bunsane 0.3.2 → 0.4.0

package/tests/unit/gql/operationMiddleware.test.ts

@@ -1,293 +0,0 @@
-import { describe, it, expect } from "bun:test";
-import { GraphQLError } from "graphql";
-import {
-    Middleware,
-    composeOperationMiddleware,
-    type OperationMiddleware,
-} from "../../../gql/middleware";
-
-// --- Test helpers ---
-
-function createMockService() {
-    return {
-        getUser: async (args: any, context: any, _info: any) => {
-            return { id: args.id, name: "Test User", role: context.user?.role };
-        },
-        createUser: async (args: any, _context: any, _info: any) => {
-            return { id: "new-1", name: args.name };
-        },
-    };
-}
-
-const Authenticate: OperationMiddleware = async (args, ctx, info, next) => {
-    if (!ctx.user) {
-        throw new GraphQLError("Unauthenticated", {
-            extensions: { code: "UNAUTHENTICATED", http: { status: 401 } },
-        });
-    }
-    return next();
-};
-
-function Authorize(...permissions: string[]): OperationMiddleware {
-    return async (args, ctx, info, next) => {
-        const userPerms: string[] = ctx.user?.permissions ?? [];
-        if (!permissions.every((p) => userPerms.includes(p))) {
-            throw new GraphQLError("Forbidden", {
-                extensions: { code: "FORBIDDEN", http: { status: 403 } },
-            });
-        }
-        return next();
-    };
-}
-
-// --- Tests ---
-
-describe("composeOperationMiddleware", () => {
-    it("calls handler directly with empty middleware array", async () => {
-        const handler = async (args: any) => args.value;
-        const chain = composeOperationMiddleware([], handler, null);
-        const result = await chain({ value: 42 }, {}, {});
-        expect(result).toBe(42);
-    });
-
-    it("executes middleware in order", async () => {
-        const order: number[] = [];
-        const mw1: OperationMiddleware = async (a, c, i, next) => {
-            order.push(1);
-            const result = await next();
-            order.push(4);
-            return result;
-        };
-        const mw2: OperationMiddleware = async (a, c, i, next) => {
-            order.push(2);
-            const result = await next();
-            order.push(3);
-            return result;
-        };
-        const handler = async () => {
-            order.push(0);
-            return "done";
-        };
-        const chain = composeOperationMiddleware([mw1, mw2], handler, null);
-        await chain({}, {}, {});
-        expect(order).toEqual([1, 2, 0, 3, 4]);
-    });
-
-    it("short-circuits when middleware throws", async () => {
-        const handlerCalled = { value: false };
-        const mw: OperationMiddleware = async () => {
-            throw new GraphQLError("Blocked");
-        };
-        const handler = async () => {
-            handlerCalled.value = true;
-        };
-        const chain = composeOperationMiddleware([mw], handler, null);
-        expect(chain({}, {}, {})).rejects.toThrow("Blocked");
-        expect(handlerCalled.value).toBe(false);
-    });
-
-    it("middleware can transform the return value", async () => {
-        const transform: OperationMiddleware = async (a, c, i, next) => {
-            const result = await next();
-            return { ...result, extra: true };
-        };
-        const handler = async () => ({ name: "test" });
-        const chain = composeOperationMiddleware([transform], handler, null);
-        const result = await chain({}, {}, {});
-        expect(result).toEqual({ name: "test", extra: true });
-    });
-
-    it("preserves thisArg for the handler", async () => {
-        const service = {
-            prefix: "Hello",
-            greet: async function (args: any) {
-                return `${this.prefix} ${args.name}`;
-            },
-        };
-        const passthrough: OperationMiddleware = async (a, c, i, next) => next();
-        const chain = composeOperationMiddleware(
-            [passthrough],
-            service.greet,
-            service,
-        );
-        const result = await chain({ name: "World" }, {}, {});
-        expect(result).toBe("Hello World");
-    });
-});
-
-describe("@Middleware decorator", () => {
-    it("wraps a method with middleware chain", async () => {
-        const log: string[] = [];
-        const logger: OperationMiddleware = async (a, c, i, next) => {
-            log.push("before");
-            const result = await next();
-            log.push("after");
-            return result;
-        };
-
-        class TestService {
-            @Middleware([logger])
-            async getData(args: any, _ctx: any, _info: any) {
-                log.push("handler");
-                return { value: args.id };
-            }
-        }
-
-        const svc = new TestService();
-        const result = await svc.getData({ id: 1 }, {}, {});
-        expect(result).toEqual({ value: 1 });
-        expect(log).toEqual(["before", "handler", "after"]);
-    });
-
-    it("chains multiple middleware in order", async () => {
