wabe 0.6.9 → 0.6.10

package/src/hooks/deleteSession.test.ts

@@ -0,0 +1,181 @@
+import { describe, beforeAll, afterAll, expect, it, beforeEach } from 'bun:test'
+import type { Wabe } from '../server'
+import { type DevWabeTypes, getGraphqlClient } from '../utils/helper'
+import { setupTests, closeTests } from '../utils/testHelper'
+import { gql, type GraphQLClient } from 'graphql-request'
+
+describe('Delete session on delete user', () => {
+	let wabe: Wabe<DevWabeTypes>
+	let port: number
+	let client: GraphQLClient
+
+	beforeAll(async () => {
+		const setup = await setupTests()
+		wabe = setup.wabe
+		port = setup.port
+		client = getGraphqlClient(port)
+	})
+
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+
+	beforeEach(async () => {
+		await wabe.controllers.database.clearDatabase()
+	})
+
+	it('should delete the session when the user is deleted', async () => {
+		const {
+			signUpWith: { id: userId },
+		} = await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'email@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		const { _sessions: sessions1 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions1.edges.length).toEqual(1)
+
+		await client.request<any>(graphql.deleteUser, {
+			input: {
+				id: userId,
+			},
+		})
+
+		const { _sessions: sessions2 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions2.edges.length).toEqual(0)
+	})
+
+	it('should only delete the sessions of the deleted user', async () => {
+		const {
+			signUpWith: { id: userId },
+		} = await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'email@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'anotherEmail@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		const { _sessions: sessions1 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions1.edges.length).toEqual(2)
+
+		await client.request<any>(graphql.deleteUser, {
+			input: {
+				id: userId,
+			},
+		})
+
+		const { _sessions: sessions2 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions2.edges.length).toEqual(1)
+	})
+
+	it("should not delete any session if the user doesn't have any session", async () => {
+		const {
+			signUpWith: { id: userId },
+		} = await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'email@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'anotherEmail@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		await wabe.controllers.database.deleteObjects({
+			className: '_Session',
+			context: {
+				wabe,
+				isRoot: true,
+			},
+			select: {},
+			where: {
+				user: {
+					id: {
+						equalTo: userId,
+					},
+				},
+			},
+		})
+
+		// Delete the user
+		await client.request<any>(graphql.deleteUser, {
+			input: {
+				id: userId,
+			},
+		})
+
+		const { _sessions: sessions2 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions2.edges.length).toEqual(1)
+	})
+})
+
+const graphql = {
+	sessions: gql`
+		query _sessions {
+			_sessions {
+				edges {
+					node {
+						id
+					}
+				}
+			}
+		}
+	`,
+	signUpWith: gql`
+    mutation signUpWith($input: SignUpWithInput!) {
+        signUpWith(input: $input){
+            id
+            accessToken
+            refreshToken
+        }
+      }
+    `,
+	deleteUser: gql`
+		mutation deleteUser($input: DeleteUserInput!) {
+			deleteUser(input: $input) {
+				user {
+					name
+					age
+				}
+			}
+		}
+	`,
+}

package/src/hooks/deleteSession.ts

@@ -0,0 +1,20 @@
+import { contextWithRoot } from '../utils/export'
+import type { DevWabeTypes } from '../utils/helper'
+import type { HookObject } from './HookObject'
+
+// TODO: It should better to do this in after delete to avoid case when deleteUser failed
+// For the moment KISS
+export const defaultDeleteSessionOnDeleteUser = async (
+	object: HookObject<DevWabeTypes, 'User'>,
+) => {
+	const userId = object.object?.id
+
+	await object.context.wabe.controllers.database.deleteObjects({
+		className: '_Session',
+		context: contextWithRoot(object.context),
+		where: {
+			user: { id: { equalTo: userId } },
+		},
+		select: {},
+	})
+}

