igm/publisher-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'test-coverage'
Some checks failed
CI / ci (push) Has been cancelled
Details

Browse Source 
Add test utilities and ast-grep rules for code quality.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
igm
2026-01-12 15:05:07 +08:00
parent 947c73dbdc 2baf10b0cd
commit 16f827e8f0
38 changed files with 247 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
apps/api-server/src/__tests__/e2e/admin.test.ts
View File

@@ -36,6 +36,7 @@ import {
initTestDb,
TEST_RP,
truncateAllTables,
uniqueTestId,
withTestTransaction,
} from "@reviq/test-helpers";
import { router } from "../../router.js";
@@ -84,7 +85,7 @@ async function createSession(
db: Kysely<Database>,
userId: number,
): Promise<{ token: string; sessionId: number }> {
const token = `test-session-${String(Date.now())}${String(Math.random())}`;
const token = `test-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
@@ -115,9 +116,7 @@ async function createOrg(
logoUrl?: string;
},
): Promise<{ id: number; slug: string }> {
const slug =
options?.slug ??
`org-${String(Date.now())}-${String(Math.random()).slice(2, 8)}`;
const slug = options?.slug ?? `org-${uniqueTestId()}`;
const result = await db
.insertInto("orgs")
@@ -183,7 +182,7 @@ async function createLoginRequest(
expiresAt?: Date;
},
): Promise<{ id: number; token: string }> {
const token = `login-${String(Date.now())}${String(Math.random())}`;
const token = `login-${uniqueTestId()}`;
const expiresAt =
options?.expiresAt ?? new Date(Date.now() + LOGIN_REQUEST_EXPIRY_MS);
@@ -212,7 +211,7 @@ async function createOrgInvite(
email: string,
invitedBy: number,
): Promise<{ id: number }> {
const token = `invite-${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const token = `invite-${uniqueTestId()}`;
const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
const result = await db
@@ -461,7 +460,7 @@ describeE2E("admin", () => {
test("creates passwordless user", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -492,7 +491,7 @@ describeE2E("admin", () => {
test("creates user with name", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -519,7 +518,7 @@ describeE2E("admin", () => {
test("creates user and adds to organization as member", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -554,7 +553,7 @@ describeE2E("admin", () => {
test("creates user and adds to organization with custom role", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -588,7 +587,7 @@ describeE2E("admin", () => {
test("normalizes email to lowercase", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -615,7 +614,7 @@ describeE2E("admin", () => {
test("throws CONFLICT for duplicate email", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -637,7 +636,7 @@ describeE2E("admin", () => {
test("throws NOT_FOUND for non-existent org", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1060,7 +1059,7 @@ describeE2E("admin", () => {
test("creates organization with owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1109,7 +1108,7 @@ describeE2E("admin", () => {
test("normalizes owner email to lowercase", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1135,7 +1134,7 @@ describeE2E("admin", () => {
test("throws NOT_FOUND for non-existent owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1160,7 +1159,7 @@ describeE2E("admin", () => {
test("throws CONFLICT for duplicate slug", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1284,7 +1283,7 @@ describeE2E("admin", () => {
await createOrg(db, {
slug: "test-org",
displayName: "Old",
logoUrl: null,
logoUrl: undefined,
});
const { token: sessionToken } = await createSession(db, admin.id);
@@ -1379,7 +1378,7 @@ describeE2E("admin", () => {
test("deletes organization and related records", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1444,7 +1443,7 @@ describeE2E("admin", () => {
test("throws NOT_FOUND for non-existent organization", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1564,7 +1563,7 @@ describeE2E("admin", () => {
test("adds site to organization", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1596,7 +1595,7 @@ describeE2E("admin", () => {
test("throws NOT_FOUND for non-existent organization", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1617,7 +1616,7 @@ describeE2E("admin", () => {
test("throws CONFLICT for duplicate domain", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1640,7 +1639,7 @@ describeE2E("admin", () => {
test("throws CONFLICT for domain in another organization", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1793,7 +1792,7 @@ describeE2E("admin", () => {
// Verify login request was completed
const request = await db
.selectFrom("login_requests")
.where("id", "=", String(loginRequest.id))
.where("id", "=", loginRequest.id.toString())
.select(["completed_at"])
.executeTakeFirstOrThrow();
@@ -1825,7 +1824,7 @@ describeE2E("admin", () => {
const request = await db
.selectFrom("login_requests")
.where("id", "=", String(loginRequest.id))
.where("id", "=", loginRequest.id.toString())
.select(["completed_at"])
.executeTakeFirstOrThrow();

