chadstart 1.0.4 → 1.0.6

package/test/email.test.js

@@ -0,0 +1,362 @@
+'use strict';
+
+const assert = require('assert');
+const { getEmailConfig, initEmail, interpolate, getEmailStatus, sendEmail, verifyConnection } = require('../core/email');
+const { validateSchema } = require('../core/schema-validator');
+const { buildCore } = require('../core/entity-engine');
+
+// Helper: set/restore env vars around a test
+function withEnv(vars, fn) {
+  const saved = {};
+  for (const [k, v] of Object.entries(vars)) {
+    saved[k] = process.env[k];
+    if (v === undefined) delete process.env[k]; else process.env[k] = v;
+  }
+  try { return fn(); } finally {
+    for (const [k, v] of Object.entries(saved)) {
+      if (v === undefined) delete process.env[k]; else process.env[k] = v;
+    }
+  }
+}
+
+// ── getEmailConfig ──────────────────────────────────────────────────────
+
+describe('getEmailConfig – disabled', () => {
+  it('returns null when no yaml and no env vars', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      assert.strictEqual(getEmailConfig(null), null);
+    });
+  });
+
+  it('returns null when yaml is empty object', () => {
+    withEnv({ SMTP_HOST: undefined }, () => {
+      assert.strictEqual(getEmailConfig({}), null);
+    });
+  });
+
+  it('returns null when yaml has no host', () => {
+    withEnv({ SMTP_HOST: undefined }, () => {
+      assert.strictEqual(getEmailConfig({ port: 587, from: 'test@test.com' }), null);
+    });
+  });
+});
+
+describe('getEmailConfig – enabled via yaml', () => {
+  it('returns config when host is provided in yaml', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig({ host: 'smtp.example.com' });
+      assert.ok(cfg);
+      assert.strictEqual(cfg.host, 'smtp.example.com');
+      assert.strictEqual(cfg.port, 587);
+      assert.strictEqual(cfg.user, '');
+      assert.strictEqual(cfg.pass, '');
+      assert.strictEqual(cfg.from, '');
+      assert.strictEqual(cfg.secure, false);
+    });
+  });
+
+  it('reads all yaml fields', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig({
+        host: 'smtp.example.com',
+        port: 465,
+        username: 'user@example.com',
+        from: 'App <noreply@example.com>',
+        secure: true,
+      });
+      assert.strictEqual(cfg.host, 'smtp.example.com');
+      assert.strictEqual(cfg.port, 465);
+      assert.strictEqual(cfg.user, 'user@example.com');
+      assert.strictEqual(cfg.from, 'App <noreply@example.com>');
+      assert.strictEqual(cfg.secure, true);
+    });
+  });
+
+  it('auto-detects secure=true for port 465', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig({ host: 'smtp.example.com', port: 465 });
+      assert.strictEqual(cfg.secure, true);
+    });
+  });
+
+  it('auto-detects secure=false for port 587', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig({ host: 'smtp.example.com', port: 587 });
+      assert.strictEqual(cfg.secure, false);
+    });
+  });
+
+  it('explicit secure overrides port-based auto-detection', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig({ host: 'smtp.example.com', port: 465, secure: false });
+      assert.strictEqual(cfg.secure, false);
+    });
+  });
+});
+
+describe('getEmailConfig – enabled via env vars', () => {
+  it('returns config when SMTP_HOST env var is set', () => {
+    withEnv({ SMTP_HOST: 'env-smtp.example.com', SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig(null);
+      assert.ok(cfg);
+      assert.strictEqual(cfg.host, 'env-smtp.example.com');
+    });
+  });
+
+  it('env vars override yaml values', () => {
+    withEnv({
+      SMTP_HOST: 'env-host.com',
+      SMTP_PORT: '465',
+      SMTP_USER: 'env-user',
+      SMTP_PASS: 'env-pass',
+      SMTP_FROM: 'Env <env@test.com>',
+    }, () => {
+      const cfg = getEmailConfig({
+        host: 'yaml-host.com',
+        port: 587,
+        username: 'yaml-user',
+        from: 'Yaml <yaml@test.com>',
+      });
+      assert.strictEqual(cfg.host, 'env-host.com');
+      assert.strictEqual(cfg.port, 465);
+      assert.strictEqual(cfg.user, 'env-user');
