Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

text changes and remove infra folder

Browse Source
This commit is contained in:
jackiettran
2026-01-21 19:00:55 -05:00
parent 23ca97cea9
commit 420e0efeb4
39 changed files with 1170 additions and 3640 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
backend/S3.md
View File

@@ -1,127 +0,0 @@
# AWS S3 Image Storage Integration Plan
## Overview
Integrate AWS S3 for image storage using **direct-to-S3 uploads with presigned URLs**. Frontend will upload directly to S3, reducing backend load. Images will use a **hybrid access model**: public URLs for profiles/items/forum, private signed URLs for messages and condition-checks.
## Architecture
```
Frontend Backend AWS S3
│ │ │
│ 1. POST /api/upload/presign │ │
│────────────────────────────────>│ │
│ │ 2. Generate presigned URL │
│ 3. Return {uploadUrl, key} │ │
│<────────────────────────────────│ │
│ │ │
│ 4. PUT file directly to S3 │ │
│────────────────────────────────────────────────────────────────>│
│ │ │
│ 5. POST /api/upload/confirm │ │
│────────────────────────────────>│ 6. Verify object exists │
│ │──────────────────────────────>│
│ 7. Return confirmation │ │
│<────────────────────────────────│ │
```
## S3 Bucket Structure
```
s3://village-share-{env}/
├── profiles/{uuid}.{ext} # Public access
├── items/{uuid}.{ext} # Public access
├── forum/{uuid}.{ext} # Public access
├── messages/{uuid}.{ext} # Private (signed URLs)
└── condition-checks/{uuid}.{ext} # Private (signed URLs)
```
---
### AWS S3 Bucket Setup
#### Bucket Policy (Hybrid: Public + Private)
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::village-share-dev/profiles/*",
"arn:aws:s3:::village-share-dev/items/*",
"arn:aws:s3:::village-share-dev/forum/*"
]
}
]
}
```
Note: `messages/*` and `condition-checks/*` are NOT included - require signed URLs.
#### CORS Configuration
```json
[
{
"AllowedHeaders": [
"Content-Type",
"Content-Length",
"Content-Disposition",
"Cache-Control",
"x-amz-content-sha256",
"x-amz-date",
"x-amz-security-token"
],
"AllowedMethods": ["PUT", "GET"],
"AllowedOrigins": ["http://localhost:3000"],
"ExposeHeaders": ["ETag"],
"MaxAgeSeconds": 3600
}
]
```
#### IAM Policy for Backend
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:PutObject", "s3:GetObject"],
"Resource": "arn:aws:s3:::village-share-dev/*"
}
]
}
```
**Security Note:** `s3:DeleteObject` is intentionally NOT included. File deletion is not exposed via the API to prevent unauthorized deletion attacks. Use S3 lifecycle policies for cleanup instead.
## Environment Variables to Add
```bash
# Backend (.env)
S3_ENABLED=true # Set to "true" to enable S3
S3_BUCKET=village-share-{env}
# Frontend (.env)
REACT_APP_S3_BUCKET=village-share-{env}
REACT_APP_AWS_REGION=us-east-1
```
---
## Deployment Checklist
1. Create S3 buckets for each environment (dev, qa, prod)
2. Apply bucket policies (public folders + private messages)
3. Configure CORS on each bucket
4. Attach IAM policy to EC2/ECS role
5. Add environment variables
6. Deploy backend changes
7. Deploy frontend changes

2
backend/config/aws.js
View File

@@ -18,7 +18,7 @@ function getAWSCredentials() {
*/
function getAWSConfig() {
const config = {
region: process.env.AWS_REGION || "us-east-1",
region: process.env.AWS_REGION,
};
const credentials = getAWSCredentials();

6
backend/config/database.js
View File

@@ -8,7 +8,7 @@ if (!process.env.DB_NAME && process.env.NODE_ENV) {
const result = dotenv.config({ path: envFile });
if (result.error && process.env.NODE_ENV !== "production") {
console.warn(
`Warning: Could not load ${envFile}, using existing environment variables`
`Warning: Could not load ${envFile}, using existing environment variables`,
);
}
}
@@ -20,7 +20,7 @@ const dbConfig = {
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
host: process.env.DB_HOST,
port: process.env.DB_PORT || 5432,
port: process.env.DB_PORT,
dialect: "postgres",
logging: false,
pool: {
@@ -52,7 +52,7 @@ const sequelize = new Sequelize(
dialect: dbConfig.dialect,
logging: dbConfig.logging,
pool: dbConfig.pool,
}
},
);
// Export the sequelize instance as default (for backward compatibility)

52
backend/routes/auth.js
View File

@@ -28,8 +28,7 @@ const router = express.Router();
const googleClient = new OAuth2Client(
process.env.GOOGLE_CLIENT_ID,
process.env.GOOGLE_CLIENT_SECRET,
process.env.GOOGLE_REDIRECT_URI ||
"http://localhost:3000/auth/google/callback"
process.env.GOOGLE_REDIRECT_URI,
);
// Get CSRF token endpoint
@@ -120,7 +119,7 @@ router.post(
try {
await emailServices.auth.sendVerificationEmail(
user,
user.verificationToken
user.verificationToken,
);
verificationEmailSent = true;
} catch (emailError) {
@@ -137,13 +136,13 @@ router.post(
const token = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" } // Short-lived access token
{ expiresIn: "15m" }, // Short-lived access token
);
const refreshToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion, type: "refresh" },
process.env.JWT_REFRESH_SECRET,
{ expiresIn: "7d" }
{ expiresIn: "7d" },
);
// Set tokens as httpOnly cookies
@@ -188,7 +187,7 @@ router.post(
});
res.status(500).json({ error: "Registration failed. Please try again." });
}
}
},
);
router.post(
@@ -220,7 +219,8 @@ router.post(
// Check if user is banned
if (user.isBanned) {
return res.status(403).json({
error: "Your account has been suspended. Please contact support for more information.",
error:
"Your account has been suspended. Please contact support for more information.",
code: "USER_BANNED",
});
}
@@ -242,13 +242,13 @@ router.post(
const token = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" } // Short-lived access token
{ expiresIn: "15m" }, // Short-lived access token
);
const refreshToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion, type: "refresh" },
process.env.JWT_REFRESH_SECRET,
{ expiresIn: "7d" }
{ expiresIn: "7d" },
);
// Set tokens as httpOnly cookies
@@ -292,7 +292,7 @@ router.post(
});
res.status(500).json({ error: "Login failed. Please try again." });
}
}
},
);
router.post(
@@ -314,9 +314,7 @@ router.post(
// Exchange authorization code for tokens
const { tokens } = await googleClient.getToken({
code,
redirect_uri:
process.env.GOOGLE_REDIRECT_URI ||
"http://localhost:3000/auth/google/callback",
redirect_uri: process.env.GOOGLE_REDIRECT_URI,
});
// Verify the ID token from the token response
@@ -413,7 +411,8 @@ router.post(
// Check if user is banned
if (user.isBanned) {
return res.status(403).json({
error: "Your account has been suspended. Please contact support for more information.",
error:
"Your account has been suspended. Please contact support for more information.",
code: "USER_BANNED",
});
}
@@ -422,13 +421,13 @@ router.post(
const token = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" }
{ expiresIn: "15m" },
);
const refreshToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion, type: "refresh" },
process.env.JWT_REFRESH_SECRET,
{ expiresIn: "7d" }
{ expiresIn: "7d" },
);
// Set tokens as httpOnly cookies
@@ -488,7 +487,7 @@ router.post(
.status(500)
.json({ error: "Google authentication failed. Please try again." });
}
}
},
);
// Email verification endpoint
@@ -605,7 +604,7 @@ router.post(
error: "Email verification failed. Please try again.",
});
}
}
},
);
// Resend verification email endpoint
@@ -650,7 +649,7 @@ router.post(
try {
await emailServices.auth.sendVerificationEmail(
user,
user.verificationToken
user.verificationToken,
);
} catch (emailError) {
const reqLogger = logger.withRequestId(req.id);
@@ -691,7 +690,7 @@ router.post(
error: "Failed to resend verification email. Please try again.",
});
}
}
},
);
// Refresh token endpoint
@@ -727,7 +726,8 @@ router.post("/refresh", async (req, res) => {
// Check if user is banned (defense-in-depth, jwtVersion should already catch this)
if (user.isBanned) {
return res.status(403).json({
error: "Your account has been suspended. Please contact support for more information.",
error:
"Your account has been suspended. Please contact support for more information.",
code: "USER_BANNED",
});
}
@@ -736,7 +736,7 @@ router.post("/refresh", async (req, res) => {
const newAccessToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" }
{ expiresIn: "15m" },
);
// Set new access token cookie
@@ -851,7 +851,7 @@ router.post(
"Password reset requested for non-existent or OAuth user",
{
email: email,
}
},
);
}
@@ -871,7 +871,7 @@ router.post(
error: "Failed to process password reset request. Please try again.",
});
}
}
},
);
// Verify reset token endpoint (optional - for frontend UX)
@@ -925,7 +925,7 @@ router.post(
error: "Failed to verify reset token. Please try again.",
});
}
}
},
);
// Reset password endpoint
@@ -1008,7 +1008,7 @@ router.post(
error: "Failed to reset password. Please try again.",
});
}
}
},
);
module.exports = router;

41
backend/scripts/manageAlphaInvitations.js
View File

@@ -1,5 +1,5 @@
// Load environment config
const env = process.env.NODE_ENV || "dev";
const env = process.env.NODE_ENV;
const envFile = `.env.${env}`;
require("dotenv").config({ path: envFile });
@@ -101,11 +101,11 @@ async function resendInvitation(emailOrCode) {
// Try to find by code first (if it looks like a code), otherwise by email
if (input.toUpperCase().startsWith("ALPHA-")) {
invitation = await AlphaInvitation.findOne({
where: { code: input.toUpperCase() }
where: { code: input.toUpperCase() },
});
} else {
invitation = await AlphaInvitation.findOne({
where: { email: normalizeEmail(input) }
where: { email: normalizeEmail(input) },
});
}
@@ -131,7 +131,10 @@ async function resendInvitation(emailOrCode) {
// Resend the email
try {
await emailServices.alphaInvitation.sendAlphaInvitation(invitation.email, invitation.code);
await emailServices.alphaInvitation.sendAlphaInvitation(
invitation.email,
invitation.code,
);
console.log(`\n✅ Alpha invitation resent successfully!`);
console.log(` Email: ${invitation.email}`);
@@ -178,7 +181,7 @@ async function listInvitations(filter = "all") {
});
console.log(
`\n📋 Alpha Invitations (${invitations.length} total, filter: ${filter})\n`
`\n📋 Alpha Invitations (${invitations.length} total, filter: ${filter})\n`,
);
console.log("─".repeat(100));
console.log(
@@ -186,7 +189,7 @@ async function listInvitations(filter = "all") {
"EMAIL".padEnd(30) +
"STATUS".padEnd(10) +
"USED BY".padEnd(25) +
"CREATED"
"CREATED",
);
console.log("─".repeat(100));
@@ -204,7 +207,7 @@ async function listInvitations(filter = "all") {
inv.email.padEnd(30) +
inv.status.padEnd(10) +
usedBy.padEnd(25) +
created
created,
);
});
}
@@ -221,7 +224,7 @@ async function listInvitations(filter = "all") {
};
console.log(
`\nSummary: ${stats.pending} pending | ${stats.active} active | ${stats.revoked} revoked\n`
`\nSummary: ${stats.pending} pending | ${stats.active} active | ${stats.revoked} revoked\n`,
);
return invitations;
@@ -274,7 +277,9 @@ async function restoreInvitation(code) {
}
if (invitation.status !== "revoked") {
console.log(`\n⚠️ Invitation is not revoked (current status: ${invitation.status})`);
console.log(
`\n⚠️ Invitation is not revoked (current status: ${invitation.status})`,
);
console.log(` Code: ${code}`);
console.log(` Email: ${invitation.email}`);
return invitation;
@@ -288,7 +293,9 @@ async function restoreInvitation(code) {
console.log(`\n✅ Invitation restored successfully!`);
console.log(` Code: ${code}`);
console.log(` Email: ${invitation.email}`);
console.log(` Status: ${newStatus} (${invitation.usedBy ? 'was previously used' : 'never used'})`);
console.log(
` Status: ${newStatus} (${invitation.usedBy ? "was previously used" : "never used"})`,
);
return invitation;
} catch (error) {
@@ -313,7 +320,7 @@ async function bulkImport(csvPath) {
const dataLines = hasHeader ? lines.slice(1) : lines;
console.log(
`\n📥 Importing ${dataLines.length} invitations from ${csvPath}...\n`
`\n📥 Importing ${dataLines.length} invitations from ${csvPath}...\n`,
);
let successCount = 0;
@@ -391,7 +398,7 @@ CSV Format:
if (!email) {
console.log("\n❌ Error: Email is required");
console.log(
"Usage: node scripts/manageAlphaInvitations.js add <email> [notes]\n"
"Usage: node scripts/manageAlphaInvitations.js add <email> [notes]\n",
);
process.exit(1);
}
@@ -406,7 +413,7 @@ CSV Format:
if (!code) {
console.log("\n❌ Error: Code is required");
console.log(
"Usage: node scripts/manageAlphaInvitations.js revoke <code>\n"
"Usage: node scripts/manageAlphaInvitations.js revoke <code>\n",
);
process.exit(1);
}
@@ -418,7 +425,7 @@ CSV Format:
if (!emailOrCode) {
console.log("\n❌ Error: Email or code is required");
console.log(
"Usage: node scripts/manageAlphaInvitations.js resend <email|code>\n"
"Usage: node scripts/manageAlphaInvitations.js resend <email|code>\n",
);
process.exit(1);
}
@@ -430,7 +437,7 @@ CSV Format:
if (!code) {
console.log("\n❌ Error: Code is required");
console.log(
"Usage: node scripts/manageAlphaInvitations.js restore <code>\n"
"Usage: node scripts/manageAlphaInvitations.js restore <code>\n",
);
process.exit(1);
}
@@ -442,7 +449,7 @@ CSV Format:
if (!csvPath) {
console.log("\n❌ Error: CSV path is required");
console.log(
"Usage: node scripts/manageAlphaInvitations.js bulk <csvPath>\n"
"Usage: node scripts/manageAlphaInvitations.js bulk <csvPath>\n",
);
process.exit(1);
}
@@ -451,7 +458,7 @@ CSV Format:
} else {
console.log(`\n❌ Unknown command: ${command}`);
console.log(
"Run 'node scripts/manageAlphaInvitations.js help' for usage information\n"
"Run 'node scripts/manageAlphaInvitations.js help' for usage information\n",
);
process.exit(1);
}