-        const order: string[] = [];
-        const first: OperationMiddleware = async (a, c, i, next) => {
-            order.push("first-in");
-            const r = await next();
-            order.push("first-out");
-            return r;
-        };
-        const second: OperationMiddleware = async (a, c, i, next) => {
-            order.push("second-in");
-            const r = await next();
-            order.push("second-out");
-            return r;
-        };
-
-        class TestService {
-            @Middleware([first, second])
-            async doWork(_args: any, _ctx: any, _info: any) {
-                order.push("resolver");
-                return true;
-            }
-        }
-
-        await new TestService().doWork({}, {}, {});
-        expect(order).toEqual([
-            "first-in",
-            "second-in",
-            "resolver",
-            "second-out",
-            "first-out",
-        ]);
-    });
-
-    it("preserves this context of the service", async () => {
-        class TestService {
-            private secret = "s3cret";
-
-            @Middleware([async (a, c, i, next) => next()])
-            async getSecret(_args: any, _ctx: any, _info: any) {
-                return this.secret;
-            }
-        }
-
-        const result = await new TestService().getSecret({}, {}, {});
-        expect(result).toBe("s3cret");
-    });
-});
-
-describe("Auth guard middleware", () => {
-    it("Authenticate allows requests with user in context", async () => {
-        const service = createMockService();
-
-        class UserService {
-            @Middleware([Authenticate])
-            async getUser(args: any, context: any, info: any) {
-                return service.getUser(args, context, info);
-            }
-        }
-
-        const svc = new UserService();
-        const result = await svc.getUser(
-            { id: "1" },
-            { user: { role: "admin" } },
-            {},
-        );
-        expect(result).toEqual({ id: "1", name: "Test User", role: "admin" });
-    });
-
-    it("Authenticate rejects requests without user", async () => {
-        class UserService {
-            @Middleware([Authenticate])
-            async getUser(args: any, ctx: any, info: any) {
-                return { id: args.id };
-            }
-        }
-
-        try {
-            await new UserService().getUser({ id: "1" }, {}, {});
-            expect.unreachable("Should have thrown");
-        } catch (err: any) {
-            expect(err).toBeInstanceOf(GraphQLError);
-            expect(err.extensions.code).toBe("UNAUTHENTICATED");
-            expect(err.extensions.http.status).toBe(401);
-        }
-    });
-
-    it("Authorize allows requests with correct permissions", async () => {
-        class UserService {
-            @Middleware([Authenticate, Authorize("users.read")])
-            async getUser(args: any, ctx: any, info: any) {
-                return { id: args.id };
-            }
-        }
-
-        const ctx = { user: { permissions: ["users.read", "users.write"] } };
-        const result = await new UserService().getUser({ id: "1" }, ctx, {});
-        expect(result).toEqual({ id: "1" });
-    });
-
-    it("Authorize rejects requests with missing permissions", async () => {
-        class UserService {
-            @Middleware([Authenticate, Authorize("users.delete")])
-            async deleteUser(args: any, ctx: any, info: any) {
-                return true;
-            }
-        }
-
-        const ctx = { user: { permissions: ["users.read"] } };
-        try {
-            await new UserService().deleteUser({ id: "1" }, ctx, {});
-            expect.unreachable("Should have thrown");
-        } catch (err: any) {
-            expect(err).toBeInstanceOf(GraphQLError);
-            expect(err.extensions.code).toBe("FORBIDDEN");
-            expect(err.extensions.http.status).toBe(403);
-        }
-    });
-
-    it("Authenticate runs before Authorize in the chain", async () => {
-        class UserService {
-            @Middleware([Authenticate, Authorize("admin")])
-            async adminOp(_args: any, _ctx: any, _info: any) {
-                return true;
-            }
-        }
-
-        // No user → should get UNAUTHENTICATED, not FORBIDDEN
-        try {
-            await new UserService().adminOp({}, {}, {});
-            expect.unreachable("Should have thrown");
-        } catch (err: any) {
-            expect(err.extensions.code).toBe("UNAUTHENTICATED");
-        }
-    });
-
-    it("resolver does not execute when middleware rejects", async () => {
-        let resolverCalled = false;
-
-        class UserService {
-            @Middleware([Authenticate])
-            async getUser(_args: any, _ctx: any, _info: any) {
-                resolverCalled = true;
-                return {};
-            }
-        }
-
-        try {
-            await new UserService().getUser({}, {}, {});
-        } catch {}
-        expect(resolverCalled).toBe(false);
-    });
-});

