acinguiux-dnr-utils 0.0.1

package/src/authentication/client-auth-guard.ts

@@ -0,0 +1,29 @@
+"use client";
+
+import { usePathname, useRouter, useSearchParams } from "next/navigation";
+import { useSession } from "next-auth/react";
+import { type ReactNode, useEffect } from "react";
+
+export function ClientAuthGuard({ children }: { children: ReactNode }) {
+  const isAuthDisabled = process.env.NEXT_PUBLIC_AUTH_DISABLED === "true";
+  const { status } = useSession();
+  const pathname = usePathname();
+  const searchParams = useSearchParams();
+  const router = useRouter();
+  const currentPath = pathname + (searchParams.toString() ? `?${searchParams}` : "");
+
+  useEffect(() => {
+    if (isAuthDisabled) return;
+
+    if (status === "unauthenticated") {
+      const isSignIn = pathname.startsWith("/auth/signin");
+      const callbackUrl = encodeURIComponent(isSignIn ? "/" : currentPath);
+      router.push(`/auth/signin?callbackUrl=${callbackUrl}`);
+    }
+  }, [status, router, currentPath, pathname, isAuthDisabled]);
+
+  if (isAuthDisabled) return children;
+  if (status === "loading") return null;
+
+  return children;
+}

package/src/authentication/helpers.test.ts

@@ -0,0 +1,41 @@
+import { describe, expect, type Mock, test, vi } from "vitest";
+import { auth } from "./auth";
+import { extractProfile, getAccessToken } from "./helpers";
+
+// @vitest-environment node
+
+vi.mock("./auth", () => ({
+  auth: vi.fn(),
+}));
+
+describe("helpers", () => {
+  describe("extractProfile", () => {
+    test("should return parsed profile when token is provided", () => {
+      const token = `header.${Buffer.from(JSON.stringify({ name: "John Doe" })).toString("base64")}.signature`;
+      const profile = extractProfile(token);
+      expect(profile).toEqual({ name: "John Doe" });
+    });
+
+    test("should return empty object when token is not provided", () => {
+      const profile = extractProfile();
+      expect(profile).toEqual({});
+    });
+  });
+
+  describe("getAccessToken", () => {
+    test("should return access token when session is available", async () => {
+      const mockSession = { access_token: "mockAccessToken" };
+      (auth as Mock).mockResolvedValue(mockSession);
+
+      const accessToken = await getAccessToken();
+      expect(accessToken).toBe("mockAccessToken");
+    });
+
+    test("should return null when session is not available", async () => {
+      (auth as Mock).mockResolvedValue(null);
+
+      const accessToken = await getAccessToken();
+      expect(accessToken).toBeUndefined();
+    });
+  });
+});

package/src/authentication/helpers.ts

@@ -0,0 +1,14 @@
+import { auth } from "./auth";
+import type { PingIDProfile } from "./provider";
+
+export function extractProfile(token?: string): PingIDProfile {
+  return token
+    ? JSON.parse(Buffer.from(token.split(".")[1], "base64").toString())
+    : ({} as PingIDProfile);
+}
+
+export const getAccessToken = async () => {
+  const session = await auth();
+
+  return session?.access_token;
+};

package/src/authentication/index.ts

@@ -0,0 +1,8 @@
+export { auth, GET, POST, signIn, signOut } from "./auth";
+export { callbacks } from "./callbacks";
+export { ClientAuthGuard } from "./client-auth-guard";
+export { extractProfile, getAccessToken } from "./helpers";
+export { default as middleware } from "./middleware";
+export type { PingIDProfile } from "./provider";
+export { default as PingID } from "./provider";
+export { getUserPermissions } from "./services/permissions";

package/src/authentication/middleware.ts

@@ -0,0 +1,17 @@
+import { NextResponse } from "next/server";
+
+import { auth, isAuthDisabled } from "./auth";
+
+const middleware = isAuthDisabled
+  ? () => NextResponse.next()
+  : auth((request) => {
+      if (!request?.auth?.access_token) {
+        const url = request.nextUrl.clone();
+        url.pathname = "/api/auth/signin";
+        url.searchParams.set("callbackUrl", `${request.nextUrl.pathname}${request.nextUrl.search}`);
+
+        return NextResponse.redirect(url);
+      }
+    });
+
+export default middleware;

