serverless-event-orchestrator 2.2.0 → 2.3.0

package/tests/middleware/crm-guard.test.ts

@@ -1,69 +1,69 @@
-import { crmGuard } from '../../src/middleware/crm-guard';
-import { RouteSegment } from '../../src/types/event-type.enum';
-import type { NormalizedEvent } from '../../src/types/routes';
-import type { TenantInfo } from '../../src/tenant';
-
-function createEvent(options: {
-  hasCRM?: boolean;
-  groups?: string[];
-}): NormalizedEvent {
-  const tenantInfo: TenantInfo = {
-    tenantId: 'org_abc',
-    tenantType: 'ORG',
-    userId: 'user-1',
-    countryCode: 'CO',
-    hasCRM: options.hasCRM,
-  };
-
-  return {
-    eventRaw: {},
-    eventType: 'apigateway',
-    payload: { headers: {} },
-    params: {},
-    context: {
-      segment: RouteSegment.Private,
-      identity: {
-        userId: 'user-1',
-        groups: options.groups ?? [],
-        claims: {},
-      },
-      requestId: 'req-test',
-      tenantInfo,
-    },
-  };
-}
-
-describe('crmGuard', () => {
-  it('allows access when hasCRM is true', async () => {
-    const event = createEvent({ hasCRM: true });
-    const result = await crmGuard(event);
-    expect(result).toBeDefined();
-  });
-
-  it('throws 403 when hasCRM is false', async () => {
-    const event = createEvent({ hasCRM: false });
-    await expect(crmGuard(event)).rejects.toMatchObject({ statusCode: 403 });
-  });
-
-  it('throws 403 when hasCRM is undefined', async () => {
-    const event = createEvent({});
-    await expect(crmGuard(event)).rejects.toMatchObject({ statusCode: 403 });
-  });
-
-  it('PLATFORM_ADMIN bypasses CRM check', async () => {
-    const event = createEvent({ hasCRM: false, groups: ['PLATFORM_ADMIN'] });
-    const result = await crmGuard(event);
-    expect(result).toBeDefined();
-  });
-
-  it('error includes CRM_ACCESS_DENIED code', async () => {
-    const event = createEvent({ hasCRM: false, groups: ['ORG_ADMIN'] });
-    try {
-      await crmGuard(event);
-      fail('Should have thrown');
-    } catch (err: any) {
-      const body = JSON.parse(err.body);
-      expect(body.code).toBe('CRM_ACCESS_DENIED');
-    }
-  });
-});
+import { crmGuard } from '../../src/middleware/crm-guard';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+import type { TenantInfo } from '../../src/tenant';
+
+function createEvent(options: {
+  hasCRM?: boolean;
+  groups?: string[];
+}): NormalizedEvent {
+  const tenantInfo: TenantInfo = {
+    tenantId: 'org_abc',
+    tenantType: 'ORG',
+    userId: 'user-1',
+    countryCode: 'CO',
+    hasCRM: options.hasCRM,
+  };
+
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: { headers: {} },
+    params: {},
+    context: {
+      segment: RouteSegment.Private,
+      identity: {
+        userId: 'user-1',
+        groups: options.groups ?? [],
+        claims: {},
+      },
+      requestId: 'req-test',
+      tenantInfo,
+    },
+  };
+}
+
+describe('crmGuard', () => {
+  it('allows access when hasCRM is true', async () => {
+    const event = createEvent({ hasCRM: true });
+    const result = await crmGuard(event);
+    expect(result).toBeDefined();
+  });
+
+  it('throws 403 when hasCRM is false', async () => {
+    const event = createEvent({ hasCRM: false });
+    await expect(crmGuard(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('throws 403 when hasCRM is undefined', async () => {
+    const event = createEvent({});
+    await expect(crmGuard(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('PLATFORM_ADMIN bypasses CRM check', async () => {
+    const event = createEvent({ hasCRM: false, groups: ['PLATFORM_ADMIN'] });
+    const result = await crmGuard(event);
+    expect(result).toBeDefined();
+  });
+
+  it('error includes CRM_ACCESS_DENIED code', async () => {
+    const event = createEvent({ hasCRM: false, groups: ['ORG_ADMIN'] });
+    try {
