payload-plugin-newsletter 0.3.2 → 0.4.5

package/dist/src/__tests__/integration/collections/subscriber-hooks.test.js

@@ -1,356 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import { createPayloadRequestMock, seedCollection, clearCollections, createMockAdminUser } from '../../mocks/payload';
-import { mockSubscribers } from '../../fixtures/subscribers';
-import { createResendMock } from '../../mocks/email-providers';
-// Mock email service
-vi.mock('../../../services/email', ()=>({
-        getEmailService: vi.fn()
-    }));
-import { getEmailService } from '../../../services/email';
-describe('Subscriber Collection Hooks Security', ()=>{
-    let mockReq;
-    let mockEmailService;
-    const config = {
-        subscribersSlug: 'subscribers'
-    };
-    beforeEach(()=>{
-        clearCollections();
-        seedCollection('subscribers', mockSubscribers);
-        const payloadMock = createPayloadRequestMock();
-        mockReq = {
-            payload: payloadMock.payload,
-            user: null
-        };
-        mockEmailService = createResendMock();
-        getEmailService.mockResolvedValue(mockEmailService);
-        vi.clearAllMocks();
-    });
-    describe('beforeChange Hook', ()=>{
-        it('should normalize email addresses', async ()=>{
-            const beforeChangeHook = async ({ data, req, operation })=>{
-                if (operation === 'create' && data.email) {
-                    data.email = data.email.trim().toLowerCase();
-                }
-                return data;
-            };
-            const result = await beforeChangeHook({
-                data: {
-                    email: '  USER@EXAMPLE.COM  ',
-                    name: 'Test'
-                },
-                req: mockReq,
-                operation: 'create',
-                originalDoc: null
-            });
-            expect(result.email).toBe('user@example.com');
-        });
-        it('should prevent email changes on update', async ()=>{
-            const beforeChangeHook = async ({ data, req, operation, originalDoc })=>{
-                if (operation === 'update' && data.email && originalDoc?.email !== data.email) {
-                    throw new Error('Email cannot be changed');
-                }
-                return data;
-            };
-            await expect(beforeChangeHook({
-                data: {
-                    email: 'newemail@example.com'
-                },
-                req: mockReq,
-                operation: 'update',
-                originalDoc: {
-                    email: 'oldemail@example.com'
-                }
-            })).rejects.toThrow('Email cannot be changed');
-        });
-        it('should validate subscription status transitions', async ()=>{
-            const beforeChangeHook = async ({ data, req, operation, originalDoc })=>{
-                if (operation === 'update' && data.subscriptionStatus) {
-                    const oldStatus = originalDoc?.subscriptionStatus;
-                    const newStatus = data.subscriptionStatus;
-                    // Validate allowed transitions
-                    const allowedTransitions = {
-                        pending: [
-                            'active',
-                            'unsubscribed'
-                        ],
-                        active: [
-                            'unsubscribed'
-                        ],
-                        unsubscribed: [
-                            'pending'
-                        ]
-                    };
-                    if (!allowedTransitions[oldStatus]?.includes(newStatus)) {
-                        throw new Error(`Invalid status transition from ${oldStatus} to ${newStatus}`);
-                    }
-                }
-                return data;
-            };
-            // Valid transition
-            const result1 = await beforeChangeHook({
-                data: {
-                    subscriptionStatus: 'active'
-                },
-                req: mockReq,
-                operation: 'update',
-                originalDoc: {
-                    subscriptionStatus: 'pending'
-                }
-            });
-            expect(result1.subscriptionStatus).toBe('active');
-            // Invalid transition
-            await expect(beforeChangeHook({
-                data: {
-                    subscriptionStatus: 'pending'
-                },
-                req: mockReq,
-                operation: 'update',
-                originalDoc: {
-                    subscriptionStatus: 'active'
-                }
-            })).rejects.toThrow('Invalid status transition');
-        });
-        it('should set timestamps appropriately', async ()=>{
-            const beforeChangeHook = async ({ data, req, operation })=>{
-                const now = new Date();
-                if (operation === 'update') {
-                    // Set unsubscribedAt when unsubscribing
-                    if (data.subscriptionStatus === 'unsubscribed' && !data.unsubscribedAt) {
-                        data.unsubscribedAt = now;
-                    } else if (data.subscriptionStatus === 'pending' && data.unsubscribedAt !== undefined) {
-                        data.unsubscribedAt = null;
-                    }
-                }
-                return data;
