odac 1.4.1 → 1.4.3

package/test/{Route.test.js → Route/check.test.js}

@@ -1,6 +1,6 @@
-const Route = require('../src/Route')
+const Route = require('../../src/Route')
 
-describe('Route', () => {
+describe('Route.check()', () => {
   let route
 
   beforeEach(() => {
@@ -17,7 +17,7 @@ describe('Route', () => {
     delete global.__dir
   })
 
-  describe('check - token request', () => {
+  describe('token request', () => {
     it('should handle token request with undefined route gracefully', async () => {
       const mockOdac = {
         Request: {
@@ -205,42 +205,7 @@ describe('Route', () => {
     })
   })
 
-  describe('set', () => {
-    it('should register a route with function handler', () => {
-      global.Odac.Route.buff = 'test_route'
-      const handler = jest.fn()
-
-      route.set('get', '/test', handler)
-
-      expect(route.routes.test_route).toBeDefined()
-      expect(route.routes.test_route.get).toBeDefined()
-      expect(route.routes.test_route.get['/test']).toBeDefined()
-      expect(route.routes.test_route.get['/test'].cache).toBe(handler)
-      expect(route.routes.test_route.get['/test'].type).toBe('function')
-    })
-
-    it('should handle array of methods', () => {
-      global.Odac.Route.buff = 'test_route'
-      const handler = jest.fn()
-
-      route.set(['get', 'post'], '/test', handler)
-
-      expect(route.routes.test_route.get['/test']).toBeDefined()
-      expect(route.routes.test_route.post['/test']).toBeDefined()
-    })
-
-    it('should strip trailing slash from url', () => {
-      global.Odac.Route.buff = 'test_route'
-      const handler = jest.fn()
-
-      route.set('get', '/test/', handler)
-
-      expect(route.routes.test_route.get['/test']).toBeDefined()
-      expect(route.routes.test_route.get['/test/']).toBeUndefined()
-    })
-  })
-
-  describe('parametric route matching (#controller via check)', () => {
+  describe('parametric route matching', () => {
     const createMockOdac = (url, method = 'get') => ({
       Auth: {check: jest.fn().mockResolvedValue(true)},
       Config: {},
@@ -344,19 +309,104 @@ describe('Route', () => {
     })
   })
 
-  describe('WebSocket cleanup', () => {
-    it('should call ws() method successfully', () => {
-      const handler = jest.fn()
-      expect(() => {
-        route.ws('/test', handler, {token: false})
-      }).not.toThrow()
+  describe('public static file serving', () => {
+    const fs = require('fs')
+    const path = require('path')
+
+    const createMockOdac = url => ({
+      Auth: {check: jest.fn().mockResolvedValue(true)},
+      Config: {debug: true},
+      Request: {
+        url,
+        method: 'get',
+        route: 'test_route',
+        header: jest.fn(),
+        cookie: jest.fn(() => null),
+        abort: jest.fn(),
+        setSession: jest.fn(),
+        data: {url: {}}
+      },
+      request: jest.fn().mockResolvedValue(null)
+    })
+
+    beforeEach(() => {
+      global.__dir = '/app'
+    })
+
+    afterEach(() => {
+      jest.restoreAllMocks()
     })
 