package/tests/unit/health/Health.test.ts

@@ -1,129 +0,0 @@
-import { describe, test, expect, beforeEach } from "bun:test";
-import {
-    deepHealthCheck,
-    readinessCheck,
-    type HealthDeps,
-} from "../../../core/health";
-
-let dbUp: boolean;
-let cacheUp: boolean;
-
-function makeDeps(): HealthDeps {
-    return {
-        pingDb: async () => {
-            if (!dbUp) throw new Error("connection refused");
-            return true;
-        },
-        pingCache: async () => cacheUp,
-    };
-}
-
-describe("deepHealthCheck", () => {
-    beforeEach(() => {
-        dbUp = true;
-        cacheUp = true;
-    });
-
-    test("returns ok when DB and cache are up", async () => {
-        const { result, httpStatus } = await deepHealthCheck(makeDeps());
-
-        expect(httpStatus).toBe(200);
-        expect(result.status).toBe("ok");
-        expect(result.checks.database.status).toBe("up");
-        expect(result.checks.cache.status).toBe("up");
-        expect(typeof result.checks.database.latency_ms).toBe("number");
-        expect(typeof result.checks.cache.latency_ms).toBe("number");
-        expect(typeof result.timestamp).toBe("string");
-        expect(typeof result.uptime).toBe("number");
-    });
-
-    test("returns degraded when DB is up but cache is down", async () => {
-        cacheUp = false;
-
-        const { result, httpStatus } = await deepHealthCheck(makeDeps());
-
-        expect(httpStatus).toBe(200);
-        expect(result.status).toBe("degraded");
-        expect(result.checks.database.status).toBe("up");
-        expect(result.checks.cache.status).toBe("down");
-    });
-
-    test("returns unavailable (503) when DB is down", async () => {
-        dbUp = false;
-
-        const { result, httpStatus } = await deepHealthCheck(makeDeps());
-
-        expect(httpStatus).toBe(503);
-        expect(result.status).toBe("unavailable");
-        expect(result.checks.database.status).toBe("down");
-    });
-
-    test("returns unavailable (503) when both DB and cache are down", async () => {
-        dbUp = false;
-        cacheUp = false;
-
-        const { result, httpStatus } = await deepHealthCheck(makeDeps());
-
-        expect(httpStatus).toBe(503);
-        expect(result.status).toBe("unavailable");
-        expect(result.checks.database.status).toBe("down");
-        expect(result.checks.cache.status).toBe("down");
-    });
-});
-
-describe("readinessCheck", () => {
-    beforeEach(() => {
-        dbUp = true;
-        cacheUp = true;
-    });
-
-    test("returns 503 when isReady is false", async () => {
-        const { result, httpStatus } = await readinessCheck(
-            false,
-            false,
-            makeDeps(),
-        );
-
-        expect(httpStatus).toBe(503);
-        expect(result.status).toBe("unavailable");
-        expect(result.checks.database.status).toBe("unknown");
-        expect(result.checks.cache.status).toBe("unknown");
-    });
-
-    test("returns 503 when isShuttingDown is true", async () => {
-        const { result, httpStatus } = await readinessCheck(
-            true,
-            true,
-            makeDeps(),
-        );
-
-        expect(httpStatus).toBe(503);
-        expect(result.status).toBe("unavailable");
-    });
-
-    test("delegates to deepHealthCheck when ready", async () => {
-        const { result, httpStatus } = await readinessCheck(
-            true,
-            false,
-            makeDeps(),
-        );
-
-        expect(httpStatus).toBe(200);
-        expect(result.status).toBe("ok");
-        expect(result.checks.database.status).toBe("up");
-        expect(result.checks.cache.status).toBe("up");
-    });
-
-    test("returns 503 when ready but DB is down", async () => {
-        dbUp = false;
-
-        const { result, httpStatus } = await readinessCheck(
-            true,
-            false,
-            makeDeps(),
-        );
-
-        expect(httpStatus).toBe(503);
-        expect(result.status).toBe("unavailable");
-    });
-});

