npm - insforge - Versions diffs - 0.3.2 → 1.2.10 - Mend

insforge 0.3.2 → 1.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/backend/tests/unit/email.test.ts ADDED Viewed

@@ -0,0 +1,372 @@
+import { EmailService } from '../../src/core/email/email';
+import { AppError } from '../../src/api/middleware/error';
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import axios from 'axios';
+import jwt from 'jsonwebtoken';
+// Mock dependencies
+vi.mock('axios');
+vi.mock('jsonwebtoken');
+vi.mock('../../src/utils/logger', () => ({
+  default: {
+    info: vi.fn(),
+    error: vi.fn(),
+    warn: vi.fn(),
+  },
+}));
+vi.mock('../../src/app.config', () => ({
+  config: {
+    app: {
+      jwtSecret: 'test-jwt-secret',
+    },
+    cloud: {
+      projectId: 'test-project-123',
+      apiHost: 'https://api.test.com',
+    },
+  },
+}));
+describe('EmailService', () => {
+  let emailService: EmailService;
+  const oldEnv = process.env;
+  beforeEach(async () => {
+    // Reset all mocks
+    vi.resetAllMocks();
+    // Mock config values
+    const { config } = await import('../../src/app.config');
+    config.cloud.projectId = 'test-project-123';
+    config.app.jwtSecret = 'test-jwt-secret';
+    config.cloud.apiHost = 'https://api.test.com';
+    // Get fresh instance
+    emailService = EmailService.getInstance();
+    // Default mock for jwt.sign
+    (jwt.sign as unknown as ReturnType<typeof vi.fn>).mockReturnValue('mocked-jwt-token');
+  });
+  afterEach(() => {
+    process.env = oldEnv;
+  });
+  describe('getInstance', () => {
+    it('returns singleton instance', () => {
+      const instance1 = EmailService.getInstance();
+      const instance2 = EmailService.getInstance();
+      expect(instance1).toBe(instance2);
+    });
+  });
+  describe('sendWithTemplate', () => {
+    it('successfully sends email with verification code template', async () => {
+      vi.mocked(axios.post).mockResolvedValue({
+        data: { success: true },
+      });
+      await emailService.sendWithTemplate(
+        'user@example.com',
+        'John Doe',
+        'email-verification-code',
+        { token: '123456' }
+      );
+      expect(jwt.sign).toHaveBeenCalledWith({ sub: 'test-project-123' }, 'test-jwt-secret', {
+        expiresIn: '10m',
+      });
+      expect(axios.post).toHaveBeenCalledWith(
+        'https://api.test.com/email/v1/test-project-123/send-with-template',
+        {
+          email: 'user@example.com',
+          name: 'John Doe',
+          template: 'email-verification-code',
+          variables: { token: '123456' },
+        },
+        {
+          headers: {
+            'Content-Type': 'application/json',
+            sign: 'mocked-jwt-token',
+          },
+          timeout: 10000,
+        }
+      );
+    });
+    it('successfully sends email with verification link template', async () => {
+      vi.mocked(axios.post).mockResolvedValue({
+        data: { success: true },
+      });
+      await emailService.sendWithTemplate(
+        'user@example.com',
+        'John Doe',
+        'email-verification-link',
+        { magic_link: 'https://example.com/verify?token=abc123' }
+      );
+      expect(axios.post).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({
+          template: 'email-verification-link',
+          variables: { magic_link: 'https://example.com/verify?token=abc123' },
+        }),
+        expect.any(Object)
+      );
+    });
+    it('successfully sends email with reset-password code template', async () => {
+      vi.mocked(axios.post).mockResolvedValue({
+        data: { success: true },
+      });
+      await emailService.sendWithTemplate('user@example.com', 'Jane Smith', 'reset-password-code', {
+        token: 'reset123',
+      });
+      expect(axios.post).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({
+          template: 'reset-password-code',
+          variables: { token: 'reset123' },
+        }),
+        expect.any(Object)
+      );
+    });
+    it('successfully sends email with reset-password link template', async () => {
+      vi.mocked(axios.post).mockResolvedValue({
+        data: { success: true },
+      });
+      await emailService.sendWithTemplate('user@example.com', 'Jane Smith', 'reset-password-link', {
+        magic_link: 'https://example.com/reset?token=xyz789',
+      });
+      expect(axios.post).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({
+          template: 'reset-password-link',
+          variables: { magic_link: 'https://example.com/reset?token=xyz789' },
+        }),
+        expect.any(Object)
+      );
+    });
+    it('throws error if PROJECT_ID is not configured', async () => {
+      const { config } = await import('../../src/app.config');
+      config.cloud.projectId = 'local';
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow(AppError);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('PROJECT_ID is not configured');
+      // Reset for other tests
+      config.cloud.projectId = 'test-project-123';
+    });
+    it('throws error if JWT_SECRET is not configured', async () => {
+      const { config } = await import('../../src/app.config');
+      config.app.jwtSecret = '';