-            };
-            // Unsubscribing
-            const result1 = await beforeChangeHook({
-                data: {
-                    subscriptionStatus: 'unsubscribed'
-                },
-                req: mockReq,
-                operation: 'update',
-                originalDoc: {
-                    subscriptionStatus: 'active'
-                }
-            });
-            expect(result1.unsubscribedAt).toBeInstanceOf(Date);
-            // Re-subscribing
-            const result2 = await beforeChangeHook({
-                data: {
-                    subscriptionStatus: 'pending',
-                    unsubscribedAt: new Date()
-                },
-                req: mockReq,
-                operation: 'update',
-                originalDoc: {
-                    subscriptionStatus: 'unsubscribed'
-                }
-            });
-            expect(result2.unsubscribedAt).toBeNull();
-        });
-        it('should prevent duplicate emails on create', async ()=>{
-            const beforeChangeHook = async ({ data, req, operation })=>{
-                if (operation === 'create' && data.email) {
-                    const existing = await req.payload.find({
-                        collection: 'subscribers',
-                        where: {
-                            email: {
-                                equals: data.email
-                            }
-                        }
-                    });
-                    if (existing.docs.length > 0) {
-                        throw new Error('Email already exists');
-                    }
-                }
-                return data;
-            };
-            seedCollection('subscribers', [
-                {
-                    id: 'existing',
-                    email: 'existing@example.com',
-                    subscriptionStatus: 'active'
-                }
-            ]);
-            await expect(beforeChangeHook({
-                data: {
-                    email: 'existing@example.com'
-                },
-                req: mockReq,
-                operation: 'create',
-                originalDoc: null
-            })).rejects.toThrow('Email already exists');
-        });
-    });
-    describe('afterChange Hook', ()=>{
-        it('should sync with email provider on create', async ()=>{
-            const afterChangeHook = async ({ doc, req, operation })=>{
-                if (operation === 'create') {
-                    const emailService = await getEmailService({
-                        provider: 'resend',
-                        apiKey: 'test-key',
-                        fromEmail: 'test@example.com',
-                        fromName: 'Test'
-                    });
-                    await emailService.emails.send({
-                        from: 'test@example.com',
-                        to: [
-                            doc.email
-                        ],
-                        subject: 'Welcome',
-                        html: '<p>Welcome!</p>'
-                    });
-                }
-                return doc;
-            };
-            await afterChangeHook({
-                doc: {
-                    id: 'new-sub',
-                    email: 'new@example.com'
-                },
-                req: mockReq,
-                operation: 'create',
-                previousDoc: null
-            });
-            expect(mockEmailService.emails.send).toHaveBeenCalledWith(expect.objectContaining({
-                to: [
-                    'new@example.com'
-                ]
-            }));
-        });
-        it('should handle email provider sync failures gracefully', async ()=>{
-            mockEmailService.emails.send.mockRejectedValueOnce(new Error('Provider error'));
-            const afterChangeHook = async ({ doc, req, operation })=>{
-                if (operation === 'create') {
-                    try {
-                        const emailService = await getEmailService({
-                            provider: 'resend',
-                            apiKey: 'test-key',
-                            fromEmail: 'test@example.com',
-                            fromName: 'Test'
-                        });
-                        await emailService.emails.send({
-                            from: 'test@example.com',
-                            to: [
-                                doc.email
-                            ],
-                            subject: 'Welcome',
-                            html: '<p>Welcome!</p>'
-                        });
-                    } catch (error) {
-                        // Log error but don't fail the operation
-                        console.error('Failed to sync with email provider:', error);
-                        // Could update a sync status field
-                        doc.emailProviderSyncStatus = 'failed';
-                    }
-                }
-                return doc;
-            };
-            const result = await afterChangeHook({
-                doc: {
-                    id: 'new-sub',
-                    email: 'new@example.com'
-                },
-                req: mockReq,
-                operation: 'create',
-                previousDoc: null
-            });