package/tests/unit/middleware/AccessLog.test.ts

@@ -1,37 +0,0 @@
-import { describe, test, expect, mock } from 'bun:test';
-import { accessLog } from '../../../core/middleware/AccessLog';
-
-const ok = async () => new Response('ok');
-
-describe('accessLog middleware', () => {
-    test('passes through and returns the response', async () => {
-        const mw = accessLog();
-        const res = await mw(new Request('http://localhost/test'), ok);
-
-        expect(res.status).toBe(200);
-        expect(await res.text()).toBe('ok');
-    });
-
-    test('skips configured paths', async () => {
-        const mw = accessLog({ skip: ['/health'] });
-
-        // Should still work, just not log
-        const res = await mw(new Request('http://localhost/health'), ok);
-        expect(res.status).toBe(200);
-    });
-
-    test('propagates errors from handler', async () => {
-        const mw = accessLog();
-        const failing = async () => { throw new Error('boom'); };
-
-        expect(mw(new Request('http://localhost/'), failing)).rejects.toThrow('boom');
-    });
-
-    test('handles non-200 responses', async () => {
-        const mw = accessLog();
-        const notFound = async () => new Response('not found', { status: 404 });
-        const res = await mw(new Request('http://localhost/missing'), notFound);
-
-        expect(res.status).toBe(404);
-    });
-});

package/tests/unit/middleware/Middleware.test.ts

@@ -1,98 +0,0 @@
-import { describe, test, expect } from 'bun:test';
-import { composeMiddleware, type Middleware } from '../../../core/Middleware';
-
-describe('composeMiddleware', () => {
-    test('calls final handler when no middleware', async () => {
-        const handler = async (req: Request) => new Response('ok');
-        const composed = composeMiddleware([], handler);
-        const res = await composed(new Request('http://localhost/'));
-        expect(await res.text()).toBe('ok');
-    });
-
-    test('executes middleware in order (onion model)', async () => {
-        const order: string[] = [];
-
-        const mw1: Middleware = async (req, next) => {
-            order.push('mw1-before');
-            const res = await next();
-            order.push('mw1-after');
-            return res;
-        };
-
-        const mw2: Middleware = async (req, next) => {
-            order.push('mw2-before');
-            const res = await next();
-            order.push('mw2-after');
-            return res;
-        };
-
-        const handler = async (req: Request) => {
-            order.push('handler');
-            return new Response('ok');
-        };
-
-        const composed = composeMiddleware([mw1, mw2], handler);
-        await composed(new Request('http://localhost/'));
-
-        expect(order).toEqual([
-            'mw1-before',
-            'mw2-before',
-            'handler',
-            'mw2-after',
-            'mw1-after',
-        ]);
-    });
-
-    test('middleware can short-circuit (skip next)', async () => {
-        const mw: Middleware = async (req, next) => {
-            return new Response('blocked', { status: 403 });
-        };
-
-        const handler = async (req: Request) => new Response('ok');
-        const composed = composeMiddleware([mw], handler);
-        const res = await composed(new Request('http://localhost/'));
-        expect(res.status).toBe(403);
-        expect(await res.text()).toBe('blocked');
-    });
-
-    test('middleware can modify the response', async () => {
-        const mw: Middleware = async (req, next) => {
-            const res = await next();
-            const headers = new Headers(res.headers);
-            headers.set('X-Custom', 'test');
-            return new Response(res.body, {
-                status: res.status,
-                headers,
-            });
-        };
-
-        const handler = async (req: Request) => new Response('ok');
-        const composed = composeMiddleware([mw], handler);
-        const res = await composed(new Request('http://localhost/'));
-        expect(res.headers.get('X-Custom')).toBe('test');
-    });
-
-    test('errors propagate through middleware chain', async () => {
-        const mw: Middleware = async (req, next) => {
-            return next();
-        };
-
-        const handler = async (req: Request) => {
-            throw new Error('boom');
-        };
-
-        const composed = composeMiddleware([mw], handler);
-        expect(composed(new Request('http://localhost/'))).rejects.toThrow('boom');
-    });
-
-    test('rejects if next() called multiple times', async () => {
-        const mw: Middleware = async (req, next) => {
-            await next();
-            return next(); // second call should reject
-        };
-
-        const handler = async (req: Request) => new Response('ok');
-        const composed = composeMiddleware([mw], handler);
-        expect(composed(new Request('http://localhost/'))).rejects.toThrow('next() called multiple times');
-    });
-});