-    it('should call auth.ws() method successfully', () => {
-      const handler = jest.fn()
-      expect(() => {
-        route.auth.ws('/test', handler)
-      }).not.toThrow()
+    it('should serve a public static file successfully', async () => {
+      const mockStat = jest.spyOn(fs.promises, 'stat').mockResolvedValue({isFile: () => true, size: 1024})
+      const mockStream = {pipe: jest.fn()}
+      const mockCreateReadStream = jest.spyOn(fs, 'createReadStream').mockReturnValue(mockStream)
+      const expectedPath = path.normalize('/app/public/style.css')
+
+      const mockOdac = createMockOdac('/style.css')
+      const result = await route.check(mockOdac)
+
+      expect(mockStat).toHaveBeenCalledWith(expectedPath)
+      expect(mockOdac.Request.header).toHaveBeenCalledWith('Content-Type', 'text/css')
+      expect(mockOdac.Request.header).toHaveBeenCalledWith('Content-Length', 1024)
+      expect(mockCreateReadStream).toHaveBeenCalledWith(expectedPath)
+      expect(result).toBe(mockStream)
+    })
+
+    it('should prevent path traversal attacks', async () => {
+      const mockStat = jest.spyOn(fs.promises, 'stat')
+
+      const mockOdac = createMockOdac('/../secrets.txt')
+      const result = await route.check(mockOdac)
+
+      expect(mockStat).not.toHaveBeenCalled()
+      expect(result).toBeUndefined() // Falls through if blocked
+    })
+
+    it('should prevent null byte injection attacks', async () => {
+      const mockStat = jest.spyOn(fs.promises, 'stat')
+
+      const mockOdac = createMockOdac('/style%00.css')
+      const result = await route.check(mockOdac)
+
+      expect(mockStat).not.toHaveBeenCalled()
+      expect(result).toBeUndefined()
+    })
+
+    it('should handle invalid URI encoding gracefully', async () => {
+      const mockStat = jest.spyOn(fs.promises, 'stat')
+
+      const mockOdac = createMockOdac('/%E0%A4%A') // Invalid URL encoded string
+      const result = await route.check(mockOdac)
+
+      expect(mockStat).not.toHaveBeenCalled()
+      expect(result).toBeUndefined()
+    })
+
+    it('should cache metadata in production mode', async () => {
+      jest.spyOn(fs.promises, 'stat').mockResolvedValue({isFile: () => true, size: 2048})
+      const mockCreateReadStream = jest.spyOn(fs, 'createReadStream').mockReturnValue('mock_stream')
+
+      const mockOdac = createMockOdac('/script.js')
+      mockOdac.Config.debug = false // prod mode
+
+      // first call (cache miss -> set cache)
+      await route.check(mockOdac)
+      expect(fs.promises.stat).toHaveBeenCalledTimes(1)
+      expect(mockOdac.Request.header).toHaveBeenCalledWith('Content-Type', 'text/javascript')
+
+      // reset mock tracking (cache hit -> no stat)
+      jest.clearAllMocks()
+      jest.spyOn(fs, 'createReadStream').mockReturnValue('mock_stream_2')
+
+      // second call
+      const result2 = await route.check(mockOdac)
+
+      expect(fs.promises.stat).not.toHaveBeenCalled() // Not called because metadata is cached
+      expect(mockOdac.Request.header).toHaveBeenCalledWith('Content-Type', 'text/javascript')
+      expect(mockOdac.Request.header).toHaveBeenCalledWith('Content-Length', 2048)
+      expect(mockCreateReadStream).toHaveBeenCalledWith(path.normalize('/app/public/script.js'))
+      expect(result2).toBe('mock_stream_2')
     })
   })
 })

package/test/Route/set.test.js

@@ -0,0 +1,52 @@
+const Route = require('../../src/Route')
+
+describe('Route.set()', () => {
+  let route
+
+  beforeEach(() => {
+    route = new Route()
+    global.Odac = {
+      Route: {},
+      Config: {}
+    }
+    global.__dir = process.cwd()
+  })
+
+  afterEach(() => {
+    delete global.Odac
+    delete global.__dir
+  })
+
+  it('should register a route with function handler', () => {
+    global.Odac.Route.buff = 'test_route'
+    const handler = jest.fn()
+
+    route.set('get', '/test', handler)
+
+    expect(route.routes.test_route).toBeDefined()
+    expect(route.routes.test_route.get).toBeDefined()
+    expect(route.routes.test_route.get['/test']).toBeDefined()
+    expect(route.routes.test_route.get['/test'].cache).toBe(handler)
+    expect(route.routes.test_route.get['/test'].type).toBe('function')
+  })
+
+  it('should handle array of methods', () => {
+    global.Odac.Route.buff = 'test_route'
+    const handler = jest.fn()
+
+    route.set(['get', 'post'], '/test', handler)
+
+    expect(route.routes.test_route.get['/test']).toBeDefined()
+    expect(route.routes.test_route.post['/test']).toBeDefined()
+  })
+
+  it('should strip trailing slash from url', () => {
+    global.Odac.Route.buff = 'test_route'
+    const handler = jest.fn()
+
+    route.set('get', '/test/', handler)
+
+    expect(route.routes.test_route.get['/test']).toBeDefined()
+    expect(route.routes.test_route.get['/test/']).toBeUndefined()
+  })
+})

package/test/Route/ws.test.js

@@ -0,0 +1,23 @@
+const Route = require('../../src/Route')
+
+describe('Route WebSocket methods', () => {
+  let route
+
+  beforeEach(() => {
+    route = new Route()
+  })
+
+  it('should call ws() method successfully', () => {
+    const handler = jest.fn()
+    expect(() => {
+      route.ws('/test', handler, {token: false})
+    }).not.toThrow()
+  })
+
+  it('should call authWs() method successfully', () => {
+    const handler = jest.fn()
+    expect(() => {
+      route.authWs('/test', handler)
+    }).not.toThrow()
+  })
+})

