payload-plugin-newsletter 0.3.2 → 0.4.5

package/dist/src/__tests__/setup/unit.setup.js

@@ -1,41 +0,0 @@
-import '@testing-library/jest-dom';
-import { vi } from 'vitest';
-// Mock environment variables
-process.env.JWT_SECRET = 'test-jwt-secret';
-process.env.PAYLOAD_SECRET = 'test-payload-secret';
-// Mock console methods to reduce noise in tests
-global.console = {
-    ...console,
-    error: vi.fn(),
-    warn: vi.fn()
-};
-// Mock window.location for browser-like tests
-Object.defineProperty(window, 'location', {
-    value: {
-        href: 'http://localhost:3000',
-        origin: 'http://localhost:3000',
-        search: ''
-    },
-    writable: true
-});
-// Mock localStorage
-const localStorageMock = {
-    getItem: vi.fn(),
-    setItem: vi.fn(),
-    removeItem: vi.fn(),
-    clear: vi.fn()
-};
-Object.defineProperty(window, 'localStorage', {
-    value: localStorageMock,
-    writable: true
-});
-// Reset mocks before each test
-beforeEach(()=>{
-    vi.clearAllMocks();
-    localStorageMock.getItem.mockReset();
-    localStorageMock.setItem.mockReset();
-    localStorageMock.removeItem.mockReset();
-    localStorageMock.clear.mockReset();
-});
-
-//# sourceMappingURL=unit.setup.js.map

package/dist/src/__tests__/setup/unit.setup.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../src/__tests__/setup/unit.setup.ts"],"sourcesContent":["import '@testing-library/jest-dom'\nimport { vi } from 'vitest'\n\n// Mock environment variables\nprocess.env.JWT_SECRET = 'test-jwt-secret'\nprocess.env.PAYLOAD_SECRET = 'test-payload-secret'\n\n// Mock console methods to reduce noise in tests\nglobal.console = {\n  ...console,\n  error: vi.fn(),\n  warn: vi.fn(),\n}\n\n// Mock window.location for browser-like tests\nObject.defineProperty(window, 'location', {\n  value: {\n    href: 'http://localhost:3000',\n    origin: 'http://localhost:3000',\n    search: '',\n  },\n  writable: true,\n})\n\n// Mock localStorage\nconst localStorageMock = {\n  getItem: vi.fn(),\n  setItem: vi.fn(),\n  removeItem: vi.fn(),\n  clear: vi.fn(),\n}\nObject.defineProperty(window, 'localStorage', {\n  value: localStorageMock,\n  writable: true,\n})\n\n// Reset mocks before each test\nbeforeEach(() => {\n  vi.clearAllMocks()\n  localStorageMock.getItem.mockReset()\n  localStorageMock.setItem.mockReset()\n  localStorageMock.removeItem.mockReset()\n  localStorageMock.clear.mockReset()\n})"],"names":["vi","process","env","JWT_SECRET","PAYLOAD_SECRET","global","console","error","fn","warn","Object","defineProperty","window","value","href","origin","search","writable","localStorageMock","getItem","setItem","removeItem","clear","beforeEach","clearAllMocks","mockReset"],"mappings":"AAAA,OAAO,4BAA2B;AAClC,SAASA,EAAE,QAAQ,SAAQ;AAE3B,6BAA6B;AAC7BC,QAAQC,GAAG,CAACC,UAAU,GAAG;AACzBF,QAAQC,GAAG,CAACE,cAAc,GAAG;AAE7B,gDAAgD;AAChDC,OAAOC,OAAO,GAAG;IACf,GAAGA,OAAO;IACVC,OAAOP,GAAGQ,EAAE;IACZC,MAAMT,GAAGQ,EAAE;AACb;AAEA,8CAA8C;AAC9CE,OAAOC,cAAc,CAACC,QAAQ,YAAY;IACxCC,OAAO;QACLC,MAAM;QACNC,QAAQ;QACRC,QAAQ;IACV;IACAC,UAAU;AACZ;AAEA,oBAAoB;AACpB,MAAMC,mBAAmB;IACvBC,SAASnB,GAAGQ,EAAE;IACdY,SAASpB,GAAGQ,EAAE;IACda,YAAYrB,GAAGQ,EAAE;IACjBc,OAAOtB,GAAGQ,EAAE;AACd;AACAE,OAAOC,cAAc,CAACC,QAAQ,gBAAgB;IAC5CC,OAAOK;IACPD,UAAU;AACZ;AAEA,+BAA+B;AAC/BM,WAAW;IACTvB,GAAGwB,aAAa;IAChBN,iBAAiBC,OAAO,CAACM,SAAS;IAClCP,iBAAiBE,OAAO,CAACK,SAAS;IAClCP,iBAAiBG,UAAU,CAACI,SAAS;IACrCP,iBAAiBI,KAAK,CAACG,SAAS;AAClC"}

package/dist/src/__tests__/unit/utils/access.test.js

@@ -1,116 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { isAdmin } from '../../../utils/access';
-describe('Access Control Utilities', ()=>{
-    describe('isAdmin', ()=>{
-        it('should return false for non-user collections', ()=>{
-            const subscriber = {
-                id: 'sub-123',
-                email: 'test@example.com',
-                collection: 'subscribers'
-            };
-            expect(isAdmin(subscriber)).toBe(false);
-        });
-        it('should return false for null or undefined user', ()=>{
-            expect(isAdmin(null)).toBe(false);
-            expect(isAdmin(undefined)).toBe(false);
-        });
-        it('should detect admin via roles array', ()=>{
-            const user = {
-                id: 'user-123',
-                email: 'admin@example.com',
-                collection: 'users',
-                roles: [
-                    'admin',
-                    'editor'
-                ]
-            };
-            expect(isAdmin(user)).toBe(true);
-        });
-        it('should detect admin via isAdmin boolean', ()=>{
-            const user = {
-                id: 'user-123',
-                email: 'admin@example.com',
-                collection: 'users',
-                isAdmin: true
-            };
-            expect(isAdmin(user)).toBe(true);
-        });
-        it('should detect admin via role string', ()=>{
-            const user = {
-                id: 'user-123',
-                email: 'admin@example.com',
