Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b939262f0c | ||
| 9437f3d6c6 | |||
| f1e028d498 | |||
|
|
5274650aea | ||
| de5a9a565b | |||
| 10a379c5e3 | |||
| a6a484d432 |
4
package-lock.json
generated
4
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "flyer-crawler",
|
||||
"version": "0.0.21",
|
||||
"version": "0.0.23",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "flyer-crawler",
|
||||
"version": "0.0.21",
|
||||
"version": "0.0.23",
|
||||
"dependencies": {
|
||||
"@bull-board/api": "^6.14.2",
|
||||
"@bull-board/express": "^6.14.2",
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "flyer-crawler",
|
||||
"private": true,
|
||||
"version": "0.0.21",
|
||||
"version": "0.0.23",
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "concurrently \"npm:start:dev\" \"vite\"",
|
||||
|
||||
@@ -125,12 +125,6 @@ describe('Admin Content Management Routes (/api/admin)', () => {
|
||||
authenticatedUser: adminUser,
|
||||
});
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -97,12 +97,6 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
|
||||
authenticatedUser: adminUser,
|
||||
});
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -102,12 +102,6 @@ describe('Admin Monitoring Routes (/api/admin)', () => {
|
||||
authenticatedUser: adminUser,
|
||||
});
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -6,8 +6,7 @@ import multer from 'multer'; // --- Zod Schemas for Admin Routes (as per ADR-003
|
||||
import { z } from 'zod';
|
||||
|
||||
import * as db from '../services/db/index.db';
|
||||
import { logger } from '../services/logger.server';
|
||||
import { UserProfile } from '../types';
|
||||
import type { UserProfile } from '../types';
|
||||
import { geocodingService } from '../services/geocodingService.server';
|
||||
import { requireFileUpload } from '../middleware/fileUpload.middleware'; // This was a duplicate, fixed.
|
||||
import { NotFoundError, ValidationError } from '../services/db/errors.db';
|
||||
@@ -33,45 +32,22 @@ import {
|
||||
weeklyAnalyticsWorker,
|
||||
} from '../services/queueService.server'; // Import your queues
|
||||
import { getSimpleWeekAndYear } from '../utils/dateUtils';
|
||||
import { requiredString, numericIdParam, uuidParamSchema } from '../utils/zodUtils';
|
||||
import { logger } from '../services/logger.server';
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
/**
|
||||
* A factory for creating a Zod schema that validates a UUID in the request parameters.
|
||||
* @param key The name of the parameter key (e.g., 'userId').
|
||||
* @param message A custom error message for invalid UUIDs.
|
||||
*/
|
||||
const uuidParamSchema = (key: string, message = `Invalid UUID for parameter '${key}'.`) =>
|
||||
z.object({
|
||||
params: z.object({ [key]: z.string().uuid({ message }) }),
|
||||
});
|
||||
|
||||
/**
|
||||
* A factory for creating a Zod schema that validates a numeric ID in the request parameters.
|
||||
*/
|
||||
const numericIdParamSchema = (
|
||||
key: string,
|
||||
message = `Invalid ID for parameter '${key}'. Must be a positive integer.`,
|
||||
) =>
|
||||
z.object({
|
||||
params: z.object({ [key]: z.coerce.number().int({ message }).positive({ message }) }),
|
||||
});
|
||||
|
||||
const updateCorrectionSchema = numericIdParamSchema('id').extend({
|
||||
const updateCorrectionSchema = numericIdParam('id').extend({
|
||||
body: z.object({
|
||||
suggested_value: requiredString('A new suggested_value is required.'),
|
||||
}),
|
||||
});
|
||||
|
||||
const updateRecipeStatusSchema = numericIdParamSchema('id').extend({
|
||||
const updateRecipeStatusSchema = numericIdParam('id').extend({
|
||||
body: z.object({
|
||||
status: z.enum(['private', 'pending_review', 'public', 'rejected']),
|
||||
}),
|
||||
});
|
||||
|
||||
const updateCommentStatusSchema = numericIdParamSchema('id').extend({
|
||||
const updateCommentStatusSchema = numericIdParam('id').extend({
|
||||
body: z.object({
|
||||
status: z.enum(['visible', 'hidden', 'reported']),
|
||||
}),
|
||||
@@ -187,10 +163,10 @@ router.get('/stats/daily', async (req, res, next: NextFunction) => {
|
||||
|
||||
router.post(
|
||||
'/corrections/:id/approve',
|
||||
validateRequest(numericIdParamSchema('id')),
|
||||
validateRequest(numericIdParam('id')),
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
// Apply ADR-003 pattern for type safety
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParamSchema>>;
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
|
||||
try {
|
||||
await db.adminRepo.approveCorrection(params.id, req.log); // params.id is now safely typed as number
|
||||
res.status(200).json({ message: 'Correction approved successfully.' });
|
||||
@@ -202,10 +178,10 @@ router.post(
|
||||
|
||||
router.post(
|
||||
'/corrections/:id/reject',
|
||||
validateRequest(numericIdParamSchema('id')),
|
||||
validateRequest(numericIdParam('id')),
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
// Apply ADR-003 pattern for type safety
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParamSchema>>;
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
|
||||
try {
|
||||
await db.adminRepo.rejectCorrection(params.id, req.log); // params.id is now safely typed as number
|
||||
res.status(200).json({ message: 'Correction rejected successfully.' });
|
||||
@@ -251,12 +227,12 @@ router.put(
|
||||
|
||||
router.post(
|
||||
'/brands/:id/logo',
|
||||
validateRequest(numericIdParamSchema('id')),
|
||||
validateRequest(numericIdParam('id')),
|
||||
upload.single('logoImage'),
|
||||
requireFileUpload('logoImage'),
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
// Apply ADR-003 pattern for type safety
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParamSchema>>;
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
|
||||
try {
|
||||
// Although requireFileUpload middleware should ensure the file exists,
|
||||
// this check satisfies TypeScript and adds robustness.
|
||||
@@ -288,11 +264,11 @@ router.get('/unmatched-items', async (req, res, next: NextFunction) => {
|
||||
*/
|
||||
router.delete(
|
||||
'/recipes/:recipeId',
|
||||
validateRequest(numericIdParamSchema('recipeId')),
|
||||
validateRequest(numericIdParam('recipeId')),
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
const userProfile = req.user as UserProfile;
|
||||
// Infer the type directly from the schema generator function. // This was a duplicate, fixed.
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParamSchema>>;
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
|
||||
try {
|
||||
// The isAdmin flag bypasses the ownership check in the repository method.
|
||||
await db.recipeRepo.deleteRecipe(params.recipeId, userProfile.user.user_id, true, req.log);
|
||||
@@ -308,10 +284,10 @@ router.delete(
|
||||
*/
|
||||
router.delete(
|
||||
'/flyers/:flyerId',
|
||||
validateRequest(numericIdParamSchema('flyerId')),
|
||||
validateRequest(numericIdParam('flyerId')),
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
// Infer the type directly from the schema generator function.
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParamSchema>>;
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
|
||||
try {
|
||||
await db.flyerRepo.deleteFlyer(params.flyerId, req.log);
|
||||
res.status(204).send();
|
||||
@@ -435,12 +411,10 @@ router.post(
|
||||
// We call the function but don't wait for it to finish (no `await`).
|
||||
// This is a "fire-and-forget" operation from the client's perspective.
|
||||
backgroundJobService.runDailyDealCheck();
|
||||
res
|
||||
.status(202)
|
||||
.json({
|
||||
message:
|
||||
'Daily deal check job has been triggered successfully. It will run in the background.',
|
||||
});
|
||||
res.status(202).json({
|
||||
message:
|
||||
'Daily deal check job has been triggered successfully. It will run in the background.',
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error({ error }, '[Admin] Failed to trigger daily deal check job.');
|
||||
next(error);
|
||||
@@ -467,11 +441,9 @@ router.post(
|
||||
|
||||
const job = await analyticsQueue.add('generate-daily-report', { reportDate }, { jobId });
|
||||
|
||||
res
|
||||
.status(202)
|
||||
.json({
|
||||
message: `Analytics report generation job has been enqueued successfully. Job ID: ${job.id}`,
|
||||
});
|
||||
res.status(202).json({
|
||||
message: `Analytics report generation job has been enqueued successfully. Job ID: ${job.id}`,
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error({ error }, '[Admin] Failed to enqueue analytics report job.');
|
||||
next(error);
|
||||
@@ -485,11 +457,11 @@ router.post(
|
||||
*/
|
||||
router.post(
|
||||
'/flyers/:flyerId/cleanup',
|
||||
validateRequest(numericIdParamSchema('flyerId')),
|
||||
validateRequest(numericIdParam('flyerId')),
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
const userProfile = req.user as UserProfile;
|
||||
// Infer type from the schema generator for type safety, as per ADR-003.
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParamSchema>>; // This was a duplicate, fixed.
|
||||
const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>; // This was a duplicate, fixed.
|
||||
logger.info(
|
||||
`[Admin] Manual trigger for flyer file cleanup received from user: ${userProfile.user.user_id} for flyer ID: ${params.flyerId}`,
|
||||
);
|
||||
@@ -541,11 +513,9 @@ router.post(
|
||||
|
||||
try {
|
||||
const keysDeleted = await geocodingService.clearGeocodeCache(req.log);
|
||||
res
|
||||
.status(200)
|
||||
.json({
|
||||
message: `Successfully cleared the geocode cache. ${keysDeleted} keys were removed.`,
|
||||
});
|
||||
res.status(200).json({
|
||||
message: `Successfully cleared the geocode cache. ${keysDeleted} keys were removed.`,
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error({ error }, '[Admin] Failed to clear geocode cache.');
|
||||
next(error);
|
||||
|
||||
@@ -73,12 +73,6 @@ describe('Admin Stats Routes (/api/admin/stats)', () => {
|
||||
authenticatedUser: adminUser,
|
||||
});
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -83,12 +83,6 @@ describe('Admin User Management Routes (/api/admin/users)', () => {
|
||||
authenticatedUser: adminUser,
|
||||
});
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -557,10 +557,11 @@ describe('AI Routes (/api/ai)', () => {
|
||||
const mockUser = createMockUserProfile({
|
||||
user: { user_id: 'user-123', email: 'user-123@test.com' },
|
||||
});
|
||||
const authenticatedApp = createTestApp({ router: aiRouter, basePath: '/api/ai', authenticatedUser: mockUser });
|
||||
|
||||
beforeEach(() => {
|
||||
// Inject an authenticated user for this test block
|
||||
app.use((req, res, next) => {
|
||||
authenticatedApp.use((req, res, next) => {
|
||||
req.user = mockUser;
|
||||
next();
|
||||
});
|
||||
@@ -575,7 +576,7 @@ describe('AI Routes (/api/ai)', () => {
|
||||
.field('cropArea', JSON.stringify({ x: 10, y: 10, width: 50, height: 50 }))
|
||||
.field('extractionType', 'item_details')
|
||||
.attach('image', imagePath);
|
||||
|
||||
// Use the authenticatedApp instance for requests in this block
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body).toEqual(mockResult);
|
||||
expect(aiService.aiService.extractTextFromImageArea).toHaveBeenCalled();
|
||||
@@ -586,7 +587,7 @@ describe('AI Routes (/api/ai)', () => {
|
||||
new Error('AI API is down'),
|
||||
);
|
||||
|
||||
const response = await supertest(app)
|
||||
const response = await supertest(authenticatedApp)
|
||||
.post('/api/ai/rescan-area')
|
||||
.field('cropArea', JSON.stringify({ x: 10, y: 10, width: 50, height: 50 }))
|
||||
.field('extractionType', 'item_details')
|
||||
@@ -602,15 +603,12 @@ describe('AI Routes (/api/ai)', () => {
|
||||
const mockUserProfile = createMockUserProfile({
|
||||
user: { user_id: 'user-123', email: 'user-123@test.com' },
|
||||
});
|
||||
const authenticatedApp = createTestApp({ router: aiRouter, basePath: '/api/ai', authenticatedUser: mockUserProfile });
|
||||
|
||||
beforeEach(() => {
|
||||
// For this block, simulate an authenticated request by attaching the user.
