andyburke/autonomous.contact
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feature: rooms and events implemented on the backend

Browse source
This commit is contained in:
Andy Burke 2025-06-27 17:54:04 -07:00
parent df00324e24
commit 85024c6e62
29 changed files with 1659 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

121
tests/api/rooms/events/create_events.test.ts Normal file
View file

@ -0,0 +1,121 @@
import * as asserts from 'jsr:@std/assert';
import { EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from '../../../helpers.ts';
import { api, API_CLIENT } from '../../../../utils/api.ts';
import { generateTotp } from '@stdext/crypto/totp';
Deno.test({
name: 'API - ROOMS - EVENTS - Create',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const owner_info = await get_new_user(client);
await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'rooms.create']);
const room = await client.fetch('/rooms', {
method: 'POST',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
name: 'test events room',
permissions: {
write_events: [owner_info.user.id]
}
}
});
asserts.assert(room);
const event_from_owner = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
type: 'test',
data: {
foo: 'bar'
}
}
});
asserts.assert(event_from_owner);
const other_user_info = await get_new_user(client);
try {
const _permission_denied_room = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'test',
data: {
other_user: true
}
}
});
asserts.fail('allowed adding an event to a room without permission');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'permission_denied');
}
// make the room public write
const updated_by_owner_room = await client.fetch(`/rooms/${room.id}`, {
method: 'PUT',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
permissions: {
...room.permissions,
write_events: []
}
}
});
asserts.assert(updated_by_owner_room);
asserts.assertEquals(updated_by_owner_room.permissions.write_events, []);
const event_from_other_user = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'test',
data: {
other_user: true
}
}
});
asserts.assert(event_from_other_user);
} finally {
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});

243
tests/api/rooms/events/update_events.test.ts Normal file
View file

@ -0,0 +1,243 @@
import * as asserts from 'jsr:@std/assert';
import { EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from '../../../helpers.ts';
import { api, API_CLIENT } from '../../../../utils/api.ts';
import { generateTotp } from '@stdext/crypto/totp';
Deno.test({
name: 'API - ROOMS - EVENTS - Update',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const owner_info = await get_new_user(client);
await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'rooms.create']);
const room = await client.fetch('/rooms', {
method: 'POST',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
name: 'test update events room'
}
});
asserts.assert(room);
const event_from_owner = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
type: 'test',
data: {
foo: 'bar'
}
}
});
asserts.assert(event_from_owner);
const fetched_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'GET',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
}
});
asserts.assertEquals(fetched_event_from_owner, event_from_owner);
const updated_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'PUT',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
type: 'other',
data: {
foo: 'baz'
}
}
});
asserts.assertNotEquals(updated_event_from_owner, event_from_owner);
asserts.assertEquals(updated_event_from_owner.type, 'other');
asserts.assertEquals(updated_event_from_owner.data.foo, 'baz');
const fetched_updated_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'GET',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
}
});
asserts.assertEquals(fetched_updated_event_from_owner, updated_event_from_owner);
asserts.assertNotEquals(fetched_updated_event_from_owner, fetched_event_from_owner);
asserts.assertEquals(fetched_updated_event_from_owner, updated_event_from_owner);
const other_user_info = await get_new_user(client);
const event_from_other_user = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'test',
data: {
other_user: true
}
}
});
asserts.assert(event_from_other_user);
const fetched_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'GET',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
}
});
asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);
const updated_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'PUT',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'other',
data: {
other_user: 'bloop'
}
}
});
asserts.assertNotEquals(updated_event_from_other_user, event_from_other_user);
asserts.assertEquals(updated_event_from_other_user.type, 'other');
asserts.assertEquals(updated_event_from_other_user.data.other_user, 'bloop');
const fetched_updated_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'GET',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
}
});
asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);
asserts.assertNotEquals(fetched_updated_event_from_other_user, fetched_event_from_other_user);
asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);
const updated_by_owner_room = await client.fetch(`/rooms/${room.id}`, {
method: 'PUT',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
permissions: {
...room.permissions,
write_events: [owner_info.user.id]
}
}
});
asserts.assertEquals(updated_by_owner_room.permissions.write_events, [owner_info.user.id]);
try {
await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'PUT',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'new'
}
});
asserts.fail('allowed updating an event in a room with a write_events allowed only by owner');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'permission_denied');
}
try {
await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'DELETE',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
}
});
asserts.fail('allowed deleting an event in a room with a write_events allowed only by owner');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'permission_denied');
}
const publicly_writable_room = await client.fetch(`/rooms/${room.id}`, {
method: 'PUT',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
permissions: {
...room.permissions,
write_events: []
}
}
});
asserts.assertEquals(publicly_writable_room.permissions.write_events, []);
const delete_other_user_event_response = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'DELETE',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
}
});
asserts.assertEquals(delete_other_user_event_response.deleted, true);
const delete_owner_event_response = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'DELETE',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
}
});
asserts.assertEquals(delete_owner_event_response.deleted, true);
} finally {
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});

167
tests/api/rooms/events/update_events_when_append_only.test.ts Normal file
View file

@ -0,0 +1,167 @@
import * as asserts from 'jsr:@std/assert';
import { EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from '../../../helpers.ts';
import { api, API_CLIENT } from '../../../../utils/api.ts';
import { generateTotp } from '@stdext/crypto/totp';
Deno.test({
name: 'API - ROOMS - EVENTS - Update (APPEND_ONLY_EVENTS)',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
Deno.env.set('APPEND_ONLY_EVENTS', 'true');
asserts.assert(Deno.env.get('APPEND_ONLY_EVENTS'));
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const owner_info = await get_new_user(client);
await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'rooms.create']);
const room = await client.fetch('/rooms', {
method: 'POST',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
name: 'test update events room in append only mode'
}
});
asserts.assert(room);
const event_from_owner = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
type: 'test',
data: {
foo: 'bar'
}
}
});
asserts.assert(event_from_owner);
const fetched_event_from_owner = await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'GET',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
}
});
asserts.assertEquals(fetched_event_from_owner, event_from_owner);
try {
await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'PUT',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
},
json: {
type: 'new'
}
});
asserts.fail('allowed updating an event in a room with APPEND_ONLY_EVENTS on');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'append_only_events');
}
try {
await client.fetch(`/rooms/${room.id}/events/${event_from_owner.id}`, {
method: 'DELETE',
headers: {
'x-session_id': owner_info.session.id,
'x-totp': await generateTotp(owner_info.session.secret)
}
});
asserts.fail('allowed deleting an event in a room with APPEND_ONLY_EVENTS on');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'append_only_events');
}
const other_user_info = await get_new_user(client);
const event_from_other_user = await client.fetch(`/rooms/${room.id}/events`, {
method: 'POST',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'test',
data: {
other_user: true
}
}
});
asserts.assert(event_from_other_user);
const fetched_event_from_other_user = await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'GET',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
}
});
asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);
try {
await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'PUT',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
},
json: {
type: 'new'
}
});
asserts.fail('allowed updating an event in a room with APPEND_ONLY_EVENTS on');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'append_only_events');
}
try {
await client.fetch(`/rooms/${room.id}/events/${event_from_other_user.id}`, {
method: 'DELETE',
headers: {
'x-session_id': other_user_info.session.id,
'x-totp': await generateTotp(other_user_info.session.secret)
}
});
asserts.fail('allowed deleting an event in a room with APPEND_ONLY_EVENTS on');
} catch (error) {
asserts.assertEquals((error as Error).cause, 'append_only_events');
}
} finally {
Deno.env.delete('APPEND_ONLY_EVENTS');
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});