torbo/flyer-crawler.projectium.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: torbo:v0.9.83
Branches Tags
torbo:main
torbo:v0.12.11 torbo:v0.12.10 torbo:v0.12.9 torbo:v0.12.8 torbo:v0.12.7 torbo:v0.12.6 torbo:v0.12.5 torbo:v0.12.4 torbo:v0.12.3 torbo:v0.12.2 torbo:v0.12.1 torbo:v0.12.0 torbo:v0.11.20 torbo:v0.11.19 torbo:v0.11.18 torbo:v0.11.17 torbo:v0.11.16 torbo:v0.11.15 torbo:v0.11.14 torbo:v0.11.13 torbo:v0.11.12 torbo:v0.11.11 torbo:v0.11.10 torbo:v0.11.9 torbo:v0.11.8 torbo:v0.11.7 torbo:v0.11.6 torbo:v0.11.5 torbo:v0.11.4 torbo:v0.11.3 torbo:v0.11.2 torbo:v0.11.1 torbo:v0.11.0 torbo:v0.10.0 torbo:v0.9.115 torbo:v0.9.114 torbo:v0.9.113 torbo:v0.9.112 torbo:v0.9.111 torbo:v0.9.110 torbo:v0.9.109 torbo:v0.9.108 torbo:v0.9.107 torbo:v0.9.106 torbo:v0.9.105 torbo:v0.9.104 torbo:v0.9.103 torbo:v0.9.102 torbo:v0.9.101 torbo:v0.9.100 torbo:v0.9.99 torbo:v0.9.98 torbo:v0.9.97 torbo:v0.9.96 torbo:v0.9.95 torbo:v0.9.94 torbo:v0.9.93 torbo:v0.9.92 torbo:v0.9.91 torbo:v0.9.90 torbo:v0.9.89 torbo:v0.9.88 torbo:v0.9.87 torbo:v0.9.86 torbo:v0.9.85 torbo:v0.9.84 torbo:v0.9.83 torbo:v0.9.82 torbo:v0.9.81 torbo:v0.9.80 torbo:v0.9.79 torbo:v0.9.78 torbo:v0.9.77 torbo:v0.9.76 torbo:v0.9.75 torbo:v0.9.74 torbo:v0.9.73 torbo:v0.9.72 torbo:v0.9.71 torbo:v0.9.70 torbo:v0.9.69 torbo:v0.9.68 torbo:v0.9.67 torbo:v0.9.66 torbo:v0.9.65 torbo:v0.9.64 torbo:v0.9.63 torbo:v0.9.62 torbo:v0.9.61 torbo:v0.9.60 torbo:v0.9.59 torbo:v0.9.58 torbo:v0.9.57 torbo:v0.9.56 torbo:v0.9.55 torbo:v0.9.54 torbo:v0.9.53 torbo:v0.9.52 torbo:v0.9.51 torbo:v0.9.50 torbo:v0.9.49 torbo:v0.9.48 torbo:v0.9.47 torbo:v0.9.46 torbo:v0.9.45 torbo:v0.9.44 torbo:v0.9.43 torbo:v0.9.42 torbo:v0.9.41 torbo:v0.9.38 torbo:v0.9.39 torbo:v0.9.37 torbo:v0.9.36 torbo:v0.9.35 torbo:v0.9.34 torbo:v0.9.33 torbo:v0.9.32 torbo:v0.9.31 torbo:v0.9.30 torbo:v0.9.29 torbo:v0.9.28 torbo:v0.9.27 torbo:v0.9.26 torbo:v0.9.25 torbo:v0.9.24 torbo:v0.9.23 torbo:v0.9.22 torbo:v0.9.21 torbo:v0.9.20 torbo:v0.9.19 torbo:v0.9.18 torbo:v0.9.17 torbo:v0.9.16 torbo:v0.9.15 torbo:v0.9.14 torbo:v0.9.13 torbo:v0.9.12 torbo:v0.9.11 torbo:v0.9.10 torbo:v0.9.9 torbo:v0.9.8 torbo:v0.9.7 torbo:v0.9.6 torbo:v0.9.5 torbo:v0.9.4 torbo:v0.9.3 torbo:v0.9.2 torbo:v0.9.1 torbo:v0.9.0 torbo:v0.8.0 torbo:v0.7.29 torbo:v0.7.28 torbo:v0.7.27 torbo:v0.7.26 torbo:v0.7.25 torbo:v0.7.24 torbo:v0.7.23 torbo:v0.7.22 torbo:v0.7.21 torbo:v0.7.20 torbo:v0.7.19 torbo:v0.7.18 torbo:v0.7.17 torbo:v0.7.16 torbo:v0.7.15 torbo:v0.7.14 torbo:v0.7.13 torbo:v0.7.12 torbo:v0.7.11 torbo:v0.7.10 torbo:v0.7.9 torbo:v0.7.8 torbo:v0.7.7 torbo:v0.7.6 torbo:v0.7.5 torbo:v0.7.4 torbo:v0.7.3 torbo:v0.7.2 torbo:v0.7.1 torbo:v0.7.0 torbo:v0.6.6 torbo:v0.6.5 torbo:v0.6.4 torbo:v0.6.3 torbo:v0.6.2 torbo:v0.6.1 torbo:v0.6.0 torbo:v0.5.5 torbo:v0.5.4 torbo:v0.5.3 torbo:v0.5.2 torbo:v0.5.1 torbo:v0.5.0 torbo:v0.4.6 torbo:v0.4.5 torbo:v0.4.4 torbo:v0.4.3 torbo:v0.4.2 torbo:v0.4.1 torbo:v0.4.0 torbo:v0.3.0 torbo:v0.2.37 torbo:v0.2.36 torbo:v0.2.35 torbo:v0.2.34 torbo:v0.2.33 torbo:v0.2.32 torbo:v0.2.31 torbo:v0.2.30 torbo:v0.2.29 torbo:v0.2.28 torbo:v0.2.27 torbo:v0.2.26 torbo:v0.2.25 torbo:v0.2.24 torbo:v0.2.23 torbo:v0.2.22 torbo:v0.2.21 torbo:v0.2.20 torbo:v0.2.19 torbo:v0.2.18 torbo:v0.2.15 torbo:v0.2.16 torbo:v0.2.14 torbo:v0.2.13 torbo:v0.2.12 torbo:v0.2.11 torbo:v0.2.10 torbo:v0.2.9 torbo:v0.2.8 torbo:v0.2.7 torbo:v0.2.6 torbo:v0.2.5 torbo:v0.2.4 torbo:v0.2.3 torbo:v0.2.2 torbo:v0.2.1 torbo:v0.2.0 torbo:v0.1.19 torbo:v0.1.18 torbo:v0.1.17 torbo:v0.1.16 torbo:v0.1.15 torbo:v0.1.14 torbo:v0.1.13 torbo:v0.1.12 torbo:v0.1.11 torbo:v0.1.10 torbo:v0.1.9 torbo:v0.1.8 torbo:v0.1.7 torbo:v0.1.6 torbo:v0.1.5 torbo:v0.1.4 torbo:v0.1.3 torbo:v0.1.2 torbo:v0.1.1 torbo:v0.1.0 torbo:v0.0.30 torbo:v0.0.29 torbo:v0.0.28 torbo:v0.0.27 torbo:v0.0.26 torbo:v0.0.25 torbo:v0.0.24 torbo:v0.0.23 torbo:v0.0.22 torbo:v0.0.21 torbo:v0.0.20 torbo:v0.0.19 torbo:v0.0.18 torbo:v0.0.17 torbo:v0.0.16 torbo:v0.0.15 torbo:v0.0.14 torbo:v0.0.13 torbo:v0.0.12 torbo:v0.0.11 torbo:v0.0.10 torbo:v0.0.9 torbo:v0.0.8 torbo:v0.0.7 torbo:v0.0.6 torbo:v0.0.5 torbo:v0.0.4 torbo:v0.0.3 torbo:v0.0.2 torbo:v0.0.1
...
compare: torbo:v0.9.97
Branches Tags
torbo:main
torbo:v0.12.11 torbo:v0.12.10 torbo:v0.12.9 torbo:v0.12.8 torbo:v0.12.7 torbo:v0.12.6 torbo:v0.12.5 torbo:v0.12.4 torbo:v0.12.3 torbo:v0.12.2 torbo:v0.12.1 torbo:v0.12.0 torbo:v0.11.20 torbo:v0.11.19 torbo:v0.11.18 torbo:v0.11.17 torbo:v0.11.16 torbo:v0.11.15 torbo:v0.11.14 torbo:v0.11.13 torbo:v0.11.12 torbo:v0.11.11 torbo:v0.11.10 torbo:v0.11.9 torbo:v0.11.8 torbo:v0.11.7 torbo:v0.11.6 torbo:v0.11.5 torbo:v0.11.4 torbo:v0.11.3 torbo:v0.11.2 torbo:v0.11.1 torbo:v0.11.0 torbo:v0.10.0 torbo:v0.9.115 torbo:v0.9.114 torbo:v0.9.113 torbo:v0.9.112 torbo:v0.9.111 torbo:v0.9.110 torbo:v0.9.109 torbo:v0.9.108 torbo:v0.9.107 torbo:v0.9.106 torbo:v0.9.105 torbo:v0.9.104 torbo:v0.9.103 torbo:v0.9.102 torbo:v0.9.101 torbo:v0.9.100 torbo:v0.9.99 torbo:v0.9.98 torbo:v0.9.97 torbo:v0.9.96 torbo:v0.9.95 torbo:v0.9.94 torbo:v0.9.93 torbo:v0.9.92 torbo:v0.9.91 torbo:v0.9.90 torbo:v0.9.89 torbo:v0.9.88 torbo:v0.9.87 torbo:v0.9.86 torbo:v0.9.85 torbo:v0.9.84 torbo:v0.9.83 torbo:v0.9.82 torbo:v0.9.81 torbo:v0.9.80 torbo:v0.9.79 torbo:v0.9.78 torbo:v0.9.77 torbo:v0.9.76 torbo:v0.9.75 torbo:v0.9.74 torbo:v0.9.73 torbo:v0.9.72 torbo:v0.9.71 torbo:v0.9.70 torbo:v0.9.69 torbo:v0.9.68 torbo:v0.9.67 torbo:v0.9.66 torbo:v0.9.65 torbo:v0.9.64 torbo:v0.9.63 torbo:v0.9.62 torbo:v0.9.61 torbo:v0.9.60 torbo:v0.9.59 torbo:v0.9.58 torbo:v0.9.57 torbo:v0.9.56 torbo:v0.9.55 torbo:v0.9.54 torbo:v0.9.53 torbo:v0.9.52 torbo:v0.9.51 torbo:v0.9.50 torbo:v0.9.49 torbo:v0.9.48 torbo:v0.9.47 torbo:v0.9.46 torbo:v0.9.45 torbo:v0.9.44 torbo:v0.9.43 torbo:v0.9.42 torbo:v0.9.41 torbo:v0.9.38 torbo:v0.9.39 torbo:v0.9.37 torbo:v0.9.36 torbo:v0.9.35 torbo:v0.9.34 torbo:v0.9.33 torbo:v0.9.32 torbo:v0.9.31 torbo:v0.9.30 torbo:v0.9.29 torbo:v0.9.28 torbo:v0.9.27 torbo:v0.9.26 torbo:v0.9.25 torbo:v0.9.24 torbo:v0.9.23 torbo:v0.9.22 torbo:v0.9.21 torbo:v0.9.20 torbo:v0.9.19 torbo:v0.9.18 torbo:v0.9.17 torbo:v0.9.16 torbo:v0.9.15 torbo:v0.9.14 torbo:v0.9.13 torbo:v0.9.12 torbo:v0.9.11 torbo:v0.9.10 torbo:v0.9.9 torbo:v0.9.8 torbo:v0.9.7 torbo:v0.9.6 torbo:v0.9.5 torbo:v0.9.4 torbo:v0.9.3 torbo:v0.9.2 torbo:v0.9.1 torbo:v0.9.0 torbo:v0.8.0 torbo:v0.7.29 torbo:v0.7.28 torbo:v0.7.27 torbo:v0.7.26 torbo:v0.7.25 torbo:v0.7.24 torbo:v0.7.23 torbo:v0.7.22 torbo:v0.7.21 torbo:v0.7.20 torbo:v0.7.19 torbo:v0.7.18 torbo:v0.7.17 torbo:v0.7.16 torbo:v0.7.15 torbo:v0.7.14 torbo:v0.7.13 torbo:v0.7.12 torbo:v0.7.11 torbo:v0.7.10 torbo:v0.7.9 torbo:v0.7.8 torbo:v0.7.7 torbo:v0.7.6 torbo:v0.7.5 torbo:v0.7.4 torbo:v0.7.3 torbo:v0.7.2 torbo:v0.7.1 torbo:v0.7.0 torbo:v0.6.6 torbo:v0.6.5 torbo:v0.6.4 torbo:v0.6.3 torbo:v0.6.2 torbo:v0.6.1 torbo:v0.6.0 torbo:v0.5.5 torbo:v0.5.4 torbo:v0.5.3 torbo:v0.5.2 torbo:v0.5.1 torbo:v0.5.0 torbo:v0.4.6 torbo:v0.4.5 torbo:v0.4.4 torbo:v0.4.3 torbo:v0.4.2 torbo:v0.4.1 torbo:v0.4.0 torbo:v0.3.0 torbo:v0.2.37 torbo:v0.2.36 torbo:v0.2.35 torbo:v0.2.34 torbo:v0.2.33 torbo:v0.2.32 torbo:v0.2.31 torbo:v0.2.30 torbo:v0.2.29 torbo:v0.2.28 torbo:v0.2.27 torbo:v0.2.26 torbo:v0.2.25 torbo:v0.2.24 torbo:v0.2.23 torbo:v0.2.22 torbo:v0.2.21 torbo:v0.2.20 torbo:v0.2.19 torbo:v0.2.18 torbo:v0.2.15 torbo:v0.2.16 torbo:v0.2.14 torbo:v0.2.13 torbo:v0.2.12 torbo:v0.2.11 torbo:v0.2.10 torbo:v0.2.9 torbo:v0.2.8 torbo:v0.2.7 torbo:v0.2.6 torbo:v0.2.5 torbo:v0.2.4 torbo:v0.2.3 torbo:v0.2.2 torbo:v0.2.1 torbo:v0.2.0 torbo:v0.1.19 torbo:v0.1.18 torbo:v0.1.17 torbo:v0.1.16 torbo:v0.1.15 torbo:v0.1.14 torbo:v0.1.13 torbo:v0.1.12 torbo:v0.1.11 torbo:v0.1.10 torbo:v0.1.9 torbo:v0.1.8 torbo:v0.1.7 torbo:v0.1.6 torbo:v0.1.5 torbo:v0.1.4 torbo:v0.1.3 torbo:v0.1.2 torbo:v0.1.1 torbo:v0.1.0 torbo:v0.0.30 torbo:v0.0.29 torbo:v0.0.28 torbo:v0.0.27 torbo:v0.0.26 torbo:v0.0.25 torbo:v0.0.24 torbo:v0.0.23 torbo:v0.0.22 torbo:v0.0.21 torbo:v0.0.20 torbo:v0.0.19 torbo:v0.0.18 torbo:v0.0.17 torbo:v0.0.16 torbo:v0.0.15 torbo:v0.0.14 torbo:v0.0.13 torbo:v0.0.12 torbo:v0.0.11 torbo:v0.0.10 torbo:v0.0.9 torbo:v0.0.8 torbo:v0.0.7 torbo:v0.0.6 torbo:v0.0.5 torbo:v0.0.4 torbo:v0.0.3 torbo:v0.0.2 torbo:v0.0.1

30 Commits
v0.9.83 ... v0.9.97

Author SHA1 Message Date
Gitea Actions
acbcb39cbe ci: Bump version to 0.9.97 [skip ci] 2026-01-13 03:34:42 +05:00
Torben Sorensen
a87a0b6af1 unit test repairs
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 17m12s
Details
2026-01-12 14:31:41 -08:00
Gitea Actions
abdc3cb6db ci: Bump version to 0.9.96 [skip ci] 2026-01-13 00:52:54 +05:00
Torben Sorensen
7a1bd50119 unit test repairs
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 17m42s
Details
2026-01-12 11:51:48 -08:00
Gitea Actions
87d75d0571 ci: Bump version to 0.9.95 [skip ci] 2026-01-13 00:04:10 +05:00
Torben Sorensen
faf2900c28 unit test repairs
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 16m43s
Details
2026-01-12 10:58:00 -08:00
Gitea Actions
5258efc179 ci: Bump version to 0.9.94 [skip ci] 2026-01-12 21:11:57 +05:00
Torben Sorensen
2a5cc5bb51 unit test repairs
Some checks failed
Deploy to Test Environment / deploy-to-test (push) Failing after 1m17s
Details
2026-01-12 08:10:37 -08:00
Gitea Actions
8eaee2844f ci: Bump version to 0.9.93 [skip ci] 2026-01-12 08:57:24 +05:00
Torben Sorensen
440a19c3a7 whoa - so much - new features (UPC,etc) - Sentry for app logging! so much more !
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 14m53s
Details
2026-01-11 19:55:10 -08:00
Torben Sorensen
4ae6d84240 sql fix
Some checks failed
Deploy to Test Environment / deploy-to-test (push) Has been cancelled
Details
2026-01-11 19:49:13 -08:00
Gitea Actions
5870e5c614 ci: Bump version to 0.9.92 [skip ci] 2026-01-12 08:20:09 +05:00
Torben Sorensen
2e7ebbd9ed whoa - so much - new features (UPC,etc) - Sentry for app logging! so much more !
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 14m47s
Details
2026-01-11 19:18:52 -08:00
Gitea Actions
dc3fa21359 ci: Bump version to 0.9.91 [skip ci] 2026-01-12 08:08:50 +05:00
Torben Sorensen
11aeac5edd whoa - so much - new features (UPC,etc) - Sentry for app logging! so much more !
Some checks failed
Deploy to Test Environment / deploy-to-test (push) Failing after 1m10s
Details
2026-01-11 19:07:02 -08:00
Gitea Actions
f6c0c082bc ci: Bump version to 0.9.90 [skip ci] 2026-01-11 15:05:48 +05:00
Torben Sorensen
4e22213cd1 all the new shiny things
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 15m54s
Details
2026-01-11 02:04:52 -08:00
Gitea Actions
9815eb3686 ci: Bump version to 0.9.89 [skip ci] 2026-01-11 12:58:20 +05:00
Torben Sorensen
2bf4a7c1e6 google + github oauth
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 15m39s
Details
2026-01-10 23:57:18 -08:00
Gitea Actions
5eed3f51f4 ci: Bump version to 0.9.88 [skip ci] 2026-01-11 12:01:25 +05:00
Torben Sorensen
d250932c05 all tests fixed? can it be?
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 15m28s
Details
2026-01-10 22:58:38 -08:00
Gitea Actions
7d1f964574 ci: Bump version to 0.9.87 [skip ci] 2026-01-11 08:30:29 +05:00
Torben Sorensen
3b69e58de3 remove useless windows testing files, fix testing?
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 14m1s
Details
2026-01-10 19:29:54 -08:00
Gitea Actions
5211aadd22 ci: Bump version to 0.9.86 [skip ci] 2026-01-11 08:05:21 +05:00
Torben Sorensen
a997d1d0b0 ranstack query fixes
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 13m21s
Details
2026-01-10 19:03:40 -08:00
Torben Sorensen
cf5f77c58e Adopt TanStack Query fixes 2026-01-10 19:02:42 -08:00
Gitea Actions
cf0f5bb820 ci: Bump version to 0.9.85 [skip ci] 2026-01-11 06:44:28 +05:00
Torben Sorensen
503e7084da Adopt TanStack Query fixes
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 14m41s
Details
2026-01-10 17:42:45 -08:00
Gitea Actions
d8aa19ac40 ci: Bump version to 0.9.84 [skip ci] 2026-01-10 23:45:42 +05:00
Torben Sorensen
dcd9452b8c Adopt TanStack Query
All checks were successful
Deploy to Test Environment / deploy-to-test (push) Successful in 13m46s
Details
2026-01-10 10:45:10 -08:00
208 changed files with 34599 additions and 1801 deletions
Expand all files Collapse all files

11
.claude/settings.local.json
View File

@@ -18,11 +18,9 @@
"Bash(PGPASSWORD=postgres psql:*)",
"Bash(npm search:*)",
"Bash(npx:*)",
"Bash(curl -s -H \"Authorization: token c72bc0f14f623fec233d3c94b3a16397fe3649ef\" https://gitea.projectium.com/api/v1/user)",
"Bash(curl:*)",
"Bash(powershell:*)",
"Bash(cmd.exe:*)",
"Bash(export NODE_ENV=test DB_HOST=localhost DB_USER=postgres DB_PASSWORD=postgres DB_NAME=flyer_crawler_dev REDIS_URL=redis://localhost:6379 FRONTEND_URL=http://localhost:5173 JWT_SECRET=test-jwt-secret:*)",
"Bash(npm run test:integration:*)",
"Bash(grep:*)",
"Bash(done)",
@@ -86,7 +84,14 @@
"Bash(node -e:*)",
"Bash(xargs -I {} sh -c 'if ! grep -q \"\"vi.mock.*apiClient\"\" \"\"{}\"\"; then echo \"\"{}\"\"; fi')",
"Bash(MSYS_NO_PATHCONV=1 podman exec:*)",
"Bash(docker ps:*)"
"Bash(docker ps:*)",
"Bash(find:*)",
"Bash(\"/c/Users/games3/.local/bin/uvx.exe\" markitdown-mcp --help)",
"Bash(git stash:*)",
"Bash(ping:*)",
"Bash(tee:*)",
"Bash(timeout 1800 podman exec flyer-crawler-dev npm run test:unit:*)",
"mcp__filesystem__edit_file"
]
}
}

27
.env.example
View File

@@ -41,6 +41,14 @@ FRONTEND_URL=http://localhost:3000
# REQUIRED: Secret key for signing JWT tokens (generate a random 64+ character string)
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
# OAuth Providers (Optional - enable social login)
# Google OAuth - https://console.cloud.google.com/apis/credentials
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# GitHub OAuth - https://github.com/settings/developers
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
# ===================
# AI/ML Services
# ===================
@@ -75,3 +83,22 @@ CLEANUP_WORKER_CONCURRENCY=10
# Worker lock duration in milliseconds (default: 2 minutes)
WORKER_LOCK_DURATION=120000
# ===================
# Error Tracking (ADR-015)
# ===================
# Sentry-compatible error tracking via Bugsink (self-hosted)
# DSNs are created in Bugsink UI at http://localhost:8000 (dev) or your production URL
# Backend DSN - for Express/Node.js errors
SENTRY_DSN=
# Frontend DSN - for React/browser errors (uses VITE_ prefix)
VITE_SENTRY_DSN=
# Environment name for error grouping (defaults to NODE_ENV)
SENTRY_ENVIRONMENT=development
VITE_SENTRY_ENVIRONMENT=development
# Enable/disable error tracking (default: true)
SENTRY_ENABLED=true
VITE_SENTRY_ENABLED=true
# Enable debug mode for SDK troubleshooting (default: false)
SENTRY_DEBUG=false
VITE_SENTRY_DEBUG=false

66
.gemini/settings.json
View File

@@ -1,66 +0,0 @@
{
"mcpServers": {
"gitea-projectium": {
"command": "d:\\gitea-mcp\\gitea-mcp.exe",
"args": ["run", "-t", "stdio"],
"env": {
"GITEA_HOST": "https://gitea.projectium.com",
"GITEA_ACCESS_TOKEN": "c72bc0f14f623fec233d3c94b3a16397fe3649ef"
}
},
"gitea-torbonium": {
"command": "d:\\gitea-mcp\\gitea-mcp.exe",
"args": ["run", "-t", "stdio"],
"env": {
"GITEA_HOST": "https://gitea.torbonium.com",
"GITEA_ACCESS_TOKEN": "391c9ddbe113378bc87bb8184800ba954648fcf8"
}
},
"gitea-lan": {
"command": "d:\\gitea-mcp\\gitea-mcp.exe",
"args": ["run", "-t", "stdio"],
"env": {
"GITEA_HOST": "https://gitea.torbolan.com",
"GITEA_ACCESS_TOKEN": "YOUR_LAN_TOKEN_HERE"
},
"disabled": true
},
"podman": {
"command": "D:\\nodejs\\npx.cmd",
"args": ["-y", "podman-mcp-server@latest"],
"env": {
"DOCKER_HOST": "npipe:////./pipe/podman-machine-default"
}
},
"filesystem": {
"command": "d:\\nodejs\\node.exe",
"args": [
"c:\\Users\\games3\\AppData\\Roaming\\npm\\node_modules\\@modelcontextprotocol\\server-filesystem\\dist\\index.js",
"d:\\gitea\\flyer-crawler.projectium.com\\flyer-crawler.projectium.com"
]
},
"fetch": {
"command": "D:\\nodejs\\npx.cmd",
"args": ["-y", "@modelcontextprotocol/server-fetch"]
},
"io.github.ChromeDevTools/chrome-devtools-mcp": {
"type": "stdio",
"command": "npx",
"args": ["chrome-devtools-mcp@0.12.1"],
"gallery": "https://api.mcp.github.com",
"version": "0.12.1"
},
"markitdown": {
"command": "C:\\Users\\games3\\.local\\bin\\uvx.exe",
"args": ["markitdown-mcp"]
},
"sequential-thinking": {
"command": "D:\\nodejs\\npx.cmd",
"args": ["-y", "@modelcontextprotocol/server-sequential-thinking"]
},
"memory": {
"command": "D:\\nodejs\\npx.cmd",
"args": ["-y", "@modelcontextprotocol/server-memory"]
}
}
}

12
.gitea/workflows/deploy-to-prod.yml
View File

@@ -98,6 +98,9 @@ jobs:
VITE_APP_VERSION="$(date +'%Y%m%d-%H%M'):$(git rev-parse --short HEAD):$PACKAGE_VERSION" \
VITE_APP_COMMIT_URL="$GITEA_SERVER_URL/${{ gitea.repository }}/commit/${{ gitea.sha }}" \
VITE_APP_COMMIT_MESSAGE="$COMMIT_MESSAGE" \
VITE_SENTRY_DSN="${{ secrets.VITE_SENTRY_DSN }}" \
VITE_SENTRY_ENVIRONMENT="production" \
VITE_SENTRY_ENABLED="true" \
VITE_API_BASE_URL=/api VITE_API_KEY=${{ secrets.VITE_GOOGLE_GENAI_API_KEY }} npm run build
- name: Deploy Application to Production Server
@@ -130,6 +133,15 @@ jobs:
SMTP_USER: ''
SMTP_PASS: ''
SMTP_FROM_EMAIL: 'noreply@flyer-crawler.projectium.com'
# OAuth Providers
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GITHUB_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GITHUB_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
# Sentry/Bugsink Error Tracking (ADR-015)
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_ENVIRONMENT: 'production'
SENTRY_ENABLED: 'true'
run: |
if [ -z "$DB_HOST" ] || [ -z "$DB_USER" ] || [ -z "$DB_PASSWORD" ] || [ -z "$DB_NAME" ]; then
echo "ERROR: One or more production database secrets (DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE_PROD) are not set."

33
.gitea/workflows/deploy-to-test.yml
View File

@@ -198,8 +198,8 @@ jobs:
--reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only || true
echo "--- Running E2E Tests ---"
# Run E2E tests using the dedicated E2E config which inherits from integration config.
# We still pass --coverage to enable it, but directory and timeout are now in the config.
# Run E2E tests using the dedicated E2E config.
# E2E uses port 3098, integration uses 3099 to avoid conflicts.
npx vitest run --config vitest.config.e2e.ts --coverage \
--coverage.exclude='**/*.test.ts' \
--coverage.exclude='**/tests/**' \
@@ -240,7 +240,19 @@ jobs:
# Run c8: read raw files from the temp dir, and output an Istanbul JSON report.
# We only generate the 'json' report here because it's all nyc needs for merging.
echo "Server coverage report about to be generated..."
npx c8 report --exclude='**/*.test.ts' --exclude='**/tests/**' --exclude='**/mocks/**' --reporter=json --temp-directory .coverage/tmp/integration-server --reports-dir .coverage/integration-server
npx c8 report \
--include='src/**' \
--exclude='**/*.test.ts' \
--exclude='**/*.test.tsx' \
--exclude='**/tests/**' \
--exclude='**/mocks/**' \
--exclude='hostexecutor/**' \
--exclude='scripts/**' \
--exclude='*.config.js' \
--exclude='*.config.ts' \
--reporter=json \
--temp-directory .coverage/tmp/integration-server \
--reports-dir .coverage/integration-server
echo "Server coverage report generated. Verifying existence:"
ls -l .coverage/integration-server/coverage-final.json
@@ -280,12 +292,18 @@ jobs:
--reporter=html \
--report-dir .coverage/ \
--temp-dir "$NYC_SOURCE_DIR" \
--include "src/**" \
--exclude "**/*.test.ts" \
--exclude "**/*.test.tsx" \
--exclude "**/tests/**" \
--exclude "**/mocks/**" \
--exclude "**/index.tsx" \
--exclude "**/vite-env.d.ts" \
--exclude "**/vitest.setup.ts"
--exclude "**/vitest.setup.ts" \
--exclude "hostexecutor/**" \
--exclude "scripts/**" \
--exclude "*.config.js" \
--exclude "*.config.ts"
# Re-enable secret masking for subsequent steps.
echo "::secret-masking::"
@@ -368,6 +386,9 @@ jobs:
VITE_APP_VERSION="$(date +'%Y%m%d-%H%M'):$(git rev-parse --short HEAD):$PACKAGE_VERSION" \
VITE_APP_COMMIT_URL="$GITEA_SERVER_URL/${{ gitea.repository }}/commit/${{ gitea.sha }}" \
VITE_APP_COMMIT_MESSAGE="$COMMIT_MESSAGE" \
VITE_SENTRY_DSN="${{ secrets.VITE_SENTRY_DSN_TEST }}" \
VITE_SENTRY_ENVIRONMENT="test" \
VITE_SENTRY_ENABLED="true" \
VITE_API_BASE_URL="https://flyer-crawler-test.projectium.com/api" VITE_API_KEY=${{ secrets.VITE_GOOGLE_GENAI_API_KEY_TEST }} npm run build
- name: Deploy Application to Test Server
@@ -428,6 +449,10 @@ jobs:
SMTP_USER: '' # Using MailHog, no auth needed
SMTP_PASS: '' # Using MailHog, no auth needed
SMTP_FROM_EMAIL: 'noreply@flyer-crawler-test.projectium.com'
# Sentry/Bugsink Error Tracking (ADR-015)
SENTRY_DSN: ${{ secrets.SENTRY_DSN_TEST }}
SENTRY_ENVIRONMENT: 'test'
SENTRY_ENABLED: 'true'
run: |
# Fail-fast check to ensure secrets are configured in Gitea.