package/src/hooks/hashFieldHook.test.ts

@@ -0,0 +1,163 @@
+import { hashFieldHook } from './hashFieldHook'
+import { describe, expect, it } from 'bun:test'
+import { HookObject } from './HookObject'
+import type { SchemaFields } from '../schema'
+import { OperationType } from '.'
+import { hashArgon2, verifyArgon2 } from 'src/utils/crypto'
+
+const makeHookObject = ({ className, operationType, newData, fields }: any) => {
+	const config = {
+		port: 0,
+		isProduction: false,
+		database: {} as any,
+		rootKey: '',
+		schema: {
+			classes: [{ name: className, fields }],
+		},
+	}
+	return new HookObject({
+		className,
+		operationType,
+		newData,
+		context: {
+			wabe: { config } as any,
+			isRoot: false,
+		},
+		object: { id: 'dummy' },
+		select: {},
+	})
+}
+
+describe('hashFieldHook', () => {
+	const fields: SchemaFields<any> = {
+		password: { type: 'Hash' },
+		email: { type: 'Email' },
+		authentication: {
+			type: 'Object',
+			object: {
+				name: 'Authentication',
+				fields: {
+					emailPassword: {
+						type: 'Object',
+						object: {
+							name: 'EmailPassword',
+							fields: {
+								password: { type: 'Hash' },
+							},
+						},
+					},
+				},
+			},
+		},
+		twoHashes: {
+			type: 'Object',
+			object: {
+				name: 'TwoHashes',
+				fields: {
+					hash1: { type: 'Hash' },
+					hash2: { type: 'Hash' },
+				},
+			},
+		},
+	}
+
+	it('should hashed a plain value in a sub object in beforeCreate', async () => {
+		const newData = {
+			authentication: { emailPassword: { password: 'mysecret' } },
+		}
+
+		const hookObject = makeHookObject({
+			className: 'User',
+			operationType: OperationType.BeforeCreate,
+			newData,
+			fields,
+		})
+
+		await hashFieldHook(hookObject)
+
+		expect(
+			hookObject.getNewData().authentication.emailPassword.password,
+		).not.toBe('mysecret')
+
+		const isValid = await verifyArgon2(
+			'mysecret',
+			hookObject.getNewData().authentication.emailPassword.password,
+		)
+		expect(isValid).toBe(true)
+	})
+
+	it('should hashed a plain value in a sub object with 2 hash fields in beforeCreate', async () => {
+		const newData = {
+			twoHashes: { hash1: 'mysecret', hash2: 'mysecret' },
+		}
+
+		const hookObject = makeHookObject({
+			className: 'User',
+			operationType: OperationType.BeforeCreate,
+			newData,
+			fields,
+		})
+
+		await hashFieldHook(hookObject)
+
+		expect(hookObject.getNewData().twoHashes.hash1).not.toBe('mysecret')
+
+		const isValid = await verifyArgon2(
+			'mysecret',
+			hookObject.getNewData().twoHashes.hash1,
+		)
+		expect(isValid).toBe(true)
+
+		expect(hookObject.getNewData().twoHashes.hash2).not.toBe('mysecret')
+
+		const isValid2 = await verifyArgon2(
+			'mysecret',
+			hookObject.getNewData().twoHashes.hash2,
+		)
+		expect(isValid2).toBe(true)
+	})
+
+	it('hashes a plain value on beforeCreate', async () => {
+		const newData = { password: 'mysecret', email: 'test@example.com' }
+		const hookObject = makeHookObject({
+			className: 'User',
+			operationType: 'beforeCreate',
+			newData,
+			fields,
+		})
+		await hashFieldHook(hookObject)
+		expect(hookObject.getNewData().password).not.toBe('mysecret')
+		expect(hookObject.getNewData().email).toBe('test@example.com')
+
+		const isValid = await verifyArgon2(
+			'mysecret',
+			hookObject.getNewData().password,
+		)
+		expect(isValid).toBe(true)
+	})
+
+	it('does not double-hash an already hashed value', async () => {
+		const hashed = await hashArgon2('alreadyhashed')
+		const newData = { password: hashed }
+		const hookObject = makeHookObject({
+			className: 'User',
+			operationType: 'beforeUpdate',
+			newData,
+			fields,
+		})
+		await hashFieldHook(hookObject)
+		expect(hookObject.getNewData().password).toBe(hashed)
+	})
+
+	it('does nothing if not beforeCreate or beforeUpdate', async () => {
+		const newData = { password: 'shouldnotchange' }
+		const hookObject = makeHookObject({
+			className: 'User',
+			operationType: 'afterRead',
+			newData,
+			fields,
+		})
+		await hashFieldHook(hookObject)
+		expect(hookObject.getNewData().password).toBe('shouldnotchange')
+	})
+})