package/test/View/EarlyHints/cache.test.js

@@ -0,0 +1,32 @@
+const EarlyHints = require('../../../src/View/EarlyHints')
+
+describe('EarlyHints Caching', () => {
+  let earlyHints
+  let mockConfig
+
+  beforeEach(() => {
+    mockConfig = {
+      enabled: true,
+      auto: true,
+      maxResources: 5
+    }
+    earlyHints = new EarlyHints(mockConfig)
+  })
+
+  it('should cache hints for route', () => {
+    const resources = [{href: '/css/main.css', as: 'style'}]
+    earlyHints.cacheHints('/home', resources)
+
+    const cached = earlyHints.getHints(null, '/home')
+    expect(cached).toEqual(resources)
+  })
+
+  it('should not cache when disabled', () => {
+    const hints = new EarlyHints({enabled: false})
+    const resources = [{href: '/css/main.css', as: 'style'}]
+    hints.cacheHints('/home', resources)
+
+    const cached = hints.getHints(null, '/home')
+    expect(cached).toBeNull()
+  })
+})

package/test/View/EarlyHints/extractFromHtml.test.js

@@ -0,0 +1,143 @@
+const EarlyHints = require('../../../src/View/EarlyHints')
+
+describe('EarlyHints.extractFromHtml()', () => {
+  let earlyHints
+  let mockConfig
+
+  beforeEach(() => {
+    mockConfig = {
+      enabled: true,
+      auto: true,
+      maxResources: 5
+    }
+    earlyHints = new EarlyHints(mockConfig)
+  })
+
+  it('should extract CSS resources from head', () => {
+    const html = `
+      <html>
+        <head>
+          <link rel="stylesheet" href="/css/main.css">
+          <link rel="stylesheet" href="/css/theme.css">
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(2)
+    expect(resources[0]).toEqual({href: '/css/main.css', as: 'style'})
+    expect(resources[1]).toEqual({href: '/css/theme.css', as: 'style'})
+  })
+
+  it('should extract JS resources from head', () => {
+    const html = `
+      <html>
+        <head>
+          <script src="/js/app.js"></script>
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(1)
+    expect(resources[0]).toEqual({href: '/js/app.js', as: 'script'})
+  })
+
+  it('should not extract deferred JS', () => {
+    const html = `
+      <html>
+        <head>
+          <script src="/js/app.js" defer></script>
+          <script src="/js/async.js" async></script>
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(0)
+  })
+
+  it('should extract font resources', () => {
+    const html = `
+      <html>
+        <head>
+          <link rel="preload" href="/fonts/main.woff2" as="font">
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(1)
+    expect(resources[0]).toEqual({
+      href: '/fonts/main.woff2',
+      as: 'font',
+      crossorigin: 'anonymous'
+    })
+  })
+
+  it('should limit resources to maxResources', () => {
+    const html = `
+      <html>
+        <head>
+          <link rel="stylesheet" href="/css/1.css">
+          <link rel="stylesheet" href="/css/2.css">
+          <link rel="stylesheet" href="/css/3.css">
+          <link rel="stylesheet" href="/css/4.css">
+          <link rel="stylesheet" href="/css/5.css">
+          <link rel="stylesheet" href="/css/6.css">
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(5)
+  })
+
+  it('should return empty array when no head tag', () => {
+    const html = '<html><body></body></html>'
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toEqual([])
+  })
+
+  it('should return empty array when disabled', () => {
+    const hints = new EarlyHints({enabled: false})
+    const html = '<html><head><link rel="stylesheet" href="/css/main.css"></head></html>'
+    const resources = hints.extractFromHtml(html)
+    expect(resources).toEqual([])
+  })
+
+  it('should skip resources with defer attribute', () => {
+    const html = `
+      <html>
+        <head>
+          <link rel="stylesheet" href="/css/critical.css">
+          <link rel="stylesheet" href="/css/non-critical.css" defer>
+          <script src="/js/app.js"></script>
+          <script src="/js/analytics.js" defer></script>
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(2)
+    expect(resources[0]).toEqual({href: '/css/critical.css', as: 'style'})
+    expect(resources[1]).toEqual({href: '/js/app.js', as: 'script'})
+  })
+
+  it('should only detect stylesheets with rel="stylesheet"', () => {
+    const html = `
+      <html>
+        <head>
+          <link rel="stylesheet" href="/css/main.css">
+          <link rel="icon" href="/favicon.css">
+          <link rel="preload" href="/data.css" as="fetch">
+          <link href="/other.css">
+        </head>
+        <body></body>
+      </html>
+    `
+    const resources = earlyHints.extractFromHtml(html)
+    expect(resources).toHaveLength(1)
+    expect(resources[0]).toEqual({href: '/css/main.css', as: 'style'})
+  })
+})