package/src/authentication/provider.test.ts

@@ -0,0 +1,168 @@
+import type { JWT } from "next-auth/jwt";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import * as helpers from "./helpers";
+import PingID, { type PingIDProfile } from "./provider";
+
+vi.mock("./helpers");
+
+describe("PingID Provider", () => {
+  const mockOptions = {
+    clientId: "test-client-id",
+    baseUrl: "https://sso.example.com",
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe("provider configuration", () => {
+    it("should return a valid OAuthConfig with correct basic properties", () => {
+      const provider = PingID(mockOptions);
+
+      expect(provider.id).toBe("pingid");
+      expect(provider.name).toBe("PingID");
+      expect(provider.type).toBe("oidc");
+      expect(provider.issuer).toBe("https://sso.example.com");
+    });
+
+    it("should set client auth method to none", () => {
+      const provider = PingID(mockOptions);
+
+      expect(provider.client).toEqual({
+        token_endpoint_auth_method: "none",
+      });
+    });
+
+    it("should include style configuration", () => {
+      const provider = PingID(mockOptions);
+
+      expect(provider.style).toEqual({ logo: "" });
+    });
+
+    it("should include options in returned config", () => {
+      const provider = PingID(mockOptions) as any;
+
+      expect(provider.options).toEqual(mockOptions);
+    });
+  });
+
+  describe("userinfo request", () => {
+    it("should extract profile from access token", async () => {
+      const mockProfile: Partial<PingIDProfile> = {
+        mail: "user@example.com",
+        givenName: "John",
+        sn: "Doe",
+      };
+
+      vi.mocked(helpers.extractProfile).mockReturnValue(mockProfile as any);
+
+      const provider = PingID(mockOptions);
+      const mockToken: JWT = { access_token: "test_token" };
+
+      const result = await provider.userinfo?.request?.({ tokens: mockToken });
+
+      expect(helpers.extractProfile).toHaveBeenCalledWith("test_token");
+      expect(result).toEqual(mockProfile);
+    });
+
+    it("should handle missing access token", async () => {
+      const emptyProfile: PingIDProfile = {
+        scope: [],
+        authorization_details: [],
+        client_id: "",
+        accessGrantGuid: "",
+        iss: "",
+        jti: "",
+        aud: "",
+        sub: "",
+        uid: "",
+        clientid: "",
+        mail: "",
+        givenName: "",
+        sn: "",
+        exp: 0,
+      };
+
+      vi.mocked(helpers.extractProfile).mockReturnValue(emptyProfile);
+
+      const provider = PingID(mockOptions);
+      const mockToken: JWT = { access_token: undefined };
+
+      const result = await provider.userinfo?.request?.({ tokens: mockToken });
+
+      expect(result).toEqual(emptyProfile);
+    });
+  });
+
+  describe("profile callback", () => {
+    it("should transform profile correctly", () => {
+      const provider = PingID(mockOptions);
+      const profileFn = provider.profile as any;
+      expect(profileFn).toBeDefined();
+      expect(typeof profileFn).toBe("function");
+
+      const mockProfile: PingIDProfile = {
+        scope: [],
+        authorization_details: [],
+        client_id: "client123",
+        accessGrantGuid: "guid123",
+        iss: "https://sso.example.com",
+        jti: "jti123",
+        aud: "aud123",
+        sub: "sub123",
+        uid: "uid123",
+        clientid: "clientid123",
+        mail: "test@example.com",
+        givenName: "John",
+        sn: "Doe",
+        exp: 1234567890,
+      };
+
+      const result = profileFn(mockProfile);
+      expect(result).toBeDefined();
+    });
+
+    it("should have correct provider properties for name and email extraction", () => {
+      const provider = PingID(mockOptions);
+      expect(provider.id).toBe("pingid");
+      expect(provider.type).toBe("oidc");
+      expect(provider.issuer).toBe("https://sso.example.com");
+    });
+
+    it("should handle profile with special characters in config", () => {
+      const customOptions = {
+        clientId: "client123",
+        baseUrl: "https://custom-sso.example.com",
+      };
+
+      const provider = PingID(customOptions);
+      expect(provider.issuer).toBe("https://custom-sso.example.com");
+    });
+  });
+
+  describe("provider initialization with different options", () => {
+    it("should accept different issuer URLs", () => {
+      const customOptions = {
+        clientId: "client-456",
+        baseUrl: "https://custom-sso.example.com",
+      };
+
+      const provider = PingID(customOptions);
+
+      expect(provider.issuer).toBe("https://custom-sso.example.com");
+    });
+
+    it("should maintain options reference in config", () => {
+      const customOptions = {
+        clientId: "test-id",
+        baseUrl: "https://test.com",
+        customProperty: "custom-value",
+      };
+
+      const provider = PingID(customOptions) as any;
+
+      expect(provider.options).toBe(customOptions);
+      expect(provider.options.customProperty).toBe("custom-value");
+    });
+  });
+});