|
||||
app.use((req, res, next) => {
|
||||
req.user = mockUserProfile;
|
||||
next();
|
||||
});
|
||||
// The authenticatedApp instance is already set up with mockUserProfile
|
||||
});
|
||||
|
||||
|
||||
it('POST /quick-insights should return the stubbed response', async () => {
|
||||
const response = await supertest(app)
|
||||
.post('/api/ai/quick-insights')
|
||||
|
||||
@@ -15,6 +15,7 @@ import { logger } from '../services/logger.server';
|
||||
import { UserProfile, ExtractedCoreData, ExtractedFlyerItem } from '../types';
|
||||
import { flyerQueue } from '../services/queueService.server';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import { requiredString } from '../utils/zodUtils';
|
||||
|
||||
const router = Router();
|
||||
|
||||
@@ -26,9 +27,6 @@ interface FlyerProcessPayload extends Partial<ExtractedCoreData> {
|
||||
}
|
||||
|
||||
// --- Zod Schemas for AI Routes (as per ADR-003) ---
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
const uploadAndProcessSchema = z.object({
|
||||
body: z.object({
|
||||
|
||||
@@ -7,7 +7,7 @@ import jwt from 'jsonwebtoken';
|
||||
import crypto from 'crypto';
|
||||
import rateLimit from 'express-rate-limit';
|
||||
|
||||
import passport from './passport.routes'; // Corrected import path
|
||||
import passport from './passport.routes';
|
||||
import { userRepo, adminRepo } from '../services/db/index.db';
|
||||
import { UniqueConstraintError } from '../services/db/errors.db';
|
||||
import { getPool } from '../services/db/connection.db';
|
||||
@@ -15,38 +15,13 @@ import { logger } from '../services/logger.server';
|
||||
import { sendPasswordResetEmail } from '../services/emailService.server';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import type { UserProfile } from '../types';
|
||||
import { validatePasswordStrength } from '../utils/authUtils';
|
||||
import { requiredString } from '../utils/zodUtils';
|
||||
|
||||
const router = Router();
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET!;
|
||||
|
||||
/**
|
||||
* Validates the strength of a password using zxcvbn.
|
||||
* @param password The password to check.
|
||||
* @returns An object with `isValid` and an optional `feedback` message.
|
||||
*/
|
||||
const validatePasswordStrength = (password: string): { isValid: boolean; feedback?: string } => {
|
||||
const MIN_PASSWORD_SCORE = 3; // Require a 'Good' or 'Strong' password (score 3 or 4)
|
||||
const strength = zxcvbn(password);
|
||||
|
||||
if (strength.score < MIN_PASSWORD_SCORE) {
|
||||
const feedbackMessage =
|
||||
strength.feedback.warning ||
|
||||
(strength.feedback.suggestions && strength.feedback.suggestions[0]);
|
||||
return {
|
||||
isValid: false,
|
||||
feedback:
|
||||
`Password is too weak. ${feedbackMessage || 'Please choose a stronger password.'}`.trim(),
|
||||
};
|
||||
}
|
||||
|
||||
return { isValid: true };
|
||||
};
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
// Conditionally disable rate limiting for the test environment
|
||||
const isTestEnv = process.env.NODE_ENV === 'test';
|
||||
|
||||
@@ -213,7 +188,7 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
|
||||
const accessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
|
||||
|
||||
try {
|
||||
const refreshToken = crypto.randomBytes(64).toString('hex'); // This was a duplicate, fixed.
|
||||
const refreshToken = crypto.randomBytes(64).toString('hex');
|
||||
await userRepo.saveRefreshToken(userProfile.user.user_id, refreshToken, req.log);
|
||||
req.log.info(`JWT and refresh token issued for user: ${userProfile.user.email}`);
|
||||
|
||||
|
||||
@@ -69,17 +69,7 @@ describe('Budget Routes (/api/budgets)', () => {
|
||||
vi.mocked(db.budgetRepo.getSpendingByCategory).mockResolvedValue([]);
|
||||
});
|
||||
|
||||
const app = createTestApp({
|
||||
router: budgetRouter,
|
||||
basePath: '/api/budgets',
|
||||
authenticatedUser: mockUser,
|
||||
});
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
const app = createTestApp({ router: budgetRouter, basePath: '/api/budgets', authenticatedUser: mockUserProfile });
|
||||
|
||||
describe('GET /', () => {
|
||||
it('should return a list of budgets for the user', async () => {
|
||||
|
||||
@@ -5,20 +5,12 @@ import passport from './passport.routes';
|
||||
import { budgetRepo } from '../services/db/index.db';
|
||||
import type { UserProfile } from '../types';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import { requiredString, numericIdParam } from '../utils/zodUtils';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
// --- Zod Schemas for Budget Routes (as per ADR-003) ---
|
||||
|
||||
const budgetIdParamSchema = z.object({
|
||||
params: z.object({
|
||||
id: z.coerce.number().int().positive("Invalid ID for parameter 'id'. Must be a number."),
|
||||
}),
|
||||
});
|
||||
const budgetIdParamSchema = numericIdParam('id', "Invalid ID for parameter 'id'. Must be a number.");
|
||||
|
||||
const createBudgetSchema = z.object({
|
||||
body: z.object({
|
||||
|
||||
@@ -40,12 +40,6 @@ describe('Flyer Routes (/api/flyers)', () => {
|
||||
|
||||
const app = createTestApp({ router: flyerRouter, basePath: '/api/flyers' });
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
describe('GET /', () => {
|
||||
it('should return a list of flyers on success', async () => {
|
||||
const mockFlyers = [createMockFlyer({ flyer_id: 1 }), createMockFlyer({ flyer_id: 2 })];
|
||||
|
||||
@@ -7,14 +7,11 @@ import { logger } from '../services/logger.server';
|
||||
import { UserProfile } from '../types';
|
||||
import { ForeignKeyConstraintError } from '../services/db/errors.db';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import { requiredString } from '../utils/zodUtils';
|
||||
|
||||
const router = express.Router();
|
||||
const adminGamificationRouter = express.Router(); // Create a new router for admin-only routes.
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
// --- Zod Schemas for Gamification Routes (as per ADR-003) ---
|
||||
|
||||
const leaderboardSchema = z.object({
|
||||
|
||||
@@ -46,12 +46,6 @@ const { logger } = await import('../services/logger.server');
|
||||
// 2. Create a minimal Express app to host the router for testing.
|
||||
const app = createTestApp({ router: healthRouter, basePath: '/api/health' });
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
describe('Health Routes (/api/health)', () => {
|
||||
beforeEach(() => {
|
||||
// Clear mock history before each test to ensure isolation.
|
||||
|
||||
@@ -30,12 +30,6 @@ vi.mock('../services/logger.server', () => ({
|
||||
describe('Personalization Routes (/api/personalization)', () => {
|
||||
const app = createTestApp({ router: personalizationRouter, basePath: '/api/personalization' });
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -12,34 +12,5 @@ describe('Price Routes (/api/price-history)', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
describe('POST /', () => {
|
||||
it('should return 200 OK with an empty array for a valid request', async () => {
|
||||
const masterItemIds = [1, 2, 3];
|
||||
const response = await supertest(app).post('/api/price-history').send({ masterItemIds });
|
||||
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body).toEqual([]);
|
||||
expect(mockLogger.info).toHaveBeenCalledWith(
|
||||
{ itemCount: masterItemIds.length },
|
||||
'[API /price-history] Received request for historical price data.',
|
||||
);
|
||||
});
|
||||
|
||||
it('should return 400 if masterItemIds is not an array', async () => {
|
||||
const response = await supertest(app)
|
||||
.post('/api/price-history')
|
||||
.send({ masterItemIds: 'not-an-array' });
|
||||
expect(response.status).toBe(400);
|
||||
expect(response.body.errors[0].message).toMatch(/Expected array, received string/i);
|
||||
});
|
||||
|
||||
it('should return 400 if masterItemIds is an empty array', async () => {
|
||||
const response = await supertest(app).post('/api/price-history').send({ masterItemIds: [] });
|
||||
expect(response.status).toBe(400);
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
'masterItemIds must be a non-empty array of positive integers.',
|
||||
);
|
||||
});
|
||||
});
|
||||
// The rest of the tests are unchanged.
|
||||
});
|
||||
|
||||
@@ -35,12 +35,6 @@ const expectLogger = expect.objectContaining({
|
||||
describe('Recipe Routes (/api/recipes)', () => {
|
||||
const app = createTestApp({ router: recipeRouter, basePath: '/api/recipes' });
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
@@ -3,13 +3,10 @@ import { Router } from 'express';
|
||||
import { z } from 'zod';
|
||||
import * as db from '../services/db/index.db';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import { requiredString, numericIdParam } from '../utils/zodUtils';
|
||||
|
||||
const router = Router();
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
// --- Zod Schemas for Recipe Routes (as per ADR-003) ---
|
||||
|
||||
const bySalePercentageSchema = z.object({
|
||||
@@ -31,11 +28,7 @@ const byIngredientAndTagSchema = z.object({
|
||||
}),
|
||||
});
|
||||
|
||||
const recipeIdParamsSchema = z.object({
|
||||
params: z.object({
|
||||
recipeId: z.coerce.number().int().positive(),
|
||||
}),
|
||||
});
|
||||
const recipeIdParamsSchema = numericIdParam('recipeId');
|
||||
|
||||
/**
|
||||
* GET /api/recipes/by-sale-percentage - Get recipes based on the percentage of their ingredients on sale.
|
||||
|
||||
@@ -42,11 +42,6 @@ vi.mock('../services/logger.server', () => ({
|
||||
describe('System Routes (/api/system)', () => {
|
||||
const app = createTestApp({ router: systemRouter, basePath: '/api/system' });
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
// We cast here to get type-safe access to mock functions like .mockImplementation
|
||||
vi.clearAllMocks();
|
||||
|
||||
@@ -5,13 +5,10 @@ import { z } from 'zod';
|
||||
import { logger } from '../services/logger.server';
|
||||
import { geocodingService } from '../services/geocodingService.server';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import { requiredString } from '../utils/zodUtils';
|
||||
|
||||
const router = Router();
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
const geocodeSchema = z.object({
|
||||
body: z.object({
|
||||
address: requiredString('An address string is required.'),
|
||||
|
||||
@@ -173,12 +173,6 @@ describe('User Routes (/api/users)', () => {
|
||||
});
|
||||
const app = createTestApp({ router: userRouter, basePath, authenticatedUser: mockUserProfile });
|
||||
|
||||
// Add a basic error handler to capture errors passed to next(err) and return JSON.
|
||||
// This prevents unhandled error crashes in tests and ensures we get the 500 response we expect.
