canopycms 0.0.0 → 0.0.2

package/src/api/security.test.ts

@@ -1,233 +0,0 @@
-/**
- * Security tests for API endpoints.
- *
- * Verifies:
- * - Branch access checks are enforced on all endpoints that accept a branch parameter
- * - Double-encoded path traversal attempts are rejected
- * - Invalid branch names are rejected by Zod validation
- */
-
-import { describe, it, expect, vi } from 'vitest'
-import type { ApiRequest } from './types'
-import type { FlatSchemaItem } from '../config'
-import type { ContentId, LogicalPath } from '../paths/types'
-import { unsafeAsBranchName, unsafeAsLogicalPath } from '../paths/test-utils'
-import { createMockApiContext, createMockBranchContext, createMockUser } from '../test-utils'
-
-// Mock SchemaOps for schema tests
-vi.mock('../schema/schema-store', async (importOriginal) => {
-  const actual = await importOriginal<typeof import('../schema/schema-store')>()
-  return {
-    ...actual,
-    SchemaOps: vi.fn().mockImplementation(() => ({
-      createCollection: vi.fn(),
-      updateCollection: vi.fn(),
-      deleteCollection: vi.fn(),
-      addEntryType: vi.fn(),
-      updateEntryType: vi.fn(),
-      removeEntryType: vi.fn(),
-      updateOrder: vi.fn(),
-      isCollectionEmpty: vi.fn(),
-      countEntriesUsingType: vi.fn(),
-      readCollectionMeta: vi.fn(),
-    })),
-  }
-})
-
-// Mock ContentStore for reference tests
-vi.mock('../content-store', () => ({
-  ContentStore: vi.fn().mockImplementation(() => ({
-    idIndex: vi.fn().mockResolvedValue({}),
-    read: vi.fn().mockResolvedValue({ data: { title: 'Test' } }),
-  })),
-  ContentStoreError: class ContentStoreError extends Error {},
-}))
-
-// Mock ReferenceResolver
-vi.mock('../reference-resolver', () => ({
-  ReferenceResolver: vi.fn().mockImplementation(() => ({
-    loadReferenceOptions: vi.fn().mockResolvedValue([]),
-    resolve: vi.fn().mockResolvedValue({ exists: true, collection: 'posts', slug: 'hello' }),
-  })),
-}))
-
-import { REFERENCE_OPTIONS_ROUTES } from './reference-options'
-import { RESOLVE_REFERENCES_ROUTES } from './resolve-references'
-import { getSchema, getCollection } from './schema'
-
-describe('Security: Branch access checks', () => {
-  const mockFlatSchema: FlatSchemaItem[] = [
-    {
-      type: 'collection',
-      logicalPath: 'posts' as LogicalPath,
-      name: 'posts',
-      label: 'Posts',
-      contentId: 'a1b2c3d4e5f6' as ContentId,
-      entries: [{ name: 'post', format: 'json', schema: [], schemaRef: 'postSchema' }],
-    },
-  ]
-
-  const branchContext = createMockBranchContext({
-    branchName: 'secret-branch',
-  })
-
-  describe('reference-options endpoint', () => {
-    it('returns 403 when user lacks branch access', async () => {
-      const ctx = createMockApiContext({
-        branchContext: { ...branchContext, flatSchema: mockFlatSchema },
-        allowBranchAccess: false,
-      })
-      const req = {
-        user: createMockUser(),
-        query: { collections: 'posts' },
-      } as unknown as ApiRequest
-
-      const result = await REFERENCE_OPTIONS_ROUTES.get.handler(ctx, req, {
-        branch: unsafeAsBranchName('secret-branch'),
-      })
-
-      expect(result.ok).toBe(false)
-      expect(result.status).toBe(403)
-    })
-
-    it('returns 200 when user has branch access', async () => {
-      const ctx = createMockApiContext({
-        branchContext: { ...branchContext, flatSchema: mockFlatSchema },
-        allowBranchAccess: true,
-      })
-      const req = {
-        user: createMockUser(),
-        query: { collections: 'posts', displayField: 'title' },
-      } as unknown as ApiRequest
-
-      const result = await REFERENCE_OPTIONS_ROUTES.get.handler(ctx, req, {
-        branch: unsafeAsBranchName('secret-branch'),
-      })
-
-      expect(result.ok).toBe(true)
-    })
-  })
-
-  describe('resolve-references endpoint', () => {
-    it('returns 403 when user lacks branch access', async () => {