25
apps/api-server/src/__tests__/e2e/auth.test.ts
View File

@@ -47,6 +47,7 @@ import {
getSharedDb,
initTestDb,
TEST_RP,
uniqueTestId,
withTestTransaction,
} from "@reviq/test-helpers";
import { VirtualAuthenticator } from "@reviq/virtual-authenticator";
@@ -146,7 +147,7 @@ async function createSession(
userId: number,
options?: { deviceId?: bigint },
): Promise<{ token: string; sessionId: number }> {
const token = `test-session-${String(Date.now())}${String(Math.random())}`;
const token = `test-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
@@ -154,7 +155,7 @@ async function createSession(
.insertInto("sessions")
.values({
user_id: userId,
device_id: options?.deviceId ? String(options.deviceId) : null,
device_id: options?.deviceId ? options.deviceId.toString() : null,
token_hash: tokenHashValue,
trusted_mode: false,
expires_at: expiresAt,
@@ -178,7 +179,7 @@ async function createLoginRequest(
expiresAt?: Date;
},
): Promise<{ token: string; id: number }> {
const token = `login_test-${String(Date.now())}${String(Math.random())}`;
const token = `login_test-${uniqueTestId()}`;
const expiresAt =
options?.expiresAt ?? new Date(Date.now() + LOGIN_REQUEST_EXPIRY_MS);
@@ -228,7 +229,7 @@ async function createEmailVerification(
userId: number,
options?: { expiresAt?: Date },
): Promise<string> {
const token = `verify-${String(Date.now())}${String(Math.random())}`;
const token = `verify-${uniqueTestId()}`;
const expiresAt =
options?.expiresAt ?? new Date(Date.now() + 24 * 60 * 60 * 1000);
@@ -252,7 +253,7 @@ async function createPasswordReset(
userId: number,
options?: { expiresAt?: Date; usedAt?: Date | null },
): Promise<string> {
const token = `reset-${String(Date.now())}${String(Math.random())}`;
const token = `reset-${uniqueTestId()}`;
const expiresAt = options?.expiresAt ?? new Date(Date.now() + 60 * 60 * 1000);
await db
@@ -457,7 +458,7 @@ describeE2E("auth", () => {
const challenges = await db
.selectFrom("webauthn_challenges")
.selectAll()
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
expect(challenges.length).toBe(0);
});
@@ -483,7 +484,7 @@ describeE2E("auth", () => {
await db
.updateTable("webauthn_challenges")
.set({ created_at: new Date(Date.now() - 20 * 60 * 1000) }) // 20 minutes ago
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
// Step 4: Try to signup with expired challenge
@@ -540,7 +541,7 @@ describeE2E("auth", () => {
const challenges = await db
.selectFrom("webauthn_challenges")
.selectAll()
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
expect(challenges.length).toBe(0);
});
@@ -1072,7 +1073,7 @@ describeE2E("auth", () => {
const loginRequest = await db
.selectFrom("login_requests")
.selectAll()
.where("id", "=", String(loginRequestId))
.where("id", "=", loginRequestId.toString())
.executeTakeFirst();
expect(loginRequest).toBeUndefined();
@@ -1152,7 +1153,7 @@ describeE2E("auth", () => {
});
// Create login request without device fingerprint
const token = `login_test-${String(Date.now())}`;
const token = `login_test-${uniqueTestId()}`;
await db
.insertInto("login_requests")
.values({
@@ -1644,7 +1645,7 @@ describeE2E("auth", () => {
const session = await db
.selectFrom("sessions")
.select(["revoked_at"])
.where("id", "=", String(sessionId))
.where("id", "=", sessionId.toString())
.executeTakeFirst();
expect(session?.revoked_at).not.toBeNull();
@@ -1981,7 +1982,7 @@ describeE2E("auth", () => {
// Clean up registration session
await db
.deleteFrom("sessions")
.where("id", "=", String(regSessionId))
.where("id", "=", regSessionId.toString())
.execute();
// Step 1: Create login request

