sharetribe-flex-sdk 1.14.0

package/src/express_cookie_store.js

@@ -0,0 +1,57 @@
+const generateKey = (clientId, namespace) => `${namespace}-${clientId}-token`;
+
+const createStore = ({ clientId, req, res, secure }) => {
+  const expiration = 180; // 180 days
+  const namespace = 'st';
+  const key = generateKey(clientId, namespace);
+
+  // A mutable variable containing the current token.
+  // When a `setToken` is called, the current token will be
+  // stored to this variable. `getToken` will read subsequent
+  // calls from this variable.
+  let currentToken;
+
+  const readCookie = () => {
+    const cookie = req.cookies[key];
+
+    if (cookie) {
+      return JSON.parse(cookie);
+    }
+
+    return null;
+  };
+
+  const getToken = () => {
+    currentToken = currentToken || readCookie();
+
+    return currentToken;
+  };
+
+  const setToken = tokenData => {
+    currentToken = tokenData;
+    const secureFlag = secure ? { secure: true } : {};
+
+    // Manually stringify tokenData.
+    // Express supports passing object to `res.cookie` which will be then automatically
+    // JSON stringified. However, we CAN NOT use it, because it seems to output invalid JSON
+    // with a "j" tag in front of the content (`"j:{ ...json here... }`). Because we want
+    // to read that cookie also in browser, we don't want to produce invalid JSON.
+    res.cookie(key, JSON.stringify(tokenData), {
+      maxAge: 1000 * 60 * 60 * 24 * expiration,
+      ...secureFlag,
+    });
+  };
+
+  const removeToken = () => {
+    currentToken = null;
+    res.clearCookie(key);
+  };
+
+  return {
+    getToken,
+    setToken,
+    removeToken,
+  };
+};
+
+export default createStore;

package/src/fake/adapter.js

@@ -0,0 +1,130 @@
+import _ from 'lodash';
+import createTokenStore from './token_store';
+import * as auth from './auth';
+import * as api from './api';
+
+/**
+   This file implements a fake adapters for testing purposes only.
+
+   The test responses are copy-pasted from real API responses.
+ */
+
+const adapterHelper = adapterDef => config =>
+  new Promise((resolve, reject) => {
+    const rejectWithError = errorOrResponse => {
+      if (errorOrResponse instanceof Error) {
+        return reject(errorOrResponse);
+      }
+
+      const error = new Error(`Request failed with status code ${errorOrResponse.status}`);
+      error.response = errorOrResponse;
+
+      return reject(error);
+    };
+
+    adapterDef.call(null, config, resolve, rejectWithError);
+  });
+
+const parseAuthorizationHeader = value => {
+  if (!_.isString(value)) {
+    return {};
+  }
+
+  const splitted = value.split(' ');
+
+  return {
+    tokenType: splitted[0],
+    accessToken: splitted[1],
+  };
+};
+
+const requireAuth = (config, reject, tokenStore) => {
+  const { accessToken, tokenType } = parseAuthorizationHeader(config.headers.Authorization);
+
+  if (!accessToken && !tokenType) {
+    return reject({
+      status: 401,
+      data: '{}', // FIXME This is not what the server sends
+
+      __additionalTestInfo: 'Authorization header missing',
+    });
+  }
+
+  const validToken = tokenStore.validToken(accessToken, tokenType);
+
+  if (validToken) {
+    return Promise.resolve();
+  }
+
+  return reject({
+    status: 401,
+    data: '{}', // FIXME This is not what the server sends
+  });
+};
+
+const defaultHandler = (config, resolve, reject, tokenStore) => {
+  switch (config.url) {
+    case 'api/users/show':
+      return requireAuth(config, reject, tokenStore).then(() => api.users.show(config, resolve));
+    case 'api/marketplace/show':
+      return requireAuth(config, reject, tokenStore).then(() =>
+        api.marketplace.show(config, resolve)
+      );
+    case 'api/listings/search':
+      return requireAuth(config, reject, tokenStore).then(() =>
+        api.listings.search(config, resolve)
+      );
+    case 'api/own_listings/create':
+      return requireAuth(config, reject, tokenStore).then(() =>
+        api.ownListings.create(config, resolve, reject)
+      );
+    case 'auth/token':
+      return auth.token(config, resolve, reject, tokenStore);
+    case 'auth/revoke':
+      return requireAuth(config, reject, tokenStore).then(() =>
+        auth.revoke(config, resolve, reject, tokenStore)
+      );
+    case 'auth/auth_with_idp':
+      return auth.authWithIdp(config, resolve, reject, tokenStore);
+    default:
+      throw new Error(`Not implemented to Fake adapter: ${config.url}`);
+  }
+};
+
+/**
+   Create a fake adapter instance.
+
+   Features:
+
+   - Handle requests
+   - Store all requests (so that they can be inspected in tests)
+   - Implement fake token store
+*/
+const createAdapter = handlerFn => {
+  const requests = [];
+  const tokenStore = createTokenStore();
+  let offlineAfter;
+  const offline = () => offlineAfter != null && requests.length > offlineAfter;
+  const handler = handlerFn || defaultHandler;
+
+  return {
+    requests,
+    tokenStore,
+    offlineAfter: numOfRequests => {
+      offlineAfter = numOfRequests;
+    },
+    adapterFn: adapterHelper((config, resolve, reject) => {
+      // Store each request to `requests` array
+      requests.push(config);
+
+      if (offline()) {
+        return reject(new Error('Network error'));
+      }
+
+      // Call router to handle the request
+      return handler(config, resolve, reject, tokenStore);
+    }),
+  };
+};
+
+export default createAdapter;

