Merge branch 'main' into starfx-with-effection-v4

Author: jbolda

.changes/change-pr-349.md

@@ -0,0 +1,8 @@
+---
+"@simulacrum/auth0-simulator": patch
+"@simulacrum/github-api-simulator": patch
+"@simulacrum/foundation-simulator": patch
+"@simulacrum/server": patch
+---
+
+Skip simulator asset minification. Also remove usage of `String.raw`. This was breaking the `/login` view in the Auth0 simulator with the way `tsdown` was escaping the strings.

package-lock.json

@@ -33,14 +33,14 @@
     "npm": ">=11"
   },
   "volta": {
-    "node": "20.19.5",
-    "npm": "11.6.2"
+    "node": "20.19.6",
+    "npm": "11.7.0"
   },
   "devDependencies": {
     "@arethetypeswrong/core": "^0.18.2",
-    "publint": "^0.3.13",
-    "tsdown": "^0.15.4",
-    "tsx": "^4.20.6",
+    "publint": "^0.3.16",
+    "tsdown": "^0.18.4",
+    "tsx": "^4.21.0",
     "typescript": "5.8.3",
     "vitest": "^3.2.4"
   }

package.json

@@ -57,13 +57,13 @@
     "@types/jsesc": "^3.0.3",
     "@types/jsonwebtoken": "^9.0.9"
   },
-  "module": "./dist/index.js",
+  "module": "./dist/index.mjs",
   "types": "./dist/index.d.cts",
   "exports": {
     ".": {
       "development": "./src/index.ts",
-      "import": "./dist/index.js",
-      "require": "./dist/index.cjs"
+      "require": "./dist/index.cjs",
+      "import": "./dist/index.mjs"
     },
     "./package.json": "./package.json"
   },
@@ -78,8 +78,8 @@
   "publishConfig": {
     "exports": {
       ".": {
-        "import": "./dist/index.js",
-        "require": "./dist/index.cjs"
+        "require": "./dist/index.cjs",
+        "import": "./dist/index.mjs"
       },
       "./package.json": "./package.json"
     }

packages/auth0/package.json

@@ -1,6 +1,5 @@
 import type { ScopeConfig } from "../types.ts";
 import { deriveScope } from "../handlers/utils.ts";
-const html = String.raw;
 
 interface LoginViewProps {
   domain: string;
@@ -19,7 +18,7 @@ export const loginView = ({
   audience,
   loginFailed = false,
 }: LoginViewProps): string => {
-  return html`
+  return /*html*/ `
     <html lang="en">
       <head>
         <meta charset="UTF-8" />
@@ -56,9 +55,9 @@ export const loginView = ({
                     autocomplete="email"
                     required=""
                     value=""
-                    class="${loginFailed
-                      ? "border-red-500"
-                      : ""} appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm"
+                    class="${
+                      loginFailed ? "border-red-500" : ""
+                    } appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm"
                     placeholder="Email address"
                   />
                 </div>
@@ -70,17 +69,17 @@ export const loginView = ({
                     type="password"
                     autocomplete="current-password"
                     required=""
-                    class="my-4 ${loginFailed
-                      ? "border-red-500"
-                      : ""} appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm"
+                    class="my-4 ${
+                      loginFailed ? "border-red-500" : ""
+                    } appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm"
                     placeholder="Password"
                   />
                 </div>
               </div>
               <div
-                class="error bg-red-500 text-white p-3 ${loginFailed
-                  ? ""
-                  : "hidden"}"
+                class="error bg-red-500 text-white p-3 ${
+                  loginFailed ? "" : "hidden"
+                }"
               >
                 Wrong email or password
               </div>

packages/auth0/src/views/login.ts

@@ -37,18 +37,22 @@ export const userNamePasswordForm = ({
     })
   );
 
-  return `
-  <form method="post" name="hiddenform" action="${auth0Domain}">
-    <input type="hidden" name="wa" value="wsignin1.0">
-    <input type="hidden" 
-           name="wresult" 
-           value="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoiNjA1MzhjYWQ2YWI5ODQwMDY5OWIxZDZhIiwiZW1haWwiOiJpbXJhbi5zdWxlbWFuamlAcmVzaWRlby5jb20iLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInNpZCI6Im5zSHZTQ0lYT2NGSUZINUIyRzdVdUFEWDVQTlR4cmRPIiwiaWF0IjoxNjE2MTU0ODA0LCJleHAiOjE2MTYxNTQ4NjQsImF1ZCI6InVybjphdXRoMDpyZXNpZGVvOlVzZXJuYW1lLVBhc3N3b3JkLUF1dGhlbnRpY2F0aW9uIiwiaXNzIjoidXJuOmF1dGgwIn0.CTl0A1hDc4YrErsrFBCCEG0ekIUU3bv0x12p_vUgoyD6zOg_QhaSZjKeZI2elaeYnAi7KUcohgOP9TApj3VlQtm6GlGNuWIiQke4866FtfhufGo2_uLBWyf4nmOgbNcmhpIg2bvVJHUqM-6OCNfnzPWAoFW2_g-DeIo20WBfK2E">
-    <input type="hidden" name="wctx" value="${wctx}">
+  return /*html*/ `
+  <form
+    method="post"
+    name="hiddenform"
+    action="${auth0Domain}"
+  >
+    <input type="hidden" name="wa" value="wsignin1.0" />
+    <input
+      type="hidden"
+      name="wresult"
+      value="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoiNjA1MzhjYWQ2YWI5ODQwMDY5OWIxZDZhIiwiZW1haWwiOiJpbXJhbi5zdWxlbWFuamlAcmVzaWRlby5jb20iLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInNpZCI6Im5zSHZTQ0lYT2NGSUZINUIyRzdVdUFEWDVQTlR4cmRPIiwiaWF0IjoxNjE2MTU0ODA0LCJleHAiOjE2MTYxNTQ4NjQsImF1ZCI6InVybjphdXRoMDpyZXNpZGVvOlVzZXJuYW1lLVBhc3N3b3JkLUF1dGhlbnRpY2F0aW9uIiwiaXNzIjoidXJuOmF1dGgwIn0.CTl0A1hDc4YrErsrFBCCEG0ekIUU3bv0x12p_vUgoyD6zOg_QhaSZjKeZI2elaeYnAi7KUcohgOP9TApj3VlQtm6GlGNuWIiQke4866FtfhufGo2_uLBWyf4nmOgbNcmhpIg2bvVJHUqM-6OCNfnzPWAoFW2_g-DeIo20WBfK2E"
+    />
+    <input type="hidden" name="wctx" value="${wctx}" />
     <noscript>
-        <p>
-            Script is disabled. Click Submit to continue.
-        </p>
-        <input type="submit" value="Submit">
+      <p>Script is disabled. Click Submit to continue.</p>
+      <input type="submit" value="Submit" />
     </noscript>
   </form>`;
 };