22
backend/server.js
View File

@@ -1,5 +1,5 @@
// Load environment-specific config
const env = process.env.NODE_ENV || "dev";
const env = process.env.NODE_ENV;
const envFile = `.env.${env}`;
require("dotenv").config({
@@ -46,7 +46,7 @@ const server = http.createServer(app);
// Initialize Socket.io with CORS
const io = new Server(server, {
cors: {
origin: process.env.FRONTEND_URL || "http://localhost:3000",
origin: process.env.FRONTEND_URL,
credentials: true,
methods: ["GET", "POST"],
},
@@ -93,7 +93,7 @@ app.use(
frameSrc: ["'self'", "https://accounts.google.com"],
},
},
})
}),
);
// Cookie parser for CSRF
@@ -108,11 +108,11 @@ app.use("/api/", apiLogger);
// CORS with security settings (must come BEFORE rate limiter to ensure headers on all responses)
app.use(
cors({
origin: process.env.FRONTEND_URL || "http://localhost:3000",
origin: process.env.FRONTEND_URL,
credentials: true,
optionsSuccessStatus: 200,
exposedHeaders: ["X-CSRF-Token"],
})
}),
);
// General rate limiting for all routes
@@ -126,14 +126,14 @@ app.use(
// Store raw body for webhook verification
req.rawBody = buf;
},
})
}),
);
app.use(
bodyParser.urlencoded({
extended: true,
limit: "1mb",
parameterLimit: 100, // Limit number of parameters
})
}),
);
// Apply input sanitization to all API routes (XSS prevention)
@@ -171,7 +171,7 @@ app.use("/api/upload", requireAlphaAccess, uploadRoutes);
app.use(errorLogger);
app.use(sanitizeError);
const PORT = process.env.PORT || 5000;
const PORT = process.env.PORT;
const { checkPendingMigrations } = require("./utils/checkMigrations");
@@ -185,7 +185,7 @@ sequelize
if (pendingMigrations.length > 0) {
logger.error(
`Found ${pendingMigrations.length} pending migration(s). Please run 'npm run db:migrate'`,
{ pendingMigrations }
{ pendingMigrations },
);
process.exit(1);
}
@@ -203,12 +203,12 @@ sequelize
// Fail fast - don't start server if email templates can't load
if (env === "prod" || env === "production") {
logger.error(
"Cannot start server without email services in production"
"Cannot start server without email services in production",
);
process.exit(1);
} else {
logger.warn(
"Email services failed to initialize - continuing in dev mode"
"Email services failed to initialize - continuing in dev mode",
);
}
}

18
backend/services/TwoFactorService.js
View File

@@ -5,14 +5,14 @@ const bcrypt = require("bcryptjs");
const logger = require("../utils/logger");
// Configuration
const TOTP_ISSUER = process.env.TOTP_ISSUER || "VillageShare";
const TOTP_ISSUER = process.env.TOTP_ISSUER;
const EMAIL_OTP_EXPIRY_MINUTES = parseInt(
process.env.TWO_FACTOR_EMAIL_OTP_EXPIRY_MINUTES || "10",
10
process.env.TWO_FACTOR_EMAIL_OTP_EXPIRY_MINUTES,
10,
);
const STEP_UP_VALIDITY_MINUTES = parseInt(
process.env.TWO_FACTOR_STEP_UP_VALIDITY_MINUTES || "5",
10
process.env.TWO_FACTOR_STEP_UP_VALIDITY_MINUTES,
10,
);
const MAX_EMAIL_OTP_ATTEMPTS = 3;
const RECOVERY_CODE_COUNT = 10;
@@ -243,7 +243,7 @@ class TwoFactorService {
const encryptionKey = process.env.TOTP_ENCRYPTION_KEY;
if (!encryptionKey || encryptionKey.length !== 64) {
throw new Error(
"TOTP_ENCRYPTION_KEY must be a 64-character hex string (32 bytes)"
"TOTP_ENCRYPTION_KEY must be a 64-character hex string (32 bytes)",
);
}
@@ -251,7 +251,7 @@ class TwoFactorService {
const cipher = crypto.createCipheriv(
"aes-256-gcm",
Buffer.from(encryptionKey, "hex"),
iv
iv,
);
let encrypted = cipher.update(secret, "utf8", "hex");
@@ -275,7 +275,7 @@ class TwoFactorService {
const encryptionKey = process.env.TOTP_ENCRYPTION_KEY;
if (!encryptionKey || encryptionKey.length !== 64) {
throw new Error(
"TOTP_ENCRYPTION_KEY must be a 64-character hex string (32 bytes)"
"TOTP_ENCRYPTION_KEY must be a 64-character hex string (32 bytes)",
);
}
@@ -283,7 +283,7 @@ class TwoFactorService {
const decipher = crypto.createDecipheriv(
"aes-256-gcm",
Buffer.from(encryptionKey, "hex"),
Buffer.from(iv, "hex")
Buffer.from(iv, "hex"),
);
decipher.setAuthTag(Buffer.from(authTag, "hex"));

6
backend/services/email/domain/AlphaInvitationEmailService.js
View File

@@ -42,7 +42,7 @@ class AlphaInvitationEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const variables = {
code: code,
@@ -54,13 +54,13 @@ class AlphaInvitationEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"alphaInvitationToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
email,
"Your Alpha Access Code - Village Share",
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send alpha invitation email", { error });

36
backend/services/email/domain/AuthEmailService.js
View File

@@ -44,7 +44,7 @@ class AuthEmailService {
await this.initialize();
}
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const verificationUrl = `${frontendUrl}/verify-email?token=${verificationToken}`;
const variables = {
@@ -55,13 +55,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"emailVerificationToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Verify Your Email - Village Share",
htmlContent
htmlContent,
);
}
@@ -78,7 +78,7 @@ class AuthEmailService {
await this.initialize();
}
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const resetUrl = `${frontendUrl}/reset-password?token=${resetToken}`;
const variables = {
@@ -88,13 +88,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"passwordResetToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Reset Your Password - Village Share",
htmlContent
htmlContent,
);
}
@@ -123,13 +123,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"passwordChangedToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Password Changed Successfully - Village Share",
htmlContent
htmlContent,
);
}
@@ -158,13 +158,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"personalInfoChangedToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Personal Information Updated - Village Share",
htmlContent
htmlContent,
);
}
@@ -188,13 +188,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"twoFactorOtpToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Your Verification Code - Village Share",
htmlContent
htmlContent,
);
}
@@ -222,13 +222,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"twoFactorEnabledToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Multi-Factor Authentication Enabled - Village Share",
htmlContent
htmlContent,
);
}
@@ -256,13 +256,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"twoFactorDisabledToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Multi-Factor Authentication Disabled - Village Share",
htmlContent
htmlContent,
);
}
@@ -302,13 +302,13 @@ class AuthEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"recoveryCodeUsedToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Recovery Code Used - Village Share",
htmlContent
htmlContent,
);
}
}

11
backend/services/email/domain/FeedbackEmailService.js
View File

@@ -60,13 +60,13 @@ class FeedbackEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"feedbackConfirmationToUser",
variables
variables,
);
return await this.emailClient.sendEmail(
user.email,
"Thank You for Your Feedback - Village Share",
htmlContent
htmlContent,
);
}
@@ -90,8 +90,7 @@ class FeedbackEmailService {
await this.initialize();
}
const adminEmail =
process.env.FEEDBACK_EMAIL || process.env.CUSTOMER_SUPPORT_EMAIL;
const adminEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
if (!adminEmail) {
console.warn("No admin email configured for feedback notifications");
@@ -117,13 +116,13 @@ class FeedbackEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"feedbackNotificationToAdmin",
variables
variables,
);
return await this.emailClient.sendEmail(
adminEmail,
`New Feedback from ${user.firstName} ${user.lastName}`,
htmlContent
htmlContent,
);
}
}

114
backend/services/email/domain/ForumEmailService.js
View File

@@ -57,7 +57,7 @@ class ForumEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const timestamp = new Date(comment.createdAt).toLocaleString("en-US", {
@@ -77,7 +77,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumCommentToPostAuthor",
variables
variables,
);
const subject = `${commenter.firstName} ${commenter.lastName} commented on your post`;
@@ -85,12 +85,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
postAuthor.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum comment notification email sent to ${postAuthor.email}`
`Forum comment notification email sent to ${postAuthor.email}`,
);
}
@@ -124,14 +124,14 @@ class ForumEmailService {
replier,
post,
reply,
parentComment
parentComment,
) {
if (!this.initialized) {
await this.initialize();
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const timestamp = new Date(reply.createdAt).toLocaleString("en-US", {
@@ -152,7 +152,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumReplyToCommentAuthor",
variables
variables,
);
const subject = `${replier.firstName} ${replier.lastName} replied to your comment`;
@@ -160,12 +160,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
commentAuthor.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum reply notification email sent to ${commentAuthor.email}`
`Forum reply notification email sent to ${commentAuthor.email}`,
);
}
@@ -195,14 +195,14 @@ class ForumEmailService {
commentAuthor,
postAuthor,
post,
comment
comment,
) {
if (!this.initialized) {
await this.initialize();
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const variables = {
@@ -216,7 +216,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumAnswerAcceptedToCommentAuthor",
variables
variables,
);
const subject = `Your comment was marked as the accepted answer!`;
@@ -224,12 +224,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
commentAuthor.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum answer accepted notification email sent to ${commentAuthor.email}`
`Forum answer accepted notification email sent to ${commentAuthor.email}`,
);
}
@@ -237,7 +237,7 @@ class ForumEmailService {
} catch (error) {
logger.error(
"Failed to send forum answer accepted notification email:",
error
error,
);
return { success: false, error: error.message };
}
@@ -263,14 +263,14 @@ class ForumEmailService {
participant,
commenter,
post,
comment
comment,
) {
if (!this.initialized) {
await this.initialize();
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const timestamp = new Date(comment.createdAt).toLocaleString("en-US", {
@@ -290,7 +290,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumThreadActivityToParticipant",
variables
variables,
);
const subject = `New activity on a post you're following`;
@@ -298,12 +298,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
participant.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum thread activity notification email sent to ${participant.email}`
`Forum thread activity notification email sent to ${participant.email}`,
);
}
@@ -311,7 +311,7 @@ class ForumEmailService {
} catch (error) {
logger.error(
"Failed to send forum thread activity notification email:",
error
error,
);
return { success: false, error: error.message };
}
@@ -331,18 +331,13 @@ class ForumEmailService {
* @param {Date} closedAt - Timestamp when discussion was closed
* @returns {Promise<{success: boolean, messageId?: string, error?: string}>}
*/
async sendForumPostClosedNotification(
recipient,
closer,
post,
closedAt
) {
async sendForumPostClosedNotification(recipient, closer, post, closedAt) {
if (!this.initialized) {
await this.initialize();
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const timestamp = new Date(closedAt).toLocaleString("en-US", {
@@ -352,8 +347,7 @@ class ForumEmailService {
const variables = {
recipientName: recipient.firstName || "there",
adminName:
`${closer.firstName} ${closer.lastName}`.trim() || "A user",
adminName: `${closer.firstName} ${closer.lastName}`.trim() || "A user",
postTitle: post.title,
postUrl: postUrl,
timestamp: timestamp,
@@ -361,7 +355,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumPostClosed",
variables
variables,
);
const subject = `Discussion closed: ${post.title}`;
@@ -369,12 +363,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
recipient.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum post closed notification email sent to ${recipient.email}`
`Forum post closed notification email sent to ${recipient.email}`,
);
}
@@ -382,7 +376,7 @@ class ForumEmailService {
} catch (error) {
logger.error(
"Failed to send forum post closed notification email:",
error
error,
);
return { success: false, error: error.message };
}
@@ -401,18 +395,24 @@ class ForumEmailService {
* @param {string} deletionReason - Reason for deletion
* @returns {Promise<{success: boolean, messageId?: string, error?: string}>}
*/
async sendForumPostDeletionNotification(postAuthor, admin, post, deletionReason) {
async sendForumPostDeletionNotification(
postAuthor,
admin,
post,
deletionReason,
) {
if (!this.initialized) {
await this.initialize();
}
try {
const supportEmail = process.env.SUPPORT_EMAIL;
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const supportEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
const frontendUrl = process.env.FRONTEND_URL;
const variables = {
postAuthorName: postAuthor.firstName || "there",
adminName: `${admin.firstName} ${admin.lastName}`.trim() || "An administrator",
adminName:
`${admin.firstName} ${admin.lastName}`.trim() || "An administrator",
postTitle: post.title,
deletionReason,
supportEmail,
@@ -421,7 +421,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumPostDeletionToAuthor",
variables
variables,
);
const subject = `Important: Your forum post "${post.title}" has been removed`;
@@ -429,12 +429,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
postAuthor.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum post deletion notification email sent to ${postAuthor.email}`
`Forum post deletion notification email sent to ${postAuthor.email}`,
);
}
@@ -442,7 +442,7 @@ class ForumEmailService {
} catch (error) {
logger.error(
"Failed to send forum post deletion notification email:",
error
error,
);
return { success: false, error: error.message };
}
@@ -462,19 +462,25 @@ class ForumEmailService {
* @param {string} deletionReason - Reason for deletion
* @returns {Promise<{success: boolean, messageId?: string, error?: string}>}
*/
async sendForumCommentDeletionNotification(commentAuthor, admin, post, deletionReason) {
async sendForumCommentDeletionNotification(
commentAuthor,
admin,
post,
deletionReason,
) {
if (!this.initialized) {
await this.initialize();
}
try {
const supportEmail = process.env.SUPPORT_EMAIL;
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const supportEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const variables = {
commentAuthorName: commentAuthor.firstName || "there",
adminName: `${admin.firstName} ${admin.lastName}`.trim() || "An administrator",
adminName:
`${admin.firstName} ${admin.lastName}`.trim() || "An administrator",
postTitle: post.title,
postUrl,
deletionReason,
@@ -483,7 +489,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumCommentDeletionToAuthor",
variables
variables,
);
const subject = `Your comment on "${post.title}" has been removed`;
@@ -491,12 +497,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
commentAuthor.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Forum comment deletion notification email sent to ${commentAuthor.email}`
`Forum comment deletion notification email sent to ${commentAuthor.email}`,
);
}
@@ -504,7 +510,7 @@ class ForumEmailService {
} catch (error) {
logger.error(
"Failed to send forum comment deletion notification email:",
error
error,
);
return { success: false, error: error.message };
}
@@ -531,7 +537,7 @@ class ForumEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const postUrl = `${frontendUrl}/forum/posts/${post.id}`;
const variables = {
@@ -546,7 +552,7 @@ class ForumEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"forumItemRequestNotification",
variables
variables,
);
const subject = `Someone nearby is looking for: ${post.title}`;
@@ -554,12 +560,12 @@ class ForumEmailService {
const result = await this.emailClient.sendEmail(
recipient.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Item request notification email sent to ${recipient.email}`
`Item request notification email sent to ${recipient.email}`,
);
}