-                collection: 'users',
-                role: 'admin'
-            };
-            expect(isAdmin(user)).toBe(true);
-        });
-        it('should detect admin via admin boolean', ()=>{
-            const user = {
-                id: 'user-123',
-                email: 'admin@example.com',
-                collection: 'users',
-                admin: true
-            };
-            expect(isAdmin(user)).toBe(true);
-        });
-        it('should return false for non-admin users', ()=>{
-            const user = {
-                id: 'user-123',
-                email: 'user@example.com',
-                collection: 'users',
-                roles: [
-                    'editor',
-                    'viewer'
-                ],
-                isAdmin: false,
-                role: 'editor',
-                admin: false
-            };
-            expect(isAdmin(user)).toBe(false);
-        });
-        it('should use custom isAdmin function when provided', ()=>{
-            const config = {
-                access: {
-                    isAdmin: (user)=>user?.customRole === 'super-admin'
-                }
-            };
-            const regularAdmin = {
-                id: 'user-123',
-                email: 'admin@example.com',
-                collection: 'users',
-                roles: [
-                    'admin'
-                ]
-            };
-            expect(isAdmin(regularAdmin, config)).toBe(false);
-            const customAdmin = {
-                id: 'user-456',
-                email: 'super@example.com',
-                collection: 'users',
-                customRole: 'super-admin'
-            };
-            expect(isAdmin(customAdmin, config)).toBe(true);
-        });
-        it('should handle edge cases gracefully', ()=>{
-            // Empty user object
-            const emptyUser = {
-                collection: 'users'
-            };
-            expect(isAdmin(emptyUser)).toBe(false);
-            // User with empty roles array
-            const userWithEmptyRoles = {
-                collection: 'users',
-                roles: []
-            };
-            expect(isAdmin(userWithEmptyRoles)).toBe(false);
-            // User with non-admin role string
-            const userWithNonAdminRole = {
-                collection: 'users',
-                role: 'viewer'
-            };
-            expect(isAdmin(userWithNonAdminRole)).toBe(false);
-        });
-    });
-});
-
-//# sourceMappingURL=access.test.js.map

package/dist/src/__tests__/unit/utils/access.test.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../../src/__tests__/unit/utils/access.test.ts"],"sourcesContent":["import { describe, it, expect } from 'vitest'\nimport { isAdmin } from '../../../utils/access'\nimport type { NewsletterPluginConfig } from '../../../types'\n\ndescribe('Access Control Utilities', () => {\n  describe('isAdmin', () => {\n    it('should return false for non-user collections', () => {\n      const subscriber = {\n        id: 'sub-123',\n        email: 'test@example.com',\n        collection: 'subscribers',\n      }\n      expect(isAdmin(subscriber)).toBe(false)\n    })\n\n    it('should return false for null or undefined user', () => {\n      expect(isAdmin(null)).toBe(false)\n      expect(isAdmin(undefined)).toBe(false)\n    })\n\n    it('should detect admin via roles array', () => {\n      const user = {\n        id: 'user-123',\n        email: 'admin@example.com',\n        collection: 'users',\n        roles: ['admin', 'editor'],\n      }\n      expect(isAdmin(user)).toBe(true)\n    })\n\n    it('should detect admin via isAdmin boolean', () => {\n      const user = {\n        id: 'user-123',\n        email: 'admin@example.com',\n        collection: 'users',\n        isAdmin: true,\n      }\n      expect(isAdmin(user)).toBe(true)\n    })\n\n    it('should detect admin via role string', () => {\n      const user = {\n        id: 'user-123',\n        email: 'admin@example.com',\n        collection: 'users',\n        role: 'admin',\n      }\n      expect(isAdmin(user)).toBe(true)\n    })\n\n    it('should detect admin via admin boolean', () => {\n      const user = {\n        id: 'user-123',\n        email: 'admin@example.com',\n        collection: 'users',\n        admin: true,\n      }\n      expect(isAdmin(user)).toBe(true)\n    })\n\n    it('should return false for non-admin users', () => {\n      const user = {\n        id: 'user-123',\n        email: 'user@example.com',\n        collection: 'users',\n        roles: ['editor', 'viewer'],\n        isAdmin: false,\n        role: 'editor',\n        admin: false,\n      }\n      expect(isAdmin(user)).toBe(false)\n    })\n\n    it('should use custom isAdmin function when provided', () => {\n      const config: NewsletterPluginConfig = {\n        access: {\n          isAdmin: (user) => user?.customRole === 'super-admin',\n        },\n      }\n\n      const regularAdmin = {\n        id: 