12
.gitignore vendored
View File

@@ -11,9 +11,18 @@ node_modules
dist
dist-ssr
*.local
.env
*.tsbuildinfo
# Test coverage
coverage
.nyc_output
.coverage
# Test artifacts - flyer-images/ is a runtime directory
# Test fixtures are stored in src/tests/assets/ instead
flyer-images/
test-output.txt
# Editor directories and files
.vscode/*
@@ -25,3 +34,6 @@ coverage
*.njsproj
*.sln
*.sw?
Thumbs.db
.claude
nul

5
.nycrc.json Normal file
View File

@@ -0,0 +1,5 @@
{
"text": {
"maxCols": 200
}
}

327
CLAUDE.md
View File

@@ -1,25 +1,63 @@
# Claude Code Project Instructions
## Communication Style: Ask Before Assuming
**IMPORTANT**: When helping with tasks, **ask clarifying questions before making assumptions**. Do not assume:
- What steps the user has or hasn't completed
- What the user already knows or has configured
- What external services (OAuth providers, APIs, etc.) are already set up
- What secrets or credentials have already been created
Instead, ask the user to confirm the current state before providing instructions or making recommendations. This prevents wasted effort and respects the user's existing work.
## Platform Requirement: Linux Only
**CRITICAL**: This application is designed to run **exclusively on Linux**. See [ADR-014](docs/adr/0014-containerization-and-deployment-strategy.md) for full details.
### Environment Terminology
- **Dev Container** (or just "dev"): The containerized Linux development environment (`flyer-crawler-dev`). This is where all development and testing should occur.
- **Host**: The Windows machine running Podman/Docker and VS Code.
When instructions say "run in dev" or "run in the dev container", they mean executing commands inside the `flyer-crawler-dev` container.
### Test Execution Rules
1. **ALL tests MUST be executed on Linux** - either in the Dev Container or on a Linux host
2. **NEVER run tests directly on Windows** - test results from Windows are unreliable
3. **Always use the Dev Container for testing** when developing on Windows
1. **ALL tests MUST be executed in the dev container** - the Linux container environment
2. **NEVER run tests directly on Windows host** - test results from Windows are unreliable
3. **Always use the dev container for testing** when developing on Windows
### How to Run Tests Correctly
```bash
# If on Windows, first open VS Code and "Reopen in Container"
# Then run tests inside the container:
# Then run tests inside the dev container:
npm test # Run all unit tests
npm run test:unit # Run unit tests only
npm run test:integration # Run integration tests (requires DB/Redis)
```
### Running Tests via Podman (from Windows host)
The command to run unit tests in the dev container via podman:
```bash
podman exec -it flyer-crawler-dev npm run test:unit
```
The command to run integration tests in the dev container via podman:
```bash
podman exec -it flyer-crawler-dev npm run test:integration
```
For running specific test files:
```bash
podman exec -it flyer-crawler-dev npm test -- --run src/hooks/useAuth.test.tsx
```
### Why Linux Only?
- Path separators: Code uses POSIX-style paths (`/`) which may break on Windows
@@ -35,10 +73,20 @@ npm run test:integration # Run integration tests (requires DB/Redis)
## Development Workflow
1. Open project in VS Code
2. Use "Reopen in Container" (Dev Containers extension required)
3. Wait for container initialization to complete
4. Run `npm test` to verify environment is working
5. Make changes and run tests inside the container
2. Use "Reopen in Container" (Dev Containers extension required) to enter the dev environment
3. Wait for dev container initialization to complete
4. Run `npm test` to verify the dev environment is working
5. Make changes and run tests inside the dev container
## Code Change Verification
After making any code changes, **always run a type-check** to catch TypeScript errors before committing:
```bash
npm run type-check
```
This prevents linting/type errors from being introduced into the codebase.
## Quick Reference
@@ -49,3 +97,266 @@ npm run test:integration # Run integration tests (requires DB/Redis)
| `npm run test:integration` | Run integration tests |
| `npm run dev:container` | Start dev server (container) |
| `npm run build` | Build for production |
| `npm run type-check` | Run TypeScript type checking |
## Database Schema Files
**CRITICAL**: The database schema files must be kept in sync with each other. When making schema changes:
| File | Purpose |
| ------------------------------ | ----------------------------------------------------------- |
| `sql/master_schema_rollup.sql` | Complete schema used by test database setup and reference |
| `sql/initial_schema.sql` | Base schema without seed data, used as standalone reference |
| `sql/migrations/*.sql` | Incremental migrations for production database updates |
**Maintenance Rules:**
1. **Keep `master_schema_rollup.sql` and `initial_schema.sql` in sync** - These files should contain the same table definitions
2. **When adding columns via migration**, also add them to both `master_schema_rollup.sql` and `initial_schema.sql`
3. **Migrations are for production deployments** - They use `ALTER TABLE` to add columns incrementally
4. **Schema files are for fresh installs** - They define the complete table structure
5. **Test database uses `master_schema_rollup.sql`** - If schema files are out of sync with migrations, tests will fail
**Example:** When `002_expiry_tracking.sql` adds `purchase_date` to `pantry_items`, that column must also exist in the `CREATE TABLE` statements in both `master_schema_rollup.sql` and `initial_schema.sql`.
## Known Integration Test Issues and Solutions
This section documents common test issues encountered in integration tests, their root causes, and solutions. These patterns recur frequently.
### 1. Vitest globalSetup Runs in Separate Node.js Context
**Problem:** Vitest's `globalSetup` runs in a completely separate Node.js context from test files. This means:
- Singletons created in globalSetup are NOT the same instances as those in test files
- `global`, `globalThis`, and `process` are all isolated between contexts
- `vi.spyOn()` on module exports doesn't work cross-context
- Dependency injection via setter methods fails across contexts
**Affected Tests:** Any test trying to inject mocks into BullMQ worker services (e.g., AI failure tests, DB failure tests)
**Solution Options:**
1. Mark tests as `.todo()` until an API-based mock injection mechanism is implemented
2. Create test-only API endpoints that allow setting mock behaviors via HTTP
3. Use file-based or Redis-based mock flags that services check at runtime
**Example of affected code pattern:**
```typescript
// This DOES NOT work - different module instances
const { flyerProcessingService } = await import('../../services/workers.server');
flyerProcessingService._getAiProcessor()._setExtractAndValidateData(mockFn);
// The worker uses a different flyerProcessingService instance!
```
### 2. BullMQ Cleanup Queue Deleting Files Before Test Verification
**Problem:** The cleanup worker runs in the globalSetup context and processes cleanup jobs even when tests spy on `cleanupQueue.add()`. The spy intercepts calls in the test context, but jobs already queued run in the worker's context.
**Affected Tests:** EXIF/PNG metadata stripping tests that need to verify file contents before deletion
**Solution:** Drain and pause the cleanup queue before the test:
```typescript
const { cleanupQueue } = await import('../../services/queues.server');
await cleanupQueue.drain(); // Remove existing jobs
await cleanupQueue.pause(); // Prevent new jobs from processing
// ... run test ...
await cleanupQueue.resume(); // Restore normal operation
```
### 3. Cache Invalidation After Direct Database Inserts
**Problem:** Tests that insert data directly via SQL (bypassing the service layer) don't trigger cache invalidation. Subsequent API calls return stale cached data.
**Affected Tests:** Any test using `pool.query()` to insert flyers, stores, or other cached entities
**Solution:** Manually invalidate the cache after direct inserts:
```typescript
await pool.query('INSERT INTO flyers ...');
await cacheService.invalidateFlyers(); // Clear stale cache
```
### 4. Unique Filenames Required for Test Isolation
**Problem:** Multer generates predictable filenames in test environments, causing race conditions when multiple tests upload files concurrently or in sequence.
**Affected Tests:** Flyer processing tests, file upload tests
**Solution:** Always use unique filenames with timestamps:
```typescript
// In multer.middleware.ts
const uniqueSuffix = `${Date.now()}-${Math.round(Math.random() * 1e9)}`;
cb(null, `${file.fieldname}-${uniqueSuffix}-${sanitizedOriginalName}`);
```
### 5. Response Format Mismatches
**Problem:** API response formats may change, causing tests to fail when expecting old formats.
**Common Issues:**
- `response.body.data.jobId` vs `response.body.data.job.id`
- Nested objects vs flat response structures
- Type coercion (string vs number for IDs)
**Solution:** Always log response bodies during debugging and update test assertions to match actual API contracts.
### 6. External Service Availability
**Problem:** Tests depending on external services (PM2, Redis health checks) fail when those services aren't available in the test environment.
**Solution:** Use try/catch with graceful degradation or mock the external service checks.
## Secrets and Environment Variables
**CRITICAL**: This project uses **Gitea CI/CD secrets** for all sensitive configuration. There is NO `/etc/flyer-crawler/environment` file or similar local config file on the server.
### Server Directory Structure
| Path | Environment | Notes |
| --------------------------------------------- | ----------- | ------------------------------------------------ |
| `/var/www/flyer-crawler.projectium.com/` | Production | NO `.env` file - secrets injected via CI/CD only |
| `/var/www/flyer-crawler-test.projectium.com/` | Test | Has `.env.test` file for test-specific config |
### How Secrets Work
1. **Gitea Secrets**: All secrets are stored in Gitea repository settings (Settings → Secrets)
2. **CI/CD Injection**: Secrets are injected during deployment via `.gitea/workflows/deploy-to-prod.yml` and `deploy-to-test.yml`
3. **PM2 Environment**: The CI/CD workflow passes secrets to PM2 via environment variables, which are then available to the application
### Key Files for Configuration
| File | Purpose |
| ------------------------------------- | ---------------------------------------------------- |
| `src/config/env.ts` | Centralized config with Zod schema validation |
| `ecosystem.config.cjs` | PM2 process config - reads from `process.env` |
| `.gitea/workflows/deploy-to-prod.yml` | Production deployment with secret injection |
| `.gitea/workflows/deploy-to-test.yml` | Test deployment with secret injection |
| `.env.example` | Template showing all available environment variables |
| `.env.test` | Test environment overrides (only on test server) |
### Adding New Secrets
To add a new secret (e.g., `SENTRY_DSN`):
1. Add the secret to Gitea repository settings
2. Update the relevant workflow file (e.g., `deploy-to-prod.yml`) to inject it:
```yaml
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
```
3. Update `ecosystem.config.cjs` to read it from `process.env`
4. Update `src/config/env.ts` schema if validation is needed
5. Update `.env.example` to document the new variable
### Current Gitea Secrets
**Shared (used by both environments):**
- `DB_HOST`, `DB_USER`, `DB_PASSWORD` - Database credentials
- `JWT_SECRET` - Authentication
- `GOOGLE_MAPS_API_KEY` - Google Maps
- `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET` - Google OAuth
- `GH_CLIENT_ID`, `GH_CLIENT_SECRET` - GitHub OAuth
**Production-specific:**
- `DB_DATABASE_PROD` - Production database name
- `REDIS_PASSWORD_PROD` - Redis password (uses database 0)
- `VITE_GOOGLE_GENAI_API_KEY` - Gemini API key for production
- `SENTRY_DSN`, `VITE_SENTRY_DSN` - Bugsink error tracking DSNs (production projects)
**Test-specific:**
- `DB_DATABASE_TEST` - Test database name
- `REDIS_PASSWORD_TEST` - Redis password (uses database 1 for isolation)
- `VITE_GOOGLE_GENAI_API_KEY_TEST` - Gemini API key for test
- `SENTRY_DSN_TEST`, `VITE_SENTRY_DSN_TEST` - Bugsink error tracking DSNs (test projects)
### Test Environment
The test environment (`flyer-crawler-test.projectium.com`) uses **both** Gitea CI/CD secrets and a local `.env.test` file:
- **Gitea secrets**: Injected during deployment via `.gitea/workflows/deploy-to-test.yml`
- **`.env.test` file**: Located at `/var/www/flyer-crawler-test.projectium.com/.env.test` for local overrides
- **Redis database 1**: Isolates test job queues from production (which uses database 0)
- **PM2 process names**: Suffixed with `-test` (e.g., `flyer-crawler-api-test`)
### Dev Container Environment
The dev container runs its own **local Bugsink instance** - it does NOT connect to the production Bugsink server:
- **Local Bugsink**: Runs at `http://localhost:8000` inside the container
- **Pre-configured DSNs**: Set in `compose.dev.yml`, pointing to local instance
- **Admin credentials**: `admin@localhost` / `admin`
- **Isolated**: Dev errors stay local, don't pollute production/test dashboards
- **No Gitea secrets needed**: Everything is self-contained in the container
---
## MCP Servers
The following MCP servers are configured for this project:
| Server | Purpose |
| --------------------- | ------------------------------------------- |
| gitea-projectium | Gitea API for gitea.projectium.com |
| gitea-torbonium | Gitea API for gitea.torbonium.com |
| podman | Container management |
| filesystem | File system access |
| fetch | Web fetching |
| markitdown | Convert documents to markdown |
| sequential-thinking | Step-by-step reasoning |
| memory | Knowledge graph persistence |
| postgres | Direct database queries (localhost:5432) |
| playwright | Browser automation and testing |
| redis | Redis cache inspection (localhost:6379) |
| sentry-selfhosted-mcp | Error tracking via Bugsink (localhost:8000) |
**Note:** MCP servers are currently only available in **Claude CLI**. Due to a bug in Claude VS Code extension, MCP servers do not work there yet.
### Sentry/Bugsink MCP Server Setup (ADR-015)
To enable Claude Code to query and analyze application errors from Bugsink:
1. **Install the MCP server**:
```bash
# Clone the sentry-selfhosted-mcp repository
git clone https://github.com/ddfourtwo/sentry-selfhosted-mcp.git
cd sentry-selfhosted-mcp
npm install
```
2. **Configure Claude Code** (add to `.claude/mcp.json`):
```json
{
"sentry-selfhosted-mcp": {
"command": "node",
"args": ["/path/to/sentry-selfhosted-mcp/dist/index.js"],
"env": {
"SENTRY_URL": "http://localhost:8000",
"SENTRY_AUTH_TOKEN": "<get-from-bugsink-ui>",
"SENTRY_ORG_SLUG": "flyer-crawler"
}
}
}
```
3. **Get the auth token**:
- Navigate to Bugsink UI at `http://localhost:8000`
- Log in with admin credentials
- Go to Settings > API Keys
- Create a new API key with read access
4. **Available capabilities**:
- List projects and issues
- View detailed error events
- Search by error message or stack trace
- Update issue status (resolve, ignore)
- Add comments to issues

60
DEPLOYMENT.md
View File

@@ -204,8 +204,68 @@ pm2 restart flyer-crawler-api
---
## Error Tracking with Bugsink (ADR-015)
Bugsink is a self-hosted Sentry-compatible error tracking system. See [docs/adr/0015-application-performance-monitoring-and-error-tracking.md](docs/adr/0015-application-performance-monitoring-and-error-tracking.md) for the full architecture decision.
### Creating Bugsink Projects and DSNs
After Bugsink is installed and running, you need to create projects and obtain DSNs:
1. **Access Bugsink UI**: Navigate to `http://localhost:8000`
2. **Log in** with your admin credentials
3. **Create Backend Project**:
- Click "Create Project"
- Name: `flyer-crawler-backend`
- Platform: Node.js
- Copy the generated DSN (format: `http://<key>@localhost:8000/<project_id>`)
4. **Create Frontend Project**:
- Click "Create Project"
- Name: `flyer-crawler-frontend`
- Platform: React
- Copy the generated DSN
5. **Configure Environment Variables**:
```bash
# Backend (server-side)
export SENTRY_DSN=http://<backend-key>@localhost:8000/<backend-project-id>
# Frontend (client-side, exposed to browser)
export VITE_SENTRY_DSN=http://<frontend-key>@localhost:8000/<frontend-project-id>
# Shared settings
export SENTRY_ENVIRONMENT=production
export VITE_SENTRY_ENVIRONMENT=production
export SENTRY_ENABLED=true
export VITE_SENTRY_ENABLED=true
```
### Testing Error Tracking
Verify Bugsink is receiving events:
```bash
npx tsx scripts/test-bugsink.ts
```
This sends test error and info events. Check the Bugsink UI for:
- `BugsinkTestError` in the backend project
- Info message "Test info message from test-bugsink.ts"
### Sentry SDK v10+ HTTP DSN Limitation
The Sentry SDK v10+ enforces HTTPS-only DSNs by default. Since Bugsink runs locally over HTTP, our implementation uses the Sentry Store API directly instead of the SDK's built-in transport. This is handled transparently by the `sentry.server.ts` and `sentry.client.ts` modules.
---
## Related Documentation
- [Database Setup](DATABASE.md) - PostgreSQL and PostGIS configuration
- [Authentication Setup](AUTHENTICATION.md) - OAuth provider configuration
- [Installation Guide](INSTALL.md) - Local development setup
- [Bare-Metal Server Setup](docs/BARE-METAL-SETUP.md) - Manual server installation guide

228
Dockerfile.dev
View File

@@ -7,7 +7,7 @@
#
# Base: Ubuntu 22.04 (LTS) - matches production server
# Node: v20.x (LTS) - matches production
# Includes: PostgreSQL client, Redis CLI, build tools
# Includes: PostgreSQL client, Redis CLI, build tools, Bugsink, Logstash
# ============================================================================
FROM ubuntu:22.04
@@ -21,16 +21,23 @@ ENV DEBIAN_FRONTEND=noninteractive
# - curl: for downloading Node.js setup script and health checks
# - git: for version control operations
# - build-essential: for compiling native Node.js modules (node-gyp)
# - python3: required by some Node.js build tools
# - python3, python3-pip, python3-venv: for Bugsink
# - postgresql-client: for psql CLI (database initialization)
# - redis-tools: for redis-cli (health checks)
# - gnupg, apt-transport-https: for Elastic APT repository (Logstash)
# - openjdk-17-jre-headless: required by Logstash
RUN apt-get update && apt-get install -y \
curl \
git \
build-essential \
python3 \
python3-pip \
python3-venv \
postgresql-client \
redis-tools \
gnupg \
apt-transport-https \
openjdk-17-jre-headless \
&& rm -rf /var/lib/apt/lists/*
# ============================================================================
@@ -39,6 +46,204 @@ RUN apt-get update && apt-get install -y \
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y nodejs
# ============================================================================
# Install Logstash (Elastic APT Repository)
# ============================================================================
# ADR-015: Log aggregation for Pino and Redis logs → Bugsink
RUN curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg \
&& echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list \
&& apt-get update \
&& apt-get install -y logstash \
&& rm -rf /var/lib/apt/lists/*
# ============================================================================
# Install Bugsink (Python Package)
# ============================================================================
# ADR-015: Self-hosted Sentry-compatible error tracking
# Create a virtual environment for Bugsink to avoid conflicts
RUN python3 -m venv /opt/bugsink \
&& /opt/bugsink/bin/pip install --upgrade pip \
&& /opt/bugsink/bin/pip install bugsink gunicorn psycopg2-binary
# Create Bugsink directories and configuration
RUN mkdir -p /var/log/bugsink /var/lib/bugsink /opt/bugsink/conf
# Create Bugsink configuration file (Django settings module)
# This file is imported by bugsink-manage via DJANGO_SETTINGS_MODULE
# Based on bugsink/conf_templates/docker.py.template but customized for our setup
RUN echo 'import os\n\
from urllib.parse import urlparse\n\
\n\
from bugsink.settings.default import *\n\
from bugsink.settings.default import DATABASES, SILENCED_SYSTEM_CHECKS\n\
from bugsink.conf_utils import deduce_allowed_hosts, deduce_script_name\n\
\n\
IS_DOCKER = True\n\
\n\
# Security settings\n\
SECRET_KEY = os.getenv("SECRET_KEY")\n\
DEBUG = os.getenv("DEBUG", "False").lower() in ("true", "1", "yes")\n\
\n\
# Silence cookie security warnings for dev (no HTTPS)\n\
SILENCED_SYSTEM_CHECKS += ["security.W012", "security.W016"]\n\
\n\
# Database configuration from DATABASE_URL environment variable\n\
if os.getenv("DATABASE_URL"):\n\
DATABASE_URL = os.getenv("DATABASE_URL")\n\
parsed = urlparse(DATABASE_URL)\n\
\n\
if parsed.scheme in ["postgres", "postgresql"]:\n\
DATABASES["default"] = {\n\
"ENGINE": "django.db.backends.postgresql",\n\
"NAME": parsed.path.lstrip("/"),\n\
"USER": parsed.username,\n\
"PASSWORD": parsed.password,\n\
"HOST": parsed.hostname,\n\
"PORT": parsed.port or "5432",\n\
}\n\
\n\
# Snappea (background task runner) settings\n\
SNAPPEA = {\n\
"TASK_ALWAYS_EAGER": False,\n\
"WORKAHOLIC": True,\n\
"NUM_WORKERS": 2,\n\
"PID_FILE": None,\n\
}\n\
DATABASES["snappea"]["NAME"] = "/tmp/snappea.sqlite3"\n\
\n\
# Site settings\n\
_PORT = os.getenv("PORT", "8000")\n\
BUGSINK = {\n\
"BASE_URL": os.getenv("BASE_URL", f"http://localhost:{_PORT}"),\n\
"SITE_TITLE": os.getenv("SITE_TITLE", "Flyer Crawler Error Tracking"),\n\
"SINGLE_USER": os.getenv("SINGLE_USER", "True").lower() in ("true", "1", "yes"),\n\
"SINGLE_TEAM": os.getenv("SINGLE_TEAM", "True").lower() in ("true", "1", "yes"),\n\
"PHONEHOME": False,\n\
}\n\
\n\
ALLOWED_HOSTS = deduce_allowed_hosts(BUGSINK["BASE_URL"])\n\
\n\
# Console email backend for dev\n\
EMAIL_BACKEND = "bugsink.email_backends.QuietConsoleEmailBackend"\n\
' > /opt/bugsink/conf/bugsink_conf.py
# Create Bugsink startup script
# Uses DATABASE_URL environment variable (standard Docker approach per docs)
RUN echo '#!/bin/bash\n\
set -e\n\
\n\
# Build DATABASE_URL from individual env vars for flexibility\n\
export DATABASE_URL="postgresql://${BUGSINK_DB_USER:-bugsink}:${BUGSINK_DB_PASSWORD:-bugsink_dev_password}@${BUGSINK_DB_HOST:-postgres}:${BUGSINK_DB_PORT:-5432}/${BUGSINK_DB_NAME:-bugsink}"\n\
# SECRET_KEY is required by Bugsink/Django\n\
export SECRET_KEY="${BUGSINK_SECRET_KEY:-dev-bugsink-secret-key-minimum-50-characters-for-security}"\n\
\n\
# Create superuser if not exists (for dev convenience)\n\
if [ -n "$BUGSINK_ADMIN_EMAIL" ] && [ -n "$BUGSINK_ADMIN_PASSWORD" ]; then\n\
export CREATE_SUPERUSER="${BUGSINK_ADMIN_EMAIL}:${BUGSINK_ADMIN_PASSWORD}"\n\
fi\n\
\n\
# Wait for PostgreSQL to be ready\n\
until pg_isready -h ${BUGSINK_DB_HOST:-postgres} -p ${BUGSINK_DB_PORT:-5432} -U ${BUGSINK_DB_USER:-bugsink}; do\n\
echo "Waiting for PostgreSQL..."\n\
sleep 2\n\
done\n\
\n\
echo "PostgreSQL is ready. Starting Bugsink..."\n\
echo "DATABASE_URL: postgresql://${BUGSINK_DB_USER}:***@${BUGSINK_DB_HOST}:${BUGSINK_DB_PORT}/${BUGSINK_DB_NAME}"\n\
\n\
# Change to config directory so bugsink_conf.py can be found\n\
cd /opt/bugsink/conf\n\
\n\
# Run migrations\n\
echo "Running database migrations..."\n\
/opt/bugsink/bin/bugsink-manage migrate --noinput\n\
\n\
# Create superuser if CREATE_SUPERUSER is set (format: email:password)\n\
if [ -n "$CREATE_SUPERUSER" ]; then\n\
IFS=":" read -r ADMIN_EMAIL ADMIN_PASS <<< "$CREATE_SUPERUSER"\n\
/opt/bugsink/bin/bugsink-manage shell -c "\n\
from django.contrib.auth import get_user_model\n\
User = get_user_model()\n\
if not User.objects.filter(email='"'"'$ADMIN_EMAIL'"'"').exists():\n\
User.objects.create_superuser('"'"'$ADMIN_EMAIL'"'"', '"'"'$ADMIN_PASS'"'"')\n\
print('"'"'Superuser created'"'"')\n\
else:\n\
print('"'"'Superuser already exists'"'"')\n\
" || true\n\
fi\n\
\n\
# Start Bugsink with Gunicorn\n\
echo "Starting Gunicorn on port ${BUGSINK_PORT:-8000}..."\n\
exec /opt/bugsink/bin/gunicorn \\\n\
--bind 0.0.0.0:${BUGSINK_PORT:-8000} \\\n\
--workers ${BUGSINK_WORKERS:-2} \\\n\
--access-logfile - \\\n\
--error-logfile - \\\n\
bugsink.wsgi:application\n\
' > /usr/local/bin/start-bugsink.sh \
&& chmod +x /usr/local/bin/start-bugsink.sh
# ============================================================================
# Create Logstash Pipeline Configuration
# ============================================================================
# ADR-015: Pino and Redis logs → Bugsink
RUN mkdir -p /etc/logstash/conf.d /app/logs
RUN echo 'input {\n\
# Pino application logs\n\
file {\n\
path => "/app/logs/*.log"\n\
codec => json\n\
type => "pino"\n\
tags => ["app"]\n\
start_position => "beginning"\n\
sincedb_path => "/var/lib/logstash/sincedb_pino"\n\
}\n\
\n\
# Redis logs\n\
file {\n\
path => "/var/log/redis/*.log"\n\
type => "redis"\n\
tags => ["redis"]\n\
start_position => "beginning"\n\
sincedb_path => "/var/lib/logstash/sincedb_redis"\n\
}\n\
}\n\
\n\
filter {\n\
# Pino error detection (level 50 = error, 60 = fatal)\n\
if [type] == "pino" and [level] >= 50 {\n\
mutate { add_tag => ["error"] }\n\
}\n\
\n\
# Redis error detection\n\
if [type] == "redis" {\n\
grok {\n\
match => { "message" => "%%{POSINT:pid}:%%{WORD:role} %%{MONTHDAY} %%{MONTH} %%{TIME} %%{WORD:loglevel} %%{GREEDYDATA:redis_message}" }\n\
}\n\
if [loglevel] in ["WARNING", "ERROR"] {\n\
mutate { add_tag => ["error"] }\n\
}\n\
}\n\
}\n\
\n\
output {\n\
if "error" in [tags] {\n\
http {\n\
url => "http://localhost:8000/api/store/"\n\
http_method => "post"\n\
format => "json"\n\
}\n\
}\n\
\n\
# Debug output (comment out in production)\n\
stdout { codec => rubydebug }\n\
}\n\
' > /etc/logstash/conf.d/bugsink.conf
# Create Logstash sincedb directory
RUN mkdir -p /var/lib/logstash && chown -R logstash:logstash /var/lib/logstash
# ============================================================================
# Set Working Directory
# ============================================================================
@@ -52,6 +257,25 @@ ENV NODE_ENV=development
# Increase Node.js memory limit for large builds
ENV NODE_OPTIONS='--max-old-space-size=8192'
# Bugsink defaults (ADR-015)
ENV BUGSINK_DB_HOST=postgres
ENV BUGSINK_DB_PORT=5432
ENV BUGSINK_DB_NAME=bugsink
ENV BUGSINK_DB_USER=bugsink
ENV BUGSINK_DB_PASSWORD=bugsink_dev_password
ENV BUGSINK_PORT=8000
ENV BUGSINK_BASE_URL=http://localhost:8000
ENV BUGSINK_ADMIN_EMAIL=admin@localhost
ENV BUGSINK_ADMIN_PASSWORD=admin
# ============================================================================
# Expose Ports
# ============================================================================
# 3000 - Vite frontend
# 3001 - Express backend
# 8000 - Bugsink error tracking
EXPOSE 3000 3001 8000
# ============================================================================
# Default Command
# ============================================================================