package/src/authentication/provider.ts

@@ -0,0 +1,56 @@
+import type { OAuthConfig } from "@auth/core/providers";
+import type { JWT } from "next-auth/jwt";
+
+import { extractProfile } from "./helpers";
+
+export interface PingIDProfile {
+  scope: [];
+  authorization_details: [];
+  client_id: string;
+  accessGrantGuid: string;
+  iss: string;
+  jti: string;
+  aud: string;
+  sub: string;
+  uid: string;
+  clientid: string;
+  mail: string;
+  givenName: string;
+  sn: string;
+  exp: number;
+}
+
+export default function PingID(
+  options: Record<string, unknown>,
+): OAuthConfig<PingIDProfile> & { options: Record<string, unknown> } {
+  return {
+    id: "pingid",
+    name: "PingID",
+    type: "oidc",
+    client: {
+      token_endpoint_auth_method: "none",
+    },
+    issuer: `${options.baseUrl}`,
+    userinfo: {
+      // The userinfo endpoint needs to be enabled by SIMAAS so we overwrite
+      // the request and decode the JWT instead to get the user profile
+
+      async request({ tokens }: { tokens: JWT }) {
+        return extractProfile(tokens.access_token);
+      },
+    },
+    // Profile is returned from the userinfo request
+    profile(profile) {
+      // In future we can add more fields here from the user profile
+
+      return {
+        name: `${profile.givenName} ${profile.sn}`,
+        email: profile.mail,
+      };
+    },
+    style: {
+      logo: "",
+    },
+    options,
+  };
+}

package/src/authentication/services/permissions.test.ts

@@ -0,0 +1,102 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+import { getAccessToken } from "../helpers";
+
+import { getUserPermissions } from "./permissions";
+
+vi.mock("../helpers", () => ({
+  getAccessToken: vi.fn(),
+}));
+
+describe("getUserPermissions", () => {
+  const AUTHORISATION_URL = "https://example.com";
+  const App_Abbr = "TEST_APP";
+
+  const mockPermissions = [
+    {
+      group_name: "Admin",
+      items: [
+        {
+          technical_name: "item1",
+          item_name: "Item 1",
+          api_endpoint: "/api/item1",
+          permissions: {
+            create: true,
+            update: true,
+            delete: true,
+            read: true,
+          },
+        },
+      ],
+    },
+  ];
+
+  const mockPermissionsNoAccess = {
+    context: {
+      errors: [
+        {
+          msg: "Given user is not allowed to access any resource.",
+          loc: null,
+        },
+      ],
+    },
+    error: "HTTPException",
+  };
+
+  beforeEach(() => {
+    vi.resetAllMocks();
+    process.env.AUTHORISATION_URL = AUTHORISATION_URL;
+  });
+
+  it("should return user permissions on successful fetch", async () => {
+    vi.mocked(getAccessToken).mockResolvedValue("dummy_token");
+    global.fetch = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => ({ context: mockPermissions }),
+    });
+
+    const result = await getUserPermissions(App_Abbr);
+    expect(result).toEqual(mockPermissions);
+  });
+
+  it("should handle fetch failure due to network issues", async () => {
+    vi.mocked(getAccessToken).mockResolvedValue("dummy_token");
+    global.fetch = vi.fn().mockRejectedValue(new Error("Network Error"));
+
+    const result = await getUserPermissions(App_Abbr);
+    expect(result).toEqual([]);
+  });
+
+  it("should handle fetch failure if user have no access", async () => {
+    vi.mocked(getAccessToken).mockResolvedValue("dummy_token");
+    global.fetch = vi.fn().mockResolvedValue({
+      ok: false,
+      status: 403,
+      statusText: "Access Forbidden",
+      json: async () => mockPermissionsNoAccess,
+    });
+
+    const consoleErrorSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+
+    const result = await getUserPermissions(App_Abbr);
+
+    expect(result).toEqual({
+      errors: [
+        {
+          msg: "Given user is not allowed to access any resource.",
+          loc: null,
+        },
+      ],
+    });
+    expect(consoleErrorSpy).toHaveBeenCalledWith(
+      "fetch ted api/permissions - 403 Access Forbidden",
+    );
+  });
+
+  it("should return empty array if AUTHORISATION_URL is not set", async () => {
+    delete process.env.AUTHORISATION_URL;
+
+    const result = await getUserPermissions(App_Abbr);
+    expect(result).toEqual([]);
+  });
+});