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow(AppError);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('JWT_SECRET is not configured');
+      // Reset for other tests
+      config.app.jwtSecret = 'test-jwt-secret';
+    });
+    it('throws error if required parameters are missing', async () => {
+      await expect(
+        emailService.sendWithTemplate('', 'John', 'email-verification-code')
+      ).rejects.toThrow('Missing required parameters');
+      await expect(
+        emailService.sendWithTemplate('user@example.com', '', 'email-verification-code')
+      ).rejects.toThrow('Missing required parameters');
+    });
+    it('throws error for invalid template type', async () => {
+      await expect(
+        emailService.sendWithTemplate(
+          'user@example.com',
+          'John',
+          '123456',
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          'invalid-template' as any
+        )
+      ).rejects.toThrow('Invalid template type');
+    });
+    it('throws error if cloud service returns unsuccessful response', async () => {
+      vi.mocked(axios.post).mockResolvedValue({
+        data: { success: false },
+      });
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Email service returned unsuccessful response');
+    });
+    it('handles 401 authentication error', async () => {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const error = new Error('Request failed') as any;
+      error.isAxiosError = true;
+      error.response = {
+        status: 401,
+        data: { message: 'Unauthorized' },
+      };
+      vi.mocked(axios.post).mockRejectedValue(error);
+      vi.mocked(axios.isAxiosError).mockReturnValue(true);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Authentication failed with cloud email service');
+    });
+    it('handles 403 forbidden error', async () => {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const error = new Error('Request failed') as any;
+      error.isAxiosError = true;
+      error.response = {
+        status: 403,
+        data: { message: 'Forbidden' },
+      };
+      vi.mocked(axios.post).mockRejectedValue(error);
+      vi.mocked(axios.isAxiosError).mockReturnValue(true);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Authentication failed with cloud email service');
+    });
+    it('handles 429 rate limit error', async () => {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const error = new Error('Request failed') as any;
+      error.isAxiosError = true;
+      error.response = {
+        status: 429,
+        data: { message: 'Too many requests' },
+      };
+      vi.mocked(axios.post).mockRejectedValue(error);
+      vi.mocked(axios.isAxiosError).mockReturnValue(true);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Email rate limit exceeded');
+    });
+    it('handles 400 bad request error', async () => {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const error = new Error('Request failed') as any;
+      error.isAxiosError = true;
+      error.response = {
+        status: 400,
+        data: { message: 'Invalid email format' },
+      };
+      vi.mocked(axios.post).mockRejectedValue(error);
+      vi.mocked(axios.isAxiosError).mockReturnValue(true);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Invalid email request: Invalid email format');
+    });
+    it('handles generic axios error', async () => {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const error = new Error('Request failed') as any;
+      error.isAxiosError = true;
+      error.response = {
+        status: 500,
+        data: { message: 'Internal server error' },
+      };
+      vi.mocked(axios.post).mockRejectedValue(error);
+      vi.mocked(axios.isAxiosError).mockReturnValue(true);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Failed to send email: Internal server error');
+    });
+    it('handles network error without response', async () => {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const error = new Error('Network error') as any;
+      error.isAxiosError = true;
+      vi.mocked(axios.post).mockRejectedValue(error);
+      vi.mocked(axios.isAxiosError).mockReturnValue(true);
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Failed to send email: Network error');
+    });
+    it('handles non-axios error', async () => {
+      vi.mocked(axios.post).mockRejectedValue(new Error('Unexpected error'));
+      await expect(
+        emailService.sendWithTemplate('user@example.com', 'John', 'email-verification-code', {
+          token: '123456',
+        })
+      ).rejects.toThrow('Failed to send email: Unexpected error');
+    });
+  });
+  describe('JWT token generation', () => {
+    it('generates JWT with correct payload and expiration', async () => {
+      vi.mocked(axios.post).mockResolvedValue({
+        data: { success: true },
+      });
+      await emailService.sendWithTemplate(
+        'user@example.com',
+        'John Doe',
+        'email-verification-code',
+        {
+          token: '123456',
+        }
+      );
+      expect(jwt.sign).toHaveBeenCalledWith({ sub: 'test-project-123' }, 'test-jwt-secret', {
+        expiresIn: '10m',
+      });
+    });
+  });
+});

