odac 1.4.1 → 1.4.3

package/src/Ipc.js

@@ -269,6 +269,43 @@ class Ipc extends EventEmitter {
     interval.unref()
   }
 
+  /**
+   * Tears down IPC resources. For Redis driver, disconnects clients.
+   * For memory driver, clears stores and removes cluster listeners.
+   */
+  async close() {
+    if (this.config.driver === 'redis') {
+      if (this.subRedis) {
+        await this.subRedis.quit().catch(() => {})
+        this.subRedis = null
+      }
+      if (this.redis) {
+        await this.redis.quit().catch(() => {})
+        this.redis = null
+      }
+    } else if (cluster.isPrimary) {
+      if (global.__odac_ipc_message_handler) {
+        cluster.removeListener('message', global.__odac_ipc_message_handler)
+        global.__odac_ipc_message_handler = null
+      }
+      if (global.__odac_ipc_exit_handler) {
+        cluster.removeListener('exit', global.__odac_ipc_exit_handler)
+        global.__odac_ipc_exit_handler = null
+      }
+      if (this._memoryStore) this._memoryStore.clear()
+      if (this._memorySubs) this._memorySubs.clear()
+    } else {
+      // Worker: reject all pending requests so they don't hang
+      for (const req of this._requests.values()) {
+        clearTimeout(req.timeout)
+        req.reject(new Error('IPC shutting down'))
+      }
+      this._requests.clear()
+      this._subs.clear()
+    }
+    this.initialized = false
+  }
+
   _handlePrimaryMessage(worker, msg) {
     const {type, id, key, value, ttl, channel, message} = msg
     const action = type.replace('ipc:', '')

package/src/Odac.js

@@ -149,7 +149,7 @@ module.exports = {
           return hash ? _odac.Token.check(hash) : _odac.Token.generate()
         }
         _odac.validator = function () {
-          return new (require('./Validator.js'))(_odac.Request)
+          return new (require('./Validator.js'))(_odac.Request, _odac)
         }
         _odac.write = function (value) {
           return _odac.Request.write(value)

package/src/Route/Cron.js

@@ -12,6 +12,17 @@ class Cron {
     }
   }
 
+  /**
+   * Stops the cron scheduler. Called during graceful shutdown to prevent
+   * new cron jobs from firing while the process is terminating.
+   */
+  stop() {
+    if (this.#interval) {
+      clearInterval(this.#interval)
+      this.#interval = null
+    }
+  }
+
   check() {
     const now = new Date()
     const minute = now.getMinutes()

package/src/Route.js

@@ -1,5 +1,6 @@
 const fs = require('fs')
 const fsPromises = fs.promises
+const path = require('path')
 
 const Cron = require('./Route/Cron.js')
 const Internal = require('./Route/Internal.js')
@@ -219,42 +220,52 @@ class Route {
       if (typeof page === 'string') Odac.Request.page = page
       return await this.#executeController(Odac, pageController)
     }
-    if (url && !url.includes('/../')) {
-      const publicPath = `${__dir}/public${url}`
 
-      // PROD CACHE HIT (Metadata)
-      if (!Odac.Config.debug && this.#publicCache[publicPath]) {
-        const cached = this.#publicCache[publicPath]
-        Odac.Request.header('Content-Type', cached.type)
-        Odac.Request.header('Cache-Control', 'public, max-age=31536000')
-        Odac.Request.header('Content-Length', cached.size)
-        return fs.createReadStream(publicPath)
-      }
-
-      try {
-        const stat = await fsPromises.stat(publicPath)
-        if (stat.isFile()) {
-          let type = 'text/html'
-          if (url.includes('.')) {
-            let arr = url.split('.')
-            type = mime[arr[arr.length - 1]]
-          }
+    let decodedUrl
+    try {
+      decodedUrl = decodeURIComponent(url)
+    } catch {
+      decodedUrl = null // Invalid URI encoding
+    }
 
-          // PROD CACHE SET (Metadata Only)
-          if (!Odac.Config.debug) {
-            this.#publicCache[publicPath] = {
-              type,
-              size: stat.size
-            }
-          }
+    if (decodedUrl && !decodedUrl.includes('\0')) {
+      const publicDir = path.normalize(`${__dir}/public`)
+      const safeUrl = decodedUrl.replace(/^[/\\]+/, '')
+      const publicPath = path.normalize(path.join(publicDir, safeUrl))
+      const relativePath = path.relative(publicDir, publicPath)
 