package/src/authentication/services/permissions.ts

@@ -0,0 +1,52 @@
+import { getAccessToken } from "../helpers";
+
+export interface UserAuthorization {
+  group_name?: string;
+  item_name?: string;
+  items?: {
+    technical_name: string | null;
+    item_name: string;
+    api_endpoint: string;
+    permissions: {
+      create: boolean;
+      update: boolean;
+      delete: boolean;
+      read: boolean;
+    };
+  }[];
+}
+
+export const getUserPermissions = async (App_Abbr: string): Promise<UserAuthorization[]> => {
+  let roles: UserAuthorization[] = [];
+  const { AUTHORISATION_URL } = process.env;
+
+  if (AUTHORISATION_URL) {
+    try {
+      const accessToken = await getAccessToken();
+
+      const response = await fetch(`${AUTHORISATION_URL}/api/permissions`, {
+        next: { revalidate: 54000 }, // 15 minutes
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          "Content-Type": "application/json",
+          "Referrer-Application": `${App_Abbr}`,
+        },
+      });
+
+      const tedAuthorization = await response.json();
+      roles = tedAuthorization?.context;
+
+      if (!response.ok) {
+        console.error(`fetch ted api/permissions - ${response.status} ${response.statusText}`);
+        throw new Error(`${response.status} ${response.statusText}`);
+      }
+    } catch (error) {
+      console.error("Error fetching user permissions:", error);
+
+      return roles;
+    }
+  }
+
+  return roles;
+};

package/src/formatters/index.ts

@@ -0,0 +1 @@
+export * from "./number";

package/src/formatters/number.test.ts

@@ -0,0 +1,49 @@
+import { describe, expect, it } from "vitest";
+
+import { formatNumber } from "./number";
+
+describe("formatNumber", () => {
+  it("should format a positive integer correctly", () => {
+    const result = formatNumber(1234);
+    expect(result).toBe("1,234.00"); // Assuming default locale with 2 decimal places
+  });
+
+  it("should format a positive number with custom decimal places", () => {
+    const result = formatNumber(1234.5678, { decimalPlaces: 3 });
+    expect(result).toBe("1,234.568");
+  });
+
+  it("should format a negative number correctly", () => {
+    const result = formatNumber(-1234);
+    expect(result).toBe("-1,234.00");
+  });
+
+  it("should format a negative number with custom decimal places", () => {
+    const result = formatNumber(-1234.5678, { decimalPlaces: 1 });
+    expect(result).toBe("-1,234.6");
+  });
+
+  it("should throw an error for NaN input", () => {
+    expect(() => formatNumber("abc")).toThrow("Number is NaN. Expected a number or string number.");
+  });
+
+  it("should throw an error for negative decimal places", () => {
+    expect(() => formatNumber(1234, { decimalPlaces: -1 })).toThrow(
+      "Fraction digits must be a non-negative number.",
+    );
+  });
+
+  it.skip("should handle formatting with additional Intl.NumberFormatOptions", () => {
+    const result = formatNumber(1234.5678, {
+      decimalPlaces: 2,
+      style: "currency",
+      currency: "USD",
+    });
+    expect(result).toBe("$1,234.57");
+  });
+
+  it("should handle formatting with number string input", () => {
+    const result = formatNumber("1234.5678", { decimalPlaces: 2 });
+    expect(result).toBe("1,234.57");
+  });
+});

package/src/formatters/number.ts

@@ -0,0 +1,25 @@
+interface NumberFormatOptions extends Intl.NumberFormatOptions {
+  decimalPlaces?: number;
+}
+
+export function formatNumber(number: string | number, options: NumberFormatOptions = {}): string {
+  const numValue = Number(number);
+
+  if (Number.isNaN(numValue)) {
+    throw new Error("Number is NaN. Expected a number or string number.");
+  }
+
+  const { decimalPlaces = 2, ...rest } = options;
+
+  if (decimalPlaces < 0 || decimalPlaces === undefined) {
+    throw new Error("Fraction digits must be a non-negative number.");
+  }
+
+  const formattedValue = new Intl.NumberFormat(undefined, {
+    ...rest,
+    minimumFractionDigits: decimalPlaces,
+    maximumFractionDigits: decimalPlaces,
+  }).format(numValue);
+
+  return formattedValue;
+}