51
apps/api-server/src/__tests__/e2e/me.test.ts
View File

@@ -29,6 +29,7 @@ import {
getSharedDb,
initTestDb,
TEST_RP,
uniqueTestId,
withTestTransaction,
} from "@reviq/test-helpers";
import { router } from "../../router.js";
@@ -92,7 +93,7 @@ async function createSession(
userId: number,
options?: { ipAddress?: string; userAgent?: string },
): Promise<{ token: string; sessionId: number }> {
const token = `test-session-${String(Date.now())}${String(Math.random())}`;
const token = `test-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
@@ -125,9 +126,7 @@ async function createDevice(
userAgent?: string;
},
): Promise<{ fingerprint: string; deviceId: number }> {
const fingerprint =
options?.fingerprint ??
`test-fp-${String(Date.now())}${String(Math.random())}`;
const fingerprint = options?.fingerprint ?? `test-fp-${uniqueTestId()}`;
const result = await db
.insertInto("user_devices")
@@ -153,7 +152,7 @@ async function createApiToken(
db: Kysely<Database>,
userId: number,
): Promise<{ token: string; name: string }> {
const token = `test-api-token-${String(Date.now())}${String(Math.random())}`;
const token = `test-api-token-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + API_TOKEN_EXPIRY_MS);
@@ -224,7 +223,7 @@ describeE2E("me", () => {
const user = await createTestUser(db, { email: "expired@example.com" });
// Create an expired session
const token = `expired-session-${String(Date.now())}`;
const token = `expired-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
await db
.insertInto("sessions")
@@ -249,7 +248,7 @@ describeE2E("me", () => {
const user = await createTestUser(db, { email: "revoked@example.com" });
// Create a revoked session
const token = `revoked-session-${String(Date.now())}`;
const token = `revoked-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
await db
.insertInto("sessions")
@@ -925,7 +924,7 @@ describeE2E("me", () => {
country: "US",
trusted_mode: true,
})
.where("id", "=", String(sessionId))
.where("id", "=", sessionId.toString())
.execute();
const context = createAPIContext(db, { sessionToken });
@@ -968,7 +967,7 @@ describeE2E("me", () => {
const session = await db
.selectFrom("sessions")
.select(["revoked_at"])
.where("id", "=", String(sessionId2))
.where("id", "=", sessionId2.toString())
.executeTakeFirstOrThrow();
expect(session.revoked_at).not.toBeNull();
@@ -1021,7 +1020,7 @@ describeE2E("me", () => {
await db
.updateTable("sessions")
.set({ revoked_at: new Date() })
.where("id", "=", String(sessionId2))
.where("id", "=", sessionId2.toString())
.execute();
const context = createAPIContext(db, { sessionToken: sessionToken1 });
@@ -1080,7 +1079,7 @@ describeE2E("me", () => {
const currentSession = await db
.selectFrom("sessions")
.select(["revoked_at"])
.where("id", "=", String(id1))
.where("id", "=", id1.toString())
.executeTakeFirstOrThrow();
expect(currentSession.revoked_at).toBeNull();
@@ -1088,7 +1087,7 @@ describeE2E("me", () => {
const otherSessions = await db
.selectFrom("sessions")
.select(["id", "revoked_at"])
.where("id", "in", [String(id2), String(id3)])
.where("id", "in", [id2.toString(), id3.toString()])
.execute();
for (const session of otherSessions) {
