    * Make an authenticated POST/PUT request with JSON body.
    */
-  async restSend(method, path, body = {}) {
+  async restSend(method, path, body = {}, _retrying = false) {
     const token = await this._getToken();
     const url = new URL(`${this.getRestBaseUrl()}${path}`);
 
@@ -185,8 +209,11 @@ export class RestClient {
 
     // Token expired mid-flight — re-auth and retry once
     if (response.status === 401) {
+      if (_retrying) {
+        throw new Error(`REST ${method} ${path} failed: 401 Unauthorized (after re-auth)`);
+      }
       this._token = null;
-      return this.restSend(method, path, body);
+      return this.restSend(method, path, body, true);
     }
 
     if (!response.ok) {
@@ -283,13 +310,14 @@ export class RestClient {
       version_instructions: attrs.version_instructions || display.version_instructions || null,
     };
 
-    const syncConfig = display.syncGroup ? {
+    // Prefer structured syncConfig from REST module; fall back to flat SOAP fields
+    const syncConfig = display.syncConfig || (display.syncGroup ? {
       syncGroup: String(display.syncGroup),
       syncPublisherPort: parseInt(display.syncPublisherPort || '9590', 10),
       syncSwitchDelay: parseInt(display.syncSwitchDelay || '750', 10),
       syncVideoPauseDelay: parseInt(display.syncVideoPauseDelay || '100', 10),
       isLead: String(display.syncGroup) === 'lead',
-    } : null;
+    } : null);
 
     return { code, message, settings, tags, commands, displayAttrs, checkRf, checkSchedule, syncConfig };
   }