-            expect(result.emailProviderSyncStatus).toBe('failed');
-        });
-        it('should clean up magic link tokens after verification', async ()=>{
-            const afterChangeHook = async ({ doc, req, operation, previousDoc })=>{
-                if (operation === 'update' && previousDoc?.subscriptionStatus === 'pending' && doc.subscriptionStatus === 'active') {
-                    // Clear any magic link tokens
-                    await req.payload.update({
-                        collection: 'subscribers',
-                        id: doc.id,
-                        data: {
-                            magicLinkToken: null,
-                            magicLinkTokenExpiry: null
-                        }
-                    });
-                }
-                return doc;
-            };
-            mockReq.payload.update.mockResolvedValueOnce({
-                success: true
-            });
-            await afterChangeHook({
-                doc: {
-                    id: 'sub-123',
-                    subscriptionStatus: 'active'
-                },
-                req: mockReq,
-                operation: 'update',
-                previousDoc: {
-                    subscriptionStatus: 'pending'
-                }
-            });
-            expect(mockReq.payload.update).toHaveBeenCalledWith(expect.objectContaining({
-                data: {
-                    magicLinkToken: null,
-                    magicLinkTokenExpiry: null
-                }
-            }));
-        });
-    });
-    describe('beforeDelete Hook', ()=>{
-        it('should prevent deletion of active subscribers by non-admins', async ()=>{
-            const beforeDeleteHook = async ({ req, id })=>{
-                const subscriber = await req.payload.findByID({
-                    collection: 'subscribers',
-                    id
-                });
-                if (subscriber?.subscriptionStatus === 'active' && !req.user?.roles?.includes('admin')) {
-                    throw new Error('Only admins can delete active subscribers');
-                }
-            };
-            mockReq.user = {
-                id: 'user-123',
-                collection: 'users'
-            };
-            await expect(beforeDeleteHook({
-                req: mockReq,
-                id: 'sub-1'
-            })).rejects.toThrow('Only admins can delete active subscribers');
-            // Admin should be allowed
-            mockReq.user = createMockAdminUser();
-            await expect(beforeDeleteHook({
-                req: mockReq,
-                id: 'sub-1'
-            })).resolves.not.toThrow();
-        });
-        it('should clean up email provider data on delete', async ()=>{
-            const afterDeleteHook = async ({ doc, req })=>{
-                try {
-                    const emailService = await getEmailService({
-                        provider: 'broadcast',
-                        apiKey: 'test-key',
-                        fromEmail: 'test@example.com',
-                        fromName: 'Test'
-                    });
-                    // Remove from email provider
-                    if (doc.emailProviderId) {
-                        await emailService.contacts.delete(doc.emailProviderId);
-                    }
-                } catch (error) {
-                    console.error('Failed to remove from email provider:', error);
-                }
-            };
-            const mockBroadcast = createBroadcastMock();
-            getEmailService.mockResolvedValue(mockBroadcast);
-            await afterDeleteHook({
-                doc: {
-                    id: 'sub-123',
-                    email: 'test@example.com',
-                    emailProviderId: 'contact-123'
-                },
-                req: mockReq
-            });
-            expect(mockBroadcast.contacts.delete).toHaveBeenCalledWith('contact-123');
-        });
-    });
-});
-
-//# sourceMappingURL=subscriber-hooks.test.js.map

package/dist/src/__tests__/integration/collections/subscriber-hooks.test.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../../src/__tests__/integration/collections/subscriber-hooks.test.ts"],"sourcesContent":["import { describe, it, expect, beforeEach, vi } from 'vitest'\nimport type { CollectionBeforeChangeHook, CollectionAfterChangeHook } from 'payload'\nimport { createPayloadRequestMock, seedCollection, clearCollections, createMockAdminUser } from '../../mocks/payload'\nimport { mockSubscribers } from '../../fixtures/subscribers'\nimport { createResendMock } from '../../mocks/email-providers'\nimport type { NewsletterPluginConfig } from '../../../types'\n\n// Mock email service\nvi.mock('../../../services/email', () => ({\n  getEmailService: vi.fn(),\n}))\n\nimport { getEmailService } from '../../../services/email'\n\ndescribe('Subscriber Collection Hooks Security', () => {\n  let mockReq: any\n  let mockEmailService: any\n  const config: NewsletterPluginConfig = {\n    subscribersSlug: 'subscribers',\n  }\n\n  beforeEach(() => {\n    clearCollections()\n    seedCollection('subscribers', mockSubscribers)\n    \n    const payloadMock = createPayloadRequestMock()\n    mockReq = {\n      payload: payloadMock.payload,\n      user: null,\n    }\n    \n    mockEmailService = createResendMock()\n    ;(getEmailService as