package/src/fake/api.js

@@ -0,0 +1,137 @@
+import transit from 'transit-js';
+
+const reader = transit.reader('json');
+
+export const marketplace = {
+  show: (config, resolve) => {
+    const res = `["^ ",
+                     "~:data", ["^ ",
+                       "~:id", "~u${config.params.id}",
+                       "~:type", "~:marketplace",
+                       "~:attributes", ["^ ",
+                         "~:name", "Awesome skies.",
+                         "~:description", "Meet and greet with fanatical sky divers."],
+                       "~:relationships", ["^ "]],
+                     "~:meta", ["^ "],
+                     "~:included", []]`;
+
+    return resolve({ data: res });
+  },
+};
+
+export const users = {
+  show: (config, resolve) => {
+    const res = `["^ ",
+                   "~:data", ["^ ",
+                     "~:id", "~u0e0b60fe-d9a2-11e6-bf26-cec0c932ce01",
+                     "~:type", "~:user",
+                     "~:attributes", ["^ ",
+                       "~:email", "user@sharetribe.com",
+                       "~:description", "A team member"],
+                     "~:relationships", ["^ "]],
+                   "~:meta", ["^ "],
+                   "~:included", []]`;
+
+    return resolve({ data: res });
+  },
+};
+
+export const listings = {
+  search: (config, resolve) => {
+    const res = `["^ ",
+                   "~:data", [
+                     ["^ ",
+                       "~:id", "~u9009efe1-25ec-4ed5-9413-e80c584ff6bf",
+                       "~:type", "~:listing",
+                       "~:links", ["^ ",
+                         "~:self", "/v1/api/listings/show?id=9009efe1-25ec-4ed5-9413-e80c584ff6bf"],
+                       "~:attributes", ["^ ",
+                         "~:title", "Nishiki 401",
+                         "~:description", "27-speed Hybrid. Fully functional.",
+                         "~:address", "230 Hamilton Ave, Staten Island, NY 10301, USA",
+                         "~:geolocation", [
+                           "~#geo", [40.64542, -74.08508]]],
+                       "~:relationships", ["^ ",
+                         "~:author", ["^ ",
+                           "^4", ["^ ",
+                             "~:related", "/v1/api/users/show?id=3c073fae-6172-4e75-8b92-f560d58cd47c"]],
+                         "~:marketplace", ["^ ",
+                           "^4", ["^ ",
+                             "^>", "/v1/api/marketplace/show"]]]],
+                     ["^ ",
+                       "^1", "~u5e1f2086-522c-46f3-87b4-451c6770c833",
+                       "^2", "^3",
+                       "^4", ["^ ",
+                         "^5", "/v1/api/listings/show?id=5e1f2086-522c-46f3-87b4-451c6770c833"],
+                       "^6", ["^ ",
+                         "^7", "Pelago Brooklyn",
+                         "^8", "Goes together perfectly with a latte and a bow tie.",
+                         "^9", "230 Hamilton Ave, Staten Island, NY 10301, USA",
+                         "^:", [
+                           "^;", [40.64542, -74.08508]]],
+                       "^<", ["^ ",
+                         "^=", ["^ ",
+                           "^4", ["^ ",
+                             "^>", "/v1/api/users/show?id=3c073fae-6172-4e75-8b92-f560d58cd47c"]],
+                         "^?", ["^ ",
+                           "^4", ["^ ",
+                             "^>", "/v1/api/marketplace/show"]]]]],
+                   "~:meta", ["^ "],
+                   "~:included", []]`;
+
+    return resolve({ data: res });
+  },
+};
+
+export const ownListings = {
+  create: (config, resolve, reject) => {
+    const body = reader.read(config.data);
+
+    const requiredFields = ['title', 'description', 'address', 'geolocation'].map(k =>
+      body.get(transit.keyword(k))
+    );
+
+    if (requiredFields.some(v => v == null)) {
+      return reject({
+        status: 400,
+        statusText: 'Bad Request',
+        data: `["^ ",
+          "~:errors", [
+            ["^ ",
+              "~:id", "~u57b3f476-19a0-4e07-9a44-923d9dbbe361",
+              "~:status", 400,
+              "~:code", "bad-request",
+              "~:title", "Bad request",
+              "~:details", ["^ ",
+                "~:error", ["^ ",
+                  "~:body-params", ["^ ",
+                    "^4", "missing-required-key",
+                    "~:description", "missing-required-key",
+                    "~:address", "missing-required-key",
+                    "~:geolocation", "missing-required-key"]]]]]]`,
+      });
+    }
+
+    let res;
+
+    if (config.params.expand === true) {
+      res = `["^ ",
+        "~:data", ["^ ",
+          "~:id", "~u58c660f5-a39a-49a5-9270-8a917b7d6c9e",
+          "~:type", "~:ownListing",
+          "~:attributes", ["^ ",
+            "~:title", "Pelago bike",
+            "~:description", "City bike for city hipster!",
+            "~:price", ["~#mn", [12000, "USD"]],
+            "~:address", "Bulevardi 14, 00200 Helsinki, Finland",
+            "~:geolocation", ["~#geo", [40.0, 73.0]]]]]`;
+    } else {
+      res = `["^ ",
+        "~:data", ["^ ",
+          "~:id", "~u58c6610d-1ffd-4fa5-b386-4f9b6e46e732",
+          "~:type", "~:ownListing"]]`;
+    }
+
+    return resolve({ data: res });
+  },
+};