package/src/rest-client.test.js

@@ -0,0 +1,307 @@
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// Copyright (c) 2024-2026 Pau Aliagas <linuxnow@gmail.com>
+// @vitest-environment jsdom
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+
+// Mock @xiboplayer/utils before importing RestClient
+vi.mock('@xiboplayer/utils', () => ({
+  createLogger: () => ({
+    info: vi.fn(),
+    debug: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+  }),
+  fetchWithRetry: vi.fn(),
+  PLAYER_API: '/player/api/v2',
+}));
+
+import { RestClient } from './rest-client.js';
+import { fetchWithRetry } from '@xiboplayer/utils';
+
+const mockConfig = {
+  cmsUrl: 'https://cms.example.com',
+  cmsKey: 'serverkey123',
+  hardwareKey: 'hw-001',
+  displayName: 'Test Display',
+  xmrChannel: 'xmr-ch',
+};
+
+/** Helper: create a mock Response object */
+function mockResponse(status, body, headers = {}) {
+  return {
+    ok: status >= 200 && status < 300,
+    status,
+    statusText: status === 200 ? 'OK' : status === 304 ? 'Not Modified' : status === 401 ? 'Unauthorized' : 'Error',
+    headers: {
+      get: (name) => headers[name] || null,
+    },
+    json: vi.fn().mockResolvedValue(body),
+    text: vi.fn().mockResolvedValue(typeof body === 'string' ? body : JSON.stringify(body)),
+  };
+}
+
+/** Helper: mock a successful auth response */
+function mockAuthResponse() {
+  return mockResponse(200, {
+    token: 'jwt-token-123',
+    displayId: 42,
+    expiresIn: 3600,
+  }, { 'Content-Type': 'application/json' });
+}
+
+describe('RestClient', () => {
+  let client;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    client = new RestClient(mockConfig);
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  // ─── JWT authentication ─────────────────────────────────────
+
+  describe('JWT authentication', () => {
+    it('authenticates and stores token on first request', async () => {
+      const authResp = mockAuthResponse();
+      const dataResp = mockResponse(200, { ok: true }, { 'Content-Type': 'application/json' });
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp)   // POST /auth
+        .mockResolvedValueOnce(dataResp);  // GET /schedule
+
+      const result = await client.restGet('/displays/42/schedule');
+
+      expect(result).toEqual({ ok: true });
+      expect(fetchWithRetry).toHaveBeenCalledTimes(2);
+      // First call is auth
+      expect(fetchWithRetry.mock.calls[0][1].method).toBe('POST');
+      expect(client._token).toBe('jwt-token-123');
+      expect(client._displayId).toBe(42);
+    });
+
+    it('reuses token on subsequent requests', async () => {
+      const authResp = mockAuthResponse();
+      const resp1 = mockResponse(200, { a: 1 }, { 'Content-Type': 'application/json' });
+      const resp2 = mockResponse(200, { b: 2 }, { 'Content-Type': 'application/json' });
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp)
+        .mockResolvedValueOnce(resp1)
+        .mockResolvedValueOnce(resp2);
+
+      await client.restGet('/foo');
+      await client.restGet('/bar');
+
+      // Only one auth call, two data calls
+      expect(fetchWithRetry).toHaveBeenCalledTimes(3);
+    });
+
+    it('throws on auth failure', async () => {
+      fetchWithRetry.mockResolvedValueOnce(mockResponse(403, 'Forbidden'));
+
+      await expect(client.restGet('/anything')).rejects.toThrow('Auth failed: 403');
+    });
+  });
+
+  // ─── ETag caching ───────────────────────────────────────────
+
+  describe('ETag caching', () => {
+    it('returns cached response on 304', async () => {
+      const authResp = mockAuthResponse();
+      const firstResp = mockResponse(200, { data: 'fresh' }, {
+        'Content-Type': 'application/json',
+        'ETag': '"etag-1"',
+      });
+      const cachedResp = mockResponse(304, null);
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp)
+        .mockResolvedValueOnce(firstResp)
+        .mockResolvedValueOnce(cachedResp);
+
+      // First call populates cache
+      const first = await client.restGet('/resource');
+      expect(first).toEqual({ data: 'fresh' });
+
+      // Second call gets 304, returns cached
+      const second = await client.restGet('/resource');
+      expect(second).toEqual({ data: 'fresh' });
+    });
+
+    it('sends If-None-Match header when ETag is cached', async () => {
+      const authResp = mockAuthResponse();
+      const firstResp = mockResponse(200, { data: 1 }, {
+        'Content-Type': 'application/json',
+        'ETag': '"my-etag"',
+      });
+      const secondResp = mockResponse(304, null);
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp)
+        .mockResolvedValueOnce(firstResp)
+        .mockResolvedValueOnce(secondResp);
+
+      await client.restGet('/path');
+      await client.restGet('/path');
+
+      // Third fetchWithRetry call (second GET) should include If-None-Match
+      const secondGetCall = fetchWithRetry.mock.calls[2];
+      expect(secondGetCall[1].headers['If-None-Match']).toBe('"my-etag"');
+    });
+  });
+
+  // ─── 401 retry guard ───────────────────────────────────────
+
+  describe('401 retry guard', () => {
+    it('restGet retries once on 401 then succeeds', async () => {
+      const authResp1 = mockAuthResponse();
+      const unauthorizedResp = mockResponse(401, 'Unauthorized');
+      const authResp2 = mockAuthResponse();
+      const successResp = mockResponse(200, { ok: true }, { 'Content-Type': 'application/json' });