1
INSTALL.md
View File

@@ -103,6 +103,7 @@ You are now inside the Ubuntu container's shell.
```
4. **Install Project Dependencies**:
```bash
npm install
```

3
README.testing.md Normal file
View File

@@ -0,0 +1,3 @@
using powershell on win10 use this command to run the integration tests only in the container
podman exec -i flyer-crawler-dev npm run test:integration 2>&1 | Tee-Object -FilePath test-output.txt

32
compose.dev.yml
View File

@@ -5,7 +5,7 @@
# This file defines the local development environment using Docker/Podman.
#
# Services:
# - app: Node.js application (API + Frontend)
# - app: Node.js application (API + Frontend + Bugsink + Logstash)
# - postgres: PostgreSQL 15 with PostGIS extension
# - redis: Redis for caching and job queues
#
@@ -18,6 +18,10 @@
# VS Code Dev Containers:
# This file is referenced by .devcontainer/devcontainer.json for seamless
# VS Code integration. Open the project in VS Code and use "Reopen in Container".
#
# Bugsink (ADR-015):
# Access error tracking UI at http://localhost:8000
# Default login: admin@localhost / admin
# ============================================================================
version: '3.8'
@@ -43,6 +47,7 @@ services:
ports:
- '3000:3000' # Frontend (Vite default)
- '3001:3001' # Backend API
- '8000:8000' # Bugsink error tracking (ADR-015)
environment:
# Core settings
- NODE_ENV=development
@@ -62,6 +67,26 @@ services:
- JWT_SECRET=dev-jwt-secret-change-in-production
# Worker settings
- WORKER_LOCK_DURATION=120000
# Bugsink error tracking (ADR-015)
- BUGSINK_DB_HOST=postgres
- BUGSINK_DB_PORT=5432
- BUGSINK_DB_NAME=bugsink
- BUGSINK_DB_USER=bugsink
- BUGSINK_DB_PASSWORD=bugsink_dev_password
- BUGSINK_PORT=8000
- BUGSINK_BASE_URL=http://localhost:8000
- BUGSINK_ADMIN_EMAIL=admin@localhost
- BUGSINK_ADMIN_PASSWORD=admin
- BUGSINK_SECRET_KEY=dev-bugsink-secret-key-minimum-50-characters-for-security
# Sentry SDK configuration (points to local Bugsink)
- SENTRY_DSN=http://59a58583-e869-7697-f94a-cfa0337676a8@localhost:8000/1
- VITE_SENTRY_DSN=http://d5fc5221-4266-ff2f-9af8-5689696072f3@localhost:8000/2
- SENTRY_ENVIRONMENT=development
- VITE_SENTRY_ENVIRONMENT=development
- SENTRY_ENABLED=true
- VITE_SENTRY_ENABLED=true
- SENTRY_DEBUG=true
- VITE_SENTRY_DEBUG=true
depends_on:
postgres:
condition: service_healthy
@@ -93,9 +118,10 @@ services:
POSTGRES_INITDB_ARGS: '--encoding=UTF8 --locale=C'
volumes:
- postgres_data:/var/lib/postgresql/data
# Mount the extensions init script to run on first database creation
# The 00- prefix ensures it runs before any other init scripts
# Mount init scripts to run on first database creation
# Scripts run in alphabetical order: 00-extensions, 01-bugsink
- ./sql/00-init-extensions.sql:/docker-entrypoint-initdb.d/00-init-extensions.sql:ro
- ./sql/01-init-bugsink.sh:/docker-entrypoint-initdb.d/01-init-bugsink.sh:ro
# Healthcheck ensures postgres is ready before app starts
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U postgres -d flyer_crawler_dev']

1132
docs/BARE-METAL-SETUP.md Normal file
View File

File diff suppressed because it is too large Load Diff

314
docs/adr/0015-application-performance-monitoring-and-error-tracking.md
View File

@@ -2,17 +2,321 @@
**Date**: 2025-12-12
**Status**: Proposed
**Status**: Accepted
**Updated**: 2026-01-11
## Context
While `ADR-004` established structured logging, the application lacks a high-level, aggregated view of its health, performance, and errors. It's difficult to spot trends, identify slow API endpoints, or be proactively notified of new types of errors.
While `ADR-004` established structured logging with Pino, the application lacks a high-level, aggregated view of its health, performance, and errors. It's difficult to spot trends, identify slow API endpoints, or be proactively notified of new types of errors.
Key requirements:
1. **Self-hosted**: No external SaaS dependencies for error tracking
2. **Sentry SDK compatible**: Leverage mature, well-documented SDKs
3. **Lightweight**: Minimal resource overhead in the dev container
4. **Production-ready**: Same architecture works on bare-metal production servers
5. **AI-accessible**: MCP server integration for Claude Code and other AI tools
## Decision
We will integrate a dedicated Application Performance Monitoring (APM) and error tracking service like **Sentry**, **Datadog**, or **New Relic**. This will define how the service is integrated to automatically capture and report unhandled exceptions, performance data (e.g., transaction traces, database query times), and release health.
We will implement a self-hosted error tracking stack using **Bugsink** as the Sentry-compatible backend, with the following components:
### 1. Error Tracking Backend: Bugsink
**Bugsink** is a lightweight, self-hosted Sentry alternative that:
- Runs as a single process (no Kafka, Redis, ClickHouse required)
- Is fully compatible with Sentry SDKs
- Supports ARM64 and AMD64 architectures
- Can use SQLite (dev) or PostgreSQL (production)
**Deployment**:
- **Dev container**: Installed as a systemd service inside the container
- **Production**: Runs as a systemd service on bare-metal, listening on localhost only
- **Database**: Uses PostgreSQL with a dedicated `bugsink` user and `bugsink` database (same PostgreSQL instance as the main application)
### 2. Backend Integration: @sentry/node
The Express backend will integrate `@sentry/node` SDK to:
- Capture unhandled exceptions before PM2/process manager restarts
- Report errors with full stack traces and context
- Integrate with Pino logger for breadcrumbs
- Track transaction performance (optional)
### 3. Frontend Integration: @sentry/react
The React frontend will integrate `@sentry/react` SDK to:
- Wrap the app in a Sentry Error Boundary
- Capture unhandled JavaScript errors
- Report errors with component stack traces
- Track user session context
- **Frontend Error Correlation**: The global API client (Axios/Fetch wrapper) MUST intercept 4xx/5xx responses. It MUST extract the `x-request-id` header (if present) and attach it to the Sentry scope as a tag `api_request_id` before re-throwing the error. This allows developers to copy the ID from Sentry and search for it in backend logs.
### 4. Log Aggregation: Logstash
**Logstash** parses application and infrastructure logs, forwarding error patterns to Bugsink:
- **Installation**: Installed inside the dev container (and on bare-metal prod servers)
- **Inputs**:
- Pino JSON logs from the Node.js application
- Redis logs (connection errors, memory warnings, slow commands)
- PostgreSQL function logs (future - see Implementation Steps)
- **Filter**: Identifies error-level logs (5xx responses, unhandled exceptions, Redis errors)
- **Output**: Sends to Bugsink via Sentry-compatible HTTP API
This provides a secondary error capture path for:
- Errors that occur before Sentry SDK initialization
- Log-based errors that don't throw exceptions
- Redis connection/performance issues
- Database function errors and slow queries
- Historical error analysis from log files
### 5. MCP Server Integration: sentry-selfhosted-mcp
For AI tool integration (Claude Code, Cursor, etc.), we use the open-source [sentry-selfhosted-mcp](https://github.com/ddfourtwo/sentry-selfhosted-mcp) server:
- **No code changes required**: Configurable via environment variables
- **Capabilities**: List projects, get issues, view events, update status, add comments
- **Configuration**:
- `SENTRY_URL`: Points to Bugsink instance
- `SENTRY_AUTH_TOKEN`: API token from Bugsink
- `SENTRY_ORG_SLUG`: Organization identifier
## Architecture
```text
┌─────────────────────────────────────────────────────────────────────────┐
│ Dev Container / Production Server │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Frontend │ │ Backend │ │
│ │ (React) │ │ (Express) │ │
│ │ @sentry/react │ │ @sentry/node │ │
│ └────────┬─────────┘ └────────┬─────────┘ │
│ │ │ │
│ │ Sentry SDK Protocol │ │
│ └───────────┬───────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────┐ │
│ │ Bugsink │ │
│ │ (localhost:8000) │◄──────────────────┐ │
│ │ │ │ │
│ │ PostgreSQL backend │ │ │
│ └──────────────────────┘ │ │
│ │ │
│ ┌──────────────────────┐ │ │
│ │ Logstash │───────────────────┘ │
│ │ (Log Aggregator) │ Sentry Output │
│ │ │ │
│ │ Inputs: │ │
│ │ - Pino app logs │ │
│ │ - Redis logs │ │
│ │ - PostgreSQL (future) │
│ └──────────────────────┘ │
│ ▲ ▲ ▲ │
│ │ │ │ │
│ ┌───────────┘ │ └───────────┐ │
│ │ │ │ │
│ ┌────┴─────┐ ┌─────┴────┐ ┌──────┴─────┐ │
│ │ Pino │ │ Redis │ │ PostgreSQL │ │
│ │ Logs │ │ Logs │ │ Logs (TBD) │ │
│ └──────────┘ └──────────┘ └────────────┘ │
│ │
│ ┌──────────────────────┐ │
│ │ PostgreSQL │ │
│ │ ┌────────────────┐ │ │
│ │ │ flyer_crawler │ │ (main app database) │
│ │ ├────────────────┤ │ │
│ │ │ bugsink │ │ (error tracking database) │
│ │ └────────────────┘ │ │
│ └──────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
External (Developer Machine):
┌──────────────────────────────────────┐
│ Claude Code / Cursor / VS Code │
│ ┌────────────────────────────────┐ │
│ │ sentry-selfhosted-mcp │ │
│ │ (MCP Server) │ │
│ │ │ │
│ │ SENTRY_URL=http://localhost:8000
│ │ SENTRY_AUTH_TOKEN=... │ │
│ │ SENTRY_ORG_SLUG=... │ │
│ └────────────────────────────────┘ │
└──────────────────────────────────────┘
```
## Configuration
### Environment Variables
| Variable | Description | Default (Dev) |
| ------------------ | ------------------------------ | -------------------------- |
| `BUGSINK_DSN` | Sentry-compatible DSN for SDKs | Set after project creation |
| `BUGSINK_ENABLED` | Enable/disable error reporting | `true` |
| `BUGSINK_BASE_URL` | Bugsink web UI URL (internal) | `http://localhost:8000` |
### PostgreSQL Setup
```sql
-- Create dedicated Bugsink database and user
CREATE USER bugsink WITH PASSWORD 'bugsink_dev_password';
CREATE DATABASE bugsink OWNER bugsink;
GRANT ALL PRIVILEGES ON DATABASE bugsink TO bugsink;
```
### Bugsink Configuration
```bash
# Environment variables for Bugsink service
SECRET_KEY=<random-50-char-string>
DATABASE_URL=postgresql://bugsink:bugsink_dev_password@localhost:5432/bugsink
BASE_URL=http://localhost:8000
PORT=8000
```
### Logstash Pipeline
```conf
# /etc/logstash/conf.d/bugsink.conf
# === INPUTS ===
input {
# Pino application logs
file {
path => "/app/logs/*.log"
codec => json
type => "pino"
tags => ["app"]
}
# Redis logs
file {
path => "/var/log/redis/*.log"
type => "redis"
tags => ["redis"]
}
# PostgreSQL logs (for function logging - future)
# file {
# path => "/var/log/postgresql/*.log"
# type => "postgres"
# tags => ["postgres"]
# }
}
# === FILTERS ===
filter {
# Pino error detection (level 50 = error, 60 = fatal)
if [type] == "pino" and [level] >= 50 {
mutate { add_tag => ["error"] }
}
# Redis error detection
if [type] == "redis" {
grok {
match => { "message" => "%{POSINT:pid}:%{WORD:role} %{MONTHDAY} %{MONTH} %{TIME} %{WORD:loglevel} %{GREEDYDATA:redis_message}" }
}
if [loglevel] in ["WARNING", "ERROR"] {
mutate { add_tag => ["error"] }
}
}
# PostgreSQL function error detection (future)
# if [type] == "postgres" {
# # Parse PostgreSQL log format and detect ERROR/FATAL levels
# }
}
# === OUTPUT ===
output {
if "error" in [tags] {
http {
url => "http://localhost:8000/api/store/"
http_method => "post"
format => "json"
# Sentry envelope format
}
}
}
```
## Implementation Steps
1. **Update Dockerfile.dev**:
- Install Bugsink (pip package or binary)
- Install Logstash (Elastic APT repository)
- Add systemd service files for both
2. **PostgreSQL initialization**:
- Add Bugsink user/database creation to `sql/00-init-extensions.sql`
3. **Backend SDK integration**:
- Install `@sentry/node`
- Initialize in `server.ts` before Express app
- Configure error handler middleware integration
4. **Frontend SDK integration**:
- Install `@sentry/react`
- Wrap `App` component with `Sentry.ErrorBoundary`
- Configure in `src/index.tsx`
5. **Environment configuration**:
- Add Bugsink variables to `src/config/env.ts`
- Update `.env.example` and `compose.dev.yml`
6. **Logstash configuration**:
- Create pipeline config for Pino → Bugsink
- Configure Pino to write to log file in addition to stdout
- Configure Redis log monitoring (connection errors, slow commands)
7. **MCP server documentation**:
- Document `sentry-selfhosted-mcp` setup in CLAUDE.md
8. **PostgreSQL function logging** (future):
- Configure PostgreSQL to log function execution errors
- Add Logstash input for PostgreSQL logs
- Define filter rules for function-level error detection
- _Note: Ask for implementation details when this step is reached_
## Consequences
**Positive**: Provides critical observability into the application's real-world behavior. Enables proactive identification and resolution of performance bottlenecks and errors. Improves overall application reliability and user experience.
**Negative**: Introduces a new third-party dependency and potential subscription costs. Requires initial setup and configuration of the APM/error tracking agent.
### Positive
- **Full observability**: Aggregated view of errors, trends, and performance
- **Self-hosted**: No external SaaS dependencies or subscription costs
- **SDK compatibility**: Leverages mature Sentry SDKs with excellent documentation
- **AI integration**: MCP server enables Claude Code to query and analyze errors
- **Unified architecture**: Same setup works in dev container and production
- **Lightweight**: Bugsink runs in a single process, unlike full Sentry (16GB+ RAM)
### Negative
- **Additional services**: Bugsink and Logstash add complexity to the container
- **PostgreSQL overhead**: Additional database for error tracking
- **Initial setup**: Requires configuration of multiple components
- **Logstash learning curve**: Pipeline configuration requires Logstash knowledge
## Alternatives Considered
1. **Full Sentry self-hosted**: Rejected due to complexity (Kafka, Redis, ClickHouse, 16GB+ RAM minimum)
2. **GlitchTip**: Considered, but Bugsink is lighter weight and easier to deploy
3. **Sentry SaaS**: Rejected due to self-hosted requirement
4. **Custom error aggregation**: Rejected in favor of proven Sentry SDK ecosystem
## References
- [Bugsink Documentation](https://www.bugsink.com/docs/)
- [Bugsink Docker Install](https://www.bugsink.com/docs/docker-install/)
- [@sentry/node Documentation](https://docs.sentry.io/platforms/javascript/guides/node/)
- [@sentry/react Documentation](https://docs.sentry.io/platforms/javascript/guides/react/)
- [sentry-selfhosted-mcp](https://github.com/ddfourtwo/sentry-selfhosted-mcp)
- [Logstash Reference](https://www.elastic.co/guide/en/logstash/current/index.html)

256
docs/adr/0018-api-documentation-strategy.md
View File

@@ -2,17 +2,265 @@
**Date**: 2025-12-12
**Status**: Proposed
**Status**: Accepted
**Implemented**: 2026-01-11
## Context
As the API grows, it becomes increasingly difficult for frontend developers and other consumers to understand its endpoints, request formats, and response structures. There is no single source of truth for API documentation.
Key requirements:
1. **Developer Experience**: Developers need interactive documentation to explore and test API endpoints.
2. **Code-Documentation Sync**: Documentation should stay in sync with the actual code to prevent drift.
3. **Low Maintenance Overhead**: The documentation approach should be "fast and lite" - minimal additional work for developers.
4. **Security**: Documentation should not expose sensitive information in production environments.
## Decision
We will adopt **OpenAPI (Swagger)** for API documentation. We will use tools (e.g., JSDoc annotations with `swagger-jsdoc`) to generate an `openapi.json` specification directly from the route handler source code. This specification will be served via a UI like Swagger UI for interactive exploration.
We will adopt **OpenAPI 3.0 (Swagger)** for API documentation using the following approach:
1. **JSDoc Annotations**: Use `swagger-jsdoc` to generate OpenAPI specs from JSDoc comments in route files.
2. **Swagger UI**: Use `swagger-ui-express` to serve interactive documentation at `/docs/api-docs`.
3. **Environment Restriction**: Only expose the Swagger UI in development and test environments, not production.
4. **Incremental Adoption**: Start with key public routes and progressively add annotations to all endpoints.
### Tooling Selection
| Tool | Purpose |
| -------------------- | ---------------------------------------------- |
| `swagger-jsdoc` | Generates OpenAPI 3.0 spec from JSDoc comments |
| `swagger-ui-express` | Serves interactive Swagger UI |
**Why JSDoc over separate schema files?**
- Documentation lives with the code, reducing drift
- No separate files to maintain
- Developers see documentation when editing routes
- Lower learning curve for the team
## Implementation Details
### OpenAPI Configuration
Located in `src/config/swagger.ts`:
```typescript
import swaggerJsdoc from 'swagger-jsdoc';
const options: swaggerJsdoc.Options = {
definition: {
openapi: '3.0.0',
info: {
title: 'Flyer Crawler API',
version: '1.0.0',
description: 'API for the Flyer Crawler application',
contact: {
name: 'API Support',
},
},
servers: [
{
url: '/api',
description: 'API server',
},
],
components: {
securitySchemes: {
bearerAuth: {
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT',
},
},
},
},
apis: ['./src/routes/*.ts'],
};
export const swaggerSpec = swaggerJsdoc(options);
```
### JSDoc Annotation Pattern
Each route handler should include OpenAPI annotations using the `@openapi` tag:
```typescript
/**
* @openapi
* /health/ping:
* get:
* summary: Simple ping endpoint
* description: Returns a pong response to verify server is responsive
* tags:
* - Health
* responses:
* 200:
* description: Server is responsive
* content:
* application/json:
* schema:
* type: object
* properties:
* success:
* type: boolean
* example: true
* data:
* type: object
* properties:
* message:
* type: string
* example: pong
*/
router.get('/ping', validateRequest(emptySchema), (_req: Request, res: Response) => {
return sendSuccess(res, { message: 'pong' });
});
```
### Route Documentation Priority
Document routes in this order of priority:
1. **Health Routes** - `/api/health/*` (public, critical for operations)
2. **Auth Routes** - `/api/auth/*` (public, essential for integration)
3. **Gamification Routes** - `/api/achievements/*` (simple, good example)
4. **Flyer Routes** - `/api/flyers/*` (core functionality)
5. **User Routes** - `/api/users/*` (common CRUD patterns)
6. **Remaining Routes** - Budget, Recipe, Admin, etc.
### Swagger UI Setup
In `server.ts`, add the Swagger UI middleware (development/test only):
```typescript
import swaggerUi from 'swagger-ui-express';
import { swaggerSpec } from './src/config/swagger';
// Only serve Swagger UI in non-production environments
if (process.env.NODE_ENV !== 'production') {
app.use('/docs/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec));
// Optionally expose raw JSON spec for tooling
app.get('/docs/api-docs.json', (_req, res) => {
res.setHeader('Content-Type', 'application/json');
res.send(swaggerSpec);
});
}
```
### Response Schema Standardization
All API responses follow the standardized format from [ADR-028](./0028-api-response-standardization.md):
```typescript
// Success response
{
"success": true,
"data": { ... }
}
// Error response
{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "Human-readable message"
}
}
```
Define reusable schema components for these patterns:
```typescript
/**
* @openapi
* components:
* schemas:
* SuccessResponse:
* type: object
* properties:
* success:
* type: boolean
* example: true
* data:
* type: object
* ErrorResponse:
* type: object
* properties:
* success:
* type: boolean
* example: false
* error:
* type: object
* properties:
* code:
* type: string
* message:
* type: string
*/
```
### Security Considerations
1. **Production Disabled**: Swagger UI is not available in production to prevent information disclosure.
2. **No Sensitive Data**: Never include actual secrets, tokens, or PII in example values.
3. **Authentication Documented**: Clearly document which endpoints require authentication.
## API Route Tags
Organize endpoints using consistent tags:
| Tag | Description | Routes |
| ------------ | ---------------------------------- | --------------------- |
| Health | Server health and readiness checks | `/api/health/*` |
| Auth | Authentication and authorization | `/api/auth/*` |
| Users | User profile management | `/api/users/*` |
| Flyers | Flyer uploads and retrieval | `/api/flyers/*` |
| Achievements | Gamification and leaderboards | `/api/achievements/*` |
| Budgets | Budget tracking | `/api/budgets/*` |
| Recipes | Recipe management | `/api/recipes/*` |
| Admin | Administrative operations | `/api/admin/*` |
| System | System status and monitoring | `/api/system/*` |
## Testing
Verify API documentation is correct by:
1. **Manual Review**: Navigate to `/docs/api-docs` and test each endpoint.
2. **Spec Validation**: Use OpenAPI validators to check the generated spec.
3. **Integration Tests**: Existing integration tests serve as implicit documentation verification.
## Consequences
- **Positive**: Creates a single source of truth for API documentation that stays in sync with the code. Enables auto-generation of client SDKs and simplifies testing.
- **Negative**: Requires developers to maintain JSDoc annotations on all routes. Adds a build step and new dependencies to the project.
### Positive
- **Single Source of Truth**: Documentation lives with the code and stays in sync.
- **Interactive Exploration**: Developers can try endpoints directly from the UI.
- **SDK Generation**: OpenAPI spec enables automatic client SDK generation.
- **Onboarding**: New developers can quickly understand the API surface.
- **Low Overhead**: JSDoc annotations are minimal additions to existing code.
### Negative
- **Maintenance Required**: Developers must update annotations when routes change.
- **Build Dependency**: Adds `swagger-jsdoc` and `swagger-ui-express` packages.
- **Initial Investment**: Existing routes need annotations added incrementally.
### Mitigation
- Include documentation checks in code review process.
- Start with high-priority routes and expand coverage over time.
- Use TypeScript types to reduce documentation duplication where possible.
## Key Files
- `src/config/swagger.ts` - OpenAPI configuration
- `src/routes/*.ts` - Route files with JSDoc annotations
- `server.ts` - Swagger UI middleware setup
## Related ADRs
- [ADR-003](./0003-standardized-input-validation-using-middleware.md) - Input Validation (Zod schemas)
- [ADR-028](./0028-api-response-standardization.md) - Response Standardization
- [ADR-016](./0016-api-security-hardening.md) - Security Hardening

22
docs/adr/0048-authentication-strategy.md
View File

@@ -31,17 +31,17 @@ We will implement a stateless JWT-based authentication system with the following
## Current Implementation Status
| Component | Status | Notes |
| ------------------------ | --------------- | ------------------------------------------------ |
| **Local Authentication** | Enabled | Email/password with bcrypt (salt rounds = 10) |
| **JWT Access Tokens** | Enabled | 15-minute expiry, `Authorization: Bearer` header |
| **Refresh Tokens** | Enabled | 7-day expiry, HTTP-only cookie |
| **Account Lockout** | Enabled | 5 failed attempts, 15-minute lockout |
| **Password Reset** | Enabled | Email-based token flow |
| **Google OAuth** | Disabled | Code present, commented out |
| **GitHub OAuth** | Disabled | Code present, commented out |
| **OAuth Routes** | Disabled | Endpoints commented out |
| **OAuth Frontend UI** | Not Implemented | No login buttons exist |
| Component | Status | Notes |
| ------------------------ | ------- | ----------------------------------------------------------- |
| **Local Authentication** | Enabled | Email/password with bcrypt (salt rounds = 10) |
| **JWT Access Tokens** | Enabled | 15-minute expiry, `Authorization: Bearer` header |
| **Refresh Tokens** | Enabled | 7-day expiry, HTTP-only cookie |
| **Account Lockout** | Enabled | 5 failed attempts, 15-minute lockout |
| **Password Reset** | Enabled | Email-based token flow |
| **Google OAuth** | Enabled | Requires GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET env vars |
| **GitHub OAuth** | Enabled | Requires GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET env vars |
| **OAuth Routes** | Enabled | `/api/auth/google`, `/api/auth/github` + callbacks |
| **OAuth Frontend UI** | Enabled | Login buttons in AuthView.tsx |
## Implementation Details

299
docs/adr/0049-gamification-and-achievement-system.md Normal file
View File

@@ -0,0 +1,299 @@
# ADR-049: Gamification and Achievement System
**Date**: 2026-01-11
**Status**: Accepted
**Implemented**: 2026-01-11
## Context
The application implements a gamification system to encourage user engagement through achievements and points. Users earn achievements for completing specific actions within the platform, and these achievements contribute to a points-based leaderboard.
Key requirements:
1. **User Engagement**: Reward users for meaningful actions (uploads, recipes, sharing).
2. **Progress Tracking**: Show users their accomplishments and progress.
3. **Social Competition**: Leaderboard to compare users by points.
4. **Idempotent Awards**: Achievements should only be awarded once per user.
5. **Transactional Safety**: Achievement awards must be atomic with the triggering action.
## Decision
We will implement a database-driven gamification system with:
1. **Database Functions**: Core logic in PostgreSQL for atomicity and idempotency.
2. **Database Triggers**: Automatic achievement awards on specific events.
3. **Application-Level Awards**: Explicit calls from service layer when triggers aren't suitable.
4. **Points Aggregation**: Stored in user profile for efficient leaderboard queries.
### Design Principles
- **Single Award**: Each achievement can only be earned once per user (enforced by unique constraint).
- **Atomic Operations**: Achievement awards happen within the same transaction as the triggering action.
- **Silent Failure**: If an achievement doesn't exist, the award function returns silently (no error).
- **Points Sync**: Points are updated on the profile immediately when an achievement is awarded.
## Implementation Details
### Database Schema
```sql
-- Achievements master table
CREATE TABLE public.achievements (
achievement_id BIGSERIAL PRIMARY KEY,
name TEXT UNIQUE NOT NULL,
description TEXT NOT NULL,
icon TEXT NOT NULL,
points_value INTEGER NOT NULL DEFAULT 0,
created_at TIMESTAMPTZ DEFAULT NOW()
);
-- User achievements (junction table)
CREATE TABLE public.user_achievements (
user_id UUID REFERENCES public.users(user_id) ON DELETE CASCADE,
achievement_id BIGINT REFERENCES public.achievements(achievement_id) ON DELETE CASCADE,
achieved_at TIMESTAMPTZ DEFAULT NOW(),
PRIMARY KEY (user_id, achievement_id)
);
-- Points stored on profile for efficient leaderboard
ALTER TABLE public.profiles ADD COLUMN points INTEGER DEFAULT 0;
```
### Award Achievement Function
Located in `sql/Initial_triggers_and_functions.sql`:
```sql
CREATE OR REPLACE FUNCTION public.award_achievement(p_user_id UUID, p_achievement_name TEXT)
RETURNS void
LANGUAGE plpgsql
SECURITY DEFINER
AS $$
DECLARE
v_achievement_id BIGINT;
v_points_value INTEGER;
BEGIN
-- Find the achievement by name to get its ID and point value.
SELECT achievement_id, points_value INTO v_achievement_id, v_points_value
FROM public.achievements WHERE name = p_achievement_name;
-- If the achievement doesn't exist, do nothing.
IF v_achievement_id IS NULL THEN
RETURN;
END IF;
-- Insert the achievement for the user.
-- ON CONFLICT DO NOTHING ensures idempotency.
INSERT INTO public.user_achievements (user_id, achievement_id)
VALUES (p_user_id, v_achievement_id)
ON CONFLICT (user_id, achievement_id) DO NOTHING;
-- If the insert was successful (user didn't have it), update their points.
IF FOUND THEN
UPDATE public.profiles SET points = points + v_points_value WHERE user_id = p_user_id;
END IF;
END;
$$;
```
### Current Achievements
| Name | Description | Icon | Points |
| -------------------- | ----------------------------------------------------------- | ------------ | ------ |
| Welcome Aboard | Join the community by creating your account. | user-check | 5 |
| First Recipe | Create your very first recipe. | chef-hat | 10 |
| Recipe Sharer | Share a recipe with another user for the first time. | share-2 | 15 |
| List Sharer | Share a shopping list with another user for the first time. | list | 20 |
| First Favorite | Mark a recipe as one of your favorites. | heart | 5 |
| First Fork | Make a personal copy of a public recipe. | git-fork | 10 |
| First Budget Created | Create your first budget to track spending. | piggy-bank | 15 |
| First-Upload | Upload your first flyer. | upload-cloud | 25 |
### Achievement Triggers
#### User Registration (Database Trigger)
Awards "Welcome Aboard" when a new user is created:
```sql
-- In handle_new_user() function
PERFORM public.award_achievement(new.user_id, 'Welcome Aboard');
```
#### Flyer Upload (Database Trigger + Application Code)
Awards "First-Upload" when a flyer is inserted with an `uploaded_by` value:
```sql
-- In log_new_flyer() trigger function
IF NEW.uploaded_by IS NOT NULL THEN
PERFORM public.award_achievement(NEW.uploaded_by, 'First-Upload');
END IF;
```
Additionally, the `FlyerPersistenceService.saveFlyer()` method explicitly awards the achievement within the transaction:
```typescript
// In src/services/flyerPersistenceService.server.ts
if (userId) {
const gamificationRepo = new GamificationRepository(client);
await gamificationRepo.awardAchievement(userId, 'First-Upload', logger);
}
```
### Repository Layer
Located in `src/services/db/gamification.db.ts`:
```typescript
export class GamificationRepository {
private db: Pick<Pool | PoolClient, 'query'>;
constructor(db: Pick<Pool | PoolClient, 'query'> = getPool()) {
this.db = db;
}
async getUserAchievements(
userId: string,
logger: Logger,
): Promise<(UserAchievement & Achievement)[]> {
const query = `
SELECT ua.user_id, ua.achievement_id, ua.achieved_at,
a.name, a.description, a.icon, a.points_value, a.created_at
FROM public.user_achievements ua
JOIN public.achievements a ON ua.achievement_id = a.achievement_id
WHERE ua.user_id = $1
ORDER BY ua.achieved_at DESC;
`;
const res = await this.db.query(query, [userId]);
return res.rows;
}
async awardAchievement(userId: string, achievementName: string, logger: Logger): Promise<void> {
await this.db.query('SELECT public.award_achievement($1, $2)', [userId, achievementName]);
}
async getLeaderboard(limit: number, logger: Logger): Promise<LeaderboardUser[]> {
const query = `
SELECT user_id, full_name, avatar_url, points,
RANK() OVER (ORDER BY points DESC) as rank
FROM public.profiles
ORDER BY points DESC, full_name ASC
LIMIT $1;
`;
const res = await this.db.query(query, [limit]);
return res.rows;
}
}
```
### API Endpoints
| Method | Endpoint | Description |
| ------ | ------------------------------- | ------------------------------- |
| GET | `/api/achievements` | List all available achievements |
| GET | `/api/achievements/me` | Get current user's achievements |
| GET | `/api/achievements/leaderboard` | Get top users by points |
## Testing Considerations
### Critical Testing Requirements
When testing gamification features, be aware of the following:
1. **Database Seed Data**: Achievement definitions must exist in the database before tests run. The `award_achievement()` function silently returns if the achievement name doesn't exist.
2. **Transactional Context**: When awarding achievements from within a transaction:
- The achievement is visible within the transaction immediately
- External queries won't see the achievement until the transaction commits
- Tests should wait for job completion before asserting achievement state
3. **Vitest Global Setup Context**: The integration test global setup runs in a separate Node.js context. Achievement verification must use direct database queries, not mocked services.
4. **Achievement Idempotency**: Calling `award_achievement()` multiple times for the same user/achievement combination is safe and expected. Only the first call actually inserts.
### Example Integration Test Pattern
```typescript
it('should award the "First Upload" achievement after flyer processing', async () => {
// 1. Create user (awards "Welcome Aboard" via database trigger)
const { user: testUser, token } = await createAndLoginUser({...});
// 2. Upload flyer (triggers async job)
const uploadResponse = await request
.post('/api/flyers/upload')
.set('Authorization', `Bearer ${token}`)
.attach('flyerFile', testImagePath);
expect(uploadResponse.status).toBe(202);
// 3. Wait for job to complete
await poll(async () => {
const status = await request.get(`/api/flyers/job/${jobId}/status`);
return status.body.data.status === 'completed';
}, { timeout: 15000 });
// 4. Wait for achievements to be visible (transaction committed)
await vi.waitUntil(async () => {
const achievements = await db.gamificationRepo.getUserAchievements(
testUser.user.user_id,
logger
);
return achievements.length >= 2; // Welcome Aboard + First-Upload
}, { timeout: 15000, interval: 500 });
// 5. Assert specific achievements
const userAchievements = await db.gamificationRepo.getUserAchievements(
testUser.user.user_id,
logger
);
expect(userAchievements.find(a => a.name === 'Welcome Aboard')).toBeDefined();
expect(userAchievements.find(a => a.name === 'First-Upload')).toBeDefined();
});
```
### Common Test Pitfalls
1. **Missing Seed Data**: If tests fail with "achievement not found", ensure the test database has the achievements table populated.