8
backend/services/email/domain/MessagingEmailService.js
View File

@@ -50,7 +50,7 @@ class MessagingEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const conversationUrl = `${frontendUrl}/messages/conversations/${sender.id}`;
const timestamp = new Date(message.createdAt).toLocaleString("en-US", {
@@ -68,7 +68,7 @@ class MessagingEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"newMessageToUser",
variables
variables,
);
const subject = `New message from ${sender.firstName} ${sender.lastName}`;
@@ -76,12 +76,12 @@ class MessagingEmailService {
const result = await this.emailClient.sendEmail(
receiver.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {
logger.info(
`Message notification email sent to ${receiver.email} from ${sender.firstName} ${sender.lastName}`
`Message notification email sent to ${receiver.email} from ${sender.firstName} ${sender.lastName}`,
);
}

57
backend/services/email/domain/PaymentEmailService.js
View File

@@ -49,12 +49,8 @@ class PaymentEmailService {
}
try {
const {
renterFirstName,
itemName,
declineReason,
updatePaymentUrl,
} = params;
const { renterFirstName, itemName, declineReason, updatePaymentUrl } =
params;
const variables = {
renterFirstName: renterFirstName || "there",
@@ -65,13 +61,13 @@ class PaymentEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"paymentDeclinedToRenter",
variables
variables,
);
return await this.emailClient.sendEmail(
renterEmail,
`Action Required: Payment Issue - ${itemName || "Your Rental"}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send payment declined notification", { error });
@@ -105,16 +101,18 @@ class PaymentEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"paymentMethodUpdatedToOwner",
variables
variables,
);
return await this.emailClient.sendEmail(
ownerEmail,
`Payment Method Updated - ${itemName || "Your Item"}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send payment method updated notification", { error });
logger.error("Failed to send payment method updated notification", {
error,
});
return { success: false, error: error.message };
}
}
@@ -151,22 +149,25 @@ class PaymentEmailService {
const variables = {
ownerName: ownerName || "there",
payoutAmount: payoutAmount?.toFixed(2) || "0.00",
failureMessage: failureMessage || "There was an issue with your payout.",
actionRequired: actionRequired || "Please check your bank account details.",
failureMessage:
failureMessage || "There was an issue with your payout.",
actionRequired:
actionRequired || "Please check your bank account details.",
failureCode: failureCode || "unknown",
requiresBankUpdate: requiresBankUpdate || false,
payoutSettingsUrl: payoutSettingsUrl || process.env.FRONTEND_URL + "/settings/payouts",
payoutSettingsUrl:
payoutSettingsUrl || process.env.FRONTEND_URL + "/settings/payouts",
};
const htmlContent = await this.templateManager.renderTemplate(
"payoutFailedToOwner",
variables
variables,
);
return await this.emailClient.sendEmail(
ownerEmail,
"Action Required: Payout Issue - Village Share",
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send payout failed notification", { error });
@@ -200,13 +201,13 @@ class PaymentEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"accountDisconnectedToOwner",
variables
variables,
);
return await this.emailClient.sendEmail(
ownerEmail,
"Your payout account has been disconnected - Village Share",
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send account disconnected email", { error });
@@ -240,13 +241,13 @@ class PaymentEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"payoutsDisabledToOwner",
variables
variables,
);
return await this.emailClient.sendEmail(
ownerEmail,
"Action Required: Your payouts have been paused - Village Share",
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send payouts disabled email", { error });
@@ -289,16 +290,16 @@ class PaymentEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"disputeAlertToAdmin",
variables
variables,
);
// Send to admin email (configure in env)
const adminEmail = process.env.ADMIN_EMAIL || process.env.SES_FROM_EMAIL;
const adminEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
return await this.emailClient.sendEmail(
adminEmail,
`URGENT: Payment Dispute - Rental #${disputeData.rentalId}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send dispute alert email", { error });
@@ -326,22 +327,24 @@ class PaymentEmailService {
const variables = {
rentalId: disputeData.rentalId,
amount: disputeData.amount.toFixed(2),
ownerPayoutAmount: parseFloat(disputeData.ownerPayoutAmount || 0).toFixed(2),
ownerPayoutAmount: parseFloat(
disputeData.ownerPayoutAmount || 0,
).toFixed(2),
ownerName: disputeData.ownerName || "Unknown",
ownerEmail: disputeData.ownerEmail || "Unknown",
};
const htmlContent = await this.templateManager.renderTemplate(
"disputeLostAlertToAdmin",
variables
variables,
);
const adminEmail = process.env.ADMIN_EMAIL || process.env.SES_FROM_EMAIL;
const adminEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
return await this.emailClient.sendEmail(
adminEmail,
`ACTION REQUIRED: Dispute Lost - Owner Already Paid - Rental #${disputeData.rentalId}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send dispute lost alert email", { error });

106
backend/services/email/domain/RentalFlowEmailService.js
View File

@@ -62,7 +62,7 @@ class RentalFlowEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const approveUrl = `${frontendUrl}/owning?rentalId=${rental.id}`;
const variables = {
@@ -95,13 +95,13 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"rentalRequestToOwner",
variables
variables,
);
return await this.emailClient.sendEmail(
owner.email,
`Rental Request for ${rental.item?.name || "Your Item"}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send rental request email", { error });
@@ -129,7 +129,7 @@ class RentalFlowEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const viewRentalsUrl = `${frontendUrl}/renting`;
// Determine payment message based on rental amount
@@ -162,16 +162,18 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"rentalRequestConfirmationToRenter",
variables
variables,
);
return await this.emailClient.sendEmail(
renter.email,
`Rental Request Submitted - ${rental.item?.name || "Item"}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send rental request confirmation email", { error });
logger.error("Failed to send rental request confirmation email", {
error,
});
return { success: false, error: error.message };
}
}
@@ -203,7 +205,7 @@ class RentalFlowEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
// Determine if Stripe setup is needed
const hasStripeAccount = !!owner.stripeConnectedAccountId;
@@ -250,7 +252,7 @@ class RentalFlowEmailService {
<div class="warning-box">
<p><strong>⚠️ Action Required: Set Up Your Earnings Account</strong></p>
<p>To receive your payout of <strong>$${payoutAmount.toFixed(
2
2,
)}</strong> when this rental completes, you need to set up your earnings account.</p>
</div>
<h2>Set Up Earnings to Get Paid</h2>
@@ -276,7 +278,7 @@ class RentalFlowEmailService {
<div class="success-box">
<p><strong>✓ Earnings Account Active</strong></p>
<p>Your earnings account is set up. You'll automatically receive $${payoutAmount.toFixed(
2
2,
)} when this rental completes.</p>
<p><a href="${frontendUrl}/earnings" style="color: #155724; text-decoration: underline;">View your earnings dashboard →</a></p>
</div>
@@ -313,7 +315,7 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"rentalApprovalConfirmationToOwner",
variables
variables,
);
const subject = `Rental Approved - ${rental.item?.name || "Your Item"}`;
@@ -321,10 +323,12 @@ class RentalFlowEmailService {
return await this.emailClient.sendEmail(
owner.email,
subject,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send rental approval confirmation email", { error });
logger.error("Failed to send rental approval confirmation email", {
error,
});
return { success: false, error: error.message };
}
}
@@ -351,7 +355,7 @@ class RentalFlowEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const browseItemsUrl = `${frontendUrl}/`;
// Determine payment message based on rental amount
@@ -398,13 +402,13 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"rentalDeclinedToRenter",
variables
variables,
);
return await this.emailClient.sendEmail(
renter.email,
`Rental Request Declined - ${rental.item?.name || "Item"}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send rental declined email", { error });
@@ -438,7 +442,7 @@ class RentalFlowEmailService {
notification,
rental,
recipientName = null,
isRenter = false
isRenter = false,
) {
if (!this.initialized) {
await this.initialize();
@@ -533,7 +537,7 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"rentalConfirmationToUser",
variables
variables,
);
// Use clear, transactional subject line with item name
@@ -602,10 +606,12 @@ class RentalFlowEmailService {
ownerNotification,
rental,
owner.firstName,
false // isRenter = false for owner
false, // isRenter = false for owner
);
if (ownerResult.success) {
logger.info("Rental confirmation email sent to owner", { email: owner.email });
logger.info("Rental confirmation email sent to owner", {
email: owner.email,
});
results.ownerEmailSent = true;
} else {
logger.error("Failed to send rental confirmation email to owner", {
@@ -629,10 +635,12 @@ class RentalFlowEmailService {
renterNotification,
rental,
renter.firstName,
true // isRenter = true for renter (enables payment receipt)
true, // isRenter = true for renter (enables payment receipt)
);
if (renterResult.success) {
logger.info("Rental confirmation email sent to renter", { email: renter.email });
logger.info("Rental confirmation email sent to renter", {
email: renter.email,
});
results.renterEmailSent = true;
} else {
logger.error("Failed to send rental confirmation email to renter", {
@@ -648,7 +656,9 @@ class RentalFlowEmailService {
}
}
} catch (error) {
logger.error("Error fetching user data for rental confirmation emails", { error });
logger.error("Error fetching user data for rental confirmation emails", {
error,
});
}
return results;
@@ -687,7 +697,7 @@ class RentalFlowEmailService {
};
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const browseUrl = `${frontendUrl}/`;
const cancelledBy = rental.cancelledBy;
@@ -731,7 +741,7 @@ class RentalFlowEmailService {
<div class="info-box">
<p><strong>Full Refund Processed</strong></p>
<p>You will receive a full refund of $${refundInfo.amount.toFixed(
2
2,
)}. The refund will appear in your account within 5-10 business days.</p>
</div>
<div style="text-align: center">
@@ -774,7 +784,7 @@ class RentalFlowEmailService {
<div class="refund-amount">$${refundInfo.amount.toFixed(2)}</div>
<div class="info-box">
<p><strong>Refund Amount:</strong> $${refundInfo.amount.toFixed(
2
2,
)} (${refundPercentage}% of total)</p>
<p><strong>Reason:</strong> ${refundInfo.reason}</p>
<p><strong>Processing Time:</strong> Refunds typically appear within 5-10 business days.</p>
@@ -804,13 +814,13 @@ class RentalFlowEmailService {
const confirmationHtml = await this.templateManager.renderTemplate(
"rentalCancellationConfirmationToUser",
confirmationVariables
confirmationVariables,
);
const confirmationResult = await this.emailClient.sendEmail(
confirmationRecipient,
`Cancellation Confirmed - ${itemName}`,
confirmationHtml
confirmationHtml,
);
if (confirmationResult.success) {
@@ -841,13 +851,13 @@ class RentalFlowEmailService {
const notificationHtml = await this.templateManager.renderTemplate(
"rentalCancellationNotificationToUser",
notificationVariables
notificationVariables,
);
const notificationResult = await this.emailClient.sendEmail(
notificationRecipient,
`Rental Cancelled - ${itemName}`,
notificationHtml
notificationHtml,
);
if (notificationResult.success) {
@@ -858,7 +868,9 @@ class RentalFlowEmailService {
results.notificationEmailSent = true;
}
} catch (error) {
logger.error("Failed to send cancellation notification email", { error });
logger.error("Failed to send cancellation notification email", {
error,
});
}
} catch (error) {
logger.error("Error sending cancellation emails", { error });
@@ -896,7 +908,7 @@ class RentalFlowEmailService {
await this.initialize();
}
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const results = {
renterEmailSent: false,
ownerEmailSent: false,
@@ -968,17 +980,19 @@ class RentalFlowEmailService {
const renterHtmlContent = await this.templateManager.renderTemplate(
"rentalCompletionThankYouToRenter",
renterVariables
renterVariables,
);
const renterResult = await this.emailClient.sendEmail(
renter.email,
`Thank You for Returning "${rental.item?.name || "Item"}" On Time!`,
renterHtmlContent
renterHtmlContent,
);
if (renterResult.success) {
logger.info("Rental completion thank you email sent to renter", { email: renter.email });
logger.info("Rental completion thank you email sent to renter", {
email: renter.email,
});
results.renterEmailSent = true;
} else {
logger.error("Failed to send rental completion email to renter", {
@@ -1035,7 +1049,7 @@ class RentalFlowEmailService {
<div class="warning-box">
<p><strong>⚠️ Action Required: Set Up Your Earnings Account</strong></p>
<p>To receive your payout of <strong>$${payoutAmount.toFixed(
2
2,
)}</strong>, you need to set up your earnings account.</p>
</div>
<h2>Set Up Earnings to Get Paid</h2>
@@ -1061,7 +1075,7 @@ class RentalFlowEmailService {
<div class="success-box">
<p><strong>✓ Payout Initiated</strong></p>
<p>Your earnings of <strong>$${payoutAmount.toFixed(
2
2,
)}</strong> have been transferred to your Stripe account.</p>
<p style="font-size: 14px; margin-top: 10px;">Funds typically reach your bank within 2-7 business days.</p>
<p><a href="${frontendUrl}/earnings" style="color: #155724; text-decoration: underline;">View your earnings dashboard →</a></p>
@@ -1086,17 +1100,19 @@ class RentalFlowEmailService {
const ownerHtmlContent = await this.templateManager.renderTemplate(
"rentalCompletionCongratsToOwner",
ownerVariables
ownerVariables,
);
const ownerResult = await this.emailClient.sendEmail(
owner.email,
`Rental Complete - ${rental.item?.name || "Your Item"}`,
ownerHtmlContent
ownerHtmlContent,
);
if (ownerResult.success) {
logger.info("Rental completion congratulations email sent to owner", { email: owner.email });
logger.info("Rental completion congratulations email sent to owner", {
email: owner.email,
});
results.ownerEmailSent = true;
} else {
logger.error("Failed to send rental completion email to owner", {
@@ -1145,7 +1161,7 @@ class RentalFlowEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const earningsDashboardUrl = `${frontendUrl}/earnings`;
// Format currency values
@@ -1177,7 +1193,7 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"payoutReceivedToOwner",
variables
variables,
);
return await this.emailClient.sendEmail(
@@ -1185,7 +1201,7 @@ class RentalFlowEmailService {
`Earnings Received - $${payoutAmount.toFixed(2)} for ${
rental.item?.name || "Your Item"
}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send payout received email", { error });
@@ -1223,13 +1239,13 @@ class RentalFlowEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"authenticationRequiredToRenter",
variables
variables,
);
return await this.emailClient.sendEmail(
email,
`Action Required: Complete payment for ${itemName}`,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send authentication required email", { error });