any).mockResolvedValue(mockEmailService)\n    \n    vi.clearAllMocks()\n  })\n\n  describe('beforeChange Hook', () => {\n    it('should normalize email addresses', async () => {\n      const beforeChangeHook: CollectionBeforeChangeHook = async ({ data, req, operation }) => {\n        if (operation === 'create' && data.email) {\n          data.email = data.email.trim().toLowerCase()\n        }\n        return data\n      }\n\n      const result = await beforeChangeHook({\n        data: { email: '  USER@EXAMPLE.COM  ', name: 'Test' },\n        req: mockReq,\n        operation: 'create',\n        originalDoc: null,\n      })\n\n      expect(result.email).toBe('user@example.com')\n    })\n\n    it('should prevent email changes on update', async () => {\n      const beforeChangeHook: CollectionBeforeChangeHook = async ({ data, req, operation, originalDoc }) => {\n        if (operation === 'update' && data.email && originalDoc?.email !== data.email) {\n          throw new Error('Email cannot be changed')\n        }\n        return data\n      }\n\n      await expect(\n        beforeChangeHook({\n          data: { email: 'newemail@example.com' },\n          req: mockReq,\n          operation: 'update',\n          originalDoc: { email: 'oldemail@example.com' },\n        })\n      ).rejects.toThrow('Email cannot be changed')\n    })\n\n    it('should validate subscription status transitions', async () => {\n      const beforeChangeHook: CollectionBeforeChangeHook = async ({ data, req, operation, originalDoc }) => {\n        if (operation === 'update' && data.subscriptionStatus) {\n          const oldStatus = originalDoc?.subscriptionStatus\n          const newStatus = data.subscriptionStatus\n          \n          // Validate allowed transitions\n          const allowedTransitions: Record<string, string[]> = {\n            pending: ['active', 'unsubscribed'],\n            active: ['unsubscribed'],\n            unsubscribed: ['pending'], // Re-subscription\n          }\n          \n          if (!allowedTransitions[oldStatus]?.includes(newStatus)) {\n            throw new Error(`Invalid status transition from ${oldStatus} to ${newStatus}`)\n          }\n        }\n        return data\n      }\n\n      // Valid transition\n      const result1 = await beforeChangeHook({\n        data: { subscriptionStatus: 'active' },\n        req: mockReq,\n        operation: 'update',\n        originalDoc: { subscriptionStatus: 'pending' },\n      })\n      expect(result1.subscriptionStatus).toBe('active')\n\n      // Invalid transition\n      await expect(\n        beforeChangeHook({\n          data: { subscriptionStatus: 'pending' },\n          req: mockReq,\n          operation: 'update',\n          originalDoc: { subscriptionStatus: 'active' },\n        })\n      ).rejects.toThrow('Invalid status transition')\n    })\n\n    it('should set timestamps appropriately', async () => {\n      const beforeChangeHook: CollectionBeforeChangeHook = async ({ data, req, operation }) => {\n        const now = new Date()\n        \n        if (operation === 'update') {\n          // Set unsubscribedAt when unsubscribing\n          if (data.subscriptionStatus === 'unsubscribed' && !data.unsubscribedAt) {\n            data.unsubscribedAt = now\n          }\n          // Clear unsubscribedAt when re-subscribing\n          else if (data.subscriptionStatus === 'pending' && data.unsubscribedAt !== undefined) {\n            data.unsubscribedAt = null\n          }\n        }\n        \n        return data\n      }\n\n      // Unsubscribing\n      const result1 = await beforeChangeHook({\n        data: { subscriptionStatus: 'unsubscribed' },\n        req: mockReq,\n        operation: 'update',\n        originalDoc: { subscriptionStatus: 'active' },\n      })\n      expect(result1.unsubscribedAt).toBeInstanceOf(Date)\n\n      // Re-subscribing\n      const result2 = await beforeChangeHook({\n        data: { subscriptionStatus: 'pending', unsubscribedAt: new Date() },\n        req: mockReq,\n        operation: 'update',\n        originalDoc: { subscriptionStatus: 'unsubscribed' },\n      })\n      expect(result2.unsubscribedAt).toBeNull()\n    })\n\n    it('should prevent duplicate emails on create', async () => {\n      const beforeChangeHook: CollectionBeforeChangeHook = async ({ data, req, operation }) => {\n        if (operation === 'create' && data.email) {\n          const existing = await req.payload.find({\n            collection: 'subscribers',\n            where: {\n              email: { equals: data.email },\n            },\n          })\n          \n          if (existing.docs.length > 0) {\n            throw new Error('Email already exists')\n          }\n        }\n        return data\n      }\n\n      seedCollection('subscribers', [{\n        id: 'existing',\n        email: 'existing@example.com',\n        subscriptionStatus: 'active',\n      }])\n\n      await expect(\n        beforeChangeHook({\n          data: { email: 'existing@example.com' },\n          req: mockReq,\n          operation: 'create',\n          originalDoc: null,\n        })\n      ).rejects.toThrow('Email already exists')\n    })\n  })\n\n  describe('afterChange Hook', () => {\n    it('should sync with email provider on create', async () => {\n      const afterChangeHook: CollectionAfterChangeHook = async ({ doc, req, operation }) => {\n        if (operation === 'create') {\n          const emailService = await getEmailService({\n            provider: 'resend',\n            apiKey: 'test-key',\n            fromEmail: 'test@example.com',\n            fromName: 'Test',\n          })\n          \n          await emailService.emails.send({\n            from: 'test@example.com',\n            to: [doc.email],\n            subject: 'Welcome',\n            html: '<p>Welcome!