-          Odac.Request.header('Content-Type', type)
+      if (relativePath === '' || (!relativePath.startsWith('..') && !path.isAbsolute(relativePath))) {
+        // PROD CACHE HIT (Metadata)
+        if (!Odac.Config.debug && this.#publicCache[publicPath]) {
+          const cached = this.#publicCache[publicPath]
+          Odac.Request.header('Content-Type', cached.type)
           Odac.Request.header('Cache-Control', 'public, max-age=31536000')
-          Odac.Request.header('Content-Length', stat.size)
+          Odac.Request.header('Content-Length', cached.size)
           return fs.createReadStream(publicPath)
         }
-      } catch {
-        // File not found in public
+
+        try {
+          const stat = await fsPromises.stat(publicPath)
+          if (stat.isFile()) {
+            const extension = path.extname(publicPath).slice(1)
+            const type = mime[extension] || 'text/html'
+
+            // PROD CACHE SET (Metadata Only)
+            if (!Odac.Config.debug) {
+              this.#publicCache[publicPath] = {
+                type,
+                size: stat.size
+              }
+            }
+
+            Odac.Request.header('Content-Type', type)
+            Odac.Request.header('Cache-Control', 'public, max-age=31536000')
+            Odac.Request.header('Content-Length', stat.size)
+            return fs.createReadStream(publicPath)
+          }
+        } catch {
+          // File not found in public
+        }
       }
     }
 
@@ -806,6 +817,14 @@ class Route {
     return Cron.job(controller)
   }
 
+  /**
+   * Stops the cron scheduler during graceful shutdown.
+   * Prevents new cron jobs from spawning while the process is terminating.
+   */
+  stopCron() {
+    Cron.stop()
+  }
+
   ws(path, handler, options = {}) {
     this.setWs('ws', path, handler, options)
     return this

package/src/Server.js

@@ -33,36 +33,73 @@ module.exports = {
         }
       })
 
-      // Graceful shutdown handler for primary
-      const gracefulShutdown = signal => {
+      /**
+       * GRACEFUL SHUTDOWN — PRIMARY PROCESS
+       * ────────────────────────────────────
+       * Shutdown order (deterministic, sequential):
+       *   1. Stop accepting new work       → Cron, session GC
+       *   2. Drain active workers           → send 'shutdown', disconnect, wait
+       *   3. Release shared resources       → IPC, Database, Storage
+       *   4. Exit 0
+       *
+       * A 30-second hard timeout protects against hung workers or I/O.
+       */
+      const gracefulShutdown = async signal => {
         if (isShuttingDown) return
         isShuttingDown = true
 
         console.log(`\n\x1b[33m[Shutdown]\x1b[0m ${signal} received, shutting down gracefully...`)
 
-        // Disconnect all workers
-        for (const id in cluster.workers) {
-          cluster.workers[id].send('shutdown')
-          cluster.workers[id].disconnect()
-        }
+        // Force exit safety net — must be set immediately
+        const forceTimer = setTimeout(() => {
+          console.error('\x1b[31m[Shutdown]\x1b[0m Timeout! Forcing exit...')
+          process.exit(1)
+        }, 30000)
+        forceTimer.unref()
 
-        let workersAlive = Object.keys(cluster.workers).length
+        // Phase 1: Stop schedulers so no new work is queued
+        Odac.Route.stopCron()
+        Odac.Storage.stopSessionGC()
 
-        cluster.on('exit', () => {
-          workersAlive--
-          if (workersAlive === 0) {
-            console.log('\x1b[32m[Shutdown]\x1b[0m All workers stopped.')
-            Odac.Storage.close()
-            console.log('\x1b[32m[Shutdown]\x1b[0m Storage closed. Goodbye!')
-            process.exit(0)
+        // Phase 2: Gracefully drain all workers
+        await new Promise(resolve => {
+          const workerIds = Object.keys(cluster.workers)
+          let workersAlive = workerIds.length
+
+          if (workersAlive === 0) return resolve()
+
+          cluster.on('exit', () => {
+            workersAlive--
+            if (workersAlive <= 0) resolve()
+          })
+
+          for (const id of workerIds) {
+            const worker = cluster.workers[id]
+            if (worker) {
+              worker.send('shutdown')
+              worker.disconnect()
+            }
           }
         })
 