27
backend/services/email/domain/UserEngagementEmailService.js
View File

@@ -47,7 +47,7 @@ class UserEngagementEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const frontendUrl = process.env.FRONTEND_URL;
const variables = {
ownerName: owner.firstName || "there",
@@ -58,7 +58,7 @@ class UserEngagementEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"firstListingCelebrationToOwner",
variables
variables,
);
const subject = `Congratulations! Your first item is live on Village Share`;
@@ -66,7 +66,7 @@ class UserEngagementEmailService {
return await this.emailClient.sendEmail(
owner.email,
subject,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send first listing celebration email", { error });
@@ -91,8 +91,8 @@ class UserEngagementEmailService {
}
try {
const frontendUrl = process.env.FRONTEND_URL || "http://localhost:3000";
const supportEmail = process.env.SUPPORT_EMAIL;
const frontendUrl = process.env.FRONTEND_URL;
const supportEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
const variables = {
ownerName: owner.firstName || "there",
@@ -104,7 +104,7 @@ class UserEngagementEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"itemDeletionToOwner",
variables
variables,
);
const subject = `Important: Your listing "${item.name}" has been removed`;
@@ -112,10 +112,12 @@ class UserEngagementEmailService {
return await this.emailClient.sendEmail(
owner.email,
subject,
htmlContent
htmlContent,
);
} catch (error) {
logger.error("Failed to send item deletion notification email", { error });
logger.error("Failed to send item deletion notification email", {
error,
});
return { success: false, error: error.message };
}
}
@@ -137,7 +139,7 @@ class UserEngagementEmailService {
}
try {
const supportEmail = process.env.SUPPORT_EMAIL;
const supportEmail = process.env.CUSTOMER_SUPPORT_EMAIL;
const variables = {
userName: bannedUser.firstName || "there",
@@ -147,15 +149,16 @@ class UserEngagementEmailService {
const htmlContent = await this.templateManager.renderTemplate(
"userBannedNotification",
variables
variables,
);
const subject = "Important: Your Village Share Account Has Been Suspended";
const subject =
"Important: Your Village Share Account Has Been Suspended";
const result = await this.emailClient.sendEmail(
bannedUser.email,
subject,
htmlContent
htmlContent,
);
if (result.success) {

12
backend/services/stripeService.js
View File

@@ -116,7 +116,7 @@ class StripeService {
destination,
metadata,
},
idempotencyKey ? { idempotencyKey } : undefined
idempotencyKey ? { idempotencyKey } : undefined,
);
return transfer;
@@ -236,7 +236,7 @@ class StripeService {
metadata,
reason,
},
idempotencyKey ? { idempotencyKey } : undefined
idempotencyKey ? { idempotencyKey } : undefined,
);
return refund;
@@ -265,7 +265,7 @@ class StripeService {
paymentMethodId,
amount,
customerId,
metadata = {}
metadata = {},
) {
try {
// Generate idempotency key to prevent duplicate charges for same rental
@@ -282,13 +282,11 @@ class StripeService {
customer: customerId, // Include customer ID
confirm: true, // Automatically confirm the payment
off_session: true, // Indicate this is an off-session payment
return_url: `${
process.env.FRONTEND_URL || "http://localhost:3000"
}/complete-payment`,
return_url: `${process.env.FRONTEND_URL}/complete-payment`,
metadata,
expand: ["latest_charge.payment_method_details"], // Expand to get payment method details
},
idempotencyKey ? { idempotencyKey } : undefined
idempotencyKey ? { idempotencyKey } : undefined,
);
// Check if additional authentication is required

376
backend/tests/unit/middleware/csrf.test.js
View File

@@ -1,21 +1,21 @@
// Set CSRF_SECRET before requiring the middleware
process.env.CSRF_SECRET = 'test-csrf-secret-that-is-at-least-32-chars-long';
process.env.CSRF_SECRET = "test-csrf-secret";
const mockTokensInstance = {
secretSync: jest.fn().mockReturnValue(process.env.CSRF_SECRET),
create: jest.fn().mockReturnValue('mock-token-123'),
verify: jest.fn().mockReturnValue(true)
create: jest.fn().mockReturnValue("mock-token-123"),
verify: jest.fn().mockReturnValue(true),
};
jest.mock('csrf', () => {
jest.mock("csrf", () => {
return jest.fn().mockImplementation(() => mockTokensInstance);
});
jest.mock('cookie-parser', () => {
jest.mock("cookie-parser", () => {
return jest.fn().mockReturnValue((req, res, next) => next());
});
jest.mock('../../../utils/logger', () => ({
jest.mock("../../../utils/logger", () => ({
error: jest.fn(),
info: jest.fn(),
warn: jest.fn(),
@@ -26,18 +26,22 @@ jest.mock('../../../utils/logger', () => ({
})),
}));
const { csrfProtection, generateCSRFToken, getCSRFToken } = require('../../../middleware/csrf');
const {
csrfProtection,
generateCSRFToken,
getCSRFToken,
} = require("../../../middleware/csrf");
describe('CSRF Middleware', () => {
describe("CSRF Middleware", () => {
let req, res, next;
beforeEach(() => {
req = {
method: 'POST',
method: "POST",
headers: {},
body: {},
query: {},
cookies: {}
cookies: {},
};
res = {
status: jest.fn().mockReturnThis(),
@@ -45,16 +49,16 @@ describe('CSRF Middleware', () => {
send: jest.fn(),
cookie: jest.fn(),
set: jest.fn(),
locals: {}
locals: {},
};
next = jest.fn();
jest.clearAllMocks();
});
describe('csrfProtection', () => {
describe('Safe methods', () => {
it('should skip CSRF protection for GET requests', () => {
req.method = 'GET';
describe("csrfProtection", () => {
describe("Safe methods", () => {
it("should skip CSRF protection for GET requests", () => {
req.method = "GET";
csrfProtection(req, res, next);
@@ -62,8 +66,8 @@ describe('CSRF Middleware', () => {
expect(res.status).not.toHaveBeenCalled();
});
it('should skip CSRF protection for HEAD requests', () => {
req.method = 'HEAD';
it("should skip CSRF protection for HEAD requests", () => {
req.method = "HEAD";
csrfProtection(req, res, next);
@@ -71,8 +75,8 @@ describe('CSRF Middleware', () => {
expect(res.status).not.toHaveBeenCalled();
});
it('should skip CSRF protection for OPTIONS requests', () => {
req.method = 'OPTIONS';
it("should skip CSRF protection for OPTIONS requests", () => {
req.method = "OPTIONS";
csrfProtection(req, res, next);
@@ -81,389 +85,427 @@ describe('CSRF Middleware', () => {
});
});
describe('Token validation', () => {
describe("Token validation", () => {
beforeEach(() => {
req.cookies = { 'csrf-token': 'mock-token-123' };
req.cookies = { "csrf-token": "mock-token-123" };
});
it('should validate token from x-csrf-token header', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
it("should validate token from x-csrf-token header", () => {
req.headers["x-csrf-token"] = "mock-token-123";
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
});
it('should validate token from request body', () => {
req.body.csrfToken = 'mock-token-123';
it("should validate token from request body", () => {
req.body.csrfToken = "mock-token-123";
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
});
it('should prefer header token over body token', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
req.body.csrfToken = 'different-token';
it("should prefer header token over body token", () => {
req.headers["x-csrf-token"] = "mock-token-123";
req.body.csrfToken = "different-token";
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
});
});
describe('Missing tokens', () => {
it('should return 403 when no token provided', () => {
req.cookies = { 'csrf-token': 'mock-token-123' };
describe("Missing tokens", () => {
it("should return 403 when no token provided", () => {
req.cookies = { "csrf-token": "mock-token-123" };
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
it('should return 403 when no cookie token provided', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
it("should return 403 when no cookie token provided", () => {
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = {};
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
it('should return 403 when cookies object is missing', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
it("should return 403 when cookies object is missing", () => {
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = undefined;
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
it('should return 403 when both tokens are missing', () => {
it("should return 403 when both tokens are missing", () => {
req.cookies = {};
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
});
describe('Token mismatch', () => {
it('should return 403 when tokens do not match', () => {
req.headers['x-csrf-token'] = 'token-from-header';
req.cookies = { 'csrf-token': 'token-from-cookie' };
describe("Token mismatch", () => {
it("should return 403 when tokens do not match", () => {
req.headers["x-csrf-token"] = "token-from-header";
req.cookies = { "csrf-token": "token-from-cookie" };
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
it('should return 403 when header token is empty but cookie exists', () => {
req.headers['x-csrf-token'] = '';
req.cookies = { 'csrf-token': 'mock-token-123' };
it("should return 403 when header token is empty but cookie exists", () => {
req.headers["x-csrf-token"] = "";
req.cookies = { "csrf-token": "mock-token-123" };
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
it('should return 403 when cookie token is empty but header exists', () => {
req.headers['x-csrf-token'] = 'mock-token-123';
req.cookies = { 'csrf-token': '' };
it("should return 403 when cookie token is empty but header exists", () => {
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = { "csrf-token": "" };
csrfProtection(req, res, next);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_MISMATCH'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_MISMATCH",
});
expect(next).not.toHaveBeenCalled();
});
});
describe('Token verification', () => {
describe("Token verification", () => {
beforeEach(() => {
req.headers['x-csrf-token'] = 'mock-token-123';
req.cookies = { 'csrf-token': 'mock-token-123' };
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = { "csrf-token": "mock-token-123" };
});
it('should return 403 when token verification fails', () => {
it("should return 403 when token verification fails", () => {
mockTokensInstance.verify.mockReturnValue(false);
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({
error: 'Invalid CSRF token',
code: 'CSRF_TOKEN_INVALID'
error: "Invalid CSRF token",
code: "CSRF_TOKEN_INVALID",
});
expect(next).not.toHaveBeenCalled();
});
it('should call next when token verification succeeds', () => {
it("should call next when token verification succeeds", () => {
mockTokensInstance.verify.mockReturnValue(true);
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
});
});
describe('Edge cases', () => {
it('should handle case-insensitive HTTP methods', () => {
req.method = 'post';
req.headers['x-csrf-token'] = 'mock-token-123';
req.cookies = { 'csrf-token': 'mock-token-123' };
describe("Edge cases", () => {
it("should handle case-insensitive HTTP methods", () => {
req.method = "post";
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = { "csrf-token": "mock-token-123" };
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
});
it('should handle PUT requests', () => {
req.method = 'PUT';
req.headers['x-csrf-token'] = 'mock-token-123';
req.cookies = { 'csrf-token': 'mock-token-123' };
it("should handle PUT requests", () => {
req.method = "PUT";
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = { "csrf-token": "mock-token-123" };
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
});
it('should handle DELETE requests', () => {
req.method = 'DELETE';
req.headers['x-csrf-token'] = 'mock-token-123';
req.cookies = { 'csrf-token': 'mock-token-123' };
it("should handle DELETE requests", () => {
req.method = "DELETE";
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = { "csrf-token": "mock-token-123" };
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
});
it('should handle PATCH requests', () => {
req.method = 'PATCH';
req.headers['x-csrf-token'] = 'mock-token-123';
req.cookies = { 'csrf-token': 'mock-token-123' };
it("should handle PATCH requests", () => {
req.method = "PATCH";
req.headers["x-csrf-token"] = "mock-token-123";
req.cookies = { "csrf-token": "mock-token-123" };
csrfProtection(req, res, next);
expect(mockTokensInstance.verify).toHaveBeenCalledWith(process.env.CSRF_SECRET, 'mock-token-123');
expect(mockTokensInstance.verify).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
"mock-token-123",
);
expect(next).toHaveBeenCalled();
});
});
});
describe('generateCSRFToken', () => {
it('should generate token and set cookie with proper options', () => {
process.env.NODE_ENV = 'production';
describe("generateCSRFToken", () => {
it("should generate token and set cookie with proper options", () => {
process.env.NODE_ENV = "production";
generateCSRFToken(req, res, next);
expect(mockTokensInstance.create).toHaveBeenCalledWith(process.env.CSRF_SECRET);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(mockTokensInstance.create).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
);
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: true,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
expect(next).toHaveBeenCalled();
});
it('should set secure flag to false in dev environment', () => {
process.env.NODE_ENV = 'dev';
it("should set secure flag to false in dev environment", () => {
process.env.NODE_ENV = "dev";
generateCSRFToken(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: false,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should set secure flag to true in non-dev environment', () => {
process.env.NODE_ENV = 'production';
it("should set secure flag to true in non-dev environment", () => {
process.env.NODE_ENV = "production";
generateCSRFToken(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: true,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should set token in response header', () => {
it("should set token in response header", () => {
generateCSRFToken(req, res, next);
expect(res.set).toHaveBeenCalledWith('X-CSRF-Token', 'mock-token-123');
expect(res.set).toHaveBeenCalledWith("X-CSRF-Token", "mock-token-123");
});
it('should make token available in res.locals', () => {
it("should make token available in res.locals", () => {
generateCSRFToken(req, res, next);
expect(res.locals.csrfToken).toBe('mock-token-123');
expect(res.locals.csrfToken).toBe("mock-token-123");
});
it('should call next after setting up token', () => {
it("should call next after setting up token", () => {
generateCSRFToken(req, res, next);
expect(next).toHaveBeenCalled();
});
it('should handle test environment', () => {
process.env.NODE_ENV = 'test';
it("should handle test environment", () => {
process.env.NODE_ENV = "test";
generateCSRFToken(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: false,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should handle undefined NODE_ENV', () => {
it("should handle undefined NODE_ENV", () => {
delete process.env.NODE_ENV;
generateCSRFToken(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: false,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
});
describe('getCSRFToken', () => {
it('should generate token and return it in response', () => {
process.env.NODE_ENV = 'production';
describe("getCSRFToken", () => {
it("should generate token and return it in response", () => {
process.env.NODE_ENV = "production";
getCSRFToken(req, res);
expect(mockTokensInstance.create).toHaveBeenCalledWith(process.env.CSRF_SECRET);
expect(mockTokensInstance.create).toHaveBeenCalledWith(
process.env.CSRF_SECRET,
);
expect(res.status).toHaveBeenCalledWith(204);
expect(res.send).toHaveBeenCalled();
});
it('should set token in cookie with proper options', () => {
process.env.NODE_ENV = 'production';
it("should set token in cookie with proper options", () => {
process.env.NODE_ENV = "production";
getCSRFToken(req, res);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: true,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should set secure flag to false in dev environment', () => {
process.env.NODE_ENV = 'dev';
it("should set secure flag to false in dev environment", () => {
process.env.NODE_ENV = "dev";
getCSRFToken(req, res);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: false,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should set secure flag to true in production environment', () => {
process.env.NODE_ENV = 'production';
it("should set secure flag to true in production environment", () => {
process.env.NODE_ENV = "production";
getCSRFToken(req, res);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: true,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should handle test environment', () => {
process.env.NODE_ENV = 'test';
it("should handle test environment", () => {
process.env.NODE_ENV = "test";
getCSRFToken(req, res);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
expect(res.cookie).toHaveBeenCalledWith("csrf-token", "mock-token-123", {
httpOnly: true,
secure: false,
sameSite: 'strict',
maxAge: 60 * 60 * 1000
sameSite: "strict",
maxAge: 60 * 60 * 1000,
});
});
it('should generate new token each time', () => {
it("should generate new token each time", () => {
mockTokensInstance.create
.mockReturnValueOnce('token-1')
.mockReturnValueOnce('token-2');
.mockReturnValueOnce("token-1")
.mockReturnValueOnce("token-2");
getCSRFToken(req, res);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'token-1', expect.any(Object));
expect(res.set).toHaveBeenCalledWith('X-CSRF-Token', 'token-1');
expect(res.cookie).toHaveBeenCalledWith(
"csrf-token",
"token-1",
expect.any(Object),
);
expect(res.set).toHaveBeenCalledWith("X-CSRF-Token", "token-1");
jest.clearAllMocks();
getCSRFToken(req, res);
expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'token-2', expect.any(Object));
expect(res.set).toHaveBeenCalledWith('X-CSRF-Token', 'token-2');
expect(res.cookie).toHaveBeenCalledWith(
"csrf-token",
"token-2",
expect.any(Object),
);
expect(res.set).toHaveBeenCalledWith("X-CSRF-Token", "token-2");
});
});
describe('Integration scenarios', () => {
it('should handle complete CSRF flow', () => {
describe("Integration scenarios", () => {
it("should handle complete CSRF flow", () => {
// First, generate a token
generateCSRFToken(req, res, next);
const generatedToken = res.locals.csrfToken;
@@ -472,9 +514,9 @@ describe('CSRF Middleware', () => {
jest.clearAllMocks();
// Now test protection with the generated token
req.method = 'POST';
req.headers['x-csrf-token'] = generatedToken;
req.cookies = { 'csrf-token': generatedToken };
req.method = "POST";
req.headers["x-csrf-token"] = generatedToken;
req.cookies = { "csrf-token": generatedToken };
csrfProtection(req, res, next);
@@ -482,18 +524,18 @@ describe('CSRF Middleware', () => {
expect(res.status).not.toHaveBeenCalled();
});
it('should handle token generation endpoint flow', () => {
it("should handle token generation endpoint flow", () => {
getCSRFToken(req, res);
const cookieCall = res.cookie.mock.calls[0];
const headerCall = res.set.mock.calls[0];
expect(cookieCall[0]).toBe('csrf-token');
expect(cookieCall[1]).toBe('mock-token-123');
expect(headerCall[0]).toBe('X-CSRF-Token');
expect(headerCall[1]).toBe('mock-token-123');
expect(cookieCall[0]).toBe("csrf-token");
expect(cookieCall[1]).toBe("mock-token-123");
expect(headerCall[0]).toBe("X-CSRF-Token");
expect(headerCall[1]).toBe("mock-token-123");
expect(res.status).toHaveBeenCalledWith(204);
expect(res.send).toHaveBeenCalled();
});
});
});
});