'user-123',\n        email: 'admin@example.com',\n        collection: 'users',\n        roles: ['admin'],\n      }\n      expect(isAdmin(regularAdmin, config)).toBe(false)\n\n      const customAdmin = {\n        id: 'user-456',\n        email: 'super@example.com',\n        collection: 'users',\n        customRole: 'super-admin',\n      }\n      expect(isAdmin(customAdmin, config)).toBe(true)\n    })\n\n    it('should handle edge cases gracefully', () => {\n      // Empty user object\n      const emptyUser = { collection: 'users' }\n      expect(isAdmin(emptyUser)).toBe(false)\n\n      // User with empty roles array\n      const userWithEmptyRoles = {\n        collection: 'users',\n        roles: [],\n      }\n      expect(isAdmin(userWithEmptyRoles)).toBe(false)\n\n      // User with non-admin role string\n      const userWithNonAdminRole = {\n        collection: 'users',\n        role: 'viewer',\n      }\n      expect(isAdmin(userWithNonAdminRole)).toBe(false)\n    })\n  })\n})"],"names":["describe","it","expect","isAdmin","subscriber","id","email","collection","toBe","undefined","user","roles","role","admin","config","access","customRole","regularAdmin","customAdmin","emptyUser","userWithEmptyRoles","userWithNonAdminRole"],"mappings":"AAAA,SAASA,QAAQ,EAAEC,EAAE,EAAEC,MAAM,QAAQ,SAAQ;AAC7C,SAASC,OAAO,QAAQ,wBAAuB;AAG/CH,SAAS,4BAA4B;IACnCA,SAAS,WAAW;QAClBC,GAAG,gDAAgD;YACjD,MAAMG,aAAa;gBACjBC,IAAI;gBACJC,OAAO;gBACPC,YAAY;YACd;YACAL,OAAOC,QAAQC,aAAaI,IAAI,CAAC;QACnC;QAEAP,GAAG,kDAAkD;YACnDC,OAAOC,QAAQ,OAAOK,IAAI,CAAC;YAC3BN,OAAOC,QAAQM,YAAYD,IAAI,CAAC;QAClC;QAEAP,GAAG,uCAAuC;YACxC,MAAMS,OAAO;gBACXL,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZI,OAAO;oBAAC;oBAAS;iBAAS;YAC5B;YACAT,OAAOC,QAAQO,OAAOF,IAAI,CAAC;QAC7B;QAEAP,GAAG,2CAA2C;YAC5C,MAAMS,OAAO;gBACXL,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZJ,SAAS;YACX;YACAD,OAAOC,QAAQO,OAAOF,IAAI,CAAC;QAC7B;QAEAP,GAAG,uCAAuC;YACxC,MAAMS,OAAO;gBACXL,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZK,MAAM;YACR;YACAV,OAAOC,QAAQO,OAAOF,IAAI,CAAC;QAC7B;QAEAP,GAAG,yCAAyC;YAC1C,MAAMS,OAAO;gBACXL,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZM,OAAO;YACT;YACAX,OAAOC,QAAQO,OAAOF,IAAI,CAAC;QAC7B;QAEAP,GAAG,2CAA2C;YAC5C,MAAMS,OAAO;gBACXL,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZI,OAAO;oBAAC;oBAAU;iBAAS;gBAC3BR,SAAS;gBACTS,MAAM;gBACNC,OAAO;YACT;YACAX,OAAOC,QAAQO,OAAOF,IAAI,CAAC;QAC7B;QAEAP,GAAG,oDAAoD;YACrD,MAAMa,SAAiC;gBACrCC,QAAQ;oBACNZ,SAAS,CAACO,OAASA,MAAMM,eAAe;gBAC1C;YACF;YAEA,MAAMC,eAAe;gBACnBZ,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZI,OAAO;oBAAC;iBAAQ;YAClB;YACAT,OAAOC,QAAQc,cAAcH,SAASN,IAAI,CAAC;YAE3C,MAAMU,cAAc;gBAClBb,IAAI;gBACJC,OAAO;gBACPC,YAAY;gBACZS,YAAY;YACd;YACAd,OAAOC,QAAQe,aAAaJ,SAASN,IAAI,CAAC;QAC5C;QAEAP,GAAG,uCAAuC;YACxC,oBAAoB;YACpB,MAAMkB,YAAY;gBAAEZ,YAAY;YAAQ;YACxCL,OAAOC,QAAQgB,YAAYX,IAAI,CAAC;YAEhC,8BAA8B;YAC9B,MAAMY,qBAAqB;gBACzBb,YAAY;gBACZI,OAAO,EAAE;YACX;YACAT,OAAOC,QAAQiB,qBAAqBZ,IAAI,CAAC;YAEzC,kCAAkC;YAClC,MAAMa,uBAAuB;gBAC3Bd,YAAY;gBACZK,MAAM;YACR;YACAV,OAAOC,QAAQkB,uBAAuBb,IAAI,CAAC;QAC7C;IACF;AACF"}

package/dist/src/__tests__/unit/utils/jwt.test.js

@@ -1,238 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import jwt from 'jsonwebtoken';
-import { generateMagicLinkToken, verifyMagicLinkToken, generateSessionToken, verifySessionToken, generateMagicLinkURL } from '../../../utils/jwt';
-// Mock jsonwebtoken
-vi.mock('jsonwebtoken', ()=>({
-        default: {
-            sign: vi.fn(),
-            verify: vi.fn(),
-            TokenExpiredError: class TokenExpiredError extends Error {
-                constructor(message, expiredAt){
-                    super(message);
-                    this.name = 'TokenExpiredError';
-                }
-            },
-            JsonWebTokenError: class JsonWebTokenError extends Error {
-                constructor(message){
-                    super(message);
-                    this.name = 'JsonWebTokenError';
-                }
-            }
-        }
-    }));
-describe('JWT Utilities Security', ()=>{
-    const mockSecret = 'test-secret-key';
-    const mockConfig = {};
-    beforeEach(()=>{
-        process.env.JWT_SECRET = mockSecret;
-        vi.clearAllMocks();
-    });
-    describe('generateMagicLinkToken', ()=>{
-        it('should generate token with correct payload', ()=>{
-            const mockToken = 'mock-magic-link-token';
-            jwt.sign.mockReturnValue(mockToken);
-            const token = generateMagicLinkToken('sub-123', 'test@example.com', mockConfig);
-            expect(jwt.sign).toHaveBeenCalledWith({
-                subscriberId: 'sub-123',
-                email: 'test@example.com',
-                type: 'magic-link'
-            }, mockSecret, {
-                expiresIn: '7d',
-                issuer: 'payload-newsletter-plugin'
-            });
-            expect(token).toBe(mockToken);
-        });
-        it('should respect custom token expiration', ()=>{
-            const customConfig = {