package/test/View/EarlyHints/formatLinkHeader.test.js

@@ -0,0 +1,33 @@
+const EarlyHints = require('../../../src/View/EarlyHints')
+
+describe('EarlyHints.formatLinkHeader()', () => {
+  let earlyHints
+  let mockConfig
+
+  beforeEach(() => {
+    mockConfig = {
+      enabled: true,
+      auto: true,
+      maxResources: 5
+    }
+    earlyHints = new EarlyHints(mockConfig)
+  })
+
+  it('should format basic resource', () => {
+    const resource = {href: '/css/main.css', as: 'style'}
+    const header = earlyHints.formatLinkHeader(resource)
+    expect(header).toBe('</css/main.css>; rel=preload; as=style')
+  })
+
+  it('should format resource with crossorigin', () => {
+    const resource = {href: '/font.woff2', as: 'font', crossorigin: 'anonymous'}
+    const header = earlyHints.formatLinkHeader(resource)
+    expect(header).toBe('</font.woff2>; rel=preload; as=font; crossorigin')
+  })
+
+  it('should format resource with type', () => {
+    const resource = {href: '/data.json', as: 'fetch', type: 'application/json'}
+    const header = earlyHints.formatLinkHeader(resource)
+    expect(header).toBe('</data.json>; rel=preload; as=fetch; type=application/json')
+  })
+})

package/test/View/EarlyHints/send.test.js

@@ -0,0 +1,99 @@
+const EarlyHints = require('../../../src/View/EarlyHints')
+
+describe('EarlyHints.send()', () => {
+  let earlyHints
+  let mockConfig
+
+  beforeEach(() => {
+    mockConfig = {
+      enabled: true,
+      auto: true,
+      maxResources: 5
+    }
+    earlyHints = new EarlyHints(mockConfig)
+  })
+
+  it('should return false when disabled', () => {
+    const hints = new EarlyHints({enabled: false})
+    const mockRes = {
+      headersSent: false,
+      writableEnded: false,
+      writeEarlyHints: jest.fn()
+    }
+    const resources = [{href: '/css/main.css', as: 'style'}]
+
+    const result = hints.send(mockRes, resources)
+    expect(result).toBe(false)
+    expect(mockRes.writeEarlyHints).not.toHaveBeenCalled()
+  })
+
+  it('should return false when headers already sent', () => {
+    const mockRes = {
+      headersSent: true,
+      writableEnded: false,
+      writeEarlyHints: jest.fn()
+    }
+    const resources = [{href: '/css/main.css', as: 'style'}]
+
+    const result = earlyHints.send(mockRes, resources)
+    expect(result).toBe(false)
+    expect(mockRes.writeEarlyHints).not.toHaveBeenCalled()
+  })
+
+  it('should return false when response ended', () => {
+    const mockRes = {
+      headersSent: false,
+      writableEnded: true,
+      writeEarlyHints: jest.fn()
+    }
+    const resources = [{href: '/css/main.css', as: 'style'}]
+
+    const result = earlyHints.send(mockRes, resources)
+    expect(result).toBe(false)
+    expect(mockRes.writeEarlyHints).not.toHaveBeenCalled()
+  })
+
+  it('should return true even when writeEarlyHints not available', () => {
+    const mockRes = {
+      headersSent: false,
+      writableEnded: false,
+      setHeader: jest.fn()
+    }
+    const resources = [{href: '/css/main.css', as: 'style'}]
+
+    const result = earlyHints.send(mockRes, resources)
+    expect(result).toBe(true)
+    expect(mockRes.setHeader).toHaveBeenCalledWith('X-Odac-Early-Hints', JSON.stringify(['</css/main.css>; rel=preload; as=style']))
+  })
+
+  it('should send early hints successfully', () => {
+    const mockRes = {
+      headersSent: false,
+      writableEnded: false,
+      writeEarlyHints: jest.fn(),
+      setHeader: jest.fn()
+    }
+    const resources = [{href: '/css/main.css', as: 'style'}]
+
+    const result = earlyHints.send(mockRes, resources)
+    expect(result).toBe(true)
+    expect(mockRes.writeEarlyHints).toHaveBeenCalledWith({
+      link: ['</css/main.css>; rel=preload; as=style']
+    })
+    expect(mockRes.setHeader).toHaveBeenCalledWith('X-Odac-Early-Hints', JSON.stringify(['</css/main.css>; rel=preload; as=style']))
+  })
+
+  it('should handle writeEarlyHints errors gracefully', () => {
+    const mockRes = {
+      headersSent: false,
+      writableEnded: false,
+      writeEarlyHints: jest.fn(() => {
+        throw new Error('Write error')
+      })
+    }
+    const resources = [{href: '/css/main.css', as: 'style'}]
+
+    const result = earlyHints.send(mockRes, resources)
+    expect(result).toBe(false)
+  })
+})

