serverless-event-orchestrator 1.2.6 → 1.3.0

package/tests/middleware/init-tenant-context.test.ts

@@ -0,0 +1,147 @@
+import { initTenantContext } from '../../src/middleware/init-tenant-context';
+import { TenantContext } from '../../src/tenant';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+
+function createMockEvent(overrides: Partial<{
+  segment: RouteSegment;
+  claims: Record<string, any>;
+  headers: Record<string, string>;
+  userId: string;
+  groups: string[];
+}>): NormalizedEvent {
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: {
+      body: {},
+      pathParameters: {},
+      queryStringParameters: {},
+      headers: overrides.headers ?? {},
+    },
+    params: {},
+    context: {
+      segment: overrides.segment ?? RouteSegment.Private,
+      identity: overrides.claims ? {
+        userId: overrides.userId ?? 'user-1',
+        groups: overrides.groups ?? [],
+        claims: overrides.claims,
+      } : undefined,
+      requestId: 'req-test',
+    },
+  };
+}
+
+describe('initTenantContext', () => {
+  afterEach(() => {
+    TenantContext._reset();
+  });
+
+  describe('from JWT claims (private/backoffice)', () => {
+    it('extracts tenantInfo from identity.claims and adds to context.tenantInfo', async () => {
+      const event = createMockEvent({
+        segment: RouteSegment.Private,
+        claims: {
+          'custom:tenantId': 'org_abc',
+          'custom:tenantType': 'ORG',
+          'custom:userId': 'user-1',
+          'custom:countryCode': 'CO',
+          'custom:personProfileId': 'person_1',
+          'custom:orgProfileId': 'org_abc',
+          'custom:plan': 'PRO',
+          'custom:hasCRM': 'true',
+        },
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo).toBeDefined();
+      expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
+      expect(result.context.tenantInfo?.tenantType).toBe('ORG');
+      expect(result.context.tenantInfo?.countryCode).toBe('CO');
+      expect(result.context.tenantInfo?.plan).toBe('PRO');
+      expect(result.context.tenantInfo?.hasCRM).toBe(true);
+    });
+
+    it('initializes TenantContext (AsyncLocalStorage)', async () => {
+      const event = createMockEvent({
+        claims: {
+          'custom:tenantId': 'org_abc',
+          'custom:tenantType': 'ORG',
+          'custom:userId': 'user-1',
+          'custom:countryCode': 'CO',
+        },
+      });
+
+      await initTenantContext(event);
+
+      expect(TenantContext.isActive()).toBe(true);
+      expect(TenantContext.current().tenantId).toBe('org_abc');
+    });
+
+    it('handles incomplete claims without error (returns event without tenantInfo)', async () => {
+      const event = createMockEvent({
+        claims: { 'custom:tenantId': 'org_abc' }, // missing tenantType, userId, countryCode
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo).toBeUndefined();
+    });
+  });
+
+  describe('from headers (internal/Lambda-to-Lambda)', () => {
+    it('extracts tenantInfo from x-tenant-* headers', async () => {
+      const event = createMockEvent({
+        segment: RouteSegment.Internal,
+        headers: {
+          'x-tenant-id': 'org_xyz',
+          'x-tenant-type': 'ORG',
+          'x-user-id': 'user-2',
+          'x-country-code': 'MX',
+        },
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo?.tenantId).toBe('org_xyz');
+      expect(result.context.tenantInfo?.tenantType).toBe('ORG');
+    });
+  });
+
+  describe('public routes (no authentication)', () => {
+    it('returns event without tenantInfo when no claims or headers', async () => {
+      const event = createMockEvent({
+        segment: RouteSegment.Public,
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo).toBeUndefined();
+      expect(TenantContext.isActive()).toBe(false);
+    });
+  });
+
+  describe('priority: claims > headers', () => {
+    it('uses claims if both are present', async () => {
+      const event = createMockEvent({
+        claims: {
+          'custom:tenantId': 'org_from_claims',
+          'custom:tenantType': 'ORG',
+          'custom:userId': 'user-1',
+          'custom:countryCode': 'CO',
+        },
+        headers: {
+          'x-tenant-id': 'org_from_headers',
+          'x-tenant-type': 'PERSON',
+          'x-user-id': 'user-2',
+          'x-country-code': 'MX',
+        },
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo?.tenantId).toBe('org_from_claims');
+    });
+  });
+});