-                auth: {
-                    tokenExpiration: '24h'
-                }
-            };
-            generateMagicLinkToken('sub-123', 'test@example.com', customConfig);
-            const options = jwt.sign.mock.calls[0][2];
-            expect(options.expiresIn).toBe('24h');
-        });
-        it('should include correct token type', ()=>{
-            generateMagicLinkToken('sub-123', 'test@example.com', mockConfig);
-            const payload = jwt.sign.mock.calls[0][0];
-            expect(payload.type).toBe('magic-link');
-            expect(payload).not.toHaveProperty('action'); // No action field in actual implementation
-        });
-    });
-    describe('verifyMagicLinkToken', ()=>{
-        it('should verify and return valid token payload', ()=>{
-            const mockPayload = {
-                subscriberId: 'sub-123',
-                email: 'test@example.com',
-                type: 'magic-link'
-            };
-            jwt.verify.mockReturnValue(mockPayload);
-            const payload = verifyMagicLinkToken('valid-token');
-            expect(jwt.verify).toHaveBeenCalledWith('valid-token', mockSecret, {
-                issuer: 'payload-newsletter-plugin'
-            });
-            expect(payload).toEqual(mockPayload);
-        });
-        it('should reject tokens with wrong type', ()=>{
-            const wrongTypePayload = {
-                subscriberId: 'sub-123',
-                email: 'test@example.com',
-                type: 'session'
-            };
-            jwt.verify.mockReturnValue(wrongTypePayload);
-            expect(()=>verifyMagicLinkToken('wrong-type-token')).toThrow('Invalid token type');
-        });
-        it('should handle expired tokens', ()=>{
-            ;
-            jwt.verify.mockImplementation(()=>{
-                const error = new Error('Token expired');
-                error.name = 'TokenExpiredError';
-                throw error;
-            });
-            expect(()=>verifyMagicLinkToken('expired-token')).toThrow('Magic link has expired');
-        });
-        it('should handle malformed tokens', ()=>{
-            ;
-            jwt.verify.mockImplementation(()=>{
-                const error = new Error('Malformed token');
-                error.name = 'JsonWebTokenError';
-                throw error;
-            });
-            expect(()=>verifyMagicLinkToken('malformed-token')).toThrow('Invalid magic link token');
-        });
-        it('should validate required fields', ()=>{
-            const incompletePayload = {
-                subscriberId: 'sub-123',
-                // Missing email
-                type: 'magic-link'
-            };
-            jwt.verify.mockReturnValue(incompletePayload);
-            // The actual implementation doesn't validate fields, just type
-            const payload = verifyMagicLinkToken('incomplete-token');
-            expect(payload).toEqual(incompletePayload);
-        });
-    });
-    describe('generateSessionToken', ()=>{
-        it('should generate session token with correct payload', ()=>{
-            const mockToken = 'mock-session-token';
-            jwt.sign.mockReturnValue(mockToken);
-            const token = generateSessionToken('sub-123', 'test@example.com');
-            expect(jwt.sign).toHaveBeenCalledWith({
-                subscriberId: 'sub-123',
-                email: 'test@example.com',
-                type: 'session'
-            }, mockSecret, {
-                expiresIn: '30d',
-                issuer: 'payload-newsletter-plugin'
-            });
-            expect(token).toBe(mockToken);
-        });
-        it('should set correct token type', ()=>{
-            generateSessionToken('sub-123', 'test@example.com');
-            const payload = jwt.sign.mock.calls[0][0];
-            expect(payload.type).toBe('session');
-            expect(payload.subscriberId).toBe('sub-123');
-        });
-        it('should set longer expiration for sessions', ()=>{
-            generateSessionToken('sub-123', 'test@example.com');
-            const options = jwt.sign.mock.calls[0][2];
-            expect(options.expiresIn).toBe('30d');
-        });
-    });
-    describe('verifySessionToken', ()=>{
-        it('should verify and return valid session payload', ()=>{
-            const mockPayload = {
-                subscriberId: 'sub-123',
-                email: 'test@example.com',
-                type: 'session'
-            };
-            jwt.verify.mockReturnValue(mockPayload);
-            const payload = verifySessionToken('valid-session');
-            expect(jwt.verify).toHaveBeenCalledWith('valid-session', mockSecret, {
-                issuer: 'payload-newsletter-plugin'
-            });
-            expect(payload).toEqual(mockPayload);
-        });
-        it('should reject non-session tokens', ()=>{
-            const magicLinkPayload = {
-                subscriberId: 'sub-123',
-                email: 'test@example.com',