+      assert.strictEqual(cfg.pass, 'env-pass');
+      assert.strictEqual(cfg.from, 'Env <env@test.com>');
+    });
+  });
+
+  it('SMTP_PASS is only accepted from env var (not yaml)', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: 'secret123', SMTP_FROM: undefined }, () => {
+      const cfg = getEmailConfig({ host: 'smtp.example.com' });
+      assert.strictEqual(cfg.pass, 'secret123');
+    });
+  });
+});
+
+// ── interpolate ─────────────────────────────────────────────────────────
+
+describe('interpolate', () => {
+  it('replaces single variable', () => {
+    assert.strictEqual(interpolate('Hello {{name}}!', { name: 'World' }), 'Hello World!');
+  });
+
+  it('replaces multiple variables', () => {
+    const result = interpolate('{{appName}} - {{name}} ({{link}})', {
+      appName: 'My App',
+      name: 'Alice',
+      link: 'https://example.com/verify',
+    });
+    assert.strictEqual(result, 'My App - Alice (https://example.com/verify)');
+  });
+
+  it('replaces missing variables with empty string', () => {
+    assert.strictEqual(interpolate('Hello {{name}} at {{link}}', { name: 'Bob' }), 'Hello Bob at ');
+  });
+
+  it('handles empty template', () => {
+    assert.strictEqual(interpolate('', { name: 'test' }), '');
+  });
+
+  it('handles null/undefined template', () => {
+    assert.strictEqual(interpolate(null, { name: 'test' }), '');
+    assert.strictEqual(interpolate(undefined, { name: 'test' }), '');
+  });
+
+  it('handles template with no placeholders', () => {
+    assert.strictEqual(interpolate('No variables here', { name: 'test' }), 'No variables here');
+  });
+
+  it('handles repeated variables', () => {
+    assert.strictEqual(interpolate('{{x}} and {{x}}', { x: 'val' }), 'val and val');
+  });
+
+  it('only matches word characters in variable names', () => {
+    assert.strictEqual(interpolate('{{a-b}}', { 'a-b': 'nope' }), '{{a-b}}');
+  });
+});
+
+// ── initEmail / getEmailStatus ──────────────────────────────────────────
+
+describe('initEmail', () => {
+  afterEach(() => {
+    // Reset email state
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      initEmail(null);
+    });
+  });
+
+  it('returns null when not configured', () => {
+    withEnv({ SMTP_HOST: undefined }, () => {
+      const result = initEmail(null);
+      assert.strictEqual(result, null);
+    });
+  });
+
+  it('returns config metadata when configured', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      const result = initEmail({ host: 'smtp.example.com', port: 587, from: 'App <noreply@example.com>' });
+      assert.ok(result);
+      assert.strictEqual(result.host, 'smtp.example.com');
+      assert.strictEqual(result.port, 587);
+      assert.strictEqual(result.from, 'App <noreply@example.com>');
+    });
+  });
+
+  it('getEmailStatus returns configured: false when not initialized', () => {
+    withEnv({ SMTP_HOST: undefined }, () => {
+      initEmail(null);
+      const status = getEmailStatus();
+      assert.strictEqual(status.configured, false);
+    });
+  });
+
+  it('getEmailStatus returns metadata when initialized', () => {
+    withEnv({ SMTP_HOST: undefined, SMTP_PORT: undefined, SMTP_USER: undefined, SMTP_PASS: undefined, SMTP_FROM: undefined }, () => {
+      initEmail({ host: 'smtp.example.com', port: 587, from: 'App <noreply@example.com>' });
+      const status = getEmailStatus();
+      assert.strictEqual(status.configured, true);
+      assert.strictEqual(status.host, 'smtp.example.com');
+      assert.strictEqual(status.port, 587);
+      assert.strictEqual(status.from, 'App <noreply@example.com>');
+    });
+  });
+});
+
+// ── sendEmail (without real SMTP) ───────────────────────────────────────
+
+describe('sendEmail – not configured', () => {
+  before(() => {
+    withEnv({ SMTP_HOST: undefined }, () => { initEmail(null); });
+  });
+
+  it('throws when email is not configured', async () => {
+    await assert.rejects(
+      () => sendEmail({ to: 'test@test.com', subject: 'Test' }),
+      /Email is not configured/