@@ -1116,7 +1115,7 @@ describeE2E("me", () => {
const session = await db
.selectFrom("sessions")
.select(["revoked_at"])
.where("id", "=", String(sessionId))
.where("id", "=", sessionId.toString())
.executeTakeFirstOrThrow();
expect(session.revoked_at).toBeNull();
});
@@ -1147,7 +1146,7 @@ describeE2E("me", () => {
region: "NY",
country: "US",
})
.where("id", "=", String(deviceId))
.where("id", "=", deviceId.toString())
.execute();
const { token: sessionToken } = await createSession(db, user.id);
@@ -1256,7 +1255,7 @@ describeE2E("me", () => {
const device = await db
.selectFrom("user_devices")
.select(["is_trusted", "name"])
.where("id", "=", String(deviceId))
.where("id", "=", deviceId.toString())
.executeTakeFirstOrThrow();
expect(device.is_trusted).toBe(true);
@@ -1401,7 +1400,7 @@ describeE2E("me", () => {
const device = await db
.selectFrom("user_devices")
.select(["is_trusted"])
.where("id", "=", String(deviceId))
.where("id", "=", deviceId.toString())
.executeTakeFirstOrThrow();
expect(device.is_trusted).toBe(false);
@@ -1501,7 +1500,7 @@ async function createTrustedSession(
db: Kysely<Database>,
userId: number,
): Promise<{ token: string; sessionId: number }> {
const token = `test-session-${String(Date.now())}${String(Math.random())}`;
const token = `test-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
@@ -1568,7 +1567,7 @@ async function createOrgInvite(
expiresAt?: Date;
},
): Promise<{ id: number }> {
const token = `invite-token-${String(Date.now())}-${Math.random().toString(36).slice(2)}`;
const token = `invite-token-${uniqueTestId()}-${Math.random().toString(36).slice(2)}`;
const result = await db
.insertInto("org_invites")
.values({
@@ -1693,7 +1692,7 @@ describeE2E("me.apiTokens and me.invites", () => {
});
expect(tokens).toHaveLength(1);
expect(tokens[0].name).toBe("User1 Token");
expect(tokens[0]?.name).toBe("User1 Token");
});
});
});
@@ -1727,7 +1726,7 @@ describeE2E("me.apiTokens and me.invites", () => {
.execute();
expect(tokens).toHaveLength(1);
expect(tokens[0].name).toBe("My New Token");
expect(tokens[0]?.name).toBe("My New Token");
});
});
@@ -1937,10 +1936,10 @@ describeE2E("me.apiTokens and me.invites", () => {
});
expect(invites).toHaveLength(1);
expect(invites[0].org.slug).toBe("invite-org");
expect(invites[0].org.displayName).toBe("Invite Org");
expect(invites[0].role).toBe("admin");
expect(invites[0].invitedBy).toBe("Inviter Person");
expect(invites[0]?.org.slug).toBe("invite-org");
expect(invites[0]?.org.displayName).toBe("Invite Org");
expect(invites[0]?.role).toBe("admin");
expect(invites[0]?.invitedBy).toBe("Inviter Person");
});
});
@@ -2086,7 +2085,7 @@ describeE2E("me.apiTokens and me.invites", () => {
describe("me.invites.accept", () => {
test("accepts invite and adds user to org", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const inviter = await createTestUser(db, {
email: `inviter-accept-${uniqueId}@example.com`,
@@ -2188,7 +2187,7 @@ describeE2E("me.apiTokens and me.invites", () => {
test("returns error if already a member", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const inviter = await createTestUser(db, {
email: `inviter-already-${uniqueId}@example.com`,