2. **Race Conditions**: Achievement awards in async jobs may not be visible immediately. Always poll or use `vi.waitUntil()`.
3. **Wrong User ID**: Verify the user ID passed to `awardAchievement()` matches the user created in the test.
4. **Transaction Isolation**: When querying within a test, use the same database connection if checking mid-transaction state.
## Consequences
### Positive
- **Engagement**: Users have clear goals and rewards for platform activity.
- **Scalability**: Points stored on profile enable O(1) leaderboard sorting.
- **Reliability**: Database-level idempotency prevents duplicate awards.
- **Flexibility**: New achievements can be added via SQL without code changes.
### Negative
- **Complexity**: Multiple award paths (triggers + application code) require careful coordination.
- **Testing**: Async nature of some awards complicates integration testing.
- **Coupling**: Achievement names are strings; typos fail silently.
### Mitigation
- Use constants for achievement names in application code.
- Document all award trigger points clearly.
- Test each achievement path independently.
## Key Files
- `sql/initial_data.sql` - Achievement definitions (seed data)
- `sql/Initial_triggers_and_functions.sql` - `award_achievement()` function and triggers
- `src/services/db/gamification.db.ts` - Repository layer
- `src/routes/achievements.routes.ts` - API endpoints
- `src/services/flyerPersistenceService.server.ts` - First-Upload award (application code)
## Related ADRs
- [ADR-002](./0002-standardized-transaction-management.md) - Transaction Management
- [ADR-034](./0034-repository-pattern-standards.md) - Repository Pattern
- [ADR-006](./0006-background-job-processing-and-task-queues.md) - Background Jobs (flyer processing)

341
docs/adr/0050-postgresql-function-observability.md Normal file
View File

@@ -0,0 +1,341 @@
# ADR-050: PostgreSQL Function Observability
**Date**: 2026-01-11
**Status**: Proposed
**Related**: [ADR-015](0015-application-performance-monitoring-and-error-tracking.md), [ADR-004](0004-standardized-application-wide-structured-logging.md)
## Context
The application uses 30+ PostgreSQL functions and 11+ triggers for business logic, including:
- Recipe recommendations and search
- Shopping list generation from menu plans
- Price history tracking
- Achievement awards
- Activity logging
- User profile creation
**Current Problem**: These database functions can fail silently in several ways:
1. **`ON CONFLICT DO NOTHING`** - Swallows constraint violations without notification
2. **`IF NOT FOUND THEN RETURN;`** - Silently exits when data is missing
3. **Trigger functions returning `NULL`** - No indication of partial failures
4. **No logging inside functions** - No visibility into function execution
When these silent failures occur:
- The application layer receives no error (function "succeeds" but does nothing)
- No logs are generated for debugging
- Issues are only discovered when users report missing data
- Root cause analysis is extremely difficult
**Example of Silent Failure**:
```sql
-- This function silently does nothing if achievement doesn't exist
CREATE OR REPLACE FUNCTION public.award_achievement(p_user_id UUID, p_achievement_name TEXT)
RETURNS void AS $$
BEGIN
SELECT achievement_id INTO v_achievement_id FROM achievements WHERE name = p_achievement_name;
IF v_achievement_id IS NULL THEN
RETURN; -- Silent failure - no log, no error
END IF;
-- ...
END;
$$;
```
ADR-015 established Logstash + Bugsink for error tracking, with PostgreSQL log integration marked as "future". This ADR defines the implementation.
## Decision
We will implement a standardized PostgreSQL function observability strategy with three tiers of logging severity:
### 1. Function Logging Helper
Create a reusable logging function that outputs structured JSON to PostgreSQL logs:
```sql
-- Function to emit structured log messages from PL/pgSQL
CREATE OR REPLACE FUNCTION public.fn_log(
p_level TEXT, -- 'DEBUG', 'INFO', 'NOTICE', 'WARNING', 'ERROR'
p_function_name TEXT, -- The calling function name
p_message TEXT, -- Human-readable message
p_context JSONB DEFAULT NULL -- Additional context (user_id, params, etc.)
)
RETURNS void
LANGUAGE plpgsql
AS $$
DECLARE
log_line TEXT;
BEGIN
-- Build structured JSON log line
log_line := jsonb_build_object(
'timestamp', now(),
'level', p_level,
'source', 'postgresql',
'function', p_function_name,
'message', p_message,
'context', COALESCE(p_context, '{}'::jsonb)
)::text;
-- Use appropriate RAISE level
CASE p_level
WHEN 'DEBUG' THEN RAISE DEBUG '%', log_line;
WHEN 'INFO' THEN RAISE INFO '%', log_line;
WHEN 'NOTICE' THEN RAISE NOTICE '%', log_line;
WHEN 'WARNING' THEN RAISE WARNING '%', log_line;
WHEN 'ERROR' THEN RAISE LOG '%', log_line; -- Use LOG for errors to ensure capture
ELSE RAISE NOTICE '%', log_line;
END CASE;
END;
$$;
```
### 2. Logging Tiers
#### Tier 1: Critical Functions (Always Log)
Functions where silent failure causes data corruption or user-facing issues:
| Function | Log Events |
| ---------------------------------- | --------------------------------------- |
| `handle_new_user()` | User creation, profile creation, errors |
| `award_achievement()` | Achievement not found, already awarded |
| `approve_correction()` | Correction not found, permission denied |
| `complete_shopping_list()` | List not found, permission denied |
| `add_menu_plan_to_shopping_list()` | Permission denied, items added |
| `fork_recipe()` | Original not found, fork created |
**Pattern**:
```sql
CREATE OR REPLACE FUNCTION public.award_achievement(p_user_id UUID, p_achievement_name TEXT)
RETURNS void AS $$
DECLARE
v_achievement_id BIGINT;
v_points_value INTEGER;
v_context JSONB;
BEGIN
v_context := jsonb_build_object('user_id', p_user_id, 'achievement_name', p_achievement_name);
SELECT achievement_id, points_value INTO v_achievement_id, v_points_value
FROM public.achievements WHERE name = p_achievement_name;
IF v_achievement_id IS NULL THEN
-- Log the issue instead of silent return
PERFORM fn_log('WARNING', 'award_achievement',
'Achievement not found: ' || p_achievement_name, v_context);
RETURN;
END IF;
INSERT INTO public.user_achievements (user_id, achievement_id)
VALUES (p_user_id, v_achievement_id)
ON CONFLICT (user_id, achievement_id) DO NOTHING;
IF FOUND THEN
UPDATE public.profiles SET points = points + v_points_value WHERE user_id = p_user_id;
PERFORM fn_log('INFO', 'award_achievement',
'Achievement awarded: ' || p_achievement_name, v_context);
END IF;
END;
$$;
```
#### Tier 2: Business Logic Functions (Log on Anomalies)
Functions where unexpected conditions should be logged but aren't critical:
| Function | Log Events |
| -------------------------------------- | ---------------------------------- |
| `suggest_master_item_for_flyer_item()` | No match found (below threshold) |
| `recommend_recipes_for_user()` | No recommendations generated |
| `find_recipes_from_pantry()` | Empty pantry, no recipes found |
| `get_best_sale_prices_for_user()` | No watched items, no current sales |
**Pattern**: Log when results are unexpectedly empty or inputs are invalid.
#### Tier 3: Triggers (Log Errors Only)
Triggers should be fast, so only log when something goes wrong:
| Trigger Function | Log Events |
| --------------------------------------------- | ------------------------- |
| `update_price_history_on_flyer_item_insert()` | Failed to update history |
| `update_recipe_rating_aggregates()` | Rating calculation failed |
| `log_new_recipe()` | Profile lookup failed |
| `log_new_flyer()` | Store lookup failed |
### 3. PostgreSQL Configuration
Enable logging in `postgresql.conf`:
```ini
# Log all function notices and above
log_min_messages = notice
# Include function name in log prefix
log_line_prefix = '%t [%p] %u@%d '
# Log to file for Logstash pickup
logging_collector = on
log_directory = '/var/log/postgresql'
log_filename = 'postgresql-%Y-%m-%d.log'
log_rotation_age = 1d
log_rotation_size = 100MB
# Capture slow queries from functions
log_min_duration_statement = 1000 # Log queries over 1 second
```
### 4. Logstash Integration
Update the Logstash pipeline (extends ADR-015 configuration):
```conf
# PostgreSQL function log input
input {
file {
path => "/var/log/postgresql/*.log"
type => "postgres"
tags => ["postgres"]
start_position => "beginning"
sincedb_path => "/var/lib/logstash/sincedb_postgres"
}
}
filter {
if [type] == "postgres" {
# Extract timestamp and process ID from PostgreSQL log prefix
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:pg_timestamp} \[%{POSINT:pg_pid}\] %{USER:pg_user}@%{WORD:pg_database} %{GREEDYDATA:pg_message}" }
}
# Check if this is a structured JSON log from fn_log()
if [pg_message] =~ /^\{.*"source":"postgresql".*\}$/ {
json {
source => "pg_message"
target => "fn_log"
}
# Mark as error if level is WARNING or ERROR
if [fn_log][level] in ["WARNING", "ERROR"] {
mutate { add_tag => ["error", "db_function"] }
}
}
# Also catch native PostgreSQL errors
if [pg_message] =~ /^ERROR:/ or [pg_message] =~ /^FATAL:/ {
mutate { add_tag => ["error", "postgres_native"] }
}
}
}
output {
if "error" in [tags] and "postgres" in [tags] {
http {
url => "http://localhost:8000/api/store/"
http_method => "post"
format => "json"
}
}
}
```
### 5. Dual-File Update Requirement
**IMPORTANT**: All SQL function changes must be applied to BOTH files:
1. `sql/Initial_triggers_and_functions.sql` - Used for incremental updates
2. `sql/master_schema_rollup.sql` - Used for fresh database setup
Both files must remain in sync for triggers and functions.
## Implementation Steps
1. **Create `fn_log()` helper function**:
- Add to both `Initial_triggers_and_functions.sql` and `master_schema_rollup.sql`
- Test with `SELECT fn_log('INFO', 'test', 'Test message', '{"key": "value"}'::jsonb);`
2. **Update Tier 1 critical functions** (highest priority):
- `award_achievement()` - Log missing achievements, duplicate awards
- `handle_new_user()` - Log user creation success/failure
- `approve_correction()` - Log not found, permission denied
- `complete_shopping_list()` - Log permission checks
- `add_menu_plan_to_shopping_list()` - Log permission checks, items added
- `fork_recipe()` - Log original not found
3. **Update Tier 2 business logic functions**:
- Add anomaly logging to suggestion/recommendation functions
- Log empty result sets with context
4. **Update Tier 3 trigger functions**:
- Add error-only logging to critical triggers
- Wrap complex trigger logic in exception handlers
5. **Configure PostgreSQL logging**:
- Update `postgresql.conf` in dev container
- Update production PostgreSQL configuration
- Verify logs appear in expected location
6. **Update Logstash pipeline**:
- Add PostgreSQL input to `bugsink.conf`
- Add filter rules for structured JSON extraction
- Test end-to-end: function log → Logstash → Bugsink
7. **Verify in Bugsink**:
- Confirm database function errors appear as issues
- Verify context (user_id, function name, params) is captured
## Consequences
### Positive
- **Visibility**: Silent failures become visible in error tracking
- **Debugging**: Function execution context captured for root cause analysis
- **Proactive detection**: Anomalies logged before users report issues
- **Unified monitoring**: Database errors appear alongside application errors in Bugsink
- **Structured logs**: JSON format enables filtering and aggregation
### Negative
- **Performance overhead**: Logging adds latency to function execution
- **Log volume**: Tier 1/2 functions may generate significant log volume
- **Maintenance**: Two SQL files must be kept in sync
- **PostgreSQL configuration**: Requires access to `postgresql.conf`
### Mitigations
- **Performance**: Only log meaningful events, not every function call
- **Log volume**: Use appropriate log levels; Logstash filters reduce noise
- **Sync**: Add CI check to verify SQL files match for function definitions
- **Configuration**: Document PostgreSQL settings in deployment runbook
## Examples
### Before (Silent Failure)
```sql
-- User thinks achievement was awarded, but it silently failed
SELECT award_achievement('user-uuid', 'Nonexistent Badge');
-- Returns: void (no error, no log)
-- Result: User never gets achievement, nobody knows why
```
### After (Observable Failure)
```sql
SELECT award_achievement('user-uuid', 'Nonexistent Badge');
-- Returns: void
-- PostgreSQL log: {"timestamp":"2026-01-11T10:30:00Z","level":"WARNING","source":"postgresql","function":"award_achievement","message":"Achievement not found: Nonexistent Badge","context":{"user_id":"user-uuid","achievement_name":"Nonexistent Badge"}}
-- Bugsink: New issue created with full context
```
## References
- [ADR-015: Application Performance Monitoring](0015-application-performance-monitoring-and-error-tracking.md)
- [ADR-004: Standardized Structured Logging](0004-standardized-application-wide-structured-logging.md)
- [PostgreSQL RAISE Documentation](https://www.postgresql.org/docs/current/plpgsql-errors-and-messages.html)
- [PostgreSQL Logging Configuration](https://www.postgresql.org/docs/current/runtime-config-logging.html)

54
docs/adr/0051-asynchronous-context-propagation.md Normal file
View File

@@ -0,0 +1,54 @@
# ADR-051: Asynchronous Context Propagation
**Date**: 2026-01-11
**Status**: Accepted (Implemented)
## Context
Debugging asynchronous workflows is difficult because the `request_id` generated at the API layer is lost when a task is handed off to a background queue (BullMQ). Logs from the worker appear disconnected from the user action that triggered them.
## Decision
We will implement a context propagation pattern for all background jobs:
1. **Job Data Payload**: All job data interfaces MUST include a `meta` object containing `requestId`, `userId`, and `origin`.
2. **Worker Logger Initialization**: All BullMQ workers MUST initialize a child logger immediately upon processing a job, using the metadata passed in the payload.
3. **Correlation**: The worker's logger must use the _same_ `request_id` as the initiating API request.
## Implementation
```typescript
// 1. Enqueueing (API Layer)
await queue.add('process-flyer', {
...data,
meta: {
requestId: req.log.bindings().request_id, // Propagate ID
userId: req.user.id,
},
});
// 2. Processing (Worker Layer)
const worker = new Worker('queue', async (job) => {
const { requestId, userId } = job.data.meta || {};
// Create context-aware logger for this specific job execution
const jobLogger = logger.child({
request_id: requestId || uuidv4(), // Use propagated ID or generate new
user_id: userId,
job_id: job.id,
service: 'worker',
});
try {
await processJob(job.data, jobLogger); // Pass logger down
} catch (err) {
jobLogger.error({ err }, 'Job failed');
throw err;
}
});
```
## Consequences
**Positive**: Complete traceability from API request -> Queue -> Worker execution. Drastically reduces time to find "what happened" to a specific user request.

42
docs/adr/0052-granular-debug-logging-strategy.md Normal file
View File

@@ -0,0 +1,42 @@
# ADR-052: Granular Debug Logging Strategy
**Date**: 2026-01-11
**Status**: Proposed
## Context
Global log levels (INFO vs DEBUG) are too coarse. Developers need to inspect detailed debug information for specific subsystems (e.g., `ai-service`, `db-pool`) without being flooded by logs from the entire application.
## Decision
We will adopt a namespace-based debug filter pattern, similar to the `debug` npm package, but integrated into our Pino logger.
1. **Logger Namespaces**: Every service/module logger must be initialized with a `module` property (e.g., `logger.child({ module: 'ai-service' })`).
2. **Environment Filter**: We will support a `DEBUG_MODULES` environment variable that overrides the log level for matching modules.
## Implementation
In `src/services/logger.server.ts`:
```typescript
const debugModules = (process.env.DEBUG_MODULES || '').split(',').map((s) => s.trim());
export const createScopedLogger = (moduleName: string) => {
// If DEBUG_MODULES contains "ai-service" or "*", force level to 'debug'
const isDebugEnabled = debugModules.includes('*') || debugModules.includes(moduleName);
return logger.child({
module: moduleName,
level: isDebugEnabled ? 'debug' : logger.level,
});
};
```
## Usage
To debug only AI and Database interactions:
```bash
DEBUG_MODULES=ai-service,db-repo npm run dev
```

62
docs/adr/0053-worker-health-checks.md Normal file
View File

@@ -0,0 +1,62 @@
# ADR-053: Worker Health Checks and Stalled Job Monitoring
**Date**: 2026-01-11
**Status**: Proposed
## Context
Our application relies heavily on background workers (BullMQ) for flyer processing, analytics, and emails. If a worker process crashes (e.g., Out of Memory) or hangs, jobs may remain in the 'active' state indefinitely ("stalled") until BullMQ's fail-safe triggers.
Currently, we lack:
1. Visibility into queue depths and worker status via HTTP endpoints (for uptime monitors).
2. A mechanism to detect if the worker process itself is alive, beyond just queue statistics.
3. Explicit configuration to ensure stalled jobs are recovered quickly.
## Decision
We will implement a multi-layered health check strategy for background workers:
1. **Queue Metrics Endpoint**: Expose a protected endpoint `GET /health/queues` that returns the counts (waiting, active, failed) for all critical queues.
2. **Stalled Job Configuration**: Explicitly configure BullMQ workers with aggressive stall detection settings to recover quickly from crashes.
3. **Worker Heartbeats**: Workers will periodically update a "heartbeat" key in Redis. The health endpoint will check if this timestamp is recent.
## Implementation
### 1. BullMQ Worker Settings
Workers must be initialized with specific options to handle stalls:
```typescript
const workerOptions = {
// Check for stalled jobs every 30 seconds
stalledInterval: 30000,
// Fail job after 3 stalls (prevents infinite loops causing infinite retries)
maxStalledCount: 3,
// Duration of the lock for the job in milliseconds.
// If the worker doesn't renew this (e.g. crash), the job stalls.
lockDuration: 30000,
};
```
### 2. Health Endpoint Logic
The `/health/queues` endpoint will:
1. Iterate through all defined queues (`flyerQueue`, `emailQueue`, etc.).
2. Fetch job counts (`waiting`, `active`, `failed`, `delayed`).
3. Return a 200 OK if queues are accessible, or 503 if Redis is unreachable.
4. (Future) Return 500 if the `waiting` count exceeds a critical threshold for too long.
## Consequences
**Positive**:
- Early detection of stuck processing pipelines.
- Automatic recovery of stalled jobs via BullMQ configuration.
- Metrics available for external monitoring tools (e.g., UptimeRobot, Datadog).
**Negative**:
- Requires configuring external monitoring to poll the new endpoint.

65
docs/adr/adr-implementation-tracker.md
View File

@@ -15,7 +15,7 @@ This document tracks the implementation status and estimated effort for all Arch
| Status | Count |
| ---------------------------- | ----- |
| Accepted (Fully Implemented) | 28 |
| Accepted (Fully Implemented) | 30 |
| Partially Implemented | 2 |
| Proposed (Not Started) | 16 |
@@ -48,7 +48,7 @@ This document tracks the implementation status and estimated effort for all Arch
| ------------------------------------------------------------------- | ------------------------ | ----------- | ------ | ------------------------------------- |
| [ADR-003](./0003-standardized-input-validation-using-middleware.md) | Input Validation | Accepted | - | Fully implemented |
| [ADR-008](./0008-api-versioning-strategy.md) | API Versioning | Proposed | L | Major URL/routing changes |
| [ADR-018](./0018-api-documentation-strategy.md) | API Documentation | Proposed | M | OpenAPI/Swagger setup |
| [ADR-018](./0018-api-documentation-strategy.md) | API Documentation | Accepted | - | OpenAPI/Swagger implemented |
| [ADR-022](./0022-real-time-notification-system.md) | Real-time Notifications | Proposed | XL | WebSocket infrastructure |
| [ADR-028](./0028-api-response-standardization.md) | Response Standardization | Implemented | L | Completed (routes, middleware, tests) |
@@ -65,10 +65,11 @@ This document tracks the implementation status and estimated effort for all Arch
### Category 5: Observability & Monitoring
| ADR | Title | Status | Effort | Notes |
| -------------------------------------------------------------------------- | -------------------- | -------- | ------ | ----------------------- |
| [ADR-004](./0004-standardized-application-wide-structured-logging.md) | Structured Logging | Accepted | - | Fully implemented |
| [ADR-015](./0015-application-performance-monitoring-and-error-tracking.md) | APM & Error Tracking | Proposed | M | Third-party integration |
| ADR | Title | Status | Effort | Notes |
| -------------------------------------------------------------------------- | --------------------------- | -------- | ------ | --------------------------------- |
| [ADR-004](./0004-standardized-application-wide-structured-logging.md) | Structured Logging | Accepted | - | Fully implemented |
| [ADR-015](./0015-application-performance-monitoring-and-error-tracking.md) | APM & Error Tracking | Proposed | M | Third-party integration |
| [ADR-050](./0050-postgresql-function-observability.md) | PostgreSQL Fn Observability | Proposed | M | Depends on ADR-015 implementation |
### Category 6: Deployment & Operations
@@ -113,6 +114,7 @@ This document tracks the implementation status and estimated effort for all Arch
| [ADR-042](./0042-email-and-notification-architecture.md) | Email & Notifications | Accepted | - | Fully implemented |
| [ADR-043](./0043-express-middleware-pipeline.md) | Middleware Pipeline | Accepted | - | Fully implemented |
| [ADR-046](./0046-image-processing-pipeline.md) | Image Processing | Accepted | - | Fully implemented |
| [ADR-049](./0049-gamification-and-achievement-system.md) | Gamification System | Accepted | - | Fully implemented |
---
@@ -120,35 +122,38 @@ This document tracks the implementation status and estimated effort for all Arch
These ADRs are proposed but not yet implemented, ordered by suggested implementation priority:
| Priority | ADR | Title | Effort | Rationale |
| -------- | ------- | ------------------------ | ------ | ----------------------------------------------------- |
| 1 | ADR-018 | API Documentation | M | Improves developer experience, enables SDK generation |
| 2 | ADR-015 | APM & Error Tracking | M | Production visibility, debugging |
| 3 | ADR-024 | Feature Flags | M | Safer deployments, A/B testing |
| 4 | ADR-023 | Schema Migrations v2 | L | Database evolution support |
| 5 | ADR-029 | Secret Rotation | L | Security improvement |
| 6 | ADR-008 | API Versioning | L | Future API evolution |
| 7 | ADR-030 | Circuit Breaker | L | Resilience improvement |
| 8 | ADR-022 | Real-time Notifications | XL | Major feature enhancement |
| 9 | ADR-011 | Authorization & RBAC | XL | Advanced permission system |
| 10 | ADR-025 | i18n & l10n | XL | Multi-language support |
| 11 | ADR-031 | Data Retention & Privacy | XL | Compliance requirements |
| Priority | ADR | Title | Effort | Rationale |
| -------- | ------- | --------------------------- | ------ | ------------------------------------------------- |
| 1 | ADR-015 | APM & Error Tracking | M | Production visibility, debugging |
| 1b | ADR-050 | PostgreSQL Fn Observability | M | Database function visibility (depends on ADR-015) |
| 2 | ADR-024 | Feature Flags | M | Safer deployments, A/B testing |
| 3 | ADR-023 | Schema Migrations v2 | L | Database evolution support |
| 4 | ADR-029 | Secret Rotation | L | Security improvement |
| 5 | ADR-008 | API Versioning | L | Future API evolution |
| 6 | ADR-030 | Circuit Breaker | L | Resilience improvement |
| 7 | ADR-022 | Real-time Notifications | XL | Major feature enhancement |
| 8 | ADR-011 | Authorization & RBAC | XL | Advanced permission system |
| 9 | ADR-025 | i18n & l10n | XL | Multi-language support |
| 10 | ADR-031 | Data Retention & Privacy | XL | Compliance requirements |
---
## Recent Implementation History
| Date | ADR | Change |
| ---------- | ------- | --------------------------------------------------------------------------------------------- |
| 2026-01-09 | ADR-047 | Created - Documents target project file/folder organization with migration plan |
| 2026-01-09 | ADR-041 | Created - Documents AI/Gemini integration with model fallback and rate limiting |
| 2026-01-09 | ADR-042 | Created - Documents email and notification architecture with BullMQ queuing |
| 2026-01-09 | ADR-043 | Created - Documents Express middleware pipeline ordering and patterns |
| 2026-01-09 | ADR-044 | Created - Documents frontend feature-based folder organization |
| 2026-01-09 | ADR-045 | Created - Documents test data factory pattern for mock generation |
| 2026-01-09 | ADR-046 | Created - Documents image processing pipeline with Sharp and EXIF stripping |
| 2026-01-09 | ADR-026 | Fully implemented - all client-side components, hooks, and services now use structured logger |
| 2026-01-09 | ADR-028 | Fully implemented - all routes, middleware, and tests updated |
| Date | ADR | Change |
| ---------- | ------- | ---------------------------------------------------------------------- |
| 2026-01-11 | ADR-050 | Created - PostgreSQL function observability with fn_log() and Logstash |
| 2026-01-11 | ADR-018 | Implemented - OpenAPI/Swagger documentation at /docs/api-docs |
| 2026-01-11 | ADR-049 | Created - Gamification system, achievements, and testing requirements |
| 2026-01-09 | ADR-047 | Created - Project file/folder organization with migration plan |
| 2026-01-09 | ADR-041 | Created - AI/Gemini integration with model fallback and rate limiting |
| 2026-01-09 | ADR-042 | Created - Email and notification architecture with BullMQ queuing |
| 2026-01-09 | ADR-043 | Created - Express middleware pipeline ordering and patterns |
| 2026-01-09 | ADR-044 | Created - Frontend feature-based folder organization |
| 2026-01-09 | ADR-045 | Created - Test data factory pattern for mock generation |
| 2026-01-09 | ADR-046 | Created - Image processing pipeline with Sharp and EXIF stripping |
| 2026-01-09 | ADR-026 | Fully implemented - client-side structured logger |
| 2026-01-09 | ADR-028 | Fully implemented - all routes, middleware, and tests updated |
---

1138
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

11
package.json
View File

@@ -1,7 +1,7 @@
{
"name": "flyer-crawler",
"private": true,
"version": "0.9.83",
"version": "0.9.97",
"type": "module",
"scripts": {
"dev": "concurrently \"npm:start:dev\" \"vite\"",
@@ -31,6 +31,8 @@
"@bull-board/api": "^6.14.2",
"@bull-board/express": "^6.14.2",
"@google/genai": "^1.30.0",
"@sentry/node": "^10.32.1",
"@sentry/react": "^10.32.1",
"@tanstack/react-query": "^5.90.12",
"@types/connect-timeout": "^1.9.0",
"bcrypt": "^5.1.1",
@@ -65,9 +67,12 @@
"react-router-dom": "^7.9.6",
"recharts": "^3.4.1",
"sharp": "^0.34.5",
"swagger-jsdoc": "^6.2.8",
"swagger-ui-express": "^5.0.1",
"tsx": "^4.20.6",
"zod": "^4.2.1",
"zxcvbn": "^4.4.2"
"zxcvbn": "^4.4.2",
"zxing-wasm": "^2.2.4"
},
"devDependencies": {
"@tailwindcss/postcss": "4.1.17",
@@ -96,6 +101,8 @@
"@types/react-dom": "^19.2.3",
"@types/sharp": "^0.31.1",
"@types/supertest": "^6.0.3",
"@types/swagger-jsdoc": "^6.0.4",
"@types/swagger-ui-express": "^4.1.8",
"@types/zxcvbn": "^4.4.5",
"@typescript-eslint/eslint-plugin": "^8.47.0",
"@typescript-eslint/parser": "^8.47.0",

88
run-integration-tests.ps1
View File

@@ -1,88 +0,0 @@
# PowerShell script to run integration tests with containerized infrastructure
# Sets up environment variables and runs the integration test suite
Write-Host "=== Flyer Crawler Integration Test Runner ===" -ForegroundColor Cyan
Write-Host ""
# Check if containers are running
Write-Host "Checking container status..." -ForegroundColor Yellow
$postgresRunning = podman ps --filter "name=flyer-crawler-postgres" --format "{{.Names}}" 2>$null
$redisRunning = podman ps --filter "name=flyer-crawler-redis" --format "{{.Names}}" 2>$null
if (-not $postgresRunning) {
Write-Host "ERROR: PostgreSQL container is not running!" -ForegroundColor Red
Write-Host "Start it with: podman start flyer-crawler-postgres" -ForegroundColor Yellow
exit 1
}
if (-not $redisRunning) {
Write-Host "ERROR: Redis container is not running!" -ForegroundColor Red
Write-Host "Start it with: podman start flyer-crawler-redis" -ForegroundColor Yellow
exit 1
}
Write-Host "✓ PostgreSQL container: $postgresRunning" -ForegroundColor Green
Write-Host "✓ Redis container: $redisRunning" -ForegroundColor Green
Write-Host ""
# Set environment variables for integration tests
Write-Host "Setting environment variables..." -ForegroundColor Yellow
$env:NODE_ENV = "test"
$env:DB_HOST = "localhost"
$env:DB_USER = "postgres"
$env:DB_PASSWORD = "postgres"
$env:DB_NAME = "flyer_crawler_dev"
$env:DB_PORT = "5432"
$env:REDIS_URL = "redis://localhost:6379"
$env:REDIS_PASSWORD = ""
$env:FRONTEND_URL = "http://localhost:5173"
$env:VITE_API_BASE_URL = "http://localhost:3001/api"
$env:JWT_SECRET = "test-jwt-secret-for-integration-tests"
$env:NODE_OPTIONS = "--max-old-space-size=8192"
Write-Host "✓ Environment configured" -ForegroundColor Green
Write-Host ""
# Display configuration
Write-Host "Test Configuration:" -ForegroundColor Cyan
Write-Host " NODE_ENV: $env:NODE_ENV"
Write-Host " Database: $env:DB_HOST`:$env:DB_PORT/$env:DB_NAME"
Write-Host " Redis: $env:REDIS_URL"
Write-Host " Frontend URL: $env:FRONTEND_URL"
Write-Host ""
# Check database connectivity
Write-Host "Verifying database connection..." -ForegroundColor Yellow
$dbCheck = podman exec flyer-crawler-postgres psql -U postgres -d flyer_crawler_dev -c "SELECT 1;" 2>&1
if ($LASTEXITCODE -ne 0) {
Write-Host "ERROR: Cannot connect to database!" -ForegroundColor Red
Write-Host $dbCheck
exit 1
}
Write-Host "✓ Database connection successful" -ForegroundColor Green
Write-Host ""
# Check URL constraints are enabled
Write-Host "Verifying URL constraints..." -ForegroundColor Yellow
$constraints = podman exec flyer-crawler-postgres psql -U postgres -d flyer_crawler_dev -t -A -c "SELECT COUNT(*) FROM pg_constraint WHERE conname LIKE '%url_check';"
Write-Host "✓ Found $constraints URL constraint(s)" -ForegroundColor Green
Write-Host ""
# Run integration tests
Write-Host "=== Running Integration Tests ===" -ForegroundColor Cyan
Write-Host ""
npm run test:integration
$exitCode = $LASTEXITCODE
Write-Host ""
if ($exitCode -eq 0) {
Write-Host "=== Integration Tests PASSED ===" -ForegroundColor Green
} else {
Write-Host "=== Integration Tests FAILED ===" -ForegroundColor Red
Write-Host "Exit code: $exitCode" -ForegroundColor Red
}
exit $exitCode

80
run-tests.cmd
View File

@@ -1,80 +0,0 @@
@echo off
REM Simple batch script to run integration tests with container infrastructure
echo === Flyer Crawler Integration Test Runner ===
echo.
REM Check containers
echo Checking container status...
podman ps --filter "name=flyer-crawler-postgres" --format "{{.Names}}" >nul 2>&1
if errorlevel 1 (
echo ERROR: PostgreSQL container is not running!
echo Start it with: podman start flyer-crawler-postgres
exit /b 1
)
podman ps --filter "name=flyer-crawler-redis" --format "{{.Names}}" >nul 2>&1
if errorlevel 1 (
echo ERROR: Redis container is not running!
echo Start it with: podman start flyer-crawler-redis
exit /b 1
)
echo [OK] Containers are running
echo.
REM Set environment variables
echo Setting environment variables...
set NODE_ENV=test
set DB_HOST=localhost
set DB_USER=postgres
set DB_PASSWORD=postgres
set DB_NAME=flyer_crawler_dev
set DB_PORT=5432
set REDIS_URL=redis://localhost:6379
set REDIS_PASSWORD=
set FRONTEND_URL=http://localhost:5173
set VITE_API_BASE_URL=http://localhost:3001/api
set JWT_SECRET=test-jwt-secret-for-integration-tests
set NODE_OPTIONS=--max-old-space-size=8192
echo [OK] Environment configured
echo.
echo Test Configuration:
echo NODE_ENV: %NODE_ENV%
echo Database: %DB_HOST%:%DB_PORT%/%DB_NAME%
echo Redis: %REDIS_URL%
echo Frontend URL: %FRONTEND_URL%
echo.
REM Verify database
echo Verifying database connection...
podman exec flyer-crawler-postgres psql -U postgres -d flyer_crawler_dev -c "SELECT 1;" >nul 2>&1
if errorlevel 1 (
echo ERROR: Cannot connect to database!
exit /b 1
)
echo [OK] Database connection successful
echo.
REM Check URL constraints
echo Verifying URL constraints...
podman exec flyer-crawler-postgres psql -U postgres -d flyer_crawler_dev -t -A -c "SELECT COUNT(*) FROM pg_constraint WHERE conname LIKE '%%url_check';"
echo.
REM Run tests
echo === Running Integration Tests ===
echo.
npm run test:integration
if errorlevel 1 (
echo.
echo === Integration Tests FAILED ===
exit /b 1
) else (
echo.
echo === Integration Tests PASSED ===
exit /b 0
)

164
scripts/test-bugsink.ts Normal file
View File

@@ -0,0 +1,164 @@
#!/usr/bin/env npx tsx
/**
* Test script to verify Bugsink error tracking is working.
*
* This script sends test events directly to Bugsink using the Sentry store API.
* We use curl/fetch instead of the Sentry SDK because SDK v8+ has strict DSN
* validation that rejects HTTP URLs (Bugsink uses HTTP locally).
*
* Usage:
* npx tsx scripts/test-bugsink.ts
*
* Or with environment override:
* SENTRY_DSN=http://...@localhost:8000/1 npx tsx scripts/test-bugsink.ts
*/
// Configuration - parse DSN to extract components
const DSN =
process.env.SENTRY_DSN || 'http://59a58583-e869-7697-f94a-cfa0337676a8@localhost:8000/1';
const ENVIRONMENT = process.env.SENTRY_ENVIRONMENT || 'test';
// Parse DSN: http://<key>@<host>/<project_id>
function parseDsn(dsn: string) {
const match = dsn.match(/^(https?):\/\/([^@]+)@([^/]+)\/(.+)$/);
if (!match) {
throw new Error(`Invalid DSN format: ${dsn}`);
}
return {
protocol: match[1],
publicKey: match[2],
host: match[3],
projectId: match[4],
};
}
const dsnParts = parseDsn(DSN);
const STORE_URL = `${dsnParts.protocol}://${dsnParts.host}/api/${dsnParts.projectId}/store/`;
