npm - serverless-event-orchestrator - Versions diffs - 2.2.0 → 2.3.0 - Mend

serverless-event-orchestrator 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/LICENSE +21 -21
package/README.md +489 -489
package/dist/dispatcher.d.ts +6 -1
package/dist/dispatcher.d.ts.map +1 -1
package/dist/dispatcher.js +31 -7
package/dist/dispatcher.js.map +1 -1
package/jest.config.js +32 -32
package/package.json +82 -81
package/src/dispatcher.ts +586 -558
package/src/http/body-parser.ts +60 -60
package/src/http/cors.ts +76 -76
package/src/http/index.ts +3 -3
package/src/http/response.ts +209 -209
package/src/identity/extractor.ts +207 -207
package/src/identity/index.ts +2 -2
package/src/identity/jwt-verifier.ts +41 -41
package/src/index.ts +128 -128
package/src/middleware/crm-guard.ts +51 -51
package/src/middleware/index.ts +3 -3
package/src/middleware/init-tenant-context.ts +59 -59
package/src/middleware/tenant-guard.ts +54 -54
package/src/tenant/TenantContext.ts +115 -115
package/src/tenant/helpers.ts +112 -112
package/src/tenant/index.ts +21 -21
package/src/tenant/types.ts +101 -101
package/src/types/event-type.enum.ts +21 -21
package/src/types/index.ts +2 -2
package/src/types/routes.ts +218 -218
package/src/utils/headers.ts +72 -72
package/src/utils/index.ts +2 -2
package/src/utils/path-matcher.ts +84 -84
package/tests/cors.test.ts +133 -133
package/tests/dispatcher.test.ts +795 -715
package/tests/headers.test.ts +99 -99
package/tests/identity.test.ts +301 -301
package/tests/middleware/crm-guard.test.ts +69 -69
package/tests/middleware/init-tenant-context.test.ts +147 -147
package/tests/middleware/tenant-guard.test.ts +100 -100
package/tests/path-matcher.test.ts +102 -102
package/tests/response.test.ts +155 -155
package/tests/tenant/TenantContext.test.ts +134 -134
package/tests/tenant/helpers.test.ts +187 -187
package/tsconfig.json +24 -24

package/tests/identity.test.ts CHANGED Viewed

@@ -1,301 +1,301 @@
-import {
-  extractIdentity,
-  extractUserPoolId,
-  validateIssuer,
-  hasAnyGroup,
-  hasAllGroups
-} from '../src/identity/extractor';
-import { IdentityContext } from '../src/types/routes';
-describe('extractIdentity', () => {
-  it('should return undefined when no claims present', async () => {
-    const event = { requestContext: {} };
-    expect(await extractIdentity(event)).toBeUndefined();
-  });
-  it('should return undefined when event has no requestContext', async () => {
-    const event = {};
-    expect(await extractIdentity(event)).toBeUndefined();
-  });
-  it('should extract identity from Cognito claims', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          claims: {
-            sub: 'user-123',
-            email: 'user@example.com',
-            'cognito:groups': 'Admin,User',
-            iss: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123'
-          }
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity).toEqual({
-      userId: 'user-123',
-      email: 'user@example.com',
-      groups: ['Admin', 'User'],
-      issuer: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123',
-      claims: event.requestContext.authorizer.claims
-    });
-  });
-  it('should handle cognito:username as userId fallback', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          claims: {
-            'cognito:username': 'john_doe'
-          }
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity?.userId).toBe('john_doe');
-  });
-  it('should handle groups as array', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          claims: {
-            sub: 'user-123',
-            'cognito:groups': ['Admin', 'User']
-          }
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity?.groups).toEqual(['Admin', 'User']);
-  });
-  // HTTP API with JWT Authorizer tests
-  it('should extract identity from HTTP API JWT Authorizer format', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          jwt: {
-            claims: {
-              sub: 'user-456',
-              email: 'jwt@example.com',
-              iss: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_JWT123'
-            }
-          }
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity).toEqual({
-      userId: 'user-456',
-      email: 'jwt@example.com',
-      groups: [],
-      issuer: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_JWT123',
-      claims: event.requestContext.authorizer.jwt.claims
-    });
-  });
-  // HTTP API with Lambda Authorizer tests
-  it('should extract identity from HTTP API Lambda Authorizer format', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          lambda: {
-            userId: 'lambda-user-789',
-            email: 'lambda@example.com',
-            groups: ['Premium', 'Verified']
-          }
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity?.userId).toBe('lambda-user-789');