</p>',\n          })\n        }\n        return doc\n      }\n\n      await afterChangeHook({\n        doc: { id: 'new-sub', email: 'new@example.com' },\n        req: mockReq,\n        operation: 'create',\n        previousDoc: null,\n      })\n\n      expect(mockEmailService.emails.send).toHaveBeenCalledWith(\n        expect.objectContaining({\n          to: ['new@example.com'],\n        })\n      )\n    })\n\n    it('should handle email provider sync failures gracefully', async () => {\n      mockEmailService.emails.send.mockRejectedValueOnce(new Error('Provider error'))\n\n      const afterChangeHook: CollectionAfterChangeHook = async ({ doc, req, operation }) => {\n        if (operation === 'create') {\n          try {\n            const emailService = await getEmailService({\n              provider: 'resend',\n              apiKey: 'test-key',\n              fromEmail: 'test@example.com',\n              fromName: 'Test',\n            })\n            \n            await emailService.emails.send({\n              from: 'test@example.com',\n              to: [doc.email],\n              subject: 'Welcome',\n              html: '<p>Welcome!</p>',\n            })\n          } catch (error) {\n            // Log error but don't fail the operation\n            console.error('Failed to sync with email provider:', error)\n            // Could update a sync status field\n            doc.emailProviderSyncStatus = 'failed'\n          }\n        }\n        return doc\n      }\n\n      const result = await afterChangeHook({\n        doc: { id: 'new-sub', email: 'new@example.com' },\n        req: mockReq,\n        operation: 'create',\n        previousDoc: null,\n      })\n\n      expect(result.emailProviderSyncStatus).toBe('failed')\n    })\n\n    it('should clean up magic link tokens after verification', async () => {\n      const afterChangeHook: CollectionAfterChangeHook = async ({ doc, req, operation, previousDoc }) => {\n        if (operation === 'update' && \n            previousDoc?.subscriptionStatus === 'pending' && \n            doc.subscriptionStatus === 'active') {\n          // Clear any magic link tokens\n          await req.payload.update({\n            collection: 'subscribers',\n            id: doc.id,\n            data: {\n              magicLinkToken: null,\n              magicLinkTokenExpiry: null,\n            },\n          })\n        }\n        return doc\n      }\n\n      mockReq.payload.update.mockResolvedValueOnce({ success: true })\n\n      await afterChangeHook({\n        doc: { id: 'sub-123', subscriptionStatus: 'active' },\n        req: mockReq,\n        operation: 'update',\n        previousDoc: { subscriptionStatus: 'pending' },\n      })\n\n      expect(mockReq.payload.update).toHaveBeenCalledWith(\n        expect.objectContaining({\n          data: {\n            magicLinkToken: null,\n            magicLinkTokenExpiry: null,\n          },\n        })\n      )\n    })\n  })\n\n  describe('beforeDelete Hook', () => {\n    it('should prevent deletion of active subscribers by non-admins', async () => {\n      const beforeDeleteHook = async ({ req, id }: any) => {\n        const subscriber = await req.payload.findByID({\n          collection: 'subscribers',\n          id,\n        })\n        \n        if (subscriber?.subscriptionStatus === 'active' && !req.user?.roles?.includes('admin')) {\n          throw new Error('Only admins can delete active subscribers')\n        }\n      }\n\n      mockReq.user = { id: 'user-123', collection: 'users' }\n\n      await expect(\n        beforeDeleteHook({\n          req: mockReq,\n          id: 'sub-1', // Active subscriber\n        })\n      ).rejects.toThrow('Only admins can delete active subscribers')\n\n      // Admin should be allowed\n      mockReq.user = createMockAdminUser()\n      await expect(\n        beforeDeleteHook({\n          req: mockReq,\n          id: 'sub-1',\n        })\n      ).resolves.not.toThrow()\n    })\n\n    it('should clean up email provider data on delete', async () => {\n      const afterDeleteHook = async ({ doc, req }: any) => {\n        try {\n          const emailService = await getEmailService({\n            provider: 'broadcast',\n            apiKey: 'test-key',\n            fromEmail: 'test@example.com',\n            fromName: 'Test',\n          })\n          \n          // Remove from email provider\n          if (doc.emailProviderId) {\n            await emailService.contacts.delete(doc.emailProviderId)\n          }\n        } catch (error) {\n          console.error('Failed to remove from email provider:', error)\n        }\n      }\n\n      const mockBroadcast = createBroadcastMock()\n      ;(getEmailService as any).mockResolvedValue(mockBroadcast)\n\n      await afterDeleteHook({\n        doc: { id: 'sub-123', email: 'test@example.com', emailProviderId: 'contact-123' },\n        req: mockReq,\n      })\n\n      expect(mockBroadcast.contacts.delete).toHaveBeenCalledWith('contact-123')\n    })\n  })\n})"],"names":["describe","it","expect","beforeEach","vi","createPayloadRequestMock","seedCollection","clearCollections","createMockAdminUser","mockSubscribers","createResendMock","mock","getEmailService","fn","mockReq","mockEmailService","config","subscribersSlug","payloadMock","payload","user","mockResolvedValue","clearAllMocks","beforeChangeHook","data","req","operation","email","trim","toLowerCase","result","name","originalDoc","toBe","Error","rejects","toThrow","subscriptionStatus","oldStatus","newStatus","allowedTransitions","pending","active","unsubscribed","includes","result1","now","Date","unsubscribedAt","undefined","toBeInstanceOf","result2","toBeNull","existing","find","collection","where","equals","docs","length","id","afterChangeHook","doc","emailService","provider","apiKey","fromEmail","fromName","emails","send","from","to","subject","html","previousDoc","toHaveBeenCalledWith","objectContaining","mockRejectedValueOnce","error","console","emailProviderSyncStatus","update","magicLinkToken","magicLinkTokenExpiry","mockResolvedValueOnce","success","beforeDeleteHook","subscriber","findByID","roles","resolves","not","afterDeleteHook","emailProviderId","contacts","delete","mockBroadcast","createBroadcastMock"],"mappings":"AAAA,SAASA,QAAQ,EAAEC,EAAE,EAAEC,MAAM,EAAEC,UAAU,EAAEC,EAAE,QAAQ,SAAQ;AAE7D,SAASC,wBAAwB,EAAEC,cAAc,EAAEC,gBAAgB,EAAEC,mBAAmB,QAAQ,sBAAqB;AACrH,SAASC,eAAe,QAAQ,6BAA4B;AAC5D,SAASC,gBAAgB,QAAQ,8BAA6B;AAG9D,qBAAqB;AACrBN,GAAGO,IAAI,CAAC,2BAA2B,IAAO,CAAA;QACxCC,iBAAiBR,GAAGS,EAAE;IACxB,CAAA;AAEA,SAASD,eAAe,QAAQ,0BAAyB;AAEzDZ,SAAS,wCAAwC;IAC/C,IAAIc;IACJ,IAAIC;IACJ,MAAMC,SAAiC;QACrCC,iBAAiB;IACnB;IAEAd,WAAW;QACTI;QACAD,eAAe,eAAeG;QAE9B,MAAMS,cAAcb;QACpBS,UAAU;YACRK,SAASD,YAAYC,OAAO;YAC5BC,MAAM;QACR;QAEAL,mBAAmBL;QACjBE,gBAAwBS,iBAAiB,CAACN;QAE5CX,GAAGkB,aAAa;IAClB;IAEAtB,SAAS,qBAAqB;QAC5BC,GAAG,oCAAoC;YACrC,MAAMsB,mBAA+C,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAE;gBAClF,IAAIA,cAAc,YAAYF,KAAKG,KAAK,EAAE;oBACxCH,KAAKG,KAAK,GAAGH,KAAKG,KAAK,CAACC,IAAI,GAAGC,WAAW;gBAC5C;gBACA,OAAOL;YACT;YAEA,MAAMM,SAAS,MAAMP,iBAAiB;gBACpCC,MAAM;oBAAEG,OAAO;oBAAwBI,MAAM;gBAAO;gBACpDN,KAAKX;gBACLY,WAAW;gBACXM,aAAa;YACf;YAEA9B,OAAO4B,OAAOH,KAAK,EAAEM,IAAI,CAAC;QAC5B;QAEAhC,GAAG,0CAA0C;YAC3C,MAAMsB,mBAA+C,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAEM,WAAW,EAAE;gBAC/F,IAAIN,cAAc,YAAYF,KAAKG,KAAK,IAAIK,aAAaL,UAAUH,KAAKG,KAAK,EAAE;oBAC7E,MAAM,IAAIO,MAAM;gBAClB;gBACA,OAAOV;YACT;YAEA,MAAMtB,OACJqB,iBAAiB;gBACfC,MAAM;oBAAEG,OAAO;gBAAuB;gBACtCF,KAAKX;gBACLY,WAAW;gBACXM,aAAa;oBAAEL,OAAO;gBAAuB;YAC/C,IACAQ,OAAO,CAACC,OAAO,CAAC;QACpB;QAEAnC,GAAG,mDAAmD;YACpD,MAAMsB,mBAA+C,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAEM,WAAW,EAAE;gBAC/F,IAAIN,cAAc,YAAYF,KAAKa,kBAAkB,EAAE;oBACrD,MAAMC,YAAYN,aAAaK;oBAC/B,MAAME,YAAYf,KAAKa,kBAAkB;oBAEzC,+BAA+B;oBAC/B,MAAMG,qBAA+C;wBACnDC,SAAS;4BAAC;4BAAU;yBAAe;wBACnCC,QAAQ;4BAAC;yBAAe;wBACxBC,cAAc;4BAAC;yBAAU;oBAC3B;oBAEA,IAAI,CAACH,kBAAkB,CAACF,UAAU,EAAEM,SAASL,YAAY;wBACvD,MAAM,IAAIL,MAAM,CAAC,+BAA+B,EAAEI,UAAU,IAAI,EAAEC,WAAW;oBAC/E;gBACF;gBACA,OAAOf;YACT;YAEA,mBAAmB;YACnB,MAAMqB,UAAU,MAAMtB,iBAAiB;gBACrCC,MAAM;oBAAEa,oBAAoB;gBAAS;gBACrCZ,KAAKX;gBACLY,WAAW;gBACXM,aAAa;oBAAEK,oBAAoB;gBAAU;YAC/C;YACAnC,OAAO2C,QAAQR,kBAAkB,EAAEJ,IAAI,CAAC;YAExC,qBAAqB;YACrB,MAAM/B,OACJqB,iBAAiB;gBACfC,MAAM;oBAAEa,oBAAoB;gBAAU;gBACtCZ,KAAKX;gBACLY,WAAW;gBACXM,aAAa;oBAAEK,oBAAoB;gBAAS;YAC9C,IACAF,OAAO,CAACC,OAAO,CAAC;QACpB;QAEAnC,GAAG,uCAAuC;YACxC,MAAMsB,mBAA+C,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAE;gBAClF,MAAMoB,MAAM,IAAIC;gBAEhB,IAAIrB,cAAc,UAAU;oBAC1B,wCAAwC;oBACxC,IAAIF,KAAKa,kBAAkB,KAAK,kBAAkB,CAACb,KAAKwB,cAAc,EAAE;wBACtExB,KAAKwB,cAAc,GAAGF;oBACxB,OAEK,IAAItB,KAAKa,kBAAkB,KAAK,aAAab,KAAKwB,cAAc,KAAKC,WAAW;wBACnFzB,KAAKwB,cAAc,GAAG;oBACxB;gBACF;gBAEA,OAAOxB;YACT;YAEA,gBAAgB;YAChB,MAAMqB,UAAU,MAAMtB,iBAAiB;gBACrCC,MAAM;oBAAEa,oBAAoB;gBAAe;gBAC3CZ,KAAKX;gBACLY,WAAW;gBACXM,aAAa;oBAAEK,oBAAoB;gBAAS;YAC9C;YACAnC,OAAO2C,QAAQG,cAAc,EAAEE,cAAc,CAACH;YAE9C,iBAAiB;YACjB,MAAMI,UAAU,MAAM5B,iBAAiB;gBACrCC,MAAM;oBAAEa,oBAAoB;oBAAWW,gBAAgB,IAAID;gBAAO;gBAClEtB,KAAKX;gBACLY,WAAW;gBACXM,aAAa;oBAAEK,oBAAoB;gBAAe;YACpD;YACAnC,OAAOiD,QAAQH,cAAc,EAAEI,QAAQ;QACzC;QAEAnD,GAAG,6CAA6C;YAC9C,MAAMsB,mBAA+C,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAE;gBAClF,IAAIA,cAAc,YAAYF,KAAKG,KAAK,EAAE;oBACxC,MAAM0B,WAAW,MAAM5B,IAAIN,OAAO,CAACmC,IAAI,CAAC;wBACtCC,YAAY;wBACZC,OAAO;4BACL7B,OAAO;gCAAE8B,QAAQjC,KAAKG,KAAK;4BAAC;wBAC9B;oBACF;oBAEA,IAAI0B,SAASK,IAAI,CAACC,MAAM,GAAG,GAAG;wBAC5B,MAAM,IAAIzB,MAAM;oBAClB;gBACF;gBACA,OAAOV;YACT;YAEAlB,eAAe,eAAe;gBAAC;oBAC7BsD,IAAI;oBACJjC,OAAO;oBACPU,oBAAoB;gBACtB;aAAE;YAEF,MAAMnC,OACJqB,iBAAiB;gBACfC,MAAM;oBAAEG,OAAO;gBAAuB;gBACtCF,KAAKX;gBACLY,WAAW;gBACXM,aAAa;YACf,IACAG,OAAO,CAACC,OAAO,CAAC;QACpB;IACF;IAEApC,SAAS,oBAAoB;QAC3BC,GAAG,6CAA6C;YAC9C,MAAM4D,kBAA6C,OAAO,EAAEC,GAAG,EAAErC,GAAG,EAAEC,SAAS,EAAE;gBAC/E,IAAIA,cAAc,UAAU;oBAC1B,MAAMqC,eAAe,MAAMnD,gBAAgB;wBACzCoD,UAAU;wBACVC,QAAQ;wBACRC,WAAW;wBACXC,UAAU;oBACZ;oBAEA,MAAMJ,aAAaK,MAAM,CAACC,IAAI,CAAC;wBAC7BC,MAAM;wBACNC,IAAI;4BAACT,IAAInC,KAAK;yBAAC;wBACf6C,SAAS;wBACTC,MAAM;oBACR;gBACF;gBACA,OAAOX;YACT;YAEA,MAAMD,gBAAgB;gBACpBC,KAAK;oBAAEF,IAAI;oBAAWjC,OAAO;gBAAkB;gBAC/CF,KAAKX;gBACLY,WAAW;gBACXgD,aAAa;YACf;YAEAxE,OAAOa,iBAAiBqD,MAAM,CAACC