chadstart 1.0.0

package/test/upload.test.js

@@ -0,0 +1,265 @@
+'use strict';
+
+const assert = require('assert');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+const { buildCore } = require('../core/entity-engine');
+const {
+  getBaseUrl,
+  getMonthFolder,
+  isS3Configured,
+  sanitizeFilename,
+  generateUniquePrefix,
+  saveLocally,
+  getImageOptions,
+} = require('../core/upload');
+
+describe('upload helpers', () => {
+  it('getMonthFolder returns correct format', () => {
+    const result = getMonthFolder(new Date(2024, 9, 1)); // October 2024
+    assert.strictEqual(result, 'Oct2024');
+  });
+
+  it('getMonthFolder uses current date when no arg provided', () => {
+    const result = getMonthFolder();
+    const now = new Date();
+    const months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
+    assert.ok(result.startsWith(months[now.getMonth()]));
+    assert.ok(result.endsWith(String(now.getFullYear())));
+  });
+
+  it('getBaseUrl uses BASE_URL env var when set', () => {
+    const orig = process.env.BASE_URL;
+    process.env.BASE_URL = 'https://example.com';
+    const url = getBaseUrl({ port: 3000 });
+    if (orig === undefined) delete process.env.BASE_URL; else process.env.BASE_URL = orig;
+    assert.strictEqual(url, 'https://example.com');
+  });
+
+  it('getBaseUrl defaults to localhost with port', () => {
+    const orig = process.env.BASE_URL;
+    delete process.env.BASE_URL;
+    const url = getBaseUrl({ port: 4000 });
+    if (orig !== undefined) process.env.BASE_URL = orig;
+    assert.strictEqual(url, 'http://localhost:4000');
+  });
+
+  it('isS3Configured returns false when env vars are absent', () => {
+    const vars = ['S3_BUCKET', 'S3_ENDPOINT', 'S3_REGION', 'S3_ACCESS_KEY_ID', 'S3_SECRET_ACCESS_KEY'];
+    const saved = {};
+    vars.forEach((v) => { saved[v] = process.env[v]; delete process.env[v]; });
+    const result = isS3Configured();
+    vars.forEach((v) => { if (saved[v] !== undefined) process.env[v] = saved[v]; });
+    assert.strictEqual(result, false);
+  });
+
+  it('isS3Configured returns true when all S3 env vars are set', () => {
+    const vars = ['S3_BUCKET', 'S3_ENDPOINT', 'S3_REGION', 'S3_ACCESS_KEY_ID', 'S3_SECRET_ACCESS_KEY'];
+    const saved = {};
+    vars.forEach((v) => { saved[v] = process.env[v]; process.env[v] = 'test-value'; });
+    const result = isS3Configured();
+    vars.forEach((v) => { if (saved[v] !== undefined) process.env[v] = saved[v]; else delete process.env[v]; });
+    assert.strictEqual(result, true);
+  });
+
+  it('isS3Configured returns false when only some S3 vars are set', () => {
+    const vars = ['S3_BUCKET', 'S3_ENDPOINT', 'S3_REGION', 'S3_ACCESS_KEY_ID', 'S3_SECRET_ACCESS_KEY'];
+    const saved = {};
+    vars.forEach((v) => { saved[v] = process.env[v]; delete process.env[v]; });
+    process.env.S3_BUCKET = 'my-bucket';
+    const result = isS3Configured();
+    vars.forEach((v) => { if (saved[v] !== undefined) process.env[v] = saved[v]; else delete process.env[v]; });
+    assert.strictEqual(result, false);
+  });
+
+  it('sanitizeFilename strips directory traversal', () => {
+    assert.strictEqual(sanitizeFilename('../../../etc/passwd'), 'passwd');
+  });
+
+  it('sanitizeFilename replaces spaces and special chars', () => {
+    const safe = sanitizeFilename('my file (1).pdf');
+    assert.ok(!/[ ()]/.test(safe));
+  });
+
+  it('sanitizeFilename replaces leading dots', () => {
+    const safe = sanitizeFilename('.hidden');
+    assert.ok(!safe.startsWith('.'));
+  });
+
+  it('sanitizeFilename preserves safe characters', () => {
+    assert.strictEqual(sanitizeFilename('my-file_01.pdf'), 'my-file_01.pdf');
+  });
+
+  it('generateUniquePrefix returns a non-empty string', () => {
+    const prefix = generateUniquePrefix();
+    assert.ok(typeof prefix === 'string' && prefix.length > 0);
+  });
+
+  it('generateUniquePrefix returns different values each call', () => {
+    const a = generateUniquePrefix();
+    const b = generateUniquePrefix();
+    assert.notStrictEqual(a, b);
+  });
+
+  it('saveLocally creates directory and writes file', () => {
