public commit

2026-03-17 12:56:05 +00:00 · 2024-11-16 12:01:47 +01:00
commit 90f80c4280
582 changed files with 49291 additions and 0 deletions
--- a/app/test/auth/Authenticator.spec.ts
+++ b/app/test/auth/Authenticator.spec.ts
@@ -0,0 +1,41 @@
+/*import { describe, expect, test } from "bun:test";
+import { decodeJwt, jwtVerify } from "jose";
+import { Authenticator, type User, type UserPool } from "../authenticate/Authenticator";
+import { PasswordStrategy } from "../authenticate/strategies/PasswordStrategy";
+import * as hash from "../utils/hash";*/
+
+/*class MemoryUserPool implements UserPool {
+   constructor(private users: User[] = []) {}
+
+   async findBy(prop: "id" | "email" | "username", value: string | number) {
+      return this.users.find((user) => user[prop] === value);
+   }
+
+   async create(user: Pick<User, "email" | "password">) {
+      const id = this.users.length + 1;
+      const newUser = { ...user, id, username: user.email };
+      this.users.push(newUser);
+      return newUser;
+   }
+}
+
+describe("Authenticator", async () => {
+   const userpool = new MemoryUserPool([
+      { id: 1, email: "d", username: "test", password: await hash.sha256("test") },
+   ]);
+
+   test("sha256 login", async () => {
+      const auth = new Authenticator(userpool, {
+         password: new PasswordStrategy({
+            hashing: "sha256",
+         }),
+      });
+
+      const { token } = await auth.login("password", { email: "d", password: "test" });
+      expect(token).toBeDefined();
+
+      const { iat, ...decoded } = decodeJwt<any>(token);
+      expect(decoded).toEqual({ id: 1, email: "d", username: "test" });
+      expect(await auth.verify(token)).toBe(true);
+   });
+});*/
--- a/app/test/auth/authorize/authorize.spec.ts
+++ b/app/test/auth/authorize/authorize.spec.ts
@@ -0,0 +1,89 @@
+import { describe, expect, test } from "bun:test";
+import { Guard } from "../../../src/auth";
+
+describe("authorize", () => {
+   test("basic", async () => {
+      const guard = Guard.create(
+         ["read", "write"],
+         {
+            admin: {
+               permissions: ["read", "write"]
+            }
+         },
+         { enabled: true }
+      );
+      const user = {
+         role: "admin"
+      };
+
+      guard.setUserContext(user);
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+
+      expect(() => guard.granted("something")).toThrow();
+   });
+
+   test("with default", async () => {
+      const guard = Guard.create(
+         ["read", "write"],
+         {
+            admin: {
+               permissions: ["read", "write"]
+            },
+            guest: {
+               permissions: ["read"],
+               is_default: true
+            }
+         },
+         { enabled: true }
+      );
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(false);
+
+      const user = {
+         role: "admin"
+      };
+
+      guard.setUserContext(user);
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+
+   test("guard implicit allow", async () => {
+      const guard = Guard.create([], {}, { enabled: false });
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+
+   test("role implicit allow", async () => {
+      const guard = Guard.create(["read", "write"], {
+         admin: {
+            implicit_allow: true
+         }
+      });
+
+      guard.setUserContext({
+         role: "admin"
+      });
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+
+   test("guard with guest role implicit allow", async () => {
+      const guard = Guard.create(["read", "write"], {
+         guest: {
+            implicit_allow: true,
+            is_default: true
+         }
+      });
+
+      expect(guard.getUserRole()?.name).toBe("guest");
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+});
--- a/app/test/auth/strategies/OAuthStrategy.spec.ts
+++ b/app/test/auth/strategies/OAuthStrategy.spec.ts
@@ -0,0 +1,46 @@
+import { describe, test } from "bun:test";
+import { OAuthStrategy } from "../../../src/auth/authenticate/strategies";
+
+const ALL_TESTS = !!process.env.ALL_TESTS;
+
+describe("OAuthStrategy", async () => {
+   const strategy = new OAuthStrategy({
+      type: "oidc",
+      client: {
+         client_id: process.env.OAUTH_CLIENT_ID,
+         client_secret: process.env.OAUTH_CLIENT_SECRET
+      },
+      name: "google"
+   });
+   const state = "---";
+   const redirect_uri = "http://localhost:3000/auth/google/callback";
+
+   test.skipIf(ALL_TESTS)("...", async () => {
+      const config = await strategy.getConfig();
+      console.log("config", JSON.stringify(config, null, 2));
+
+      const request = await strategy.request({
+         redirect_uri,
+         state
+      });
+
+      const server = Bun.serve({
+         fetch: async (req) => {
+            const url = new URL(req.url);
+            if (url.pathname === "/auth/google/callback") {
+               console.log("req", req);
+               const user = await strategy.callback(url, {
+                  redirect_uri,
+                  state
+               });
+
+               console.log("---user", user);
+            }
+            return new Response("Bun!");
+         }
+      });
+      console.log("request", request);
+
+      await new Promise((resolve) => setTimeout(resolve, 100000));
+   });
+});