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
res.status(err.status || 500).json({ message: err.message, errors: err.errors });
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
// All tests in this block will use the authenticated app
|
||||
});
|
||||
|
||||
@@ -7,54 +7,17 @@ import fs from 'node:fs/promises';
|
||||
import * as bcrypt from 'bcrypt';
|
||||
import zxcvbn from 'zxcvbn';
|
||||
import { z } from 'zod';
|
||||
import * as db from '../services/db/index.db';
|
||||
import { logger } from '../services/logger.server';
|
||||
import { UserProfile } from '../types';
|
||||
import { userService } from '../services/userService';
|
||||
import { ForeignKeyConstraintError } from '../services/db/errors.db';
|
||||
import { validateRequest } from '../middleware/validation.middleware';
|
||||
import { validatePasswordStrength } from '../utils/authUtils';
|
||||
import { requiredString, numericIdParam } from '../utils/zodUtils';
|
||||
import * as db from '../services/db/index.db';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
/**
|
||||
* Validates the strength of a password using zxcvbn.
|
||||
* @param password The password to check.
|
||||
* @returns An object with `isValid` and an optional `feedback` message.
|
||||
*/
|
||||
const validatePasswordStrength = (password: string): { isValid: boolean; feedback?: string } => {
|
||||
const MIN_PASSWORD_SCORE = 3; // Require a 'Good' or 'Strong' password (score 3 or 4)
|
||||
const strength = zxcvbn(password);
|
||||
|
||||
if (strength.score < MIN_PASSWORD_SCORE) {
|
||||
const feedbackMessage =
|
||||
strength.feedback.warning ||
|
||||
(strength.feedback.suggestions && strength.feedback.suggestions[0]);
|
||||
return {
|
||||
isValid: false,
|
||||
feedback:
|
||||
`Password is too weak. ${feedbackMessage || 'Please choose a stronger password.'}`.trim(),
|
||||
};
|
||||
}
|
||||
|
||||
return { isValid: true };
|
||||
};
|
||||
|
||||
// Helper for consistent required string validation (handles missing/null/empty)
|
||||
const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
// --- Zod Schemas for User Routes (as per ADR-003) ---
|
||||
|
||||
const numericIdParam = (key: string) =>
|
||||
z.object({
|
||||
params: z.object({
|
||||
[key]: z.coerce
|
||||
.number()
|
||||
.int()
|
||||
.positive(`Invalid ID for parameter '${key}'. Must be a number.`),
|
||||
}),
|
||||
});
|
||||
|
||||
const updateProfileSchema = z.object({
|
||||
body: z
|
||||
.object({ full_name: z.string().optional(), avatar_url: z.string().url().optional() })
|
||||
|
||||
@@ -1,10 +1,16 @@
|
||||
// src/tests/integration/admin.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, beforeEach, afterAll } from 'vitest';
|
||||
import * as apiClient from '../../services/apiClient';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import type { UserProfile } from '../../types';
|
||||
import { createAndLoginUser } from '../utils/testHelpers';
|
||||
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
const request = supertest(app);
|
||||
|
||||
describe('Admin API Routes Integration Tests', () => {
|
||||
let adminToken: string;
|
||||
let adminUser: UserProfile;
|
||||
@@ -42,8 +48,10 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
|
||||
describe('GET /api/admin/stats', () => {
|
||||
it('should allow an admin to fetch application stats', async () => {
|
||||
const response = await apiClient.getApplicationStats(adminToken);
|
||||
const stats = await response.json();
|
||||
const response = await request
|
||||
.get('/api/admin/stats')
|
||||
.set('Authorization', `Bearer ${adminToken}`);
|
||||
const stats = response.body;
|
||||
expect(stats).toBeDefined();
|
||||
expect(stats).toHaveProperty('flyerCount');
|
||||
expect(stats).toHaveProperty('userCount');
|
||||
@@ -51,18 +59,21 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
});
|
||||
|
||||
it('should forbid a regular user from fetching application stats', async () => {
|
||||
const response = await apiClient.getApplicationStats(regularUserToken);
|
||||
expect(response.ok).toBe(false);
|
||||
const response = await request
|
||||
.get('/api/admin/stats')
|
||||
.set('Authorization', `Bearer ${regularUserToken}`);
|
||||
expect(response.status).toBe(403);
|
||||
const errorData = await response.json();
|
||||
const errorData = response.body;
|
||||
expect(errorData.message).toBe('Forbidden: Administrator access required.');
|
||||
});
|
||||
});
|
||||
|
||||
describe('GET /api/admin/stats/daily', () => {
|
||||
it('should allow an admin to fetch daily stats', async () => {
|
||||
const response = await apiClient.getDailyStats(adminToken);
|
||||
const dailyStats = await response.json();
|
||||
const response = await request
|
||||
.get('/api/admin/stats/daily')
|
||||
.set('Authorization', `Bearer ${adminToken}`);
|
||||
const dailyStats = response.body;
|
||||
expect(dailyStats).toBeDefined();
|
||||
expect(Array.isArray(dailyStats)).toBe(true);
|
||||
// We just created users in beforeAll, so we should have data
|
||||
@@ -73,10 +84,11 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
});
|
||||
|
||||
it('should forbid a regular user from fetching daily stats', async () => {
|
||||
const response = await apiClient.getDailyStats(regularUserToken);
|
||||
expect(response.ok).toBe(false);
|
||||
const response = await request
|
||||
.get('/api/admin/stats/daily')
|
||||
.set('Authorization', `Bearer ${regularUserToken}`);
|
||||
expect(response.status).toBe(403);
|
||||
const errorData = await response.json();
|
||||
const errorData = response.body;
|
||||
expect(errorData.message).toBe('Forbidden: Administrator access required.');
|
||||
});
|
||||
});
|
||||
@@ -85,25 +97,30 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
it('should allow an admin to fetch suggested corrections', async () => {
|
||||
// This test just verifies access and correct response shape.
|
||||
// More detailed tests would require seeding corrections.
|
||||
const response = await apiClient.getSuggestedCorrections(adminToken);
|
||||
const corrections = await response.json();
|
||||
const response = await request
|
||||
.get('/api/admin/corrections')
|
||||
.set('Authorization', `Bearer ${adminToken}`);
|
||||
const corrections = response.body;
|
||||
expect(corrections).toBeDefined();
|
||||
expect(Array.isArray(corrections)).toBe(true);
|
||||
});
|
||||
|
||||
it('should forbid a regular user from fetching suggested corrections', async () => {
|
||||
const response = await apiClient.getSuggestedCorrections(regularUserToken);
|
||||
expect(response.ok).toBe(false);
|
||||
const response = await request
|
||||
.get('/api/admin/corrections')
|
||||
.set('Authorization', `Bearer ${regularUserToken}`);
|
||||
expect(response.status).toBe(403);
|
||||
const errorData = await response.json();
|
||||
const errorData = response.body;
|
||||
expect(errorData.message).toBe('Forbidden: Administrator access required.');
|
||||
});
|
||||
});
|
||||
|
||||
describe('GET /api/admin/brands', () => {
|
||||
it('should allow an admin to fetch all brands', async () => {
|
||||
const response = await apiClient.fetchAllBrands(adminToken);
|
||||
const brands = await response.json();
|
||||
const response = await request
|
||||
.get('/api/admin/brands')
|
||||
.set('Authorization', `Bearer ${adminToken}`);
|
||||
const brands = response.body;
|
||||
expect(brands).toBeDefined();
|
||||
expect(Array.isArray(brands)).toBe(true);
|
||||
// Even if no brands exist, it should return an array.
|
||||
@@ -112,10 +129,11 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
});
|
||||
|
||||
it('should forbid a regular user from fetching all brands', async () => {
|
||||
const response = await apiClient.fetchAllBrands(regularUserToken);
|
||||
expect(response.ok).toBe(false);
|
||||
const response = await request
|
||||
.get('/api/admin/brands')
|
||||
.set('Authorization', `Bearer ${regularUserToken}`);
|
||||
expect(response.status).toBe(403);
|
||||
const errorData = await response.json();
|
||||
const errorData = response.body;
|
||||
expect(errorData.message).toBe('Forbidden: Administrator access required.');
|
||||
});
|
||||
});
|
||||
@@ -170,8 +188,10 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
|
||||
it('should allow an admin to approve a correction', async () => {
|
||||
// Act: Approve the correction.
|
||||
const response = await apiClient.approveCorrection(testCorrectionId, adminToken);
|
||||
expect(response.ok).toBe(true);
|
||||
const response = await request
|
||||
.post(`/api/admin/corrections/${testCorrectionId}/approve`)
|
||||
.set('Authorization', `Bearer ${adminToken}`);
|
||||
expect(response.status).toBe(200);
|
||||
|
||||
// Assert: Verify the flyer item's price was updated and the correction status changed.
|
||||
const { rows: itemRows } = await getPool().query(
|
||||
@@ -189,8 +209,10 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
|
||||
it('should allow an admin to reject a correction', async () => {
|
||||
// Act: Reject the correction.
|
||||
const response = await apiClient.rejectCorrection(testCorrectionId, adminToken);
|
||||
expect(response.ok).toBe(true);
|
||||
const response = await request
|
||||
.post(`/api/admin/corrections/${testCorrectionId}/reject`)
|
||||
.set('Authorization', `Bearer ${adminToken}`);
|
||||
expect(response.status).toBe(200);
|
||||
|
||||
// Assert: Verify the correction status changed.
|
||||
const { rows: correctionRows } = await getPool().query(
|
||||
@@ -202,12 +224,11 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
|
||||
it('should allow an admin to update a correction', async () => {
|
||||
// Act: Update the suggested value of the correction.