packages/auth0/src/views/username-password.ts

@@ -14,7 +14,7 @@ export const webMessage = ({
     { json: true, isScriptContext: true }
   );
 
-  return `
+  return /*html*/ `
   <!DOCTYPE html>
     <html lang="en">
       <head>

packages/auth0/src/views/web-message.ts

@@ -0,0 +1,86 @@
+import { describe, it, expect } from "vitest";
+import { run, until, sleep, useAbortSignal, Err, Ok } from "effection";
+import { execSync } from "child_process";
+import { existsSync } from "fs";
+import { useService } from "@simulacrum/server";
+
+const AUTH0_PORT = 4400;
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+const AUTH0_URL = `https://localhost:${AUTH0_PORT}`;
+
+// Ensure built distribution is present; if not, build it so the smoke test can run locally
+if (!existsSync("./dist/index.cjs")) {
+  console.log("ci-smoke: dist not found, running `npm run build`...");
+  execSync("npm run prepack", { stdio: "inherit" });
+}
+
+// Helper to start the built auth0 service with a wellness check (reused by tests)
+function startAuth0() {
+  return useService("auth0", "node ./bin/start.cjs", {
+    wellnessCheck: {
+      timeout: 30000,
+      *operation(_stdio) {
+        const signal = yield* useAbortSignal();
+        const start = Date.now();
+        while (true) {
+          try {
+            yield* until(
+              fetch(`${AUTH0_URL}/login`, {
+                headers: { accept: "text/html" },
+                signal,
+              }).then((r) => {
+                if (!r.ok) throw new Error(`not ready: ${r.status}`);
+                return true;
+              })
+            );
+            return Ok<void>(void 0);
+          } catch (err) {
+            // ignore and retry
+          }
+          if (Date.now() - start > 30000)
+            return Err(new Error("service did not start"));
+          yield* sleep(200);
+        }
+      },
+    },
+  });
+}
+
+describe("CI smoke: built dist server", () => {
+  it("returns /login without escaped closing script tags", async () => {
+    await run(function* () {
+      yield* startAuth0();
+
+      const signal = yield* useAbortSignal();
+      const text = yield* until(
+        fetch(`${AUTH0_URL}/login`, { signal }).then((r) => {
+          if (!r.ok) throw new Error(`fetch failed: ${r.status}`);
+          return r.text();
+        })
+      );
+
+      expect(text).toMatch(/<\/script>/);
+      expect(text).not.toContain("<\\/script>");
+    });
+  }, 60000);
+
+  it("returns /authorize?response_mode=web_message without escaped closing script tags", async () => {
+    await run(function* () {
+      yield* startAuth0();
+
+      const url = `${AUTH0_URL}/authorize?response_mode=web_message&redirect_uri=http://localhost:3000&currentUser=default`;
+      const signal2 = yield* useAbortSignal();
+      const text = yield* until(
+        fetch(url, { headers: { accept: "text/html" }, signal: signal2 }).then(
+          (r) => {
+            if (!r.ok) throw new Error(`fetch failed: ${r.status}`);
+            return r.text();
+          }
+        )
+      );
+
+      expect(text).toMatch(/<\/script>/);
+      expect(text).not.toContain("<\\/script>");
+    });
+  }, 60000);
+});

packages/auth0/test/ci-smoke.test.ts

@@ -8,7 +8,13 @@ export default defineConfig({
   dts: {
     sourcemap: true,
   },
-  copy: ["src/views/public"],
+  copy: [{ from: "src/views/public", to: "dist", flatten: false }],
+  // not really required and can mangle things
+  minify: false,
+  // don't bundle up as have some relative path imports for static assets
+  unbundle: true,
+  // if we unbundle, we want to skip this as well
+  skipNodeModulesBundle: true,
   // runs with @arethetypeswrong/core which checks types
   attw: false,
   publint: true,

packages/auth0/tsdown.config.ts

@@ -58,8 +58,8 @@
   "exports": {
     ".": {
       "development": "./src/index.ts",
-      "import": "./dist/index.js",
-      "require": "./dist/index.cjs"
+      "require": "./dist/index.cjs",
+      "import": "./dist/index.mjs"
     },
     "./package.json": "./package.json"
   },
@@ -72,13 +72,13 @@
     }
   },
   "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
+  "module": "./dist/index.mjs",
   "types": "./dist/index.d.cts",
   "publishConfig": {
     "exports": {
       ".": {
-        "import": "./dist/index.js",
-        "require": "./dist/index.cjs"
+        "require": "./dist/index.cjs",
+        "import": "./dist/index.mjs"
       },
       "./package.json": "./package.json"
     }