-    expect(identity?.email).toBe('lambda@example.com');
-    expect(identity?.groups).toEqual(['Premium', 'Verified']);
-  });
-  // REST API with Custom Lambda Authorizer (flat structure)
-  it('should extract identity from custom Lambda Authorizer with flat structure', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          sub: 'custom-user-101',
-          email: 'custom@example.com',
-          iss: 'https://custom-issuer.com'
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity?.userId).toBe('custom-user-101');
-    expect(identity?.email).toBe('custom@example.com');
-    expect(identity?.issuer).toBe('https://custom-issuer.com');
-  });
-  it('should handle userId fallback from user_id in custom authorizer', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          user_id: 'underscore-user',
-          email: 'test@example.com'
-        }
-      }
-    };
-    const identity = await extractIdentity(event);
-    expect(identity?.userId).toBe('underscore-user');
-  });
-  it('should return undefined when authorizer has no identity properties', async () => {
-    const event = {
-      requestContext: {
-        authorizer: {
-          principalId: 'some-principal',
-          integrationLatency: 123
-        }
-      }
-    };
-    expect(await extractIdentity(event)).toBeUndefined();
-  });
-  it('should extract identity from Authorization header with autoExtract using decode-only fallback', async () => {
-    const payload = {
-      sub: 'user-header',
-      email: 'header@example.com',
-      'cognito:groups': 'Admin',
-      iss: 'https://cognito-idp.com'
-    };
-    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64').replace(/=/g, '');
-    const mockToken = `header.${encodedPayload}.signature`;
-    const event = {
-      headers: {
-        Authorization: `Bearer ${mockToken}`
-      }
-    };
-    // Without jwtVerificationConfig, autoExtract decodes the token without signature verification
-    const identity = await extractIdentity(event, true);
-    expect(identity).toEqual({
-      userId: 'user-header',
-      email: 'header@example.com',
-      groups: ['Admin'],
-      issuer: 'https://cognito-idp.com',
-      claims: payload
-    });
-  });
-  it('should not extract from Authorization header when autoExtract is false', async () => {
-    const event = {
-      headers: {
-        Authorization: 'Bearer some.token.here'
-      }
-    };
-    expect(await extractIdentity(event, false)).toBeUndefined();
-  });
-});
-describe('extractUserPoolId', () => {
-  it('should extract User Pool ID from issuer URL', () => {
-    const issuer = 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123';
-    expect(extractUserPoolId(issuer)).toBe('us-east-1_ABC123');
-  });
-  it('should return undefined for undefined issuer', () => {
-    expect(extractUserPoolId(undefined)).toBeUndefined();
-  });
-  it('should handle issuer with trailing slash', () => {
-    const issuer = 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_XYZ789';
-    expect(extractUserPoolId(issuer)).toBe('us-east-1_XYZ789');
-  });
-});
-describe('validateIssuer', () => {
-  const validIdentity: IdentityContext = {
-    userId: 'user-123',
-    issuer: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123'
-  };
-  it('should return true when User Pool matches', () => {
-    expect(validateIssuer(validIdentity, 'us-east-1_ABC123')).toBe(true);
-  });
-  it('should return false when User Pool does not match', () => {
-    expect(validateIssuer(validIdentity, 'us-east-1_WRONG')).toBe(false);
-  });
-  it('should return false when identity is undefined', () => {
-    expect(validateIssuer(undefined, 'us-east-1_ABC123')).toBe(false);
-  });
-  it('should return false when issuer is missing', () => {
-    const identity: IdentityContext = { userId: 'user-123' };
-    expect(validateIssuer(identity, 'us-east-1_ABC123')).toBe(false);
-  });
-});
-describe('hasAnyGroup', () => {
-  const identity: IdentityContext = {
-    userId: 'user-123',
-    groups: ['User', 'Premium']
-  };
-  it('should return true if user has any of the allowed groups', () => {
-    expect(hasAnyGroup(identity, ['Admin', 'Premium'])).toBe(true);
-    expect(hasAnyGroup(identity, ['User'])).toBe(true);
-  });
-  it('should return false if user has none of the allowed groups', () => {
-    expect(hasAnyGroup(identity, ['Admin', 'SuperAdmin'])).toBe(false);
-  });
-  it('should return false for undefined identity', () => {
-    expect(hasAnyGroup(undefined, ['Admin'])).toBe(false);
-  });
-  it('should return false for identity with no groups', () => {
-    const noGroupsIdentity: IdentityContext = { userId: 'user-123' };
-    expect(hasAnyGroup(noGroupsIdentity, ['Admin'])).toBe(false);
-  });
-  it('should return false for empty groups array', () => {
-    const emptyGroupsIdentity: IdentityContext = { userId: 'user-123', groups: [] };