+    );
+  });
+});
+
+describe('verifyConnection – not configured', () => {
+  before(() => {
+    withEnv({ SMTP_HOST: undefined }, () => { initEmail(null); });
+  });
+
+  it('returns failure when not configured', async () => {
+    const result = await verifyConnection();
+    assert.strictEqual(result.success, false);
+    assert.ok(result.message.includes('not configured'));
+  });
+});
+
+// ── Schema validation ────────────────────────────────────────────────────
+
+describe('schema: email', () => {
+  it('accepts config without email section', () => {
+    assert.strictEqual(validateSchema({ name: 'App' }), true);
+  });
+
+  it('accepts email with host only', () => {
+    assert.strictEqual(validateSchema({
+      name: 'App',
+      email: { host: 'smtp.example.com' },
+    }), true);
+  });
+
+  it('accepts email with all fields', () => {
+    assert.strictEqual(validateSchema({
+      name: 'App',
+      email: {
+        host: 'smtp.example.com',
+        port: 587,
+        username: 'user@example.com',
+        from: 'App <noreply@example.com>',
+        secure: false,
+      },
+    }), true);
+  });
+
+  it('accepts email with templates', () => {
+    assert.strictEqual(validateSchema({
+      name: 'App',
+      email: {
+        host: 'smtp.example.com',
+        templates: {
+          verification: {
+            subject: 'Verify {{appName}}',
+            text: 'Click {{link}}',
+            html: '<a href="{{link}}">Verify</a>',
+          },
+          passwordReset: {
+            subject: 'Reset {{appName}}',
+            text: 'Click {{link}}',
+          },
+        },
+      },
+    }), true);
+  });
+
+  it('accepts empty email object', () => {
+    assert.strictEqual(validateSchema({ name: 'App', email: {} }), true);
+  });
+
+  it('rejects unknown email key', () => {
+    assert.throws(() => validateSchema({
+      name: 'App',
+      email: { host: 'smtp.example.com', password: 'secret' },
+    }));
+  });
+
+  it('rejects email port as string', () => {
+    assert.throws(() => validateSchema({
+      name: 'App',
+      email: { host: 'smtp.example.com', port: '587' },
+    }));
+  });
+
+  it('rejects unknown template type', () => {
+    assert.throws(() => validateSchema({
+      name: 'App',
+      email: {
+        host: 'smtp.example.com',
+        templates: {
+          welcome: { subject: 'Hello' },
+        },
+      },
+    }));
+  });
+});
+
+// ── buildCore: email passthrough ─────────────────────────────────────────
+
+describe('buildCore: email passthrough', () => {
+  it('exposes email config when provided', () => {
+    const core = buildCore({
+      name: 'App',
+      email: { host: 'smtp.example.com', port: 587, from: 'App <noreply@example.com>' },
+    });
+    assert.ok(core.email);
+    assert.strictEqual(core.email.host, 'smtp.example.com');
+    assert.strictEqual(core.email.port, 587);
+    assert.strictEqual(core.email.from, 'App <noreply@example.com>');
+  });
+
+  it('sets email to null when not provided', () => {
+    const core = buildCore({ name: 'App' });
+    assert.strictEqual(core.email, null);
+  });
+
+  it('passes templates through', () => {
+    const core = buildCore({
+      name: 'App',
+      email: {
+        host: 'smtp.example.com',
+        templates: {
+          verification: { subject: 'Verify', text: 'Click {{link}}' },
+        },
+      },
+    });
+    assert.ok(core.email.templates);
+    assert.strictEqual(core.email.templates.verification.subject, 'Verify');
+  });
+});

package/test/logs.test.js

@@ -0,0 +1,239 @@
+'use strict';
+
+const assert = require('assert');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+const { buildCore } = require('../core/entity-engine');
+const dbModule = require('../core/db');
+const { initLogs, insertLog, queryLogs, cleanupOldLogs, requestLoggerMiddleware } = require('../core/logs');
+const { validateSchema } = require('../core/schema-validator');
+
+// ── Logs module ──────────────────────────────────────────────────────────
+
+describe('logs module', () => {