61
apps/api-server/src/__tests__/e2e/orgs.test.ts
View File

@@ -20,6 +20,7 @@ import {
getSharedDb,
initTestDb,
TEST_RP,
uniqueTestId,
withTestTransaction,
} from "@reviq/test-helpers";
import { router } from "../../router.js";
@@ -68,7 +69,7 @@ async function createSession(
userId: number,
options?: { trustedMode?: boolean },
): Promise<{ token: string; sessionId: number }> {
const token = `test-session-${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const token = `test-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
@@ -166,9 +167,7 @@ async function createOrgInvite(
expiresAt?: Date;
},
): Promise<{ id: number; token: string }> {
const token =
options?.token ??
`invite-${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const token = options?.token ?? `invite-${uniqueTestId()}`;
const expiresAt =
options?.expiresAt ?? new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
@@ -319,7 +318,7 @@ describeE2E("orgs", () => {
describe("orgs.create", () => {
test("creates org and makes user owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const user = await createTestUser(db, {
email: `user-${uniqueId}@example.com`,
@@ -349,7 +348,7 @@ describeE2E("orgs", () => {
test("rejects duplicate slug", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const user = await createTestUser(db, {
email: `user-${uniqueId}@example.com`,
@@ -532,7 +531,7 @@ describeE2E("orgs", () => {
describe("orgs.delete", () => {
test("deletes org when user is owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const user = await createTestUser(db, {
email: `user-${uniqueId}@example.com`,
@@ -581,7 +580,7 @@ describeE2E("orgs", () => {
describe("orgs.leave", () => {
test("allows member to leave org", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -614,7 +613,7 @@ describeE2E("orgs", () => {
test("allows owner to leave when there are other owners", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner1 = await createTestUser(db, {
email: `owner1-${uniqueId}@example.com`,
@@ -647,7 +646,7 @@ describeE2E("orgs", () => {
test("prevents only owner from leaving", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -770,7 +769,7 @@ describeE2E("orgs", () => {
describe("orgs.members.updateRole", () => {
test("owner can promote member to admin", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -803,7 +802,7 @@ describeE2E("orgs", () => {
test("owner can promote member to owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -836,7 +835,7 @@ describeE2E("orgs", () => {
test("owner can demote owner to admin when multiple owners exist", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner1 = await createTestUser(db, {
email: `owner1-${uniqueId}@example.com`,
@@ -869,7 +868,7 @@ describeE2E("orgs", () => {
test("prevents demoting the only owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -916,7 +915,7 @@ describeE2E("orgs", () => {
test("rejects when target member not found", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -942,7 +941,7 @@ describeE2E("orgs", () => {
describe("orgs.members.remove", () => {
test("owner can remove member", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -975,7 +974,7 @@ describeE2E("orgs", () => {
test("owner can remove admin", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1008,7 +1007,7 @@ describeE2E("orgs", () => {
test("owner can remove other owner when multiple owners exist", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner1 = await createTestUser(db, {
email: `owner1-${uniqueId}@example.com`,
@@ -1041,7 +1040,7 @@ describeE2E("orgs", () => {
test("prevents removing the only owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1065,7 +1064,7 @@ describeE2E("orgs", () => {
test("admin can remove member", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1102,7 +1101,7 @@ describeE2E("orgs", () => {
test("admin cannot remove owner", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1130,7 +1129,7 @@ describeE2E("orgs", () => {
test("admin cannot remove other admin", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1162,7 +1161,7 @@ describeE2E("orgs", () => {
test("member cannot remove anyone", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1192,7 +1191,7 @@ describeE2E("orgs", () => {
test("rejects when target member not found", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1297,7 +1296,7 @@ describeE2E("orgs", () => {
describe("orgs.invites.create", () => {
test("admin can create member invite", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1331,7 +1330,7 @@ describeE2E("orgs", () => {
test("admin can create admin invite", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const admin = await createTestUser(db, {
email: `admin-${uniqueId}@example.com`,
@@ -1385,7 +1384,7 @@ describeE2E("orgs", () => {
test("owner can create owner invite", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1571,7 +1570,7 @@ describeE2E("orgs", () => {
describe("orgs.invites.accept", () => {
test("accepts invite and adds user to org", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,
@@ -1669,9 +1668,7 @@ describeE2E("orgs", () => {
test("rejects when email doesn't match", async () => {
await withTestTransaction(getSharedDb(), async (db) => {
const owner = await createTestUser(db, { email: "owner@example.com" });
const _invitee = await createTestUser(db, {
email: "invitee@example.com",
});
await createTestUser(db, { email: "invitee@example.com" });
const wrongUser = await createTestUser(db, {
email: "wrong@example.com",
});
@@ -1701,7 +1698,7 @@ describeE2E("orgs", () => {
test("handles already a member gracefully", async () => {
const db = getSharedDb();
const uniqueId = `${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`;
const uniqueId = uniqueTestId();
const owner = await createTestUser(db, {
email: `owner-${uniqueId}@example.com`,