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp1)   // first auth
+        .mockResolvedValueOnce(unauthorizedResp) // GET returns 401
+        .mockResolvedValueOnce(authResp2)   // re-auth
+        .mockResolvedValueOnce(successResp); // retry GET succeeds
+
+      const result = await client.restGet('/resource');
+      expect(result).toEqual({ ok: true });
+    });
+
+    it('restGet throws on second consecutive 401 (no infinite recursion)', async () => {
+      const authResp1 = mockAuthResponse();
+      const unauth1 = mockResponse(401, 'Unauthorized');
+      const authResp2 = mockAuthResponse();
+      const unauth2 = mockResponse(401, 'Unauthorized');
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp1)
+        .mockResolvedValueOnce(unauth1)
+        .mockResolvedValueOnce(authResp2)
+        .mockResolvedValueOnce(unauth2);
+
+      await expect(client.restGet('/resource'))
+        .rejects.toThrow('401 Unauthorized (after re-auth)');
+    });
+
+    it('restSend retries once on 401 then succeeds', async () => {
+      const authResp1 = mockAuthResponse();
+      const unauth = mockResponse(401, 'Unauthorized');
+      const authResp2 = mockAuthResponse();
+      const success = mockResponse(200, { saved: true }, { 'Content-Type': 'application/json' });
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp1)
+        .mockResolvedValueOnce(unauth)
+        .mockResolvedValueOnce(authResp2)
+        .mockResolvedValueOnce(success);
+
+      const result = await client.restSend('PUT', '/resource', { key: 'value' });
+      expect(result).toEqual({ saved: true });
+    });
+
+    it('restSend throws on second consecutive 401 (no infinite recursion)', async () => {
+      const authResp1 = mockAuthResponse();
+      const unauth1 = mockResponse(401, 'Unauthorized');
+      const authResp2 = mockAuthResponse();
+      const unauth2 = mockResponse(401, 'Unauthorized');
+
+      fetchWithRetry
+        .mockResolvedValueOnce(authResp1)
+        .mockResolvedValueOnce(unauth1)
+        .mockResolvedValueOnce(authResp2)
+        .mockResolvedValueOnce(unauth2);
+
+      await expect(client.restSend('POST', '/resource', {}))
+        .rejects.toThrow('401 Unauthorized (after re-auth)');
+    });
+  });
+
+  // ─── Cache eviction ─────────────────────────────────────────
+
+  describe('cache eviction', () => {
+    it('evicts oldest entry when cache exceeds max size', () => {
+      // Fill cache to max
+      for (let i = 0; i < 100; i++) {
+        client._cacheSet(`/path-${i}`, `etag-${i}`, { i });
+      }
+      expect(client._etags.size).toBe(100);
+      expect(client._responseCache.size).toBe(100);
+
+      // Adding one more should evict /path-0
+      client._cacheSet('/path-new', 'etag-new', { new: true });
+      expect(client._etags.size).toBe(100);
+      expect(client._etags.has('/path-0')).toBe(false);
+      expect(client._responseCache.has('/path-0')).toBe(false);
+      expect(client._etags.has('/path-new')).toBe(true);
+      expect(client._responseCache.get('/path-new')).toEqual({ new: true });
+    });
+
+    it('does not evict when under max size', () => {
+      client._cacheSet('/a', 'etag-a', 'data-a');
+      client._cacheSet('/b', 'etag-b', 'data-b');
+      expect(client._etags.size).toBe(2);
+      expect(client._etags.has('/a')).toBe(true);
+      expect(client._etags.has('/b')).toBe(true);
+    });
+
+    it('evicts multiple oldest entries on sequential inserts', () => {
+      for (let i = 0; i < 100; i++) {
+        client._cacheSet(`/p-${i}`, `e-${i}`, i);
+      }
+      // Add 3 more
+      client._cacheSet('/x1', 'ex1', 'x1');
+      client._cacheSet('/x2', 'ex2', 'x2');
+      client._cacheSet('/x3', 'ex3', 'x3');
+
+      expect(client._etags.size).toBe(100);
+      expect(client._etags.has('/p-0')).toBe(false);
+      expect(client._etags.has('/p-1')).toBe(false);
+      expect(client._etags.has('/p-2')).toBe(false);
+      expect(client._etags.has('/p-3')).toBe(true); // still present
+      expect(client._etags.has('/x3')).toBe(true);
+    });
+  });
+
+  // ─── Proxy mode detection ──────────────────────────────────
+
+  describe('proxy mode detection', () => {
+    it('detects proxy mode when electronAPI.isElectron is set', () => {
+      window.electronAPI = { isElectron: true };
+      expect(client._isProxyMode()).toBe(true);
+      delete window.electronAPI;
+    });
+
+    it('detects proxy mode when hostname is localhost', () => {
+      // jsdom defaults to localhost
+      const original = window.location.hostname;
+      expect(client._isProxyMode()).toBe(original === 'localhost');
+    });
+
+    it('returns direct URL in non-proxy mode', () => {
+      // Ensure no proxy indicators
+      delete window.electronAPI;
+      // jsdom hostname is localhost, so override _isProxyMode
+      vi.spyOn(client, '_isProxyMode').mockReturnValue(false);
+
+      const url = client.getRestBaseUrl();
+      expect(url).toBe('https://cms.example.com/player/api/v2');
+    });
+
+    it('returns local origin URL in proxy mode via electronAPI', () => {
+      window.electronAPI = { isElectron: true };
+
+      const url = client.getRestBaseUrl();
+      expect(url).toContain('/player/api/v2');
+      // In proxy mode, uses window.location.origin (which is cms.example.com in vitest)
+      // The key assertion is that _isProxyMode is true and the URL uses origin
+      expect(url).toBe(`${window.location.origin}/player/api/v2`);
+
+      delete window.electronAPI;
+    });
+  });
+});