333
backend/tests/unit/services/TwoFactorService.test.js
View File

@@ -1,10 +1,10 @@
const crypto = require('crypto');
const bcrypt = require('bcryptjs');
const { authenticator } = require('otplib');
const QRCode = require('qrcode');
const crypto = require("crypto");
const bcrypt = require("bcryptjs");
const { authenticator } = require("otplib");
const QRCode = require("qrcode");
// Mock dependencies
jest.mock('otplib', () => ({
jest.mock("otplib", () => ({
authenticator: {
generateSecret: jest.fn(),
keyuri: jest.fn(),
@@ -12,34 +12,34 @@ jest.mock('otplib', () => ({
},
}));
jest.mock('qrcode', () => ({
jest.mock("qrcode", () => ({
toDataURL: jest.fn(),
}));
jest.mock('bcryptjs', () => ({
jest.mock("bcryptjs", () => ({
hash: jest.fn(),
compare: jest.fn(),
}));
jest.mock('../../../utils/logger', () => ({
jest.mock("../../../utils/logger", () => ({
info: jest.fn(),
error: jest.fn(),
warn: jest.fn(),
}));
const TwoFactorService = require('../../../services/TwoFactorService');
const TwoFactorService = require("../../../services/TwoFactorService");
describe('TwoFactorService', () => {
describe("TwoFactorService", () => {
const originalEnv = process.env;
beforeEach(() => {
jest.clearAllMocks();
process.env = {
...originalEnv,
TOTP_ENCRYPTION_KEY: 'a'.repeat(64), // 64 hex chars = 32 bytes
TOTP_ISSUER: 'TestApp',
TWO_FACTOR_EMAIL_OTP_EXPIRY_MINUTES: '10',
TWO_FACTOR_STEP_UP_VALIDITY_MINUTES: '5',
TOTP_ENCRYPTION_KEY: "a".repeat(64),
TOTP_ISSUER: "TestApp",
TWO_FACTOR_EMAIL_OTP_EXPIRY_MINUTES: "10",
TWO_FACTOR_STEP_UP_VALIDITY_MINUTES: "5",
};
});
@@ -47,91 +47,117 @@ describe('TwoFactorService', () => {
process.env = originalEnv;
});
describe('generateTotpSecret', () => {
it('should generate TOTP secret with QR code', async () => {
authenticator.generateSecret.mockReturnValue('test-secret');
authenticator.keyuri.mockReturnValue('otpauth://totp/VillageShare:test@example.com?secret=test-secret');
QRCode.toDataURL.mockResolvedValue('data:image/png;base64,qrcode');
describe("generateTotpSecret", () => {
it("should generate TOTP secret with QR code", async () => {
authenticator.generateSecret.mockReturnValue("test-secret");
authenticator.keyuri.mockReturnValue(
"otpauth://totp/VillageShare:test@example.com?secret=test-secret",
);
QRCode.toDataURL.mockResolvedValue("data:image/png;base64,qrcode");
const result = await TwoFactorService.generateTotpSecret('test@example.com');
const result =
await TwoFactorService.generateTotpSecret("test@example.com");
expect(result.qrCodeDataUrl).toBe('data:image/png;base64,qrcode');
expect(result.qrCodeDataUrl).toBe("data:image/png;base64,qrcode");
expect(result.encryptedSecret).toBeDefined();
expect(result.encryptedSecretIv).toBeDefined();
// The issuer is loaded at module load time, so it uses the default 'VillageShare'
expect(authenticator.keyuri).toHaveBeenCalledWith('test@example.com', 'VillageShare', 'test-secret');
expect(authenticator.keyuri).toHaveBeenCalledWith(
"test@example.com",
"VillageShare",
"test-secret",
);
});
it('should use issuer from environment', async () => {
authenticator.generateSecret.mockReturnValue('test-secret');
authenticator.keyuri.mockReturnValue('otpauth://totp/VillageShare:test@example.com');
QRCode.toDataURL.mockResolvedValue('data:image/png;base64,qrcode');
it("should use issuer from environment", async () => {
authenticator.generateSecret.mockReturnValue("test-secret");
authenticator.keyuri.mockReturnValue(
"otpauth://totp/VillageShare:test@example.com",
);
QRCode.toDataURL.mockResolvedValue("data:image/png;base64,qrcode");
const result = await TwoFactorService.generateTotpSecret('test@example.com');
const result =
await TwoFactorService.generateTotpSecret("test@example.com");
expect(result.qrCodeDataUrl).toBeDefined();
expect(authenticator.keyuri).toHaveBeenCalled();
});
});
describe('verifyTotpCode', () => {
it('should return true for valid code', () => {
describe("verifyTotpCode", () => {
it("should return true for valid code", () => {
authenticator.verify.mockReturnValue(true);
// Use actual encryption
const { encrypted, iv } = TwoFactorService._encryptSecret('test-secret');
const result = TwoFactorService.verifyTotpCode(encrypted, iv, '123456');
const { encrypted, iv } = TwoFactorService._encryptSecret("test-secret");
const result = TwoFactorService.verifyTotpCode(encrypted, iv, "123456");
expect(result).toBe(true);
});
it('should return false for invalid code', () => {
it("should return false for invalid code", () => {
authenticator.verify.mockReturnValue(false);
const { encrypted, iv } = TwoFactorService._encryptSecret('test-secret');
const result = TwoFactorService.verifyTotpCode(encrypted, iv, '654321');
const { encrypted, iv } = TwoFactorService._encryptSecret("test-secret");
const result = TwoFactorService.verifyTotpCode(encrypted, iv, "654321");
expect(result).toBe(false);
});
it('should return false for non-6-digit code', () => {
const result = TwoFactorService.verifyTotpCode('encrypted', 'iv', '12345');
it("should return false for non-6-digit code", () => {
const result = TwoFactorService.verifyTotpCode(
"encrypted",
"iv",
"12345",
);
expect(result).toBe(false);
const result2 = TwoFactorService.verifyTotpCode('encrypted', 'iv', '1234567');
const result2 = TwoFactorService.verifyTotpCode(
"encrypted",
"iv",
"1234567",
);
expect(result2).toBe(false);
const result3 = TwoFactorService.verifyTotpCode('encrypted', 'iv', 'abcdef');
const result3 = TwoFactorService.verifyTotpCode(
"encrypted",
"iv",
"abcdef",
);
expect(result3).toBe(false);
});
it('should return false when decryption fails', () => {
const result = TwoFactorService.verifyTotpCode('invalid-encrypted', 'invalid-iv', '123456');
it("should return false when decryption fails", () => {
const result = TwoFactorService.verifyTotpCode(
"invalid-encrypted",
"invalid-iv",
"123456",
);
expect(result).toBe(false);
});
});
describe('generateEmailOtp', () => {
it('should generate 6-digit code', () => {
describe("generateEmailOtp", () => {
it("should generate 6-digit code", () => {
const result = TwoFactorService.generateEmailOtp();
expect(result.code).toMatch(/^\d{6}$/);
});
it('should return hashed code', () => {
it("should return hashed code", () => {
const result = TwoFactorService.generateEmailOtp();
expect(result.hashedCode).toHaveLength(64); // SHA-256 hex
});
it('should set expiry in the future', () => {
it("should set expiry in the future", () => {
const result = TwoFactorService.generateEmailOtp();
const now = new Date();
expect(result.expiry.getTime()).toBeGreaterThan(now.getTime());
});
it('should generate different codes each time', () => {
it("should generate different codes each time", () => {
const result1 = TwoFactorService.generateEmailOtp();
const result2 = TwoFactorService.generateEmailOtp();
@@ -140,10 +166,10 @@ describe('TwoFactorService', () => {
});
});
describe('verifyEmailOtp', () => {
it('should return true for valid code', () => {
const code = '123456';
const hashedCode = crypto.createHash('sha256').update(code).digest('hex');
describe("verifyEmailOtp", () => {
it("should return true for valid code", () => {
const code = "123456";
const hashedCode = crypto.createHash("sha256").update(code).digest("hex");
const expiry = new Date(Date.now() + 600000); // 10 minutes from now
const result = TwoFactorService.verifyEmailOtp(code, hashedCode, expiry);
@@ -151,18 +177,25 @@ describe('TwoFactorService', () => {
expect(result).toBe(true);
});
it('should return false for invalid code', () => {
const correctHash = crypto.createHash('sha256').update('123456').digest('hex');
it("should return false for invalid code", () => {
const correctHash = crypto
.createHash("sha256")
.update("123456")
.digest("hex");
const expiry = new Date(Date.now() + 600000);
const result = TwoFactorService.verifyEmailOtp('654321', correctHash, expiry);
const result = TwoFactorService.verifyEmailOtp(
"654321",
correctHash,
expiry,
);
expect(result).toBe(false);
});
it('should return false for expired code', () => {
const code = '123456';
const hashedCode = crypto.createHash('sha256').update(code).digest('hex');
it("should return false for expired code", () => {
const code = "123456";
const hashedCode = crypto.createHash("sha256").update(code).digest("hex");
const expiry = new Date(Date.now() - 60000); // 1 minute ago
const result = TwoFactorService.verifyEmailOtp(code, hashedCode, expiry);
@@ -170,18 +203,27 @@ describe('TwoFactorService', () => {
expect(result).toBe(false);
});
it('should return false for non-6-digit code', () => {
const hashedCode = crypto.createHash('sha256').update('123456').digest('hex');
it("should return false for non-6-digit code", () => {
const hashedCode = crypto
.createHash("sha256")
.update("123456")
.digest("hex");
const expiry = new Date(Date.now() + 600000);
expect(TwoFactorService.verifyEmailOtp('12345', hashedCode, expiry)).toBe(false);
expect(TwoFactorService.verifyEmailOtp('1234567', hashedCode, expiry)).toBe(false);
expect(TwoFactorService.verifyEmailOtp('abcdef', hashedCode, expiry)).toBe(false);
expect(TwoFactorService.verifyEmailOtp("12345", hashedCode, expiry)).toBe(
false,
);
expect(
TwoFactorService.verifyEmailOtp("1234567", hashedCode, expiry),
).toBe(false);
expect(
TwoFactorService.verifyEmailOtp("abcdef", hashedCode, expiry),
).toBe(false);
});
it('should return false when no expiry provided', () => {
const code = '123456';
const hashedCode = crypto.createHash('sha256').update(code).digest('hex');
it("should return false when no expiry provided", () => {
const code = "123456";
const hashedCode = crypto.createHash("sha256").update(code).digest("hex");
const result = TwoFactorService.verifyEmailOtp(code, hashedCode, null);
@@ -189,9 +231,9 @@ describe('TwoFactorService', () => {
});
});
describe('generateRecoveryCodes', () => {
it('should generate 10 recovery codes', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
describe("generateRecoveryCodes", () => {
it("should generate 10 recovery codes", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
const result = await TwoFactorService.generateRecoveryCodes();
@@ -199,31 +241,31 @@ describe('TwoFactorService', () => {
expect(result.hashedCodes).toHaveLength(10);
});
it('should generate codes in XXXX-XXXX format', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
it("should generate codes in XXXX-XXXX format", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
const result = await TwoFactorService.generateRecoveryCodes();
result.codes.forEach(code => {
result.codes.forEach((code) => {
expect(code).toMatch(/^[A-Z0-9]{4}-[A-Z0-9]{4}$/);
});
});
it('should exclude confusing characters', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
it("should exclude confusing characters", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
const result = await TwoFactorService.generateRecoveryCodes();
const confusingChars = ['0', 'O', '1', 'I', 'L'];
result.codes.forEach(code => {
confusingChars.forEach(char => {
const confusingChars = ["0", "O", "1", "I", "L"];
result.codes.forEach((code) => {
confusingChars.forEach((char) => {
expect(code).not.toContain(char);
});
});
});
it('should hash each code with bcrypt', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
it("should hash each code with bcrypt", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
await TwoFactorService.generateRecoveryCodes();
@@ -231,104 +273,114 @@ describe('TwoFactorService', () => {
});
});
describe('verifyRecoveryCode', () => {
it('should return valid for correct code (new format)', async () => {
describe("verifyRecoveryCode", () => {
it("should return valid for correct code (new format)", async () => {
bcrypt.compare.mockResolvedValueOnce(false).mockResolvedValueOnce(true);
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: false, index: 0 },
{ hash: 'hash2', used: false, index: 1 },
{ hash: "hash1", used: false, index: 0 },
{ hash: "hash2", used: false, index: 1 },
],
};
const result = await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"XXXX-YYYY",
recoveryData,
);
expect(result.valid).toBe(true);
expect(result.index).toBe(1);
});
it('should return invalid for incorrect code', async () => {
it("should return invalid for incorrect code", async () => {
bcrypt.compare.mockResolvedValue(false);
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: false, index: 0 },
],
codes: [{ hash: "hash1", used: false, index: 0 }],
};
const result = await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"XXXX-YYYY",
recoveryData,
);
expect(result.valid).toBe(false);
expect(result.index).toBe(-1);
});
it('should skip used codes', async () => {
it("should skip used codes", async () => {
bcrypt.compare.mockResolvedValue(true);
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: true, index: 0 },
{ hash: 'hash2', used: false, index: 1 },
{ hash: "hash1", used: true, index: 0 },
{ hash: "hash2", used: false, index: 1 },
],
};
await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
await TwoFactorService.verifyRecoveryCode("XXXX-YYYY", recoveryData);
// Should only check the unused code
expect(bcrypt.compare).toHaveBeenCalledTimes(1);
});
it('should normalize input code to uppercase', async () => {
it("should normalize input code to uppercase", async () => {
bcrypt.compare.mockResolvedValue(true);
const recoveryData = {
version: 1,
codes: [{ hash: 'hash1', used: false, index: 0 }],
codes: [{ hash: "hash1", used: false, index: 0 }],
};
await TwoFactorService.verifyRecoveryCode('xxxx-yyyy', recoveryData);
await TwoFactorService.verifyRecoveryCode("xxxx-yyyy", recoveryData);
expect(bcrypt.compare).toHaveBeenCalledWith('XXXX-YYYY', 'hash1');
expect(bcrypt.compare).toHaveBeenCalledWith("XXXX-YYYY", "hash1");
});
it('should return invalid for wrong format', async () => {
it("should return invalid for wrong format", async () => {
const recoveryData = {
version: 1,
codes: [{ hash: 'hash1', used: false, index: 0 }],
codes: [{ hash: "hash1", used: false, index: 0 }],
};
const result = await TwoFactorService.verifyRecoveryCode('INVALID', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"INVALID",
recoveryData,
);
expect(result.valid).toBe(false);
});
it('should handle legacy array format', async () => {
it("should handle legacy array format", async () => {
bcrypt.compare.mockResolvedValueOnce(false).mockResolvedValueOnce(true);
const recoveryData = ['hash1', 'hash2', 'hash3'];
const recoveryData = ["hash1", "hash2", "hash3"];
const result = await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"XXXX-YYYY",
recoveryData,
);
expect(result.valid).toBe(true);
});
it('should skip null entries in legacy format', async () => {
it("should skip null entries in legacy format", async () => {
bcrypt.compare.mockResolvedValue(true);
const recoveryData = [null, 'hash2'];
const recoveryData = [null, "hash2"];
await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
await TwoFactorService.verifyRecoveryCode("XXXX-YYYY", recoveryData);
expect(bcrypt.compare).toHaveBeenCalledTimes(1);
});
});
describe('validateStepUpSession', () => {
it('should return true for valid session', () => {
describe("validateStepUpSession", () => {
it("should return true for valid session", () => {
const user = {
twoFactorVerifiedAt: new Date(Date.now() - 60000), // 1 minute ago
};
@@ -338,7 +390,7 @@ describe('TwoFactorService', () => {
expect(result).toBe(true);
});
it('should return false for expired session', () => {
it("should return false for expired session", () => {
const user = {
twoFactorVerifiedAt: new Date(Date.now() - 600000), // 10 minutes ago
};
@@ -348,7 +400,7 @@ describe('TwoFactorService', () => {
expect(result).toBe(false);
});
it('should return false when no verification timestamp', () => {
it("should return false when no verification timestamp", () => {
const user = {
twoFactorVerifiedAt: null,
};
@@ -358,7 +410,7 @@ describe('TwoFactorService', () => {
expect(result).toBe(false);
});
it('should use custom max age when provided', () => {
it("should use custom max age when provided", () => {
const user = {
twoFactorVerifiedAt: new Date(Date.now() - 1200000), // 20 minutes ago
};
@@ -369,85 +421,88 @@ describe('TwoFactorService', () => {
});
});
describe('getRemainingRecoveryCodesCount', () => {
it('should return count for new format', () => {
describe("getRemainingRecoveryCodesCount", () => {
it("should return count for new format", () => {
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: false },
{ hash: 'hash2', used: true },
{ hash: 'hash3', used: false },
{ hash: "hash1", used: false },
{ hash: "hash2", used: true },
{ hash: "hash3", used: false },
],
};
const result = TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
const result =
TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
expect(result).toBe(2);
});
it('should return count for legacy array format', () => {
const recoveryData = ['hash1', null, 'hash3', 'hash4', null];
it("should return count for legacy array format", () => {
const recoveryData = ["hash1", null, "hash3", "hash4", null];
const result = TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
const result =
TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
expect(result).toBe(3);
});
it('should return 0 for null data', () => {
it("should return 0 for null data", () => {
const result = TwoFactorService.getRemainingRecoveryCodesCount(null);
expect(result).toBe(0);
});
it('should return 0 for undefined data', () => {
it("should return 0 for undefined data", () => {
const result = TwoFactorService.getRemainingRecoveryCodesCount(undefined);
expect(result).toBe(0);
});
it('should handle empty array', () => {
it("should handle empty array", () => {
const result = TwoFactorService.getRemainingRecoveryCodesCount([]);
expect(result).toBe(0);
});
it('should handle all used codes', () => {
it("should handle all used codes", () => {
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: true },
{ hash: 'hash2', used: true },
{ hash: "hash1", used: true },
{ hash: "hash2", used: true },
],
};
const result = TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
const result =
TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
expect(result).toBe(0);
});
});
describe('isEmailOtpLocked', () => {
it('should return true when max attempts reached', () => {
describe("isEmailOtpLocked", () => {
it("should return true when max attempts reached", () => {
const result = TwoFactorService.isEmailOtpLocked(3);
expect(result).toBe(true);
});
it('should return true when over max attempts', () => {
it("should return true when over max attempts", () => {
const result = TwoFactorService.isEmailOtpLocked(5);
expect(result).toBe(true);
});
it('should return false when under max attempts', () => {
it("should return false when under max attempts", () => {
const result = TwoFactorService.isEmailOtpLocked(2);
expect(result).toBe(false);
});
it('should return false for zero attempts', () => {
it("should return false for zero attempts", () => {
const result = TwoFactorService.isEmailOtpLocked(0);
expect(result).toBe(false);
});
});
describe('_encryptSecret / _decryptSecret', () => {
it('should encrypt and decrypt correctly', () => {
const secret = 'my-test-secret';
describe("_encryptSecret / _decryptSecret", () => {
it("should encrypt and decrypt correctly", () => {
const secret = "my-test-secret";
const { encrypted, iv } = TwoFactorService._encryptSecret(secret);
const decrypted = TwoFactorService._decryptSecret(encrypted, iv);
@@ -455,16 +510,20 @@ describe('TwoFactorService', () => {
expect(decrypted).toBe(secret);
});
it('should throw error when encryption key is missing', () => {
it("should throw error when encryption key is missing", () => {
delete process.env.TOTP_ENCRYPTION_KEY;
expect(() => TwoFactorService._encryptSecret('test')).toThrow('TOTP_ENCRYPTION_KEY');
expect(() => TwoFactorService._encryptSecret("test")).toThrow(
"TOTP_ENCRYPTION_KEY",
);
});
it('should throw error when encryption key is wrong length', () => {
process.env.TOTP_ENCRYPTION_KEY = 'short';
it("should throw error when encryption key is wrong length", () => {
process.env.TOTP_ENCRYPTION_KEY = "short";
expect(() => TwoFactorService._encryptSecret('test')).toThrow('64-character hex string');
expect(() => TwoFactorService._encryptSecret("test")).toThrow(
"64-character hex string",
);
});
});
});