11
apps/api-server/src/__tests__/e2e/webauthn.test.ts
View File

@@ -20,6 +20,7 @@ import {
initTestDb,
KNOWN_AAGUIDS,
TEST_RP,
uniqueTestId,
withTestTransaction,
} from "@reviq/test-helpers";
import { VirtualAuthenticator } from "@reviq/virtual-authenticator";
@@ -60,7 +61,7 @@ async function createSession(
db: Kysely<Database>,
userId: number,
): Promise<string> {
const token = `test-session-${String(Date.now())}${String(Math.random())}`;
const token = `test-session-${uniqueTestId()}`;
const tokenHashValue = await hashToken(token);
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
@@ -87,7 +88,7 @@ async function createLoginRequest(
userId: number,
email: string,
): Promise<{ id: number; token: string }> {
const token = `test-login-${String(Date.now())}${String(Math.random())}`;
const token = `test-login-${uniqueTestId()}`;
const expiresAt = new Date(Date.now() + 10 * 60 * 1000); // 10 minutes
const result = await db
@@ -236,7 +237,7 @@ describeE2E("webauthn", () => {
const challengeRow = await db
.selectFrom("webauthn_challenges")
.select("id")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.executeTakeFirst();
expect(challengeRow).toBeDefined();
@@ -382,7 +383,7 @@ describeE2E("webauthn", () => {
const challengeRow = await db
.selectFrom("webauthn_challenges")
.select("id")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.executeTakeFirst();
expect(challengeRow).toBeUndefined();
@@ -585,7 +586,7 @@ describeE2E("webauthn", () => {
const challengeRow = await db
.selectFrom("webauthn_challenges")
.select("id")
.where("id", "=", String(authChallengeId))
.where("id", "=", authChallengeId.toString())
.executeTakeFirst();
expect(challengeRow).toBeUndefined();

2
apps/api-server/src/constants.ts
View File

@@ -22,7 +22,7 @@ export const getAllowedOrigins = (): string[] => {
// Default to localhost origins for development
return [
`http://localhost:${String(DEFAULT_PORT)}`,
`http://localhost:${DEFAULT_PORT.toString()}`,
"http://localhost:6827",
"http://localhost:6828",
];

2
apps/api-server/src/index.ts
View File

@@ -45,7 +45,7 @@ Bun.serve({
if (url.pathname.startsWith("/api/v1/rpc")) {
// Build context for the request
const origin =
request.headers.get("origin") ?? `http://localhost:${String(port)}`;
request.headers.get("origin") ?? `http://localhost:${port.toString()}`;
// Create response headers for setting cookies
const resHeaders = new Headers();

8
apps/api-server/src/procedures/auth/signup.ts
View File

@@ -108,7 +108,7 @@ export async function signupWithPasskey(
const challengeRow = await db
.selectFrom("webauthn_challenges")
.select("options")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.where("created_at", ">", fifteenMinutesAgo)
.executeTakeFirst();
@@ -134,7 +134,7 @@ export async function signupWithPasskey(
// Delete the challenge
await db
.deleteFrom("webauthn_challenges")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
// Log error for debugging but don't expose to client
@@ -149,7 +149,7 @@ export async function signupWithPasskey(
// Delete the challenge
await db
.deleteFrom("webauthn_challenges")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
throw new ORPCError("BAD_REQUEST", {
@@ -200,7 +200,7 @@ export async function signupWithPasskey(
// Delete the challenge
await trx
.deleteFrom("webauthn_challenges")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
return { userId: newUserId };