+    const dir = path.join(os.tmpdir(), `upload-test-${Date.now()}`);
+    const filename = 'test.txt';
+    const content = Buffer.from('hello world');
+    saveLocally(content, dir, filename);
+    const dest = path.join(dir, filename);
+    assert.ok(fs.existsSync(dest));
+    assert.strictEqual(fs.readFileSync(dest, 'utf8'), 'hello world');
+    fs.rmSync(dir, { recursive: true, force: true });
+  });
+
+  it('saveLocally creates nested directories', () => {
+    const dir = path.join(os.tmpdir(), `upload-nested-${Date.now()}`, 'a', 'b', 'c');
+    saveLocally(Buffer.from('x'), dir, 'f.txt');
+    assert.ok(fs.existsSync(path.join(dir, 'f.txt')));
+    fs.rmSync(path.join(os.tmpdir(), path.relative(os.tmpdir(), dir).split(path.sep)[0]), { recursive: true, force: true });
+  });
+
+  it('getImageOptions defaults: compress=true, quality=80, sizes=null', () => {
+    const core = buildCore({ name: 'App', entities: {} });
+    const opts = getImageOptions(core, 'cats', 'avatar');
+    assert.strictEqual(opts.compress, true);
+    assert.strictEqual(opts.quality, 80);
+    assert.strictEqual(opts.sizes, null);
+  });
+
+  it('getImageOptions: compress=false disables compression', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { Cat: { properties: [{ name: 'avatar', type: 'image', options: { compress: false } }] } },
+    });
+    const opts = getImageOptions(core, 'Cat', 'avatar');
+    assert.strictEqual(opts.compress, false);
+    assert.strictEqual(opts.quality, 80);
+    assert.strictEqual(opts.sizes, null);
+  });
+
+  it('getImageOptions: custom quality is respected', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { Cat: { properties: [{ name: 'avatar', type: 'image', options: { quality: 60 } }] } },
+    });
+    const opts = getImageOptions(core, 'Cat', 'avatar');
+    assert.strictEqual(opts.compress, true);
+    assert.strictEqual(opts.quality, 60);
+  });
+
+  it('getImageOptions: sizes enables resize mode', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { Cat: { properties: [{ name: 'avatar', type: 'image', options: { sizes: { small: [40, 40], large: [400, 400] } } }] } },
+    });
+    const opts = getImageOptions(core, 'Cat', 'avatar');
+    assert.deepStrictEqual(opts.sizes, { small: [40, 40], large: [400, 400] });
+    assert.strictEqual(opts.compress, true);
+  });
+
+  it('getImageOptions: no sizes when not configured', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { Cat: { properties: [{ name: 'avatar', type: 'image' }] } },
+    });
+    const opts = getImageOptions(core, 'Cat', 'avatar');
+    assert.strictEqual(opts.sizes, null);
+  });
+
+  it('getImageOptions looks up by entity tableName', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { BlogPost: { properties: [{ name: 'cover', type: 'image', options: { sizes: { thumb: [100, 100] }, quality: 70 } }] } },
+    });
+    const opts = getImageOptions(core, 'blog_post', 'cover');
+    assert.deepStrictEqual(opts.sizes, { thumb: [100, 100] });
+    assert.strictEqual(opts.quality, 70);
+  });
+});
+
+describe('upload – sharp integration', () => {
+  const SAMPLE_PNG_B64 =
+    'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAACXBIWXMAAAPoAAAD6AG1e1JrAAAADElEQVR4nGP4z8AAAAMBAQDJ/pLvAAAAAElFTkSuQmCC';
+
+  it('sharp compresses a PNG to JPEG at quality 80 (default)', async () => {
+    const sharp = require('sharp');
+    const input = Buffer.from(SAMPLE_PNG_B64, 'base64');
+    const output = await sharp(input).jpeg({ quality: 80 }).toBuffer();
+    const meta = await sharp(output).metadata();
+    assert.strictEqual(meta.format, 'jpeg');
+  });
+
+  it('sharp compresses a PNG to JPEG at custom quality', async () => {
+    const sharp = require('sharp');
+    const input = Buffer.from(SAMPLE_PNG_B64, 'base64');
+    const q60 = await sharp(input).jpeg({ quality: 60 }).toBuffer();
+    const q90 = await sharp(input).jpeg({ quality: 90 }).toBuffer();
+    const metaQ60 = await sharp(q60).metadata();
+    const metaQ90 = await sharp(q90).metadata();
+    assert.strictEqual(metaQ60.format, 'jpeg');
+    assert.strictEqual(metaQ90.format, 'jpeg');