-    expect(hasAnyGroup(emptyGroupsIdentity, ['Admin'])).toBe(false);
-  });
-});
-describe('hasAllGroups', () => {
-  const identity: IdentityContext = {
-    userId: 'user-123',
-    groups: ['User', 'Premium', 'Verified']
-  };
-  it('should return true if user has all required groups', () => {
-    expect(hasAllGroups(identity, ['User', 'Premium'])).toBe(true);
-    expect(hasAllGroups(identity, ['Verified'])).toBe(true);
-  });
-  it('should return false if user is missing any required group', () => {
-    expect(hasAllGroups(identity, ['User', 'Admin'])).toBe(false);
-  });
-  it('should return false for undefined identity', () => {
-    expect(hasAllGroups(undefined, ['Admin'])).toBe(false);
-  });
-  it('should return false for identity with no groups', () => {
-    const noGroupsIdentity: IdentityContext = { userId: 'user-123' };
-    expect(hasAllGroups(noGroupsIdentity, ['Admin'])).toBe(false);
-  });
-});
+import {
+  extractIdentity,
+  extractUserPoolId,
+  validateIssuer,
+  hasAnyGroup,
+  hasAllGroups
+} from '../src/identity/extractor';
+import { IdentityContext } from '../src/types/routes';
+describe('extractIdentity', () => {
+  it('should return undefined when no claims present', async () => {
+    const event = { requestContext: {} };
+    expect(await extractIdentity(event)).toBeUndefined();
+  });
+  it('should return undefined when event has no requestContext', async () => {
+    const event = {};
+    expect(await extractIdentity(event)).toBeUndefined();
+  });
+  it('should extract identity from Cognito claims', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          claims: {
+            sub: 'user-123',
+            email: 'user@example.com',
+            'cognito:groups': 'Admin,User',
+            iss: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123'
+          }
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity).toEqual({
+      userId: 'user-123',
+      email: 'user@example.com',
+      groups: ['Admin', 'User'],
+      issuer: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123',
+      claims: event.requestContext.authorizer.claims
+    });
+  });
+  it('should handle cognito:username as userId fallback', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          claims: {
+            'cognito:username': 'john_doe'
+          }
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity?.userId).toBe('john_doe');
+  });
+  it('should handle groups as array', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          claims: {
+            sub: 'user-123',
+            'cognito:groups': ['Admin', 'User']
+          }
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity?.groups).toEqual(['Admin', 'User']);
+  });
+  // HTTP API with JWT Authorizer tests
+  it('should extract identity from HTTP API JWT Authorizer format', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          jwt: {
+            claims: {
+              sub: 'user-456',
+              email: 'jwt@example.com',
+              iss: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_JWT123'
+            }
+          }
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity).toEqual({
+      userId: 'user-456',
+      email: 'jwt@example.com',
+      groups: [],
+      issuer: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_JWT123',
+      claims: event.requestContext.authorizer.jwt.claims
+    });
+  });
+  // HTTP API with Lambda Authorizer tests
+  it('should extract identity from HTTP API Lambda Authorizer format', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          lambda: {
+            userId: 'lambda-user-789',
+            email: 'lambda@example.com',
+            groups: ['Premium', 'Verified']
+          }
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity?.userId).toBe('lambda-user-789');
+    expect(identity?.email).toBe('lambda@example.com');
+    expect(identity?.groups).toEqual(['Premium', 'Verified']);
+  });
+  // REST API with Custom Lambda Authorizer (flat structure)
+  it('should extract identity from custom Lambda Authorizer with flat structure', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          sub: 'custom-user-101',
+          email: 'custom@example.com',
+          iss: 'https://custom-issuer.com'
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity?.userId).toBe('custom-user-101');
+    expect(identity?.email).toBe('custom@example.com');
+    expect(identity?.issuer).toBe('https://custom-issuer.com');
+  });
+  it('should handle userId fallback from user_id in custom authorizer', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          user_id: 'underscore-user',
+          email: 'test@example.com'
+        }
+      }
+    };
+    const identity = await extractIdentity(event);
+    expect(identity?.userId).toBe('underscore-user');