package/backend/tests/unit/environment.test.ts ADDED Viewed

@@ -0,0 +1,59 @@
+import {
+  isCloudEnvironment,
+  isOAuthSharedKeysAvailable,
+  isDevelopment,
+  isProduction,
+} from '../../src/utils/environment';
+import { describe, it, expect, beforeEach, afterAll } from 'vitest';
+describe('Environment utils', () => {
+  const OLD_ENV = process.env;
+  beforeEach(() => {
+    process.env = { ...OLD_ENV };
+  });
+  afterAll(() => {
+    process.env = OLD_ENV;
+  });
+  it('isCloudEnvironment returns true if AWS_INSTANCE_PROFILE_NAME is set', () => {
+    process.env.AWS_INSTANCE_PROFILE_NAME = 'my-profile';
+    expect(isCloudEnvironment()).toBe(true);
+  });
+  it('isCloudEnvironment returns false if AWS_INSTANCE_PROFILE_NAME is missing', () => {
+    delete process.env.AWS_INSTANCE_PROFILE_NAME;
+    expect(isCloudEnvironment()).toBe(false);
+  });
+  it('isOAuthSharedKeysAvailable returns same as isCloudEnvironment', () => {
+    process.env.AWS_INSTANCE_PROFILE_NAME = 'profile';
+    expect(isOAuthSharedKeysAvailable()).toBe(true);
+    delete process.env.AWS_INSTANCE_PROFILE_NAME;
+    expect(isOAuthSharedKeysAvailable()).toBe(false);
+  });
+  it('isDevelopment works correctly', () => {
+    process.env.NODE_ENV = 'development';
+    expect(isDevelopment()).toBe(true);
+    process.env.NODE_ENV = 'production';
+    expect(isDevelopment()).toBe(false);
+    delete process.env.NODE_ENV;
+    expect(isDevelopment()).toBe(true);
+  });
+  it('isProduction works correctly', () => {
+    process.env.NODE_ENV = 'production';
+    expect(isProduction()).toBe(true);
+    process.env.NODE_ENV = 'development';
+    expect(isProduction()).toBe(false);
+    delete process.env.NODE_ENV;
+    expect(isProduction()).toBe(false);
+  });
+});