package/src/fake/auth.js

@@ -0,0 +1,84 @@
+import _ from 'lodash';
+
+const parseFormData = data =>
+  _.fromPairs(data.split('&').map(keyValue => keyValue.split('=').map(decodeURIComponent)));
+
+export const revoke = (config, resolve, reject, tokenStore) => {
+  const formData = parseFormData(config.data);
+
+  if (formData.token) {
+    if (tokenStore) {
+      const revoked = tokenStore.revokeRefreshToken(formData.token);
+
+      if (revoked.length) {
+        return resolve({ data: { action: 'revoked' } });
+      }
+    }
+
+    // FIXME The `data` is not what the server returns
+    return resolve({ data: { action: 'nothing' } });
+  }
+
+  // FIXME The `data` is not what the server returns
+  return reject({ data: {}, __additionalTestInfo: formData });
+};
+
+export const token = (config, resolve, reject, fakeTokenStore) => {
+  const formData = parseFormData(config.data);
+  let res;
+
+  if (formData.client_id === '08ec69f6-d37e-414d-83eb-324e94afddf0') {
+    if (formData.grant_type === 'client_credentials') {
+      res = fakeTokenStore.createAnonToken();
+    } else if (formData.grant_type === 'password') {
+      res = fakeTokenStore.createTokenWithCredentials(formData.username, formData.password);
+    } else if (formData.grant_type === 'authorization_code') {
+      res = fakeTokenStore.createTokenWithAuthorizationCode(formData.code);
+    } else if (formData.grant_type === 'refresh_token') {
+      res = fakeTokenStore.freshToken(formData.refresh_token);
+    } else if (
+      formData.grant_type === 'token_exchange' &&
+      formData.client_secret === '8af2bf99c380b3a303ab90ae4012c8cd8f69d309'
+    ) {
+      res = fakeTokenStore.exchangeToken(formData.subject_token);
+    }
+  }
+
+  if (res) {
+    return resolve({ data: JSON.stringify(res) });
+  }
+
+  return reject({
+    status: 401,
+    statusText: 'Unauthorized',
+    data: 'Unauthorized',
+
+    // Add additional information to help debugging when testing.
+    // This key is NOT returned by the real API.
+    __additionalTestInfo: { formData },
+  });
+};
+
+export const authWithIdp = (config, resolve, reject, fakeTokenStore) => {
+  const formData = parseFormData(config.data);
+  const { idpId, idpClientId, idpToken } = formData;
+  let res;
+
+  if (formData.client_id === '08ec69f6-d37e-414d-83eb-324e94afddf0') {
+    res = fakeTokenStore.createTokenWithIdp(idpId, idpClientId, idpToken);
+  }
+
+  if (res) {
+    return resolve({ data: JSON.stringify(res) });
+  }
+
+  return reject({
+    status: 401,
+    statusText: 'Unauthorized',
+    data: 'Unauthorized',
+
+    // Add additional information to help debugging when testing.
+    // This key is NOT returned by the real API.
+    __additionalTestInfo: { formData },
+  });
+};