package/tests/middleware/tenant-guard.test.ts

@@ -0,0 +1,100 @@
+import { tenantGuard } from '../../src/middleware/tenant-guard';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+import type { TenantInfo } from '../../src/tenant';
+
+function createEvent(options: {
+  tenantInfo?: TenantInfo;
+  groups?: string[];
+}): NormalizedEvent {
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: { headers: {} },
+    params: {},
+    context: {
+      segment: RouteSegment.Private,
+      identity: {
+        userId: 'user-1',
+        groups: options.groups ?? [],
+        claims: {},
+      },
+      requestId: 'req-test',
+      tenantInfo: options.tenantInfo,
+    },
+  };
+}
+
+const mockTenant: TenantInfo = {
+  tenantId: 'org_abc',
+  tenantType: 'ORG',
+  userId: 'user-1',
+  countryCode: 'CO',
+};
+
+describe('tenantGuard', () => {
+  it('allows access when tenantInfo exists', async () => {
+    const event = createEvent({ tenantInfo: mockTenant });
+    const result = await tenantGuard(event) as NormalizedEvent;
+    expect(result).toBeDefined();
+    expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
+  });
+
+  it('throws 403 when no tenantInfo and not PLATFORM_ADMIN', async () => {
+    const event = createEvent({ groups: ['AGENT'] });
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('throws 403 when no tenantInfo and no groups', async () => {
+    const event = createEvent({});
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('throws 403 when tenantId is empty string', async () => {
+    const event = createEvent({ 
+      tenantInfo: { ...mockTenant, tenantId: '' }
+    });
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('throws 403 when tenantId is whitespace only', async () => {
+    const event = createEvent({ 
+      tenantInfo: { ...mockTenant, tenantId: '   ' }
+    });
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('error includes TENANT_CONTEXT_MISSING code', async () => {
+    const event = createEvent({ groups: ['ORG_ADMIN'] });
+    try {
+      await tenantGuard(event);
+      fail('Should have thrown');
+    } catch (err: any) {
+      const body = JSON.parse(err.body);
+      expect(body.code).toBe('TENANT_CONTEXT_MISSING');
+    }
+  });
+
+  it('allows PLATFORM_ADMIN without tenantInfo (cross-tenant)', async () => {
+    const event = createEvent({ groups: ['PLATFORM_ADMIN'] });
+    const result = await tenantGuard(event);
+    expect(result).toBeDefined();
+  });
+
+  it('allows PLATFORM_ADMIN with tenantInfo', async () => {
+    const event = createEvent({
+      tenantInfo: mockTenant,
+      groups: ['PLATFORM_ADMIN'],
+    });
+    const result = await tenantGuard(event) as NormalizedEvent;
+    expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
+  });
+});