package/tests/unit/middleware/RequestId.test.ts

@@ -1,54 +0,0 @@
-import { describe, test, expect } from 'bun:test';
-import { requestId, getRequestId, requestStore } from '../../../core/middleware/RequestId';
-
-const ok = async () => new Response('ok');
-
-describe('requestId middleware', () => {
-    test('generates a UUID and sets X-Request-Id header', async () => {
-        const mw = requestId();
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        const id = res.headers.get('X-Request-Id');
-        expect(id).toBeTruthy();
-        // UUID format check
-        expect(id).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
-    });
-
-    test('respects incoming X-Request-Id header', async () => {
-        const mw = requestId();
-        const req = new Request('http://localhost/', {
-            headers: { 'X-Request-Id': 'custom-id-123' },
-        });
-        const res = await mw(req, ok);
-
-        expect(res.headers.get('X-Request-Id')).toBe('custom-id-123');
-    });
-
-    test('getRequestId() returns current request ID within middleware', async () => {
-        const mw = requestId();
-        let capturedId: string | undefined;
-
-        const handler = async () => {
-            capturedId = getRequestId();
-            return new Response('ok');
-        };
-
-        const res = await mw(new Request('http://localhost/'), handler);
-        const headerId = res.headers.get('X-Request-Id')!;
-
-        expect(capturedId).toBe(headerId);
-    });
-
-    test('getRequestId() returns undefined outside request context', () => {
-        expect(getRequestId()).toBeUndefined();
-    });
-
-    test('preserves original response body and status', async () => {
-        const handler = async () => new Response('hello', { status: 201 });
-        const mw = requestId();
-        const res = await mw(new Request('http://localhost/'), handler);
-
-        expect(res.status).toBe(201);
-        expect(await res.text()).toBe('hello');
-    });
-});

package/tests/unit/middleware/SecurityHeaders.test.ts

@@ -1,66 +0,0 @@
-import { describe, test, expect } from 'bun:test';
-import { securityHeaders } from '../../../core/middleware/SecurityHeaders';
-
-const ok = async () => new Response('ok');
-
-describe('securityHeaders middleware', () => {
-    test('adds default security headers', async () => {
-        const mw = securityHeaders();
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('X-Frame-Options')).toBe('DENY');
-        expect(res.headers.get('X-Content-Type-Options')).toBe('nosniff');
-        expect(res.headers.get('Referrer-Policy')).toBe('strict-origin-when-cross-origin');
-    });
-
-    test('sets HSTS in production', async () => {
-        const mw = securityHeaders({ hsts: true });
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('Strict-Transport-Security')).toBe('max-age=31536000; includeSubDomains');
-    });
-
-    test('custom hstsMaxAge', async () => {
-        const mw = securityHeaders({ hsts: true, hstsMaxAge: 86400 });
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('Strict-Transport-Security')).toBe('max-age=86400; includeSubDomains');
-    });
-
-    test('frameOptions SAMEORIGIN', async () => {
-        const mw = securityHeaders({ frameOptions: 'SAMEORIGIN' });
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('X-Frame-Options')).toBe('SAMEORIGIN');
-    });
-
-    test('frameOptions disabled', async () => {
-        const mw = securityHeaders({ frameOptions: false });
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('X-Frame-Options')).toBeNull();
-    });
-
-    test('noSniff disabled', async () => {
-        const mw = securityHeaders({ noSniff: false });
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('X-Content-Type-Options')).toBeNull();
-    });
-
-    test('referrerPolicy disabled', async () => {
-        const mw = securityHeaders({ referrerPolicy: false });
-        const res = await mw(new Request('http://localhost/'), ok);
-
-        expect(res.headers.get('Referrer-Policy')).toBeNull();
-    });
-
-    test('preserves original response body and status', async () => {
-        const handler = async () => new Response('hello', { status: 201 });
-        const mw = securityHeaders();
-        const res = await mw(new Request('http://localhost/'), handler);
-
-        expect(res.status).toBe(201);
-        expect(await res.text()).toBe('hello');
-    });
-});