Merge pull request #356 from jimmykane/refactor/claimsandroles

Clains and roles refactoring

Author: jimmykane

functions/src/OAuth2.spec.ts

@@ -109,7 +109,7 @@ vi.mock('./utils', () => ({
     isCorsAllowed: vi.fn().mockReturnValue(true),
     setAccessControlHeadersOnResponse: vi.fn(),
     getUserIDFromFirebaseToken: vi.fn().mockResolvedValue('testUserID'),
-    isProUser: vi.fn().mockResolvedValue(true),
+    hasProAccess: vi.fn().mockResolvedValue(true),
     PRO_REQUIRED_MESSAGE: 'Service sync is a Pro feature.'
 }));
 

functions/src/config.spec.ts

@@ -0,0 +1,60 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+
+// Hoisted admin mock & dotenv noop
+const adminMock = vi.hoisted(() => ({
+    instanceId: vi.fn(() => ({
+        app: { options: { projectId: 'mock-project' } }
+    }))
+}));
+
+vi.mock('dotenv', () => ({ config: vi.fn() }));
+
+vi.mock('firebase-admin', () => ({
+    default: {
+        instanceId: adminMock.instanceId
+    },
+    instanceId: adminMock.instanceId
+}));
+
+const envBackup: NodeJS.ProcessEnv = { ...process.env };
+
+describe('config.ts', () => {
+    beforeEach(() => {
+        vi.resetModules();
+        Object.assign(process.env, {
+            SUUNTOAPP_CLIENT_ID: 'suunto-id',
+            SUUNTOAPP_CLIENT_SECRET: 'suunto-secret',
+            SUUNTOAPP_SUBSCRIPTION_KEY: 'suunto-sub',
+            COROSAPI_CLIENT_ID: 'coros-id',
+            COROSAPI_CLIENT_SECRET: 'coros-secret',
+            GARMINAPI_CLIENT_ID: 'garmin-id',
+            GARMINAPI_CLIENT_SECRET: 'garmin-secret',
+        });
+        delete process.env.GCLOUD_PROJECT; // force fallback to admin.instanceId
+    });
+
+    afterEach(() => {
+        process.env = { ...envBackup };
+        vi.clearAllMocks();
+    });
+
+    it('returns configured values and derives cloudtasks defaults from admin project', async () => {
+        const { config } = await import('./config');
+
+        expect(config.suuntoapp.client_id).toBe('suunto-id');
+        expect(config.suuntoapp.subscription_key).toBe('suunto-sub');
+        expect(config.corosapi.client_secret).toBe('coros-secret');
+        expect(config.garminapi.client_id).toBe('garmin-id');
+
+        expect(config.cloudtasks.projectId).toBe('mock-project');
+        expect(config.cloudtasks.serviceAccountEmail).toBe('[email protected]');
+        expect(config.debug.bucketName).toBe('quantified-self-io-debug-files');
+    });
+
+    it('throws when a required env var is missing', async () => {
+        delete process.env.SUUNTOAPP_CLIENT_ID;
+        const { config } = await import('./config');
+
+        expect(() => config.suuntoapp.client_id).toThrow(/Missing required environment variable: SUUNTOAPP_CLIENT_ID/);
+    });
+});

functions/src/coros/auth/wrapper.spec.ts

@@ -28,7 +28,7 @@ vi.mock('firebase-functions/v1', () => ({
 }));
 
 vi.mock('../../utils', () => ({
-    isProUser: vi.fn().mockResolvedValue(true),
+    hasProAccess: vi.fn().mockResolvedValue(true),
     PRO_REQUIRED_MESSAGE: 'Service sync is a Pro feature.'
 }));
 
@@ -52,7 +52,7 @@ describe('COROS Auth Wrapper', () => {
 
     beforeEach(() => {
         vi.clearAllMocks();
-        (utils.isProUser as any).mockResolvedValue(true);
+        (utils.hasProAccess as any).mockResolvedValue(true);
 
         context = {
             app: { appId: 'test-app' },
@@ -67,7 +67,7 @@ describe('COROS Auth Wrapper', () => {
         it('should return redirect URI for pro user', async () => {
             const result = await getCOROSAPIAuthRequestTokenRedirectURI(data, context);
 