-        // Force exit after 30 seconds
-        setTimeout(() => {
-          console.error('\x1b[31m[Shutdown]\x1b[0m Timeout! Forcing exit...')
-          process.exit(1)
-        }, 30000)
+        console.log('\x1b[32m[Shutdown]\x1b[0m All workers stopped.')
+
+        // Phase 3: Release shared resources (order matters: IPC → DB → Storage)
+        try {
+          await Odac.Ipc.close()
+        } catch (e) {
+          console.error(`\x1b[31m[Shutdown]\x1b[0m Error closing IPC: ${e.message}`)
+        }
+        try {
+          await Odac.Database.close()
+        } catch (e) {
+          console.error(`\x1b[31m[Shutdown]\x1b[0m Error closing Database: ${e.message}`)
+        }
+        Odac.Storage.close()
+
+        console.log('\x1b[32m[Shutdown]\x1b[0m Resources released. Goodbye!')
+        clearTimeout(forceTimer)
+        process.exit(0)
       }
 
       process.on('SIGTERM', () => gracefulShutdown('SIGTERM'))
@@ -113,11 +150,28 @@ module.exports = {
 
       server.listen(port)
 
-      // Graceful shutdown handler for worker
-      process.on('message', msg => {
+      /**
+       * GRACEFUL SHUTDOWN — WORKER PROCESS
+       * ──────────────────────────────────
+       * 1. Stop accepting new connections  (server.close)
+       * 2. Release worker-scoped resources (IPC pending requests, DB pools)
+       * 3. Exit 0
+       */
+      process.on('message', async msg => {
         if (msg === 'shutdown') {
           console.log(`\x1b[36m[Worker ${process.pid}]\x1b[0m Closing server...`)
-          server.close(() => {
+
+          server.close(async () => {
+            try {
+              await Odac.Ipc.close()
+            } catch {
+              /* best-effort */
+            }
+            try {
+              await Odac.Database.close()
+            } catch {
+              /* best-effort */
+            }
             console.log(`\x1b[36m[Worker ${process.pid}]\x1b[0m Server closed.`)
             process.exit(0)
           })

package/src/Storage.js

@@ -5,6 +5,7 @@ class OdacStorage {
   constructor() {
     this.db = null
     this.ready = false
+    this.gcInterval = null
   }
 
   init() {
@@ -72,10 +73,14 @@ class OdacStorage {
       return null
     }
 
+    if (this.gcInterval) {
+      clearInterval(this.gcInterval)
+    }
+
     const BATCH_THRESHOLD = 10000
     const BATCH_SIZE = 1000
 
-    return setInterval(() => {
+    this.gcInterval = setInterval(() => {
       try {
         // Count sessions to decide mode
         let sessionCount = 0
@@ -94,6 +99,15 @@ class OdacStorage {
         console.error('\x1b[31m[Storage GC Error]\x1b[0m', error.message)
       }
     }, intervalMs)
+
+    return this.gcInterval
+  }
+
+  stopSessionGC() {
+    if (this.gcInterval) {
+      clearInterval(this.gcInterval)
+      this.gcInterval = null
+    }
   }
 
   // Simple mode: Load all sessions at once (fast for small datasets)

package/src/Validator.js

@@ -93,9 +93,11 @@ class Validator {
   #method = 'POST'
   #name = ''
   #request
+  #odac
 
-  constructor(Request) {
+  constructor(Request, Odac) {
     this.#request = Request
+    this.#odac = Odac || global.Odac
   }
 