+      await crmGuard(event);
+      fail('Should have thrown');
+    } catch (err: any) {
+      const body = JSON.parse(err.body);
+      expect(body.code).toBe('CRM_ACCESS_DENIED');
+    }
+  });
+});

package/tests/middleware/init-tenant-context.test.ts

@@ -1,147 +1,147 @@
-import { initTenantContext } from '../../src/middleware/init-tenant-context';
-import { TenantContext } from '../../src/tenant';
-import { RouteSegment } from '../../src/types/event-type.enum';
-import type { NormalizedEvent } from '../../src/types/routes';
-
-function createMockEvent(overrides: Partial<{
-  segment: RouteSegment;
-  claims: Record<string, any>;
-  headers: Record<string, string>;
-  userId: string;
-  groups: string[];
-}>): NormalizedEvent {
-  return {
-    eventRaw: {},
-    eventType: 'apigateway',
-    payload: {
-      body: {},
-      pathParameters: {},
-      queryStringParameters: {},
-      headers: overrides.headers ?? {},
-    },
-    params: {},
-    context: {
-      segment: overrides.segment ?? RouteSegment.Private,
-      identity: overrides.claims ? {
-        userId: overrides.userId ?? 'user-1',
-        groups: overrides.groups ?? [],
-        claims: overrides.claims,
-      } : undefined,
-      requestId: 'req-test',
-    },
-  };
-}
-
-describe('initTenantContext', () => {
-  afterEach(() => {
-    TenantContext._reset();
-  });
-
-  describe('from JWT claims (private/backoffice)', () => {
-    it('extracts tenantInfo from identity.claims and adds to context.tenantInfo', async () => {
-      const event = createMockEvent({
-        segment: RouteSegment.Private,
-        claims: {
-          'custom:tenantId': 'org_abc',
-          'custom:tenantType': 'ORG',
-          'custom:userId': 'user-1',
-          'custom:countryCode': 'CO',
-          'custom:personProfileId': 'person_1',
-          'custom:orgProfileId': 'org_abc',
-          'custom:plan': 'PRO',
-          'custom:hasCRM': 'true',
-        },
-      });
-
-      const result = await initTenantContext(event) as NormalizedEvent;
-
-      expect(result.context.tenantInfo).toBeDefined();
-      expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
-      expect(result.context.tenantInfo?.tenantType).toBe('ORG');
-      expect(result.context.tenantInfo?.countryCode).toBe('CO');
-      expect(result.context.tenantInfo?.plan).toBe('PRO');
-      expect(result.context.tenantInfo?.hasCRM).toBe('true');
-    });
-
-    it('initializes TenantContext (AsyncLocalStorage)', async () => {
-      const event = createMockEvent({
-        claims: {
-          'custom:tenantId': 'org_abc',
-          'custom:tenantType': 'ORG',
-          'custom:userId': 'user-1',
-          'custom:countryCode': 'CO',
-        },
-      });
-
-      await initTenantContext(event);
-
-      expect(TenantContext.isActive()).toBe(true);
-      expect(TenantContext.current().tenantId).toBe('org_abc');
-    });
-
-    it('handles incomplete claims without error (returns event without tenantInfo)', async () => {
-      const event = createMockEvent({
-        claims: { 'custom:tenantId': 'org_abc' }, // missing tenantType, userId, countryCode
-      });
-
-      const result = await initTenantContext(event) as NormalizedEvent;
-
-      expect(result.context.tenantInfo).toBeUndefined();
-    });
-  });
-
-  describe('from headers (internal/Lambda-to-Lambda)', () => {
-    it('extracts tenantInfo from x-tenant-* headers', async () => {
-      const event = createMockEvent({
-        segment: RouteSegment.Internal,
-        headers: {
-          'x-tenant-id': 'org_xyz',
-          'x-tenant-type': 'ORG',
-          'x-user-id': 'user-2',
-          'x-country-code': 'MX',
-        },
-      });
-
-      const result = await initTenantContext(event) as NormalizedEvent;
-
-      expect(result.context.tenantInfo?.tenantId).toBe('org_xyz');