-      const ctx = createMockApiContext({
-        branchContext: { ...branchContext, flatSchema: mockFlatSchema },
-        allowBranchAccess: false,
-      })
-      const req = { user: createMockUser() } as unknown as ApiRequest
-
-      const result = await RESOLVE_REFERENCES_ROUTES.post.handler(
-        ctx,
-        req,
-        { branch: unsafeAsBranchName('secret-branch') },
-        { ids: ['a1b2c3d4e5f6' as ContentId] },
-      )
-
-      expect(result.ok).toBe(false)
-      expect(result.status).toBe(403)
-    })
-  })
-
-  describe('getSchema endpoint', () => {
-    it('returns 403 when user lacks branch access', async () => {
-      const ctx = createMockApiContext({
-        branchContext: { ...branchContext, flatSchema: mockFlatSchema },
-        allowBranchAccess: false,
-        services: {
-          entrySchemaRegistry: { postSchema: [{ name: 'title', type: 'string' }] },
-        },
-      })
-      const req = { user: createMockUser() } as unknown as ApiRequest
-
-      const result = await getSchema.handler(ctx, req, {
-        branch: unsafeAsBranchName('secret-branch'),
-      })
-
-      expect(result.ok).toBe(false)
-      expect(result.status).toBe(403)
-    })
-  })
-
-  describe('getCollection endpoint', () => {
-    it('returns 403 when user lacks branch access', async () => {
-      const ctx = createMockApiContext({
-        branchContext: { ...branchContext, flatSchema: mockFlatSchema },
-        allowBranchAccess: false,
-      })
-      const req = { user: createMockUser() } as unknown as ApiRequest
-
-      const result = await getCollection.handler(ctx, req, {
-        branch: unsafeAsBranchName('secret-branch'),
-        collectionPath: unsafeAsLogicalPath('posts'),
-      })
-
-      expect(result.ok).toBe(false)
-      expect(result.status).toBe(403)
-    })
-  })
-})
-
-describe('Security: flatSchema null safety', () => {
-  it('returns 500 when flatSchema is not loaded', async () => {
-    const ctx = createMockApiContext({
-      branchContext: createMockBranchContext({ branchName: 'test' }),
-      allowBranchAccess: true,
-      services: {
-        entrySchemaRegistry: {},
-      },
-    })
-    // branchContext has no flatSchema property
-    const req = { user: createMockUser() } as unknown as ApiRequest
-
-    const result = await getSchema.handler(ctx, req, {
-      branch: unsafeAsBranchName('test'),
-    })
-
-    expect(result.ok).toBe(false)
-    expect(result.status).toBe(500)
-    expect(result.error).toContain('Schema not loaded')
-  })
-})
-
-describe('Security: Branch name validation', () => {
-  it('branchNameSchema rejects traversal attempts', async () => {
-    const { branchNameSchema } = await import('./validators')
-
-    const traversalAttempts = [
-      '../etc/passwd',
-      'branch/../escape',
-      'branch/...',
-      'branch@{evil}',
-      'branch name with spaces',
-    ]
-
-    for (const name of traversalAttempts) {
-      const result = branchNameSchema.safeParse(name)
-      expect(result.success, `Expected "${name}" to be rejected`).toBe(false)
-    }
-  })
-
-  it('branchNameSchema accepts valid branch names', async () => {
-    const { branchNameSchema } = await import('./validators')
-
-    const validNames = ['main', 'feature/test', 'fix-123', 'release/v1.0']
-
-    for (const name of validNames) {
-      const result = branchNameSchema.safeParse(name)
-      expect(result.success, `Expected "${name}" to be accepted`).toBe(true)
-    }
-  })
-})
-
-describe('Security: Double URL decoding protection', () => {
-  it('logicalPathSchema rejects traversal sequences', async () => {
-    const { logicalPathSchema } = await import('./validators')
-
-    const attacks = ['../etc/passwd', 'content/../../../etc/passwd', 'content/..%2F..%2Fetc']
-
-    for (const path of attacks) {
-      const result = logicalPathSchema.safeParse(path)
-      expect(result.success, `Expected "${path}" to be rejected`).toBe(false)
-    }
-  })
-})