   check(rules) {
@@ -189,37 +191,37 @@ class Validator {
                     error = !value || (value !== 1 && value !== '1' && value !== 'on' && value !== 'yes' && value !== true)
                     break
                   case 'numeric':
-                    error = value && value !== '' && !Odac.Var(value).is('numeric')
+                    error = value && value !== '' && !this.#odac.Var(value).is('numeric')
                     break
                   case 'alpha':
-                    error = value && value !== '' && !Odac.Var(value).is('alpha')
+                    error = value && value !== '' && !this.#odac.Var(value).is('alpha')
                     break
                   case 'alphaspace':
-                    error = value && value !== '' && !Odac.Var(value).is('alphaspace')
+                    error = value && value !== '' && !this.#odac.Var(value).is('alphaspace')
                     break
                   case 'alphanumeric':
-                    error = value && value !== '' && !Odac.Var(value).is('alphanumeric')
+                    error = value && value !== '' && !this.#odac.Var(value).is('alphanumeric')
                     break
                   case 'alphanumericspace':
-                    error = value && value !== '' && !Odac.Var(value).is('alphanumericspace')
+                    error = value && value !== '' && !this.#odac.Var(value).is('alphanumericspace')
                     break
                   case 'email':
-                    error = value && value !== '' && !Odac.Var(value).is('email')
+                    error = value && value !== '' && !this.#odac.Var(value).is('email')
                     break
                   case 'ip':
-                    error = value && value !== '' && !Odac.Var(value).is('ip')
+                    error = value && value !== '' && !this.#odac.Var(value).is('ip')
                     break
                   case 'float':
-                    error = value && value !== '' && !Odac.Var(value).is('float')
+                    error = value && value !== '' && !this.#odac.Var(value).is('float')
                     break
                   case 'mac':
-                    error = value && value !== '' && !Odac.Var(value).is('mac')
+                    error = value && value !== '' && !this.#odac.Var(value).is('mac')
                     break
                   case 'domain':
-                    error = value && value !== '' && !Odac.Var(value).is('domain')
+                    error = value && value !== '' && !this.#odac.Var(value).is('domain')
                     break
                   case 'url':
-                    error = value && value !== '' && !Odac.Var(value).is('url')
+                    error = value && value !== '' && !this.#odac.Var(value).is('url')
                     break
                   case 'username':
                     error = value && value !== '' && !/^[a-zA-Z0-9]+$/.test(value)
@@ -228,7 +230,7 @@ class Validator {
                     error = value && value !== '' && /<[^>]*>/g.test(value)
                     break
                   case 'usercheck':
-                    error = !(await Odac.Auth.check())
+                    error = !(await this.#odac.Auth.check())
                     break
                   case 'array':
                     error = value && !Array.isArray(value)
@@ -283,12 +285,12 @@ class Validator {
                     error = value && value !== '' && vars[1] && !new RegExp(vars[1]).test(value)
                     break
                   case 'user': {
-                    if (!(await Odac.Auth.check())) {
+                    if (!(await this.#odac.Auth.check())) {
                       error = true
                     } else {
-                      const userData = Odac.Auth.user(vars[1])
-                      if (Odac.Var(userData).is('hash')) {
-                        error = !Odac.Var(userData).hashCheck(value)
+                      const userData = this.#odac.Auth.user(vars[1])
+                      if (this.#odac.Var(userData).is('hash')) {
+                        error = !this.#odac.Var(userData).hashCheck(value)
                       } else {
                         error = value !== userData
                       }
@@ -344,7 +346,7 @@ class Validator {
     const ip = this.#request.ip()
     const now = new Date().toISOString().slice(0, 13).replace(/[-:T]/g, '')
     const page = this.#request.path()
-    const storage = Odac.storage('sys')
+    const storage = this.#odac.storage('sys')
     const validation = storage.get('validation') || {}
 
     this.#name = '_odac_form'
@@ -358,8 +360,8 @@ class Validator {
       validation.brute[now][page][ip]++
 
       if (validation.brute[now][page][ip] >= maxAttempts) {
-        this.#message['_odac_form'] = Odac.Lang
-          ? Odac.Lang.get('Too many failed attempts. Please try again later.')
+        this.#message['_odac_form'] = this.#odac.Lang
+          ? this.#odac.Lang.get('Too many failed attempts. Please try again later.')
           : 'Too many failed attempts. Please try again later.'
       }
     }

package/test/{Auth.test.js → Auth/check.test.js}

@@ -1,6 +1,6 @@
-const Auth = require('../src/Auth.js')
+const Auth = require('../../src/Auth.js')
 
-describe('Auth - Refresh Token Rotation', () => {
+describe('Auth.check()', () => {
   let reqMock
   let authInstance
 