console.log('='.repeat(60));
console.log('Bugsink/Sentry Test Script');
console.log('='.repeat(60));
console.log(`DSN: ${DSN}`);
console.log(`Store URL: ${STORE_URL}`);
console.log(`Public Key: ${dsnParts.publicKey}`);
console.log(`Environment: ${ENVIRONMENT}`);
console.log('');
// Generate a UUID for event_id
function generateEventId(): string {
return 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'.replace(/x/g, () =>
Math.floor(Math.random() * 16).toString(16),
);
}
// Send an event to Bugsink via the Sentry store API
async function sendEvent(
event: Record<string, unknown>,
): Promise<{ success: boolean; status: number }> {
const response = await fetch(STORE_URL, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Sentry-Auth': `Sentry sentry_version=7, sentry_client=test-bugsink/1.0, sentry_key=${dsnParts.publicKey}`,
},
body: JSON.stringify(event),
});
return {
success: response.ok,
status: response.status,
};
}
async function main() {
console.log('[Test] Sending test events to Bugsink...\n');
try {
// Test 1: Send an error event
const errorEventId = generateEventId();
console.log(`[Test 1] Sending error event (ID: ${errorEventId})...`);
const errorEvent = {
event_id: errorEventId,
timestamp: new Date().toISOString(),
platform: 'node',
level: 'error',
logger: 'test-bugsink.ts',
environment: ENVIRONMENT,
server_name: 'flyer-crawler-dev',
message: 'BugsinkTestError: This is a test error from test-bugsink.ts script',
exception: {
values: [
{
type: 'BugsinkTestError',
value: 'This is a test error from test-bugsink.ts script',
stacktrace: {
frames: [
{
filename: 'scripts/test-bugsink.ts',
function: 'main',
lineno: 42,
colno: 10,
in_app: true,
},
],
},
},
],
},
tags: {
test: 'true',
source: 'test-bugsink.ts',
},
};
const errorResult = await sendEvent(errorEvent);
console.log(
` Result: ${errorResult.success ? 'SUCCESS' : 'FAILED'} (HTTP ${errorResult.status})`,
);
// Test 2: Send an info message
const messageEventId = generateEventId();
console.log(`[Test 2] Sending info message (ID: ${messageEventId})...`);
const messageEvent = {
event_id: messageEventId,
timestamp: new Date().toISOString(),
platform: 'node',
level: 'info',
logger: 'test-bugsink.ts',
environment: ENVIRONMENT,
server_name: 'flyer-crawler-dev',
message: 'Test info message from test-bugsink.ts - Bugsink is working!',
tags: {
test: 'true',
source: 'test-bugsink.ts',
},
};
const messageResult = await sendEvent(messageEvent);
console.log(
` Result: ${messageResult.success ? 'SUCCESS' : 'FAILED'} (HTTP ${messageResult.status})`,
);
// Summary
console.log('');
console.log('='.repeat(60));
if (errorResult.success && messageResult.success) {
console.log('SUCCESS! Both test events were accepted by Bugsink.');
console.log('');
console.log('Check Bugsink UI at http://localhost:8000');
console.log('Look for:');
console.log(' - BugsinkTestError: "This is a test error..."');
console.log(' - Info message: "Test info message from test-bugsink.ts"');
} else {
console.log('WARNING: Some events may not have been accepted.');
console.log('Check that Bugsink is running and the DSN is correct.');
process.exit(1);
}
console.log('='.repeat(60));
} catch (error) {
console.error('[Test] Failed to send events:', error);
process.exit(1);
}
}
main();

70
server.ts
View File

@@ -1,4 +1,12 @@
// server.ts
/**
* IMPORTANT: Sentry initialization MUST happen before any other imports
* to ensure all errors are captured, including those in imported modules.
* See ADR-015: Application Performance Monitoring and Error Tracking.
*/
import { initSentry, getSentryMiddleware } from './src/services/sentry.server';
initSentry();
import express, { Request, Response, NextFunction } from 'express';
import { randomUUID } from 'crypto';
import helmet from 'helmet';
@@ -7,7 +15,7 @@ import cookieParser from 'cookie-parser';
import listEndpoints from 'express-list-endpoints';
import { getPool } from './src/services/db/connection.db';
import passport from './src/routes/passport.routes';
import passport from './src/config/passport';
import { logger } from './src/services/logger.server';
// Import routers
@@ -24,15 +32,23 @@ import statsRouter from './src/routes/stats.routes';
import gamificationRouter from './src/routes/gamification.routes';
import systemRouter from './src/routes/system.routes';
import healthRouter from './src/routes/health.routes';
import upcRouter from './src/routes/upc.routes';
import inventoryRouter from './src/routes/inventory.routes';
import receiptRouter from './src/routes/receipt.routes';
import { errorHandler } from './src/middleware/errorHandler';
import { backgroundJobService, startBackgroundJobs } from './src/services/backgroundJobService';
import type { UserProfile } from './src/types';
// API Documentation (ADR-018)
import swaggerUi from 'swagger-ui-express';
import { swaggerSpec } from './src/config/swagger';
import {
analyticsQueue,
weeklyAnalyticsQueue,
gracefulShutdown,
tokenCleanupQueue,
} from './src/services/queueService.server';
import { monitoringService } from './src/services/monitoringService.server';
// --- START DEBUG LOGGING ---
// Log the database connection details as seen by the SERVER PROCESS.
@@ -104,10 +120,15 @@ app.use(express.urlencoded({ limit: '100mb', extended: true }));
app.use(cookieParser()); // Middleware to parse cookies
app.use(passport.initialize()); // Initialize Passport
// --- Sentry Request Handler (ADR-015) ---
// Must be the first middleware after body parsers to capture request data for errors.
const sentryMiddleware = getSentryMiddleware();
app.use(sentryMiddleware.requestHandler);
// --- MOCK AUTH FOR TESTING ---
// This MUST come after passport.initialize() and BEFORE any of the API routes.
import { mockAuth } from './src/routes/passport.routes';
app.use(mockAuth);
import { mockAuth } from './src/config/passport';
app.use(mockAuth);
// Add a request timeout middleware. This will help prevent requests from hanging indefinitely.
// We set a generous 5-minute timeout to accommodate slow AI processing for large flyers.
@@ -188,8 +209,41 @@ if (!process.env.JWT_SECRET) {
process.exit(1);
}
// --- API Documentation (ADR-018) ---
// Only serve Swagger UI in non-production environments to prevent information disclosure.
if (process.env.NODE_ENV !== 'production') {
app.use(
'/docs/api-docs',
swaggerUi.serve,
swaggerUi.setup(swaggerSpec, {
customCss: '.swagger-ui .topbar { display: none }',
customSiteTitle: 'Flyer Crawler API Documentation',
}),
);
// Expose raw OpenAPI JSON spec for tooling (SDK generation, testing, etc.)
app.get('/docs/api-docs.json', (_req, res) => {
res.setHeader('Content-Type', 'application/json');
res.send(swaggerSpec);
});
logger.info('API Documentation available at /docs/api-docs');
}
// --- API Routes ---
// ADR-053: Worker Health Checks
// Expose queue metrics for monitoring.
app.get('/api/health/queues', async (req, res) => {
try {
const statuses = await monitoringService.getQueueStatuses();
res.json(statuses);
} catch (error) {
logger.error({ err: error }, 'Failed to fetch queue statuses');
res.status(503).json({ error: 'Failed to fetch queue statuses' });
}
});
// The order of route registration is critical.
// More specific routes should be registered before more general ones.
// 1. Authentication routes for login, registration, etc.
@@ -218,9 +272,19 @@ app.use('/api/personalization', personalizationRouter);
app.use('/api/price-history', priceRouter);
// 10. Public statistics routes.
app.use('/api/stats', statsRouter);
// 11. UPC barcode scanning routes.
app.use('/api/upc', upcRouter);
// 12. Inventory and expiry tracking routes.
app.use('/api/inventory', inventoryRouter);
// 13. Receipt scanning routes.
app.use('/api/receipts', receiptRouter);
// --- Error Handling and Server Startup ---
// Sentry Error Handler (ADR-015) - captures errors and sends to Bugsink.
// Must come BEFORE the custom error handler but AFTER all routes.
app.use(sentryMiddleware.errorHandler);
// Global error handling middleware. This must be the last `app.use()` call.
app.use(errorHandler);

40
sql/01-init-bugsink.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
# sql/01-init-bugsink.sh
# ============================================================================
# BUGSINK DATABASE INITIALIZATION (ADR-015)
# ============================================================================
# This script creates the Bugsink database and user for error tracking.
# It runs after 00-init-extensions.sql due to alphabetical ordering.
#
# Note: Shell scripts in docker-entrypoint-initdb.d/ can execute multiple
# SQL commands including CREATE DATABASE (which requires a separate transaction).
# ============================================================================
set -e
# Use the postgres superuser to create the bugsink user and database
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-- Create Bugsink user (if not exists)
DO \$\$
BEGIN
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'bugsink') THEN
CREATE USER bugsink WITH PASSWORD 'bugsink_dev_password';
RAISE NOTICE 'Created bugsink user';
ELSE
RAISE NOTICE 'Bugsink user already exists';
END IF;
END \$\$;
EOSQL
# Check if bugsink database exists, create if not
if psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" -lqt | cut -d \| -f 1 | grep -qw bugsink; then
echo "Bugsink database already exists"
else
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE DATABASE bugsink OWNER bugsink;
GRANT ALL PRIVILEGES ON DATABASE bugsink TO bugsink;
EOSQL
echo "Created bugsink database"
fi
echo "✅ Bugsink database and user have been configured (ADR-015)"

187
sql/Initial_triggers_and_functions.sql
View File

@@ -1,6 +1,55 @@
-- sql/Initial_triggers_and_functions.sql
-- This file contains all trigger functions and trigger definitions for the database.
-- ============================================================================
-- PART 0: OBSERVABILITY HELPERS (ADR-050)
-- ============================================================================
-- These functions provide structured logging capabilities for database functions.
-- Logs are emitted via RAISE statements and can be captured by Logstash for
-- forwarding to error tracking systems (see ADR-015).
-- Function to emit structured log messages from PL/pgSQL functions.
-- This enables observability for database operations that might otherwise fail silently.
DROP FUNCTION IF EXISTS public.fn_log(TEXT, TEXT, TEXT, JSONB);
CREATE OR REPLACE FUNCTION public.fn_log(
p_level TEXT, -- 'DEBUG', 'INFO', 'NOTICE', 'WARNING', 'ERROR'
p_function_name TEXT, -- The calling function name
p_message TEXT, -- Human-readable message
p_context JSONB DEFAULT NULL -- Additional context (user_id, params, etc.)
)
RETURNS void
LANGUAGE plpgsql
AS $$
DECLARE
log_line TEXT;
BEGIN
-- Build structured JSON log line for Logstash parsing
log_line := jsonb_build_object(
'timestamp', now(),
'level', p_level,
'source', 'postgresql',
'function', p_function_name,
'message', p_message,
'context', COALESCE(p_context, '{}'::jsonb)
)::text;
-- Use appropriate RAISE level based on severity
-- Note: We use RAISE LOG for errors to ensure they're always captured
-- regardless of client_min_messages setting
CASE UPPER(p_level)
WHEN 'DEBUG' THEN RAISE DEBUG '%', log_line;
WHEN 'INFO' THEN RAISE INFO '%', log_line;
WHEN 'NOTICE' THEN RAISE NOTICE '%', log_line;
WHEN 'WARNING' THEN RAISE WARNING '%', log_line;
WHEN 'ERROR' THEN RAISE LOG '%', log_line;
ELSE RAISE NOTICE '%', log_line;
END CASE;
END;
$$;
COMMENT ON FUNCTION public.fn_log IS 'Emits structured JSON log messages for database function observability (ADR-050)';
-- ============================================================================
-- PART 3: DATABASE FUNCTIONS
-- ============================================================================
@@ -223,13 +272,32 @@ AS $$
DECLARE
list_owner_id UUID;
item_to_add RECORD;
v_items_added INTEGER := 0;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object(
'user_id', p_user_id,
'menu_plan_id', p_menu_plan_id,
'shopping_list_id', p_shopping_list_id
);
-- Security Check: Ensure the user calling this function owns the target shopping list.
SELECT user_id INTO list_owner_id
FROM public.shopping_lists
WHERE shopping_list_id = p_shopping_list_id;
IF list_owner_id IS NULL OR list_owner_id <> p_user_id THEN
IF list_owner_id IS NULL THEN
PERFORM fn_log('WARNING', 'add_menu_plan_to_shopping_list',
'Shopping list not found',
v_context);
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
IF list_owner_id <> p_user_id THEN
PERFORM fn_log('WARNING', 'add_menu_plan_to_shopping_list',
'Permission denied: user does not own list',
v_context || jsonb_build_object('list_owner_id', list_owner_id));
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
@@ -244,9 +312,16 @@ BEGIN
DO UPDATE SET
quantity = shopping_list_items.quantity + EXCLUDED.quantity;
v_items_added := v_items_added + 1;
-- Return the details of the item that was added/updated.
RETURN QUERY SELECT item_to_add.master_item_id, item_to_add.item_name, item_to_add.shopping_list_quantity;
END LOOP;
-- Log completion (items_added = 0 is normal if pantry has everything)
PERFORM fn_log('INFO', 'add_menu_plan_to_shopping_list',
'Menu plan items added to shopping list',
v_context || jsonb_build_object('items_added', v_items_added));
END;
$$;
@@ -520,16 +595,30 @@ SECURITY DEFINER
AS $$
DECLARE
correction_record RECORD;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object('correction_id', p_correction_id);
-- 1. Fetch the correction details, ensuring it's still pending.
SELECT * INTO correction_record
FROM public.suggested_corrections
WHERE suggested_correction_id = p_correction_id AND status = 'pending';
IF NOT FOUND THEN
PERFORM fn_log('WARNING', 'approve_correction',
'Correction not found or already processed',
v_context);
RAISE EXCEPTION 'Correction with ID % not found or already processed.', p_correction_id;
END IF;
-- Add correction details to context
v_context := v_context || jsonb_build_object(
'correction_type', correction_record.correction_type,
'flyer_item_id', correction_record.flyer_item_id,
'suggested_value', correction_record.suggested_value
);
-- 2. Apply the correction based on its type.
IF correction_record.correction_type = 'INCORRECT_ITEM_LINK' THEN
UPDATE public.flyer_items
@@ -545,6 +634,11 @@ BEGIN
UPDATE public.suggested_corrections
SET status = 'approved', reviewed_at = now()
WHERE suggested_correction_id = p_correction_id;
-- Log successful correction approval
PERFORM fn_log('INFO', 'approve_correction',
'Correction approved and applied',
v_context);
END;
$$;
@@ -566,7 +660,14 @@ SECURITY INVOKER
AS $$
DECLARE
new_recipe_id BIGINT;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object(
'user_id', p_user_id,
'original_recipe_id', p_original_recipe_id
);
-- 1. Create a copy of the recipe, linking it to the new user and the original recipe.
INSERT INTO public.recipes (
user_id,
@@ -605,6 +706,9 @@ BEGIN
-- If the original recipe didn't exist, new_recipe_id will be null.
IF new_recipe_id IS NULL THEN
PERFORM fn_log('WARNING', 'fork_recipe',
'Original recipe not found',
v_context);
RETURN;
END IF;
@@ -613,6 +717,11 @@ BEGIN
INSERT INTO public.recipe_tags (recipe_id, tag_id) SELECT new_recipe_id, tag_id FROM public.recipe_tags WHERE recipe_id = p_original_recipe_id;
INSERT INTO public.recipe_appliances (recipe_id, appliance_id) SELECT new_recipe_id, appliance_id FROM public.recipe_appliances WHERE recipe_id = p_original_recipe_id;
-- Log successful fork
PERFORM fn_log('INFO', 'fork_recipe',
'Recipe forked successfully',
v_context || jsonb_build_object('new_recipe_id', new_recipe_id));
-- 3. Return the newly created recipe record.
RETURN QUERY SELECT * FROM public.recipes WHERE recipe_id = new_recipe_id;
END;
@@ -889,13 +998,32 @@ AS $$
DECLARE
list_owner_id UUID;
new_trip_id BIGINT;
v_items_count INTEGER;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object(
'user_id', p_user_id,
'shopping_list_id', p_shopping_list_id,
'total_spent_cents', p_total_spent_cents
);
-- Security Check: Ensure the user calling this function owns the target shopping list.
SELECT user_id INTO list_owner_id
FROM public.shopping_lists
WHERE shopping_list_id = p_shopping_list_id;
IF list_owner_id IS NULL OR list_owner_id <> p_user_id THEN
IF list_owner_id IS NULL THEN
PERFORM fn_log('WARNING', 'complete_shopping_list',
'Shopping list not found',
v_context);
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
IF list_owner_id <> p_user_id THEN
PERFORM fn_log('WARNING', 'complete_shopping_list',
'Permission denied: user does not own list',
v_context || jsonb_build_object('list_owner_id', list_owner_id));
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
@@ -910,10 +1038,17 @@ BEGIN
FROM public.shopping_list_items
WHERE shopping_list_id = p_shopping_list_id AND is_purchased = true;
GET DIAGNOSTICS v_items_count = ROW_COUNT;
-- 3. Delete the purchased items from the original shopping list.
DELETE FROM public.shopping_list_items
WHERE shopping_list_id = p_shopping_list_id AND is_purchased = true;
-- Log successful completion
PERFORM fn_log('INFO', 'complete_shopping_list',
'Shopping list completed successfully',
v_context || jsonb_build_object('trip_id', new_trip_id, 'items_archived', v_items_count));
RETURN new_trip_id;
END;
$$;
@@ -1047,13 +1182,19 @@ AS $$
DECLARE
v_achievement_id BIGINT;
v_points_value INTEGER;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object('user_id', p_user_id, 'achievement_name', p_achievement_name);
-- Find the achievement by name to get its ID and point value.
SELECT achievement_id, points_value INTO v_achievement_id, v_points_value
FROM public.achievements WHERE name = p_achievement_name;
-- If the achievement doesn't exist, do nothing.
-- If the achievement doesn't exist, log warning and return.
IF v_achievement_id IS NULL THEN
PERFORM fn_log('WARNING', 'award_achievement',
'Achievement not found: ' || p_achievement_name, v_context);
RETURN;
END IF;
@@ -1065,9 +1206,12 @@ BEGIN
ON CONFLICT (user_id, achievement_id) DO NOTHING;
-- If the insert was successful (i.e., the user didn't have the achievement),
-- update their total points. The `GET DIAGNOSTICS` command checks the row count of the last query.
-- update their total points and log success.
IF FOUND THEN
UPDATE public.profiles SET points = points + v_points_value WHERE user_id = p_user_id;
PERFORM fn_log('INFO', 'award_achievement',
'Achievement awarded: ' || p_achievement_name,
v_context || jsonb_build_object('points_awarded', v_points_value));
END IF;
END;
$$;
@@ -1165,13 +1309,25 @@ RETURNS TRIGGER AS $$
DECLARE
new_profile_id UUID;
user_meta_data JSONB;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object('user_id', new.user_id, 'email', new.email);
-- The user's metadata (full_name, avatar_url) is passed via a temporary session variable.
user_meta_data := current_setting('my_app.user_metadata', true)::JSONB;
INSERT INTO public.profiles (user_id, role, full_name, avatar_url)
VALUES (new.user_id, 'user', user_meta_data->>'full_name', user_meta_data->>'avatar_url')
RETURNING user_id INTO new_profile_id;
-- Create the user profile
BEGIN
INSERT INTO public.profiles (user_id, role, full_name, avatar_url)
VALUES (new.user_id, 'user', user_meta_data->>'full_name', user_meta_data->>'avatar_url')
RETURNING user_id INTO new_profile_id;
EXCEPTION WHEN OTHERS THEN
PERFORM fn_log('ERROR', 'handle_new_user',
'Failed to create profile: ' || SQLERRM,
v_context || jsonb_build_object('sqlstate', SQLSTATE));
RAISE;
END;
-- Also create a default shopping list for the new user.
INSERT INTO public.shopping_lists (user_id, name)
@@ -1179,12 +1335,20 @@ BEGIN
-- Log the new user event
INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
VALUES (new.user_id, 'user_registered',
VALUES (new.user_id, 'user_registered',
COALESCE(user_meta_data->>'full_name', new.email) || ' has registered.',
'user-plus',
'user-plus',
jsonb_build_object('email', new.email)
);
-- Award the 'Welcome Aboard' achievement for new user registration
PERFORM public.award_achievement(new.user_id, 'Welcome Aboard');
-- Log successful user creation
PERFORM fn_log('INFO', 'handle_new_user',
'New user created successfully',
v_context || jsonb_build_object('full_name', user_meta_data->>'full_name'));
RETURN new;
END;
$$ LANGUAGE plpgsql;
@@ -1196,7 +1360,8 @@ CREATE TRIGGER on_auth_user_created
FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
-- 2. Create a reusable function to automatically update 'updated_at' columns.
DROP FUNCTION IF EXISTS public.handle_updated_at();
-- CASCADE drops dependent triggers; they are recreated by the DO block below
DROP FUNCTION IF EXISTS public.handle_updated_at() CASCADE;
CREATE OR REPLACE FUNCTION public.handle_updated_at()
RETURNS TRIGGER AS $$

1
sql/initial_data.sql
View File

@@ -260,6 +260,7 @@ ON CONFLICT (name) DO NOTHING;
-- 9. Pre-populate the achievements table.
INSERT INTO public.achievements (name, description, icon, points_value) VALUES
('Welcome Aboard', 'Join the community by creating your account.', 'user-check', 5),
('First Recipe', 'Create your very first recipe.', 'chef-hat', 10),
('Recipe Sharer', 'Share a recipe with another user for the first time.', 'share-2', 15),
('List Sharer', 'Share a shopping list with another user for the first time.', 'list', 20),

265
sql/initial_schema.sql
View File

@@ -679,6 +679,7 @@ CREATE INDEX IF NOT EXISTS idx_planned_meals_menu_plan_id ON public.planned_meal
CREATE INDEX IF NOT EXISTS idx_planned_meals_recipe_id ON public.planned_meals(recipe_id);
-- 37. Track the grocery items a user currently has in their pantry.
-- NOTE: receipt_item_id FK is added later via ALTER TABLE because receipt_items is defined after this table.
CREATE TABLE IF NOT EXISTS public.pantry_items (
pantry_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
@@ -688,15 +689,38 @@ CREATE TABLE IF NOT EXISTS public.pantry_items (
best_before_date DATE,
pantry_location_id BIGINT REFERENCES public.pantry_locations(pantry_location_id) ON DELETE SET NULL,
notification_sent_at TIMESTAMPTZ,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Columns from migration 002_expiry_tracking.sql
purchase_date DATE,
source TEXT DEFAULT 'manual',
receipt_item_id BIGINT, -- FK added later via ALTER TABLE
product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
expiry_source TEXT,
is_consumed BOOLEAN DEFAULT FALSE,
consumed_at TIMESTAMPTZ,
UNIQUE(user_id, master_item_id, unit)
);
COMMENT ON TABLE public.pantry_items IS 'Tracks a user''s personal inventory of grocery items to enable smart shopping lists.';
COMMENT ON COLUMN public.pantry_items.quantity IS 'The current amount of the item. Convention: use grams for weight, mL for volume where applicable.';
COMMENT ON COLUMN public.pantry_items.pantry_location_id IS 'Links the item to a user-defined location like "Fridge" or "Freezer".';
COMMENT ON COLUMN public.pantry_items.unit IS 'e.g., ''g'', ''ml'', ''items''. Should align with recipe_ingredients.unit and quantity convention.';
COMMENT ON COLUMN public.pantry_items.purchase_date IS 'Date the item was purchased (from receipt or manual entry).';
COMMENT ON COLUMN public.pantry_items.receipt_item_id IS 'Link to receipt_items if this pantry item was created from a receipt scan.';
COMMENT ON COLUMN public.pantry_items.product_id IS 'Link to products if this pantry item was created from a UPC scan.';
COMMENT ON COLUMN public.pantry_items.expiry_source IS 'How expiry was determined: manual, calculated, package, receipt.';
COMMENT ON COLUMN public.pantry_items.is_consumed IS 'Whether the item has been fully consumed.';
COMMENT ON COLUMN public.pantry_items.consumed_at IS 'When the item was marked as consumed.';
CREATE INDEX IF NOT EXISTS idx_pantry_items_user_id ON public.pantry_items(user_id);
CREATE INDEX IF NOT EXISTS idx_pantry_items_master_item_id ON public.pantry_items(master_item_id);
CREATE INDEX IF NOT EXISTS idx_pantry_items_pantry_location_id ON public.pantry_items(pantry_location_id);
CREATE INDEX IF NOT EXISTS idx_pantry_items_best_before_date ON public.pantry_items(best_before_date)
WHERE best_before_date IS NOT NULL AND (is_consumed IS NULL OR is_consumed = FALSE);
CREATE INDEX IF NOT EXISTS idx_pantry_items_expiring_soon ON public.pantry_items(user_id, best_before_date)
WHERE best_before_date IS NOT NULL AND (is_consumed IS NULL OR is_consumed = FALSE);
CREATE INDEX IF NOT EXISTS idx_pantry_items_receipt_item_id ON public.pantry_items(receipt_item_id)
WHERE receipt_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_pantry_items_product_id ON public.pantry_items(product_id)
WHERE product_id IS NOT NULL;
-- 38. Store password reset tokens.
CREATE TABLE IF NOT EXISTS public.password_reset_tokens (
@@ -939,11 +963,21 @@ CREATE TABLE IF NOT EXISTS public.receipt_items (
status TEXT DEFAULT 'unmatched' NOT NULL CHECK (status IN ('unmatched', 'matched', 'needs_review', 'ignored')),
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Column from migration 002_expiry_tracking.sql
upc_code TEXT,
CONSTRAINT receipt_items_raw_item_description_check CHECK (TRIM(raw_item_description) <> '')
);
COMMENT ON TABLE public.receipt_items IS 'Stores individual line items extracted from a user receipt.';
COMMENT ON COLUMN public.receipt_items.upc_code IS 'UPC code if extracted from receipt or matched during processing.';
CREATE INDEX IF NOT EXISTS idx_receipt_items_receipt_id ON public.receipt_items(receipt_id);
CREATE INDEX IF NOT EXISTS idx_receipt_items_master_item_id ON public.receipt_items(master_item_id);
CREATE INDEX IF NOT EXISTS idx_receipt_items_upc_code ON public.receipt_items(upc_code)
WHERE upc_code IS NOT NULL;
-- Add FK constraint for pantry_items.receipt_item_id (deferred because receipt_items is defined after pantry_items)
ALTER TABLE public.pantry_items
ADD CONSTRAINT fk_pantry_items_receipt_item_id
FOREIGN KEY (receipt_item_id) REFERENCES public.receipt_items(receipt_item_id) ON DELETE SET NULL;
-- 54. Store schema metadata to detect changes during deployment.
CREATE TABLE IF NOT EXISTS public.schema_info (
@@ -1012,3 +1046,232 @@ CREATE INDEX IF NOT EXISTS idx_user_achievements_user_id ON public.user_achievem
CREATE INDEX IF NOT EXISTS idx_user_achievements_achievement_id ON public.user_achievements(achievement_id);
-- ============================================================================
-- UPC SCANNING FEATURE TABLES (59-60)
-- ============================================================================
-- 59. UPC Scan History - tracks all UPC scans performed by users
-- This table provides an audit trail and allows users to see their scan history
CREATE TABLE IF NOT EXISTS public.upc_scan_history (
scan_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
upc_code TEXT NOT NULL,
product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
scan_source TEXT NOT NULL,
scan_confidence NUMERIC(5,4),
raw_image_path TEXT,
lookup_successful BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT upc_scan_history_upc_code_check CHECK (upc_code ~ '^[0-9]{8,14}$'),
CONSTRAINT upc_scan_history_scan_source_check CHECK (scan_source IN ('image_upload', 'manual_entry', 'phone_app', 'camera_scan')),
CONSTRAINT upc_scan_history_scan_confidence_check CHECK (scan_confidence IS NULL OR (scan_confidence >= 0 AND scan_confidence <= 1))
);
COMMENT ON TABLE public.upc_scan_history IS 'Audit trail of all UPC barcode scans performed by users, tracking scan source and results.';
COMMENT ON COLUMN public.upc_scan_history.upc_code IS 'The scanned UPC/EAN barcode (8-14 digits).';
COMMENT ON COLUMN public.upc_scan_history.product_id IS 'Reference to the matched product, if found in our database.';
COMMENT ON COLUMN public.upc_scan_history.scan_source IS 'How the scan was performed: image_upload, manual_entry, phone_app, or camera_scan.';
COMMENT ON COLUMN public.upc_scan_history.scan_confidence IS 'Confidence score from barcode detection (0.0-1.0), null for manual entry.';
COMMENT ON COLUMN public.upc_scan_history.raw_image_path IS 'Path to the uploaded barcode image, if applicable.';
COMMENT ON COLUMN public.upc_scan_history.lookup_successful IS 'Whether the UPC was successfully matched to a product (internal or external).';
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_user_id ON public.upc_scan_history(user_id);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_upc_code ON public.upc_scan_history(upc_code);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_created_at ON public.upc_scan_history(created_at DESC);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_product_id ON public.upc_scan_history(product_id) WHERE product_id IS NOT NULL;
-- 60. UPC External Lookups - cache for external UPC database API responses
CREATE TABLE IF NOT EXISTS public.upc_external_lookups (
lookup_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
upc_code TEXT NOT NULL UNIQUE,
product_name TEXT,
brand_name TEXT,
category TEXT,
description TEXT,
image_url TEXT,
external_source TEXT NOT NULL,
lookup_data JSONB,
lookup_successful BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT upc_external_lookups_upc_code_check CHECK (upc_code ~ '^[0-9]{8,14}$'),
CONSTRAINT upc_external_lookups_external_source_check CHECK (external_source IN ('openfoodfacts', 'upcitemdb', 'manual', 'unknown')),
CONSTRAINT upc_external_lookups_name_check CHECK (NOT lookup_successful OR product_name IS NOT NULL)
);
COMMENT ON TABLE public.upc_external_lookups IS 'Cache for external UPC database API responses to reduce API calls and improve lookup speed.';
COMMENT ON COLUMN public.upc_external_lookups.upc_code IS 'The UPC/EAN barcode that was looked up.';
COMMENT ON COLUMN public.upc_external_lookups.product_name IS 'Product name returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.brand_name IS 'Brand name returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.category IS 'Product category returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.description IS 'Product description returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.image_url IS 'Product image URL returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.external_source IS 'Which external API provided this data: openfoodfacts, upcitemdb, manual, unknown.';
COMMENT ON COLUMN public.upc_external_lookups.lookup_data IS 'Full raw JSON response from the external API for reference.';
COMMENT ON COLUMN public.upc_external_lookups.lookup_successful IS 'Whether the external lookup found product information.';
CREATE INDEX IF NOT EXISTS idx_upc_external_lookups_upc_code ON public.upc_external_lookups(upc_code);
CREATE INDEX IF NOT EXISTS idx_upc_external_lookups_external_source ON public.upc_external_lookups(external_source);
-- Add index to existing products.upc_code for faster lookups
CREATE INDEX IF NOT EXISTS idx_products_upc_code ON public.products(upc_code) WHERE upc_code IS NOT NULL;
-- ============================================================================
-- EXPIRY DATE TRACKING FEATURE TABLES (61-63)
-- ============================================================================
-- 61. Expiry Date Ranges - reference table for typical shelf life
CREATE TABLE IF NOT EXISTS public.expiry_date_ranges (
expiry_range_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
category_id BIGINT REFERENCES public.categories(category_id) ON DELETE CASCADE,
item_pattern TEXT,
storage_location TEXT NOT NULL,
min_days INTEGER NOT NULL,
max_days INTEGER NOT NULL,
typical_days INTEGER NOT NULL,
notes TEXT,
source TEXT,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT expiry_date_ranges_storage_location_check CHECK (storage_location IN ('fridge', 'freezer', 'pantry', 'room_temp')),
CONSTRAINT expiry_date_ranges_min_days_check CHECK (min_days >= 0),
CONSTRAINT expiry_date_ranges_max_days_check CHECK (max_days >= min_days),
CONSTRAINT expiry_date_ranges_typical_days_check CHECK (typical_days >= min_days AND typical_days <= max_days),
CONSTRAINT expiry_date_ranges_identifier_check CHECK (
master_item_id IS NOT NULL OR category_id IS NOT NULL OR item_pattern IS NOT NULL
),
CONSTRAINT expiry_date_ranges_source_check CHECK (source IS NULL OR source IN ('usda', 'fda', 'manual', 'community'))
);
COMMENT ON TABLE public.expiry_date_ranges IS 'Reference table storing typical shelf life for grocery items based on storage location.';
COMMENT ON COLUMN public.expiry_date_ranges.master_item_id IS 'Specific item this range applies to (most specific).';
COMMENT ON COLUMN public.expiry_date_ranges.category_id IS 'Category this range applies to (fallback if no item match).';
COMMENT ON COLUMN public.expiry_date_ranges.item_pattern IS 'Regex pattern to match item names (fallback if no item/category match).';
COMMENT ON COLUMN public.expiry_date_ranges.storage_location IS 'Where the item is stored: fridge, freezer, pantry, or room_temp.';
COMMENT ON COLUMN public.expiry_date_ranges.min_days IS 'Minimum shelf life in days under proper storage.';
COMMENT ON COLUMN public.expiry_date_ranges.max_days IS 'Maximum shelf life in days under proper storage.';
COMMENT ON COLUMN public.expiry_date_ranges.typical_days IS 'Most common/recommended shelf life in days.';
COMMENT ON COLUMN public.expiry_date_ranges.notes IS 'Additional storage tips or warnings.';
COMMENT ON COLUMN public.expiry_date_ranges.source IS 'Data source: usda, fda, manual, or community.';
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_master_item_id ON public.expiry_date_ranges(master_item_id) WHERE master_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_category_id ON public.expiry_date_ranges(category_id) WHERE category_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_storage_location ON public.expiry_date_ranges(storage_location);