package/src/api/settings-helpers.ts

@@ -1,84 +0,0 @@
-import type { ApiContext } from './types'
-import type { OperatingMode } from '../operating-mode'
-import { operatingStrategy } from '../operating-mode'
-
-/**
- * Get the appropriate root path for settings (permissions/groups).
- * In dev mode, returns the main branch root (.canopy-dev/settings/).
- * In prod/prod-sim modes, returns the settings root (settings/).
- */
-export async function getSettingsBranchContext(
-  ctx: ApiContext,
-): Promise<
-  | { context: { branchRoot: string }; mode: OperatingMode; branchName: string }
-  | { error: string; status: number }
-> {
-  const mode = ctx.services.config.mode
-  const strategy = operatingStrategy(mode)
-
-  // Determine which branch name to use (for git operations)
-  const branchName = strategy.getSettingsBranchName({
-    settingsBranch: ctx.services.config.settingsBranch,
-    defaultBaseBranch: ctx.services.config.defaultBaseBranch,
-  })
-
-  // For modes with separate settings branch, use settings root
-  if (strategy.usesSeparateSettingsBranch()) {
-    // Get settings root and ensure workspace exists
-    const settingsRoot = await ctx.services.getSettingsBranchRoot()
-    return {
-      context: { branchRoot: settingsRoot },
-      mode,
-      branchName,
-    }
-  }
-
-  // For dev mode, settings are stored in .canopy-dev/settings/
-  // We need to pass the workspace root, not a branch root
-  const workspaceRoot = ctx.services.config.sourceRoot ?? process.cwd()
-  return {
-    context: { branchRoot: workspaceRoot },
-    mode,
-    branchName,
-  }
-}
-
-/**
- * Commit and push settings changes based on the mode.
- * In dev mode, does nothing (no git operations).
- * In prod mode, uses commitToSettingsBranch.
- * In prod-sim mode, uses regular commitFiles.
- */
-export async function commitSettings(
-  ctx: ApiContext,
-  options: {
-    context: { branchRoot: string }
-    branchRoot: string
-    fileName: string
-    message: string
-    mode: OperatingMode
-  },
-): Promise<void> {
-  const strategy = operatingStrategy(options.mode)
-
-  // No git operations if mode doesn't support commits
-  if (!strategy.shouldCommit()) {
-    return
-  }
-
-  // For modes that use separate settings branch, commit to settings branch
-  if (strategy.usesSeparateSettingsBranch()) {
-    const result = await ctx.services.commitToSettingsBranch({
-      branchRoot: options.branchRoot,
-      files: options.fileName,
-      message: options.message,
-      createPR: strategy.shouldCreateSettingsPR({
-        autoCreateSettingsPR: ctx.services.config.autoCreateSettingsPR,
-      }),
-    })
-
-    if (!result.pushed) {
-      console.warn(`${options.message} committed but not pushed:`, result.error)
-    }
-  }
-}

package/src/api/types.ts

@@ -1,40 +0,0 @@
-import type { BranchContext } from '../types'
-import type { AuthPlugin } from '../auth/plugin'
-import type { CanopyServices } from '../services'
-import type { CanopyUser } from '../user'
-import type { AssetStore } from '../asset-store'
-
-export interface ApiContext {
-  services: CanopyServices
-  assetStore?: AssetStore
-  /**
-   * Load a branch context for the requested branch name.
-   * Can be backed by BranchRegistry + BranchMetadataFileManager.
-   *
-   * @param branchName - Name of the branch to load
-   * @param options - Optional configuration
-   * @param options.loadSchema - If true, loads per-branch schema into context.flatSchema
-   */
-  getBranchContext: (
-    branchName: string,
-    options?: { loadSchema?: boolean },
-  ) => Promise<BranchContext | null>
-  /**
-   * Auth plugin for user/group search (optional)
-   */
-  authPlugin?: AuthPlugin
-}
-
-export interface ApiRequest<TBody = unknown> {
-  branch?: string
-  body?: TBody
-  query?: Record<string, string | string[] | undefined>
-  user: CanopyUser
-}
-
-export interface ApiResponse<TData = unknown> {
-  ok: boolean
-  status: number
-  data?: TData
-  error?: string
-}