@@ -65,7 +65,8 @@ describe('Auth - Refresh Token Rotation', () => {
         return cookieStore[name] || null
       }),
       header: jest.fn(() => 'TestBrowser'),
-      ip: '127.0.0.1'
+      ip: '127.0.0.1',
+      res: {} // HTTP context (non-null res indicates Set-Cookie can be delivered)
     }
 
     authInstance = new Auth(reqMock)
@@ -173,12 +174,11 @@ describe('Auth - Refresh Token Rotation', () => {
 
   it('should recovery-rotate and DELETE old token when client lost cookies (rotated token > 5s)', async () => {
     // Simulate a rotated token where 10 seconds have passed since original rotation
-    // Client still has old cookies → recovery rotation should trigger
+    // Client still has old cookies -> recovery rotation should trigger
     const maxAge = 30 * 24 * 60 * 60 * 1000
     const timeSinceRotation = 10000 // 10 seconds since original rotation
     // active was set to: rotationTime - maxAge + 60000
     // So: inactiveAge = now - active = now - (rotationTime - maxAge + 60000) = timeSinceRotation + maxAge - 60000
-    // timeSinceRotation formula: inactiveAge - maxAge + 60000 = timeSinceRotation = 10000
     const rotatedActiveDate = new Date(Date.now() - maxAge + 60000 - timeSinceRotation)
 
     const mockRecord = {
@@ -276,6 +276,92 @@ describe('Auth - Refresh Token Rotation', () => {
     expect(dbMock.insert).not.toHaveBeenCalled()
   })
 
+  it('should skip rotation for WebSocket connections (res === null) and update active instead', async () => {
+    const createdAt = Date.now() - 20 * 60 * 1000 // 20 mins ago -> exceeds 15 min rotationAge
+
+    const wsReqMock = {
+      cookie: jest.fn((name, value) => {
+        if (value !== undefined) return
+        return {odac_x: 'old_x', odac_y: 'old_y'}[name] || null
+      }),
+      header: jest.fn(() => 'TestBrowser'),
+      ip: '127.0.0.1',
+      res: null // WebSocket context: no HTTP response available
+    }
+
+    const wsAuth = new Auth(wsReqMock)
+
+    const mockRecord = {
+      active: new Date(),
+      browser: 'TestBrowser',
+      date: new Date(createdAt),
+      id: 'token_ws',
+      ip: '127.0.0.1',
+      token_x: 'old_x',
+      token_y: 'hashed_old_y',
+      user: 'user_10'
+    }
+
+    const dbMock = createDbMock([mockRecord])
+    global.Odac.DB.user_tokens = dbMock
+    global.Odac.DB.users = dbMock
+
+    const result = await wsAuth.check()
+
+    expect(result).toBe(true)
+    // No rotation: no new token inserted
+    expect(dbMock.insert).not.toHaveBeenCalled()
+    // Active timestamp should be refreshed instead
+    expect(dbMock.tracker.updateCalls.length).toBe(1)
+    expect(dbMock.tracker.updateCalls[0].active).toBeInstanceOf(Date)
+    // No new cookies set (nothing to deliver over WS)
+    const setCalls = wsReqMock.cookie.mock.calls.filter(c => c.length >= 2)
+    expect(setCalls.length).toBe(0)
+  })
+
+  it('should skip recovery rotation for WebSocket connections (res === null)', async () => {
+    const maxAge = 30 * 24 * 60 * 60 * 1000
+    const timeSinceRotation = 10000 // 10 seconds since original rotation
+    const rotatedActiveDate = new Date(Date.now() - maxAge + 60000 - timeSinceRotation)
+
+    const wsReqMock = {
+      cookie: jest.fn((name, value) => {
+        if (value !== undefined) return
+        return {odac_x: 'old_x', odac_y: 'old_y'}[name] || null
+      }),
+      header: jest.fn(() => 'TestBrowser'),
+      ip: '127.0.0.1',
+      res: null // WebSocket context
+    }
+
+    const wsAuth = new Auth(wsReqMock)
+
+    const mockRecord = {
+      active: rotatedActiveDate,
+      browser: 'TestBrowser',
+      date: new Date(0), // Epoch marker = rotated
+      id: 'token_ws_recovery',
+      ip: '127.0.0.1',
+      token_x: 'old_x',
+      token_y: 'hashed_old_y',
+      user: 'user_10'
+    }
+
+    const dbMock = createDbMock([mockRecord])
+    global.Odac.DB.user_tokens = dbMock
+    global.Odac.DB.users = dbMock
+
+    const result = await wsAuth.check()
+
+    expect(result).toBe(true)
+    // No recovery rotation: no insert, no delete
+    expect(dbMock.insert).not.toHaveBeenCalled()
+    expect(dbMock.tracker.deleteCalls.length).toBe(0)
+    // No cookies set
+    const setCalls = wsReqMock.cookie.mock.calls.filter(c => c.length >= 2)
+    expect(setCalls.length).toBe(0)
+  })
+
   it('should update active timestamp when inactiveAge exceeds updateAge but tokenAge is within rotationAge', async () => {
     const staleActive = Date.now() - 25 * 60 * 60 * 1000 // 25 hours ago -> exceeds 24h updateAge
     const recentDate = Date.now() - 5 * 60 * 1000 // 5 mins ago -> within rotationAge