package/tests/tenant/TenantContext.test.ts

@@ -0,0 +1,134 @@
+import { TenantContext } from '../../src/tenant/TenantContext';
+import type { TenantInfo } from '../../src/tenant/types';
+
+const mockTenantORG: TenantInfo = {
+  tenantId: 'org_century21',
+  tenantType: 'ORG',
+  userId: 'user_001',
+  personProfileId: 'person_001',
+  orgProfileId: 'org_century21',
+  countryCode: 'CO',
+  plan: 'PRO',
+  hasCRM: true,
+};
+
+const mockTenantPERSON: TenantInfo = {
+  tenantId: 'person_agent_x',
+  tenantType: 'PERSON',
+  userId: 'user_002',
+  personProfileId: 'person_agent_x',
+  countryCode: 'MX',
+  plan: 'FREE',
+  hasCRM: false,
+};
+
+describe('TenantContext', () => {
+  afterEach(() => {
+    TenantContext._reset();
+  });
+
+  describe('run() + current()', () => {
+    it('stores and retrieves TenantInfo correctly inside callback', async () => {
+      await TenantContext.run(mockTenantORG, async () => {
+        const tenant = TenantContext.current();
+        expect(tenant.tenantId).toBe('org_century21');
+        expect(tenant.tenantType).toBe('ORG');
+        expect(tenant.userId).toBe('user_001');
+        expect(tenant.countryCode).toBe('CO');
+        expect(tenant.plan).toBe('PRO');
+        expect(tenant.hasCRM).toBe(true);
+      });
+    });
+
+    it('supports PERSON tenants', async () => {
+      await TenantContext.run(mockTenantPERSON, async () => {
+        const tenant = TenantContext.current();
+        expect(tenant.tenantId).toBe('person_agent_x');
+        expect(tenant.tenantType).toBe('PERSON');
+        expect(tenant.orgProfileId).toBeUndefined();
+      });
+    });
+
+    it('isolates context between concurrent calls', async () => {
+      const results: string[] = [];
+
+      await Promise.all([
+        TenantContext.run(mockTenantORG, async () => {
+          await new Promise((r) => setTimeout(r, 10));
+          results.push(TenantContext.current().tenantId);
+        }),
+        TenantContext.run(mockTenantPERSON, async () => {
+          await new Promise((r) => setTimeout(r, 5));
+          results.push(TenantContext.current().tenantId);
+        }),
+      ]);
+
+      expect(results).toContain('org_century21');
+      expect(results).toContain('person_agent_x');
+    });
+
+    it('propagates context to nested async functions', async () => {
+      async function nestedFunction(): Promise<string> {
+        return TenantContext.current().tenantId;
+      }
+
+      await TenantContext.run(mockTenantORG, async () => {
+        const result = await nestedFunction();
+        expect(result).toBe('org_century21');
+      });
+    });
+  });
+
+  describe('current() — fail-closed', () => {
+    it('throws error if not initialized', () => {
+      expect(() => TenantContext.current()).toThrow('TenantContext not initialized');
+    });
+
+    it('throws error after exiting run() scope', async () => {
+      await TenantContext.run(mockTenantORG, async () => {
+        expect(TenantContext.current().tenantId).toBe('org_century21');
+      });
+
+      // Outside scope → no more context
+      expect(() => TenantContext.current()).toThrow('TenantContext not initialized');
+    });
+  });
+
+  describe('currentOptional()', () => {
+    it('returns undefined if no context', () => {
+      expect(TenantContext.currentOptional()).toBeUndefined();
+    });
+
+    it('returns TenantInfo if context exists', async () => {
+      await TenantContext.run(mockTenantORG, async () => {
+        const tenant = TenantContext.currentOptional();
+        expect(tenant).toBeDefined();
+        expect(tenant?.tenantId).toBe('org_century21');
+      });
+    });
+  });
+
+  describe('set()', () => {
+    it('sets context in current AsyncLocalStorage scope', async () => {
+      await TenantContext.run(mockTenantORG, async () => {
+        expect(TenantContext.current().tenantId).toBe('org_century21');
+
+        // Overwrite with set()
+        TenantContext.set(mockTenantPERSON);
+        expect(TenantContext.current().tenantId).toBe('person_agent_x');
+      });
+    });
+  });
+
+  describe('isActive()', () => {
+    it('returns false outside a context', () => {
+      expect(TenantContext.isActive()).toBe(false);
+    });
+
+    it('returns true inside a context', async () => {
+      await TenantContext.run(mockTenantORG, async () => {
+        expect(TenantContext.isActive()).toBe(true);
+      });
+    });
+  });
+});