+  });
+
+  it('sharp resizes a 1x1 PNG to specified dimensions with quality', async () => {
+    const sharp = require('sharp');
+    const input = Buffer.from(SAMPLE_PNG_B64, 'base64');
+    const output = await sharp(input).resize(80, 80, { fit: 'cover' }).jpeg({ quality: 80 }).toBuffer();
+    const meta = await sharp(output).metadata();
+    assert.strictEqual(meta.width, 80);
+    assert.strictEqual(meta.height, 80);
+    assert.strictEqual(meta.format, 'jpeg');
+  });
+
+  it('sharp resize with quality:100 produces valid JPEG', async () => {
+    const sharp = require('sharp');
+    const input = Buffer.from(SAMPLE_PNG_B64, 'base64');
+    const output = await sharp(input).resize(160, 160, { fit: 'cover' }).jpeg({ quality: 100 }).toBuffer();
+    const meta = await sharp(output).metadata();
+    assert.strictEqual(meta.width, 160);
+    assert.strictEqual(meta.height, 160);
+    assert.strictEqual(meta.format, 'jpeg');
+  });
+});
+
+describe('upload – route content-type check', () => {
+  it('/api/upload/file rejects non-multipart requests', () => {
+    const contentType = 'application/json';
+    const isMultipart = contentType.includes('multipart/form-data');
+    assert.strictEqual(isMultipart, false);
+  });
+
+  it('file path format: prefix-filename in month folder', () => {
+    const prefix = 'abc123';
+    const safeName = sanitizeFilename('my-contract.pdf');
+    const finalName = `${prefix}-${safeName}`;
+    const month = getMonthFolder(new Date(2024, 9, 1));
+    const relPath = `storage/invoices/contract/${month}/${finalName}`;
+    assert.strictEqual(relPath, 'storage/invoices/contract/Oct2024/abc123-my-contract.pdf');
+  });
+
+  it('image path format (no sizes): prefix-basename.jpg in month folder', () => {
+    const prefix = 'abc123';
+    const month = getMonthFolder(new Date(2024, 9, 1));
+    const baseName = path.basename(sanitizeFilename('my-photo.png'), '.png');
+    const finalName = `${prefix}-${baseName}.jpg`;
+    assert.strictEqual(finalName, 'abc123-my-photo.jpg');
+    assert.ok(`storage/cats/avatar/${month}/${finalName}`.includes('Oct2024'));
+  });
+
+  it('image path format (with sizes): prefix-sizeName.jpg in month folder', () => {
+    const prefix = 'xyz789';
+    const month = getMonthFolder(new Date(2024, 9, 1));
+    const thumbName = `${prefix}-thumbnail.jpg`;
+    assert.ok(thumbName.endsWith('-thumbnail.jpg'));
+    assert.ok(`storage/cats/avatar/${month}/${thumbName}`.includes('Oct2024'));
+  });
+
+  it('image path format (compress disabled): prefix-original-name preserved', () => {
+    const prefix = 'def456';
+    const originalName = sanitizeFilename('photo.png');
+    const finalName = `${prefix}-${originalName}`;
+    assert.strictEqual(finalName, 'def456-photo.png');
+  });
+});

package/test/validation.test.js

@@ -0,0 +1,96 @@
+'use strict';
+
+const assert = require('assert');
+const { validateBody, applyDefaults, hideHiddenProps } = require('../core/api-generator');
+
+describe('validation', () => {
+  it('validates required', () => {
+    assert.ok(validateBody({}, { properties: [{ name: 't', type: 'string' }], validation: { t: { required: true } } }).errors);
+  });
+  it('validates minLength', () => {
+    assert.ok(validateBody({ n: 'ab' }, { properties: [{ name: 'n', type: 'string' }], validation: { n: { minLength: 3 } } }).errors);
+  });
+  it('passes valid data', () => {
+    assert.strictEqual(validateBody({ n: 'Alice' }, { properties: [{ name: 'n', type: 'string' }], validation: { n: { minLength: 3 } } }).errors, null);
+  });
+  it('validates min/max', () => {
+    assert.ok(validateBody({ age: 50 }, { properties: [{ name: 'age', type: 'number' }], validation: { age: { max: 30 } } }).errors);
+  });
+  it('isOptional skips undefined', () => {
+    assert.strictEqual(validateBody({}, { properties: [{ name: 'e', type: 'email' }], validation: { e: { isOptional: true, contains: '@co.com' } } }).errors, null);
+  });
+  it('validates contains', () => {
+    assert.ok(validateBody({ e: 'john@gmail.com' }, { properties: [{ name: 'e', type: 'email' }], validation: { e: { contains: '@co.com' } } }).errors);