196
backend/tests/unit/services/email/EmailClient.test.js
View File

@@ -1,34 +1,34 @@
// Mock AWS SDK before requiring modules
jest.mock('@aws-sdk/client-ses', () => ({
jest.mock("@aws-sdk/client-ses", () => ({
SESClient: jest.fn().mockImplementation(() => ({
send: jest.fn(),
})),
SendEmailCommand: jest.fn(),
}));
jest.mock('../../../../config/aws', () => ({
getAWSConfig: jest.fn(() => ({ region: 'us-east-1' })),
jest.mock("../../../../config/aws", () => ({
getAWSConfig: jest.fn(() => ({ region: "us-east-1" })),
}));
jest.mock('../../../../services/email/core/emailUtils', () => ({
htmlToPlainText: jest.fn((html) => html.replace(/<[^>]*>/g, '')),
jest.mock("../../../../services/email/core/emailUtils", () => ({
htmlToPlainText: jest.fn((html) => html.replace(/<[^>]*>/g, "")),
}));
// Clear singleton between tests
beforeEach(() => {
jest.clearAllMocks();
// Reset the singleton instance
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
});
describe('EmailClient', () => {
const { SESClient, SendEmailCommand } = require('@aws-sdk/client-ses');
const { getAWSConfig } = require('../../../../config/aws');
describe("EmailClient", () => {
const { SESClient, SendEmailCommand } = require("@aws-sdk/client-ses");
const { getAWSConfig } = require("../../../../config/aws");
describe('constructor', () => {
it('should create a new instance', () => {
const EmailClient = require('../../../../services/email/core/EmailClient');
describe("constructor", () => {
it("should create a new instance", () => {
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
expect(client).toBeDefined();
@@ -36,8 +36,8 @@ describe('EmailClient', () => {
expect(client.initialized).toBe(false);
});
it('should return existing instance (singleton pattern)', () => {
const EmailClient = require('../../../../services/email/core/EmailClient');
it("should return existing instance (singleton pattern)", () => {
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client1 = new EmailClient();
const client2 = new EmailClient();
@@ -45,21 +45,21 @@ describe('EmailClient', () => {
});
});
describe('initialize', () => {
it('should initialize SES client with AWS config', async () => {
const EmailClient = require('../../../../services/email/core/EmailClient');
describe("initialize", () => {
it("should initialize SES client with AWS config", async () => {
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
await client.initialize();
expect(getAWSConfig).toHaveBeenCalled();
expect(SESClient).toHaveBeenCalledWith({ region: 'us-east-1' });
expect(SESClient).toHaveBeenCalledWith({ region: "us-east-1" });
expect(client.initialized).toBe(true);
});
it('should not re-initialize if already initialized', async () => {
const EmailClient = require('../../../../services/email/core/EmailClient');
it("should not re-initialize if already initialized", async () => {
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
@@ -69,8 +69,8 @@ describe('EmailClient', () => {
expect(SESClient).toHaveBeenCalledTimes(1);
});
it('should wait for existing initialization if in progress', async () => {
const EmailClient = require('../../../../services/email/core/EmailClient');
it("should wait for existing initialization if in progress", async () => {
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
@@ -83,28 +83,28 @@ describe('EmailClient', () => {
expect(SESClient).toHaveBeenCalledTimes(1);
});
it('should throw error if AWS config fails', async () => {
it("should throw error if AWS config fails", async () => {
getAWSConfig.mockImplementationOnce(() => {
throw new Error('AWS config error');
throw new Error("AWS config error");
});
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
await expect(client.initialize()).rejects.toThrow('AWS config error');
await expect(client.initialize()).rejects.toThrow("AWS config error");
});
});
describe('sendEmail', () => {
describe("sendEmail", () => {
const originalEnv = process.env;
beforeEach(() => {
process.env = {
...originalEnv,
EMAIL_ENABLED: 'true',
SES_FROM_EMAIL: 'noreply@villageshare.app',
SES_FROM_NAME: 'Village Share',
EMAIL_ENABLED: "true",
SES_FROM_EMAIL: "noreply@email.com",
SES_FROM_NAME: "Village Share",
};
});
@@ -112,114 +112,114 @@ describe('EmailClient', () => {
process.env = originalEnv;
});
it('should return early if EMAIL_ENABLED is not true', async () => {
process.env.EMAIL_ENABLED = 'false';
it("should return early if EMAIL_ENABLED is not true", async () => {
process.env.EMAIL_ENABLED = "false";
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
const result = await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello</p>'
"test@example.com",
"Test Subject",
"<p>Hello</p>",
);
expect(result).toEqual({ success: true, messageId: 'disabled' });
expect(result).toEqual({ success: true, messageId: "disabled" });
});
it('should return early if EMAIL_ENABLED is not set', async () => {
it("should return early if EMAIL_ENABLED is not set", async () => {
delete process.env.EMAIL_ENABLED;
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
const result = await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello</p>'
"test@example.com",
"Test Subject",
"<p>Hello</p>",
);
expect(result).toEqual({ success: true, messageId: 'disabled' });
expect(result).toEqual({ success: true, messageId: "disabled" });
});
it('should send email with correct parameters', async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: 'msg-123' });
it("should send email with correct parameters", async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: "msg-123" });
SESClient.mockImplementation(() => ({ send: mockSend }));
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
const result = await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello World</p>'
"test@example.com",
"Test Subject",
"<p>Hello World</p>",
);
expect(SendEmailCommand).toHaveBeenCalledWith({
Source: 'Village Share <noreply@villageshare.app>',
Source: "Village Share <noreply@villageshare.app>",
Destination: {
ToAddresses: ['test@example.com'],
ToAddresses: ["test@example.com"],
},
Message: {
Subject: {
Data: 'Test Subject',
Charset: 'UTF-8',
Data: "Test Subject",
Charset: "UTF-8",
},
Body: {
Html: {
Data: '<p>Hello World</p>',
Charset: 'UTF-8',
Data: "<p>Hello World</p>",
Charset: "UTF-8",
},
Text: {
Data: expect.any(String),
Charset: 'UTF-8',
Charset: "UTF-8",
},
},
},
});
expect(result).toEqual({ success: true, messageId: 'msg-123' });
expect(result).toEqual({ success: true, messageId: "msg-123" });
});
it('should send to multiple recipients', async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: 'msg-456' });
it("should send to multiple recipients", async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: "msg-456" });
SESClient.mockImplementation(() => ({ send: mockSend }));
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
await client.sendEmail(
['user1@example.com', 'user2@example.com'],
'Test Subject',
'<p>Hello</p>'
["user1@example.com", "user2@example.com"],
"Test Subject",
"<p>Hello</p>",
);
expect(SendEmailCommand).toHaveBeenCalledWith(
expect.objectContaining({
Destination: {
ToAddresses: ['user1@example.com', 'user2@example.com'],
ToAddresses: ["user1@example.com", "user2@example.com"],
},
})
}),
);
});
it('should use provided text content', async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: 'msg-789' });
it("should use provided text content", async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: "msg-789" });
SESClient.mockImplementation(() => ({ send: mockSend }));
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello</p>',
'Custom plain text'
"test@example.com",
"Test Subject",
"<p>Hello</p>",
"Custom plain text",
);
expect(SendEmailCommand).toHaveBeenCalledWith(
@@ -227,68 +227,70 @@ describe('EmailClient', () => {
Message: expect.objectContaining({
Body: expect.objectContaining({
Text: {
Data: 'Custom plain text',
Charset: 'UTF-8',
Data: "Custom plain text",
Charset: "UTF-8",
},
}),
}),
})
}),
);
});
it('should add reply-to address if configured', async () => {
process.env.SES_REPLY_TO_EMAIL = 'support@villageshare.app';
const mockSend = jest.fn().mockResolvedValue({ MessageId: 'msg-000' });
it("should add reply-to address if configured", async () => {
process.env.SES_REPLY_TO_EMAIL = "support@email.com";
const mockSend = jest.fn().mockResolvedValue({ MessageId: "msg-000" });
SESClient.mockImplementation(() => ({ send: mockSend }));
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello</p>'
"test@example.com",
"Test Subject",
"<p>Hello</p>",
);
expect(SendEmailCommand).toHaveBeenCalledWith(
expect.objectContaining({
ReplyToAddresses: ['support@villageshare.app'],
})
ReplyToAddresses: ["support@villageshare.app"],
}),
);
});
it('should return error if send fails', async () => {
const mockSend = jest.fn().mockRejectedValue(new Error('SES send failed'));
it("should return error if send fails", async () => {
const mockSend = jest
.fn()
.mockRejectedValue(new Error("SES send failed"));
SESClient.mockImplementation(() => ({ send: mockSend }));
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
const result = await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello</p>'
"test@example.com",
"Test Subject",
"<p>Hello</p>",
);
expect(result).toEqual({ success: false, error: 'SES send failed' });
expect(result).toEqual({ success: false, error: "SES send failed" });
});
it('should auto-initialize if not initialized', async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: 'msg-auto' });
it("should auto-initialize if not initialized", async () => {
const mockSend = jest.fn().mockResolvedValue({ MessageId: "msg-auto" });
SESClient.mockImplementation(() => ({ send: mockSend }));
const EmailClient = require('../../../../services/email/core/EmailClient');
const EmailClient = require("../../../../services/email/core/EmailClient");
EmailClient.instance = null;
const client = new EmailClient();
expect(client.initialized).toBe(false);
await client.sendEmail(
'test@example.com',
'Test Subject',
'<p>Hello</p>'
"test@example.com",
"Test Subject",
"<p>Hello</p>",
);
expect(client.initialized).toBe(true);

