pn-new-crm/tests/unit/storage/copy-and-verify.test.ts

/**
 * Unit test for the sha256 verification path in `copyAndVerify` from
 * `src/lib/storage/migrate.ts`. Uses an in-memory mock backend so we don't
 * need MinIO or the filesystem.
 *
 * §14.9a expects: any sha256 mismatch on the round-trip aborts the migration.
 */

import { Readable } from 'node:stream';

import { describe, expect, it } from 'vitest';

import { copyAndVerify } from '@/lib/storage/migrate';
import type { PresignOpts, PutOpts, StorageBackend } from '@/lib/storage';

class InMemoryBackend implements StorageBackend {
  readonly name = 's3' as const;
  readonly store = new Map<string, { body: Buffer; contentType: string }>();
  /** When set, get(key) returns this corrupted body instead of the stored one. */
  corruptOnRead: Buffer | null = null;

  async put(
    key: string,
    body: Buffer | NodeJS.ReadableStream,
    opts: PutOpts,
  ): Promise<{ key: string; sizeBytes: number; sha256: string }> {
    const buffer = Buffer.isBuffer(body) ? body : await streamToBuffer(body);
    const sha256 =
      opts.sha256 ??
      (await import('node:crypto')).createHash('sha256').update(buffer).digest('hex');
    this.store.set(key, { body: buffer, contentType: opts.contentType });
    return { key, sizeBytes: buffer.length, sha256 };
  }

  async get(key: string): Promise<NodeJS.ReadableStream> {
    if (this.corruptOnRead) return Readable.from([this.corruptOnRead]);
    const r = this.store.get(key);
    if (!r) throw new Error(`not found: ${key}`);
    return Readable.from([r.body]);
  }

  async head(key: string) {
    const r = this.store.get(key);
    if (!r) return null;
    return { sizeBytes: r.body.length, contentType: r.contentType };
  }

  async delete(key: string): Promise<void> {
    this.store.delete(key);
  }

  async listByPrefix(prefix: string): Promise<string[]> {
    return [...this.store.keys()].filter((k) => k.startsWith(prefix));
  }

  async presignUpload(_key: string, _opts: PresignOpts) {
    return { url: 'mem://upload', method: 'PUT' as const };
  }

  async presignDownload(_key: string, _opts: PresignOpts) {
    return { url: 'mem://download', expiresAt: new Date(Date.now() + 1000) };
  }
}

async function streamToBuffer(stream: NodeJS.ReadableStream): Promise<Buffer> {
  const chunks: Buffer[] = [];
  for await (const c of stream) chunks.push(Buffer.isBuffer(c) ? c : Buffer.from(c as string));
  return Buffer.concat(chunks);
}

describe('copyAndVerify', () => {
  it('round-trips a buffer and reports matching sha256', async () => {
    const src = new InMemoryBackend();
    const dst = new InMemoryBackend();
    const payload = Buffer.from('hello world payload');
    await src.put('a/b.txt', payload, { contentType: 'text/plain' });

    const result = await copyAndVerify(src, dst, {
      tableName: 't',
      pk: '1',
      key: 'a/b.txt',
      contentType: 'text/plain',
    });
    expect(result.sizeBytes).toBe(payload.length);
    expect(result.sha256).toHaveLength(64);
    expect(dst.store.get('a/b.txt')?.body.equals(payload)).toBe(true);
  });

  it('throws when target re-read returns corrupt bytes', async () => {
    const src = new InMemoryBackend();
    const dst = new InMemoryBackend();
    await src.put('a/b.txt', Buffer.from('legit'), { contentType: 'text/plain' });

    // Force the destination's get() to return tampered data so the second
    // sha256 doesn't match the first.
    dst.corruptOnRead = Buffer.from('tampered');

    await expect(
      copyAndVerify(src, dst, {
        tableName: 't',
        pk: '1',
        key: 'a/b.txt',
        contentType: 'text/plain',
      }),
    ).rejects.toThrow(/sha256 mismatch/);
  });
});