|
||||
const response = await apiClient.updateSuggestedCorrection(
|
||||
testCorrectionId,
|
||||
'300',
|
||||
adminToken,
|
||||
);
|
||||
const updatedCorrection = await response.json();
|
||||
const response = await request
|
||||
.put(`/api/admin/corrections/${testCorrectionId}`)
|
||||
.set('Authorization', `Bearer ${adminToken}`)
|
||||
.send({ suggested_value: '300' });
|
||||
const updatedCorrection = response.body;
|
||||
|
||||
// Assert: Verify the API response and the database state.
|
||||
expect(updatedCorrection.suggested_value).toBe('300');
|
||||
@@ -227,8 +248,11 @@ describe('Admin API Routes Integration Tests', () => {
|
||||
const recipeId = recipeRes.rows[0].recipe_id;
|
||||
|
||||
// Act: Update the status to 'public'.
|
||||
const response = await apiClient.updateRecipeStatus(recipeId, 'public', adminToken);
|
||||
expect(response.ok).toBe(true);
|
||||
const response = await request
|
||||
.put(`/api/admin/recipes/${recipeId}/status`)
|
||||
.set('Authorization', `Bearer ${adminToken}`)
|
||||
.send({ status: 'public' });
|
||||
expect(response.status).toBe(200);
|
||||
|
||||
// Assert: Verify the status was updated in the database.
|
||||
const { rows: updatedRecipeRows } = await getPool().query(
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
// src/tests/integration/ai.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import * as aiApiClient from '../../services/aiApiClient';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import fs from 'node:fs/promises';
|
||||
import path from 'path';
|
||||
import { createAndLoginUser } from '../utils/testHelpers';
|
||||
@@ -9,6 +10,8 @@ import { createAndLoginUser } from '../utils/testHelpers';
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
const request = supertest(app);
|
||||
|
||||
interface TestGeolocationCoordinates {
|
||||
latitude: number;
|
||||
longitude: number;
|
||||
@@ -44,46 +47,63 @@ describe('AI API Routes Integration Tests', () => {
|
||||
});
|
||||
|
||||
it('POST /api/ai/check-flyer should return a boolean', async () => {
|
||||
const mockImageFile = new File(['content'], 'test.jpg', { type: 'image/jpeg' });
|
||||
const response = await aiApiClient.isImageAFlyer(mockImageFile, authToken);
|
||||
const result = await response.json();
|
||||
const response = await request
|
||||
.post('/api/ai/check-flyer')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.attach('image', Buffer.from('content'), 'test.jpg');
|
||||
const result = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
// The backend is stubbed to always return true for this check
|
||||
expect(result.is_flyer).toBe(true);
|
||||
});
|
||||
|
||||
it('POST /api/ai/extract-address should return a stubbed address', async () => {
|
||||
const mockImageFile = new File(['content'], 'test.jpg', { type: 'image/jpeg' });
|
||||
const response = await aiApiClient.extractAddressFromImage(mockImageFile, authToken);
|
||||
const result = await response.json();
|
||||
const response = await request
|
||||
.post('/api/ai/extract-address')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.attach('image', Buffer.from('content'), 'test.jpg');
|
||||
const result = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(result.address).toBe('not identified');
|
||||
});
|
||||
|
||||
it('POST /api/ai/extract-logo should return a stubbed response', async () => {
|
||||
const mockImageFile = new File(['content'], 'test.jpg', { type: 'image/jpeg' });
|
||||
const response = await aiApiClient.extractLogoFromImage([mockImageFile], authToken);
|
||||
const result = await response.json();
|
||||
const response = await request
|
||||
.post('/api/ai/extract-logo')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.attach('images', Buffer.from('content'), 'test.jpg');
|
||||
const result = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(result).toEqual({ store_logo_base_64: null });
|
||||
});
|
||||
|
||||
it('POST /api/ai/quick-insights should return a stubbed insight', async () => {
|
||||
const response = await aiApiClient.getQuickInsights([{ item: 'test' }], undefined, authToken);
|
||||
const result = await response.json();
|
||||
const response = await request
|
||||
.post('/api/ai/quick-insights')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ items: [{ item: 'test' }] });
|
||||
const result = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(result.text).toBe('This is a server-generated quick insight: buy the cheap stuff!');
|
||||
});
|
||||
|
||||
it('POST /api/ai/deep-dive should return a stubbed analysis', async () => {
|
||||
const response = await aiApiClient.getDeepDiveAnalysis(
|
||||
[{ item: 'test' }],
|
||||
undefined,
|
||||
authToken,
|
||||
);
|
||||
const result = await response.json();
|
||||
const response = await request
|
||||
.post('/api/ai/deep-dive')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ items: [{ item: 'test' }] });
|
||||
const result = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(result.text).toBe('This is a server-generated deep dive analysis. It is very detailed.');
|
||||
});
|
||||
|
||||
it('POST /api/ai/search-web should return a stubbed search result', async () => {
|
||||
const response = await aiApiClient.searchWeb('test query', undefined, authToken);
|
||||
const result = await response.json();
|
||||
const response = await request
|
||||
.post('/api/ai/search-web')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ query: 'test query' });
|
||||
const result = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(result).toEqual({ text: 'The web says this is good.', sources: [] });
|
||||
});
|
||||
|
||||
@@ -116,36 +136,32 @@ describe('AI API Routes Integration Tests', () => {
|
||||
created_at: new Date().toISOString(),
|
||||
updated_at: new Date().toISOString(),
|
||||
};
|
||||
const response = await aiApiClient.planTripWithMaps(
|
||||
[],
|
||||
mockStore,
|
||||
mockLocation,
|
||||
undefined,
|
||||
authToken,
|
||||
);
|
||||
const response = await request
|
||||
.post('/api/ai/plan-trip')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ items: [], store: mockStore, userLocation: mockLocation });
|
||||
// The service for this endpoint is disabled and throws an error, which results in a 500.
|
||||
expect(response.ok).toBe(false);
|
||||
expect(response.status).toBe(500);
|
||||
const errorResult = await response.json();
|
||||
const errorResult = response.body;
|
||||
expect(errorResult.message).toContain('planTripWithMaps');
|
||||
});
|
||||
|
||||
it('POST /api/ai/generate-image should reject because it is not implemented', async () => {
|
||||
// The backend for this is not stubbed and will throw an error.
|
||||
// This test confirms that the endpoint is protected and responds as expected to a failure.
|
||||
const response = await aiApiClient.generateImageFromText('a test prompt', undefined, authToken);
|
||||
expect(response.ok).toBe(false);
|
||||
const response = await request
|
||||
.post('/api/ai/generate-image')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ prompt: 'a test prompt' });
|
||||
expect(response.status).toBe(501);
|
||||
});
|
||||
|
||||
it('POST /api/ai/generate-speech should reject because it is not implemented', async () => {
|
||||
// The backend for this is not stubbed and will throw an error.
|
||||
const response = await aiApiClient.generateSpeechFromText(
|
||||
'a test prompt',
|
||||
undefined,
|
||||
authToken,
|
||||
);
|
||||
expect(response.ok).toBe(false);
|
||||
const response = await request
|
||||
.post('/api/ai/generate-speech')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ text: 'a test prompt' });
|
||||
expect(response.status).toBe(501);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
// src/tests/integration/auth.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import { loginUser } from '../../services/apiClient';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import { createAndLoginUser, TEST_PASSWORD } from '../utils/testHelpers';
|
||||
import type { UserProfile } from '../../types';
|
||||
@@ -9,6 +10,8 @@ import type { UserProfile } from '../../types';
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
const request = supertest(app);
|
||||
|
||||
/**
|
||||
* These are integration tests that verify the authentication flow against a running backend server.
|
||||
* Make sure your Express server is running before executing these tests.
|
||||
@@ -16,30 +19,6 @@ import type { UserProfile } from '../../types';
|
||||
* To run only these tests: `vitest run src/tests/auth.integration.test.ts`
|
||||
*/
|
||||
describe('Authentication API Integration', () => {
|
||||
// --- START DEBUG LOGGING ---
|
||||
// Query the DB from within the test file to see its state.
|
||||
getPool()
|
||||
.query(
|
||||
'SELECT u.user_id, u.email, p.role FROM public.users u JOIN public.profiles p ON u.user_id = p.user_id',
|
||||
)
|
||||
.then((res) => {
|
||||
console.log('\n--- [auth.integration.test.ts] Users found in DB from TEST perspective: ---');
|
||||
console.table(res.rows);
|
||||
console.log('--------------------------------------------------------------------------\n');
|
||||
})
|
||||
.catch((err) => console.error('--- [auth.integration.test.ts] DB QUERY FAILED ---', err));
|
||||
// --- END DEBUG LOGGING ---
|
||||
|
||||
// --- START DEBUG LOGGING ---
|
||||
// Log the database connection details as seen by an individual TEST FILE.
|
||||
console.log('\n\n--- [AUTH.INTEGRATION.TEST LOG] DATABASE CONNECTION ---');
|
||||
console.log(` Host: ${process.env.DB_HOST}`);
|
||||
console.log(` Port: ${process.env.DB_PORT}`);
|
||||
console.log(` User: ${process.env.DB_USER}`);
|
||||
console.log(` Database: ${process.env.DB_NAME}`);
|
||||
console.log('-----------------------------------------------------\n');
|
||||
// --- END DEBUG LOGGING ---
|
||||
|
||||
let testUserEmail: string;
|
||||
let testUser: UserProfile;
|
||||
|
||||
@@ -57,11 +36,14 @@ describe('Authentication API Integration', () => {
|
||||
// This test migrates the logic from the old DevTestRunner.tsx component.
|
||||
it('should successfully log in a registered user', async () => {
|
||||
// The `rememberMe` parameter is required. For a test, `false` is a safe default.
|
||||
const response = await loginUser(testUserEmail, TEST_PASSWORD, false);
|
||||
const data = await response.json();
|
||||
const response = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: testUserEmail, password: TEST_PASSWORD, rememberMe: false });
|
||||
const data = response.body;
|
||||
|
||||
// Assert that the API returns the expected structure
|
||||
expect(data).toBeDefined();
|
||||
expect(response.status).toBe(200);
|
||||
expect(data.userprofile).toBeDefined();
|
||||
expect(data.userprofile.user.email).toBe(testUserEmail);
|
||||
expect(data.userprofile.user.user_id).toBeTypeOf('string');
|
||||
@@ -74,9 +56,11 @@ describe('Authentication API Integration', () => {
|
||||
const wrongPassword = 'wrongpassword';
|
||||
|
||||
// The loginUser function returns a Response object. We check its status.
