Hi
' + ) + + expect(fetch).toHaveBeenCalledWith('https://api.resend.com/emails', { + method: 'POST', + headers: { + Authorization: `Bearer ${apiKey}`, + 'Content-Type': 'application/json', + }, + body: JSON.stringify({ + from: 'from@example.com', + to: ['to@example.com'], + subject: 'Hello', + html: 'Hi
', + }), + }) + expect(result).toEqual(mockResponse) + }) + + it('should throw an error if email sending fails', async () => { + const errorMessage = 'Invalid API Key' + vi.mocked(fetch).mockResolvedValueOnce({ + ok: false, + json: async () => ({ message: errorMessage }), + } as Response) + + await expect( + plugin.sendEmail('from@example.com', ['to@example.com'], 'Hello', 'Hi') + ).rejects.toThrow(errorMessage) + }) + + it('should throw a default error message if response is not ok and no message provided', async () => { + vi.mocked(fetch).mockResolvedValueOnce({ + ok: false, + json: async () => ({}), + } as Response) + + await expect( + plugin.sendEmail('from@example.com', ['to@example.com'], 'Hello', 'Hi') + ).rejects.toThrow('Failed to send email') + }) +}) diff --git a/plugins/sql-macros/index.test.ts b/plugins/sql-macros/index.test.ts new file mode 100644 index 0000000..07556ab --- /dev/null +++ b/plugins/sql-macros/index.test.ts @@ -0,0 +1,89 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import { SqlMacrosPlugin } from './index' + +// Mock node-sql-parser +vi.mock('node-sql-parser', () => { + return { + Parser: vi.fn().mockImplementation(() => ({ + astify: vi.fn().mockImplementation((sql: string) => { + if (sql.includes('SELECT *')) { + return [{ type: 'select', columns: [{ expr: { type: 'star' } }] }] + } + if (sql.includes('__exclude')) { + return [{ + type: 'select', + columns: [{ expr: { type: 'function', name: '__exclude', args: { value: [{ column: 'secret' }] } } }], + from: [{ table: 'users' }] + }] + } + return [{ type: 'select', columns: [{ expr: { type: 'column_ref', column: 'id' } }] }] + }), + sqlify: vi.fn().mockImplementation((ast: any) => 'SELECT id FROM users'), + })), + } +}) + +describe('SqlMacrosPlugin', () => { + let mockDataSource: any + let plugin: SqlMacrosPlugin + + beforeEach(() => { + vi.clearAllMocks() + mockDataSource = { + source: 'internal', + rpc: { + executeQuery: vi.fn(), + }, + } + plugin = new SqlMacrosPlugin({ preventSelectStar: true }) + }) + + it('should throw error if SELECT * is not allowed and user is not admin', async () => { + // @ts-ignore - setting private config for test + plugin.config = { role: 'client' } + + await expect( + plugin.beforeQuery({ + sql: 'SELECT * FROM users', + dataSource: mockDataSource, + }) + ).rejects.toThrow('SELECT * is not allowed') + }) + + it('should allow SELECT * if user is admin', async () => { + // @ts-ignore + plugin.config = { role: 'admin' } + + const result = await plugin.beforeQuery({ + sql: 'SELECT * FROM users', + dataSource: mockDataSource, + }) + expect(result.sql).toBe('SELECT * FROM users') + }) + + it('should expand $_exclude columns for internal data source', async () => { + mockDataSource.rpc.executeQuery.mockResolvedValueOnce([ + { column_name: 'id' }, + { column_name: 'secret' }, + ]) + + const result = await plugin.beforeQuery({ + sql: 'SELECT $_exclude(secret) FROM users', + dataSource: mockDataSource, + }) + + expect(mockDataSource.rpc.executeQuery).toHaveBeenCalledWith( + expect.objectContaining({ sql: expect.stringContaining('pragma_table_info') }) + ) + expect(result.sql).toBe('SELECT id FROM users') + }) + + it('should not expand $_exclude for non-internal data source', async () => { + mockDataSource.source = 'external' + const result = await plugin.beforeQuery({ + sql: 'SELECT $_exclude(secret) FROM users', + dataSource: mockDataSource, + }) + expect(result.sql).toBe('SELECT $_exclude(secret) FROM users') + }) +}) diff --git a/src/allowlist/index.test.ts b/src/allowlist/index.test.ts new file mode 100644 index 0000000..978d720 --- /dev/null +++ b/src/allowlist/index.test.ts @@ -0,0 +1,104 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import { isQueryAllowed } from './index' + +// Mock node-sql-parser since it might not be available in the test environment easily +vi.mock('node-sql-parser', () => { + return { + Parser: vi.fn().mockImplementation(() => ({ + astify: vi.fn().mockImplementation((sql: string) => ({ type: 'select', sql })), + })), + } +}) + +describe('Allowlist', () => { + let mockDataSource: any + let mockConfig: any + + beforeEach(() => { + vi.clearAllMocks() + mockDataSource = { + source: 'internal', + rpc: { + executeQuery: vi.fn(), + }, + } + mockConfig = { + role: 'client', + } + }) + + it('should return true if allowlist is disabled', async () => { + const result = await isQueryAllowed({ + sql: 'SELECT * FROM users', + isEnabled: false, + dataSource: mockDataSource, + config: mockConfig, + }) + expect(result).toBe(true) + }) + + it('should return true if user is admin', async () => { + mockConfig.role = 'admin' + const result = await