wabe 0.6.12 → 0.6.14

package/src/schema/defaultResolvers.ts

@@ -1,93 +0,0 @@
-import type { MutationResolver, QueryResolver } from './Schema'
-import { meResolver } from './resolvers/meResolver'
-import { sendEmailResolver } from './resolvers/sendEmail'
-import { resetPasswordResolver } from './resolvers/resetPassword'
-import { sendOtpCodeResolver } from './resolvers/sendOtpCode'
-
-export const defaultQueries: {
-	[key: string]: QueryResolver<any>
-} = {
-	me: {
-		type: 'Object',
-		outputObject: {
-			name: 'MeOutput',
-			fields: {
-				user: {
-					type: 'Pointer',
-					class: 'User',
-				},
-			},
-		},
-		resolve: meResolver,
-	},
-}
-
-export const defaultMutations: {
-	[key: string]: MutationResolver<any>
-} = {
-	resetPassword: {
-		type: 'Boolean',
-		description: 'Mutation to reset the password of the user',
-		args: {
-			input: {
-				password: {
-					type: 'String',
-					required: true,
-				},
-				email: {
-					type: 'Email',
-				},
-				phone: {
-					type: 'String',
-				},
-				otp: {
-					type: 'String',
-					required: true,
-				},
-			},
-		},
-		resolve: resetPasswordResolver,
-	},
-	sendOtpCode: {
-		type: 'Boolean',
-		description: 'Send an OTP code by email to the user',
-		args: {
-			input: {
-				email: {
-					type: 'Email',
-					required: true,
-				},
-			},
-		},
-		resolve: sendOtpCodeResolver,
-	},
-	sendEmail: {
-		type: 'String',
-		description: 'Send basic email with text and html, returns the id of the email',
-		args: {
-			input: {
-				from: {
-					type: 'String',
-					required: true,
-				},
-				to: {
-					type: 'Array',
-					typeValue: 'String',
-					required: true,
-					requiredValue: true,
-				},
-				subject: {
-					type: 'String',
-					required: true,
-				},
-				text: {
-					type: 'String',
-				},
-				html: {
-					type: 'String',
-				},
-			},
-		},
-		resolve: sendEmailResolver,
-	},
-}

package/src/schema/index.ts

@@ -1 +0,0 @@
-export * from './Schema'

package/src/schema/resolvers/meResolver.test.ts

@@ -1,62 +0,0 @@
-import { describe, beforeAll, afterAll, it, expect } from 'bun:test'
-import type { Wabe } from '../../server'
-import { getAdminUserClient, type DevWabeTypes } from '../../utils/helper'
-import { setupTests, closeTests } from '../../utils/testHelper'
-import { gql } from 'graphql-request'
-
-describe('me', () => {
-	let wabe: Wabe<DevWabeTypes>
-
-	beforeAll(async () => {
-		const setup = await setupTests()
-		wabe = setup.wabe
-	})
-
-	afterAll(async () => {
-		await closeTests(wabe)
-	})
-
-	it('should return information about current user', async () => {
-		const adminClient = await getAdminUserClient(wabe.config.port, wabe, {
-			email: 'admin@wabe.dev',
-			password: 'admin',
-		})
-
-		const {
-			me: { user },
-		} = await adminClient.request<any>(graphql.me)
-
-		expect(user.role.name).toBe('Admin')
-
-		expect(user.authentication.emailPassword.email).toBe('admin@wabe.dev')
-	})
-})
-
-const graphql = {
-	signUpWith: gql`
-		mutation signUpWith($input: SignUpWithInput!) {
-			signUpWith(input: $input) {
-				id
-				accessToken
-				refreshToken
-			}
-		}
-	`,
-	me: gql`
-		query me {
-			me {
-				user {
-					id
-					authentication {
-						emailPassword {
-							email
-						}
-					}
-					role {
-						name
-					}
-				}
-			}
-		}
-	`,
-}

package/src/schema/resolvers/meResolver.ts

@@ -1,10 +0,0 @@
-import type { WabeContext } from '../../server/interface'
-import type { DevWabeTypes } from '../../utils/helper'
-
-export const meResolver = (_: any, __: any, context: WabeContext<DevWabeTypes>) => {
-	if (!context.user?.id) return { user: undefined }
-
-	return {
-		user: context.user,
-	}
-}