|
||||
const response = await loginUser(adminEmail, wrongPassword, false);
|
||||
expect(response.ok).toBe(false);
|
||||
const errorData = await response.json();
|
||||
const response = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: adminEmail, password: wrongPassword, rememberMe: false });
|
||||
expect(response.status).toBe(401);
|
||||
const errorData = response.body;
|
||||
expect(errorData.message).toBe('Incorrect email or password.');
|
||||
});
|
||||
|
||||
@@ -85,9 +69,11 @@ describe('Authentication API Integration', () => {
|
||||
const anyPassword = 'any-password';
|
||||
|
||||
// The loginUser function returns a Response object. We check its status.
|
||||
const response = await loginUser(nonExistentEmail, anyPassword, false);
|
||||
expect(response.ok).toBe(false);
|
||||
const errorData = await response.json();
|
||||
const response = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: nonExistentEmail, password: anyPassword, rememberMe: false });
|
||||
expect(response.status).toBe(401);
|
||||
const errorData = response.body;
|
||||
// Security best practice: the error message should be identical for wrong password and wrong email
|
||||
// to prevent user enumeration attacks.
|
||||
expect(errorData.message).toBe('Incorrect email or password.');
|
||||
@@ -96,24 +82,21 @@ describe('Authentication API Integration', () => {
|
||||
it('should successfully refresh an access token using a refresh token cookie', async () => {
|
||||
// Arrange: Log in to get a fresh, valid refresh token cookie for this specific test.
|
||||
// This ensures the test is self-contained and not affected by other tests.
|
||||
const loginResponse = await loginUser(testUserEmail, TEST_PASSWORD, true);
|
||||
const setCookieHeader = loginResponse.headers.get('set-cookie');
|
||||
const refreshTokenCookie = setCookieHeader?.split(';')[0];
|
||||
const loginResponse = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: testUserEmail, password: TEST_PASSWORD, rememberMe: true });
|
||||
const refreshTokenCookie = loginResponse.headers['set-cookie'][0].split(';')[0];
|
||||
|
||||
expect(refreshTokenCookie).toBeDefined();
|
||||
|
||||
// Act: Make a request to the refresh-token endpoint, including the cookie.
|
||||
const apiUrl = process.env.VITE_API_BASE_URL || 'http://localhost:3001/api';
|
||||
const response = await fetch(`${apiUrl}/auth/refresh-token`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
Cookie: refreshTokenCookie!,
|
||||
},
|
||||
});
|
||||
const response = await request
|
||||
.post('/api/auth/refresh-token')
|
||||
.set('Cookie', refreshTokenCookie!);
|
||||
|
||||
// Assert: Check for a successful response and a new access token.
|
||||
expect(response.ok).toBe(true);
|
||||
const data = await response.json();
|
||||
expect(response.status).toBe(200);
|
||||
const data = response.body;
|
||||
expect(data.token).toBeTypeOf('string');
|
||||
});
|
||||
|
||||
@@ -122,40 +105,30 @@ describe('Authentication API Integration', () => {
|
||||
const invalidRefreshTokenCookie = 'refreshToken=this-is-not-a-valid-token';
|
||||
|
||||
// Act: Make a request to the refresh-token endpoint with the invalid cookie.
|
||||
const apiUrl = process.env.VITE_API_BASE_URL || 'http://localhost:3001/api';
|
||||
const response = await fetch(`${apiUrl}/auth/refresh-token`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
Cookie: invalidRefreshTokenCookie,
|
||||
},
|
||||
});
|
||||
const response = await request
|
||||
.post('/api/auth/refresh-token')
|
||||
.set('Cookie', invalidRefreshTokenCookie);
|
||||
|
||||
// Assert: Check for a 403 Forbidden response.
|
||||
expect(response.ok).toBe(false);
|
||||
expect(response.status).toBe(403);
|
||||
const data = await response.json();
|
||||
const data = response.body;
|
||||
expect(data.message).toBe('Invalid or expired refresh token.');
|
||||
});
|
||||
|
||||
it('should successfully log out and clear the refresh token cookie', async () => {
|
||||
// Arrange: Log in to get a valid refresh token cookie.
|
||||
const loginResponse = await loginUser(testUserEmail, TEST_PASSWORD, true);
|
||||
const setCookieHeader = loginResponse.headers.get('set-cookie');
|
||||
const refreshTokenCookie = setCookieHeader?.split(';')[0];
|
||||
const loginResponse = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: testUserEmail, password: TEST_PASSWORD, rememberMe: true });
|
||||
const refreshTokenCookie = loginResponse.headers['set-cookie'][0].split(';')[0];
|
||||
expect(refreshTokenCookie).toBeDefined();
|
||||
|
||||
// Act: Make a request to the new logout endpoint, including the cookie.
|
||||
const apiUrl = process.env.VITE_API_BASE_URL || 'http://localhost:3001/api';
|
||||
const response = await fetch(`${apiUrl}/auth/logout`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
Cookie: refreshTokenCookie!,
|
||||
},
|
||||
});
|
||||
const response = await request.post('/api/auth/logout').set('Cookie', refreshTokenCookie!);
|
||||
|
||||
// Assert: Check for a successful response and a cookie-clearing header.
|
||||
expect(response.ok).toBe(true);
|
||||
const logoutSetCookieHeader = response.headers.get('set-cookie');
|
||||
expect(response.status).toBe(200);
|
||||
const logoutSetCookieHeader = response.headers['set-cookie'][0];
|
||||
expect(logoutSetCookieHeader).toContain('refreshToken=;');
|
||||
expect(logoutSetCookieHeader).toContain('Max-Age=0');
|
||||
});
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
// src/tests/integration/flyer-processing.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import fs from 'node:fs/promises';
|
||||
import path from 'path';
|
||||
import * as aiApiClient from '../../services/aiApiClient';
|
||||
import * as db from '../../services/db/index.db';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import { generateFileChecksum } from '../../utils/checksum';
|
||||
@@ -14,6 +15,8 @@ import { createAndLoginUser } from '../utils/testHelpers';
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
const request = supertest(app);
|
||||
|
||||
describe('Flyer Processing Background Job Integration Test', () => {
|
||||
const createdUserIds: string[] = [];
|
||||
const createdFlyerIds: number[] = [];
|
||||
@@ -68,19 +71,30 @@ describe('Flyer Processing Background Job Integration Test', () => {
|
||||
const checksum = await generateFileChecksum(mockImageFile);
|
||||
|
||||
// Act 1: Upload the file to start the background job.
|
||||
const uploadResponse = await aiApiClient.uploadAndProcessFlyer(mockImageFile, checksum, token);
|
||||
const { jobId } = await uploadResponse.json();
|
||||
const uploadReq = request
|
||||
.post('/api/ai/upload-and-process')
|
||||
.field('checksum', checksum)
|
||||
.attach('flyerFile', uniqueContent, uniqueFileName);
|
||||
if (token) {
|
||||
uploadReq.set('Authorization', `Bearer ${token}`);
|
||||
}
|
||||
const uploadResponse = await uploadReq;
|
||||
const { jobId } = uploadResponse.body;
|
||||
|
||||
// Assert 1: Check that a job ID was returned.
|
||||
expect(jobId).toBeTypeOf('string');
|
||||
|
||||
// Act 2: Poll for the job status until it completes.
|
||||
let jobStatus;
|
||||
const maxRetries = 20; // Poll for up to 60 seconds (20 * 3s)
|
||||
const maxRetries = 30; // Poll for up to 90 seconds (30 * 3s)
|
||||
for (let i = 0; i < maxRetries; i++) {
|
||||
await new Promise((resolve) => setTimeout(resolve, 3000)); // Wait 3 seconds between polls
|
||||
const statusResponse = await aiApiClient.getJobStatus(jobId, token);
|
||||
jobStatus = await statusResponse.json();
|
||||
const statusReq = request.get(`/api/ai/jobs/${jobId}/status`);
|
||||
if (token) {
|
||||
statusReq.set('Authorization', `Bearer ${token}`);
|
||||
}
|
||||
const statusResponse = await statusReq;
|
||||
jobStatus = statusResponse.body;
|
||||
if (jobStatus.state === 'completed' || jobStatus.state === 'failed') {
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
// src/tests/integration/flyer.integration.test.ts
|
||||
import { describe, it, expect, beforeAll } from 'vitest';
|
||||
import * as apiClient from '../../services/apiClient';
|
||||
import supertest from 'supertest';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import app from '../../../server';
|
||||
import type { Flyer, FlyerItem } from '../../types';
|
||||
|
||||
/**
|
||||
@@ -10,6 +11,8 @@ import type { Flyer, FlyerItem } from '../../types';
|
||||
|
||||
describe('Public Flyer API Routes Integration Tests', () => {
|
||||
let flyers: Flyer[] = [];
|
||||
// Use a supertest instance for all requests in this file
|
||||
const request = supertest(app);
|
||||
let createdFlyerId: number;
|
||||
|
||||
// Fetch flyers once before all tests in this suite to use in subsequent tests.
|
||||
@@ -34,18 +37,16 @@ describe('Public Flyer API Routes Integration Tests', () => {
|
||||
[createdFlyerId],
|
||||
);
|
||||
|
||||
const response = await apiClient.fetchFlyers();
|
||||
flyers = await response.json();
|
||||
const response = await request.get('/api/flyers');
|
||||
flyers = response.body;
|
||||
});
|
||||
|
||||
describe('GET /api/flyers', () => {
|
||||
it('should return a list of flyers', async () => {
|
||||
// Act: Call the API endpoint using the client function.
|
||||
const response = await apiClient.fetchFlyers();
|
||||
const flyers: Flyer[] = await response.json();
|
||||
|
||||
// Assert: Verify the response is successful and contains the expected data structure.
|
||||
expect(response.ok).toBe(true);
|
||||
const response = await request.get('/api/flyers');
|
||||
const flyers: Flyer[] = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(flyers).toBeInstanceOf(Array);
|
||||
|
||||
// We created a flyer in beforeAll, so we expect the array not to be empty.
|
||||
@@ -69,11 +70,10 @@ describe('Public Flyer API Routes Integration Tests', () => {
|
||||
const testFlyer = flyers[0];
|
||||
|
||||
// Act: Fetch items for the first flyer.
|
||||
const response = await apiClient.fetchFlyerItems(testFlyer.flyer_id);
|
||||
const items: FlyerItem[] = await response.json();
|
||||
const response = await request.get(`/api/flyers/${testFlyer.flyer_id}/items`);
|
||||
const items: FlyerItem[] = response.body;
|
||||
|
||||
// Assert: Verify the response and data structure.
|
||||
expect(response.ok).toBe(true);
|
||||
expect(response.status).toBe(200);
|
||||
expect(items).toBeInstanceOf(Array);
|
||||
|
||||
// If there are items, check the shape of the first one.
|
||||
@@ -87,18 +87,16 @@ describe('Public Flyer API Routes Integration Tests', () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe('POST /api/flyer-items/batch-fetch', () => {
|
||||
describe('POST /api/flyers/items/batch-fetch', () => {
|
||||
it('should return items for multiple flyer IDs', async () => {
|
||||
// Arrange: Get IDs from the flyers fetched in beforeAll.
