d804a436d7
Polyfill capabilities landed for Festipod's T02 features (all generic,
zero-domain — the consumer injects the domain).
- inbox: implement the previously-stubbed namespace. post(target,{from?,
payload,ts?}) deposits {from,payload,ts} as RDF via docs.sparqlUpdate (the
real injected ng, never makeNg); read/materialize + watch emulate the curator
in-lib (deposits read via docs.sparqlQuery). `from` optional = anonymity.
- write-guard: caps.hasWritePolicy() + ng-proxy.sparql_update rejects when the
target doc is under a write policy and the current user lacks its write cap;
passthrough otherwise (no regression). Read-cap registry unchanged.
- sparql.ts (new): escapeLiteral / escapeIri / assertNuri, exported from index.
store-registry now escapes every literal and validates/encodes every IRI-
position value — closes a SPARQL-injection hole where an untrusted username
could inject triples into the shim (the account→doc-NURI trust root).
Tests: inbox, sparql (incl. injection), ng-proxy write-guard, isolation-active.
68 tests pass; tsc --noEmit rc=0.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
89 lines
2.9 KiB
TypeScript
89 lines
2.9 KiB
TypeScript
import { test, expect, mock, afterEach } from "bun:test";
|
|
import { makeNg } from "../src/ng-proxy";
|
|
import {
|
|
configure,
|
|
resetConfig,
|
|
getCaps,
|
|
resetCaps,
|
|
setCurrentUser,
|
|
} from "../src/polyfill";
|
|
|
|
// This suite injects a fake `ng` via configure() and declares write caps. Reset
|
|
// both after each test so the docs.test.ts "not configured" guard still holds
|
|
// and no cap policy leaks into another suite.
|
|
afterEach(() => {
|
|
resetConfig();
|
|
resetCaps();
|
|
setCurrentUser(null);
|
|
});
|
|
|
|
function fakeNg() {
|
|
return { sparql_update: mock(async (..._a: unknown[]) => undefined) };
|
|
}
|
|
|
|
function inject() {
|
|
const ng = fakeNg();
|
|
configure({ ng: ng as any, useShape: (() => {}) as any });
|
|
return ng;
|
|
}
|
|
|
|
const DOC = "did:ng:o:doc";
|
|
const UPDATE = `INSERT DATA { GRAPH <${DOC}> { <s> <p> <o> } }`;
|
|
|
|
test("write guard: passthrough when NO write policy is declared (no regression)", async () => {
|
|
const ng = inject();
|
|
setCurrentUser("bob"); // not a writer, but there's no policy at all
|
|
const proxy = makeNg();
|
|
await proxy.sparql_update("sid", UPDATE, DOC);
|
|
expect(ng.sparql_update).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
test("write guard: passthrough for an UNGOVERNED doc even when a policy exists elsewhere", async () => {
|
|
const ng = inject();
|
|
getCaps().open("did:ng:o:other", "private", "alice"); // policy on another doc
|
|
setCurrentUser("bob");
|
|
const proxy = makeNg();
|
|
await proxy.sparql_update("sid", UPDATE, DOC); // DOC itself is ungoverned
|
|
expect(ng.sparql_update).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
test("write guard: REJECTS when the doc is governed and the user lacks the write cap", async () => {
|
|
const ng = inject();
|
|
getCaps().open(DOC, "private", "alice"); // alice holds write cap
|
|
setCurrentUser("bob"); // bob does not
|
|
const proxy = makeNg();
|
|
await expect(proxy.sparql_update("sid", UPDATE, DOC)).rejects.toThrow(
|
|
/write denied/,
|
|
);
|
|
expect(ng.sparql_update).toHaveBeenCalledTimes(0); // never reached the real ng
|
|
});
|
|
|
|
test("write guard: REJECTS an anonymous (null) user on a governed doc", async () => {
|
|
const ng = inject();
|
|
getCaps().open(DOC, "public", "alice");
|
|
setCurrentUser(null);
|
|
const proxy = makeNg();
|
|
await expect(proxy.sparql_update("sid", UPDATE, DOC)).rejects.toThrow(
|
|
/write denied/,
|
|
);
|
|
expect(ng.sparql_update).toHaveBeenCalledTimes(0);
|
|
});
|
|
|
|
test("write guard: ALLOWS the write-cap holder", async () => {
|
|
const ng = inject();
|
|
getCaps().open(DOC, "private", "alice");
|
|
setCurrentUser("alice"); // owner always holds the write cap
|
|
const proxy = makeNg();
|
|
await proxy.sparql_update("sid", UPDATE, DOC);
|
|
expect(ng.sparql_update).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
test("write guard: passthrough when anchor is omitted (cannot scope the guard)", async () => {
|
|
const ng = inject();
|
|
getCaps().open(DOC, "private", "alice");
|
|
setCurrentUser("bob");
|
|
const proxy = makeNg();
|
|
await proxy.sparql_update("sid", "INSERT DATA {}"); // no anchor → passthrough
|
|
expect(ng.sparql_update).toHaveBeenCalledTimes(1);
|
|
});
|