package/src/schema/resolvers/resetPassword.test.ts

@@ -1,341 +0,0 @@
-import { describe, it, afterAll, beforeAll, expect, beforeEach } from 'bun:test'
-import { gql, type GraphQLClient } from 'graphql-request'
-import { type DevWabeTypes, getAnonymousClient, getGraphqlClient } from '../../utils/helper'
-import { setupTests, closeTests } from '../../utils/testHelper'
-import type { Wabe } from '../../server'
-import { OTP } from 'src'
-
-describe('resetPasswordResolver', () => {
-	let wabe: Wabe<DevWabeTypes>
-	let port: number
-	let client: GraphQLClient
-
-	beforeAll(async () => {
-		const setup = await setupTests()
-		wabe = setup.wabe
-		port = setup.port
-		client = getGraphqlClient(port)
-	})
-
-	afterAll(async () => {
-		await closeTests(wabe)
-	})
-
-	beforeEach(async () => {
-		await wabe.controllers.database.clearDatabase()
-	})
-
-	it('should let an anonymous reset the password of an user', async () => {
-		process.env.NODE_ENV = 'production'
-
-		const anonymousClient = getAnonymousClient(port)
-
-		await anonymousClient.request<any>(graphql.createUser, {
-			input: {
-				fields: {
-					authentication: {
-						emailPassword: {
-							email: 'toto@toto.fr',
-							password: 'totototo',
-						},
-					},
-				},
-			},
-		})
-
-		const {
-			users: { edges },
-		} = await getGraphqlClient(port).request<any>(gql`
-			query users {
-				users(where: { email: { equalTo: "toto@toto.fr" } }) {
-					edges {
-						node {
-							id
-						}
-					}
-				}
-			}
-		`)
-
-		const userId = edges[0].node.id
-
-		const otp = new OTP(wabe.config.rootKey)
-
-		await anonymousClient.request<any>(graphql.resetPassword, {
-			input: {
-				email: 'toto@toto.fr',
-				password: 'tata',
-				otp: otp.generate(userId),
-			},
-		})
-
-		const res = await anonymousClient.request<any>(graphql.signInWith, {
-			input: {
-				authentication: {
-					emailPassword: {
-						email: 'toto@toto.fr',
-						password: 'tata',
-					},
-				},
-			},
-		})
-
-		expect(res.signInWith.user.id).toEqual(userId)
-
-		process.env.NODE_ENV = 'test'
-	})
-
-	it('should reset password of an user if the OTP code is valid', async () => {
-		process.env.NODE_ENV = 'production'
-
-		const {
-			createUser: { user },
-		} = await client.request<any>(graphql.createUserWithRoot, {
-			input: {
-				fields: {
-					authentication: {
-						emailPassword: {
-							email: 'toto@toto.fr',
-							password: 'totototo',
-						},
-					},
-				},
-			},
-		})
-
-		const userId = user.id
-
-		const otp = new OTP(wabe.config.rootKey)
-
-		await client.request<any>(graphql.resetPassword, {
-			input: {
-				email: 'toto@toto.fr',
-				password: 'tata',
-				otp: otp.generate(userId),
-			},
-		})
-
-		const res = await client.request<any>(graphql.signInWith, {
-			input: {
-				authentication: {
-					emailPassword: {
-						email: 'toto@toto.fr',
-						password: 'tata',
-					},
-				},
-			},
-		})
-
-		expect(res.signInWith.user.id).toEqual(userId)
-
-		process.env.NODE_ENV = 'test'
-	})
-
-	it('should reset password in dev mode with valid normal code', async () => {
-		process.env.NODE_ENV = 'test'
-
-		const {
-			createUser: { user },
-		} = await client.request<any>(graphql.createUserWithRoot, {
-			input: {
-				fields: {
-					authentication: {
-						emailPassword: {
-							email: 'toto@toto.fr',
-							password: 'totototo',
-						},
-					},
-				},
-			},
-		})
-
-		const userId = user.id
-
-		const otp = new OTP(wabe.config.rootKey)
-
-		await client.request<any>(graphql.resetPassword, {
-			input: {
-				email: 'toto@toto.fr',
-				password: 'tata',
-				otp: otp.generate(userId),
-			},
-		})
-
-		const res = await client.request<any>(graphql.signInWith, {
-			input: {
-				authentication: {
-					emailPassword: {
-						email: 'toto@toto.fr',
-						password: 'tata',
-					},
-				},
-			},
-		})
-
-		expect(res.signInWith.user.id).toEqual(userId)
-	})
-
-	it('should reset password in dev mode with code 000000', async () => {
-		process.env.NODE_ENV = 'test'
-
-		const {
-			createUser: { user },
-		} = await client.request<any>(graphql.createUserWithRoot, {
-			input: {
-				fields: {
-					authentication: {
-						emailPassword: {
-							email: 'toto2@toto.fr',
-							password: 'totototo',
-						},
-					},
-				},
-			},
-		})
-
-		const userId = user.id
-
-		await client.request<any>(graphql.resetPassword, {
-			input: {
-				email: 'toto2@toto.fr',
-				password: 'tata',
-				otp: '000000',
-			},
-		})
-
-		const res = await client.request<any>(graphql.signInWith, {
-			input: {
-				authentication: {
-					emailPassword: {
-						email: 'toto2@toto.fr',
-						password: 'tata',
-					},
-				},
-			},
-		})
-
-		expect(res.signInWith.user.id).toEqual(userId)
-	})
-
-	it("should return true if the user doesn't exist (hide sensitive data)", async () => {
-		process.env.NODE_ENV = 'test'
-
-		const res = await client.request<any>(graphql.resetPassword, {
-			input: {
-				email: 'invalidUser@toto.fr',
-				password: 'tata',
-				otp: '000000',
-			},
-		})
-
-		expect(res.resetPassword).toEqual(true)
-	})
-
-	it('should not reset password of an user if the OTP code is invalid', async () => {
-		process.env.NODE_ENV = 'production'
-
-		await client.request<any>(graphql.createUserWithRoot, {
-			input: {
-				fields: {
-					authentication: {
-						emailPassword: {
-							email: 'toto3@toto.fr',
-							password: 'totototo',
-						},
-					},
-				},
-			},
-		})
-
-		expect(
-			client.request<any>(graphql.resetPassword, {
-				input: {
-					email: 'toto3@toto.fr',
-					password: 'tata',
-					otp: 'invalidOtp',
-				},
-			}),
-		).rejects.toThrow('Invalid OTP code')
-
-		process.env.NODE_ENV = 'test'
-	})
-
-	it('should reset password of another provider than emailPassword', async () => {
-		process.env.NODE_ENV = 'production'
-
-		const {
-			createUser: { user },
-		} = await client.request<any>(graphql.createUserWithRoot, {
-			input: {
-				fields: {
-					authentication: {
-						phonePassword: {
-							phone: '+33600000000',
-							password: 'totototo',
-						},
-					},
-				},
-			},
-		})
-
-		const userId = user.id
-
-		const otp = new OTP(wabe.config.rootKey)
-
-		await client.request<any>(graphql.resetPassword, {
-			input: {
-				phone: '+33600000000',
-				password: 'tata',
-				otp: otp.generate(userId),
-			},
-		})
-
-		const res = await client.request<any>(graphql.signInWith, {
-			input: {
-				authentication: {
-					phonePassword: {
-						phone: '+33600000000',
-						password: 'tata',
-					},
-				},
-			},
-		})
-
-		expect(res.signInWith.user.id).toEqual(userId)
-
-		process.env.NODE_ENV = 'test'
-	})
-})
-
-const graphql = {
-	signInWith: gql`
-		mutation signInWith($input: SignInWithInput!) {
-			signInWith(input: $input) {
-				user {
-					id
-				}
-			}
-		}
-	`,
-	createUser: gql`
-		mutation createUser($input: CreateUserInput!) {
-			createUser(input: $input) {
-				ok
-			}
-		}
-	`,
-	createUserWithRoot: gql`
-		mutation createUser($input: CreateUserInput!) {
-			createUser(input: $input) {
-				user {
-					id
-				}
-			}
-		}
-	`,
-	resetPassword: gql`
-		mutation resetPassword($input: ResetPasswordInput!) {
-			resetPassword(input: $input)
-		}
-	`,
-}