+  let tmpDb;
+  const core = buildCore({ name: 'LogTest', entities: { Widget: { properties: ['name'] } } });
+
+  before(async () => {
+    tmpDb = path.join(os.tmpdir(), `chadstart-logs-${Date.now()}.db`);
+    await dbModule.initDb(core, tmpDb);
+    await initLogs();
+  });
+
+  after(() => { try { fs.unlinkSync(tmpDb); } catch { /* noop */ } });
+
+  it('initLogs creates _cs_logs table', () => {
+    const tables = dbModule.getDb().prepare("SELECT name FROM sqlite_master WHERE type='table' AND name='_cs_logs'").all();
+    assert.ok(tables.length > 0, '_cs_logs table should exist');
+  });
+
+  it('insertLog inserts a record', async () => {
+    await insertLog({
+      method: 'GET',
+      path: '/api/collections/widgets',
+      statusCode: 200,
+      duration: 42,
+      ip: '127.0.0.1',
+    });
+    const result = await queryLogs();
+    assert.ok(result.data.length >= 1);
+    assert.strictEqual(result.data[0].method, 'GET');
+    assert.strictEqual(result.data[0].statusCode, 200);
+  });
+
+  it('insertLog with user info', async () => {
+    await insertLog({
+      method: 'POST',
+      path: '/api/auth/admin/login',
+      statusCode: 200,
+      duration: 100,
+      ip: '192.168.1.1',
+      userId: 'user-123',
+      userEntity: 'Admin',
+    });
+    const result = await queryLogs({ method: 'POST' });
+    const log = result.data.find((l) => l.userId === 'user-123');
+    assert.ok(log);
+    assert.strictEqual(log.userEntity, 'Admin');
+  });
+
+  it('queryLogs returns paginated results', async () => {
+    // Insert several logs
+    for (let i = 0; i < 5; i++) {
+      await insertLog({ method: 'GET', path: `/api/test/${i}`, statusCode: 200, duration: 10 });
+    }
+    const result = await queryLogs({}, { page: 1, perPage: 3 });
+    assert.ok(result.data.length <= 3);
+    assert.strictEqual(result.perPage, 3);
+    assert.strictEqual(result.currentPage, 1);
+    assert.ok(result.total >= 5);
+  });
+
+  it('queryLogs filters by method', async () => {
+    await insertLog({ method: 'DELETE', path: '/api/delete-test', statusCode: 204, duration: 5 });
+    const result = await queryLogs({ method: 'DELETE' });
+    assert.ok(result.data.length >= 1);
+    assert.ok(result.data.every((l) => l.method === 'DELETE'));
+  });
+
+  it('queryLogs filters by statusCode', async () => {
+    await insertLog({ method: 'GET', path: '/api/not-found', statusCode: 404, duration: 1 });
+    const result = await queryLogs({ statusCode: 404 });
+    assert.ok(result.data.length >= 1);
+    assert.ok(result.data.every((l) => l.statusCode === 404));
+  });
+
+  it('queryLogs filters by path', async () => {
+    await insertLog({ method: 'GET', path: '/api/collections/unique-path', statusCode: 200, duration: 1 });
+    const result = await queryLogs({ path: 'unique-path' });
+    assert.ok(result.data.length >= 1);
+    assert.ok(result.data.every((l) => l.path.includes('unique-path')));
+  });
+
+  it('queryLogs filters by date range', async () => {
+    const now = new Date();
+    const from = new Date(now - 60 * 1000).toISOString(); // 1 min ago
+    const to = new Date(now.getTime() + 60 * 1000).toISOString(); // 1 min ahead
+    const result = await queryLogs({ from, to });
+    assert.ok(result.data.length >= 1);
+  });
+
+  it('queryLogs respects order parameter', async () => {
+    const resultAsc = await queryLogs({}, { order: 'ASC' });
+    const resultDesc = await queryLogs({}, { order: 'DESC' });
+    if (resultAsc.data.length > 1 && resultDesc.data.length > 1) {
+      // ASC: oldest first, DESC: newest first
+      assert.ok(resultAsc.data[0].createdAt <= resultAsc.data[resultAsc.data.length - 1].createdAt);
+      assert.ok(resultDesc.data[0].createdAt >= resultDesc.data[resultDesc.data.length - 1].createdAt);
+    }
+  });
+
+  it('cleanupOldLogs removes old entries', async () => {
+    // Insert a log with a manually backdated createdAt
+    const oldDate = new Date(Date.now() - 60 * 24 * 60 * 60 * 1000).toISOString(); // 60 days ago
+    await dbModule.queryRun(