package/tests/tenant/helpers.test.ts

@@ -0,0 +1,122 @@
+import {
+  isTenantType,
+  isPlan,
+  tenantInfoFromClaims,
+  tenantInfoFromHeaders,
+  tenantInfoToHeaders,
+  TENANT_HEADERS,
+} from '../../src/tenant';
+import type { TenantInfo } from '../../src/tenant';
+
+describe('Type Guards', () => {
+  describe('isTenantType', () => {
+    it('accepts ORG', () => expect(isTenantType('ORG')).toBe(true));
+    it('accepts PERSON', () => expect(isTenantType('PERSON')).toBe(true));
+    it('rejects invalid string', () => expect(isTenantType('INVALID')).toBe(false));
+    it('rejects undefined', () => expect(isTenantType(undefined)).toBe(false));
+    it('rejects null', () => expect(isTenantType(null)).toBe(false));
+  });
+
+  describe('isPlan', () => {
+    it.each(['FREE', 'BASIC', 'PRO', 'ENTERPRISE'])('accepts %s', (plan) => {
+      expect(isPlan(plan)).toBe(true);
+    });
+    it('rejects invalid string', () => expect(isPlan('PREMIUM')).toBe(false));
+  });
+});
+
+describe('tenantInfoFromClaims', () => {
+  const validClaims = {
+    'custom:tenantId': 'org_abc',
+    'custom:tenantType': 'ORG',
+    'custom:userId': 'user_001',
+    'custom:countryCode': 'CO',
+    'custom:personProfileId': 'person_001',
+    'custom:orgProfileId': 'org_abc',
+    'custom:plan': 'PRO',
+    'custom:hasCRM': 'true',
+  };
+
+  it('builds complete TenantInfo from valid claims', () => {
+    const result = tenantInfoFromClaims(validClaims);
+    expect(result).toEqual({
+      tenantId: 'org_abc',
+      tenantType: 'ORG',
+      userId: 'user_001',
+      countryCode: 'CO',
+      personProfileId: 'person_001',
+      orgProfileId: 'org_abc',
+      plan: 'PRO',
+      hasCRM: true,
+    });
+  });
+
+  it('returns undefined if tenantId is missing', () => {
+    const { 'custom:tenantId': _, ...claims } = validClaims;
+    expect(tenantInfoFromClaims(claims)).toBeUndefined();
+  });
+
+  it('returns undefined if tenantType is missing', () => {
+    const { 'custom:tenantType': _, ...claims } = validClaims;
+    expect(tenantInfoFromClaims(claims)).toBeUndefined();
+  });
+
+  it('returns undefined if tenantType is invalid', () => {
+    expect(tenantInfoFromClaims({ ...validClaims, 'custom:tenantType': 'INVALID' })).toBeUndefined();
+  });
+
+  it('hasCRM is false if claim is not "true"', () => {
+    const result = tenantInfoFromClaims({ ...validClaims, 'custom:hasCRM': 'false' });
+    expect(result?.hasCRM).toBe(false);
+  });
+
+  it('plan is undefined if claim is not a valid Plan', () => {
+    const result = tenantInfoFromClaims({ ...validClaims, 'custom:plan': 'PREMIUM' });
+    expect(result?.plan).toBeUndefined();
+  });
+
+  it('uses sub as fallback for userId', () => {
+    const claims = {
+      'custom:tenantId': 'org_abc',
+      'custom:tenantType': 'ORG',
+      'sub': 'cognito-sub-123',
+      'custom:countryCode': 'CO',
+    };
+    const result = tenantInfoFromClaims(claims);
+    expect(result?.userId).toBe('cognito-sub-123');
+  });
+});
+
+describe('tenantInfoFromHeaders / tenantInfoToHeaders', () => {
+  const tenant: TenantInfo = {
+    tenantId: 'org_abc',
+    tenantType: 'ORG',
+    userId: 'user_001',
+    countryCode: 'CO',
+    personProfileId: 'person_001',
+    orgProfileId: 'org_abc',
+  };
+
+  it('roundtrip: toHeaders → fromHeaders returns same TenantInfo', () => {
+    const headers = tenantInfoToHeaders(tenant);
+    const result = tenantInfoFromHeaders(headers);
+    expect(result).toEqual(tenant);
+  });
+
+  it('fromHeaders returns undefined if x-tenant-id is missing', () => {
+    const headers = tenantInfoToHeaders(tenant);
+    delete headers[TENANT_HEADERS.TENANT_ID];
+    expect(tenantInfoFromHeaders(headers)).toBeUndefined();
+  });
+
+  it('fromHeaders supports lowercase headers (API Gateway normalization)', () => {
+    const headers = {
+      'x-tenant-id': 'org_abc',
+      'x-tenant-type': 'ORG',
+      'x-user-id': 'user_001',
+      'x-country-code': 'CO',
+    };
+    const result = tenantInfoFromHeaders(headers);
+    expect(result?.tenantId).toBe('org_abc');
+  });
+});