package/backend/tests/unit/helpers.test.ts ADDED Viewed

@@ -0,0 +1,63 @@
+import { convertSqlTypeToColumnType } from '../../src/utils/utils';
+import { ColumnType } from '@insforge/shared-schemas';
+import { describe, it, expect } from 'vitest';
+describe('convertSqlTypeToColumnType', () => {
+  it('converts UUID correctly', () => {
+    expect(convertSqlTypeToColumnType('uuid')).toBe(ColumnType.UUID);
+    expect(convertSqlTypeToColumnType('UUID')).toBe(ColumnType.UUID);
+  });
+  it('converts timestamp types correctly', () => {
+    expect(convertSqlTypeToColumnType('timestamptz')).toBe(ColumnType.DATETIME);
+    expect(convertSqlTypeToColumnType('timestamp with time zone')).toBe(ColumnType.DATETIME);
+  });
+  it('converts integer types correctly', () => {
+    const integers = [
+      'integer',
+      'bigint',
+      'smallint',
+      'int',
+      'int2',
+      'int4',
+      'serial',
+      'serial2',
+      'serial4',
+      'serial8',
+      'smallserial',
+      'bigserial',
+    ];
+    integers.forEach((type) => {
+      expect(convertSqlTypeToColumnType(type)).toBe(ColumnType.INTEGER);
+    });
+  });
+  it('converts float types correctly', () => {
+    const floats = ['double precision', 'real', 'numeric', 'float', 'float4', 'float8', 'decimal'];
+    floats.forEach((type) => {
+      expect(convertSqlTypeToColumnType(type)).toBe(ColumnType.FLOAT);
+    });
+  });
+  it('converts boolean types correctly', () => {
+    expect(convertSqlTypeToColumnType('boolean')).toBe(ColumnType.BOOLEAN);
+    expect(convertSqlTypeToColumnType('bool')).toBe(ColumnType.BOOLEAN);
+  });
+  it('converts JSON types correctly', () => {
+    expect(convertSqlTypeToColumnType('json')).toBe(ColumnType.JSON);
+    expect(convertSqlTypeToColumnType('jsonb')).toBe(ColumnType.JSON);
+    expect(convertSqlTypeToColumnType('array')).toBe(ColumnType.JSON);
+  });
+  it('converts string types correctly', () => {
+    const strings = ['text', 'varchar', 'char', 'character', 'character varying'];
+    strings.forEach((type) => {
+      expect(convertSqlTypeToColumnType(type)).toBe(ColumnType.STRING);
+    });
+  });
+  it('returns first 5 chars for unknown types', () => {
+    expect(convertSqlTypeToColumnType('customtype')).toBe('custo');
+  });
+});

package/backend/tests/unit/logger.test.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { logger } from '../../src/utils/logger';
+import { describe, it, expect, vi } from 'vitest';
+describe('Logger', () => {
+  it('should initialize with correct log level from environment or default', () => {
+    expect(logger.level).toBe(process.env.LOG_LEVEL || 'info');
+  });
+  it('should log messages without throwing', () => {
+    expect(() => logger.info('Test info message')).not.toThrow();
+    expect(() => logger.warn('Test warn message')).not.toThrow();
+    expect(() => logger.error('Test error message')).not.toThrow();
+  });
+  it('should call logger.error when logging errors', () => {
+    const error = new Error('Test error');
+    const logSpy = vi.spyOn(logger, 'error').mockImplementation(() => logger);
+    logger.error(error);
+    expect(logSpy).toHaveBeenCalled();
+    logSpy.mockRestore();
+  });
+});