+  });
+
+  const validators = [
+    ['isAlpha',        { isAlpha: true },          { n: 'abc123' },      { n: 'abc' }],
+    ['isAlphanumeric', { isAlphanumeric: true },    { n: 'abc!@#' },      { n: 'abc123' }],
+    ['isAscii',        { isAscii: true },           { n: 'héllo' },       { n: 'hello' }],
+    ['isJSON',         { isJSON: true },            { n: 'not json' },    { n: '{"a":1}' }],
+    ['isDefined',      { isDefined: true },         {},                   { n: '' }],
+    ['isEmpty',        { isEmpty: true },           { n: 'x' },           { n: '' }],
+    ['isIn',           { isIn: ['a', 'b'] },        { n: 'c' },           { n: 'a' }],
+    ['isNotIn',        { isNotIn: ['a', 'b'] },     { n: 'a' },           { n: 'c' }],
+    ['notContains',    { notContains: 'world' },    { n: 'hello world' }, { n: 'hello' }],
+    ['equals',         { equals: 'b' },             { n: 'a' },           { n: 'b' }],
+    ['notEquals',      { notEquals: 'b' },          { n: 'b' },           { n: 'c' }],
+    ['matches',        { matches: '^[0-9]+$' },     { n: 'hello' },       { n: '123' }],
+  ];
+
+  for (const [label, ruleObj, bad, good] of validators) {
+    it(`validates ${label}`, () => {
+      const ent = { properties: [{ name: 'n', type: 'string' }], validation: { n: ruleObj } };
+      assert.ok(validateBody(bad, ent).errors, `${label}: invalid input should fail`);
+      assert.strictEqual(validateBody(good, ent).errors, null, `${label}: valid input should pass`);
+    });
+  }
+});
+
+describe('validation – additional validators', () => {
+  it('validates isEmail', () => {
+    const ent = { properties: [{ name: 'e', type: 'email' }], validation: { e: { isEmail: true } } };
+    assert.ok(validateBody({ e: 'not-an-email' }, ent).errors, 'invalid email should fail');
+    assert.strictEqual(validateBody({ e: 'user@example.com' }, ent).errors, null);
+  });
+
+  it('validates isMimeType', () => {
+    const ent = { properties: [{ name: 'm', type: 'string' }], validation: { m: { isMimeType: true } } };
+    assert.ok(validateBody({ m: 'not a mime type' }, ent).errors, 'invalid mime type should fail');
+    assert.strictEqual(validateBody({ m: 'image/png' }, ent).errors, null);
+  });
+
+  it('validates maxLength', () => {
+    const ent = { properties: [{ name: 'n', type: 'string' }], validation: { n: { maxLength: 5 } } };
+    assert.ok(validateBody({ n: 'toolongstring' }, ent).errors, 'too long should fail');
+    assert.strictEqual(validateBody({ n: 'ok' }, ent).errors, null);
+  });
+
+  it('validates isNotEmpty', () => {
+    const ent = { properties: [{ name: 'n', type: 'string' }], validation: { n: { isNotEmpty: true } } };
+    assert.ok(validateBody({ n: '' }, ent).errors, 'empty string should fail');
+    assert.strictEqual(validateBody({ n: 'hello' }, ent).errors, null);
+  });
+});
+
+describe('hidden properties & defaults', () => {
+  it('hideHiddenProps removes hidden fields', () => {
+    const entity = { properties: [{ name: 'title', type: 'string', hidden: false }, { name: 'secret', type: 'string', hidden: true }] };
+    const result = hideHiddenProps({ id: '1', title: 'Hi', secret: 'shhh' }, entity);
+    assert.strictEqual(result.title, 'Hi');
+    assert.ok(!('secret' in result));
+  });
+
+  it('applyDefaults fills missing with defaults', () => {
+    const entity = { properties: [{ name: 'status', type: 'string', default: 'draft' }, { name: 'title', type: 'string' }] };
+    const result = applyDefaults({ title: 'Hello' }, entity);
+    assert.strictEqual(result.status, 'draft');
+    assert.strictEqual(result.title, 'Hello');
+  });
+
+  it('applyDefaults does not override existing values', () => {
+    const entity = { properties: [{ name: 'status', type: 'string', default: 'draft' }] };
+    const result = applyDefaults({ status: 'published' }, entity);
+    assert.strictEqual(result.status, 'published');
+  });
+});

package/test/yaml-loader.test.js

@@ -0,0 +1,93 @@
+'use strict';
+
+const assert = require('assert');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+const { loadYaml, saveYaml } = require('../core/yaml-loader');