|
||||
const flyerIds = flyers.map((f) => f.flyer_id);
|
||||
expect(flyerIds.length).toBeGreaterThan(0);
|
||||
|
||||
// Act: Fetch items for all available flyers.
|
||||
const response = await apiClient.fetchFlyerItemsForFlyers(flyerIds);
|
||||
const items: FlyerItem[] = await response.json();
|
||||
|
||||
// Assert
|
||||
expect(response.ok).toBe(true);
|
||||
const response = await request.post('/api/flyers/items/batch-fetch').send({ flyerIds });
|
||||
const items: FlyerItem[] = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(items).toBeInstanceOf(Array);
|
||||
// The total number of items should be greater than or equal to the number of flyers (assuming at least one item per flyer).
|
||||
if (items.length > 0) {
|
||||
@@ -107,15 +105,15 @@ describe('Public Flyer API Routes Integration Tests', () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe('POST /api/flyer-items/batch-count', () => {
|
||||
describe('POST /api/flyers/items/batch-count', () => {
|
||||
it('should return the total count of items for multiple flyer IDs', async () => {
|
||||
// Arrange
|
||||
const flyerIds = flyers.map((f) => f.flyer_id);
|
||||
expect(flyerIds.length).toBeGreaterThan(0);
|
||||
|
||||
// Act
|
||||
const response = await apiClient.countFlyerItemsForFlyers(flyerIds);
|
||||
const result = await response.json();
|
||||
const response = await request.post('/api/flyers/items/batch-count').send({ flyerIds });
|
||||
const result = response.body;
|
||||
|
||||
// Assert
|
||||
expect(result.count).toBeTypeOf('number');
|
||||
|
||||
@@ -1,108 +0,0 @@
|
||||
// src/tests/integration/public.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import * as apiClient from '../../services/apiClient';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
describe('Public API Routes Integration Tests', () => {
|
||||
let createdFlyerId: number;
|
||||
let createdMasterItemId: number;
|
||||
|
||||
beforeAll(async () => {
|
||||
const pool = getPool();
|
||||
// Create a store for the flyer
|
||||
const storeRes = await pool.query(
|
||||
`INSERT INTO public.stores (name) VALUES ('Public Test Store') RETURNING store_id`,
|
||||
);
|
||||
const storeId = storeRes.rows[0].store_id;
|
||||
|
||||
// Create a flyer
|
||||
const flyerRes = await pool.query(
|
||||
`INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum)
|
||||
VALUES ($1, 'public-test.jpg', 'http://test.com/public.jpg', 0, $2) RETURNING flyer_id`,
|
||||
[storeId, `checksum-public-${Date.now()}`],
|
||||
);
|
||||
createdFlyerId = flyerRes.rows[0].flyer_id;
|
||||
|
||||
// Create a master item. Assumes a category with ID 1 exists from static seeds.
|
||||
const masterItemRes = await pool.query(
|
||||
`INSERT INTO public.master_grocery_items (name, category_id) VALUES ('Public Test Item', 1) RETURNING master_grocery_item_id`,
|
||||
);
|
||||
createdMasterItemId = masterItemRes.rows[0].master_grocery_item_id;
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const pool = getPool();
|
||||
// Cleanup in reverse order of creation
|
||||
if (createdMasterItemId) {
|
||||
await pool.query(
|
||||
'DELETE FROM public.master_grocery_items WHERE master_grocery_item_id = $1',
|
||||
[createdMasterItemId],
|
||||
);
|
||||
}
|
||||
if (createdFlyerId) {
|
||||
await pool.query('DELETE FROM public.flyers WHERE flyer_id = $1', [createdFlyerId]);
|
||||
}
|
||||
});
|
||||
|
||||
describe('Health Check Endpoints', () => {
|
||||
it('GET /api/health/ping should return "pong"', async () => {
|
||||
const response = await apiClient.pingBackend();
|
||||
expect(response.ok).toBe(true);
|
||||
expect(await response.text()).toBe('pong');
|
||||
});
|
||||
|
||||
it('GET /api/health/db-schema should return success', async () => {
|
||||
const response = await apiClient.checkDbSchema();
|
||||
const result = await response.json();
|
||||
expect(result.success).toBe(true);
|
||||
expect(result.message).toBe('All required database tables exist.');
|
||||
});
|
||||
|
||||
it('GET /api/health/storage should return success', async () => {
|
||||
// This assumes the STORAGE_PATH is correctly set up for the test environment
|
||||
const response = await apiClient.checkStorage();
|
||||
const result = await response.json();
|
||||
expect(result.success).toBe(true);
|
||||
expect(result.message).toContain('is accessible and writable');
|
||||
});
|
||||
|
||||
it('GET /api/health/db-pool should return success', async () => {
|
||||
const response = await apiClient.checkDbPoolHealth();
|
||||
// The pingBackend function returns a boolean directly, so no .json() call is needed.
|
||||
// However, checkDbPoolHealth returns a Response, so we need to parse it.
|
||||
const result = await response.json();
|
||||
expect(result.success).toBe(true);
|
||||
expect(result.message).toContain('Pool Status:');
|
||||
});
|
||||
});
|
||||
|
||||
describe('Public Data Endpoints', () => {
|
||||
it('GET /api/flyers should return a list of flyers', async () => {
|
||||
const response = await apiClient.fetchFlyers();
|
||||
const flyers = await response.json();
|
||||
expect(flyers).toBeInstanceOf(Array);
|
||||
// We created a flyer, so we expect it to be in the list.
|
||||
expect(flyers.length).toBeGreaterThan(0);
|
||||
const foundFlyer = flyers.find((f: { flyer_id: number }) => f.flyer_id === createdFlyerId);
|
||||
expect(foundFlyer).toBeDefined();
|
||||
expect(foundFlyer).toHaveProperty('store');
|
||||
});
|
||||
|
||||
it('GET /api/master-items should return a list of master items', async () => {
|
||||
const response = await apiClient.fetchMasterItems();
|
||||
const masterItems = await response.json();
|
||||
expect(masterItems).toBeInstanceOf(Array);
|
||||
// We created a master item, so we expect it to be in the list.
|
||||
expect(masterItems.length).toBeGreaterThan(0);
|
||||
const foundItem = masterItems.find(
|
||||
(i: { master_grocery_item_id: number }) => i.master_grocery_item_id === createdMasterItemId,
|
||||
);
|
||||
expect(foundItem).toBeDefined();
|
||||
expect(foundItem).toHaveProperty('category_name');
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -1,6 +1,7 @@
|
||||
// src/tests/integration/public.routes.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import type {
|
||||
Flyer,
|
||||
FlyerItem,
|
||||
@@ -13,8 +14,11 @@ import type {
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import { createAndLoginUser } from '../utils/testHelpers';
|
||||
|
||||
const API_URL = process.env.VITE_API_BASE_URL || 'http://localhost:3001/api';
|
||||
const request = supertest(API_URL.replace('/api', '')); // supertest needs the server's base URL
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
const request = supertest(app);
|
||||
|
||||
describe('Public API Routes Integration Tests', () => {
|
||||
// Shared state for tests
|
||||
@@ -97,17 +101,17 @@ describe('Public API Routes Integration Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body.success).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe('Public Data Endpoints', () => {
|
||||
it('GET /api/time should return the server time', async () => {
|
||||
const response = await request.get('/api/time');
|
||||
it('GET /api/health/time should return the server time', async () => {
|
||||
const response = await request.get('/api/health/time');
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body).toHaveProperty('currentTime');
|
||||
expect(response.body).toHaveProperty('year');
|
||||
expect(response.body).toHaveProperty('week');
|
||||
});
|
||||
});
|
||||
|
||||
describe('Public Data Endpoints', () => {
|
||||
it('GET /api/flyers should return a list of flyers', async () => {
|
||||
const response = await request.get('/api/flyers');
|
||||
const flyers: Flyer[] = response.body;
|
||||
@@ -126,25 +130,25 @@ describe('Public API Routes Integration Tests', () => {
|
||||
expect(items[0].flyer_id).toBe(testFlyer.flyer_id);
|
||||
});
|
||||
|
||||
it('POST /api/flyer-items/batch-fetch should return items for multiple flyers', async () => {
|
||||
it('POST /api/flyers/items/batch-fetch should return items for multiple flyers', async () => {
|
||||
const flyerIds = [testFlyer.flyer_id];
|
||||
const response = await request.post('/api/flyer-items/batch-fetch').send({ flyerIds });
|
||||
const response = await request.post('/api/flyers/items/batch-fetch').send({ flyerIds });
|
||||
const items: FlyerItem[] = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(items).toBeInstanceOf(Array);
|
||||
expect(items.length).toBeGreaterThan(0);
|
||||
});
|
||||
|
||||
it('POST /api/flyer-items/batch-count should return a count for multiple flyers', async () => {
|
||||
it('POST /api/flyers/items/batch-count should return a count for multiple flyers', async () => {
|
||||
const flyerIds = [testFlyer.flyer_id];
|
||||
const response = await request.post('/api/flyer-items/batch-count').send({ flyerIds });
|
||||
const response = await request.post('/api/flyers/items/batch-count').send({ flyerIds });
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body.count).toBeTypeOf('number');
|
||||
expect(response.body.count).toBeGreaterThan(0);
|
||||
});
|
||||
|
||||
it('GET /api/master-items should return a list of master grocery items', async () => {
|
||||
const response = await request.get('/api/master-items');
|
||||
it('GET /api/personalization/master-items should return a list of master grocery items', async () => {
|
||||
const response = await request.get('/api/personalization/master-items');
|
||||
const masterItems = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(masterItems).toBeInstanceOf(Array);
|
||||
@@ -190,9 +194,9 @@ describe('Public API Routes Integration Tests', () => {
|
||||
expect(items).toBeInstanceOf(Array);
|
||||
});
|
||||
|
||||
it('GET /api/dietary-restrictions should return a list of restrictions', async () => {
|
||||
it('GET /api/personalization/dietary-restrictions should return a list of restrictions', async () => {
|
||||
// This test relies on static seed data for a lookup table, which is acceptable.