+  });
+  it('should return undefined when authorizer has no identity properties', async () => {
+    const event = {
+      requestContext: {
+        authorizer: {
+          principalId: 'some-principal',
+          integrationLatency: 123
+        }
+      }
+    };
+    expect(await extractIdentity(event)).toBeUndefined();
+  });
+  it('should extract identity from Authorization header with autoExtract using decode-only fallback', async () => {
+    const payload = {
+      sub: 'user-header',
+      email: 'header@example.com',
+      'cognito:groups': 'Admin',
+      iss: 'https://cognito-idp.com'
+    };
+    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64').replace(/=/g, '');
+    const mockToken = `header.${encodedPayload}.signature`;
+    const event = {
+      headers: {
+        Authorization: `Bearer ${mockToken}`
+      }
+    };
+    // Without jwtVerificationConfig, autoExtract decodes the token without signature verification
+    const identity = await extractIdentity(event, true);
+    expect(identity).toEqual({
+      userId: 'user-header',
+      email: 'header@example.com',
+      groups: ['Admin'],
+      issuer: 'https://cognito-idp.com',
+      claims: payload
+    });
+  });
+  it('should not extract from Authorization header when autoExtract is false', async () => {
+    const event = {
+      headers: {
+        Authorization: 'Bearer some.token.here'
+      }
+    };
+    expect(await extractIdentity(event, false)).toBeUndefined();
+  });
+});
+describe('extractUserPoolId', () => {
+  it('should extract User Pool ID from issuer URL', () => {
+    const issuer = 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123';
+    expect(extractUserPoolId(issuer)).toBe('us-east-1_ABC123');
+  });
+  it('should return undefined for undefined issuer', () => {
+    expect(extractUserPoolId(undefined)).toBeUndefined();
+  });
+  it('should handle issuer with trailing slash', () => {
+    const issuer = 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_XYZ789';
+    expect(extractUserPoolId(issuer)).toBe('us-east-1_XYZ789');
+  });
+});
+describe('validateIssuer', () => {
+  const validIdentity: IdentityContext = {
+    userId: 'user-123',
+    issuer: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ABC123'
+  };
+  it('should return true when User Pool matches', () => {
+    expect(validateIssuer(validIdentity, 'us-east-1_ABC123')).toBe(true);
+  });
+  it('should return false when User Pool does not match', () => {
+    expect(validateIssuer(validIdentity, 'us-east-1_WRONG')).toBe(false);
+  });
+  it('should return false when identity is undefined', () => {
+    expect(validateIssuer(undefined, 'us-east-1_ABC123')).toBe(false);
+  });
+  it('should return false when issuer is missing', () => {
+    const identity: IdentityContext = { userId: 'user-123' };
+    expect(validateIssuer(identity, 'us-east-1_ABC123')).toBe(false);
+  });
+});
+describe('hasAnyGroup', () => {
+  const identity: IdentityContext = {
+    userId: 'user-123',
+    groups: ['User', 'Premium']
+  };
+  it('should return true if user has any of the allowed groups', () => {
+    expect(hasAnyGroup(identity, ['Admin', 'Premium'])).toBe(true);
+    expect(hasAnyGroup(identity, ['User'])).toBe(true);
+  });
+  it('should return false if user has none of the allowed groups', () => {
+    expect(hasAnyGroup(identity, ['Admin', 'SuperAdmin'])).toBe(false);
+  });
+  it('should return false for undefined identity', () => {
+    expect(hasAnyGroup(undefined, ['Admin'])).toBe(false);
+  });
+  it('should return false for identity with no groups', () => {
+    const noGroupsIdentity: IdentityContext = { userId: 'user-123' };
+    expect(hasAnyGroup(noGroupsIdentity, ['Admin'])).toBe(false);
+  });
+  it('should return false for empty groups array', () => {
+    const emptyGroupsIdentity: IdentityContext = { userId: 'user-123', groups: [] };
+    expect(hasAnyGroup(emptyGroupsIdentity, ['Admin'])).toBe(false);
+  });
+});
+describe('hasAllGroups', () => {
+  const identity: IdentityContext = {
+    userId: 'user-123',
+    groups: ['User', 'Premium', 'Verified']
+  };
+  it('should return true if user has all required groups', () => {
+    expect(hasAllGroups(identity, ['User', 'Premium'])).toBe(true);
+    expect(hasAllGroups(identity, ['Verified'])).toBe(true);
+  });
+  it('should return false if user is missing any required group', () => {
+    expect(hasAllGroups(identity, ['User', 'Admin'])).toBe(false);
+  });
+  it('should return false for undefined identity', () => {
+    expect(hasAllGroups(undefined, ['Admin'])).toBe(false);
+  });
+  it('should return false for identity with no groups', () => {
+    const noGroupsIdentity: IdentityContext = { userId: 'user-123' };
+    expect(hasAllGroups(noGroupsIdentity, ['Admin'])).toBe(false);
+  });
+});