msw: Implement relevant Trusted Publishing endpoints

packages/crates-io-msw/handlers/trustpub.js

@@ -0,0 +1,3 @@
+import gitHubConfigs from './trustpub/github-configs.js';
+
+export default [...gitHubConfigs];

packages/crates-io-msw/handlers/trustpub/github-configs.js

@@ -0,0 +1,5 @@
+import createGitHubConfig from './github-configs/create.js';
+import deleteGitHubConfig from './github-configs/delete.js';
+import listGitHubConfigs from './github-configs/list.js';
+
+export default [listGitHubConfigs, createGitHubConfig, deleteGitHubConfig];

packages/crates-io-msw/handlers/trustpub/github-configs/create.js

@@ -0,0 +1,60 @@
+import { http, HttpResponse } from 'msw';
+
+import { db } from '../../../index.js';
+import { serializeGitHubConfig } from '../../../serializers/trustpub/github-config.js';
+import { notFound } from '../../../utils/handlers.js';
+import { getSession } from '../../../utils/session.js';
+
+export default http.post('/api/v1/trusted_publishing/github_configs', async ({ request }) => {
+  let { user } = getSession();
+  if (!user) {
+    return HttpResponse.json({ errors: [{ detail: 'must be logged in to perform that action' }] }, { status: 403 });
+  }
+
+  let body = await request.json();
+
+  let { github_config } = body;
+  if (!github_config) {
+    return HttpResponse.json({ errors: [{ detail: 'invalid request body' }] }, { status: 400 });
+  }
+
+  let { crate: crateName, repository_owner, repository_name, workflow_filename, environment } = github_config;
+  if (!crateName || !repository_owner || !repository_name || !workflow_filename) {
+    return HttpResponse.json({ errors: [{ detail: 'missing required fields' }] }, { status: 400 });
+  }
+
+  let crate = db.crate.findFirst({ where: { name: { equals: crateName } } });
+  if (!crate) return notFound();
+
+  // Check if the user is an owner of the crate
+  let isOwner = db.crateOwnership.findFirst({
+    where: {
+      crate: { id: { equals: crate.id } },
+      user: { id: { equals: user.id } },
+    },
+  });
+  if (!isOwner) {
+    return HttpResponse.json({ errors: [{ detail: 'You are not an owner of this crate' }] }, { status: 400 });
+  }
+
+  // Check if the user has a verified email
+  let hasVerifiedEmail = user.emailVerified;
+  if (!hasVerifiedEmail) {
+    let detail = 'You must verify your email address to create a Trusted Publishing config';
+    return HttpResponse.json({ errors: [{ detail }] }, { status: 403 });
+  }
+
+  // Create a new GitHub config
+  let config = db.trustpubGithubConfig.create({
+    crate,
+    repository_owner,
+    repository_name,
+    workflow_filename,
+    environment: environment ?? null,
+    created_at: new Date().toISOString(),
+  });
+
+  return HttpResponse.json({
+    github_config: serializeGitHubConfig(config),
+  });
+});