package/backend/tests/unit/rate-limit.test.ts ADDED Viewed

@@ -0,0 +1,154 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { Request, Response } from 'express';
+import { perEmailCooldown } from '../../src/api/middleware/rate-limiters';
+import { AppError } from '../../src/api/middleware/error';
+describe('Rate Limit Middleware', () => {
+  describe('perEmailCooldown', () => {
+    let req: Partial<Request>;
+    let res: Partial<Response>;
+    let next: ReturnType<typeof vi.fn>;
+    beforeEach(() => {
+      req = {
+        body: {},
+      };
+      res = {};
+      next = vi.fn();
+    });
+    it('allows first request for an email', () => {
+      req.body = { email: 'test@example.com' };
+      const middleware = perEmailCooldown(60000);
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledOnce();
+      expect(next).toHaveBeenCalledWith();
+    });
+    it('blocks second request within cooldown period', () => {
+      req.body = { email: 'test2@example.com' };
+      const middleware = perEmailCooldown(60000);
+      // First request should pass
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledOnce();
+      // Second request should be blocked
+      expect(() => {
+        middleware(req as Request, res as Response, next);
+      }).toThrow(AppError);
+      expect(() => {
+        middleware(req as Request, res as Response, next);
+      }).toThrow(/Please wait.*seconds before requesting another code/);
+    });
+    it('allows request after cooldown period expires', async () => {
+      req.body = { email: 'test3@example.com' };
+      const shortCooldown = 100; // 100ms cooldown
+      const middleware = perEmailCooldown(shortCooldown);
+      // First request
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledTimes(1);
+      // Wait for cooldown to expire
+      await new Promise((resolve) => setTimeout(resolve, shortCooldown + 10));
+      // Second request after cooldown should pass
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledTimes(2);
+    });
+    it('treats emails case-insensitively', () => {
+      const middleware = perEmailCooldown(60000);
+      const uniqueEmail = `case-test-${Date.now()}@example.com`;
+      // First request with mixed case
+      req.body = { email: uniqueEmail.toUpperCase() };
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledOnce();
+      // Second request with lowercase should be blocked
+      req.body = { email: uniqueEmail.toLowerCase() };
+      expect(() => {
+        middleware(req as Request, res as Response, next);
+      }).toThrow(AppError);
+    });
+    it('allows requests for different emails', () => {
+      const middleware = perEmailCooldown(60000);
+      // Request for first email
+      req.body = { email: 'user1@example.com' };
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledTimes(1);
+      // Request for second email should also pass
+      req.body = { email: 'user2@example.com' };
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledTimes(2);
+    });
+    it('passes through when no email in body', () => {
+      req.body = {}; // No email
+      const middleware = perEmailCooldown(60000);
+      middleware(req as Request, res as Response, next);
+      expect(next).toHaveBeenCalledOnce();
+      expect(next).toHaveBeenCalledWith();
+    });
+    it('calculates remaining cooldown time correctly', () => {
+      req.body = { email: 'timing@example.com' };
+      const cooldownMs = 60000;
+      const middleware = perEmailCooldown(cooldownMs);
+      // First request
+      middleware(req as Request, res as Response, next);
+      // Try second request immediately
+      try {
+        middleware(req as Request, res as Response, next);
+      } catch (error) {
+        if (error instanceof AppError) {
+          // Should show approximately 60 seconds remaining
+          expect(error.message).toMatch(/wait (\d+) seconds/);
+          const match = error.message.match(/wait (\d+) seconds/);
+          if (match) {
+            const seconds = parseInt(match[1]);
+            expect(seconds).toBeGreaterThanOrEqual(59);
+            expect(seconds).toBeLessThanOrEqual(60);
+          }
+        }
+      }
+    });
+    it('uses custom cooldown duration', () => {
+      req.body = { email: 'custom@example.com' };
+      const customCooldown = 30000; // 30 seconds
+      const middleware = perEmailCooldown(customCooldown);
+      // First request
+      middleware(req as Request, res as Response, next);
+      // Second request should show 30 second cooldown
+      try {
+        middleware(req as Request, res as Response, next);
+      } catch (error) {
+        if (error instanceof AppError) {
+          expect(error.message).toMatch(/wait \d+ seconds/);
+          const match = error.message.match(/wait (\d+) seconds/);
+          if (match) {
+            const seconds = parseInt(match[1]);
+            expect(seconds).toBeGreaterThanOrEqual(29);
+            expect(seconds).toBeLessThanOrEqual(30);
+          }
+        }
+      }
+    });
+  });
+});