+      `INSERT INTO "_cs_logs" ("id","method","path","statusCode","duration","ip","createdAt") VALUES (?,?,?,?,?,?,?)`,
+      ['old-log-id', 'GET', '/api/old', 200, 1, '127.0.0.1', oldDate]
+    );
+
+    // Verify it exists
+    const before = await dbModule.queryOne(
+      `SELECT * FROM "_cs_logs" WHERE "id" = ?`, ['old-log-id']
+    );
+    assert.ok(before);
+
+    // Cleanup logs older than 30 days
+    await cleanupOldLogs(30);
+
+    // Verify it's been deleted
+    const after = await dbModule.queryOne(
+      `SELECT * FROM "_cs_logs" WHERE "id" = ?`, ['old-log-id']
+    );
+    assert.ok(!after);
+  });
+
+  it('cleanupOldLogs keeps recent entries', async () => {
+    const beforeCount = (await queryLogs()).total;
+    await cleanupOldLogs(30);
+    const afterCount = (await queryLogs()).total;
+    // Recent entries should not be deleted
+    assert.ok(afterCount >= 1);
+  });
+
+  it('cleanupOldLogs with 0 days does nothing', async () => {
+    const beforeCount = (await queryLogs()).total;
+    const deleted = await cleanupOldLogs(0);
+    assert.strictEqual(deleted, 0);
+    const afterCount = (await queryLogs()).total;
+    assert.strictEqual(beforeCount, afterCount);
+  });
+});
+
+// ── requestLoggerMiddleware ──────────────────────────────────────────────
+
+describe('requestLoggerMiddleware', () => {
+  it('returns a function', () => {
+    const mw = requestLoggerMiddleware();
+    assert.strictEqual(typeof mw, 'function');
+  });
+
+  it('calls next()', (done) => {
+    const mw = requestLoggerMiddleware();
+    const mockReq = { method: 'GET', path: '/api/test', originalUrl: '/api/test', ip: '127.0.0.1', connection: {} };
+    const mockRes = {
+      statusCode: 200,
+      end: function (...args) {
+        // original end
+      },
+    };
+    mw(mockReq, mockRes, done);
+  });
+
+  it('skips excluded paths', (done) => {
+    const mw = requestLoggerMiddleware({ exclude: ['/health'] });
+    const mockReq = { method: 'GET', path: '/health', originalUrl: '/health', ip: '127.0.0.1' };
+    const mockRes = { statusCode: 200 };
+    mw(mockReq, mockRes, done);
+  });
+
+  it('skips excluded path prefixes', (done) => {
+    const mw = requestLoggerMiddleware({ exclude: ['/admin/vendor'] });
+    const mockReq = { method: 'GET', path: '/admin/vendor/htmx.min.js', originalUrl: '/admin/vendor/htmx.min.js' };
+    const mockRes = { statusCode: 200 };
+    mw(mockReq, mockRes, done);
+  });
+});
+
+// ── Schema validation ───────────────────────────────────────────────────
+
+describe('schema: logs', () => {
+  it('accepts config without logs section', () => {
+    assert.strictEqual(validateSchema({ name: 'App' }), true);
+  });
+
+  it('accepts logs with retention', () => {
+    assert.strictEqual(validateSchema({ name: 'App', logs: { retention: 7 } }), true);
+  });
+
+  it('accepts logs with exclude array', () => {
+    assert.strictEqual(validateSchema({
+      name: 'App',
+      logs: { exclude: ['/health', '/admin/vendor'] },
+    }), true);
+  });
+
+  it('accepts empty logs object', () => {
+    assert.strictEqual(validateSchema({ name: 'App', logs: {} }), true);
+  });
+
+  it('rejects unknown logs key', () => {
+    assert.throws(() => validateSchema({
+      name: 'App',
+      logs: { verbose: true },
+    }));
+  });
+
+  it('rejects retention as string', () => {
+    assert.throws(() => validateSchema({
+      name: 'App',
+      logs: { retention: '30' },
+    }));
+  });
+});
+
+// ── buildCore: logs passthrough ─────────────────────────────────────────
+
+describe('buildCore: logs passthrough', () => {
+  it('exposes logs config when provided', () => {
+    const core = buildCore({ name: 'App', logs: { retention: 7, exclude: ['/health'] } });
+    assert.ok(core.logs);
+    assert.strictEqual(core.logs.retention, 7);
+    assert.deepStrictEqual(core.logs.exclude, ['/health']);
+  });
+
+  it('sets logs to null when not provided', () => {
+    const core = buildCore({ name: 'App' });
+    assert.strictEqual(core.logs, null);
+  });
+});