feature: signup and login work

tests/api/users/create_user.test.ts

@@ -0,0 +1,77 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from 'jsr:@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Create',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append('cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; '));
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});

tests/api/users/delete_user.test.ts

@@ -0,0 +1,84 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from '@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Delete',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append('cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; '));
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+
+			const deleted_user_response: Record<string, any> = await client.fetch(`/users/${user?.id}`, {
+				method: 'DELETE',
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assert(deleted_user_response?.deleted);
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});

tests/api/users/login.test.ts

@@ -0,0 +1,157 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from '@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Login (password)',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			let cookies: Cookie[] = [];
+			const auth_response: any = await client.fetch('/auth', {
+				method: 'POST',
+				json: {
+					username,
+					password: 'password'
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			const user: USER | undefined = auth_response.user;
+			const session: Record<string, any> | undefined = auth_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret ?? ''),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append(
+				'cookie',
+				cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ')
+			);
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});
+
+Deno.test({
+	name: 'API - USERS - Login (password_hash)',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'hashed password!!!';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_get = new Headers();
+			for (const cookie of cookies) {
+				headers_for_get.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_get.append(
+				'cookie',
+				cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ')
+			);
+
+			const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, {
+				headers: headers_for_get
+			}) as USER;
+
+			asserts.assertObjectMatch(retrieved_user, user ?? {});
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});

tests/api/users/update_user.test.ts

@@ -0,0 +1,82 @@
+import { api, API_CLIENT } from '../../../utils/api.ts';
+import * as asserts from '@std/assert';
+import { USER } from '../../../models/user.ts';
+import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts';
+import { Cookie, getSetCookies } from '@std/http/cookie';
+import { encodeBase64 } from '@std/encoding';
+import { generateTotp } from '@stdext/crypto/totp';
+
+Deno.test({
+	name: 'API - USERS - Update',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		try {
+			test_server_info = await get_ephemeral_listen_server();
+			const client: API_CLIENT = api({
+				prefix: '/api',
+				hostname: test_server_info.hostname,
+				port: test_server_info.port
+			});
+
+			const username = random_username();
+			const password = 'password';
+			const password_hash = encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
+			);
+
+			let cookies: Cookie[] = [];
+
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
+				method: 'POST',
+				json: {
+					username,
+					password_hash
+				},
+				done: (response) => {
+					cookies = getSetCookies(response.headers);
+				}
+			});
+
+			asserts.assert(user_creation_response?.user);
+			asserts.assert(user_creation_response?.session);
+
+			const user: USER | undefined = user_creation_response.user;
+			const session: Record<string, any> | undefined = user_creation_response.session;
+
+			cookies.push({
+				name: 'totp',
+				value: await generateTotp(session?.secret),
+				maxAge: 30,
+				expires: Date.now() + 30_000,
+				path: '/'
+			});
+
+			const headers_for_put = new Headers();
+			for (const cookie of cookies) {
+				headers_for_put.append(`x-${cookie.name}`, cookie.value);
+			}
+			headers_for_put.append('cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; '));
+
+			const updated_user: USER = await client.fetch(`/users/${user?.id}`, {
+				method: 'PUT',
+				json: {
+					username: random_username()
+				},
+				headers: headers_for_put
+			}) as USER;
+
+			asserts.assertNotEquals(user?.username ?? '', updated_user?.username ?? '');
+			asserts.assertNotEquals(user?.timestamps.updated ?? '', updated_user?.timestamps.updated ?? '');
+		} finally {
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});