-                type: 'magic-link'
-            };
-            jwt.verify.mockReturnValue(magicLinkPayload);
-            expect(()=>verifySessionToken('magic-link-token')).toThrow('Invalid token type');
-        });
-        it('should handle expired session tokens', ()=>{
-            ;
-            jwt.verify.mockImplementation(()=>{
-                const error = new Error('Token expired');
-                error.name = 'TokenExpiredError';
-                throw error;
-            });
-            expect(()=>verifySessionToken('expired-token')).toThrow('Session has expired');
-        });
-    });
-    describe('Environment Configuration', ()=>{
-        it('should use fallback secret if JWT_SECRET is not set', ()=>{
-            delete process.env.JWT_SECRET;
-            delete process.env.PAYLOAD_SECRET;
-            // Should not throw, uses development placeholder
-            expect(()=>generateMagicLinkToken('sub-123', 'test@example.com', mockConfig)).not.toThrow();
-            // Check that it uses the placeholder secret
-            expect(jwt.sign).toHaveBeenCalledWith(expect.any(Object), 'INSECURE_DEVELOPMENT_SECRET_PLEASE_SET_JWT_SECRET', expect.any(Object));
-        });
-        it('should use PAYLOAD_SECRET as fallback', ()=>{
-            delete process.env.JWT_SECRET;
-            process.env.PAYLOAD_SECRET = 'payload-secret';
-            generateMagicLinkToken('sub-123', 'test@example.com', mockConfig);
-            expect(jwt.sign).toHaveBeenCalledWith(expect.any(Object), 'payload-secret', expect.any(Object));
-        });
-        it('should not expose secret in error messages', ()=>{
-            process.env.JWT_SECRET = 'super-secret-key-12345';
-            jwt.verify.mockImplementation(()=>{
-                throw new Error('invalid signature');
-            });
-            try {
-                verifyMagicLinkToken('bad-token');
-            } catch (error) {
-                expect(error.message).not.toContain('super-secret-key-12345');
-            }
-        });
-    });
-    describe('Token Security', ()=>{
-        it('should not allow algorithm switching attacks', ()=>{
-            // Ensure tokens are verified with the expected algorithm
-            const maliciousToken = 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWJzY3JpYmVySWQiOiJzdWItMTIzIn0.';
-            jwt.verify.mockImplementation(()=>{
-                const error = new Error('invalid algorithm');
-                error.name = 'JsonWebTokenError';
-                throw error;
-            });
-            expect(()=>verifyMagicLinkToken(maliciousToken)).toThrow('Invalid magic link token');
-        });
-    });
-    describe('generateMagicLinkURL', ()=>{
-        it('should generate valid magic link URLs', ()=>{
-            const token = 'test-token-123';
-            const baseURL = 'https://example.com';
-            const url = generateMagicLinkURL(token, baseURL, mockConfig);
-            expect(url).toBe('https://example.com/newsletter/verify?token=test-token-123');
-        });
-        it('should use custom path from config', ()=>{
-            const customConfig = {
-                auth: {
-                    magicLinkPath: '/auth/magic'
-                }
-            };
-            const url = generateMagicLinkURL('token-123', 'https://example.com', customConfig);
-            expect(url).toBe('https://example.com/auth/magic?token=token-123');
-        });
-        it('should properly encode token in URL', ()=>{
-            const tokenWithSpecialChars = 'token+with/special=chars';
-            const url = generateMagicLinkURL(tokenWithSpecialChars, 'https://example.com', mockConfig);
-            expect(url).toContain(encodeURIComponent(tokenWithSpecialChars));
-        });
-    });
-});
-
-//# sourceMappingURL=jwt.test.js.map

package/dist/src/__tests__/unit/utils/jwt.test.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../../src/__tests__/unit/utils/jwt.test.ts"],"sourcesContent":["import { describe, it, expect, beforeEach, vi } from 'vitest'\nimport jwt from 'jsonwebtoken'\nimport {\n  generateMagicLinkToken,\n  verifyMagicLinkToken,\n  generateSessionToken,\n  verifySessionToken,\n  generateMagicLinkURL,\n} from '../../../utils/jwt'\nimport type { NewsletterPluginConfig } from '../../../types'\n\n// Mock jsonwebtoken\nvi.mock('jsonwebtoken', () => ({\n  default: {\n    sign: vi.fn(),\n    verify: vi.fn(),\n    TokenExpiredError: class TokenExpiredError extends Error {\n      constructor(message: string, expiredAt: Date) {\n        super(message)\n        this.name = 'TokenExpiredError'\n      }\n    },\n    JsonWebTokenError: class JsonWebTokenError extends Error {\n      constructor(message: string) {\n        super(message)\n        this.name = 'JsonWebTokenError'\n      }\n    },\n  },\n}))\n\ndescribe('JWT Utilities Security', () => {\n  const mockSecret = 'test-secret-key'\n  const mockConfig: NewsletterPluginConfig = {}\n  \n  beforeEach(() => {\n    