package/src/hooks/hashFieldHook.ts

@@ -0,0 +1,97 @@
+import type { HookObject } from './HookObject'
+import type { WabeTypes } from '../server'
+import {
+	getNestedProperty,
+	getNewObjectAfterUpdateNestedProperty,
+} from '../utils'
+import { OperationType } from '.'
+import { hashArgon2, isArgon2Hash } from 'src/utils/crypto'
+
+const hashField = ({
+	value,
+}: {
+	value: ReturnType<typeof HookObject.prototype.getNewData>
+}) => {
+	if (!value || typeof value !== 'string' || isArgon2Hash(value)) return value
+
+	return hashArgon2(value)
+}
+
+export async function hashFieldHook<
+	T extends WabeTypes,
+	K extends keyof WabeTypes['types'],
+>(hookObject: HookObject<T, K>) {
+	if (
+		hookObject.operationType !== OperationType.BeforeCreate &&
+		hookObject.operationType !== OperationType.BeforeUpdate
+	)
+		return
+
+	const fields = hookObject.context.wabe.config.schema?.classes?.find(
+		(cls: any) => cls.name === hookObject.className,
+	)?.fields
+
+	if (!fields) return
+
+	const computeHashForFields = ({
+		fieldsToCompute,
+		path = '',
+	}: {
+		fieldsToCompute: typeof fields
+		path?: string
+	}) =>
+		Promise.all(
+			Object.entries(fieldsToCompute).map(async ([fieldName, fieldDef]) => {
+				if (fieldDef.type === 'Object') {
+					await computeHashForFields({
+						// @ts-expect-error
+						fieldsToCompute: fieldDef.object.fields,
+						path: `${path || ''}${path ? '.' : ''}${fieldName}`,
+					})
+
+					return
+				}
+
+				if (fieldDef.type !== 'Hash') return
+
+				// If we don't have nested object
+				if (!path) {
+					const hashed = await hashField({
+						// @ts-expect-error
+						value: hookObject.getNewData()[fieldName],
+					})
+
+					// @ts-expect-error
+					hookObject.upsertNewData(fieldName, hashed)
+
+					return
+				}
+
+				const objectNameToUpdate = path.split('.')[0] || ''
+				// @ts-expect-error
+				const objectToUpdate = hookObject.getNewData()[objectNameToUpdate]
+				const valueToUpdate = getNestedProperty(hookObject.getNewData(), path)
+
+				if (!valueToUpdate?.[fieldName]) return
+
+				const hashed = await hashField({
+					value: valueToUpdate[fieldName],
+				})
+
+				const newObject = getNewObjectAfterUpdateNestedProperty(
+					{ [objectNameToUpdate]: objectToUpdate },
+					`${path}.${fieldName}`,
+					hashed,
+				)
+
+				if (hashed)
+					hookObject.upsertNewData(
+						// @ts-expect-error
+						objectNameToUpdate,
+						newObject[objectNameToUpdate],
+					)
+			}),
+		)
+
+	await computeHashForFields({ fieldsToCompute: fields })
+}