package/src/fake/token_store.js

@@ -0,0 +1,231 @@
+import _ from 'lodash';
+
+const createTokenStore = () => {
+  const tokens = [];
+  let anonAccessTokenCount = 0;
+  let accessTokenCount = 0;
+  let refreshTokenCount = 0;
+
+  const knownUsers = [['joe.dunphy@example.com', 'secret-joe']];
+
+  const knownAuthorizationCodes = [
+    { code: 'flex-authorization-code', username: 'joe.dunphy@example.com' },
+  ];
+
+  const knownIdpTokens = [
+    {
+      id: 'facebook',
+      token: 'idp-token',
+      clientId: 'idp-client-id',
+      username: 'joe.dunphy@example.com',
+    },
+  ];
+
+  // Private
+
+  const generateAnonAccessToken = () => {
+    anonAccessTokenCount += 1;
+    return `anonymous-access-${anonAccessTokenCount}`;
+  };
+
+  const generateAccessToken = username => {
+    accessTokenCount += 1;
+    return `${username}-access-${accessTokenCount}`;
+  };
+
+  const generateRefreshToken = username => {
+    refreshTokenCount += 1;
+    return `${username}-refresh-${refreshTokenCount}`;
+  };
+
+  // Public
+
+  const validToken = (accessToken, tokenType) =>
+    _.find(
+      tokens,
+      ({ token }) =>
+        token.access_token &&
+        accessToken &&
+        token.token_type &&
+        tokenType &&
+        token.access_token.toLowerCase() === accessToken.toLowerCase() &&
+        token.token_type.toLowerCase() === tokenType.toLowerCase()
+    );
+
+  const createAnonToken = () => {
+    const token = {
+      token: {
+        access_token: generateAnonAccessToken(),
+        token_type: 'bearer',
+        expires_in: 86400,
+        scope: 'public-read',
+      },
+    };
+    tokens.push(token);
+
+    return token.token;
+  };
+
+  const createTokenWithCredentials = (username, password) => {
+    const user = _.find(knownUsers, u => _.isEqual(u, [username, password]));
+
+    if (!user) {
+      return null;
+    }
+
+    const token = {
+      token: {
+        access_token: generateAccessToken(username),
+        refresh_token: generateRefreshToken(username),
+        token_type: 'bearer',
+        expires_in: 86400,
+        scope: 'user',
+      },
+      user: {
+        username,
+      },
+    };
+    tokens.push(token);
+
+    return token.token;
+  };
+
+  const createTokenWithAuthorizationCode = authorizationCode => {
+    const knownCode = _.find(knownAuthorizationCodes, ({ code }) => code === authorizationCode);
+
+    if (!knownCode) {
+      return null;
+    }
+
+    const { username } = knownCode;
+    const token = {
+      token: {
+        access_token: generateAccessToken(username),
+        refresh_token: generateRefreshToken(username),
+        token_type: 'bearer',
+        expires_in: 86400,
+        scope: 'user:limited',
+      },
+      user: {
+        username,
+      },
+    };
+    tokens.push(token);
+
+    return token.token;
+  };
+
+  const createTokenWithIdp = (idpId, idpClientId, idpToken) => {
+    const knownIdpToken = _.find(
+      knownIdpTokens,
+      ({ id, token, clientId }) => id === idpId && token === idpToken && clientId === idpClientId
+    );
+
+    if (!knownIdpToken) {
+      return null;
+    }
+
+    const { username } = knownIdpToken;
+    const token = {
+      token: {
+        access_token: generateAccessToken(username),
+        refresh_token: generateRefreshToken(username),
+        token_type: 'bearer',
+        expires_in: 86400,
+        scope: 'user',
+      },
+      user: {
+        username,
+      },
+    };
+    tokens.push(token);
+
+    return token.token;
+  };
+
+  const exchangeToken = accessToken => {
+    const currentToken = _.find(
+      tokens,
+      ({ token }) =>
+        token.access_token &&
+        accessToken &&
+        token.access_token.toLowerCase() === accessToken.toLowerCase()
+    );
+
+    if (!currentToken) {
+      return null;
+    }
+
+    const { username } = currentToken.user;
+
+    const trustedToken = {
+      token: {
+        access_token: generateAccessToken(username),
+        refresh_token: generateRefreshToken(username),
+        token_type: 'bearer',
+        expires_in: 86400,
+        scope: 'trusted:user',
+      },
+      user: {
+        username,
+      },
+    };
+    tokens.push(trustedToken);
+
+    return trustedToken.token;
+  };
+
+  const expireAccessToken = accessToken => {
+    _.map(tokens, t => {
+      const { token } = t;
+
+      if (token.access_token === accessToken) {
+        token.access_token = null;
+      }
+
+      return t;
+    });
+  };
+
+  const revokeRefreshToken = refreshToken =>
+    _.remove(tokens, t => t.token.refresh_token === refreshToken);
+
+  const freshToken = refreshToken => {
+    const existingToken = revokeRefreshToken(refreshToken);
+
+    if (existingToken.length) {
+      const { username } = existingToken[0].user;
+
+      const token = {
+        token: {
+          access_token: generateAccessToken(username),
+          refresh_token: generateRefreshToken(username),
+          token_type: 'bearer',
+          expires_in: 86400,
+        },
+        user: {
+          username,
+        },
+      };
+      tokens.push(token);
+
+      return token.token;
+    }
+
+    return null;
+  };
+
+  return {
+    createAnonToken,
+    createTokenWithCredentials,
+    createTokenWithAuthorizationCode,
+    createTokenWithIdp,
+    exchangeToken,
+    freshToken,
+    revokeRefreshToken,
+    validToken,
+    expireAccessToken,
+  };
+};
+
+export default createTokenStore;