process.env.JWT_SECRET = mockSecret\n    vi.clearAllMocks()\n  })\n\n  describe('generateMagicLinkToken', () => {\n    it('should generate token with correct payload', () => {\n      const mockToken = 'mock-magic-link-token'\n      ;(jwt.sign as any).mockReturnValue(mockToken)\n\n      const token = generateMagicLinkToken('sub-123', 'test@example.com', mockConfig)\n\n      expect(jwt.sign).toHaveBeenCalledWith(\n        {\n          subscriberId: 'sub-123',\n          email: 'test@example.com',\n          type: 'magic-link',\n        },\n        mockSecret,\n        {\n          expiresIn: '7d',\n          issuer: 'payload-newsletter-plugin',\n        }\n      )\n      expect(token).toBe(mockToken)\n    })\n\n    it('should respect custom token expiration', () => {\n      const customConfig: NewsletterPluginConfig = {\n        auth: {\n          tokenExpiration: '24h',\n        },\n      }\n      \n      generateMagicLinkToken('sub-123', 'test@example.com', customConfig)\n\n      const options = (jwt.sign as any).mock.calls[0][2]\n      expect(options.expiresIn).toBe('24h')\n    })\n\n    it('should include correct token type', () => {\n      generateMagicLinkToken('sub-123', 'test@example.com', mockConfig)\n\n      const payload = (jwt.sign as any).mock.calls[0][0]\n      expect(payload.type).toBe('magic-link')\n      expect(payload).not.toHaveProperty('action') // No action field in actual implementation\n    })\n  })\n\n  describe('verifyMagicLinkToken', () => {\n    it('should verify and return valid token payload', () => {\n      const mockPayload = {\n        subscriberId: 'sub-123',\n        email: 'test@example.com',\n        type: 'magic-link',\n      }\n      ;(jwt.verify as any).mockReturnValue(mockPayload)\n\n      const payload = verifyMagicLinkToken('valid-token')\n\n      expect(jwt.verify).toHaveBeenCalledWith('valid-token', mockSecret, {\n        issuer: 'payload-newsletter-plugin',\n      })\n      expect(payload).toEqual(mockPayload)\n    })\n\n    it('should reject tokens with wrong type', () => {\n      const wrongTypePayload = {\n        subscriberId: 'sub-123',\n        email: 'test@example.com',\n        type: 'session', // Wrong type\n      }\n      ;(jwt.verify as any).mockReturnValue(wrongTypePayload)\n\n      expect(() => verifyMagicLinkToken('wrong-type-token')).toThrow('Invalid token type')\n    })\n\n    it('should handle expired tokens', () => {\n      ;(jwt.verify as any).mockImplementation(() => {\n        const error = new Error('Token expired')\n        error.name = 'TokenExpiredError'\n        throw error\n      })\n\n      expect(() => verifyMagicLinkToken('expired-token')).toThrow('Magic link has expired')\n    })\n\n    it('should handle malformed tokens', () => {\n      ;(jwt.verify as any).mockImplementation(() => {\n        const error = new Error('Malformed token')\n        error.name = 'JsonWebTokenError'\n        throw error\n      })\n\n      expect(() => verifyMagicLinkToken('malformed-token')).toThrow('Invalid magic link token')\n    })\n\n    it('should validate required fields', () => {\n      const incompletePayload = {\n        subscriberId: 'sub-123',\n        // Missing email\n        type: 'magic-link',\n      }\n      ;(jwt.verify as any).mockReturnValue(incompletePayload)\n\n      // The actual implementation doesn't validate fields, just type\n      const payload = verifyMagicLinkToken('incomplete-token')\n      expect(payload).toEqual(incompletePayload)\n    })\n  })\n\n  describe('generateSessionToken', () => {\n    it('should generate session token with correct payload', () => {\n      const mockToken = 'mock-session-token'\n      ;(jwt.sign as any).mockReturnValue(mockToken)\n\n      const token = generateSessionToken('sub-123', 'test@example.com')\n\n      expect(jwt.sign).toHaveBeenCalledWith(\n        {\n          subscriberId: 'sub-123',\n          email: 'test@example.com',\n          type: 'session',\n        },\n        mockSecret,\n        {\n          expiresIn: '30d',\n          issuer: 'payload-newsletter-plugin',\n        }\n      )\n      expect(token).toBe(mockToken)\n    })\n\n    it('should set correct token type', () => {\n      generateSessionToken('sub-123', 'test@example.com')\n\n      const payload = (jwt.sign as any).mock.calls[0][0]\n      expect(payload.type).toBe('session')\n      expect(payload.subscriberId).toBe('sub-123')\n    })\n\n    it('should set longer expiration for sessions', () => {\n      generateSessionToken('sub-123', 'test@example.com')\n\n      const options = (jwt.sign as any).mock.calls[0][2]\n      expect(options.expiresIn).toBe('30d')\n    })\n  })\n\n  describe('verifySessionToken', () => {\n    it('should verify and return valid session payload', () => {\n      const mockPayload = {\n        subscriberId: 'sub-123',\n        email: 'test@example.com',\n        type: 'session',\n      }\n      ;(jwt.verify as any).mockReturnValue(mockPayload)\n\n      const payload = verifySessionToken('valid-session')\n\n      expect(jwt.verify).toHaveBeenCalledWith('valid-session', mockSecret, {\n        issuer: 'payload-newsletter-plugin',\n      })\n      expect(payload).toEqual(mockPayload)\n    })\n\n    it('should reject non-session tokens', () => {\n      const magicLinkPayload = {\n        subscriberId: 'sub-123',\n        email: 'test@example.com',\n        type: 'magic-link', // Wrong type for session\n      }\n      ;(jwt.verify as any).mockReturnValue(magicLinkPayload)\n\n      expect(() => verifySessionToken('magic-link-token')).toThrow('Invalid token type')\n    })\n\n    it('should handle expired session tokens', () => {\n      ;(jwt.verify as any).mockImplementation(() => {\n        const error = new Error('Token expired')\n        error.name = 'TokenExpiredError'\n        throw error\n      })\n\n      expect(() => verifySessionToken('expired-token')).toThrow('Session has expired')\n    })\n  })\n\n  describe('Environment Configuration', () => {\n    it('should use fallback secret if JWT_SECRET is not set', () => {\n      delete process.env.JWT_SECRET\n      delete process.env.PAYLOAD_SECRET\n\n      // Should not throw, uses development placeholder\n      expect(() => generateMagicLinkToken('sub-123', 'test@example.com', mockConfig)).not.toThrow()\n      \n      // Check that it uses the placeholder secret\n      expect(jwt.sign).toHaveBeenCalledWith(\n        expect.any(Object),\n        'INSECURE_DEVELOPMENT_SECRET_PLEASE_SET_JWT_SECRET',\n        expect.any(Object)\n      )\n    })\n\n    it('should use PAYLOAD_SECRET as fallback', () => {\n      delete process.env.JWT_SECRET\n      process.env.PAYLOAD_SECRET = 'payload-secret'\n\n      generateMagicLinkToken('sub-123', 'test@example.com', mockConfig)\n\n      expect(jwt.sign).toHaveBeenCalledWith(\n        expect.any(Object),\n        'payload-secret',\n        expect.any(Object)\n      )\n    })\n\n    it('should not expose secret in error messages', () => {\n      process.env.JWT_SECRET = 'super-secret-key-12345'\n      ;(jwt.verify as any).mockImplementation(() => {\n        throw new Error('invalid signature')\n      })\n\n      try {\n        verifyMagicLinkToken('bad-token')\n      } catch (error: any) {\n        expect(error.message).not.toContain('super-secret-key-12345')\n      }\n    })\n  })\n\n  describe('Token Security', () => {\n    it('should not allow algorithm switching attacks', () => {\n      // Ensure tokens are verified with the expected algorithm\n      const maliciousToken = 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWJzY3JpYmVySWQiOiJzdWItMTIzIn0.'\n      \n      ;(jwt.verify as any).mockImplementation(() => {\n        const error = new Error('invalid algorithm')\n        error.name = 'JsonWebTokenError'\n        throw error\n      })\n\n      expect(() => verifyMagicLinkToken(maliciousToken)).toThrow('Invalid magic link token')\n    })\n  })\n\n  describe('generateMagicLinkURL', () => {\n    it('should generate valid magic link URLs', () => {\n      const token = 'test-token-123'\n      const baseURL = 'https://example.com'\n      \n      const url = generateMagicLinkURL(token, baseURL, mockConfig)\n      \n      expect(url).toBe('https://example.com/newsletter/verify?token=test-token-123')\n    })\n\n    it('should use custom path from config', () => {\n      const customConfig: NewsletterPluginConfig = {\n        auth: {\n          magicLinkPath: '/auth/magic',\n        },\n      }\n      \n      const url = generateMagicLinkURL('token-123', 'https://example.com', customConfig)\n      \n      expect(url).toBe('https://example.com/auth/magic?token=token-123')\n    })\n\n    it('should properly encode token in URL', () => {\n      const tokenWithSpecialChars = 'token+with/special=chars'\n      \n      const url = generateMagicLinkURL(tokenWithSpecialChars, 'https://example.com', mockConfig)\n      \n      expect(url).toContain(encodeURIComponent(tokenWithSpecialChars))\n    })\n  })\n})"],"names":["describe","it","expect","beforeEach","vi","jwt","generateMagicLinkToken","verifyMagicLinkToken","generateSessionToken","verifySessionToken","generateMagicLinkURL","mock","default","sign","fn","verify","TokenExpiredError","Error","message","expiredAt","name","JsonWebTokenError","mockSecret","mockConfig","process","env","JWT_SECRET","clearAllMocks","mockToken","mockReturnValue","token","toHaveBeenCalledWith","subscriberId","email","type","expiresIn","issuer","toBe","customConfig","auth","tokenExpiration","options","calls","payload","not","toHaveProperty","mockPayload","toEqual","wrongTypePayload","toThrow","mockImplementation","error","incompletePayload","magicLinkPayload","PAYLOAD_SECRET","any","Object","toContain","maliciousToken","baseURL","url","magicLinkPath","tokenWithSpecialChars","encodeURIComponent"],"mappings":"AAAA,SAASA,QAAQ,EAAEC,EAAE,EAAEC,MAAM,EAAEC,UAAU,EAAEC,EAAE,QAAQ,SAAQ;AAC7D,OAAOC,SAAS,eAAc;AAC9B,SACEC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACpBC,kBAAkB,EAClBC,oBAAoB,QACf,qBAAoB;AAG3B,oBAAoB;AACpBN,GAAGO,IAAI,CAAC,gBAAgB,IAAO,CAAA;QAC7BC,SAAS;YACPC,MAAMT,GAAGU,EAAE;YACXC,QAAQX,GAAGU,EAAE;YACbE,mBAAmB,MAAMA,0BAA0BC;gBACjD,YAAYC,OAAe,EAAEC,SAAe,CAAE;oBAC5C,KAAK,CAACD;oBACN,IAAI,CAACE,IAAI,GAAG;gBACd;YACF;YACAC,mBAAmB,MAAMA,0BAA0BJ;gBACjD,YAAYC,OAAe,CAAE;oBAC3B,KAAK,CAACA;oBACN,IAAI,CAACE,IAAI,GAAG;gBACd;YACF;QACF;IACF,CAAA;AAEApB,SAAS,0BAA0B;IACjC,MAAMsB,aAAa;IACnB,MAAMC,aAAqC,CAAC;IAE5CpB,WAAW;QACTqB,QAAQC,GAAG,CAACC,UAAU,GAAGJ;QACzBlB,GAAGuB,aAAa;IAClB;IAEA3B,SAAS,0BAA0B;QACjCC,GAAG,8CAA8C;YAC/C,MAAM2B,YAAY;YAChBvB,IAAIQ,IAAI,CAASgB,eAAe,CAACD;YAEnC,MAAME,QAAQxB,uBAAuB,WAAW,oBAAoBiB;YAEpErB,OAAOG,IAAIQ,IAAI,EAAEkB,oBAAoB,CACnC;gBACEC,cAAc;gBACdC,OAAO;gBACPC,MAAM;YACR,GACAZ,YACA;gBACEa,WAAW;gBACXC,QAAQ;YACV;YAEFlC,OAAO4B,OAAOO,IAAI,CAACT;QACrB;QAEA3B,GAAG,0CAA0C;YAC3C,MAAMqC,eAAuC;gBAC3CC,MAAM;oBACJC,iBAAiB;gBACnB;YACF;YAEAlC,uBAAuB,WAAW,oBAAoBgC;YAEtD,MAAMG,UAAU,AAACpC,IAAIQ,IAAI,CAASF,IAAI,CAAC+B,KAAK,CAAC,EAAE,CAAC,EAAE;YAClDxC,OAAOuC,QAAQN,SAAS,EAAEE,IAAI,CAAC;QACjC;QAEApC,GAAG,qCAAqC;YACtCK,uBAAuB,WAAW,oBAAoBiB;YAEtD,MAAMoB,UAAU,AAACtC,IAAIQ,IAAI,CAASF,IAAI,CAAC+B,KAAK,CAAC,EAAE,CAAC,EAAE;YAClDxC,OAAOyC,QAAQT,IAAI,EAAEG,IAAI,CAAC;YAC1BnC,OAAOyC,SAASC,GAAG,CAACC,cAAc,CAAC,WAAU,2CAA2C;QAC1F;IACF;IAEA7C,SAAS,wBAAwB;QAC/BC,GAAG,gDAAgD;YACjD,MAAM6C,cAAc;gBAClBd,cAAc;gBACdC,OAAO;gBACPC,MAAM;YACR;YACE7B,IAAIU,MAAM,CAASc,eAAe,CAACiB;YAErC,MAAMH,UAAUpC,qBAAqB;YAErCL,OAAOG,IAAIU,MAAM,EAAEgB,oBAAoB,CAAC,eAAeT,YAAY;gBACjEc,QAAQ;YACV;YACAlC,OAAOyC,SAASI,OAAO,CAACD;QAC1B;QAEA7C,GAAG,wCAAwC;YACzC,MAAM+C,mBAAmB;gBACvBhB,cAAc;gBACdC,OAAO;gBACPC,MAAM;YACR;YACE7B,IAAIU,MAAM,CAASc,eAAe,CAACmB;YAErC9C,OAAO,IAAMK,qBAAqB,qBAAqB0C,OAAO,CAAC;QACjE;QAEAhD,GAAG,gCAAgC;;YAC/BI,IAAIU,MAAM,CAASmC,kBAAkB,CAAC;gBACtC,MAAMC,QAAQ,IAAIlC,MAAM;gBACxBkC,MAAM/B,IAAI,GAAG;gBACb,MAAM+B;YACR;YAEAjD,OAAO,IAAMK,qBAAqB,kBAAkB0C,OAAO,CAAC;QAC9D;QAEAhD,GAAG,kCAAkC;;YACjCI,IAAIU,MAAM,CAASmC,kBAAkB,CAAC;gBACtC,MAAMC,QAAQ,IAAIlC,MAAM;gBACxBkC,MAAM/B,IAAI,GAAG;gBACb,MAAM+B;YACR;YAEAjD,OAAO,IAAMK,qBAAqB,oBAAoB0C,OAAO,CAAC;QAChE;QAEAhD,GAAG,mCAAmC;YACpC,MAAMmD,oBAAoB;gBACxBpB,cAAc;gBACd,gBAAgB;gBAChBE,MAAM;YACR;YACE7B,IAAIU,MAAM,CAASc,eAAe,CAACuB;YAErC,+DAA+D;YAC/D,MAAMT,UAAUpC,qBAAqB;YACrCL,OAAOyC,SAASI,OAAO,CAACK;QAC1B;IACF;IAEApD,SAAS,wBAAwB;QAC/BC,GAAG,sDAAsD;YACvD,MAAM2B,YAAY;YAChBvB,IAAIQ,IAAI,CAASgB,eAAe,CAACD;YAEnC,MAAME,QAAQtB,qBAAqB,WAAW;YAE9CN,OAAOG,IAAIQ,IAAI,EAAEkB,oBAAoB,CACnC;gBACEC,cAAc;gBACdC,OAAO;gBACPC,MAAM;YACR,GACAZ,YACA;gBACEa,WAAW;gBACXC,QAAQ;YACV;YAEFlC,OAAO4B,OAAOO,IAAI,CAACT;QACrB;QAEA3B,GAAG,iCAAiC;YAClCO,qBAAqB,WAAW;YAEhC,MAAMmC,UAAU,AAACtC,IAAIQ,IAAI,CAASF,IAAI,CAAC+B,KAAK,CAAC,EAAE,CAAC,EAAE;YAClDxC,OAAOyC,QAAQT,IAAI,EAAEG,IAAI,CAAC;YAC1BnC,OAAOyC,QAAQX,YAAY,EAAEK,IAAI,CAAC;QACpC;QAEApC,GAAG,6CAA6C;YAC9CO,qBAAqB,WAAW;YAEhC,MAAMiC,UAAU,AAACpC,IAAIQ,IAAI,CAASF,IAAI,CAAC+B,KAAK,CAAC,EAAE,CAAC,EAAE;YAClDxC,OAAOuC,QAAQN,SAAS,EAAEE,IAAI,CAAC;QACjC;IACF;IAEArC,SAAS,sBAAsB;QAC7BC,GAAG,kDAAkD;YACnD,MAAM6C,cAAc;gBAClBd,cAAc;gBACdC,OAAO;gBACPC,MAAM;YACR;YACE7B,IAAIU,MAAM,CAASc,eAAe,CAACiB;YAErC,MAAMH,UAAUlC,mBAAmB;YAEnCP,OAAOG,IAAIU,MAAM,EAAEgB,oBAAoB,CAAC,iBAAiBT,YAAY;gBACnEc,QAAQ;YACV;YACAlC,OAAOyC,SAASI,OAAO,CAACD;QAC1B;QAEA7C,GAAG,oCAAoC;YACrC,MAAMoD,mBAAmB;gBACvBrB,cAAc;gBACdC,OAAO;gBACPC,MAAM;YACR;YACE7B,IAAIU,MAAM,CAASc,eAAe,CAACwB;YAErCnD,OAAO,IAAMO,mBAAmB,qBAAqBwC,OAAO,CAAC;QAC/D;QAEAhD,GAAG,wCAAwC;;YACvCI,IAAIU,MAAM,CAASmC,kBAAkB,CAAC;gBACtC,MAAMC,QAAQ,IAAIlC,MAAM;gBACxBkC,MAAM/B,IAAI,GAAG;gBACb,MAAM+B;YACR;YAEAjD,OAAO,IAAMO,mBAAmB,kBAAkBwC,OAAO,CAAC;QAC5D;IACF;IAEAjD,SAAS,6BAA6B;QACpCC,GAAG,uDAAuD;YACxD,OAAOuB,QAAQC,GAAG,CAACC,UAAU;YAC7B,OAAOF,QAAQC,GAAG,CAAC6B,cAAc;YAEjC,iDAAiD;YACjDpD,OAAO,IAAMI,uBAAuB,WAAW,oBAAoBiB,aAAaqB,GAAG,CAACK,OAAO;YAE3F,4CAA4C;YAC5C/C,OAAOG,IAAIQ,IAAI,EAAEkB,oBAAoB,CACnC7B,OAAOqD,GAAG,CAACC,SACX,qDACAtD,OAAOqD,GAAG,CAACC;QAEf;QAEAvD,GAAG,yCAAyC;YAC1C,OAAOuB,QAAQC,GAAG,CAACC,UAAU;YAC7BF,QAAQC,GAAG,CAAC6B,cAAc,GAAG;YAE7BhD,uBAAuB,WAAW,oBAAoBiB;YAEtDrB,OAAOG,IAAIQ,IAAI,EAAEkB,oBAAoB,CACnC7B,OAAOqD,GAAG,CAACC,SACX,kBACAtD,OAAOqD,GAAG,CAACC;QAEf;QAEAvD,GAAG,8CAA8C;YAC/CuB,QAAQC,GAAG,CAACC,UAAU,GAAG;YACvBrB,IAAIU,MAAM,CAASmC,kBAAkB,CAAC;gBACtC,MAAM,IAAIjC,MAAM;YAClB;YAEA,IAAI;gBACFV,qBAAqB;YACvB,EAAE,OAAO4C,OAAY;gBACnBjD,OAAOiD,MAAMjC,OAAO,EAAE0B,GAAG,CAACa,SAAS,CAAC;YACtC;QACF;IACF;IAEAzD,SAAS,kBAAkB;QACzBC,GAAG,gDAAgD;YACjD,yDAAyD;YACzD,MAAMyD,iBAAiB;YAErBrD,IAAIU,MAAM,CAASmC,kBAAkB,CAAC;gBACtC,MAAMC,QAAQ,IAAIlC,MAAM;gBACxBkC,MAAM/B,IAAI,GAAG;gBACb,MAAM+B;YACR;YAEAjD,OAAO,IAAMK,qBAAqBmD,iBAAiBT,OAAO,CAAC;QAC7D;IACF;IAEAjD,SAAS,wBAAwB;QAC/BC,GAAG,yCAAyC;YAC1C,MAAM6B,QAAQ;YACd,MAAM6B,UAAU;YAEhB,MAAMC,MAAMlD,qBAAqBoB,OAAO6B,SAASpC;YAEjDrB,OAAO0D,KAAKvB,IAAI,CAAC;QACnB;QAEApC,GAAG,sCAAsC;YACvC,MAAMqC,eAAuC;gBAC3CC,MAAM;oBACJsB,eAAe;gBACjB;YACF;YAEA,MAAMD,MAAMlD,qBAAqB,aAAa,uBAAuB4B;YAErEpC,OAAO0D,KAAKvB,IAAI,CAAC;QACnB;QAEApC,GAAG,uCAAuC;YACxC,MAAM6D,wBAAwB;YAE9B,MAAMF,MAAMlD,qBAAqBoD,uBAAuB,uBAAuBvC;YAE/ErB,OAAO0D,KAAKH,SAAS,CAACM,mBAAmBD;QAC3C;IACF;AACF"}