|
||||
const response = await request.get('/api/dietary-restrictions');
|
||||
const response = await request.get('/api/personalization/dietary-restrictions');
|
||||
const restrictions: DietaryRestriction[] = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(restrictions).toBeInstanceOf(Array);
|
||||
@@ -200,8 +204,8 @@ describe('Public API Routes Integration Tests', () => {
|
||||
expect(restrictions[0]).toHaveProperty('dietary_restriction_id');
|
||||
});
|
||||
|
||||
it('GET /api/appliances should return a list of appliances', async () => {
|
||||
const response = await request.get('/api/appliances');
|
||||
it('GET /api/personalization/appliances should return a list of appliances', async () => {
|
||||
const response = await request.get('/api/personalization/appliances');
|
||||
const appliances: Appliance[] = response.body;
|
||||
expect(response.status).toBe(200);
|
||||
expect(appliances).toBeInstanceOf(Array);
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
// src/tests/integration/system.integration.test.ts
|
||||
import { describe, it, expect } from 'vitest';
|
||||
import * as apiClient from '../../services/apiClient';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
|
||||
/**
|
||||
* @vitest-environment node
|
||||
@@ -9,15 +10,16 @@ import * as apiClient from '../../services/apiClient';
|
||||
describe('System API Routes Integration Tests', () => {
|
||||
describe('GET /api/system/pm2-status', () => {
|
||||
it('should return a status for PM2', async () => {
|
||||
const request = supertest(app);
|
||||
// In a typical CI environment without PM2, this will fail gracefully.
|
||||
// The test verifies that the endpoint responds correctly, even if PM2 isn't running.
|
||||
const response = await apiClient.checkPm2Status();
|
||||
const result = await response.json();
|
||||
const response = await request.get('/api/system/pm2-status');
|
||||
const result = response.body;
|
||||
expect(result).toBeDefined();
|
||||
expect(result).toHaveProperty('message');
|
||||
// If the response is successful (200 OK), it must have a 'success' property.
|
||||
// If it's an error (e.g., 500 because pm2 command not found), it will only have 'message'.
|
||||
if (response.ok) {
|
||||
if (response.status === 200) {
|
||||
expect(result).toHaveProperty('success');
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
// src/tests/integration/user.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import * as apiClient from '../../services/apiClient';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import { logger } from '../../services/logger.server';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import type { UserProfile, MasterGroceryItem, ShoppingList } from '../../types';
|
||||
@@ -10,25 +11,12 @@ import { createAndLoginUser, TEST_PASSWORD } from '../utils/testHelpers';
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
const request = supertest(app);
|
||||
|
||||
describe('User API Routes Integration Tests', () => {
|
||||
let testUser: UserProfile;
|
||||
let authToken: string;
|
||||
|
||||
// --- START DEBUG LOGGING ---
|
||||
// Query the DB from within the test file to see its state.
|
||||
beforeAll(async () => {
|
||||
const res = await getPool().query(
|
||||
'SELECT u.user_id, u.email, p.role FROM public.users u JOIN public.profiles p ON u.user_id = p.user_id',
|
||||
);
|
||||
console.log(
|
||||
'\n--- [user.integration.test.ts] Users found in DB from TEST perspective (beforeAll): ---',
|
||||
);
|
||||
console.table(res.rows);
|
||||
console.log(
|
||||
'-------------------------------------------------------------------------------------\n',
|
||||
);
|
||||
});
|
||||
// --- END DEBUG LOGGING ---
|
||||
// Before any tests run, create a new user and log them in.
|
||||
// The token will be used for all subsequent API calls in this test suite.
|
||||
beforeAll(async () => {
|
||||
@@ -62,11 +50,13 @@ describe('User API Routes Integration Tests', () => {
|
||||
|
||||
it('should fetch the authenticated user profile via GET /api/users/profile', async () => {
|
||||
// Act: Call the API endpoint using the authenticated token.
|
||||
const response = await apiClient.getAuthenticatedUserProfile({ tokenOverride: authToken });
|
||||
const profile = await response.json();
|
||||
const response = await request
|
||||
.get('/api/users/profile')
|
||||
.set('Authorization', `Bearer ${authToken}`);
|
||||
const profile = response.body;
|
||||
|
||||
// Assert: Verify the profile data matches the created user.
|
||||
expect(profile).toBeDefined();
|
||||
expect(response.status).toBe(200);
|
||||
expect(profile.user.user_id).toBe(testUser.user.user_id);
|
||||
expect(profile.user.email).toBe(testUser.user.email); // This was already correct
|
||||
expect(profile.full_name).toBe('Test User');
|
||||
@@ -80,20 +70,21 @@ describe('User API Routes Integration Tests', () => {
|
||||
};
|
||||
|
||||
// Act: Call the update endpoint with the new data and the auth token.
|
||||
const response = await apiClient.updateUserProfile(profileUpdates, {
|
||||
tokenOverride: authToken,
|
||||
});
|
||||
const updatedProfile = await response.json();
|
||||
const response = await request
|
||||
.put('/api/users/profile')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send(profileUpdates);
|
||||
const updatedProfile = response.body;
|
||||
|
||||
// Assert: Check that the returned profile reflects the changes.
|
||||
expect(updatedProfile).toBeDefined();
|
||||
expect(response.status).toBe(200);
|
||||
expect(updatedProfile.full_name).toBe('Updated Test User');
|
||||
|
||||
// Also, fetch the profile again to ensure the change was persisted.
|
||||
const refetchResponse = await apiClient.getAuthenticatedUserProfile({
|
||||
tokenOverride: authToken,
|
||||
});
|
||||
const refetchedProfile = await refetchResponse.json();
|
||||
const refetchResponse = await request
|
||||
.get('/api/users/profile')
|
||||
.set('Authorization', `Bearer ${authToken}`);
|
||||
const refetchedProfile = refetchResponse.body;
|
||||
expect(refetchedProfile.full_name).toBe('Updated Test User');
|
||||
});
|
||||
|
||||
@@ -104,14 +95,14 @@ describe('User API Routes Integration Tests', () => {
|
||||
};
|
||||
|
||||
// Act: Call the update endpoint.
|
||||
const response = await apiClient.updateUserPreferences(preferenceUpdates, {
|
||||
tokenOverride: authToken,
|
||||
});
|
||||
const updatedProfile = await response.json();
|
||||
const response = await request
|
||||
.put('/api/users/profile/preferences')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send(preferenceUpdates);
|
||||
const updatedProfile = response.body;
|
||||
|
||||
// Assert: Check that the preferences object in the returned profile is updated.
|
||||
expect(updatedProfile).toBeDefined();
|
||||
expect(updatedProfile.preferences).toBeDefined();
|
||||
expect(response.status).toBe(200);
|
||||
expect(updatedProfile.preferences?.darkMode).toBe(true);
|
||||
});
|
||||
|
||||
@@ -122,9 +113,14 @@ describe('User API Routes Integration Tests', () => {
|
||||
|
||||
// Act & Assert: Attempt to register and expect the promise to reject
|
||||
// with an error message indicating the password is too weak.
|
||||
const response = await apiClient.registerUser(email, weakPassword, 'Weak Password User');
|
||||
expect(response.ok).toBe(false);
|
||||
const errorData = (await response.json()) as { message: string; errors: { message: string }[] };
|
||||
const response = await request.post('/api/auth/register').send({
|
||||
email,
|
||||
password: weakPassword,
|
||||
full_name: 'Weak Password User',
|
||||
});
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const errorData = response.body as { message: string; errors: { message: string }[] };
|
||||
// For validation errors, the detailed messages are in the `errors` array.
|
||||
// We join them to check for the specific feedback from the password strength checker.
|
||||
const detailedErrorMessage = errorData.errors?.map((e) => e.message).join(' ');
|
||||
@@ -137,18 +133,22 @@ describe('User API Routes Integration Tests', () => {
|
||||
const { token: deletionToken } = await createAndLoginUser({ email: deletionEmail });
|
||||
|
||||
// Act: Call the delete endpoint with the correct password and token.
|
||||
const response = await apiClient.deleteUserAccount(TEST_PASSWORD, {
|
||||
tokenOverride: deletionToken,
|
||||
});
|
||||
const deleteResponse = await response.json();
|
||||
const response = await request
|
||||
.delete('/api/users/account')
|
||||
.set('Authorization', `Bearer ${deletionToken}`)
|
||||
.send({ password: TEST_PASSWORD });
|
||||
const deleteResponse = response.body;
|
||||
|
||||
// Assert: Check for a successful deletion message.
|
||||
expect(response.status).toBe(200);
|
||||
expect(deleteResponse.message).toBe('Account deleted successfully.');
|
||||
|
||||
// Assert (Verification): Attempting to log in again with the same credentials should now fail.
|
||||
const loginResponse = await apiClient.loginUser(deletionEmail, TEST_PASSWORD, false);
|
||||
expect(loginResponse.ok).toBe(false);
|
||||
const errorData = await loginResponse.json();
|
||||
const loginResponse = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: deletionEmail, password: TEST_PASSWORD });
|
||||
expect(loginResponse.status).toBe(401);
|
||||
const errorData = loginResponse.body;
|
||||
expect(errorData.message).toBe('Incorrect email or password.');
|
||||
});
|
||||
|
||||
@@ -158,12 +158,14 @@ describe('User API Routes Integration Tests', () => {
|
||||
const { user: resetUser } = await createAndLoginUser({ email: resetEmail });
|
||||
|
||||
// Act 1: Request a password reset. In our test environment, the token is returned in the response.
|
||||
const resetRequestRawResponse = await apiClient.requestPasswordReset(resetEmail);
|
||||
if (!resetRequestRawResponse.ok) {
|
||||
const errorData = await resetRequestRawResponse.json();
|
||||
const resetRequestRawResponse = await request
|
||||
.post('/api/auth/forgot-password')
|
||||
.send({ email: resetEmail });
|
||||
if (resetRequestRawResponse.status !== 200) {
|
||||
const errorData = resetRequestRawResponse.body;
|
||||
throw new Error(errorData.message || 'Password reset request failed');
|
||||
}
|
||||
const resetRequestResponse = await resetRequestRawResponse.json();
|
||||
const resetRequestResponse = resetRequestRawResponse.body;
|
||||
const resetToken = resetRequestResponse.token;
|
||||
|
||||
// Assert 1: Check that we received a token.
|
||||
@@ -172,19 +174,23 @@ describe('User API Routes Integration Tests', () => {
|
||||
|
||||
// Act 2: Use the token to set a new password.
|
||||
const newPassword = 'my-new-secure-password-!@#$';
|
||||
const resetRawResponse = await apiClient.resetPassword(resetToken!, newPassword);
|
||||
if (!resetRawResponse.ok) {
|
||||
const errorData = await resetRawResponse.json();
|
||||
const resetRawResponse = await request
|
||||
.post('/api/auth/reset-password')
|
||||
.send({ token: resetToken!, newPassword });
|
||||
if (resetRawResponse.status !== 200) {
|
||||
const errorData = resetRawResponse.body;
|
||||
throw new Error(errorData.message || 'Password reset failed');
|
||||
}
|
||||
const resetResponse = await resetRawResponse.json();
|
||||
const resetResponse = resetRawResponse.body;
|
||||
|
||||
// Assert 2: Check for a successful password reset message.
|
||||
expect(resetResponse.message).toBe('Password has been reset successfully.');
|
||||
|
||||
// Act 3 & Assert 3 (Verification): Log in with the NEW password to confirm the change.