2
apps/api-server/src/procedures/me/api-tokens.ts
View File

@@ -95,7 +95,7 @@ export const deleteApiToken = os.me.apiTokens.delete
.handler(async ({ input, context }) => {
const result = await context.db
.deleteFrom("api_tokens")
.where("id", "=", String(input.tokenId))
.where("id", "=", input.tokenId.toString())
.where("user_id", "=", context.user.id)
.executeTakeFirst();

2
apps/api-server/src/procedures/me/devices.ts
View File

@@ -108,7 +108,7 @@ export const untrustDevice = os.me.devices.untrust
const result = await context.db
.updateTable("user_devices")
.set({ is_trusted: false })
.where("id", "=", String(input.deviceId))
.where("id", "=", input.deviceId.toString())
.where("user_id", "=", context.user.id)
.executeTakeFirst();

4
apps/api-server/src/procedures/me/passkeys.ts
View File

@@ -38,7 +38,7 @@ export const renamePasskey = os.me.passkeys.rename
const result = await context.db
.updateTable("passkeys")
.set({ name })
.where("id", "=", String(passkeyId))
.where("id", "=", passkeyId.toString())
.where("user_id", "=", context.user.id)
.executeTakeFirst();
@@ -86,7 +86,7 @@ export const deletePasskey = os.me.passkeys.delete
const result = await trx
.deleteFrom("passkeys")
.where("id", "=", String(passkeyId))
.where("id", "=", passkeyId.toString())
.where("user_id", "=", context.user.id)
.executeTakeFirst();

4
apps/api-server/src/procedures/me/sessions.ts
View File

@@ -48,7 +48,7 @@ export const revokeSession = os.me.sessions.revoke
const { sessionId } = input;
// Prevent revoking current session (use logout instead)
if (String(sessionId) === context.session.id) {
if (sessionId.toString() === context.session.id) {
throw new ORPCError("BAD_REQUEST", {
message: "Cannot revoke current session. Use logout instead.",
});
@@ -57,7 +57,7 @@ export const revokeSession = os.me.sessions.revoke
const result = await context.db
.updateTable("sessions")
.set({ revoked_at: new Date() })
.where("id", "=", String(sessionId))
.where("id", "=", sessionId.toString())
.where("user_id", "=", context.user.id)
.where("revoked_at", "is", null)
.executeTakeFirst();

2
apps/api-server/src/router.ts
View File

@@ -139,7 +139,7 @@ const verifyAuthentication = os.auth.webauthn.verifyAuthentication
await context.db
.updateTable("login_requests")
.set({ completed_at: new Date() })
.where("id", "=", String(context.loginRequestId))
.where("id", "=", context.loginRequestId.toString())
.execute();
return { success: true };

10
apps/api-server/src/utils/webauthn.ts
View File

@@ -162,7 +162,7 @@ export const verifyRegistration = async (
const challengeRow = await db
.selectFrom("webauthn_challenges")
.select("options")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.executeTakeFirst();
if (!challengeRow) {
@@ -189,7 +189,7 @@ export const verifyRegistration = async (
// Always delete the challenge
await db
.deleteFrom("webauthn_challenges")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
}
@@ -278,7 +278,7 @@ export const verifyAuthentication = async (
const challengeRow = await db
.selectFrom("webauthn_challenges")
.select("options")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.executeTakeFirst();
if (!challengeRow) {
@@ -321,7 +321,7 @@ export const verifyAuthentication = async (
counter: verification.authenticationInfo.newCounter.toString(),
last_used_at: new Date(),
})
.where("id", "=", String(passkey.id))
.where("id", "=", passkey.id.toString())
.execute();
return true;
@@ -329,7 +329,7 @@ export const verifyAuthentication = async (
// Always delete the challenge
await db
.deleteFrom("webauthn_challenges")
.where("id", "=", String(challengeId))
.where("id", "=", challengeId.toString())
.execute();
}
};