-            expect(utils.isProUser).toHaveBeenCalledWith('testUserID');
+            expect(utils.hasProAccess).toHaveBeenCalledWith('testUserID');
             expect(oauth2.getServiceOAuth2CodeRedirectAndSaveStateToUser).toHaveBeenCalledWith(
                 'testUserID',
                 SERVICE_NAME,
@@ -77,7 +77,7 @@ describe('COROS Auth Wrapper', () => {
         });
 
         it('should throw error for non-pro user', async () => {
-            (utils.isProUser as any).mockResolvedValue(false);
+            (utils.hasProAccess as any).mockResolvedValue(false);
 
             await expect(getCOROSAPIAuthRequestTokenRedirectURI(data, context))
                 .rejects.toThrow('Service sync is a Pro feature.');

functions/src/coros/auth/wrapper.ts

@@ -2,7 +2,7 @@
 
 import * as functions from 'firebase-functions/v1';
 import * as logger from 'firebase-functions/logger';
-import { isProUser, PRO_REQUIRED_MESSAGE } from '../../utils';
+import { hasProAccess, PRO_REQUIRED_MESSAGE } from '../../utils';
 import {
   deauthorizeServiceForUser,
   getAndSetServiceOAuth2AccessTokenForUser,
@@ -38,7 +38,7 @@ export const getCOROSAPIAuthRequestTokenRedirectURI = functions
     const userID = context.auth.uid;
 
     // Enforce Pro Access
-    if (!(await isProUser(userID))) {
+    if (!(await hasProAccess(userID))) {
       logger.warn(`Blocking COROS Auth for non-pro user ${userID}`);
       throw new functions.https.HttpsError('permission-denied', PRO_REQUIRED_MESSAGE);
     }
@@ -77,7 +77,7 @@ export const requestAndSetCOROSAPIAccessToken = functions
     const userID = context.auth.uid;
 
     // Enforce Pro Access
-    if (!(await isProUser(userID))) {
+    if (!(await hasProAccess(userID))) {
       logger.warn(`Blocking COROS Token Set for non-pro user ${userID}`);
       throw new functions.https.HttpsError('permission-denied', PRO_REQUIRED_MESSAGE);
     }

functions/src/coros/history-to-queue.spec.ts

@@ -29,7 +29,7 @@ vi.mock('firebase-functions/v1', () => ({
 }));
 
 vi.mock('../utils', () => ({
-    isProUser: vi.fn().mockResolvedValue(true),
+    hasProAccess: vi.fn().mockResolvedValue(true),
     PRO_REQUIRED_MESSAGE: 'Service sync is a Pro feature.'
 }));
 
@@ -47,7 +47,7 @@ describe('COROS History to Queue', () => {
 
     beforeEach(() => {
         vi.clearAllMocks();
-        (utils.isProUser as any).mockResolvedValue(true);
+        (utils.hasProAccess as any).mockResolvedValue(true);
         (history.getNextAllowedHistoryImportDate as any).mockResolvedValue(null);
 
         const recentDate = new Date();
@@ -177,7 +177,7 @@ describe('COROS History to Queue', () => {
         });
 
         it('should throw error for non-pro user', async () => {
-            (utils.isProUser as any).mockResolvedValue(false);
+            (utils.hasProAccess as any).mockResolvedValue(false);
 
             await expect(addCOROSAPIHistoryToQueue(data, context))
                 .rejects.toThrow('Service sync is a Pro feature.');

functions/src/coros/history-to-queue.ts

@@ -2,7 +2,7 @@
 
 import * as functions from 'firebase-functions/v1';
 import * as logger from 'firebase-functions/logger';
-import { isProUser, PRO_REQUIRED_MESSAGE } from '../utils';
+import { hasProAccess, PRO_REQUIRED_MESSAGE } from '../utils';
 import { SERVICE_NAME } from './constants';
 import { COROS_HISTORY_IMPORT_LIMIT_MONTHS } from '../shared/history-import.constants';
 import { HistoryImportResult, addHistoryToQueue, getNextAllowedHistoryImportDate } from '../history';
@@ -38,7 +38,7 @@ export const addCOROSAPIHistoryToQueue = functions
     const userID = context.auth.uid;
 
