feature: signup and login work

2025-06-25 20:51:29 -07:00 · 2025-06-25 20:51:29 -07:00 · 3d42591ee5
commit 3d42591ee5
parent a4a750b35c
18 changed files with 956 additions and 65 deletions
--- a/tests/api/users/create_user.test.ts
+++ b/tests/api/users/create_user.test.ts
@ -0,0 +1,77 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from 'jsr:@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Create',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append('cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; '));
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});
--- a/tests/api/users/delete_user.test.ts
+++ b/tests/api/users/delete_user.test.ts
@ -0,0 +1,84 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from '@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Delete',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append('cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; '));
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+
+			const deleted_user_response: Record<string, any> = await client.fetch(`/users/${user?.id}`, {
+				method: 'DELETE',
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assert(deleted_user_response?.deleted);
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});
--- a/tests/api/users/login.test.ts
+++ b/tests/api/users/login.test.ts
@ -0,0 +1,157 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from '@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Login (password)',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			let cookies: Cookie[] = [];
+			const auth_response: any = await client.fetch('/auth', {
+				method: 'POST',
+				json: {
+					username,
+					password: 'password'
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			const user: USER | undefined = auth_response.user;
+			const session: Record<string, any> | undefined = auth_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret ?? ''),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append(
+				'cookie',
+				cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ')
+			);
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});
+
+Deno.test({
+	name: 'API - USERS - Login (password_hash)',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'hashed password!!!';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append(
+				'cookie',
+				cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ')
+			);
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});
--- a/tests/api/users/update_user.test.ts
+++ b/tests/api/users/update_user.test.ts
@ -0,0 +1,82 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from '@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Update',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_put = new Headers();
+			for (const cookie of cookies) {
+				headers_for_put.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_put.append('cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; '));
+
+			const updated_user: USER = await client.fetch(`/users/${user?.id}`, {
+				method: 'PUT',
+				json: {
+					username: random_username()
+				},
+				headers: headers_for_put
+			}) as USER;
+
+			asserts.assertNotEquals(user?.username ?? '', updated_user?.username ?? '');
+			asserts.assertNotEquals(user?.timestamps.updated ?? '', updated_user?.timestamps.updated ?? '');
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});
--- a/tests/helpers.ts
+++ b/tests/helpers.ts
@ -0,0 +1,96 @@
+import { SERVER, SERVER_OPTIONS } from 'jsr:@andyburke/serverus/server';
+import { convert_to_words } from 'jsr:@andyburke/lurid/word_bytes';
+
+const TLDs: string[] = [
+	'com',
+	'org',
+	'net',
+	'edu',
+	'gov',
+	'nexus',
+	'shop',
+	'unreasonablylongtldname'
+];
+
+const random_byte_buffer: Uint8Array = new Uint8Array(3);
+export function random_email_address(): string {
+	crypto.getRandomValues(random_byte_buffer);
+	const name = convert_to_words(random_byte_buffer).join('-');
+
+	crypto.getRandomValues(random_byte_buffer);
+	const domain = convert_to_words(random_byte_buffer).join('-');
+
+	const tld = TLDs[Math.floor(Math.random() * TLDs.length)];
+	return `${name}@${domain}.${tld}`;
+}
+
+export function random_username(): string {
+	crypto.getRandomValues(random_byte_buffer);
+	return convert_to_words(random_byte_buffer).join('-');
+}
+
+const BASE_PORT: number = 50_000;
+const MAX_PORT_OFFSET: number = 10_000;
+let current_port_offset = 0;
+function get_next_free_port(): number {
+	let free_port: number | undefined = undefined;
+	let attempts = 0;
+	do {
+		const port_to_try: number = BASE_PORT + (current_port_offset++ % MAX_PORT_OFFSET);
+
+		try {
+			Deno.listen({ port: port_to_try }).close();
+			free_port = port_to_try;
+		} catch (error) {
+			if (!(error instanceof Deno.errors.AddrInUse)) {
+				throw error;
+			}
+		}
+
+		++attempts;
+
+		if (attempts % MAX_PORT_OFFSET === 0) {
+			console.warn(`Tried all ports at least once while trying to locate a free one, something wrong?`);
+		}
+	} while (!free_port);
+
+	return free_port;
+}
+
+/**
+ * Interface defining the configuration for an ephemeral server
+ * @property {string} hostname - hostname bound to, default: 'localhost'
+ * @property {number} port - port bound to, default: next free port
+ * @property {SERVER} server - server instance
+ */
+export interface EPHEMERAL_SERVER {
+	hostname: string;
+	port: number;
+	server: SERVER;
+}
+
+/**
+ * Gets an ephemeral Serverus SERVER on an unused port.
+ *
+ * @param options Optional SERVER_OPTIONS
+ * @returns A LISTEN_SERVER_SETUP object with information and a reference to the server
+ */
+export async function get_ephemeral_listen_server(options?: SERVER_OPTIONS): Promise<EPHEMERAL_SERVER> {
+	const server_options = {
+		...{
+			hostname: 'localhost',
+			port: get_next_free_port()
+		},
+		...(options ?? {})
+	};
+
+	const server = new SERVER(server_options);
+
+	const ephemeral_server: EPHEMERAL_SERVER = {
+		hostname: server_options.hostname,
+		port: server_options.port,
+		server: await server.start()
+	};
+
+	return ephemeral_server;
+}