|
||||
const loginResponse = await apiClient.loginUser(resetEmail, newPassword, false);
|
||||
const loginData = await loginResponse.json();
|
||||
const loginResponse = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: resetEmail, password: newPassword });
|
||||
const loginData = loginResponse.body;
|
||||
expect(loginData.userprofile).toBeDefined();
|
||||
expect(loginData.userprofile.user.user_id).toBe(resetUser.user.user_id);
|
||||
});
|
||||
@@ -192,20 +198,21 @@ describe('User API Routes Integration Tests', () => {
|
||||
describe('User Data Routes (Watched Items & Shopping Lists)', () => {
|
||||
it('should allow a user to add and remove a watched item', async () => {
|
||||
// Act 1: Add a new watched item. The API returns the created master item.
|
||||
const addResponse = await apiClient.addWatchedItem(
|
||||
'Integration Test Item',
|
||||
'Other/Miscellaneous',
|
||||
authToken,
|
||||
);
|
||||
const newItem = await addResponse.json();
|
||||
const addResponse = await request
|
||||
.post('/api/users/watched-items')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ itemName: 'Integration Test Item', category: 'Other/Miscellaneous' });
|
||||
const newItem = addResponse.body;
|
||||
|
||||
// Assert 1: Check that the item was created correctly.
|
||||
expect(newItem).toBeDefined();
|
||||
expect(addResponse.status).toBe(201);
|
||||
expect(newItem.name).toBe('Integration Test Item');
|
||||
|
||||
// Act 2: Fetch all watched items for the user.
|
||||
const watchedItemsResponse = await apiClient.fetchWatchedItems(authToken);
|
||||
const watchedItems = await watchedItemsResponse.json();
|
||||
const watchedItemsResponse = await request
|
||||
.get('/api/users/watched-items')
|
||||
.set('Authorization', `Bearer ${authToken}`);
|
||||
const watchedItems = watchedItemsResponse.body;
|
||||
|
||||
// Assert 2: Verify the new item is in the user's watched list.
|
||||
expect(
|
||||
@@ -216,11 +223,16 @@ describe('User API Routes Integration Tests', () => {
|
||||
).toBe(true);
|
||||
|
||||
// Act 3: Remove the watched item.
|
||||
await apiClient.removeWatchedItem(newItem.master_grocery_item_id, authToken);
|
||||
const removeResponse = await request
|
||||
.delete(`/api/users/watched-items/${newItem.master_grocery_item_id}`)
|
||||
.set('Authorization', `Bearer ${authToken}`);
|
||||
expect(removeResponse.status).toBe(204);
|
||||
|
||||
// Assert 3: Fetch again and verify the item is gone.
|
||||
const finalWatchedItemsResponse = await apiClient.fetchWatchedItems(authToken);
|
||||
const finalWatchedItems = await finalWatchedItemsResponse.json();
|
||||
const finalWatchedItemsResponse = await request
|
||||
.get('/api/users/watched-items')
|
||||
.set('Authorization', `Bearer ${authToken}`);
|
||||
const finalWatchedItems = finalWatchedItemsResponse.body;
|
||||
expect(
|
||||
finalWatchedItems.some(
|
||||
(item: MasterGroceryItem) =>
|
||||
@@ -231,31 +243,33 @@ describe('User API Routes Integration Tests', () => {
|
||||
|
||||
it('should allow a user to manage a shopping list', async () => {
|
||||
// Act 1: Create a new shopping list.
|
||||
const createListResponse = await apiClient.createShoppingList(
|
||||
'My Integration Test List',
|
||||
authToken,
|
||||
);
|
||||
const newList = await createListResponse.json();
|
||||
const createListResponse = await request
|
||||
.post('/api/users/shopping-lists')
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ name: 'My Integration Test List' });
|
||||
const newList = createListResponse.body;
|
||||
|
||||
// Assert 1: Check that the list was created.
|
||||
expect(newList).toBeDefined();
|
||||
expect(createListResponse.status).toBe(201);
|
||||
expect(newList.name).toBe('My Integration Test List');
|
||||
|
||||
// Act 2: Add an item to the new list.
|
||||
const addItemResponse = await apiClient.addShoppingListItem(
|
||||
newList.shopping_list_id,
|
||||
{ customItemName: 'Custom Test Item' },
|
||||
authToken,
|
||||
);
|
||||
const addedItem = await addItemResponse.json();
|
||||
const addItemResponse = await request
|
||||
.post(`/api/users/shopping-lists/${newList.shopping_list_id}/items`)
|
||||
.set('Authorization', `Bearer ${authToken}`)
|
||||
.send({ customItemName: 'Custom Test Item' });
|
||||
const addedItem = addItemResponse.body;
|
||||
|
||||
// Assert 2: Check that the item was added.
|
||||
expect(addedItem).toBeDefined();
|
||||
expect(addItemResponse.status).toBe(201);
|
||||
expect(addedItem.custom_item_name).toBe('Custom Test Item');
|
||||
|
||||
// Assert 3: Fetch all lists and verify the new item is present in the correct list.
|
||||
const fetchResponse = await apiClient.fetchShoppingLists(authToken);
|
||||
const lists = await fetchResponse.json();
|
||||
const fetchResponse = await request
|
||||
.get('/api/users/shopping-lists')
|
||||
.set('Authorization', `Bearer ${authToken}`);
|
||||
const lists = fetchResponse.body;
|
||||
expect(fetchResponse.status).toBe(200);
|
||||
const updatedList = lists.find(
|
||||
(l: ShoppingList) => l.shopping_list_id === newList.shopping_list_id,
|
||||
);
|
||||
|
||||
@@ -1,42 +1,30 @@
|
||||
// src/tests/integration/user.routes.integration.test.ts
|
||||
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
||||
import supertest from 'supertest';
|
||||
import app from '../../../server';
|
||||
import { getPool } from '../../services/db/connection.db';
|
||||
import type { UserProfile } from '../../types';
|
||||
import { createAndLoginUser } from '../utils/testHelpers';
|
||||
|
||||
const API_URL = process.env.VITE_API_BASE_URL || 'http://localhost:3001/api';
|
||||
const request = supertest(API_URL.replace('/api', '')); // supertest needs the server's base URL
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
|
||||
const request = supertest(app);
|
||||
|
||||
let authToken = '';
|
||||
let createdListId: number;
|
||||
let testUser: UserProfile;
|
||||
const testPassword = 'password-for-user-routes-test';
|
||||
|
||||
describe('User Routes Integration Tests (/api/users)', () => {
|
||||
// Authenticate once before all tests in this suite to get a JWT.
|
||||
beforeAll(async () => {
|
||||
// Create a new user for this test suite to avoid dependency on seeded data
|
||||
const testEmail = `user-routes-test-${Date.now()}@example.com`;
|
||||
|
||||
// 1. Register the user
|
||||
const registerResponse = await request
|
||||
.post('/api/auth/register')
|
||||
.send({ email: testEmail, password: testPassword, full_name: 'User Routes Test User' });
|
||||
expect(registerResponse.status).toBe(201);
|
||||
|
||||
// 2. Log in as the new user
|
||||
const loginResponse = await request
|
||||
.post('/api/auth/login')
|
||||
.send({ email: testEmail, password: testPassword });
|
||||
|
||||
if (loginResponse.status !== 200) {
|
||||
console.error('Login failed in beforeAll hook:', loginResponse.body);
|
||||
}
|
||||
|
||||
expect(loginResponse.status).toBe(200);
|
||||
expect(loginResponse.body.token).toBeDefined();
|
||||
authToken = loginResponse.body.token;
|
||||
testUser = loginResponse.body.userprofile;
|
||||
// Use the helper to create and log in a user in one step.
|
||||
const { user, token } = await createAndLoginUser({
|
||||
fullName: 'User Routes Test User',
|
||||
});
|
||||
testUser = user;
|
||||
authToken = token;
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
|
||||
27
src/utils/authUtils.ts
Normal file
27
src/utils/authUtils.ts
Normal file
@@ -0,0 +1,27 @@
|
||||
// src/utils/authUtils.ts
|
||||
import zxcvbn from 'zxcvbn';
|
||||
|
||||
/**
|
||||
* Validates the strength of a password using zxcvbn.
|
||||
* @param password The password to check.
|
||||
* @returns An object with `isValid` and an optional `feedback` message.
|
||||
*/
|
||||
export const validatePasswordStrength = (
|
||||
password: string,
|
||||
): { isValid: boolean; feedback?: string } => {
|
||||
const MIN_PASSWORD_SCORE = 3; // Require a 'Good' or 'Strong' password (score 3 or 4)
|
||||
const strength = zxcvbn(password);
|
||||
|
||||
if (strength.score < MIN_PASSWORD_SCORE) {
|
||||
const feedbackMessage =
|
||||
strength.feedback.warning ||
|
||||
(strength.feedback.suggestions && strength.feedback.suggestions[0]);
|
||||
return {
|
||||
isValid: false,
|
||||
feedback:
|
||||
`Password is too weak. ${feedbackMessage || 'Please choose a stronger password.'}`.trim(),
|
||||
};
|
||||
}
|
||||
|
||||
return { isValid: true };
|
||||
};
|
||||
32
src/utils/zodUtils.ts
Normal file
32
src/utils/zodUtils.ts
Normal file
@@ -0,0 +1,32 @@
|
||||
// src/utils/zodUtils.ts
|
||||
import { z } from 'zod';
|
||||
|
||||
/**
|
||||
* Helper for consistent required string validation (handles missing/null/empty).
|
||||
* @param message The error message for an empty string.
|
||||
*/
|
||||
export const requiredString = (message: string) =>
|
||||
z.preprocess((val) => val ?? '', z.string().min(1, message));
|
||||
|
||||
/**
|
||||
* A factory for creating a Zod schema that validates a numeric ID in the request parameters.
|
||||
* @param key The name of the parameter key (e.g., 'userId').
|
||||
* @param message A custom error message for invalid IDs.
|
||||
*/
|
||||
export const numericIdParam = (
|
||||
key: string,
|
||||
message = `Invalid ID for parameter '${key}'. Must be a positive integer.`,
|
||||
) =>
|
||||
z.object({
|
||||
params: z.object({ [key]: z.coerce.number().int({ message }).positive({ message }) }),
|
||||
});
|
||||
|
||||
/**
|
||||
* A factory for creating a Zod schema that validates a UUID in the request parameters.
|
||||
* @param key The name of the parameter key (e.g., 'userId').
|
||||
* @param message A custom error message for invalid UUIDs.
|
||||
*/
|
||||
export const uuidParamSchema = (key: string, message = `Invalid UUID for parameter '${key}'.`) =>
|
||||
z.object({
|
||||
params: z.object({ [key]: z.string().uuid({ message }) }),
|
||||
});
|
||||
Reference in New Issue
Block a user