Merge pull request #284 from cipherstash/searchable-json-integration-tests

Searchable json integration tests

Author: tobyhede

.github/workflows/tests.yml

@@ -40,6 +40,7 @@ jobs:
           echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/protect/.env
           echo "SUPABASE_URL=${{ secrets.SUPABASE_URL }}" >> ./packages/protect/.env
           echo "SUPABASE_ANON_KEY=${{ secrets.SUPABASE_ANON_KEY }}" >> ./packages/protect/.env
+          echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./packages/protect/.env
           echo "CS_ZEROKMS_HOST=https://ap-southeast-2.aws.zerokms.cipherstashmanaged.net" >> ./packages/protect/.env
           echo "CS_CTS_HOST=https://ap-southeast-2.aws.cts.cipherstashmanaged.net" >> ./packages/protect/.env
 

packages/protect/__tests__/encrypt-query-searchable-json.test.ts

@@ -395,6 +395,79 @@ describe('searchableJson with returnType formatting', () => {
     // Format: "(\"json\")" - outer quotes with escaped inner quotes
     expect(data[0]).toMatch(/^"\(.*\)"$/)
   }, 30000)
+
+  describe('single-value returnType', () => {
+    it('returns composite-literal for selector', async () => {
+      const result = await protectClient.encryptQuery('$.user.email', {
+        column: jsonbSchema.metadata,
+        table: jsonbSchema,
+        queryType: 'searchableJson',
+        returnType: 'composite-literal',
+      })
+
+      const data = unwrapResult(result)
+      expect(typeof data).toBe('string')
+      expect(data).toMatch(/^\(".*"\)$/)
+    }, 30000)
+
+    it('returns composite-literal for term', async () => {
+      const result = await protectClient.encryptQuery({ role: 'admin' }, {
+        column: jsonbSchema.metadata,
+        table: jsonbSchema,
+        queryType: 'searchableJson',
+        returnType: 'composite-literal',
+      })
+
+      const data = unwrapResult(result)
+      expect(typeof data).toBe('string')
+      expect(data).toMatch(/^\(".*"\)$/)
+    }, 30000)
+
+    it('returns escaped-composite-literal for selector', async () => {
+      const result = await protectClient.encryptQuery('$.user.email', {
+        column: jsonbSchema.metadata,
+        table: jsonbSchema,
+        queryType: 'searchableJson',
+        returnType: 'escaped-composite-literal',
+      })
+
+      const data = unwrapResult(result)
+      expect(typeof data).toBe('string')
+      expect(data as string).toMatch(/^"\(.*\)"$/)
+      // JSON.parse should yield the composite-literal format
+      const parsed = JSON.parse(data as string)
+      expect(parsed).toMatch(/^\(.*\)$/)
+    }, 30000)
+
+    it('returns escaped-composite-literal for term', async () => {
+      const result = await protectClient.encryptQuery({ role: 'admin' }, {
+        column: jsonbSchema.metadata,
+        table: jsonbSchema,
+        queryType: 'searchableJson',
+        returnType: 'escaped-composite-literal',
+      })
+
+      const data = unwrapResult(result)
+      expect(typeof data).toBe('string')
+      expect(data as string).toMatch(/^"\(.*\)"$/)
+      const parsed = JSON.parse(data as string)
+      expect(parsed).toMatch(/^\(.*\)$/)
+    }, 30000)
+
+    it('returns Encrypted object when returnType is omitted', async () => {
+      const result = await protectClient.encryptQuery('$.user.email', {
+        column: jsonbSchema.metadata,
+        table: jsonbSchema,
+        queryType: 'searchableJson',
+      })
+
+      const data = unwrapResult(result) as any
+      expect(typeof data).toBe('object')
+      expect(data).toHaveProperty('i')
+      expect(data.i).toHaveProperty('t')
+      expect(data.i).toHaveProperty('c')
+    }, 30000)
+  })
 })
 
 describe('searchableJson with LockContext', () => {

packages/protect/__tests__/encrypt-query.test.ts

@@ -561,6 +561,84 @@ describe('encryptQuery', () => {
     }, 30000)
   })
 
+  describe('single-value returnType formatting', () => {
+    it('returns Encrypted by default (no returnType)', async () => {
+      const result = await protectClient.encryptQuery('test@example.com', {
+        column: users.email,
+        table: users,
+        queryType: 'equality',
+      })
+
+      const data = unwrapResult(result)
+
+      expect(data).toMatchObject({
+        i: { t: 'users', c: 'email' },
+        v: 2,
+      })
+      expect(typeof data).toBe('object')
+    }, 30000)
+
+    it('returns composite-literal format when specified', async () => {
+      const result = await protectClient.encryptQuery('test@example.com', {
+        column: users.email,
+        table: users,
+        queryType: 'equality',
+        returnType: 'composite-literal',
+      })
+
+      const data = unwrapResult(result)
+
+      expect(typeof data).toBe('string')
+      // Format: ("json")
+      expect(data).toMatch(/^\(".*"\)$/)
+    }, 30000)
+
+    it('returns escaped-composite-literal format when specified', async () => {
+      const result = await protectClient.encryptQuery('test@example.com', {
+        column: users.email,
+        table: users,
+        queryType: 'equality',
+        returnType: 'escaped-composite-literal',
+      })
+
+      const data = unwrapResult(result)
+
+      expect(typeof data).toBe('string')
+      // Format: "(\"json\")" - outer quotes with escaped inner quotes
+      expect(data).toMatch(/^"\(.*\)"$/)
+    }, 30000)
+
+    it('returns eql format when explicitly specified', async () => {
+      const result = await protectClient.encryptQuery('test@example.com', {
+        column: users.email,
+        table: users,
+        queryType: 'equality',
+        returnType: 'eql',
+      })
+
+      const data = unwrapResult(result)
+
+      expect(data).toMatchObject({
+        i: { t: 'users', c: 'email' },
+        v: 2,
+      })
+      expect(typeof data).toBe('object')
+    }, 30000)
+
+    it('handles null value with composite-literal returnType', async () => {
+      const result = await protectClient.encryptQuery(null, {
+        column: users.email,
+        table: users,
+        queryType: 'equality',
+        returnType: 'composite-literal',
+      })
+
+      const data = unwrapResult(result)
+
+      expect(data).toBeNull()
+    }, 30000)
+  })
+
   describe('LockContext support', () => {
     it('single query with LockContext calls getLockContext', async () => {
       const mockLockContext = createMockLockContext()