CREATE UNIQUE INDEX IF NOT EXISTS idx_expiry_date_ranges_unique_item_location
ON public.expiry_date_ranges(master_item_id, storage_location)
WHERE master_item_id IS NOT NULL;
CREATE UNIQUE INDEX IF NOT EXISTS idx_expiry_date_ranges_unique_category_location
ON public.expiry_date_ranges(category_id, storage_location)
WHERE category_id IS NOT NULL AND master_item_id IS NULL;
-- 62. Expiry Alerts - user notification preferences for expiry warnings
CREATE TABLE IF NOT EXISTS public.expiry_alerts (
expiry_alert_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
days_before_expiry INTEGER NOT NULL DEFAULT 3,
alert_method TEXT NOT NULL,
is_enabled BOOLEAN DEFAULT TRUE NOT NULL,
last_alert_sent_at TIMESTAMPTZ,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT expiry_alerts_days_before_check CHECK (days_before_expiry >= 0 AND days_before_expiry <= 30),
CONSTRAINT expiry_alerts_method_check CHECK (alert_method IN ('email', 'push', 'in_app')),
UNIQUE(user_id, alert_method)
);
COMMENT ON TABLE public.expiry_alerts IS 'User preferences for expiry date notifications and alerts.';
COMMENT ON COLUMN public.expiry_alerts.days_before_expiry IS 'How many days before expiry to send alert (0-30).';
COMMENT ON COLUMN public.expiry_alerts.alert_method IS 'How to notify: email, push, or in_app.';
COMMENT ON COLUMN public.expiry_alerts.is_enabled IS 'Whether this alert type is currently enabled.';
COMMENT ON COLUMN public.expiry_alerts.last_alert_sent_at IS 'Timestamp of the last alert sent to prevent duplicate notifications.';
CREATE INDEX IF NOT EXISTS idx_expiry_alerts_user_id ON public.expiry_alerts(user_id);
CREATE INDEX IF NOT EXISTS idx_expiry_alerts_enabled ON public.expiry_alerts(user_id, is_enabled) WHERE is_enabled = TRUE;
-- 63. Expiry Alert Log - tracks sent notifications
CREATE TABLE IF NOT EXISTS public.expiry_alert_log (
alert_log_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
pantry_item_id BIGINT REFERENCES public.pantry_items(pantry_item_id) ON DELETE SET NULL,
alert_type TEXT NOT NULL,
alert_method TEXT NOT NULL,
item_name TEXT NOT NULL,
expiry_date DATE,
days_until_expiry INTEGER,
sent_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT expiry_alert_log_type_check CHECK (alert_type IN ('expiring_soon', 'expired', 'expiry_reminder')),
CONSTRAINT expiry_alert_log_method_check CHECK (alert_method IN ('email', 'push', 'in_app')),
CONSTRAINT expiry_alert_log_item_name_check CHECK (TRIM(item_name) <> '')
);
COMMENT ON TABLE public.expiry_alert_log IS 'Log of all expiry notifications sent to users for auditing and duplicate prevention.';
COMMENT ON COLUMN public.expiry_alert_log.pantry_item_id IS 'The pantry item that triggered the alert (may be null if item deleted).';
COMMENT ON COLUMN public.expiry_alert_log.alert_type IS 'Type of alert: expiring_soon, expired, or expiry_reminder.';
COMMENT ON COLUMN public.expiry_alert_log.alert_method IS 'How the alert was sent: email, push, or in_app.';
COMMENT ON COLUMN public.expiry_alert_log.item_name IS 'Snapshot of item name at time of alert (in case item is deleted).';
COMMENT ON COLUMN public.expiry_alert_log.expiry_date IS 'The expiry date that triggered the alert.';
COMMENT ON COLUMN public.expiry_alert_log.days_until_expiry IS 'Days until expiry at time alert was sent (negative = expired).';
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_user_id ON public.expiry_alert_log(user_id);
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_pantry_item_id ON public.expiry_alert_log(pantry_item_id) WHERE pantry_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_sent_at ON public.expiry_alert_log(sent_at DESC);
-- ============================================================================
-- RECEIPT SCANNING ENHANCEMENT TABLES (64-65)
-- ============================================================================
-- 64. Receipt Processing Log - track OCR/AI processing attempts
CREATE TABLE IF NOT EXISTS public.receipt_processing_log (
log_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
receipt_id BIGINT NOT NULL REFERENCES public.receipts(receipt_id) ON DELETE CASCADE,
processing_step TEXT NOT NULL,
status TEXT NOT NULL,
provider TEXT,
duration_ms INTEGER,
tokens_used INTEGER,
cost_cents INTEGER,
input_data JSONB,
output_data JSONB,
error_message TEXT,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT receipt_processing_log_step_check CHECK (processing_step IN (
'upload', 'ocr_extraction', 'text_parsing', 'store_detection',
'item_extraction', 'item_matching', 'price_parsing', 'finalization'
)),
CONSTRAINT receipt_processing_log_status_check CHECK (status IN ('started', 'completed', 'failed', 'skipped')),
CONSTRAINT receipt_processing_log_provider_check CHECK (provider IS NULL OR provider IN (
'tesseract', 'openai', 'anthropic', 'google_vision', 'aws_textract', 'internal'
))
);
COMMENT ON TABLE public.receipt_processing_log IS 'Detailed log of each processing step for receipts, useful for debugging and cost tracking.';
COMMENT ON COLUMN public.receipt_processing_log.processing_step IS 'Which processing step this log entry is for.';
COMMENT ON COLUMN public.receipt_processing_log.status IS 'Status of this step: started, completed, failed, skipped.';
COMMENT ON COLUMN public.receipt_processing_log.provider IS 'External service used: tesseract, openai, anthropic, etc.';
COMMENT ON COLUMN public.receipt_processing_log.duration_ms IS 'How long this step took in milliseconds.';
COMMENT ON COLUMN public.receipt_processing_log.tokens_used IS 'Number of API tokens used (for LLM providers).';
COMMENT ON COLUMN public.receipt_processing_log.cost_cents IS 'Estimated cost in cents for this processing step.';
COMMENT ON COLUMN public.receipt_processing_log.input_data IS 'Input data sent to the processing step (for debugging).';
COMMENT ON COLUMN public.receipt_processing_log.output_data IS 'Output data received from the processing step.';
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_receipt_id ON public.receipt_processing_log(receipt_id);
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_step_status ON public.receipt_processing_log(processing_step, status);
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_created_at ON public.receipt_processing_log(created_at DESC);
-- 65. Store-specific receipt patterns - help identify stores from receipt text
CREATE TABLE IF NOT EXISTS public.store_receipt_patterns (
pattern_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
store_id BIGINT NOT NULL REFERENCES public.stores(store_id) ON DELETE CASCADE,
pattern_type TEXT NOT NULL,
pattern_value TEXT NOT NULL,
priority INTEGER DEFAULT 0,
is_active BOOLEAN DEFAULT TRUE,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT store_receipt_patterns_type_check CHECK (pattern_type IN (
'header_regex', 'footer_regex', 'phone_number', 'address_fragment', 'store_number_format'
)),
CONSTRAINT store_receipt_patterns_value_check CHECK (TRIM(pattern_value) <> ''),
UNIQUE(store_id, pattern_type, pattern_value)
);
COMMENT ON TABLE public.store_receipt_patterns IS 'Patterns to help identify stores from receipt text and format.';
COMMENT ON COLUMN public.store_receipt_patterns.pattern_type IS 'Type of pattern: header_regex, footer_regex, phone_number, etc.';
COMMENT ON COLUMN public.store_receipt_patterns.pattern_value IS 'The actual pattern (regex or literal text).';
COMMENT ON COLUMN public.store_receipt_patterns.priority IS 'Higher priority patterns are checked first.';
COMMENT ON COLUMN public.store_receipt_patterns.is_active IS 'Whether this pattern is currently in use.';
CREATE INDEX IF NOT EXISTS idx_store_receipt_patterns_store_id ON public.store_receipt_patterns(store_id);
CREATE INDEX IF NOT EXISTS idx_store_receipt_patterns_active ON public.store_receipt_patterns(pattern_type, is_active, priority DESC)
WHERE is_active = TRUE;

447
sql/master_schema_rollup.sql
View File

@@ -698,6 +698,7 @@ CREATE INDEX IF NOT EXISTS idx_planned_meals_menu_plan_id ON public.planned_meal
CREATE INDEX IF NOT EXISTS idx_planned_meals_recipe_id ON public.planned_meals(recipe_id);
-- 37. Track the grocery items a user currently has in their pantry.
-- NOTE: receipt_item_id FK is added later via ALTER TABLE because receipt_items is defined after this table.
CREATE TABLE IF NOT EXISTS public.pantry_items (
pantry_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
@@ -707,16 +708,38 @@ CREATE TABLE IF NOT EXISTS public.pantry_items (
best_before_date DATE,
pantry_location_id BIGINT REFERENCES public.pantry_locations(pantry_location_id) ON DELETE SET NULL,
notification_sent_at TIMESTAMPTZ,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Columns from migration 002_expiry_tracking.sql
purchase_date DATE,
source TEXT DEFAULT 'manual',
receipt_item_id BIGINT, -- FK added later via ALTER TABLE
product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
expiry_source TEXT,
is_consumed BOOLEAN DEFAULT FALSE,
consumed_at TIMESTAMPTZ,
UNIQUE(user_id, master_item_id, unit)
);
COMMENT ON TABLE public.pantry_items IS 'Tracks a user''s personal inventory of grocery items to enable smart shopping lists.';
COMMENT ON COLUMN public.pantry_items.quantity IS 'The current amount of the item. Convention: use grams for weight, mL for volume where applicable.';
COMMENT ON COLUMN public.pantry_items.pantry_location_id IS 'Links the item to a user-defined location like "Fridge" or "Freezer".';
COMMENT ON COLUMN public.pantry_items.unit IS 'e.g., ''g'', ''ml'', ''items''. Should align with recipe_ingredients.unit and quantity convention.';
COMMENT ON COLUMN public.pantry_items.purchase_date IS 'Date the item was purchased (from receipt or manual entry).';
COMMENT ON COLUMN public.pantry_items.receipt_item_id IS 'Link to receipt_items if this pantry item was created from a receipt scan.';
COMMENT ON COLUMN public.pantry_items.product_id IS 'Link to products if this pantry item was created from a UPC scan.';
COMMENT ON COLUMN public.pantry_items.expiry_source IS 'How expiry was determined: manual, calculated, package, receipt.';
COMMENT ON COLUMN public.pantry_items.is_consumed IS 'Whether the item has been fully consumed.';
COMMENT ON COLUMN public.pantry_items.consumed_at IS 'When the item was marked as consumed.';
CREATE INDEX IF NOT EXISTS idx_pantry_items_user_id ON public.pantry_items(user_id);
CREATE INDEX IF NOT EXISTS idx_pantry_items_master_item_id ON public.pantry_items(master_item_id);
CREATE INDEX IF NOT EXISTS idx_pantry_items_pantry_location_id ON public.pantry_items(pantry_location_id);
CREATE INDEX IF NOT EXISTS idx_pantry_items_best_before_date ON public.pantry_items(best_before_date)
WHERE best_before_date IS NOT NULL AND (is_consumed IS NULL OR is_consumed = FALSE);
CREATE INDEX IF NOT EXISTS idx_pantry_items_expiring_soon ON public.pantry_items(user_id, best_before_date)
WHERE best_before_date IS NOT NULL AND (is_consumed IS NULL OR is_consumed = FALSE);
CREATE INDEX IF NOT EXISTS idx_pantry_items_receipt_item_id ON public.pantry_items(receipt_item_id)
WHERE receipt_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_pantry_items_product_id ON public.pantry_items(product_id)
WHERE product_id IS NOT NULL;
-- 38. Store password reset tokens.
CREATE TABLE IF NOT EXISTS public.password_reset_tokens (
@@ -959,11 +982,21 @@ CREATE TABLE IF NOT EXISTS public.receipt_items (
status TEXT DEFAULT 'unmatched' NOT NULL CHECK (status IN ('unmatched', 'matched', 'needs_review', 'ignored')),
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Column from migration 002_expiry_tracking.sql
upc_code TEXT,
CONSTRAINT receipt_items_raw_item_description_check CHECK (TRIM(raw_item_description) <> '')
);
COMMENT ON TABLE public.receipt_items IS 'Stores individual line items extracted from a user receipt.';
COMMENT ON COLUMN public.receipt_items.upc_code IS 'UPC code if extracted from receipt or matched during processing.';
CREATE INDEX IF NOT EXISTS idx_receipt_items_receipt_id ON public.receipt_items(receipt_id);
CREATE INDEX IF NOT EXISTS idx_receipt_items_master_item_id ON public.receipt_items(master_item_id);
CREATE INDEX IF NOT EXISTS idx_receipt_items_upc_code ON public.receipt_items(upc_code)
WHERE upc_code IS NOT NULL;
-- Add FK constraint for pantry_items.receipt_item_id (deferred because receipt_items is defined after pantry_items)
ALTER TABLE public.pantry_items
ADD CONSTRAINT fk_pantry_items_receipt_item_id
FOREIGN KEY (receipt_item_id) REFERENCES public.receipt_items(receipt_item_id) ON DELETE SET NULL;
-- 54. Store schema metadata to detect changes during deployment.
CREATE TABLE IF NOT EXISTS public.schema_info (
@@ -1033,6 +1066,235 @@ CREATE INDEX IF NOT EXISTS idx_user_achievements_user_id ON public.user_achievem
CREATE INDEX IF NOT EXISTS idx_user_achievements_achievement_id ON public.user_achievements(achievement_id);
-- ============================================================================
-- UPC SCANNING FEATURE TABLES (59-60)
-- ============================================================================
-- 59. UPC Scan History - tracks all UPC scans performed by users
-- This table provides an audit trail and allows users to see their scan history
CREATE TABLE IF NOT EXISTS public.upc_scan_history (
scan_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
upc_code TEXT NOT NULL,
product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
scan_source TEXT NOT NULL,
scan_confidence NUMERIC(5,4),
raw_image_path TEXT,
lookup_successful BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT upc_scan_history_upc_code_check CHECK (upc_code ~ '^[0-9]{8,14}$'),
CONSTRAINT upc_scan_history_scan_source_check CHECK (scan_source IN ('image_upload', 'manual_entry', 'phone_app', 'camera_scan')),
CONSTRAINT upc_scan_history_scan_confidence_check CHECK (scan_confidence IS NULL OR (scan_confidence >= 0 AND scan_confidence <= 1))
);
COMMENT ON TABLE public.upc_scan_history IS 'Audit trail of all UPC barcode scans performed by users, tracking scan source and results.';
COMMENT ON COLUMN public.upc_scan_history.upc_code IS 'The scanned UPC/EAN barcode (8-14 digits).';
COMMENT ON COLUMN public.upc_scan_history.product_id IS 'Reference to the matched product, if found in our database.';
COMMENT ON COLUMN public.upc_scan_history.scan_source IS 'How the scan was performed: image_upload, manual_entry, phone_app, or camera_scan.';
COMMENT ON COLUMN public.upc_scan_history.scan_confidence IS 'Confidence score from barcode detection (0.0-1.0), null for manual entry.';
COMMENT ON COLUMN public.upc_scan_history.raw_image_path IS 'Path to the uploaded barcode image, if applicable.';
COMMENT ON COLUMN public.upc_scan_history.lookup_successful IS 'Whether the UPC was successfully matched to a product (internal or external).';
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_user_id ON public.upc_scan_history(user_id);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_upc_code ON public.upc_scan_history(upc_code);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_created_at ON public.upc_scan_history(created_at DESC);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_product_id ON public.upc_scan_history(product_id) WHERE product_id IS NOT NULL;
-- 60. UPC External Lookups - cache for external UPC database API responses
CREATE TABLE IF NOT EXISTS public.upc_external_lookups (
lookup_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
upc_code TEXT NOT NULL UNIQUE,
product_name TEXT,
brand_name TEXT,
category TEXT,
description TEXT,
image_url TEXT,
external_source TEXT NOT NULL,
lookup_data JSONB,
lookup_successful BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT upc_external_lookups_upc_code_check CHECK (upc_code ~ '^[0-9]{8,14}$'),
CONSTRAINT upc_external_lookups_external_source_check CHECK (external_source IN ('openfoodfacts', 'upcitemdb', 'manual', 'unknown')),
CONSTRAINT upc_external_lookups_name_check CHECK (NOT lookup_successful OR product_name IS NOT NULL)
);
COMMENT ON TABLE public.upc_external_lookups IS 'Cache for external UPC database API responses to reduce API calls and improve lookup speed.';
COMMENT ON COLUMN public.upc_external_lookups.upc_code IS 'The UPC/EAN barcode that was looked up.';
COMMENT ON COLUMN public.upc_external_lookups.product_name IS 'Product name returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.brand_name IS 'Brand name returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.category IS 'Product category returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.description IS 'Product description returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.image_url IS 'Product image URL returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.external_source IS 'Which external API provided this data: openfoodfacts, upcitemdb, manual, unknown.';
COMMENT ON COLUMN public.upc_external_lookups.lookup_data IS 'Full raw JSON response from the external API for reference.';
COMMENT ON COLUMN public.upc_external_lookups.lookup_successful IS 'Whether the external lookup found product information.';
CREATE INDEX IF NOT EXISTS idx_upc_external_lookups_upc_code ON public.upc_external_lookups(upc_code);
CREATE INDEX IF NOT EXISTS idx_upc_external_lookups_external_source ON public.upc_external_lookups(external_source);
-- Add index to existing products.upc_code for faster lookups
CREATE INDEX IF NOT EXISTS idx_products_upc_code ON public.products(upc_code) WHERE upc_code IS NOT NULL;
-- ============================================================================
-- EXPIRY DATE TRACKING FEATURE TABLES (61-63)
-- ============================================================================
-- 61. Expiry Date Ranges - reference table for typical shelf life
CREATE TABLE IF NOT EXISTS public.expiry_date_ranges (
expiry_range_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
category_id BIGINT REFERENCES public.categories(category_id) ON DELETE CASCADE,
item_pattern TEXT,
storage_location TEXT NOT NULL,
min_days INTEGER NOT NULL,
max_days INTEGER NOT NULL,
typical_days INTEGER NOT NULL,
notes TEXT,
source TEXT,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT expiry_date_ranges_storage_location_check CHECK (storage_location IN ('fridge', 'freezer', 'pantry', 'room_temp')),
CONSTRAINT expiry_date_ranges_min_days_check CHECK (min_days >= 0),
CONSTRAINT expiry_date_ranges_max_days_check CHECK (max_days >= min_days),
CONSTRAINT expiry_date_ranges_typical_days_check CHECK (typical_days >= min_days AND typical_days <= max_days),
CONSTRAINT expiry_date_ranges_identifier_check CHECK (
master_item_id IS NOT NULL OR category_id IS NOT NULL OR item_pattern IS NOT NULL
),
CONSTRAINT expiry_date_ranges_source_check CHECK (source IS NULL OR source IN ('usda', 'fda', 'manual', 'community'))
);
COMMENT ON TABLE public.expiry_date_ranges IS 'Reference table storing typical shelf life for grocery items based on storage location.';
COMMENT ON COLUMN public.expiry_date_ranges.master_item_id IS 'Specific item this range applies to (most specific).';
COMMENT ON COLUMN public.expiry_date_ranges.category_id IS 'Category this range applies to (fallback if no item match).';
COMMENT ON COLUMN public.expiry_date_ranges.item_pattern IS 'Regex pattern to match item names (fallback if no item/category match).';
COMMENT ON COLUMN public.expiry_date_ranges.storage_location IS 'Where the item is stored: fridge, freezer, pantry, or room_temp.';
COMMENT ON COLUMN public.expiry_date_ranges.min_days IS 'Minimum shelf life in days under proper storage.';
COMMENT ON COLUMN public.expiry_date_ranges.max_days IS 'Maximum shelf life in days under proper storage.';
COMMENT ON COLUMN public.expiry_date_ranges.typical_days IS 'Most common/recommended shelf life in days.';
COMMENT ON COLUMN public.expiry_date_ranges.notes IS 'Additional storage tips or warnings.';
COMMENT ON COLUMN public.expiry_date_ranges.source IS 'Data source: usda, fda, manual, or community.';
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_master_item_id ON public.expiry_date_ranges(master_item_id) WHERE master_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_category_id ON public.expiry_date_ranges(category_id) WHERE category_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_storage_location ON public.expiry_date_ranges(storage_location);
CREATE UNIQUE INDEX IF NOT EXISTS idx_expiry_date_ranges_unique_item_location
ON public.expiry_date_ranges(master_item_id, storage_location)
WHERE master_item_id IS NOT NULL;
CREATE UNIQUE INDEX IF NOT EXISTS idx_expiry_date_ranges_unique_category_location
ON public.expiry_date_ranges(category_id, storage_location)
WHERE category_id IS NOT NULL AND master_item_id IS NULL;
-- 62. Expiry Alerts - user notification preferences for expiry warnings
CREATE TABLE IF NOT EXISTS public.expiry_alerts (
expiry_alert_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
days_before_expiry INTEGER NOT NULL DEFAULT 3,
alert_method TEXT NOT NULL,
is_enabled BOOLEAN DEFAULT TRUE NOT NULL,
last_alert_sent_at TIMESTAMPTZ,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT expiry_alerts_days_before_check CHECK (days_before_expiry >= 0 AND days_before_expiry <= 30),
CONSTRAINT expiry_alerts_method_check CHECK (alert_method IN ('email', 'push', 'in_app')),
UNIQUE(user_id, alert_method)
);
COMMENT ON TABLE public.expiry_alerts IS 'User preferences for expiry date notifications and alerts.';
COMMENT ON COLUMN public.expiry_alerts.days_before_expiry IS 'How many days before expiry to send alert (0-30).';
COMMENT ON COLUMN public.expiry_alerts.alert_method IS 'How to notify: email, push, or in_app.';
COMMENT ON COLUMN public.expiry_alerts.is_enabled IS 'Whether this alert type is currently enabled.';
COMMENT ON COLUMN public.expiry_alerts.last_alert_sent_at IS 'Timestamp of the last alert sent to prevent duplicate notifications.';
CREATE INDEX IF NOT EXISTS idx_expiry_alerts_user_id ON public.expiry_alerts(user_id);
CREATE INDEX IF NOT EXISTS idx_expiry_alerts_enabled ON public.expiry_alerts(user_id, is_enabled) WHERE is_enabled = TRUE;
-- 63. Expiry Alert Log - tracks sent notifications
CREATE TABLE IF NOT EXISTS public.expiry_alert_log (
alert_log_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
pantry_item_id BIGINT REFERENCES public.pantry_items(pantry_item_id) ON DELETE SET NULL,
alert_type TEXT NOT NULL,
alert_method TEXT NOT NULL,
item_name TEXT NOT NULL,
expiry_date DATE,
days_until_expiry INTEGER,
sent_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT expiry_alert_log_type_check CHECK (alert_type IN ('expiring_soon', 'expired', 'expiry_reminder')),
CONSTRAINT expiry_alert_log_method_check CHECK (alert_method IN ('email', 'push', 'in_app')),
CONSTRAINT expiry_alert_log_item_name_check CHECK (TRIM(item_name) <> '')
);
COMMENT ON TABLE public.expiry_alert_log IS 'Log of all expiry notifications sent to users for auditing and duplicate prevention.';
COMMENT ON COLUMN public.expiry_alert_log.pantry_item_id IS 'The pantry item that triggered the alert (may be null if item deleted).';
COMMENT ON COLUMN public.expiry_alert_log.alert_type IS 'Type of alert: expiring_soon, expired, or expiry_reminder.';
COMMENT ON COLUMN public.expiry_alert_log.alert_method IS 'How the alert was sent: email, push, or in_app.';
COMMENT ON COLUMN public.expiry_alert_log.item_name IS 'Snapshot of item name at time of alert (in case item is deleted).';
COMMENT ON COLUMN public.expiry_alert_log.expiry_date IS 'The expiry date that triggered the alert.';
COMMENT ON COLUMN public.expiry_alert_log.days_until_expiry IS 'Days until expiry at time alert was sent (negative = expired).';
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_user_id ON public.expiry_alert_log(user_id);
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_pantry_item_id ON public.expiry_alert_log(pantry_item_id) WHERE pantry_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_sent_at ON public.expiry_alert_log(sent_at DESC);
-- ============================================================================
-- RECEIPT SCANNING ENHANCEMENT TABLES (64-65)
-- ============================================================================
-- 64. Receipt Processing Log - track OCR/AI processing attempts
CREATE TABLE IF NOT EXISTS public.receipt_processing_log (
log_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
receipt_id BIGINT NOT NULL REFERENCES public.receipts(receipt_id) ON DELETE CASCADE,
processing_step TEXT NOT NULL,
status TEXT NOT NULL,
provider TEXT,
duration_ms INTEGER,
tokens_used INTEGER,
cost_cents INTEGER,
input_data JSONB,
output_data JSONB,
error_message TEXT,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT receipt_processing_log_step_check CHECK (processing_step IN (
'upload', 'ocr_extraction', 'text_parsing', 'store_detection',
'item_extraction', 'item_matching', 'price_parsing', 'finalization'
)),
CONSTRAINT receipt_processing_log_status_check CHECK (status IN ('started', 'completed', 'failed', 'skipped')),
CONSTRAINT receipt_processing_log_provider_check CHECK (provider IS NULL OR provider IN (
'tesseract', 'openai', 'anthropic', 'google_vision', 'aws_textract', 'internal'
))
);
COMMENT ON TABLE public.receipt_processing_log IS 'Detailed log of each processing step for receipts, useful for debugging and cost tracking.';
COMMENT ON COLUMN public.receipt_processing_log.processing_step IS 'Which processing step this log entry is for.';
COMMENT ON COLUMN public.receipt_processing_log.status IS 'Status of this step: started, completed, failed, skipped.';
COMMENT ON COLUMN public.receipt_processing_log.provider IS 'External service used: tesseract, openai, anthropic, etc.';
COMMENT ON COLUMN public.receipt_processing_log.duration_ms IS 'How long this step took in milliseconds.';
COMMENT ON COLUMN public.receipt_processing_log.tokens_used IS 'Number of API tokens used (for LLM providers).';
COMMENT ON COLUMN public.receipt_processing_log.cost_cents IS 'Estimated cost in cents for this processing step.';
COMMENT ON COLUMN public.receipt_processing_log.input_data IS 'Input data sent to the processing step (for debugging).';
COMMENT ON COLUMN public.receipt_processing_log.output_data IS 'Output data received from the processing step.';
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_receipt_id ON public.receipt_processing_log(receipt_id);
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_step_status ON public.receipt_processing_log(processing_step, status);
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_created_at ON public.receipt_processing_log(created_at DESC);
-- 65. Store-specific receipt patterns - help identify stores from receipt text
CREATE TABLE IF NOT EXISTS public.store_receipt_patterns (
pattern_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
store_id BIGINT NOT NULL REFERENCES public.stores(store_id) ON DELETE CASCADE,
pattern_type TEXT NOT NULL,
pattern_value TEXT NOT NULL,
priority INTEGER DEFAULT 0,
is_active BOOLEAN DEFAULT TRUE,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
CONSTRAINT store_receipt_patterns_type_check CHECK (pattern_type IN (
'header_regex', 'footer_regex', 'phone_number', 'address_fragment', 'store_number_format'
)),
CONSTRAINT store_receipt_patterns_value_check CHECK (TRIM(pattern_value) <> ''),
UNIQUE(store_id, pattern_type, pattern_value)
);
COMMENT ON TABLE public.store_receipt_patterns IS 'Patterns to help identify stores from receipt text and format.';
COMMENT ON COLUMN public.store_receipt_patterns.pattern_type IS 'Type of pattern: header_regex, footer_regex, phone_number, etc.';
COMMENT ON COLUMN public.store_receipt_patterns.pattern_value IS 'The actual pattern (regex or literal text).';
COMMENT ON COLUMN public.store_receipt_patterns.priority IS 'Higher priority patterns are checked first.';
COMMENT ON COLUMN public.store_receipt_patterns.is_active IS 'Whether this pattern is currently in use.';
CREATE INDEX IF NOT EXISTS idx_store_receipt_patterns_store_id ON public.store_receipt_patterns(store_id);
CREATE INDEX IF NOT EXISTS idx_store_receipt_patterns_active ON public.store_receipt_patterns(pattern_type, is_active, priority DESC)
WHERE is_active = TRUE;
-- ============================================================================
-- PART 2: DATA SEEDING
@@ -1258,6 +1520,7 @@ ON CONFLICT (name) DO NOTHING;
-- Pre-populate the achievements table.
INSERT INTO public.achievements (name, description, icon, points_value) VALUES
('Welcome Aboard', 'Join the community by creating your account.', 'user-check', 5),
('First Recipe', 'Create your very first recipe.', 'chef-hat', 10),
('Recipe Sharer', 'Share a recipe with another user for the first time.', 'share-2', 15),
('List Sharer', 'Share a shopping list with another user for the first time.', 'list', 20),
@@ -1267,6 +1530,55 @@ INSERT INTO public.achievements (name, description, icon, points_value) VALUES
('First-Upload', 'Upload your first flyer.', 'upload-cloud', 25)
ON CONFLICT (name) DO NOTHING;
-- ============================================================================
-- PART 0: OBSERVABILITY HELPERS (ADR-050)
-- ============================================================================
-- These functions provide structured logging capabilities for database functions.
-- Logs are emitted via RAISE statements and can be captured by Logstash for
-- forwarding to error tracking systems (see ADR-015).
-- Function to emit structured log messages from PL/pgSQL functions.
-- This enables observability for database operations that might otherwise fail silently.
DROP FUNCTION IF EXISTS public.fn_log(TEXT, TEXT, TEXT, JSONB);
CREATE OR REPLACE FUNCTION public.fn_log(
p_level TEXT, -- 'DEBUG', 'INFO', 'NOTICE', 'WARNING', 'ERROR'
p_function_name TEXT, -- The calling function name
p_message TEXT, -- Human-readable message
p_context JSONB DEFAULT NULL -- Additional context (user_id, params, etc.)
)
RETURNS void
LANGUAGE plpgsql
AS $$
DECLARE
log_line TEXT;
BEGIN
-- Build structured JSON log line for Logstash parsing
log_line := jsonb_build_object(
'timestamp', now(),
'level', p_level,
'source', 'postgresql',
'function', p_function_name,
'message', p_message,
'context', COALESCE(p_context, '{}'::jsonb)
)::text;
-- Use appropriate RAISE level based on severity
-- Note: We use RAISE LOG for errors to ensure they're always captured
-- regardless of client_min_messages setting
CASE UPPER(p_level)
WHEN 'DEBUG' THEN RAISE DEBUG '%', log_line;
WHEN 'INFO' THEN RAISE INFO '%', log_line;
WHEN 'NOTICE' THEN RAISE NOTICE '%', log_line;
WHEN 'WARNING' THEN RAISE WARNING '%', log_line;
WHEN 'ERROR' THEN RAISE LOG '%', log_line;
ELSE RAISE NOTICE '%', log_line;
END CASE;
END;
$$;
COMMENT ON FUNCTION public.fn_log IS 'Emits structured JSON log messages for database function observability (ADR-050)';
-- ============================================================================
-- PART 3: DATABASE FUNCTIONS
-- ============================================================================
@@ -1487,13 +1799,32 @@ AS $$
DECLARE
list_owner_id UUID;
item_to_add RECORD;
v_items_added INTEGER := 0;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object(
'user_id', p_user_id,
'menu_plan_id', p_menu_plan_id,
'shopping_list_id', p_shopping_list_id
);
-- Security Check: Ensure the user calling this function owns the target shopping list.
SELECT user_id INTO list_owner_id
FROM public.shopping_lists
WHERE shopping_list_id = p_shopping_list_id;
IF list_owner_id IS NULL OR list_owner_id <> p_user_id THEN
IF list_owner_id IS NULL THEN
PERFORM fn_log('WARNING', 'add_menu_plan_to_shopping_list',
'Shopping list not found',
v_context);
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
IF list_owner_id <> p_user_id THEN
PERFORM fn_log('WARNING', 'add_menu_plan_to_shopping_list',
'Permission denied: user does not own list',
v_context || jsonb_build_object('list_owner_id', list_owner_id));
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
@@ -1508,9 +1839,16 @@ BEGIN
DO UPDATE SET
quantity = shopping_list_items.quantity + EXCLUDED.quantity;
v_items_added := v_items_added + 1;
-- Return the details of the item that was added/updated.
RETURN QUERY SELECT item_to_add.master_item_id, item_to_add.item_name, item_to_add.shopping_list_quantity;
END LOOP;
-- Log completion (items_added = 0 is normal if pantry has everything)
PERFORM fn_log('INFO', 'add_menu_plan_to_shopping_list',
'Menu plan items added to shopping list',
v_context || jsonb_build_object('items_added', v_items_added));
END;
$$;
@@ -2038,13 +2376,32 @@ AS $$
DECLARE
list_owner_id UUID;
new_trip_id BIGINT;
v_items_count INTEGER;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object(
'user_id', p_user_id,
'shopping_list_id', p_shopping_list_id,
'total_spent_cents', p_total_spent_cents
);
-- Security Check: Ensure the user calling this function owns the target shopping list.
SELECT user_id INTO list_owner_id
FROM public.shopping_lists
WHERE shopping_list_id = p_shopping_list_id;
IF list_owner_id IS NULL OR list_owner_id <> p_user_id THEN
IF list_owner_id IS NULL THEN
PERFORM fn_log('WARNING', 'complete_shopping_list',
'Shopping list not found',
v_context);
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
IF list_owner_id <> p_user_id THEN
PERFORM fn_log('WARNING', 'complete_shopping_list',
'Permission denied: user does not own list',
v_context || jsonb_build_object('list_owner_id', list_owner_id));
RAISE EXCEPTION 'Permission denied: You do not own shopping list %', p_shopping_list_id;
END IF;
@@ -2059,10 +2416,17 @@ BEGIN
FROM public.shopping_list_items
WHERE shopping_list_id = p_shopping_list_id AND is_purchased = true;
GET DIAGNOSTICS v_items_count = ROW_COUNT;
-- 3. Delete the purchased items from the original shopping list.
DELETE FROM public.shopping_list_items
WHERE shopping_list_id = p_shopping_list_id AND is_purchased = true;
-- Log successful completion
PERFORM fn_log('INFO', 'complete_shopping_list',