package/test/Client/data.test.js

@@ -0,0 +1,91 @@
+describe('Odac.data()', () => {
+  let mockXhr, mockDocument, mockWindow
+
+  beforeEach(() => {
+    jest.resetModules()
+    mockXhr = {
+      open: jest.fn(),
+      setRequestHeader: jest.fn(),
+      send: jest.fn(),
+      getResponseHeader: jest.fn(),
+      status: 200,
+      responseText: '{}',
+      response: '{}',
+      onload: null,
+      onerror: null
+    }
+    mockDocument = {
+      getElementById: jest.fn(),
+      querySelectorAll: jest.fn(() => []),
+      querySelector: jest.fn(),
+      addEventListener: jest.fn(),
+      removeEventListener: jest.fn(),
+      dispatchEvent: jest.fn(),
+      documentElement: {dataset: {}},
+      cookie: '',
+      readyState: 'complete',
+      createElement: jest.fn(() => ({setAttribute: jest.fn(), style: {}, appendChild: jest.fn(), parentNode: {insertBefore: jest.fn()}}))
+    }
+    mockWindow = {
+      location: {protocol: 'http:', host: 'localhost', href: 'http://localhost/'},
+      history: {pushState: jest.fn()},
+      scrollTo: jest.fn(),
+      addEventListener: jest.fn(),
+      XMLHttpRequest: jest.fn(() => mockXhr),
+      localStorage: {getItem: jest.fn(), setItem: jest.fn(), removeItem: jest.fn()},
+      CustomEvent: jest.fn((name, detail) => ({name, detail})),
+      setTimeout: jest.fn(),
+      clearTimeout: jest.fn(),
+      requestAnimationFrame: jest.fn(cb => cb(Date.now())),
+      WebSocket: jest.fn(() => ({send: jest.fn(), close: jest.fn(), readyState: 1})),
+      FormData: jest.fn()
+    }
+    mockWindow.window = mockWindow
+    mockWindow.document = mockDocument
+    mockWindow.WebSocket.OPEN = 1
+    mockWindow.WebSocket.CLOSED = 3
+    global.window = mockWindow
+    global.document = mockDocument
+    global.location = mockWindow.location
+    global.XMLHttpRequest = mockWindow.XMLHttpRequest
+    global.localStorage = mockWindow.localStorage
+    global.CustomEvent = mockWindow.CustomEvent
+    global.WebSocket = mockWindow.WebSocket
+    global.setTimeout = mockWindow.setTimeout
+    global.clearTimeout = mockWindow.clearTimeout
+    global.requestAnimationFrame = mockWindow.requestAnimationFrame
+    global.FormData = mockWindow.FormData
+    delete require.cache[require.resolve('../../client/odac.js')]
+    require('../../client/odac.js')
+  })
+
+  afterEach(() => {
+    delete global.window
+    delete global.document
+    delete global.location
+    delete global.XMLHttpRequest
+    delete global.localStorage
+    delete global.CustomEvent
+    delete global.WebSocket
+    delete global.setTimeout
+    delete global.clearTimeout
+    delete global.requestAnimationFrame
+    delete global.FormData
+    delete global.Odac
+  })
+
+  test('should retrieve data from odac-data script tag', () => {
+    const mockData = {user: 'emre'}
+    document.getElementById.mockReturnValue({textContent: JSON.stringify(mockData)})
+    const result = window.Odac.data()
+    expect(result).toEqual(mockData)
+    expect(document.getElementById).toHaveBeenCalledWith('odac-data')
+  })
+
+  test('should return specific key from data', () => {
+    const mockData = {user: 'emre', role: 'admin'}
+    document.getElementById.mockReturnValue({textContent: JSON.stringify(mockData)})
+    expect(window.Odac.data('user')).toBe('emre')
+    expect(window.Odac.data('role')).toBe('admin')
+  })
+})