package/src/schema/resolvers/resetPassword.ts

@@ -1,63 +0,0 @@
-import type { MutationResetPasswordArgs } from '../../../generated/wabe'
-import { OTP } from '../../authentication/OTP'
-import type { WabeContext } from '../../server/interface'
-import { contextWithRoot } from '../../utils/export'
-import type { DevWabeTypes } from '../../utils/helper'
-
-const DUMMY_USER_ID = '00000000-0000-0000-0000-000000000000'
-
-export const resetPasswordResolver = async (
-	_: any,
-	{ input: { email, phone, password, otp } }: MutationResetPasswordArgs,
-	context: WabeContext<DevWabeTypes>,
-) => {
-	if (!email && !phone) throw new Error('Email or phone is required')
-
-	const users = await context.wabe.controllers.database.getObjects({
-		className: 'User',
-		where: {
-			...(email && { email: { equalTo: email } }),
-			...(phone && {
-				authentication: { phonePassword: { phone: { equalTo: phone } } },
-			}),
-		},
-		select: { id: true, authentication: true },
-		first: 1,
-		context: contextWithRoot(context),
-	})
-
-	const realUser = users.length > 0 ? users[0] : null
-	const userId = realUser?.id ?? DUMMY_USER_ID
-
-	const otpClass = new OTP(context.wabe.config.rootKey)
-	const isOtpValid = otpClass.verify(otp, userId)
-
-	if (realUser) {
-		const inProd = process.env.NODE_ENV === 'production'
-		const devBypass = !inProd && otp === '000000'
-
-		if (!isOtpValid && !(devBypass && !inProd)) throw new Error('Invalid OTP code')
-
-		const providerKey = phone ? 'phonePassword' : 'emailPassword'
-
-		await context.wabe.controllers.database.updateObject({
-			className: 'User',
-			id: realUser.id,
-			data: {
-				authentication: {
-					[providerKey]: {
-						...(phone && {
-							phone: realUser.authentication?.phonePassword?.phone,
-						}),
-						...(email && { email }),
-						password,
-					},
-				},
-			},
-			select: {},
-			context: contextWithRoot(context),
-		})
-	}
-
-	return true
-}