'Shopping list completed successfully',
v_context || jsonb_build_object('trip_id', new_trip_id, 'items_archived', v_items_count));
RETURN new_trip_id;
END;
$$;
@@ -2197,16 +2561,30 @@ SECURITY DEFINER
AS $$
DECLARE
correction_record RECORD;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object('correction_id', p_correction_id);
-- 1. Fetch the correction details, ensuring it's still pending.
SELECT * INTO correction_record
FROM public.suggested_corrections
WHERE suggested_correction_id = p_correction_id AND status = 'pending';
IF NOT FOUND THEN
PERFORM fn_log('WARNING', 'approve_correction',
'Correction not found or already processed',
v_context);
RAISE EXCEPTION 'Correction with ID % not found or already processed.', p_correction_id;
END IF;
-- Add correction details to context
v_context := v_context || jsonb_build_object(
'correction_type', correction_record.correction_type,
'flyer_item_id', correction_record.flyer_item_id,
'suggested_value', correction_record.suggested_value
);
-- 2. Apply the correction based on its type.
IF correction_record.correction_type = 'INCORRECT_ITEM_LINK' THEN
UPDATE public.flyer_items
@@ -2222,6 +2600,11 @@ BEGIN
UPDATE public.suggested_corrections
SET status = 'approved', reviewed_at = now()
WHERE suggested_correction_id = p_correction_id;
-- Log successful correction approval
PERFORM fn_log('INFO', 'approve_correction',
'Correction approved and applied',
v_context);
END;
$$;
@@ -2236,13 +2619,19 @@ AS $$
DECLARE
v_achievement_id BIGINT;
v_points_value INTEGER;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object('user_id', p_user_id, 'achievement_name', p_achievement_name);
-- Find the achievement by name to get its ID and point value.
SELECT achievement_id, points_value INTO v_achievement_id, v_points_value
FROM public.achievements WHERE name = p_achievement_name;
-- If the achievement doesn't exist, do nothing.
-- If the achievement doesn't exist, log warning and return.
IF v_achievement_id IS NULL THEN
PERFORM fn_log('WARNING', 'award_achievement',
'Achievement not found: ' || p_achievement_name, v_context);
RETURN;
END IF;
@@ -2254,9 +2643,12 @@ BEGIN
ON CONFLICT (user_id, achievement_id) DO NOTHING;
-- If the insert was successful (i.e., the user didn't have the achievement),
-- update their total points. The `GET DIAGNOSTICS` command checks the row count of the last query.
-- update their total points and log success.
IF FOUND THEN
UPDATE public.profiles SET points = points + v_points_value WHERE user_id = p_user_id;
PERFORM fn_log('INFO', 'award_achievement',
'Achievement awarded: ' || p_achievement_name,
v_context || jsonb_build_object('points_awarded', v_points_value));
END IF;
END;
$$;
@@ -2279,7 +2671,14 @@ SECURITY INVOKER
AS $$
DECLARE
new_recipe_id BIGINT;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object(
'user_id', p_user_id,
'original_recipe_id', p_original_recipe_id
);
-- 1. Create a copy of the recipe, linking it to the new user and the original recipe.
INSERT INTO public.recipes (
user_id,
@@ -2318,6 +2717,9 @@ BEGIN
-- If the original recipe didn't exist, new_recipe_id will be null.
IF new_recipe_id IS NULL THEN
PERFORM fn_log('WARNING', 'fork_recipe',
'Original recipe not found',
v_context);
RETURN;
END IF;
@@ -2326,6 +2728,11 @@ BEGIN
INSERT INTO public.recipe_tags (recipe_id, tag_id) SELECT new_recipe_id, tag_id FROM public.recipe_tags WHERE recipe_id = p_original_recipe_id;
INSERT INTO public.recipe_appliances (recipe_id, appliance_id) SELECT new_recipe_id, appliance_id FROM public.recipe_appliances WHERE recipe_id = p_original_recipe_id;
-- Log successful fork
PERFORM fn_log('INFO', 'fork_recipe',
'Recipe forked successfully',
v_context || jsonb_build_object('new_recipe_id', new_recipe_id));
-- 3. Return the newly created recipe record.
RETURN QUERY SELECT * FROM public.recipes WHERE recipe_id = new_recipe_id;
END;
@@ -2346,13 +2753,25 @@ RETURNS TRIGGER AS $$
DECLARE
new_profile_id UUID;
user_meta_data JSONB;
v_context JSONB;
BEGIN
-- Build context for logging
v_context := jsonb_build_object('user_id', new.user_id, 'email', new.email);
-- The user's metadata (full_name, avatar_url) is passed via a temporary session variable.
user_meta_data := current_setting('my_app.user_metadata', true)::JSONB;
INSERT INTO public.profiles (user_id, role, full_name, avatar_url)
VALUES (new.user_id, 'user', user_meta_data->>'full_name', user_meta_data->>'avatar_url')
RETURNING user_id INTO new_profile_id;
-- Create the user profile
BEGIN
INSERT INTO public.profiles (user_id, role, full_name, avatar_url)
VALUES (new.user_id, 'user', user_meta_data->>'full_name', user_meta_data->>'avatar_url')
RETURNING user_id INTO new_profile_id;
EXCEPTION WHEN OTHERS THEN
PERFORM fn_log('ERROR', 'handle_new_user',
'Failed to create profile: ' || SQLERRM,
v_context || jsonb_build_object('sqlstate', SQLSTATE));
RAISE;
END;
-- Also create a default shopping list for the new user.
INSERT INTO public.shopping_lists (user_id, name)
@@ -2365,6 +2784,15 @@ BEGIN
'user-plus',
jsonb_build_object('email', new.email)
);
-- Award the 'Welcome Aboard' achievement for new user registration
PERFORM public.award_achievement(new.user_id, 'Welcome Aboard');
-- Log successful user creation
PERFORM fn_log('INFO', 'handle_new_user',
'New user created successfully',
v_context || jsonb_build_object('full_name', user_meta_data->>'full_name'));
RETURN new;
END;
$$ LANGUAGE plpgsql;
@@ -2380,7 +2808,8 @@ CREATE TRIGGER on_auth_user_created
FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
-- 2. Create a reusable function to automatically update 'updated_at' columns.
DROP FUNCTION IF EXISTS public.handle_updated_at();
-- CASCADE drops dependent triggers; they are recreated by the DO block below
DROP FUNCTION IF EXISTS public.handle_updated_at() CASCADE;
CREATE OR REPLACE FUNCTION public.handle_updated_at()
RETURNS TRIGGER AS $$

90
sql/migrations/001_upc_scanning.sql Normal file
View File

@@ -0,0 +1,90 @@
-- sql/migrations/001_upc_scanning.sql
-- ============================================================================
-- UPC SCANNING FEATURE MIGRATION
-- ============================================================================
-- Purpose:
-- This migration adds tables to support UPC barcode scanning functionality:
-- 1. upc_scan_history - Audit trail of all UPC scans performed by users
-- 2. upc_external_lookups - Cache for external UPC database API responses
--
-- The products.upc_code column already exists in the schema.
-- These tables extend the functionality to track scans and cache lookups.
-- ============================================================================
-- 1. UPC Scan History - tracks all UPC scans performed by users
-- This table provides an audit trail and allows users to see their scan history
CREATE TABLE IF NOT EXISTS public.upc_scan_history (
scan_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
upc_code TEXT NOT NULL,
product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
scan_source TEXT NOT NULL,
scan_confidence NUMERIC(5,4),
raw_image_path TEXT,
lookup_successful BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate UPC code format (8-14 digits for UPC-A, UPC-E, EAN-8, EAN-13, etc.)
CONSTRAINT upc_scan_history_upc_code_check CHECK (upc_code ~ '^[0-9]{8,14}$'),
-- Validate scan source is one of the allowed values
CONSTRAINT upc_scan_history_scan_source_check CHECK (scan_source IN ('image_upload', 'manual_entry', 'phone_app', 'camera_scan')),
-- Confidence score must be between 0 and 1 if provided
CONSTRAINT upc_scan_history_scan_confidence_check CHECK (scan_confidence IS NULL OR (scan_confidence >= 0 AND scan_confidence <= 1))
);
COMMENT ON TABLE public.upc_scan_history IS 'Audit trail of all UPC barcode scans performed by users, tracking scan source and results.';
COMMENT ON COLUMN public.upc_scan_history.upc_code IS 'The scanned UPC/EAN barcode (8-14 digits).';
COMMENT ON COLUMN public.upc_scan_history.product_id IS 'Reference to the matched product, if found in our database.';
COMMENT ON COLUMN public.upc_scan_history.scan_source IS 'How the scan was performed: image_upload, manual_entry, phone_app, or camera_scan.';
COMMENT ON COLUMN public.upc_scan_history.scan_confidence IS 'Confidence score from barcode detection (0.0-1.0), null for manual entry.';
COMMENT ON COLUMN public.upc_scan_history.raw_image_path IS 'Path to the uploaded barcode image, if applicable.';
COMMENT ON COLUMN public.upc_scan_history.lookup_successful IS 'Whether the UPC was successfully matched to a product (internal or external).';
-- Indexes for upc_scan_history
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_user_id ON public.upc_scan_history(user_id);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_upc_code ON public.upc_scan_history(upc_code);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_created_at ON public.upc_scan_history(created_at DESC);
CREATE INDEX IF NOT EXISTS idx_upc_scan_history_product_id ON public.upc_scan_history(product_id) WHERE product_id IS NOT NULL;
-- 2. UPC External Lookups - cache for external UPC database API responses
-- This table caches results from external UPC databases (OpenFoodFacts, UPC Item DB, etc.)
-- to reduce API calls and improve response times for repeated lookups
CREATE TABLE IF NOT EXISTS public.upc_external_lookups (
lookup_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
upc_code TEXT NOT NULL UNIQUE,
product_name TEXT,
brand_name TEXT,
category TEXT,
description TEXT,
image_url TEXT,
external_source TEXT NOT NULL,
lookup_data JSONB,
lookup_successful BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate UPC code format
CONSTRAINT upc_external_lookups_upc_code_check CHECK (upc_code ~ '^[0-9]{8,14}$'),
-- Validate external source is one of the supported APIs
CONSTRAINT upc_external_lookups_external_source_check CHECK (external_source IN ('openfoodfacts', 'upcitemdb', 'manual', 'unknown')),
-- If lookup was successful, product_name should be present
CONSTRAINT upc_external_lookups_name_check CHECK (NOT lookup_successful OR product_name IS NOT NULL)
);
COMMENT ON TABLE public.upc_external_lookups IS 'Cache for external UPC database API responses to reduce API calls and improve lookup speed.';
COMMENT ON COLUMN public.upc_external_lookups.upc_code IS 'The UPC/EAN barcode that was looked up.';
COMMENT ON COLUMN public.upc_external_lookups.product_name IS 'Product name returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.brand_name IS 'Brand name returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.category IS 'Product category returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.description IS 'Product description returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.image_url IS 'Product image URL returned from external API.';
COMMENT ON COLUMN public.upc_external_lookups.external_source IS 'Which external API provided this data: openfoodfacts, upcitemdb, manual, unknown.';
COMMENT ON COLUMN public.upc_external_lookups.lookup_data IS 'Full raw JSON response from the external API for reference.';
COMMENT ON COLUMN public.upc_external_lookups.lookup_successful IS 'Whether the external lookup found product information.';
-- Index for upc_external_lookups
CREATE INDEX IF NOT EXISTS idx_upc_external_lookups_upc_code ON public.upc_external_lookups(upc_code);
CREATE INDEX IF NOT EXISTS idx_upc_external_lookups_external_source ON public.upc_external_lookups(external_source);
-- 3. Add index to existing products.upc_code if not exists
-- This speeds up lookups when matching scanned UPCs to existing products
CREATE INDEX IF NOT EXISTS idx_products_upc_code ON public.products(upc_code) WHERE upc_code IS NOT NULL;

189
sql/migrations/002_expiry_tracking.sql Normal file
View File

@@ -0,0 +1,189 @@
-- sql/migrations/002_expiry_tracking.sql
-- ============================================================================
-- EXPIRY DATE TRACKING FEATURE MIGRATION
-- ============================================================================
-- Purpose:
-- This migration adds tables and enhancements for expiry date tracking:
-- 1. expiry_date_ranges - Reference table for typical shelf life by item/category
-- 2. expiry_alerts - User notification preferences for expiry warnings
-- 3. Enhancements to pantry_items for better expiry tracking
--
-- Existing tables used:
-- - pantry_items (already has best_before_date)
-- - pantry_locations (already exists for fridge/freezer/pantry)
-- - receipts and receipt_items (already exist for receipt scanning)
-- ============================================================================
-- 1. Expiry Date Ranges - reference table for typical shelf life
-- This table stores expected shelf life for items based on storage location
-- Used to auto-calculate expiry dates when users add items to inventory
CREATE TABLE IF NOT EXISTS public.expiry_date_ranges (
expiry_range_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
category_id BIGINT REFERENCES public.categories(category_id) ON DELETE CASCADE,
item_pattern TEXT,
storage_location TEXT NOT NULL,
min_days INTEGER NOT NULL,
max_days INTEGER NOT NULL,
typical_days INTEGER NOT NULL,
notes TEXT,
source TEXT,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate storage location is one of the allowed values
CONSTRAINT expiry_date_ranges_storage_location_check CHECK (storage_location IN ('fridge', 'freezer', 'pantry', 'room_temp')),
-- Validate day ranges are logical
CONSTRAINT expiry_date_ranges_min_days_check CHECK (min_days >= 0),
CONSTRAINT expiry_date_ranges_max_days_check CHECK (max_days >= min_days),
CONSTRAINT expiry_date_ranges_typical_days_check CHECK (typical_days >= min_days AND typical_days <= max_days),
-- At least one identifier must be present
CONSTRAINT expiry_date_ranges_identifier_check CHECK (
master_item_id IS NOT NULL OR category_id IS NOT NULL OR item_pattern IS NOT NULL
),
-- Validate source is one of the known sources
CONSTRAINT expiry_date_ranges_source_check CHECK (source IS NULL OR source IN ('usda', 'fda', 'manual', 'community'))
);
COMMENT ON TABLE public.expiry_date_ranges IS 'Reference table storing typical shelf life for grocery items based on storage location.';
COMMENT ON COLUMN public.expiry_date_ranges.master_item_id IS 'Specific item this range applies to (most specific).';
COMMENT ON COLUMN public.expiry_date_ranges.category_id IS 'Category this range applies to (fallback if no item match).';
COMMENT ON COLUMN public.expiry_date_ranges.item_pattern IS 'Regex pattern to match item names (fallback if no item/category match).';
COMMENT ON COLUMN public.expiry_date_ranges.storage_location IS 'Where the item is stored: fridge, freezer, pantry, or room_temp.';
COMMENT ON COLUMN public.expiry_date_ranges.min_days IS 'Minimum shelf life in days under proper storage.';
COMMENT ON COLUMN public.expiry_date_ranges.max_days IS 'Maximum shelf life in days under proper storage.';
COMMENT ON COLUMN public.expiry_date_ranges.typical_days IS 'Most common/recommended shelf life in days.';
COMMENT ON COLUMN public.expiry_date_ranges.notes IS 'Additional storage tips or warnings.';
COMMENT ON COLUMN public.expiry_date_ranges.source IS 'Data source: usda, fda, manual, or community.';
-- Indexes for expiry_date_ranges
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_master_item_id ON public.expiry_date_ranges(master_item_id) WHERE master_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_category_id ON public.expiry_date_ranges(category_id) WHERE category_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_date_ranges_storage_location ON public.expiry_date_ranges(storage_location);
-- Unique constraint to prevent duplicate entries for same item/location combo
CREATE UNIQUE INDEX IF NOT EXISTS idx_expiry_date_ranges_unique_item_location
ON public.expiry_date_ranges(master_item_id, storage_location)
WHERE master_item_id IS NOT NULL;
CREATE UNIQUE INDEX IF NOT EXISTS idx_expiry_date_ranges_unique_category_location
ON public.expiry_date_ranges(category_id, storage_location)
WHERE category_id IS NOT NULL AND master_item_id IS NULL;
-- 2. Expiry Alerts - user notification preferences for expiry warnings
-- This table stores user preferences for when and how to receive expiry notifications
CREATE TABLE IF NOT EXISTS public.expiry_alerts (
expiry_alert_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
days_before_expiry INTEGER NOT NULL DEFAULT 3,
alert_method TEXT NOT NULL,
is_enabled BOOLEAN DEFAULT TRUE NOT NULL,
last_alert_sent_at TIMESTAMPTZ,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate days before expiry is reasonable
CONSTRAINT expiry_alerts_days_before_check CHECK (days_before_expiry >= 0 AND days_before_expiry <= 30),
-- Validate alert method is one of the allowed values
CONSTRAINT expiry_alerts_method_check CHECK (alert_method IN ('email', 'push', 'in_app')),
-- Each user can only have one setting per alert method
UNIQUE(user_id, alert_method)
);
COMMENT ON TABLE public.expiry_alerts IS 'User preferences for expiry date notifications and alerts.';
COMMENT ON COLUMN public.expiry_alerts.days_before_expiry IS 'How many days before expiry to send alert (0-30).';
COMMENT ON COLUMN public.expiry_alerts.alert_method IS 'How to notify: email, push, or in_app.';
COMMENT ON COLUMN public.expiry_alerts.is_enabled IS 'Whether this alert type is currently enabled.';
COMMENT ON COLUMN public.expiry_alerts.last_alert_sent_at IS 'Timestamp of the last alert sent to prevent duplicate notifications.';
-- Indexes for expiry_alerts
CREATE INDEX IF NOT EXISTS idx_expiry_alerts_user_id ON public.expiry_alerts(user_id);
CREATE INDEX IF NOT EXISTS idx_expiry_alerts_enabled ON public.expiry_alerts(user_id, is_enabled) WHERE is_enabled = TRUE;
-- 3. Expiry Alert Log - tracks sent notifications (for auditing and preventing duplicates)
CREATE TABLE IF NOT EXISTS public.expiry_alert_log (
alert_log_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
pantry_item_id BIGINT REFERENCES public.pantry_items(pantry_item_id) ON DELETE SET NULL,
alert_type TEXT NOT NULL,
alert_method TEXT NOT NULL,
item_name TEXT NOT NULL,
expiry_date DATE,
days_until_expiry INTEGER,
sent_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate alert type
CONSTRAINT expiry_alert_log_type_check CHECK (alert_type IN ('expiring_soon', 'expired', 'expiry_reminder')),
-- Validate alert method
CONSTRAINT expiry_alert_log_method_check CHECK (alert_method IN ('email', 'push', 'in_app')),
-- Validate item_name is not empty
CONSTRAINT expiry_alert_log_item_name_check CHECK (TRIM(item_name) <> '')
);
COMMENT ON TABLE public.expiry_alert_log IS 'Log of all expiry notifications sent to users for auditing and duplicate prevention.';
COMMENT ON COLUMN public.expiry_alert_log.pantry_item_id IS 'The pantry item that triggered the alert (may be null if item deleted).';
COMMENT ON COLUMN public.expiry_alert_log.alert_type IS 'Type of alert: expiring_soon, expired, or expiry_reminder.';
COMMENT ON COLUMN public.expiry_alert_log.alert_method IS 'How the alert was sent: email, push, or in_app.';
COMMENT ON COLUMN public.expiry_alert_log.item_name IS 'Snapshot of item name at time of alert (in case item is deleted).';
COMMENT ON COLUMN public.expiry_alert_log.expiry_date IS 'The expiry date that triggered the alert.';
COMMENT ON COLUMN public.expiry_alert_log.days_until_expiry IS 'Days until expiry at time alert was sent (negative = expired).';
-- Indexes for expiry_alert_log
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_user_id ON public.expiry_alert_log(user_id);
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_pantry_item_id ON public.expiry_alert_log(pantry_item_id) WHERE pantry_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_expiry_alert_log_sent_at ON public.expiry_alert_log(sent_at DESC);
-- 4. Enhancements to pantry_items table
-- Add columns to better support expiry tracking from receipts and UPC scans
-- Add purchase_date column to track when item was bought
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS purchase_date DATE;
COMMENT ON COLUMN public.pantry_items.purchase_date IS 'Date the item was purchased (from receipt or manual entry).';
-- Add source column to track how item was added
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS source TEXT DEFAULT 'manual';
-- Note: Cannot add CHECK constraint via ALTER in PostgreSQL, will validate in application
-- Add receipt_item_id to link back to receipt if added from receipt scan
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS receipt_item_id BIGINT REFERENCES public.receipt_items(receipt_item_id) ON DELETE SET NULL;
COMMENT ON COLUMN public.pantry_items.receipt_item_id IS 'Link to receipt_items if this pantry item was created from a receipt scan.';
-- Add product_id to link to specific product if known from UPC scan
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL;
COMMENT ON COLUMN public.pantry_items.product_id IS 'Link to products if this pantry item was created from a UPC scan.';
-- Add expiry_source to track how expiry date was determined
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS expiry_source TEXT;
COMMENT ON COLUMN public.pantry_items.expiry_source IS 'How expiry was determined: manual, calculated, package, receipt.';
-- Add is_consumed column if not exists (check for existing)
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS is_consumed BOOLEAN DEFAULT FALSE;
COMMENT ON COLUMN public.pantry_items.is_consumed IS 'Whether the item has been fully consumed.';
-- Add consumed_at timestamp
ALTER TABLE public.pantry_items
ADD COLUMN IF NOT EXISTS consumed_at TIMESTAMPTZ;
COMMENT ON COLUMN public.pantry_items.consumed_at IS 'When the item was marked as consumed.';
-- New indexes for pantry_items expiry queries
CREATE INDEX IF NOT EXISTS idx_pantry_items_best_before_date ON public.pantry_items(best_before_date)
WHERE best_before_date IS NOT NULL AND (is_consumed IS NULL OR is_consumed = FALSE);
CREATE INDEX IF NOT EXISTS idx_pantry_items_expiring_soon ON public.pantry_items(user_id, best_before_date)
WHERE best_before_date IS NOT NULL AND (is_consumed IS NULL OR is_consumed = FALSE);
CREATE INDEX IF NOT EXISTS idx_pantry_items_receipt_item_id ON public.pantry_items(receipt_item_id)
WHERE receipt_item_id IS NOT NULL;
CREATE INDEX IF NOT EXISTS idx_pantry_items_product_id ON public.pantry_items(product_id)
WHERE product_id IS NOT NULL;
-- 5. Add UPC scan support to receipt_items table
-- When receipt items are matched via UPC, store the reference
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS upc_code TEXT;
COMMENT ON COLUMN public.receipt_items.upc_code IS 'UPC code if extracted from receipt or matched during processing.';
-- Add constraint for upc_code format (cannot add via ALTER, will validate in app)
CREATE INDEX IF NOT EXISTS idx_receipt_items_upc_code ON public.receipt_items(upc_code)
WHERE upc_code IS NOT NULL;

169
sql/migrations/003_receipt_scanning_enhancements.sql Normal file
View File

@@ -0,0 +1,169 @@
-- sql/migrations/003_receipt_scanning_enhancements.sql
-- ============================================================================
-- RECEIPT SCANNING ENHANCEMENTS MIGRATION
-- ============================================================================
-- Purpose:
-- This migration adds enhancements to the existing receipt scanning tables:
-- 1. Enhancements to receipts table for better OCR processing
-- 2. Enhancements to receipt_items for better item matching
-- 3. receipt_processing_log for tracking OCR/AI processing attempts
--
-- Existing tables:
-- - receipts (lines 932-948 in master_schema_rollup.sql)
-- - receipt_items (lines 951-966 in master_schema_rollup.sql)
-- ============================================================================
-- 1. Enhancements to receipts table
-- Add store detection confidence
ALTER TABLE public.receipts
ADD COLUMN IF NOT EXISTS store_confidence NUMERIC(5,4);
COMMENT ON COLUMN public.receipts.store_confidence IS 'Confidence score for store detection (0.0-1.0).';
-- Add OCR provider used
ALTER TABLE public.receipts
ADD COLUMN IF NOT EXISTS ocr_provider TEXT;
COMMENT ON COLUMN public.receipts.ocr_provider IS 'Which OCR service processed this receipt: tesseract, openai, anthropic.';
-- Add error details for failed processing
ALTER TABLE public.receipts
ADD COLUMN IF NOT EXISTS error_details JSONB;
COMMENT ON COLUMN public.receipts.error_details IS 'Detailed error information if processing failed.';
-- Add retry count for failed processing
ALTER TABLE public.receipts
ADD COLUMN IF NOT EXISTS retry_count INTEGER DEFAULT 0;
COMMENT ON COLUMN public.receipts.retry_count IS 'Number of processing retry attempts.';
-- Add extracted text confidence
ALTER TABLE public.receipts
ADD COLUMN IF NOT EXISTS ocr_confidence NUMERIC(5,4);
COMMENT ON COLUMN public.receipts.ocr_confidence IS 'Overall OCR text extraction confidence score.';
-- Add currency detection
ALTER TABLE public.receipts
ADD COLUMN IF NOT EXISTS currency TEXT DEFAULT 'CAD';
COMMENT ON COLUMN public.receipts.currency IS 'Detected currency: CAD, USD, etc.';
-- New indexes for receipt processing
CREATE INDEX IF NOT EXISTS idx_receipts_status_retry ON public.receipts(status, retry_count)
WHERE status IN ('pending', 'failed') AND retry_count < 3;
-- 2. Enhancements to receipt_items table
-- Add line number from receipt for ordering
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS line_number INTEGER;
COMMENT ON COLUMN public.receipt_items.line_number IS 'Original line number on the receipt for display ordering.';
-- Add match confidence score
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS match_confidence NUMERIC(5,4);
COMMENT ON COLUMN public.receipt_items.match_confidence IS 'Confidence score for item matching (0.0-1.0).';
-- Add is_discount flag for discount/coupon lines
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS is_discount BOOLEAN DEFAULT FALSE;
COMMENT ON COLUMN public.receipt_items.is_discount IS 'Whether this line is a discount/coupon (negative price).';
-- Add unit_price if per-unit pricing detected
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS unit_price_cents INTEGER;
COMMENT ON COLUMN public.receipt_items.unit_price_cents IS 'Per-unit price if detected (e.g., price per kg).';
-- Add unit type if detected
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS unit_type TEXT;
COMMENT ON COLUMN public.receipt_items.unit_type IS 'Unit type if detected: kg, lb, each, etc.';
-- Add added_to_pantry flag
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS added_to_pantry BOOLEAN DEFAULT FALSE;
COMMENT ON COLUMN public.receipt_items.added_to_pantry IS 'Whether this item has been added to user pantry.';
-- Add pantry_item_id link
ALTER TABLE public.receipt_items
ADD COLUMN IF NOT EXISTS pantry_item_id BIGINT REFERENCES public.pantry_items(pantry_item_id) ON DELETE SET NULL;
COMMENT ON COLUMN public.receipt_items.pantry_item_id IS 'Link to pantry_items if this receipt item was added to pantry.';
-- New indexes for receipt_items
CREATE INDEX IF NOT EXISTS idx_receipt_items_status ON public.receipt_items(status);
CREATE INDEX IF NOT EXISTS idx_receipt_items_added_to_pantry ON public.receipt_items(receipt_id, added_to_pantry)
WHERE added_to_pantry = FALSE;
CREATE INDEX IF NOT EXISTS idx_receipt_items_pantry_item_id ON public.receipt_items(pantry_item_id)
WHERE pantry_item_id IS NOT NULL;
-- 3. Receipt Processing Log - track OCR/AI processing attempts
-- Useful for debugging, monitoring costs, and improving processing
CREATE TABLE IF NOT EXISTS public.receipt_processing_log (
log_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
receipt_id BIGINT NOT NULL REFERENCES public.receipts(receipt_id) ON DELETE CASCADE,
processing_step TEXT NOT NULL,
status TEXT NOT NULL,
provider TEXT,
duration_ms INTEGER,
tokens_used INTEGER,
cost_cents INTEGER,
input_data JSONB,
output_data JSONB,
error_message TEXT,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate processing step
CONSTRAINT receipt_processing_log_step_check CHECK (processing_step IN (
'upload', 'ocr_extraction', 'text_parsing', 'store_detection',
'item_extraction', 'item_matching', 'price_parsing', 'finalization'
)),
-- Validate status
CONSTRAINT receipt_processing_log_status_check CHECK (status IN ('started', 'completed', 'failed', 'skipped')),
-- Validate provider if specified
CONSTRAINT receipt_processing_log_provider_check CHECK (provider IS NULL OR provider IN (
'tesseract', 'openai', 'anthropic', 'google_vision', 'aws_textract', 'internal'
))
);
COMMENT ON TABLE public.receipt_processing_log IS 'Detailed log of each processing step for receipts, useful for debugging and cost tracking.';
COMMENT ON COLUMN public.receipt_processing_log.processing_step IS 'Which processing step this log entry is for.';
COMMENT ON COLUMN public.receipt_processing_log.status IS 'Status of this step: started, completed, failed, skipped.';
COMMENT ON COLUMN public.receipt_processing_log.provider IS 'External service used: tesseract, openai, anthropic, etc.';
COMMENT ON COLUMN public.receipt_processing_log.duration_ms IS 'How long this step took in milliseconds.';
COMMENT ON COLUMN public.receipt_processing_log.tokens_used IS 'Number of API tokens used (for LLM providers).';
COMMENT ON COLUMN public.receipt_processing_log.cost_cents IS 'Estimated cost in cents for this processing step.';
COMMENT ON COLUMN public.receipt_processing_log.input_data IS 'Input data sent to the processing step (for debugging).';
COMMENT ON COLUMN public.receipt_processing_log.output_data IS 'Output data received from the processing step.';
-- Indexes for receipt_processing_log
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_receipt_id ON public.receipt_processing_log(receipt_id);
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_step_status ON public.receipt_processing_log(processing_step, status);
CREATE INDEX IF NOT EXISTS idx_receipt_processing_log_created_at ON public.receipt_processing_log(created_at DESC);
-- 4. Store-specific receipt patterns - help identify stores from receipt text
CREATE TABLE IF NOT EXISTS public.store_receipt_patterns (
pattern_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
store_id BIGINT NOT NULL REFERENCES public.stores(store_id) ON DELETE CASCADE,
pattern_type TEXT NOT NULL,
pattern_value TEXT NOT NULL,
priority INTEGER DEFAULT 0,
is_active BOOLEAN DEFAULT TRUE,
created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-- Validate pattern type
CONSTRAINT store_receipt_patterns_type_check CHECK (pattern_type IN (
'header_regex', 'footer_regex', 'phone_number', 'address_fragment', 'store_number_format'
)),
-- Validate pattern is not empty
CONSTRAINT store_receipt_patterns_value_check CHECK (TRIM(pattern_value) <> ''),
-- Unique constraint per store/type/value
UNIQUE(store_id, pattern_type, pattern_value)
);
COMMENT ON TABLE public.store_receipt_patterns IS 'Patterns to help identify stores from receipt text and format.';
COMMENT ON COLUMN public.store_receipt_patterns.pattern_type IS 'Type of pattern: header_regex, footer_regex, phone_number, etc.';
COMMENT ON COLUMN public.store_receipt_patterns.pattern_value IS 'The actual pattern (regex or literal text).';
COMMENT ON COLUMN public.store_receipt_patterns.priority IS 'Higher priority patterns are checked first.';
COMMENT ON COLUMN public.store_receipt_patterns.is_active IS 'Whether this pattern is currently in use.';
-- Indexes for store_receipt_patterns
CREATE INDEX IF NOT EXISTS idx_store_receipt_patterns_store_id ON public.store_receipt_patterns(store_id);
CREATE INDEX IF NOT EXISTS idx_store_receipt_patterns_active ON public.store_receipt_patterns(pattern_type, is_active, priority DESC)
WHERE is_active = TRUE;

152
src/components/ErrorBoundary.tsx Normal file
View File

@@ -0,0 +1,152 @@
// src/components/ErrorBoundary.tsx
/**
* React Error Boundary with Sentry integration.
* Implements ADR-015: Application Performance Monitoring and Error Tracking.
*
* This component catches JavaScript errors anywhere in the child component tree,
* logs them to Sentry/Bugsink, and displays a fallback UI instead of crashing.
*/
import { Component, ReactNode } from 'react';
import { Sentry, captureException, isSentryConfigured } from '../services/sentry.client';
interface ErrorBoundaryProps {
/** Child components to render */
children: ReactNode;
/** Optional custom fallback UI. If not provided, uses default error message. */
fallback?: ReactNode;
/** Optional callback when an error is caught */
onError?: (error: Error, errorInfo: React.ErrorInfo) => void;
}
interface ErrorBoundaryState {
hasError: boolean;
error: Error | null;
eventId: string | null;
}
/**
* Error Boundary component that catches React component errors
* and reports them to Sentry/Bugsink.
*
* @example
* ```tsx
* <ErrorBoundary fallback={<p>Something went wrong.</p>}>
* <MyComponent />
* </ErrorBoundary>
* ```
*/
export class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
constructor(props: ErrorBoundaryProps) {
super(props);
this.state = {
hasError: false,
error: null,
eventId: null,
};
}
static getDerivedStateFromError(error: Error): Partial<ErrorBoundaryState> {
return { hasError: true, error };
}
componentDidCatch(error: Error, errorInfo: React.ErrorInfo): void {
// Log to console in development
console.error('ErrorBoundary caught an error:', error, errorInfo);
// Report to Sentry with component stack
const eventId = captureException(error, {
componentStack: errorInfo.componentStack,
});
this.setState({ eventId: eventId ?? null });
// Call optional onError callback
this.props.onError?.(error, errorInfo);
}
handleReload = (): void => {
window.location.reload();
};
handleReportFeedback = (): void => {
if (isSentryConfigured && this.state.eventId) {
// Open Sentry feedback dialog if available