-      expect(result.context.tenantInfo?.tenantType).toBe('ORG');
-    });
-  });
-
-  describe('public routes (no authentication)', () => {
-    it('returns event without tenantInfo when no claims or headers', async () => {
-      const event = createMockEvent({
-        segment: RouteSegment.Public,
-      });
-
-      const result = await initTenantContext(event) as NormalizedEvent;
-
-      expect(result.context.tenantInfo).toBeUndefined();
-      expect(TenantContext.isActive()).toBe(false);
-    });
-  });
-
-  describe('priority: claims > headers', () => {
-    it('uses claims if both are present', async () => {
-      const event = createMockEvent({
-        claims: {
-          'custom:tenantId': 'org_from_claims',
-          'custom:tenantType': 'ORG',
-          'custom:userId': 'user-1',
-          'custom:countryCode': 'CO',
-        },
-        headers: {
-          'x-tenant-id': 'org_from_headers',
-          'x-tenant-type': 'PERSON',
-          'x-user-id': 'user-2',
-          'x-country-code': 'MX',
-        },
-      });
-
-      const result = await initTenantContext(event) as NormalizedEvent;
-
-      expect(result.context.tenantInfo?.tenantId).toBe('org_from_claims');
-    });
-  });
-});
+import { initTenantContext } from '../../src/middleware/init-tenant-context';
+import { TenantContext } from '../../src/tenant';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+
+function createMockEvent(overrides: Partial<{
+  segment: RouteSegment;
+  claims: Record<string, any>;
+  headers: Record<string, string>;
+  userId: string;
+  groups: string[];
+}>): NormalizedEvent {
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: {
+      body: {},
+      pathParameters: {},
+      queryStringParameters: {},
+      headers: overrides.headers ?? {},
+    },
+    params: {},
+    context: {
+      segment: overrides.segment ?? RouteSegment.Private,
+      identity: overrides.claims ? {
+        userId: overrides.userId ?? 'user-1',
+        groups: overrides.groups ?? [],
+        claims: overrides.claims,
+      } : undefined,
+      requestId: 'req-test',
+    },
+  };
+}
+
+describe('initTenantContext', () => {
+  afterEach(() => {
+    TenantContext._reset();
+  });
+
+  describe('from JWT claims (private/backoffice)', () => {
+    it('extracts tenantInfo from identity.claims and adds to context.tenantInfo', async () => {
+      const event = createMockEvent({
+        segment: RouteSegment.Private,
+        claims: {
+          'custom:tenantId': 'org_abc',
+          'custom:tenantType': 'ORG',
+          'custom:userId': 'user-1',
+          'custom:countryCode': 'CO',
+          'custom:personProfileId': 'person_1',
+          'custom:orgProfileId': 'org_abc',
+          'custom:plan': 'PRO',
+          'custom:hasCRM': 'true',
+        },
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo).toBeDefined();
+      expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
+      expect(result.context.tenantInfo?.tenantType).toBe('ORG');
+      expect(result.context.tenantInfo?.countryCode).toBe('CO');
+      expect(result.context.tenantInfo?.plan).toBe('PRO');
+      expect(result.context.tenantInfo?.hasCRM).toBe('true');
+    });
+
+    it('initializes TenantContext (AsyncLocalStorage)', async () => {
+      const event = createMockEvent({
+        claims: {
+          'custom:tenantId': 'org_abc',
+          'custom:tenantType': 'ORG',
+          'custom:userId': 'user-1',
+          'custom:countryCode': 'CO',
+        },
+      });
+
+      await initTenantContext(event);
+
+      expect(TenantContext.isActive()).toBe(true);
+      expect(TenantContext.current().tenantId).toBe('org_abc');
+    });
+
+    it('handles incomplete claims without error (returns event without tenantInfo)', async () => {
+      const event = createMockEvent({