packages/crates-io-msw/handlers/trustpub/github-configs/create.test.js

@@ -0,0 +1,227 @@
+import { afterEach, assert, beforeEach, test, vi } from 'vitest';
+
+import { db } from '../../../index.js';
+
+beforeEach(() => {
+  vi.useFakeTimers();
+});
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+test('happy path', async function () {
+  vi.setSystemTime(new Date('2023-01-01T00:00:00Z'));
+
+  let crate = db.crate.create({ name: 'test-crate' });
+  db.version.create({ crate });
+
+  let user = db.user.create({ emailVerified: true });
+  db.mswSession.create({ user });
+
+  // Create crate ownership
+  db.crateOwnership.create({
+    crate,
+    user,
+  });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: crate.name,
+        repository_owner: 'rust-lang',
+        repository_name: 'crates.io',
+        workflow_filename: 'ci.yml',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 200);
+  assert.deepEqual(await response.json(), {
+    github_config: {
+      id: 1,
+      crate: crate.name,
+      repository_owner: 'rust-lang',
+      repository_owner_id: 5_430_905,
+      repository_name: 'crates.io',
+      workflow_filename: 'ci.yml',
+      environment: null,
+      created_at: '2023-01-01T00:00:00.000Z',
+    },
+  });
+});
+
+test('happy path with environment', async function () {
+  vi.setSystemTime(new Date('2023-02-01T00:00:00Z'));
+
+  let crate = db.crate.create({ name: 'test-crate-env' });
+  db.version.create({ crate });
+
+  let user = db.user.create({ emailVerified: true });
+  db.mswSession.create({ user });
+
+  // Create crate ownership
+  db.crateOwnership.create({
+    crate,
+    user,
+  });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: crate.name,
+        repository_owner: 'rust-lang',
+        repository_name: 'crates.io',
+        workflow_filename: 'ci.yml',
+        environment: 'production',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 200);
+  assert.deepEqual(await response.json(), {
+    github_config: {
+      id: 1,
+      crate: crate.name,
+      repository_owner: 'rust-lang',
+      repository_owner_id: 5_430_905,
+      repository_name: 'crates.io',
+      workflow_filename: 'ci.yml',
+      environment: 'production',
+      created_at: '2023-02-01T00:00:00.000Z',
+    },
+  });
+});
+
+test('returns 403 if unauthenticated', async function () {
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: 'test-crate',
+        repository_owner: 'rust-lang',
+        repository_name: 'crates.io',
+        workflow_filename: 'ci.yml',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 403);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'must be logged in to perform that action' }],
+  });
+});
+
+test('returns 400 if request body is invalid', async function () {
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({}),
+  });
+
+  assert.strictEqual(response.status, 400);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'invalid request body' }],
+  });
+});
+
+test('returns 400 if required fields are missing', async function () {
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: 'test-crate',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 400);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'missing required fields' }],
+  });
+});
+
+test("returns 404 if crate can't be found", async function () {
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: 'nonexistent',
+        repository_owner: 'rust-lang',
+        repository_name: 'crates.io',
+        workflow_filename: 'ci.yml',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 404);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'Not Found' }],
+  });
+});
+
+test('returns 400 if user is not an owner of the crate', async function () {
+  let crate = db.crate.create({ name: 'test-crate-not-owner' });
+  db.version.create({ crate });
+
+  let user = db.user.create();
+  db.mswSession.create({ user });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: crate.name,
+        repository_owner: 'rust-lang',
+        repository_name: 'crates.io',
+        workflow_filename: 'ci.yml',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 400);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'You are not an owner of this crate' }],
+  });
+});
+
+test('returns 403 if user email is not verified', async function () {
+  let crate = db.crate.create({ name: 'test-crate-unverified' });
+  db.version.create({ crate });
+
+  let user = db.user.create({ emailVerified: false });
+  db.mswSession.create({ user });
+
+  // Create crate ownership
+  db.crateOwnership.create({
+    crate,
+    user,
+  });
+
+  let response = await fetch('/api/v1/trusted_publishing/github_configs', {
+    method: 'POST',
+    body: JSON.stringify({
+      github_config: {
+        crate: crate.name,
+        repository_owner: 'rust-lang',
+        repository_name: 'crates.io',
+        workflow_filename: 'ci.yml',
+      },
+    }),
+  });
+
+  assert.strictEqual(response.status, 403);
+  assert.deepEqual(await response.json(), {
+    errors: [{ detail: 'You must verify your email address to create a Trusted Publishing config' }],
+  });
+});

packages/crates-io-msw/handlers/trustpub/github-configs/delete.js

@@ -0,0 +1,32 @@
+import { http, HttpResponse } from 'msw';
+
+import { db } from '../../../index.js';
+import { notFound } from '../../../utils/handlers.js';
+import { getSession } from '../../../utils/session.js';
+
+export default http.delete('/api/v1/trusted_publishing/github_configs/:id', ({ params }) => {
+  let { user } = getSession();
+  if (!user) {
+    return HttpResponse.json({ errors: [{ detail: 'must be logged in to perform that action' }] }, { status: 403 });
+  }
+
+  let id = parseInt(params.id);
+  let config = db.trustpubGithubConfig.findFirst({ where: { id: { equals: id } } });
+  if (!config) return notFound();
+
+  // Check if the user is an owner of the crate
+  let isOwner = db.crateOwnership.findFirst({
+    where: {
+      crate: { id: { equals: config.crate.id } },
+      user: { id: { equals: user.id } },
+    },
+  });
+  if (!isOwner) {
+    return HttpResponse.json({ errors: [{ detail: 'You are not an owner of this crate' }] }, { status: 400 });
+  }
+
+  // Delete the config
+  db.trustpubGithubConfig.delete({ where: { id: { equals: id } } });
+
+  return new HttpResponse(null, { status: 204 });
+});