package/test/View/{Form.test.js → Form/generateFieldHtml.test.js}

@@ -1,6 +1,6 @@
-const Form = require('../../src/View/Form')
+const Form = require('../../../src/View/Form')
 
-describe('Form HTML escaping', () => {
+describe('Form.generateFieldHtml()', () => {
   test('should escape textarea content to prevent tag breakout XSS', () => {
     const html = Form.generateFieldHtml({
       name: 'bio',

package/test/View/constructor.test.js

@@ -0,0 +1,22 @@
+const View = require('../../src/View')
+
+describe('View.constructor()', () => {
+  let mockOdac
+
+  beforeEach(() => {
+    mockOdac = {
+      Config: {view: {earlyHints: {enabled: true}}},
+      View: {}
+    }
+  })
+
+  it('should initialize with EarlyHints if enabled', () => {
+    const view = new View(mockOdac)
+    expect(view).toBeDefined()
+  })
+
+  it('should set global.Odac.View.Form', () => {
+    new View(mockOdac)
+    expect(global.Odac.View.Form).toBeDefined()
+  })
+})

package/test/View/print.test.js

@@ -0,0 +1,19 @@
+const View = require('../../src/View')
+
+describe('View.print()', () => {
+  let view
+  let mockOdac
+
+  beforeEach(() => {
+    mockOdac = {
+      Config: {view: {earlyHints: {enabled: false}}},
+      View: {},
+      Request: {data: {all: {}}}
+    }
+    view = new View(mockOdac)
+  })
+
+  it('should be a function', () => {
+    expect(typeof view.print).toBe('function')
+  })
+})

package/test/WebSocket/Client/limits.test.js

@@ -0,0 +1,55 @@
+const {WebSocketServer, WebSocketClient} = require('../../../src/WebSocket.js')
+
+describe('WebSocketClient Limits', () => {
+  let server
+
+  beforeEach(() => {
+    server = new WebSocketServer()
+  })
+
+  describe('maxPayload', () => {
+    it('should close connection if payload exceeds limit', () => {
+      const socket = {
+        pause: jest.fn(),
+        on: jest.fn(),
+        write: jest.fn(),
+        end: jest.fn(),
+        removeAllListeners: jest.fn()
+      }
+      new WebSocketClient(socket, server, 'test-id', {maxPayload: 10})
+
+      const buffer = Buffer.alloc(100)
+      buffer[0] = 0x81
+      buffer[1] = 0x80 | 20
+      const dataHandler = socket.on.mock.calls.find(call => call[0] === 'data')[1]
+      dataHandler(buffer)
+
+      expect(socket.end).toHaveBeenCalled()
+    })
+  })
+
+  describe('rateLimit', () => {
+    it('should close connection if rate limit exceeded', () => {
+      const socket = {
+        pause: jest.fn(),
+        on: jest.fn(),
+        write: jest.fn(),
+        end: jest.fn(),
+        removeAllListeners: jest.fn()
+      }
+      new WebSocketClient(socket, server, 'test-id', {rateLimit: {max: 2, window: 1000}})
+
+      const buffer = Buffer.alloc(7)
+      buffer[0] = 0x81
+      buffer[1] = 0x80 | 1
+      buffer[2] = buffer[3] = buffer[4] = buffer[5] = 0
+      buffer[6] = 0x61
+
+      const dataHandler = socket.on.mock.calls.find(call => call[0] === 'data')[1]
+      dataHandler(buffer)
+      dataHandler(buffer)
+      dataHandler(buffer)
+      expect(socket.end).toHaveBeenCalled()
+    })
+  })
+})