,IAAI,EAAEM,oBAAoB,CACvDzE,OAAO0E,gBAAgB,CAAC;gBACtBL,IAAI;oBAAC;iBAAkB;YACzB;QAEJ;QAEAtE,GAAG,yDAAyD;YAC1Dc,iBAAiBqD,MAAM,CAACC,IAAI,CAACQ,qBAAqB,CAAC,IAAI3C,MAAM;YAE7D,MAAM2B,kBAA6C,OAAO,EAAEC,GAAG,EAAErC,GAAG,EAAEC,SAAS,EAAE;gBAC/E,IAAIA,cAAc,UAAU;oBAC1B,IAAI;wBACF,MAAMqC,eAAe,MAAMnD,gBAAgB;4BACzCoD,UAAU;4BACVC,QAAQ;4BACRC,WAAW;4BACXC,UAAU;wBACZ;wBAEA,MAAMJ,aAAaK,MAAM,CAACC,IAAI,CAAC;4BAC7BC,MAAM;4BACNC,IAAI;gCAACT,IAAInC,KAAK;6BAAC;4BACf6C,SAAS;4BACTC,MAAM;wBACR;oBACF,EAAE,OAAOK,OAAO;wBACd,yCAAyC;wBACzCC,QAAQD,KAAK,CAAC,uCAAuCA;wBACrD,mCAAmC;wBACnChB,IAAIkB,uBAAuB,GAAG;oBAChC;gBACF;gBACA,OAAOlB;YACT;YAEA,MAAMhC,SAAS,MAAM+B,gBAAgB;gBACnCC,KAAK;oBAAEF,IAAI;oBAAWjC,OAAO;gBAAkB;gBAC/CF,KAAKX;gBACLY,WAAW;gBACXgD,aAAa;YACf;YAEAxE,OAAO4B,OAAOkD,uBAAuB,EAAE/C,IAAI,CAAC;QAC9C;QAEAhC,GAAG,wDAAwD;YACzD,MAAM4D,kBAA6C,OAAO,EAAEC,GAAG,EAAErC,GAAG,EAAEC,SAAS,EAAEgD,WAAW,EAAE;gBAC5F,IAAIhD,cAAc,YACdgD,aAAarC,uBAAuB,aACpCyB,IAAIzB,kBAAkB,KAAK,UAAU;oBACvC,8BAA8B;oBAC9B,MAAMZ,IAAIN,OAAO,CAAC8D,MAAM,CAAC;wBACvB1B,YAAY;wBACZK,IAAIE,IAAIF,EAAE;wBACVpC,MAAM;4BACJ0D,gBAAgB;4BAChBC,sBAAsB;wBACxB;oBACF;gBACF;gBACA,OAAOrB;YACT;YAEAhD,QAAQK,OAAO,CAAC8D,MAAM,CAACG,qBAAqB,CAAC;gBAAEC,SAAS;YAAK;YAE7D,MAAMxB,gBAAgB;gBACpBC,KAAK;oBAAEF,IAAI;oBAAWvB,oBAAoB;gBAAS;gBACnDZ,KAAKX;gBACLY,WAAW;gBACXgD,aAAa;oBAAErC,oBAAoB;gBAAU;YAC/C;YAEAnC,OAAOY,QAAQK,OAAO,CAAC8D,MAAM,EAAEN,oBAAoB,CACjDzE,OAAO0E,gBAAgB,CAAC;gBACtBpD,MAAM;oBACJ0D,gBAAgB;oBAChBC,sBAAsB;gBACxB;YACF;QAEJ;IACF;IAEAnF,SAAS,qBAAqB;QAC5BC,GAAG,+DAA+D;YAChE,MAAMqF,mBAAmB,OAAO,EAAE7D,GAAG,EAAEmC,EAAE,EAAO;gBAC9C,MAAM2B,aAAa,MAAM9D,IAAIN,OAAO,CAACqE,QAAQ,CAAC;oBAC5CjC,YAAY;oBACZK;gBACF;gBAEA,IAAI2B,YAAYlD,uBAAuB,YAAY,CAACZ,IAAIL,IAAI,EAAEqE,OAAO7C,SAAS,UAAU;oBACtF,MAAM,IAAIV,MAAM;gBAClB;YACF;YAEApB,QAAQM,IAAI,GAAG;gBAAEwC,IAAI;gBAAYL,YAAY;YAAQ;YAErD,MAAMrD,OACJoF,iBAAiB;gBACf7D,KAAKX;gBACL8C,IAAI;YACN,IACAzB,OAAO,CAACC,OAAO,CAAC;YAElB,0BAA0B;YAC1BtB,QAAQM,IAAI,GAAGZ;YACf,MAAMN,OACJoF,iBAAiB;gBACf7D,KAAKX;gBACL8C,IAAI;YACN,IACA8B,QAAQ,CAACC,GAAG,CAACvD,OAAO;QACxB;QAEAnC,GAAG,iDAAiD;YAClD,MAAM2F,kBAAkB,OAAO,EAAE9B,GAAG,EAAErC,GAAG,EAAO;gBAC9C,IAAI;oBACF,MAAMsC,eAAe,MAAMnD,gBAAgB;wBACzCoD,UAAU;wBACVC,QAAQ;wBACRC,WAAW;wBACXC,UAAU;oBACZ;oBAEA,6BAA6B;oBAC7B,IAAIL,IAAI+B,eAAe,EAAE;wBACvB,MAAM9B,aAAa+B,QAAQ,CAACC,MAAM,CAACjC,IAAI+B,eAAe;oBACxD;gBACF,EAAE,OAAOf,OAAO;oBACdC,QAAQD,KAAK,CAAC,yCAAyCA;gBACzD;YACF;YAEA,MAAMkB,gBAAgBC;YACpBrF,gBAAwBS,iBAAiB,CAAC2E;YAE5C,MAAMJ,gBAAgB;gBACpB9B,KAAK;oBAAEF,IAAI;oBAAWjC,OAAO;oBAAoBkE,iBAAiB;gBAAc;gBAChFpE,KAAKX;YACP;YAEAZ,OAAO8F,cAAcF,QAAQ,CAACC,MAAM,EAAEpB,oBAAoB,CAAC;QAC7D;IACF;AACF"}

package/dist/src/__tests__/integration/endpoints/preferences.test.js

@@ -1,266 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import { createPreferencesEndpoint } from '../../../endpoints/preferences';
-import { createPayloadRequestMock, seedCollection, clearCollections, createMockAdminUser } from '../../mocks/payload';
-import { mockSubscribers } from '../../fixtures/subscribers';
-describe('Preferences Endpoint Security', ()=>{
-    let endpoint;
-    let mockReq;
-    let mockRes;
-    const config = {
-        subscribersSlug: 'subscribers'
-    };
-    beforeEach(()=>{
-        clearCollections();
-        seedCollection('subscribers', mockSubscribers);
-        endpoint = createPreferencesEndpoint(config);
-        const payloadMock = createPayloadRequestMock();
-        mockReq = {
-            payload: payloadMock.payload,
-            body: {},
-            user: null,
-            method: 'GET'
-        };
-        mockRes = {
-            status: vi.fn().mockReturnThis(),
-            json: vi.fn()
-        };
-        vi.clearAllMocks();
-    });
-    describe('GET - Read Preferences', ()=>{
-        it('should require authentication', async ()=>{
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(401);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'Authentication required'
-            });
-        });
-        it('should allow subscribers to read their own preferences', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(200);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: true,
-                preferences: expect.objectContaining({
-                    email: 'active@example.com',
-                    emailPreferences: {
-                        newsletter: true,
-                        announcements: true
-                    }
-                })
-            });
-        });
-        it('should prevent reading other subscribers preferences', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.query = {
-                subscriberId: 'sub-2'
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(403);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'You can only access your own preferences'
-            });
-        });
-        it('should allow admins to read any preferences', async ()=>{
-            mockReq.user = createMockAdminUser();
-            mockReq.query = {
-                subscriberId: 'sub-2'
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(200);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: true,
-                preferences: expect.objectContaining({
-                    email: 'pending@example.com'
-                })
-            });
-        });
-    });
-    describe('POST - Update Preferences', ()=>{
-        beforeEach(()=>{