isQueryAllowed({ + sql: 'SELECT * FROM users', + isEnabled: true, + dataSource: mockDataSource, + config: mockConfig, + }) + expect(result).toBe(true) + }) + + it('should allow queries in the allowlist', async () => { + mockDataSource.rpc.executeQuery.mockResolvedValueOnce([ + { sql_statement: 'SELECT * FROM users', source: 'internal' }, + ]) + + const result = await isQueryAllowed({ + sql: 'SELECT * FROM users', + isEnabled: true, + dataSource: mockDataSource, + config: mockConfig, + }) + + expect(result).toBe(true) + expect(mockDataSource.rpc.executeQuery).toHaveBeenCalledWith( + expect.objectContaining({ sql: expect.stringContaining('tmp_allowlist_queries') }) + ) + }) + + it('should reject queries not in the allowlist and record them', async () => { + mockDataSource.rpc.executeQuery + .mockResolvedValueOnce([]) // loadAllowlist returns empty + .mockResolvedValueOnce([]) // addRejectedQuery returns empty + + await expect( + isQueryAllowed({ + sql: 'DROP TABLE users', + isEnabled: true, + dataSource: mockDataSource, + config: mockConfig, + }) + ).rejects.toThrow('Query not allowed') + + expect(mockDataSource.rpc.executeQuery).toHaveBeenCalledTimes(2) + expect(mockDataSource.rpc.executeQuery).toHaveBeenLastCalledWith( + expect.objectContaining({ + sql: expect.stringContaining('tmp_allowlist_rejections'), + params: ['DROP TABLE users', 'internal'], + }) + ) + }) + + it('should throw error if no SQL is provided', async () => { + mockDataSource.rpc.executeQuery.mockResolvedValueOnce([]) + + await expect( + isQueryAllowed({ + sql: '', + isEnabled: true, + dataSource: mockDataSource, + config: mockConfig, + }) + ).rejects.toThrow('No SQL provided for allowlist check') + }) +}) diff --git a/src/index.test.ts b/src/index.test.ts new file mode 100644 index 0000000..f1e49e9 --- /dev/null +++ b/src/index.test.ts @@ -0,0 +1,87 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import worker from './index' +import { RegionLocationHint } from './types' + +describe('Worker Index', () => { + let mockEnv: any + let mockCtx: any + let mockStub: any + + beforeEach(() => { + vi.clearAllMocks() + mockStub = { + init: vi.fn().mockResolvedValue({}), + } + mockEnv = { + REGION: RegionLocationHint.AUTO, + DATABASE_DURABLE_OBJECT: { + idFromName: vi.fn().mockReturnValue('mock-id'), + get: vi.fn().mockReturnValue(mockStub), + }, + ADMIN_AUTHORIZATION_TOKEN: 'admin-token', + CLIENT_AUTHORIZATION_TOKEN: 'client-token', + } + mockCtx = { + waitUntil: vi.fn(), + } + }) + + it('should handle OPTIONS request (CORS)', async () => { + const request = new Request('http://localhost', { method: 'OPTIONS' }) + const response = await worker.fetch(request, mockEnv, mockCtx) + expect(response.status).toBe(204) + expect(response.headers.get('Access-Control-Allow-Origin')).toBe('*') + }) + + it('should return 401 if no authentication token is provided', async () => { + const request = new Request('http://localhost') + const response = await worker.fetch(request, mockEnv, mockCtx) + expect(response.status).toBe(401) + const body = await response.json() + expect(body.message).toBe('Unauthorized request') + }) + + it('should return 400 if authentication fails', async () => { + const request = new Request('http://localhost', { + headers: { Authorization: 'Bearer invalid-token' }, + }) + const response = await worker.fetch(request, mockEnv, mockCtx) + expect(response.status).toBe(400) + const body = await response.json() + expect(body.message).toBe('Unauthorized request') + }) + + it('should identify role as admin for admin token', async () => { + // We can't directly check the internal 'config.role' but we can check if it proceeds to handler + // which would fail because we didn't mock the full StarbaseDB handle method yet. + // But we can check if it attempts to call stub.init() + const request = new Request('http://localhost', { + headers: { Authorization: 'Bearer admin-token' }, + }) + await worker.fetch(request, mockEnv, mockCtx) + expect(mockEnv.DATABASE_DURABLE_OBJECT.idFromName).toHaveBeenCalledWith('sql-durable-object') + }) + + it('should handle external database configuration (PostgreSQL)', async () => { + mockEnv.EXTERNAL_DB_TYPE = 'postgresql' + mockEnv.EXTERNAL_DB_HOST = 'localhost' + mockEnv.EXTERNAL_DB_PORT = 5432 + mockEnv.EXTERNAL_DB_USER = 'user' + mockEnv.EXTERNAL_DB_PASS = 'pass' + mockEnv.EXTERNAL_DB_DATABASE = 'db' + + const request = new Request('http://localhost', { + headers: { Authorization: 'Bearer client-token' }, + }) + // Should proceed without error until it hits starbase.handle + await expect(worker.fetch(request, mockEnv, mockCtx)).resolves.toBeDefined() + }) + + it('should handle WebSocket upgrade and token from search params', async () => { + const request = new Request('http://localhost?token=client-token', { + headers: { Upgrade: 'websocket' }, + }) + await worker.fetch(request, mockEnv, mockCtx) + expect(mockEnv.DATABASE_DURABLE_OBJECT.idFromName).toHaveBeenCalled() + }) +})