package/src/schema/resolvers/sendEmail.test.ts

@@ -1,118 +0,0 @@
-import { describe, expect, it, mock } from 'bun:test'
-import { sendEmailResolver } from './sendEmail'
-import type { WabeContext } from '../../server/interface'
-
-describe('SendEmail', () => {
-	it('should throw an error if email adapter is not defined', () => {
-		expect(() =>
-			sendEmailResolver(
-				undefined,
-				{
-					input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
-				},
-				{
-					isRoot: false,
-					user: {
-						id: 'id',
-					},
-					wabe: {
-						controllers: {
-							email: undefined,
-						} as any,
-					},
-				} as WabeContext<any>,
-			),
-		).toThrow('Email adapter not defined')
-	})
-
-	it('should send email when user is connected', async () => {
-		const mockSend = mock(() => {}).mockResolvedValueOnce(true as never)
-
-		const res = await sendEmailResolver(
-			undefined,
-			{
-				input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
-			},
-			{
-				isRoot: false,
-				user: {
-					id: 'id',
-				},
-				wabe: {
-					controllers: {
-						email: {
-							send: mockSend,
-						},
-					} as any,
-				},
-			} as WabeContext<any>,
-		)
-
-		expect(res).toBeTrue()
-
-		expect(mockSend).toHaveBeenCalledTimes(1)
-		expect(mockSend).toHaveBeenCalledWith({
-			from: 'from',
-			to: ['to'],
-			subject: 'subject',
-			text: 'text',
-		})
-	})
-
-	it('should send email when user is root', async () => {
-		const mockSend = mock(() => {}).mockResolvedValueOnce(true as never)
-
-		const res = await sendEmailResolver(
-			undefined,
-			{
-				input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
-			},
-			{
-				isRoot: true,
-				wabe: {
-					controllers: {
-						email: {
-							send: mockSend,
-						},
-					} as any,
-				},
-			} as WabeContext<any>,
-		)
-
-		expect(res).toBeTrue()
-
-		expect(mockSend).toHaveBeenCalledTimes(1)
-		expect(mockSend).toHaveBeenCalledWith({
-			from: 'from',
-			to: ['to'],
-			subject: 'subject',
-			text: 'text',
-		})
-	})
-
-	it('should not send email when user is not connected and is not root', () => {
-		const mockSend = mock(() => {}).mockResolvedValueOnce(true as never)
-
-		expect(() =>
-			sendEmailResolver(
-				undefined,
-				{
-					input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
-				},
-				{
-					isRoot: false,
-					user: undefined,
-					wabe: {
-						controllers: {
-							email: {
-								send: mockSend,
-							},
-						} as any,
-					},
-				} as WabeContext<any>,
-			),
-		).toThrow('Permission denied')
-
-		expect(mockSend).toHaveBeenCalledTimes(0)
-	})
-})

package/src/schema/resolvers/sendEmail.ts

@@ -1,21 +0,0 @@
-import type { MutationSendEmailArgs } from '../../../generated/wabe'
-import type { WabeContext } from '../../server/interface'
-import type { DevWabeTypes } from '../../utils/helper'
-
-export const sendEmailResolver = (
-	_: any,
-	{ input }: MutationSendEmailArgs,
-	context: WabeContext<DevWabeTypes>,
-) => {
-	if (!context.user && !context.isRoot) throw new Error('Permission denied')
-
-	const emailController = context.wabe.controllers.email
-
-	if (!emailController) throw new Error('Email adapter not defined')
-
-	return emailController.send({
-		...input,
-		text: input.text ?? undefined,
-		html: input.html ?? undefined,
-	})
-}