package/src/index.js

@@ -0,0 +1,25 @@
+import SharetribeSdk from './sdk';
+import * as types from './types';
+import browserCookieStore from './browser_cookie_store';
+import expressCookieStore from './express_cookie_store';
+import memoryStore from './memory_store';
+import { read, write } from './serializer';
+import { objectQueryString } from './utils';
+
+const createInstance = config => new SharetribeSdk(config);
+
+// Export token stores
+const tokenStore = {
+  memoryStore,
+  browserCookieStore,
+  expressCookieStore,
+};
+
+// Export Transit serialization helpers
+const transit = { read, write };
+
+// Export util functions
+const util = { objectQueryString };
+
+/* eslint-disable import/prefer-default-export */
+export { createInstance, types, tokenStore, transit, util };

package/src/interceptors/.eslintrc.js

@@ -0,0 +1,5 @@
+module.exports = {
+  rules: {
+    'class-methods-use-this': 'off',
+  },
+};

package/src/interceptors/add_auth_header.js

@@ -0,0 +1,32 @@
+const constructAuthHeader = authToken => {
+  /* eslint-disable camelcase */
+  const token_type = authToken.token_type && authToken.token_type.toLowerCase();
+
+  switch (token_type) {
+    case 'bearer':
+      return `Bearer ${authToken.access_token}`;
+    default:
+      throw new Error(`Unknown token type: ${token_type}`);
+  }
+  /* eslint-enable camelcase */
+};
+
+/**
+   Read `authToken` from `ctx`. Then construct Authorize header and add it to `headers`.
+
+   Changes to `ctx`:
+
+   - Add `headers.Authorize`
+ */
+export default class AddAuthHeader {
+  enter(ctx) {
+    const { authToken, headers = {} } = ctx;
+
+    if (!authToken) {
+      return ctx;
+    }
+
+    const authHeaders = { Authorization: constructAuthHeader(authToken) };
+    return { ...ctx, headers: { ...headers, ...authHeaders } };
+  }
+}