168
backend/tests/unit/services/email/domain/FeedbackEmailService.test.js
View File

@@ -1,27 +1,32 @@
// Mock dependencies
jest.mock('../../../../../services/email/core/EmailClient', () => {
jest.mock("../../../../../services/email/core/EmailClient", () => {
return jest.fn().mockImplementation(() => ({
initialize: jest.fn().mockResolvedValue(),
sendEmail: jest.fn().mockResolvedValue({ success: true, messageId: 'msg-123' }),
sendEmail: jest
.fn()
.mockResolvedValue({ success: true, messageId: "msg-123" }),
}));
});
jest.mock('../../../../../services/email/core/TemplateManager', () => {
jest.mock("../../../../../services/email/core/TemplateManager", () => {
return jest.fn().mockImplementation(() => ({
initialize: jest.fn().mockResolvedValue(),
renderTemplate: jest.fn().mockResolvedValue('<html>Test</html>'),
renderTemplate: jest.fn().mockResolvedValue("<html>Test</html>"),
}));
});
const FeedbackEmailService = require('../../../../../services/email/domain/FeedbackEmailService');
const FeedbackEmailService = require("../../../../../services/email/domain/FeedbackEmailService");
describe('FeedbackEmailService', () => {
describe("FeedbackEmailService", () => {
let service;
const originalEnv = process.env;
beforeEach(() => {
jest.clearAllMocks();
process.env = { ...originalEnv, FEEDBACK_EMAIL: 'feedback@example.com' };
process.env = {
...originalEnv,
CUSTOMER_SUPPORT_EMAIL: "feedback@example.com",
};
service = new FeedbackEmailService();
});
@@ -29,8 +34,8 @@ describe('FeedbackEmailService', () => {
process.env = originalEnv;
});
describe('initialize', () => {
it('should initialize only once', async () => {
describe("initialize", () => {
it("should initialize only once", async () => {
await service.initialize();
await service.initialize();
@@ -39,11 +44,11 @@ describe('FeedbackEmailService', () => {
});
});
describe('sendFeedbackConfirmation', () => {
it('should send feedback confirmation to user', async () => {
const user = { firstName: 'John', email: 'john@example.com' };
describe("sendFeedbackConfirmation", () => {
it("should send feedback confirmation to user", async () => {
const user = { firstName: "John", email: "john@example.com" };
const feedback = {
feedbackText: 'Great app!',
feedbackText: "Great app!",
createdAt: new Date(),
};
@@ -51,115 +56,122 @@ describe('FeedbackEmailService', () => {
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'feedbackConfirmationToUser',
"feedbackConfirmationToUser",
expect.objectContaining({
userName: 'John',
userEmail: 'john@example.com',
feedbackText: 'Great app!',
})
userName: "John",
userEmail: "john@example.com",
feedbackText: "Great app!",
}),
);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'john@example.com',
'Thank You for Your Feedback - Village Share',
expect.any(String)
"john@example.com",
"Thank You for Your Feedback - Village Share",
expect.any(String),
);
});
it('should use default name when firstName is missing', async () => {
const user = { email: 'john@example.com' };
it("should use default name when firstName is missing", async () => {
const user = { email: "john@example.com" };
const feedback = {
feedbackText: 'Great app!',
feedbackText: "Great app!",
createdAt: new Date(),
};
await service.sendFeedbackConfirmation(user, feedback);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'feedbackConfirmationToUser',
expect.objectContaining({ userName: 'there' })
"feedbackConfirmationToUser",
expect.objectContaining({ userName: "there" }),
);
});
});
describe('sendFeedbackNotificationToAdmin', () => {
it('should send feedback notification to admin', async () => {
describe("sendFeedbackNotificationToAdmin", () => {
it("should send feedback notification to admin", async () => {
const user = {
id: 'user-123',
firstName: 'John',
lastName: 'Doe',
email: 'john@example.com',
id: "user-123",
firstName: "John",
lastName: "Doe",
email: "john@example.com",
};
const feedback = {
id: 'feedback-123',
feedbackText: 'Great app!',
url: 'https://example.com/page',
userAgent: 'Mozilla/5.0',
id: "feedback-123",
feedbackText: "Great app!",
url: "https://example.com/page",
userAgent: "Mozilla/5.0",
createdAt: new Date(),
};
const result = await service.sendFeedbackNotificationToAdmin(user, feedback);
const result = await service.sendFeedbackNotificationToAdmin(
user,
feedback,
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'feedbackNotificationToAdmin',
"feedbackNotificationToAdmin",
expect.objectContaining({
userName: 'John Doe',
userEmail: 'john@example.com',
userId: 'user-123',
feedbackText: 'Great app!',
feedbackId: 'feedback-123',
url: 'https://example.com/page',
userAgent: 'Mozilla/5.0',
})
userName: "John Doe",
userEmail: "john@example.com",
userId: "user-123",
feedbackText: "Great app!",
feedbackId: "feedback-123",
url: "https://example.com/page",
userAgent: "Mozilla/5.0",
}),
);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'feedback@example.com',
'New Feedback from John Doe',
expect.any(String)
"feedback@example.com",
"New Feedback from John Doe",
expect.any(String),
);
});
it('should return error when no admin email configured', async () => {
delete process.env.FEEDBACK_EMAIL;
it("should return error when no admin email configured", async () => {
delete process.env.CUSTOMER_SUPPORT_EMAIL;
const user = { id: 'user-123', firstName: 'John', lastName: 'Doe', email: 'john@example.com' };
const feedback = { id: 'feedback-123', feedbackText: 'Test', createdAt: new Date() };
const user = {
id: "user-123",
firstName: "John",
lastName: "Doe",
email: "john@example.com",
};
const feedback = {
id: "feedback-123",
feedbackText: "Test",
createdAt: new Date(),
};
const result = await service.sendFeedbackNotificationToAdmin(user, feedback);
const result = await service.sendFeedbackNotificationToAdmin(
user,
feedback,
);
expect(result.success).toBe(false);
expect(result.error).toContain('No admin email configured');
expect(result.error).toContain("No admin email configured");
});
it('should use CUSTOMER_SUPPORT_EMAIL when FEEDBACK_EMAIL not set', async () => {
delete process.env.FEEDBACK_EMAIL;
process.env.CUSTOMER_SUPPORT_EMAIL = 'support@example.com';
const user = { id: 'user-123', firstName: 'John', lastName: 'Doe', email: 'john@example.com' };
const feedback = { id: 'feedback-123', feedbackText: 'Test', createdAt: new Date() };
await service.sendFeedbackNotificationToAdmin(user, feedback);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'support@example.com',
expect.any(String),
expect.any(String)
);
});
it('should use default values for optional fields', async () => {
const user = { id: 'user-123', firstName: 'John', lastName: 'Doe', email: 'john@example.com' };
const feedback = { id: 'feedback-123', feedbackText: 'Test', createdAt: new Date() };
it("should use default values for optional fields", async () => {
const user = {
id: "user-123",
firstName: "John",
lastName: "Doe",
email: "john@example.com",
};
const feedback = {
id: "feedback-123",
feedbackText: "Test",
createdAt: new Date(),
};
await service.sendFeedbackNotificationToAdmin(user, feedback);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'feedbackNotificationToAdmin',
"feedbackNotificationToAdmin",
expect.objectContaining({
url: 'Not provided',
userAgent: 'Not provided',
})
url: "Not provided",
userAgent: "Not provided",
}),
);
});
});

268
backend/tests/unit/services/email/domain/PaymentEmailService.test.js
View File