     // Enforce Pro Access
-    if (!(await isProUser(userID))) {
+    if (!(await hasProAccess(userID))) {
       logger.warn(`Blocking history import for non-pro user ${userID}`);
       throw new functions.https.HttpsError('permission-denied', PRO_REQUIRED_MESSAGE);
     }

functions/src/garmin/auth/wrapper.spec.ts

@@ -62,7 +62,7 @@ vi.mock('../../utils', () => ({
     isCorsAllowed: vi.fn(),
     setAccessControlHeadersOnResponse: vi.fn().mockImplementation((req, res) => res),
     getUserIDFromFirebaseToken: vi.fn(),
-    isProUser: vi.fn(),
+    hasProAccess: vi.fn(),
     determineRedirectURI: vi.fn((req) => req.body?.redirectUri || req.query?.redirect_uri),
     PRO_REQUIRED_MESSAGE: 'Service sync is a Pro feature.',
 }));
@@ -92,7 +92,7 @@ describe('Garmin Auth Wrapper', () => {
 
         vi.mocked(utils.isCorsAllowed).mockReturnValue(true);
         vi.mocked(utils.getUserIDFromFirebaseToken).mockResolvedValue('testUserID');
-        vi.mocked(utils.isProUser).mockResolvedValue(true);
+        vi.mocked(utils.hasProAccess).mockResolvedValue(true);
         vi.mocked(utils.determineRedirectURI).mockReturnValue('https://callback');
 
         context = {
@@ -113,7 +113,7 @@ describe('Garmin Auth Wrapper', () => {
         });
 
         it('should throw permission-denied for non-pro user', async () => {
-            vi.mocked(utils.isProUser).mockResolvedValue(false);
+            vi.mocked(utils.hasProAccess).mockResolvedValue(false);
             const data = { redirectUri: 'https://callback' };
 
             await expect((getGarminAPIAuthRequestTokenRedirectURI as any)(data, context)).rejects.toThrow('Service sync is a Pro feature.');

functions/src/garmin/auth/wrapper.ts

@@ -1,7 +1,7 @@
 import * as functions from 'firebase-functions/v1';
 import * as logger from 'firebase-functions/logger';
 import {
-  isProUser,
+  hasProAccess,
   PRO_REQUIRED_MESSAGE
 } from '../../utils';
 import {
@@ -48,7 +48,7 @@ export const getGarminAPIAuthRequestTokenRedirectURI = functions.region(FUNCTION
   const userID = context.auth.uid;
 
   // 3. Enforce Pro Access
-  if (!(await isProUser(userID))) {
+  if (!(await hasProAccess(userID))) {
     logger.warn(`Blocking Garmin Auth for non-pro user ${userID}`);
     throw new functions.https.HttpsError(
       'permission-denied',
@@ -96,7 +96,7 @@ export const requestAndSetGarminAPIAccessToken = functions.region(FUNCTIONS_MANI
   const userID = context.auth.uid;
 
   // 3. Enforce Pro Access
-  if (!(await isProUser(userID))) {
+  if (!(await hasProAccess(userID))) {
     logger.warn(`Blocking Garmin Token Set for non-pro user ${userID}`);
     throw new functions.https.HttpsError('permission-denied', PRO_REQUIRED_MESSAGE);
   }

functions/src/garmin/backfill.spec.ts

@@ -61,7 +61,7 @@ vi.mock('firebase-functions/v1', async () => {
 
 vi.mock('../utils', () => ({
     getUserIDFromFirebaseToken: vi.fn(),
-    isProUser: vi.fn(),
+    hasProAccess: vi.fn(),
     isCorsAllowed: vi.fn().mockReturnValue(true),
     setAccessControlHeadersOnResponse: vi.fn(),
     PRO_REQUIRED_MESSAGE: 'Service sync is a Pro feature.'
@@ -90,7 +90,7 @@ describe('Garmin Backfill', () => {
 
         // Default util mocks
         (utils.getUserIDFromFirebaseToken as any).mockResolvedValue('testUserID');
-        (utils.isProUser as any).mockResolvedValue(true);
+        (utils.hasProAccess as any).mockResolvedValue(true);
 
         // Mock getTokenData to return a valid token
         (tokens.getTokenData as any).mockResolvedValue({

functions/src/garmin/backfill.ts

@@ -1,6 +1,6 @@
 import * as functions from 'firebase-functions/v1';
 import * as logger from 'firebase-functions/logger';
-import { isProUser, PRO_REQUIRED_MESSAGE } from '../utils';
+import { hasProAccess, PRO_REQUIRED_MESSAGE } from '../utils';
 
 import * as requestPromise from '../request-helper';
 import * as admin from 'firebase-admin';
@@ -44,7 +44,7 @@ export const backfillGarminAPIActivities = functions.region(FUNCTIONS_MANIFEST.b
 
   const userID = context.auth.uid;
 
-  if (!(await isProUser(userID))) {
+  if (!(await hasProAccess(userID))) {
     logger.warn(`Blocking history import for non-pro user ${userID}`);
     throw new functions.https.HttpsError('permission-denied', PRO_REQUIRED_MESSAGE);
   }