+        claims: { 'custom:tenantId': 'org_abc' }, // missing tenantType, userId, countryCode
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo).toBeUndefined();
+    });
+  });
+
+  describe('from headers (internal/Lambda-to-Lambda)', () => {
+    it('extracts tenantInfo from x-tenant-* headers', async () => {
+      const event = createMockEvent({
+        segment: RouteSegment.Internal,
+        headers: {
+          'x-tenant-id': 'org_xyz',
+          'x-tenant-type': 'ORG',
+          'x-user-id': 'user-2',
+          'x-country-code': 'MX',
+        },
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo?.tenantId).toBe('org_xyz');
+      expect(result.context.tenantInfo?.tenantType).toBe('ORG');
+    });
+  });
+
+  describe('public routes (no authentication)', () => {
+    it('returns event without tenantInfo when no claims or headers', async () => {
+      const event = createMockEvent({
+        segment: RouteSegment.Public,
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo).toBeUndefined();
+      expect(TenantContext.isActive()).toBe(false);
+    });
+  });
+
+  describe('priority: claims > headers', () => {
+    it('uses claims if both are present', async () => {
+      const event = createMockEvent({
+        claims: {
+          'custom:tenantId': 'org_from_claims',
+          'custom:tenantType': 'ORG',
+          'custom:userId': 'user-1',
+          'custom:countryCode': 'CO',
+        },
+        headers: {
+          'x-tenant-id': 'org_from_headers',
+          'x-tenant-type': 'PERSON',
+          'x-user-id': 'user-2',
+          'x-country-code': 'MX',
+        },
+      });
+
+      const result = await initTenantContext(event) as NormalizedEvent;
+
+      expect(result.context.tenantInfo?.tenantId).toBe('org_from_claims');
+    });
+  });
+});

package/tests/middleware/tenant-guard.test.ts

@@ -1,100 +1,100 @@
-import { tenantGuard } from '../../src/middleware/tenant-guard';
-import { RouteSegment } from '../../src/types/event-type.enum';
-import type { NormalizedEvent } from '../../src/types/routes';
-import type { TenantInfo } from '../../src/tenant';
-
-function createEvent(options: {
-  tenantInfo?: TenantInfo;
-  groups?: string[];
-}): NormalizedEvent {
-  return {
-    eventRaw: {},
-    eventType: 'apigateway',
-    payload: { headers: {} },
-    params: {},
-    context: {
-      segment: RouteSegment.Private,
-      identity: {
-        userId: 'user-1',
-        groups: options.groups ?? [],
-        claims: {},
-      },
-      requestId: 'req-test',
-      tenantInfo: options.tenantInfo,
-    },
-  };
-}
-
-const mockTenant: TenantInfo = {
-  tenantId: 'org_abc',
-  tenantType: 'ORG',
-  userId: 'user-1',
-  countryCode: 'CO',
-};
-
-describe('tenantGuard', () => {
-  it('allows access when tenantInfo exists', async () => {
-    const event = createEvent({ tenantInfo: mockTenant });
-    const result = await tenantGuard(event) as NormalizedEvent;
-    expect(result).toBeDefined();
-    expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
-  });
-
-  it('throws 403 when no tenantInfo and not PLATFORM_ADMIN', async () => {
-    const event = createEvent({ groups: ['AGENT'] });
-    await expect(tenantGuard(event)).rejects.toMatchObject({
-      statusCode: 403,
-    });
-  });
-
-  it('throws 403 when no tenantInfo and no groups', async () => {
-    const event = createEvent({});
-    await expect(tenantGuard(event)).rejects.toMatchObject({
-      statusCode: 403,
-    });
-  });
-
-  it('throws 403 when tenantId is empty string', async () => {
-    const event = createEvent({ 
-      tenantInfo: { ...mockTenant, tenantId: '' }
-    });
-    await expect(tenantGuard(event)).rejects.toMatchObject({
-      statusCode: 403,
-    });
-  });
-
-  it('throws 403 when tenantId is whitespace only', async () => {