package/src/api/user.test.ts

@@ -1,127 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest'
-import type { ApiContext, ApiRequest } from './types'
-import type { CanopyUserId, CanopyGroupId } from '../types'
-import { USER_ROUTES } from './user'
-
-// Extract handler for testing
-const getUserInfo = USER_ROUTES.whoami.handler
-
-describe('user API', () => {
-  let mockContext: ApiContext
-
-  beforeEach(() => {
-    mockContext = {
-      services: {
-        config: {
-          defaultBaseBranch: 'main',
-          mode: 'dev',
-        },
-        checkBranchAccess: vi.fn(),
-        checkContentAccess: vi.fn(),
-        bootstrapAdminIds: new Set<string>(),
-        registry: undefined as any,
-        commitFiles: vi.fn(),
-        submitBranch: vi.fn(),
-      },
-      getBranchContext: vi.fn(),
-    } as unknown as ApiContext
-  })
-
-  describe('whoami', () => {
-    it('should return user info for authenticated user without groups', async () => {
-      const req: ApiRequest<undefined> = {
-        user: {
-          type: 'authenticated',
-          userId: 'user-1' as CanopyUserId,
-          groups: [],
-        },
-      }
-
-      const result = await getUserInfo(mockContext, req)
-
-      expect(result.ok).toBe(true)
-      expect(result.status).toBe(200)
-      expect(result.data).toEqual({
-        userId: 'user-1',
-        groups: [],
-      })
-    })
-
-    it('should return user info with multiple groups', async () => {
-      const req: ApiRequest<undefined> = {
-        user: {
-          type: 'authenticated',
-          userId: 'admin-user' as CanopyUserId,
-          groups: [
-            'admins' as CanopyGroupId,
-            'reviewers' as CanopyGroupId,
-            'editors' as CanopyGroupId,
-          ],
-        },
-      }
-
-      const result = await getUserInfo(mockContext, req)
-
-      expect(result.ok).toBe(true)
-      expect(result.status).toBe(200)
-      expect(result.data).toEqual({
-        userId: 'admin-user',
-        groups: ['admins', 'reviewers', 'editors'],
-      })
-    })
-
-    it('should return user info with single group', async () => {
-      const req: ApiRequest<undefined> = {
-        user: {
-          type: 'authenticated',
-          userId: 'reviewer-user' as CanopyUserId,
-          groups: ['reviewers' as CanopyGroupId],
-        },
-      }
-
-      const result = await getUserInfo(mockContext, req)
-
-      expect(result.ok).toBe(true)
-      expect(result.status).toBe(200)
-      expect(result.data).toEqual({
-        userId: 'reviewer-user',
-        groups: ['reviewers'],
-      })
-    })
-
-    it('should preserve exact user ID from request', async () => {
-      const req: ApiRequest<undefined> = {
-        user: {
-          type: 'authenticated',
-          userId: 'user-with-special-chars-123' as CanopyUserId,
-          groups: [],
-        },
-      }
-
-      const result = await getUserInfo(mockContext, req)
-
-      expect(result.ok).toBe(true)
-      expect(result.status).toBe(200)
-      expect(result.data?.userId).toBe('user-with-special-chars-123')
-    })
-
-    it('should return response with correct response type structure', async () => {
-      const req: ApiRequest<undefined> = {
-        user: {
-          type: 'authenticated',
-          userId: 'test-user' as CanopyUserId,
-          groups: ['test-group' as CanopyGroupId],
-        },
-      }
-
-      const result = await getUserInfo(mockContext, req)
-
-      // Verify ApiResponse structure
-      expect(result).toHaveProperty('ok')
-      expect(result).toHaveProperty('status')
-      expect(result).toHaveProperty('data')
-      expect(result.ok).toBe(true)
-      expect(result.status).toBe(200)
-    })
-  })
-})

package/src/api/user.ts

@@ -1,42 +0,0 @@
-import { defineEndpoint } from './route-builder'
-import type { ApiContext, ApiRequest, ApiResponse } from './types'
-
-export type UserInfoResponse = ApiResponse<{
-  userId: string
-  groups: string[]
-}>
-
-/**
- * Get current user info
- * This is a PUBLIC endpoint - no special permissions required
- */
-const getUserInfoHandler = async (ctx: ApiContext, req: ApiRequest): Promise<UserInfoResponse> => {
-  // Every authenticated request has req.user populated by the auth middleware
-  return {
-    ok: true,
-    status: 200,
-    data: {
-      userId: req.user.userId,
-      groups: req.user.groups as string[],
-    },
-  }
-}
-
-/**
- * Get current user information
- * GET /whoami
- */
-const getUserInfo = defineEndpoint({
-  namespace: 'user',
-  name: 'whoami',
-  method: 'GET',
-  path: '/whoami',
-  responseType: 'UserInfoResponse',
-  response: {} as UserInfoResponse,
-  defaultMockData: { userId: 'mock-user', groups: [] },
-  handler: getUserInfoHandler,
-})
-
-export const USER_ROUTES = {
-  whoami: getUserInfo,
-} as const