@@ -1,27 +1,29 @@
// Mock dependencies
jest.mock('../../../../../services/email/core/EmailClient', () => {
jest.mock("../../../../../services/email/core/EmailClient", () => {
return jest.fn().mockImplementation(() => ({
initialize: jest.fn().mockResolvedValue(),
sendEmail: jest.fn().mockResolvedValue({ success: true, messageId: 'msg-123' }),
sendEmail: jest
.fn()
.mockResolvedValue({ success: true, messageId: "msg-123" }),
}));
});
jest.mock('../../../../../services/email/core/TemplateManager', () => {
jest.mock("../../../../../services/email/core/TemplateManager", () => {
return jest.fn().mockImplementation(() => ({
initialize: jest.fn().mockResolvedValue(),
renderTemplate: jest.fn().mockResolvedValue('<html>Test</html>'),
renderTemplate: jest.fn().mockResolvedValue("<html>Test</html>"),
}));
});
jest.mock('../../../../../utils/logger', () => ({
jest.mock("../../../../../utils/logger", () => ({
info: jest.fn(),
error: jest.fn(),
warn: jest.fn(),
}));
const PaymentEmailService = require('../../../../../services/email/domain/PaymentEmailService');
const PaymentEmailService = require("../../../../../services/email/domain/PaymentEmailService");
describe('PaymentEmailService', () => {
describe("PaymentEmailService", () => {
let service;
const originalEnv = process.env;
@@ -29,8 +31,8 @@ describe('PaymentEmailService', () => {
jest.clearAllMocks();
process.env = {
...originalEnv,
FRONTEND_URL: 'http://localhost:3000',
ADMIN_EMAIL: 'admin@example.com',
FRONTEND_URL: "http://localhost:3000",
CUSTOMER_SUPPORT_EMAIL: "admin@example.com",
};
service = new PaymentEmailService();
});
@@ -39,8 +41,8 @@ describe('PaymentEmailService', () => {
process.env = originalEnv;
});
describe('initialize', () => {
it('should initialize only once', async () => {
describe("initialize", () => {
it("should initialize only once", async () => {
await service.initialize();
await service.initialize();
@@ -48,196 +50,222 @@ describe('PaymentEmailService', () => {
});
});
describe('sendPaymentDeclinedNotification', () => {
it('should send payment declined notification to renter', async () => {
const result = await service.sendPaymentDeclinedNotification('renter@example.com', {
renterFirstName: 'John',
itemName: 'Test Item',
declineReason: 'Card declined',
updatePaymentUrl: 'http://localhost:3000/update-payment',
});
describe("sendPaymentDeclinedNotification", () => {
it("should send payment declined notification to renter", async () => {
const result = await service.sendPaymentDeclinedNotification(
"renter@example.com",
{
renterFirstName: "John",
itemName: "Test Item",
declineReason: "Card declined",
updatePaymentUrl: "http://localhost:3000/update-payment",
},
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'paymentDeclinedToRenter',
"paymentDeclinedToRenter",
expect.objectContaining({
renterFirstName: 'John',
itemName: 'Test Item',
declineReason: 'Card declined',
})
renterFirstName: "John",
itemName: "Test Item",
declineReason: "Card declined",
}),
);
});
it('should use default values for missing params', async () => {
await service.sendPaymentDeclinedNotification('renter@example.com', {});
it("should use default values for missing params", async () => {
await service.sendPaymentDeclinedNotification("renter@example.com", {});
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'paymentDeclinedToRenter',
"paymentDeclinedToRenter",
expect.objectContaining({
renterFirstName: 'there',
itemName: 'the item',
})
renterFirstName: "there",
itemName: "the item",
}),
);
});
it('should handle errors gracefully', async () => {
service.templateManager.renderTemplate.mockRejectedValue(new Error('Template error'));
it("should handle errors gracefully", async () => {
service.templateManager.renderTemplate.mockRejectedValue(
new Error("Template error"),
);
const result = await service.sendPaymentDeclinedNotification('test@example.com', {});
const result = await service.sendPaymentDeclinedNotification(
"test@example.com",
{},
);
expect(result.success).toBe(false);
expect(result.error).toContain('Template error');
expect(result.error).toContain("Template error");
});
});
describe('sendPaymentMethodUpdatedNotification', () => {
it('should send payment method updated notification to owner', async () => {
const result = await service.sendPaymentMethodUpdatedNotification('owner@example.com', {
ownerFirstName: 'Jane',
itemName: 'Test Item',
approvalUrl: 'http://localhost:3000/approve',
});
describe("sendPaymentMethodUpdatedNotification", () => {
it("should send payment method updated notification to owner", async () => {
const result = await service.sendPaymentMethodUpdatedNotification(
"owner@example.com",
{
ownerFirstName: "Jane",
itemName: "Test Item",
approvalUrl: "http://localhost:3000/approve",
},
);
expect(result.success).toBe(true);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'owner@example.com',
'Payment Method Updated - Test Item',
expect.any(String)
"owner@example.com",
"Payment Method Updated - Test Item",
expect.any(String),
);
});
});
describe('sendPayoutFailedNotification', () => {
it('should send payout failed notification to owner', async () => {
const result = await service.sendPayoutFailedNotification('owner@example.com', {
ownerName: 'John',
payoutAmount: 50.00,
failureMessage: 'Bank account closed',
actionRequired: 'Please update your bank account',
failureCode: 'account_closed',
requiresBankUpdate: true,
});
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'payoutFailedToOwner',
expect.objectContaining({
ownerName: 'John',
payoutAmount: '50.00',
failureCode: 'account_closed',
describe("sendPayoutFailedNotification", () => {
it("should send payout failed notification to owner", async () => {
const result = await service.sendPayoutFailedNotification(
"owner@example.com",
{
ownerName: "John",
payoutAmount: 50.0,
failureMessage: "Bank account closed",
actionRequired: "Please update your bank account",
failureCode: "account_closed",
requiresBankUpdate: true,
})
},
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
"payoutFailedToOwner",
expect.objectContaining({
ownerName: "John",
payoutAmount: "50.00",
failureCode: "account_closed",
requiresBankUpdate: true,
}),
);
});
});
describe('sendAccountDisconnectedEmail', () => {
it('should send account disconnected notification', async () => {
const result = await service.sendAccountDisconnectedEmail('owner@example.com', {
ownerName: 'John',
hasPendingPayouts: true,
pendingPayoutCount: 3,
});
describe("sendAccountDisconnectedEmail", () => {
it("should send account disconnected notification", async () => {
const result = await service.sendAccountDisconnectedEmail(
"owner@example.com",
{
ownerName: "John",
hasPendingPayouts: true,
pendingPayoutCount: 3,
},
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'accountDisconnectedToOwner',
"accountDisconnectedToOwner",
expect.objectContaining({
hasPendingPayouts: true,
pendingPayoutCount: 3,
})
}),
);
});
it('should use default values for missing params', async () => {
await service.sendAccountDisconnectedEmail('owner@example.com', {});
it("should use default values for missing params", async () => {
await service.sendAccountDisconnectedEmail("owner@example.com", {});
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'accountDisconnectedToOwner',
"accountDisconnectedToOwner",
expect.objectContaining({
ownerName: 'there',
ownerName: "there",
hasPendingPayouts: false,
pendingPayoutCount: 0,
})
}),
);
});
});
describe('sendPayoutsDisabledEmail', () => {
it('should send payouts disabled notification', async () => {
const result = await service.sendPayoutsDisabledEmail('owner@example.com', {
ownerName: 'John',
disabledReason: 'Verification required',
});
describe("sendPayoutsDisabledEmail", () => {
it("should send payouts disabled notification", async () => {
const result = await service.sendPayoutsDisabledEmail(
"owner@example.com",
{
ownerName: "John",
disabledReason: "Verification required",
},
);
expect(result.success).toBe(true);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'owner@example.com',
'Action Required: Your payouts have been paused - Village Share',
expect.any(String)
"owner@example.com",
"Action Required: Your payouts have been paused - Village Share",
expect.any(String),
);
});
});
describe('sendDisputeAlertEmail', () => {
it('should send dispute alert to admin', async () => {
describe("sendDisputeAlertEmail", () => {
it("should send dispute alert to admin", async () => {
const result = await service.sendDisputeAlertEmail({
rentalId: 'rental-123',
amount: 50.00,
reason: 'fraudulent',
rentalId: "rental-123",
amount: 50.0,
reason: "fraudulent",
evidenceDueBy: new Date(),
renterName: 'Renter Name',
renterEmail: 'renter@example.com',
ownerName: 'Owner Name',
ownerEmail: 'owner@example.com',
itemName: 'Test Item',
renterName: "Renter Name",
renterEmail: "renter@example.com",
ownerName: "Owner Name",
ownerEmail: "owner@example.com",
itemName: "Test Item",
});
expect(result.success).toBe(true);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'admin@example.com',
'URGENT: Payment Dispute - Rental #rental-123',
expect.any(String)
"admin@example.com",
"URGENT: Payment Dispute - Rental #rental-123",
expect.any(String),
);
});
});
describe('sendDisputeLostAlertEmail', () => {
it('should send dispute lost alert to admin', async () => {
describe("sendDisputeLostAlertEmail", () => {
it("should send dispute lost alert to admin", async () => {
const result = await service.sendDisputeLostAlertEmail({
rentalId: 'rental-123',
amount: 50.00,
ownerPayoutAmount: 45.00,
ownerName: 'Owner Name',
ownerEmail: 'owner@example.com',
rentalId: "rental-123",
amount: 50.0,
ownerPayoutAmount: 45.0,
ownerName: "Owner Name",
ownerEmail: "owner@example.com",
});
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'disputeLostAlertToAdmin',
"disputeLostAlertToAdmin",
expect.objectContaining({
rentalId: 'rental-123',
amount: '50.00',
ownerPayoutAmount: '45.00',
})
rentalId: "rental-123",
amount: "50.00",
ownerPayoutAmount: "45.00",
}),
);
});
});
describe('formatDisputeReason', () => {
it('should format known dispute reasons', () => {
expect(service.formatDisputeReason('fraudulent')).toBe('Fraudulent transaction');
expect(service.formatDisputeReason('product_not_received')).toBe('Product not received');
expect(service.formatDisputeReason('duplicate')).toBe('Duplicate charge');
describe("formatDisputeReason", () => {
it("should format known dispute reasons", () => {
expect(service.formatDisputeReason("fraudulent")).toBe(
"Fraudulent transaction",
);
expect(service.formatDisputeReason("product_not_received")).toBe(
"Product not received",
);
expect(service.formatDisputeReason("duplicate")).toBe("Duplicate charge");
});
it('should return original reason for unknown reasons', () => {
expect(service.formatDisputeReason('unknown_reason')).toBe('unknown_reason');
it("should return original reason for unknown reasons", () => {
expect(service.formatDisputeReason("unknown_reason")).toBe(
"unknown_reason",
);
});
it('should return "Unknown reason" for null/undefined', () => {
expect(service.formatDisputeReason(null)).toBe('Unknown reason');
expect(service.formatDisputeReason(undefined)).toBe('Unknown reason');
expect(service.formatDisputeReason(null)).toBe("Unknown reason");
expect(service.formatDisputeReason(undefined)).toBe("Unknown reason");
});
});
});

188
backend/tests/unit/services/email/domain/UserEngagementEmailService.test.js
View File

@@ -1,27 +1,29 @@
// Mock dependencies
jest.mock('../../../../../services/email/core/EmailClient', () => {
jest.mock("../../../../../services/email/core/EmailClient", () => {
return jest.fn().mockImplementation(() => ({
initialize: jest.fn().mockResolvedValue(),
sendEmail: jest.fn().mockResolvedValue({ success: true, messageId: 'msg-123' }),
sendEmail: jest
.fn()
.mockResolvedValue({ success: true, messageId: "msg-123" }),
}));
});
jest.mock('../../../../../services/email/core/TemplateManager', () => {
jest.mock("../../../../../services/email/core/TemplateManager", () => {
return jest.fn().mockImplementation(() => ({
initialize: jest.fn().mockResolvedValue(),
renderTemplate: jest.fn().mockResolvedValue('<html>Test</html>'),
renderTemplate: jest.fn().mockResolvedValue("<html>Test</html>"),
}));
});
jest.mock('../../../../../utils/logger', () => ({
jest.mock("../../../../../utils/logger", () => ({
info: jest.fn(),
error: jest.fn(),
warn: jest.fn(),
}));
const UserEngagementEmailService = require('../../../../../services/email/domain/UserEngagementEmailService');
const UserEngagementEmailService = require("../../../../../services/email/domain/UserEngagementEmailService");
describe('UserEngagementEmailService', () => {
describe("UserEngagementEmailService", () => {
let service;
const originalEnv = process.env;
@@ -29,8 +31,8 @@ describe('UserEngagementEmailService', () => {
jest.clearAllMocks();
process.env = {
...originalEnv,
FRONTEND_URL: 'http://localhost:3000',
SUPPORT_EMAIL: 'support@villageshare.com',
FRONTEND_URL: "http://localhost:3000",
CUSTOMER_SUPPORT_EMAIL: "support@email.com",
};
service = new UserEngagementEmailService();
});
@@ -39,8 +41,8 @@ describe('UserEngagementEmailService', () => {
process.env = originalEnv;
});
describe('initialize', () => {
it('should initialize only once', async () => {
describe("initialize", () => {
it("should initialize only once", async () => {
await service.initialize();
await service.initialize();
@@ -49,148 +51,176 @@ describe('UserEngagementEmailService', () => {
});
});
describe('sendFirstListingCelebrationEmail', () => {
const owner = { firstName: 'John', email: 'john@example.com' };
const item = { id: 123, name: 'Power Drill' };
describe("sendFirstListingCelebrationEmail", () => {
const owner = { firstName: "John", email: "john@example.com" };
const item = { id: 123, name: "Power Drill" };
it('should send first listing celebration email with correct variables', async () => {
const result = await service.sendFirstListingCelebrationEmail(owner, item);
it("should send first listing celebration email with correct variables", async () => {
const result = await service.sendFirstListingCelebrationEmail(
owner,
item,
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'firstListingCelebrationToOwner',
"firstListingCelebrationToOwner",
expect.objectContaining({
ownerName: 'John',
itemName: 'Power Drill',
ownerName: "John",
itemName: "Power Drill",
itemId: 123,
viewItemUrl: 'http://localhost:3000/items/123',
})
viewItemUrl: "http://localhost:3000/items/123",
}),
);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'john@example.com',
'Congratulations! Your first item is live on Village Share',
expect.any(String)
"john@example.com",
"Congratulations! Your first item is live on Village Share",
expect.any(String),
);
});
it('should use default name when firstName is missing', async () => {
const ownerNoName = { email: 'john@example.com' };
it("should use default name when firstName is missing", async () => {
const ownerNoName = { email: "john@example.com" };
await service.sendFirstListingCelebrationEmail(ownerNoName, item);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'firstListingCelebrationToOwner',
expect.objectContaining({ ownerName: 'there' })
"firstListingCelebrationToOwner",
expect.objectContaining({ ownerName: "there" }),
);
});
it('should handle errors gracefully', async () => {
service.templateManager.renderTemplate.mockRejectedValueOnce(new Error('Template error'));
it("should handle errors gracefully", async () => {
service.templateManager.renderTemplate.mockRejectedValueOnce(
new Error("Template error"),
);
const result = await service.sendFirstListingCelebrationEmail(owner, item);
const result = await service.sendFirstListingCelebrationEmail(
owner,
item,
);
expect(result.success).toBe(false);
expect(result.error).toBe('Template error');
expect(result.error).toBe("Template error");
});
});
describe('sendItemDeletionNotificationToOwner', () => {
const owner = { firstName: 'John', email: 'john@example.com' };
const item = { id: 123, name: 'Power Drill' };
const deletionReason = 'Violated community guidelines';
describe("sendItemDeletionNotificationToOwner", () => {
const owner = { firstName: "John", email: "john@example.com" };
const item = { id: 123, name: "Power Drill" };
const deletionReason = "Violated community guidelines";
it('should send item deletion notification with correct variables', async () => {
it("should send item deletion notification with correct variables", async () => {
const result = await service.sendItemDeletionNotificationToOwner(
owner,
item,
deletionReason
deletionReason,
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'itemDeletionToOwner',
"itemDeletionToOwner",
expect.objectContaining({
ownerName: 'John',
itemName: 'Power Drill',
deletionReason: 'Violated community guidelines',
supportEmail: 'support@villageshare.com',
dashboardUrl: 'http://localhost:3000/owning',
})
ownerName: "John",
itemName: "Power Drill",
deletionReason: "Violated community guidelines",
supportEmail: "support@villageshare.com",
dashboardUrl: "http://localhost:3000/owning",
}),
);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'john@example.com',
"john@example.com",
'Important: Your listing "Power Drill" has been removed',
expect.any(String)
expect.any(String),
);
});
it('should use default name when firstName is missing', async () => {
const ownerNoName = { email: 'john@example.com' };
it("should use default name when firstName is missing", async () => {
const ownerNoName = { email: "john@example.com" };
await service.sendItemDeletionNotificationToOwner(ownerNoName, item, deletionReason);
await service.sendItemDeletionNotificationToOwner(
ownerNoName,
item,
deletionReason,
);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'itemDeletionToOwner',
expect.objectContaining({ ownerName: 'there' })
"itemDeletionToOwner",
expect.objectContaining({ ownerName: "there" }),
);
});
it('should handle errors gracefully', async () => {
service.emailClient.sendEmail.mockRejectedValueOnce(new Error('Send error'));
it("should handle errors gracefully", async () => {
service.emailClient.sendEmail.mockRejectedValueOnce(
new Error("Send error"),
);
const result = await service.sendItemDeletionNotificationToOwner(
owner,
item,
deletionReason
deletionReason,
);
expect(result.success).toBe(false);
expect(result.error).toBe('Send error');
expect(result.error).toBe("Send error");
});
});
describe('sendUserBannedNotification', () => {
const bannedUser = { firstName: 'John', email: 'john@example.com' };
const admin = { firstName: 'Admin', lastName: 'User' };
const banReason = 'Multiple policy violations';
describe("sendUserBannedNotification", () => {
const bannedUser = { firstName: "John", email: "john@example.com" };
const admin = { firstName: "Admin", lastName: "User" };
const banReason = "Multiple policy violations";
it('should send user banned notification with correct variables', async () => {
const result = await service.sendUserBannedNotification(bannedUser, admin, banReason);
it("should send user banned notification with correct variables", async () => {
const result = await service.sendUserBannedNotification(
bannedUser,
admin,
banReason,
);
expect(result.success).toBe(true);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'userBannedNotification',
"userBannedNotification",
expect.objectContaining({
userName: 'John',
banReason: 'Multiple policy violations',
supportEmail: 'support@villageshare.com',
})
userName: "John",
banReason: "Multiple policy violations",
supportEmail: "support@villageshare.com",
}),
);
expect(service.emailClient.sendEmail).toHaveBeenCalledWith(
'john@example.com',
'Important: Your Village Share Account Has Been Suspended',
expect.any(String)
"john@example.com",
"Important: Your Village Share Account Has Been Suspended",
expect.any(String),
);
});
it('should use default name when firstName is missing', async () => {
const bannedUserNoName = { email: 'john@example.com' };
it("should use default name when firstName is missing", async () => {
const bannedUserNoName = { email: "john@example.com" };
await service.sendUserBannedNotification(bannedUserNoName, admin, banReason);
await service.sendUserBannedNotification(
bannedUserNoName,
admin,
banReason,
);
expect(service.templateManager.renderTemplate).toHaveBeenCalledWith(
'userBannedNotification',
expect.objectContaining({ userName: 'there' })
"userBannedNotification",
expect.objectContaining({ userName: "there" }),
);
});
it('should handle errors gracefully', async () => {
service.templateManager.renderTemplate.mockRejectedValueOnce(new Error('Template error'));
it("should handle errors gracefully", async () => {
service.templateManager.renderTemplate.mockRejectedValueOnce(
new Error("Template error"),
);
const result = await service.sendUserBannedNotification(bannedUser, admin, banReason);
const result = await service.sendUserBannedNotification(
bannedUser,
admin,
banReason,
);
expect(result.success).toBe(false);
expect(result.error).toBe('Template error');
expect(result.error).toBe("Template error");
});
});
});