package/src/hooks/index.test.ts

@@ -0,0 +1,207 @@
+import { afterEach, describe, expect, it, spyOn, mock } from 'bun:test'
+import * as index from './index'
+import { OperationType } from './index'
+
+describe('Hooks', () => {
+	const mockGetObject = mock(() => {})
+	const mockGetObjects = mock(() => {})
+	const mockCallback1 = mock(() => {})
+	const mockCallback2 = mock(() => {})
+	const mockCallback3 = mock(() => {})
+	const mockCallback4 = mock(() => {})
+	const mockCallback5 = mock(() => {})
+
+	const controllers = {
+		database: {
+			getObject: mockGetObject,
+			getObjects: mockGetObjects,
+		},
+	} as any
+
+	const config = {
+		hooks: [
+			{
+				callback: mockCallback1,
+				operationType: OperationType.BeforeRead,
+				priority: 1,
+			},
+			{
+				callback: mockCallback2,
+				operationType: OperationType.BeforeRead,
+				priority: 2,
+			},
+			{
+				callback: mockCallback3,
+				operationType: OperationType.BeforeCreate,
+				priority: 1,
+			},
+			{
+				callback: mockCallback4,
+				operationType: OperationType.BeforeRead,
+				priority: 1,
+				className: 'ClassTest',
+			},
+			{
+				callback: mockCallback5,
+				operationType: OperationType.BeforeRead,
+				priority: 1,
+				className: 'AnotherClass',
+			},
+		],
+	} as any
+
+	afterEach(() => {
+		mockGetObjects.mockClear()
+		mockGetObject.mockClear()
+		mockCallback1.mockClear()
+		mockCallback2.mockClear()
+		mockCallback3.mockClear()
+		mockCallback4.mockClear()
+		mockCallback5.mockClear()
+	})
+
+	it('should only run hook on specified className', async () => {
+		const hooks = index.initializeHook({
+			className: 'ClassTest',
+			context: {
+				isRoot: true,
+				wabe: { controllers, config } as any,
+			},
+			newData: { name: 'test' },
+			select: {},
+		})
+
+		await hooks.runOnSingleObject({
+			operationType: OperationType.BeforeRead,
+			id: 'id',
+		})
+
+		expect(mockCallback4).toHaveBeenCalledTimes(1)
+		expect(mockCallback5).toHaveBeenCalledTimes(0)
+	})
+
+	it('should run hook on BeforeRead with one object impacted', async () => {
+		mockGetObject.mockResolvedValueOnce({ id: 'id', name: 'name' } as never)
+
+		const hooks = index.initializeHook({
+			className: 'ClassName',
+			context: {
+				isRoot: true,
+				wabe: { controllers, config } as any,
+			},
+			newData: { name: 'test' },
+			select: {},
+		})
+
+		await hooks.runOnSingleObject({
+			operationType: OperationType.BeforeRead,
+			id: 'id',
+		})
+
+		expect(mockGetObject).toHaveBeenCalledTimes(1)
+		expect(mockGetObject).toHaveBeenCalledWith({
+			className: 'ClassName',
+			context: {
+				isRoot: true,
+				wabe: { controllers, config },
+				isGraphQLCall: false,
+			},
+			id: 'id',
+			_skipHooks: true,
+		})
+
+		expect(mockCallback1).toHaveBeenCalledTimes(1)
+
+		// @ts-expect-error
+		const hookObject = mockCallback1.mock.calls[0][0] as any
+
+		expect(hookObject.object).toEqual({
+			id: 'id',
+			name: 'name',
+		})
+
+		expect(hookObject.context).toEqual({
+			isRoot: true,
+			wabe: {
+				controllers: expect.any(Object),
+				config,
+			},
+			isGraphQLCall: false,
+		})
+	})
+
+	it('should run hook on BeforeCreate', async () => {
+		const hooks = index.initializeHook({
+			className: 'ClassName',
+			context: {
+				isRoot: true,
+				wabe: { controllers, config } as any,
+			},
+			newData: { name: 'test' },
+			select: {},
+		})
+
+		await hooks.runOnSingleObject({
+			operationType: OperationType.BeforeCreate,
+		})
+
+		expect(mockGetObjects).toHaveBeenCalledTimes(0)
+
+		// @ts-expect-error
+		const hookObject = mockCallback3.mock.calls[0][0] as any
+
+		// Before create the object is empty
+		expect(hookObject.object).toEqual({})
+
+		expect(hookObject.context).toEqual({
+			isRoot: true,
+			wabe: { controllers: expect.any(Object), config },
+			isGraphQLCall: false,
+		})
+	})
+
+	it('should run callback in priorities order', async () => {
+		const spy_findHooksByPriority = spyOn(index, '_findHooksByPriority')
+
+		mockGetObjects.mockResolvedValueOnce([{ id: 'id', name: 'name' }] as never)
+
+		const hooks = index.initializeHook({
+			className: 'ClassName',
+			context: {
+				isRoot: true,
+				wabe: { controllers, config } as any,
+			},
+			newData: { name: 'test' },
+			select: {},
+		})
+
+		await hooks.runOnSingleObject({
+			operationType: OperationType.BeforeRead,
+			id: 'id',
+		})
+
+		expect(spy_findHooksByPriority.mock.calls[0]?.[0].priority).toEqual(1)
+		expect(spy_findHooksByPriority.mock.calls[1]?.[0].priority).toEqual(2)
+	})
+
+	it('should call hook that is trigger by operation type', async () => {
+		mockGetObjects.mockResolvedValueOnce([{ id: 'id', name: 'name' }] as never)
+
+		const hooks = index.initializeHook({
+			className: 'ClassName',
+			context: {
+				isRoot: true,
+				wabe: { controllers, config } as any,
+			},
+			newData: { name: 'test' },
+			select: {},
+		})
+
+		await hooks.runOnSingleObject({
+			operationType: OperationType.BeforeRead,
+			id: 'id',
+		})
+
+		expect(mockCallback3).toHaveBeenCalledTimes(0)
+	})
+})