-    const event = createEvent({ 
-      tenantInfo: { ...mockTenant, tenantId: '   ' }
-    });
-    await expect(tenantGuard(event)).rejects.toMatchObject({
-      statusCode: 403,
-    });
-  });
-
-  it('error includes TENANT_CONTEXT_MISSING code', async () => {
-    const event = createEvent({ groups: ['ORG_ADMIN'] });
-    try {
-      await tenantGuard(event);
-      fail('Should have thrown');
-    } catch (err: any) {
-      const body = JSON.parse(err.body);
-      expect(body.code).toBe('TENANT_CONTEXT_MISSING');
-    }
-  });
-
-  it('allows PLATFORM_ADMIN without tenantInfo (cross-tenant)', async () => {
-    const event = createEvent({ groups: ['PLATFORM_ADMIN'] });
-    const result = await tenantGuard(event);
-    expect(result).toBeDefined();
-  });
-
-  it('allows PLATFORM_ADMIN with tenantInfo', async () => {
-    const event = createEvent({
-      tenantInfo: mockTenant,
-      groups: ['PLATFORM_ADMIN'],
-    });
-    const result = await tenantGuard(event) as NormalizedEvent;
-    expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
-  });
-});
+import { tenantGuard } from '../../src/middleware/tenant-guard';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+import type { TenantInfo } from '../../src/tenant';
+
+function createEvent(options: {
+  tenantInfo?: TenantInfo;
+  groups?: string[];
+}): NormalizedEvent {
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: { headers: {} },
+    params: {},
+    context: {
+      segment: RouteSegment.Private,
+      identity: {
+        userId: 'user-1',
+        groups: options.groups ?? [],
+        claims: {},
+      },
+      requestId: 'req-test',
+      tenantInfo: options.tenantInfo,
+    },
+  };
+}
+
+const mockTenant: TenantInfo = {
+  tenantId: 'org_abc',
+  tenantType: 'ORG',
+  userId: 'user-1',
+  countryCode: 'CO',
+};
+
+describe('tenantGuard', () => {
+  it('allows access when tenantInfo exists', async () => {
+    const event = createEvent({ tenantInfo: mockTenant });
+    const result = await tenantGuard(event) as NormalizedEvent;
+    expect(result).toBeDefined();
+    expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
+  });
+
+  it('throws 403 when no tenantInfo and not PLATFORM_ADMIN', async () => {
+    const event = createEvent({ groups: ['AGENT'] });
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('throws 403 when no tenantInfo and no groups', async () => {
+    const event = createEvent({});
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('throws 403 when tenantId is empty string', async () => {
+    const event = createEvent({ 
+      tenantInfo: { ...mockTenant, tenantId: '' }
+    });
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('throws 403 when tenantId is whitespace only', async () => {
+    const event = createEvent({ 
+      tenantInfo: { ...mockTenant, tenantId: '   ' }
+    });
+    await expect(tenantGuard(event)).rejects.toMatchObject({
+      statusCode: 403,
+    });
+  });
+
+  it('error includes TENANT_CONTEXT_MISSING code', async () => {
+    const event = createEvent({ groups: ['ORG_ADMIN'] });
+    try {
+      await tenantGuard(event);
+      fail('Should have thrown');
+    } catch (err: any) {
+      const body = JSON.parse(err.body);
+      expect(body.code).toBe('TENANT_CONTEXT_MISSING');
+    }
+  });
+
+  it('allows PLATFORM_ADMIN without tenantInfo (cross-tenant)', async () => {
+    const event = createEvent({ groups: ['PLATFORM_ADMIN'] });
+    const result = await tenantGuard(event);
+    expect(result).toBeDefined();
+  });
+
+  it('allows PLATFORM_ADMIN with tenantInfo', async () => {
+    const event = createEvent({
+      tenantInfo: mockTenant,
+      groups: ['PLATFORM_ADMIN'],
+    });
+    const result = await tenantGuard(event) as NormalizedEvent;
+    expect(result.context.tenantInfo?.tenantId).toBe('org_abc');
+  });
+});