package/src/instrumentation/browser.test.ts

@@ -0,0 +1,118 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+// Mock only Grafana Faro SDK
+const mockInitializeFaro = vi.fn();
+const mockGetWebInstrumentations = vi.fn(() => []);
+const mockFaro = { api: null };
+
+vi.mock("@grafana/faro-web-sdk", () => ({
+  faro: mockFaro,
+  initializeFaro: mockInitializeFaro,
+  getWebInstrumentations: mockGetWebInstrumentations,
+}));
+
+describe("browser instrumentation", () => {
+  const originalEnv = process.env.NEXT_PUBLIC_FARO_URL;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    delete process.env.NEXT_PUBLIC_FARO_URL;
+    mockFaro.api = null;
+  });
+
+  afterEach(() => {
+    if (originalEnv) {
+      process.env.NEXT_PUBLIC_FARO_URL = originalEnv;
+    }
+  });
+
+  it("should return null when faro.api is already initialized", async () => {
+    mockFaro.api = {} as any;
+    process.env.NEXT_PUBLIC_FARO_URL = "https://faro.example.com";
+
+    const { instrument } = await import("./browser");
+    const result = instrument("test-product", { name: "Test", email: "test@example.com" });
+
+    expect(result).toBeNull();
+    expect(mockInitializeFaro).not.toHaveBeenCalled();
+  });
+
+  it("should return null when NEXT_PUBLIC_FARO_URL is not set", async () => {
+    delete process.env.NEXT_PUBLIC_FARO_URL;
+
+    const { instrument } = await import("./browser");
+    const result = instrument("test-product", { name: "Test", email: "test@example.com" });
+
+    expect(result).toBeNull();
+    expect(mockInitializeFaro).not.toHaveBeenCalled();
+  });
+
+  it("should initialize Faro when NEXT_PUBLIC_FARO_URL is set and faro.api is null", async () => {
+    process.env.NEXT_PUBLIC_FARO_URL = "https://faro.example.com";
+
+    const { instrument } = await import("./browser");
+    instrument("my-product", { name: "John Doe", email: "john@example.com" });
+
+    expect(mockInitializeFaro).toHaveBeenCalledWith({
+      url: "https://faro.example.com/collect",
+      app: {
+        name: "my-product-browser",
+        namespace: "geneva-my-product",
+      },
+      user: {
+        email: "john@example.com",
+        fullName: "John Doe",
+      },
+      pageTracking: {
+        generatePageId: expect.any(Function),
+      },
+      trackGeolocation: true,
+      instrumentations: [],
+    });
+  });
+
+  it("should handle user with empty email", async () => {
+    process.env.NEXT_PUBLIC_FARO_URL = "https://faro.example.com";
+
+    const { instrument } = await import("./browser");
+    instrument("test-product", { email: undefined, name: "Test User" });
+
+    expect(mockInitializeFaro).toHaveBeenCalledWith(
+      expect.objectContaining({
+        user: {
+          email: "",
+          fullName: "Test User",
+        },
+      }),
+    );
+  });
+
+  it("should handle user with empty name", async () => {
+    process.env.NEXT_PUBLIC_FARO_URL = "https://faro.example.com";
+
+    const { instrument } = await import("./browser");
+    instrument("test-product", { email: "test@example.com", name: undefined });
+
+    expect(mockInitializeFaro).toHaveBeenCalledWith(
+      expect.objectContaining({
+        user: {
+          email: "test@example.com",
+          fullName: "",
+        },
+      }),
+    );
+  });
+
+  it("should create correct page ID from URL", async () => {
+    process.env.NEXT_PUBLIC_FARO_URL = "https://faro.example.com";
+
+    const { instrument } = await import("./browser");
+    instrument("test-product", { email: "test@example.com", name: "Test" });
+
+    const call = mockInitializeFaro.mock.calls[0][0];
+    const generatePageId = call.pageTracking.generatePageId;
+
+    expect(generatePageId({ pathname: "/home" })).toBe("/home");
+    expect(generatePageId({ pathname: "/about" })).toBe("/about");
+  });
+});