+
+describe('yaml-loader', () => {
+  it('loads chadstart.yaml', () => {
+    const config = loadYaml(path.resolve(__dirname, '..', 'chadstart.yaml'));
+    assert.strictEqual(config.name, 'Blog');
+    assert.ok(config.entities.Admin.authenticable);
+    assert.ok(config.entities.Post);
+  });
+
+  it('throws on missing file', () => assert.throws(() => loadYaml('/nonexistent'), /not found/i));
+
+  describe('saveYaml', () => {
+    let tmpFile;
+
+    beforeEach(() => {
+      tmpFile = path.join(os.tmpdir(), `chadstart-test-${Date.now()}.yaml`);
+    });
+
+    afterEach(() => {
+      if (fs.existsSync(tmpFile)) fs.unlinkSync(tmpFile);
+    });
+
+    it('creates a new YAML file when the file does not exist', () => {
+      const config = { name: 'TestApp', port: 4000 };
+      saveYaml(tmpFile, config);
+      assert.ok(fs.existsSync(tmpFile));
+      const saved = loadYaml(tmpFile);
+      assert.strictEqual(saved.name, 'TestApp');
+      assert.strictEqual(saved.port, 4000);
+    });
+
+    it('updates an existing YAML file and preserves values', () => {
+      const original = { name: 'Original', port: 3000, entities: { User: { authenticable: true, properties: ['name'] } } };
+      saveYaml(tmpFile, original);
+
+      const updated = { name: 'Updated', port: 5000, entities: { User: { authenticable: true, properties: ['name', 'email'] } } };
+      saveYaml(tmpFile, updated);
+
+      const saved = loadYaml(tmpFile);
+      assert.strictEqual(saved.name, 'Updated');
+      assert.strictEqual(saved.port, 5000);
+      assert.ok(saved.entities.User);
+    });
+
+    it('removes keys no longer present in the new config', () => {
+      saveYaml(tmpFile, { name: 'App', port: 3000, database: 'data/db.sqlite' });
+      saveYaml(tmpFile, { name: 'App', port: 3000 });
+      const saved = loadYaml(tmpFile);
+      assert.strictEqual(saved.database, undefined);
+    });
+
+    it('round-trips complex entity config correctly', () => {
+      const config = {
+        name: 'Blog',
+        port: 3000,
+        entities: {
+          Post: {
+            properties: ['title', { name: 'content', type: 'text' }],
+            policies: { read: [{ access: 'public' }], create: [{ access: 'restricted', allow: 'Admin' }] },
+          },
+        },
+      };
+      saveYaml(tmpFile, config);
+      const saved = loadYaml(tmpFile);
+      assert.strictEqual(saved.name, 'Blog');
+      assert.ok(saved.entities.Post);
+      assert.strictEqual(saved.entities.Post.policies.read[0].access, 'public');
+      assert.strictEqual(saved.entities.Post.policies.create[0].allow, 'Admin');
+    });
+
+    it('preserves YAML comments in unchanged top-level sections', () => {
+      const originalYaml = '# Application name\nname: Blog\n\n# Server port\nport: 3000\n';
+      fs.writeFileSync(tmpFile, originalYaml, 'utf8');
+
+      saveYaml(tmpFile, { name: 'Blog', port: 4000 });
+
+      const raw = fs.readFileSync(tmpFile, 'utf8');
+      assert.ok(raw.includes('# Application name'), 'Comment on name should be preserved');
+      assert.ok(raw.includes('# Server port'), 'Comment on port should be preserved');
+
+      // Verify the value was actually updated
+      const saved = loadYaml(tmpFile);
+      assert.strictEqual(saved.port, 4000);
+    });
+  });
+});

package/utils/logger.js

@@ -0,0 +1,24 @@
+'use strict';
+
+const LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
+const currentLevel = LEVELS[process.env.LOG_LEVEL] ?? LEVELS.info;
+
+function log(level, ...args) {
+  if (LEVELS[level] < currentLevel) return;
+  const ts = new Date().toISOString();
+  const prefix = `[${ts}] [${level.toUpperCase()}]`;
+  if (level === 'error') {
+    console.error(prefix, ...args);
+  } else if (level === 'warn') {
+    console.warn(prefix, ...args);
+  } else {
+    console.log(prefix, ...args);
+  }
+}
+
+module.exports = {
+  debug: (...args) => log('debug', ...args),
+  info: (...args) => log('info', ...args),
+  warn: (...args) => log('warn', ...args),
+  error: (...args) => log('error', ...args),
+};