-            mockReq.method = 'POST';
-        });
-        it('should require authentication', async ()=>{
-            mockReq.body = {
-                emailPreferences: {
-                    newsletter: false
-                }
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(401);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'Authentication required'
-            });
-        });
-        it('should allow subscribers to update their own preferences', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.body = {
-                emailPreferences: {
-                    newsletter: false,
-                    announcements: true
-                }
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockReq.payload.update).toHaveBeenCalledWith({
-                collection: 'subscribers',
-                id: 'sub-1',
-                data: {
-                    emailPreferences: {
-                        newsletter: false,
-                        announcements: true
-                    }
-                },
-                overrideAccess: false,
-                user: mockReq.user
-            });
-            expect(mockRes.status).toHaveBeenCalledWith(200);
-        });
-        it('should prevent updating other subscribers preferences', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.body = {
-                subscriberId: 'sub-2',
-                emailPreferences: {
-                    newsletter: false
-                }
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(403);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'You can only update your own preferences'
-            });
-        });
-        it('should validate preference structure', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.body = {
-                emailPreferences: {
-                    newsletter: 'yes',
-                    unknownField: true
-                }
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(400);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'Invalid preference values'
-            });
-        });
-        it('should prevent updating protected fields', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.body = {
-                email: 'newemail@example.com',
-                subscriptionStatus: 'active',
-                emailPreferences: {
-                    newsletter: false
-                }
-            };
-            await endpoint.handler(mockReq, mockRes);
-            // Should only update emailPreferences
-            expect(mockReq.payload.update).toHaveBeenCalledWith(expect.objectContaining({
-                data: {
-                    emailPreferences: {
-                        newsletter: false,
-                        announcements: true
-                    }
-                }
-            }));
-            // Should not include protected fields
-            const updateData = mockReq.payload.update.mock.calls[0][0].data;
-            expect(updateData).not.toHaveProperty('email');
-            expect(updateData).not.toHaveProperty('subscriptionStatus');
-        });
-    });
-    describe('Error Handling', ()=>{
-        it('should handle non-existent subscribers', async ()=>{
-            mockReq.user = {
-                id: 'sub-999',
-                email: 'ghost@example.com',
-                collection: 'subscribers'
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(404);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'Subscriber not found'
-            });
-        });
-        it('should handle database errors gracefully', async ()=>{
-            mockReq.user = {
-                id: 'sub-1',
-                email: 'active@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.payload.findByID.mockRejectedValueOnce(new Error('Database error'));
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(500);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'Failed to retrieve preferences'
-            });
-        });
-    });
-    describe('Unsubscribed Users', ()=>{
-        it('should allow unsubscribed users to view preferences', async ()=>{
-            mockReq.user = {
-                id: 'sub-3',
-                email: 'unsubscribed@example.com',
-                collection: 'subscribers'
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(200);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: true,
-                preferences: expect.objectContaining({
-                    subscriptionStatus: 'unsubscribed'
-                })
-            });
-        });
-        it('should prevent unsubscribed users from updating preferences', async ()=>{
-            mockReq.method = 'POST';
-            mockReq.user = {
-                id: 'sub-3',
-                email: 'unsubscribed@example.com',
-                collection: 'subscribers'
-            };
-            mockReq.body = {
-                emailPreferences: {
-                    newsletter: true
-                }
-            };
-            await endpoint.handler(mockReq, mockRes);
-            expect(mockRes.status).toHaveBeenCalledWith(403);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                success: false,
-                error: 'Cannot update preferences for unsubscribed users'
-            });
-        });
-    });
-});
-
-//# sourceMappingURL=preferences.test.js.map