Sentry.showReportDialog({ eventId: this.state.eventId });
}
};
render(): ReactNode {
if (this.state.hasError) {
// Custom fallback UI if provided
if (this.props.fallback) {
return this.props.fallback;
}
// Default fallback UI
return (
<div className="flex min-h-screen items-center justify-center bg-gray-50 dark:bg-gray-900 p-4">
<div className="max-w-md w-full bg-white dark:bg-gray-800 rounded-lg shadow-lg p-6 text-center">
<div className="text-red-500 dark:text-red-400 mb-4">
<svg
className="w-16 h-16 mx-auto"
fill="none"
stroke="currentColor"
viewBox="0 0 24 24"
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={2}
d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"
/>
</svg>
</div>
<h1 className="text-xl font-semibold text-gray-900 dark:text-white mb-2">
Something went wrong
</h1>
<p className="text-gray-600 dark:text-gray-400 mb-6">
We&apos;re sorry, but an unexpected error occurred. Our team has been notified.
</p>
<div className="flex flex-col sm:flex-row gap-3 justify-center">
<button
onClick={this.handleReload}
className="px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700 transition-colors"
>
Reload Page
</button>
{isSentryConfigured && this.state.eventId && (
<button
onClick={this.handleReportFeedback}
className="px-4 py-2 bg-gray-200 dark:bg-gray-700 text-gray-800 dark:text-gray-200 rounded-md hover:bg-gray-300 dark:hover:bg-gray-600 transition-colors"
>
Report Feedback
</button>
)}
</div>
{this.state.error && process.env.NODE_ENV === 'development' && (
<details className="mt-6 text-left">
<summary className="cursor-pointer text-sm text-gray-500 dark:text-gray-400">
Error Details (Development Only)
</summary>
<pre className="mt-2 p-3 bg-gray-100 dark:bg-gray-900 rounded text-xs overflow-auto max-h-48 text-red-600 dark:text-red-400">
{this.state.error.message}
{'\n\n'}
{this.state.error.stack}
</pre>
</details>
)}
</div>
</div>
);
}
return this.props.children;
}
}
/**
* Pre-configured Sentry ErrorBoundary from @sentry/react.
* Use this for simpler integration when you don't need custom UI.
*/
export const SentryErrorBoundary = Sentry.ErrorBoundary;

9
src/components/Leaderboard.test.tsx
View File

@@ -51,18 +51,19 @@ describe('Leaderboard', () => {
await waitFor(() => {
expect(screen.getByRole('alert')).toBeInTheDocument();
expect(screen.getByText('Error: Failed to fetch leaderboard data.')).toBeInTheDocument();
// The query hook throws an error with the status code when JSON parsing fails
expect(screen.getByText('Error: Request failed with status 500')).toBeInTheDocument();
});
});
it('should display a generic error for unknown error types', async () => {
const unknownError = 'A string error';
mockedApiClient.fetchLeaderboard.mockRejectedValue(unknownError);
// Use an actual Error object since the component displays error.message
mockedApiClient.fetchLeaderboard.mockRejectedValue(new Error('A string error'));
renderWithProviders(<Leaderboard />);
await waitFor(() => {
expect(screen.getByRole('alert')).toBeInTheDocument();
expect(screen.getByText('Error: An unknown error occurred.')).toBeInTheDocument();
expect(screen.getByText('Error: A string error')).toBeInTheDocument();
});
});

10
src/config.ts
View File

@@ -14,6 +14,16 @@ const config = {
google: {
mapsEmbedApiKey: import.meta.env.VITE_GOOGLE_MAPS_EMBED_API_KEY,
},
/**
* Sentry/Bugsink error tracking configuration (ADR-015).
* Uses VITE_ prefix for client-side environment variables.
*/
sentry: {
dsn: import.meta.env.VITE_SENTRY_DSN,
environment: import.meta.env.VITE_SENTRY_ENVIRONMENT || import.meta.env.MODE,
debug: import.meta.env.VITE_SENTRY_DEBUG === 'true',
enabled: import.meta.env.VITE_SENTRY_ENABLED !== 'false',
},
};
export default config;

47
src/config/env.ts
View File

@@ -94,6 +94,15 @@ const aiSchema = z.object({
priceQualityThreshold: floatWithDefault(0.5),
});
/**
* UPC API configuration schema.
* External APIs for product lookup by barcode.
*/
const upcSchema = z.object({
upcItemDbApiKey: z.string().optional(), // UPC Item DB API key (upcitemdb.com)
barcodeLookupApiKey: z.string().optional(), // Barcode Lookup API key (barcodelookup.com)
});
/**
* Google services configuration schema.
*/
@@ -126,6 +135,17 @@ const serverSchema = z.object({
storagePath: z.string().default('/var/www/flyer-crawler.projectium.com/flyer-images'),
});
/**
* Error tracking configuration schema (ADR-015).
* Uses Bugsink (Sentry-compatible self-hosted error tracking).
*/
const sentrySchema = z.object({
dsn: z.string().optional(), // Sentry DSN for backend
enabled: booleanString(true),
environment: z.string().optional(),
debug: booleanString(false),
});
/**
* Complete environment configuration schema.
*/
@@ -135,9 +155,11 @@ const envSchema = z.object({
auth: authSchema,
smtp: smtpSchema,
ai: aiSchema,
upc: upcSchema,
google: googleSchema,
worker: workerSchema,
server: serverSchema,
sentry: sentrySchema,
});
export type EnvConfig = z.infer<typeof envSchema>;
@@ -178,6 +200,10 @@ function loadEnvVars(): unknown {
geminiRpm: process.env.GEMINI_RPM,
priceQualityThreshold: process.env.AI_PRICE_QUALITY_THRESHOLD,
},
upc: {
upcItemDbApiKey: process.env.UPC_ITEM_DB_API_KEY,
barcodeLookupApiKey: process.env.BARCODE_LOOKUP_API_KEY,
},
google: {
mapsApiKey: process.env.GOOGLE_MAPS_API_KEY,
clientId: process.env.GOOGLE_CLIENT_ID,
@@ -198,6 +224,12 @@ function loadEnvVars(): unknown {
baseUrl: process.env.BASE_URL,
storagePath: process.env.STORAGE_PATH,
},
sentry: {
dsn: process.env.SENTRY_DSN,
enabled: process.env.SENTRY_ENABLED,
environment: process.env.SENTRY_ENVIRONMENT || process.env.NODE_ENV,
debug: process.env.SENTRY_DEBUG,
},
};
}
@@ -301,3 +333,18 @@ export const isAiConfigured = !!config.ai.geminiApiKey;
* Returns true if Google Maps is configured.
*/
export const isGoogleMapsConfigured = !!config.google.mapsApiKey;
/**
* Returns true if Sentry/Bugsink error tracking is configured and enabled.
*/
export const isSentryConfigured = !!config.sentry.dsn && config.sentry.enabled;
/**
* Returns true if UPC Item DB API is configured.
*/
export const isUpcItemDbConfigured = !!config.upc.upcItemDbApiKey;
/**
* Returns true if Barcode Lookup API is configured.
*/
export const isBarcodeLookupConfigured = !!config.upc.barcodeLookupApiKey;

4
src/routes/passport.routes.test.ts → src/config/passport.test.ts
View File

@@ -1,4 +1,4 @@
// src/routes/passport.routes.test.ts
// src/config/passport.test.ts
import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
import * as bcrypt from 'bcrypt';
import { Request, Response, NextFunction } from 'express';
@@ -101,7 +101,7 @@ vi.mock('passport', () => {
});
// Now, import the passport configuration which will use our mocks
import passport, { isAdmin, optionalAuth, mockAuth } from './passport.routes';
import passport, { isAdmin, optionalAuth, mockAuth } from './passport';
import { logger } from '../services/logger.server';
import { ForbiddenError } from '../services/db/errors.db';

231
src/routes/passport.routes.ts → src/config/passport.ts
View File

@@ -1,9 +1,9 @@
// src/routes/passport.routes.ts
// src/config/passport.ts
import passport from 'passport';
// All route handlers now use req.log (request-scoped logger) as per ADR-004
import { Strategy as LocalStrategy } from 'passport-local';
//import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
//import { Strategy as GitHubStrategy } from 'passport-github2';
import { Strategy as GoogleStrategy, Profile as GoogleProfile } from 'passport-google-oauth20';
import { Strategy as GitHubStrategy, Profile as GitHubProfile } from 'passport-github2';
// All route handlers now use req.log (request-scoped logger) as per ADR-004
import { Strategy as JwtStrategy, ExtractJwt } from 'passport-jwt';
import * as bcrypt from 'bcrypt';
@@ -165,108 +165,149 @@ passport.use(
);
// --- Passport Google OAuth 2.0 Strategy ---
// passport.use(new GoogleStrategy({
// clientID: process.env.GOOGLE_CLIENT_ID!,
// clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
// callbackURL: '/api/auth/google/callback', // Must match the one in Google Cloud Console
// scope: ['profile', 'email']
// },
// async (accessToken, refreshToken, profile, done) => {
// try {
// const email = profile.emails?.[0]?.value;
// if (!email) {
// return done(new Error("No email found in Google profile."), false);
// }
// Only register the strategy if the required environment variables are set.
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
passport.use(
new GoogleStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: '/api/auth/google/callback',
scope: ['profile', 'email'],
},
async (
_accessToken: string,
_refreshToken: string,
profile: GoogleProfile,
done: (error: Error | null, user?: UserProfile | false) => void,
) => {
try {
const email = profile.emails?.[0]?.value;
if (!email) {
return done(new Error('No email found in Google profile.'), false);
}
// // Check if user already exists in our database
// const user = await db.findUserByEmail(email); // Changed to const as 'user' is not reassigned
// Check if user already exists in our database
const existingUserProfile = await db.userRepo.findUserWithProfileByEmail(email, logger);
// if (user) {
// // User exists, proceed to log them in.
// req.log.info(`Google OAuth successful for existing user: ${email}`);
// // The password_hash is intentionally destructured and discarded for security.
// const { password_hash, ...userWithoutHash } = user;
// return done(null, userWithoutHash);
// } else {
// // User does not exist, create a new account for them.
// req.log.info(`Google OAuth: creating new user for email: ${email}`);
if (existingUserProfile) {
// User exists, proceed to log them in.
logger.info(`Google OAuth successful for existing user: ${email}`);
// Strip sensitive fields before returning
const {
password_hash: _password_hash,
failed_login_attempts: _failed_login_attempts,
last_failed_login: _last_failed_login,
refresh_token: _refresh_token,
...cleanUserProfile
} = existingUserProfile;
return done(null, cleanUserProfile);
} else {
// User does not exist, create a new account for them.
logger.info(`Google OAuth: creating new user for email: ${email}`);
// // Since this is an OAuth user, they don't have a password.
// // We pass `null` for the password hash.
// const newUser = await db.createUser(email, null, {
// full_name: profile.displayName,
// avatar_url: profile.photos?.[0]?.value
// });
// Since this is an OAuth user, they don't have a password.
// We pass `null` for the password hash.
const newUserProfile = await db.userRepo.createUser(
email,
null, // No password for OAuth users
{
full_name: profile.displayName,
avatar_url: profile.photos?.[0]?.value,
},
logger,
);
// // Send a welcome email to the new user
// try {
// await sendWelcomeEmail(email, profile.displayName);
// } catch (emailError) {
// req.log.error(`Failed to send welcome email to new Google user ${email}`, { error: emailError });
// // Don't block the login flow if email fails.
// }
// // The `createUser` function returns the user object without the password hash.
// return done(null, newUser);
// }
// } catch (err) {
// req.log.error('Error during Google authentication strategy:', { error: err });
// return done(err, false);
// }
// }
// ));
return done(null, newUserProfile);
}
} catch (err) {
logger.error({ error: err }, 'Error during Google authentication strategy');
return done(err as Error, false);
}
},
),
);
logger.info('[Passport] Google OAuth strategy registered.');
} else {
logger.warn(
'[Passport] Google OAuth strategy NOT registered: GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET not set.',
);
}
// --- Passport GitHub OAuth 2.0 Strategy ---
// passport.use(new GitHubStrategy({
// clientID: process.env.GITHUB_CLIENT_ID!,
// clientSecret: process.env.GITHUB_CLIENT_SECRET!,
// callbackURL: '/api/auth/github/callback', // Must match the one in GitHub OAuth App settings
// scope: ['user:email'] // Request email access
// },
// async (accessToken, refreshToken, profile, done) => {
// try {
// const email = profile.emails?.[0]?.value;
// if (!email) {
// return done(new Error("No public email found in GitHub profile. Please ensure your primary email is public or add one."), false);
// }
// Only register the strategy if the required environment variables are set.
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
passport.use(
new GitHubStrategy(
{
clientID: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
callbackURL: '/api/auth/github/callback',
scope: ['user:email'],
},
async (
_accessToken: string,
_refreshToken: string,
profile: GitHubProfile,
done: (error: Error | null, user?: UserProfile | false) => void,
) => {
try {
const email = profile.emails?.[0]?.value;
if (!email) {
return done(
new Error(
'No public email found in GitHub profile. Please ensure your primary email is public or add one.',
),
false,
);
}
// // Check if user already exists in our database
// const user = await db.findUserByEmail(email); // Changed to const as 'user' is not reassigned
// Check if user already exists in our database
const existingUserProfile = await db.userRepo.findUserWithProfileByEmail(email, logger);
// if (user) {
// // User exists, proceed to log them in.
// req.log.info(`GitHub OAuth successful for existing user: ${email}`);
// // The password_hash is intentionally destructured and discarded for security.
// const { password_hash, ...userWithoutHash } = user;
// return done(null, userWithoutHash);
// } else {
// // User does not exist, create a new account for them.
// req.log.info(`GitHub OAuth: creating new user for email: ${email}`);
if (existingUserProfile) {
// User exists, proceed to log them in.
logger.info(`GitHub OAuth successful for existing user: ${email}`);
// Strip sensitive fields before returning
const {
password_hash: _password_hash,
failed_login_attempts: _failed_login_attempts,
last_failed_login: _last_failed_login,
refresh_token: _refresh_token,
...cleanUserProfile
} = existingUserProfile;
return done(null, cleanUserProfile);
} else {
// User does not exist, create a new account for them.
logger.info(`GitHub OAuth: creating new user for email: ${email}`);
// // Since this is an OAuth user, they don't have a password.
// // We pass `null` for the password hash.
// const newUser = await db.createUser(email, null, {
// full_name: profile.displayName || profile.username, // GitHub profile might not have displayName
// avatar_url: profile.photos?.[0]?.value
// });
// Since this is an OAuth user, they don't have a password.
// We pass `null` for the password hash.
const newUserProfile = await db.userRepo.createUser(
email,
null, // No password for OAuth users
{
full_name: profile.displayName || profile.username, // GitHub profile might not have displayName
avatar_url: profile.photos?.[0]?.value,
},
logger,
);
// // Send a welcome email to the new user
// try {
// await sendWelcomeEmail(email, profile.displayName || profile.username);
// } catch (emailError) {
// req.log.error(`Failed to send welcome email to new GitHub user ${email}`, { error: emailError });
// // Don't block the login flow if email fails.
// }
// // The `createUser` function returns the user object without the password hash.
// return done(null, newUser);
// }
// } catch (err) {
// req.log.error('Error during GitHub authentication strategy:', { error: err });
// return done(err, false);
// }
// }
// ));
return done(null, newUserProfile);
}
} catch (err) {
logger.error({ error: err }, 'Error during GitHub authentication strategy');
return done(err as Error, false);
}
},
),
);
logger.info('[Passport] GitHub OAuth strategy registered.');
} else {
logger.warn(
'[Passport] GitHub OAuth strategy NOT registered: GITHUB_CLIENT_ID or GITHUB_CLIENT_SECRET not set.',
);
}
// --- Passport JWT Strategy (for protecting API routes) ---
const jwtOptions = {

84
src/config/queryKeys.ts Normal file
View File

@@ -0,0 +1,84 @@
// src/config/queryKeys.ts
/**
* Centralized query keys for TanStack Query.
*
* This file provides a single source of truth for all query keys used
* throughout the application. Using these factory functions ensures
* consistent key naming and proper cache invalidation.
*
* @example
* ```tsx
* // In a query hook
* useQuery({
* queryKey: queryKeys.flyers(10, 0),
* queryFn: fetchFlyers,
* });
*
* // For cache invalidation
* queryClient.invalidateQueries({ queryKey: queryKeys.watchedItems() });
* ```
*/
export const queryKeys = {
// User Features
flyers: (limit: number, offset: number) => ['flyers', { limit, offset }] as const,
flyerItems: (flyerId: number) => ['flyer-items', flyerId] as const,
flyerItemsBatch: (flyerIds: number[]) =>
['flyer-items-batch', flyerIds.sort().join(',')] as const,
flyerItemsCount: (flyerIds: number[]) =>
['flyer-items-count', flyerIds.sort().join(',')] as const,
masterItems: () => ['master-items'] as const,
watchedItems: () => ['watched-items'] as const,
shoppingLists: () => ['shopping-lists'] as const,
// Auth & Profile
authProfile: () => ['auth-profile'] as const,
userAddress: (addressId: number | null) => ['user-address', addressId] as const,
userProfileData: () => ['user-profile-data'] as const,
// Admin Features
activityLog: (limit: number, offset: number) => ['activity-log', { limit, offset }] as const,
applicationStats: () => ['application-stats'] as const,
suggestedCorrections: () => ['suggested-corrections'] as const,
categories: () => ['categories'] as const,
// Analytics
bestSalePrices: () => ['best-sale-prices'] as const,
priceHistory: (masterItemIds: number[]) =>
['price-history', [...masterItemIds].sort((a, b) => a - b).join(',')] as const,
leaderboard: (limit: number) => ['leaderboard', limit] as const,
} as const;
/**
* Base keys for partial matching in cache invalidation.
*
* Use these when you need to invalidate all queries of a certain type
* regardless of their parameters.
*
* @example
* ```tsx
* // Invalidate all flyer-related queries
* queryClient.invalidateQueries({ queryKey: queryKeyBases.flyers });
* ```
*/
export const queryKeyBases = {
flyers: ['flyers'] as const,
flyerItems: ['flyer-items'] as const,
flyerItemsBatch: ['flyer-items-batch'] as const,
flyerItemsCount: ['flyer-items-count'] as const,
masterItems: ['master-items'] as const,
watchedItems: ['watched-items'] as const,
shoppingLists: ['shopping-lists'] as const,
authProfile: ['auth-profile'] as const,
userAddress: ['user-address'] as const,
userProfileData: ['user-profile-data'] as const,
activityLog: ['activity-log'] as const,
applicationStats: ['application-stats'] as const,
suggestedCorrections: ['suggested-corrections'] as const,
categories: ['categories'] as const,
bestSalePrices: ['best-sale-prices'] as const,
priceHistory: ['price-history'] as const,
leaderboard: ['leaderboard'] as const,
} as const;
export type QueryKeys = typeof queryKeys;
export type QueryKeyBases = typeof queryKeyBases;

228
src/config/swagger.ts Normal file
View File

@@ -0,0 +1,228 @@
// src/config/swagger.ts
/**
* @file OpenAPI/Swagger configuration for API documentation.
* Implements ADR-018: API Documentation Strategy.
*
* This file configures swagger-jsdoc to generate an OpenAPI 3.0 specification
* from JSDoc annotations in route files. The specification is used by
* swagger-ui-express to serve interactive API documentation.
*/
import swaggerJsdoc from 'swagger-jsdoc';
const options: swaggerJsdoc.Options = {
definition: {
openapi: '3.0.0',
info: {
title: 'Flyer Crawler API',
version: '1.0.0',
description:
'API for the Flyer Crawler application - a platform for discovering grocery deals, managing recipes, and tracking budgets.',
contact: {
name: 'API Support',
},
license: {
name: 'Private',
},
},
servers: [
{
url: '/api',
description: 'API server',
},
],
components: {
securitySchemes: {
bearerAuth: {
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT',
description: 'JWT token obtained from /auth/login or /auth/register',
},
},
schemas: {
// Standard success response wrapper (ADR-028)
SuccessResponse: {
type: 'object',
properties: {
success: {
type: 'boolean',
example: true,
},
data: {
type: 'object',
description: 'Response payload - structure varies by endpoint',
},
},
required: ['success', 'data'],
},
// Standard error response wrapper (ADR-028)
ErrorResponse: {
type: 'object',
properties: {
success: {
type: 'boolean',
example: false,
},
error: {
type: 'object',
properties: {
code: {
type: 'string',
description: 'Machine-readable error code',
example: 'VALIDATION_ERROR',
},
message: {
type: 'string',
description: 'Human-readable error message',
example: 'Invalid request parameters',
},
},
required: ['code', 'message'],
},
},
required: ['success', 'error'],
},
// Common service health status
ServiceHealth: {
type: 'object',
properties: {
status: {
type: 'string',
enum: ['healthy', 'degraded', 'unhealthy'],
},
latency: {
type: 'number',
description: 'Response time in milliseconds',
},
message: {
type: 'string',
description: 'Additional status information',
},
details: {
type: 'object',
description: 'Service-specific details',
},
},
required: ['status'],
},
// Achievement schema
Achievement: {
type: 'object',
properties: {
achievement_id: {
type: 'integer',
example: 1,
},
name: {
type: 'string',
example: 'First-Upload',
},
description: {
type: 'string',
example: 'Upload your first flyer',
},
icon: {
type: 'string',
example: 'upload-cloud',
},
points_value: {
type: 'integer',
example: 25,
},
created_at: {
type: 'string',
format: 'date-time',
},
},
},
// User achievement (with achieved_at)
UserAchievement: {
allOf: [
{ $ref: '#/components/schemas/Achievement' },
{
type: 'object',
properties: {
user_id: {
type: 'string',
format: 'uuid',
},
achieved_at: {
type: 'string',
format: 'date-time',
},
},
},
],
},
// Leaderboard entry
LeaderboardUser: {
type: 'object',
properties: {
user_id: {
type: 'string',
format: 'uuid',
},
full_name: {
type: 'string',
example: 'John Doe',
},
avatar_url: {
type: 'string',
nullable: true,
},
points: {
type: 'integer',
example: 150,
},
rank: {
type: 'integer',
example: 1,
},
},
},
},
},
tags: [
{
name: 'Health',
description: 'Server health and readiness checks',
},
{
name: 'Auth',
description: 'Authentication and authorization',
},
{
name: 'Users',
description: 'User profile management',
},
{
name: 'Achievements',
description: 'Gamification and leaderboards',
},
{
name: 'Flyers',
description: 'Flyer uploads and retrieval',
},
{
name: 'Recipes',
description: 'Recipe management',
},
{
name: 'Budgets',
description: 'Budget tracking and analysis',
},
{
name: 'Admin',
description: 'Administrative operations (requires admin role)',
},
{
name: 'System',
description: 'System status and monitoring',
},
],
},
// Path to the API routes files with JSDoc annotations
apis: ['./src/routes/*.ts'],
};
export const swaggerSpec = swaggerJsdoc(options);

18
src/config/workerOptions.ts Normal file
View File

@@ -0,0 +1,18 @@
import { WorkerOptions } from 'bullmq';
/**
* Standard worker options for stall detection and recovery.
* Defined in ADR-053.
*
* Note: This is a partial configuration that must be spread into a full
* WorkerOptions object along with a `connection` property when creating workers.
*/
export const defaultWorkerOptions: Omit<WorkerOptions, 'connection'> = {
// Check for stalled jobs every 30 seconds
stalledInterval: 30000,
// Fail job after 3 stalls (prevents infinite loops causing infinite retries)
maxStalledCount: 3,
// Duration of the lock for the job in milliseconds.
// If the worker doesn't renew this (e.g. crash), the job stalls.
lockDuration: 30000,
};

34
src/features/charts/PriceHistoryChart.test.tsx
View File

@@ -10,6 +10,7 @@ import {
createMockMasterGroceryItem,
createMockHistoricalPriceDataPoint,
} from '../../tests/utils/mockFactories';
import { QueryWrapper } from '../../tests/utils/renderWithProviders';
// Mock the apiClient
vi.mock('../../services/apiClient');
@@ -18,6 +19,8 @@ vi.mock('../../services/apiClient');
vi.mock('../../hooks/useUserData');
const mockedUseUserData = useUserData as Mock;
const renderWithQuery = (ui: React.ReactElement) => render(ui, { wrapper: QueryWrapper });
// Mock the logger
vi.mock('../../services/logger', () => ({
logger: {
@@ -116,7 +119,7 @@ describe('PriceHistoryChart', () => {
isLoading: false,
error: null,
});
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
expect(
screen.getByText('Add items to your watchlist to see their price trends over time.'),
).toBeInTheDocument();
@@ -124,13 +127,13 @@ describe('PriceHistoryChart', () => {
it('should display a loading state while fetching data', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockReturnValue(new Promise(() => {}));
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
expect(screen.getByText('Loading Price History...')).toBeInTheDocument();
});
it('should display an error message if the API call fails', async () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockRejectedValue(new Error('API is down'));
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
// Use regex to match the error message text which might be split across elements
@@ -142,7 +145,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify([])),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
expect(
@@ -157,7 +160,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(mockPriceHistory)),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
// Check that the API was called with the correct item IDs
@@ -186,7 +189,7 @@ describe('PriceHistoryChart', () => {
error: null,
});
vi.mocked(apiClient.fetchHistoricalPriceData).mockReturnValue(new Promise(() => {}));
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
expect(screen.getByText('Loading Price History...')).toBeInTheDocument();
});
@@ -194,7 +197,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(mockPriceHistory)),
);
const { rerender } = render(<PriceHistoryChart />);
const { rerender } = renderWithQuery(<PriceHistoryChart />);
// Initial render with items
await waitFor(() => {
@@ -242,7 +245,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(dataWithSinglePoint)),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
expect(screen.getByTestId('line-Organic Bananas')).toBeInTheDocument();
@@ -271,7 +274,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(dataWithDuplicateDate)),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
const chart = screen.getByTestId('line-chart');
@@ -305,7 +308,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(dataWithZeroPrice)),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
const chart = screen.getByTestId('line-chart');
@@ -330,7 +333,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(malformedData)),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
// Should show "Not enough historical data" because all points are invalid or filtered
@@ -363,7 +366,7 @@ describe('PriceHistoryChart', () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
new Response(JSON.stringify(dataWithHigherPrice)),
);
render(<PriceHistoryChart />);
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
const chart = screen.getByTestId('line-chart');
@@ -374,11 +377,12 @@ describe('PriceHistoryChart', () => {
});
it('should handle non-Error objects thrown during fetch', async () => {
vi.mocked(apiClient.fetchHistoricalPriceData).mockRejectedValue('String Error');
render(<PriceHistoryChart />);
// Use an actual Error object since the component displays error.message
vi.mocked(apiClient.fetchHistoricalPriceData).mockRejectedValue(new Error('Fetch failed'));
renderWithQuery(<PriceHistoryChart />);
await waitFor(() => {
expect(screen.getByText('Failed to load price history.')).toBeInTheDocument();
expect(screen.getByText(/Fetch failed/)).toBeInTheDocument();
});
});
});

3
src/hooks/mutations/useAddShoppingListItemMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
interface AddShoppingListItemParams {
listId: number;
@@ -61,7 +62,7 @@ export const useAddShoppingListItemMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch shopping lists to get the updated list
queryClient.invalidateQueries({ queryKey: ['shopping-lists'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.shoppingLists });
notifySuccess('Item added to shopping list');
},
onError: (error: Error) => {

3
src/hooks/mutations/useAddWatchedItemMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
interface AddWatchedItemParams {
itemName: string;
@@ -50,7 +51,7 @@ export const useAddWatchedItemMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch watched items to get the updated list
queryClient.invalidateQueries({ queryKey: ['watched-items'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.watchedItems });
notifySuccess('Item added to watched list');
},
onError: (error: Error) => {

113
src/hooks/mutations/useAuthMutations.ts Normal file
View File

@@ -0,0 +1,113 @@
// src/hooks/mutations/useAuthMutations.ts
import { useMutation } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifyError } from '../../services/notificationService';
import type { UserProfile } from '../../types';
interface AuthResponse {
userprofile: UserProfile;
token: string;
}
/**
* Mutation hook for user login.
*
* @example
* ```tsx
* const loginMutation = useLoginMutation();
* loginMutation.mutate({ email, password, rememberMe });
* ```
*/
export const useLoginMutation = () => {
return useMutation({
mutationFn: async ({
email,
password,
rememberMe,
}: {
email: string;
password: string;
rememberMe: boolean;
}): Promise<AuthResponse> => {
const response = await apiClient.loginUser(email, password, rememberMe);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to login');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to login');
},
});
};
/**
* Mutation hook for user registration.
*
* @example
* ```tsx
* const registerMutation = useRegisterMutation();
* registerMutation.mutate({ email, password, fullName });
* ```
*/
export const useRegisterMutation = () => {
return useMutation({
mutationFn: async ({
email,
password,
fullName,
}: {
email: string;
password: string;
fullName: string;
}): Promise<AuthResponse> => {
const response = await apiClient.registerUser(email, password, fullName, '');
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to register');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to register');
},
});
};
/**
* Mutation hook for requesting a password reset.
*
* @example
* ```tsx
* const passwordResetMutation = usePasswordResetRequestMutation();
* passwordResetMutation.mutate({ email });
* ```
*/
export const usePasswordResetRequestMutation = () => {
return useMutation({
mutationFn: async ({ email }: { email: string }): Promise<{ message: string }> => {
const response = await apiClient.requestPasswordReset(email);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to request password reset');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to request password reset');
},
});
};

3
src/hooks/mutations/useCreateShoppingListMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
interface CreateShoppingListParams {
name: string;
@@ -48,7 +49,7 @@ export const useCreateShoppingListMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch shopping lists to get the updated list
queryClient.invalidateQueries({ queryKey: ['shopping-lists'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.shoppingLists });
notifySuccess('Shopping list created');
},
onError: (error: Error) => {

3
src/hooks/mutations/useDeleteShoppingListMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
interface DeleteShoppingListParams {
listId: number;
@@ -48,7 +49,7 @@ export const useDeleteShoppingListMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch shopping lists to get the updated list
queryClient.invalidateQueries({ queryKey: ['shopping-lists'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.shoppingLists });
notifySuccess('Shopping list deleted');
},
onError: (error: Error) => {

4
src/hooks/mutations/useGeocodeMutation.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/mutations/useGeocodeMutation.ts
import { useMutation } from '@tanstack/react-query';
import { geocodeAddress } from '../../services/apiClient';
import { notifyError } from '../../services/notificationService';
interface GeocodeResult {
lat: number;
@@ -38,5 +39,8 @@ export const useGeocodeMutation = () => {
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to geocode address');
},
});
};

179
src/hooks/mutations/useProfileMutations.ts Normal file
View File

@@ -0,0 +1,179 @@
// src/hooks/mutations/useProfileMutations.ts
import { useMutation } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifyError } from '../../services/notificationService';
import type { Profile, Address } from '../../types';
/**
* Mutation hook for updating user profile.
*
* @example
* ```tsx
* const updateProfile = useUpdateProfileMutation();
* updateProfile.mutate({ full_name: 'New Name', avatar_url: 'https://...' });
* ```
*/
export const useUpdateProfileMutation = () => {
return useMutation({
mutationFn: async (data: Partial<Profile>): Promise<Profile> => {
const response = await apiClient.updateUserProfile(data);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to update profile');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to update profile');
},
});
};
/**
* Mutation hook for updating user address.
*
* @example
* ```tsx
* const updateAddress = useUpdateAddressMutation();
* updateAddress.mutate({ street_address: '123 Main St', city: 'Toronto' });
* ```
*/
export const useUpdateAddressMutation = () => {
return useMutation({
mutationFn: async (data: Partial<Address>): Promise<Address> => {
const response = await apiClient.updateUserAddress(data);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to update address');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to update address');
},
});
};
/**
* Mutation hook for updating user password.
*
* @example
* ```tsx
* const updatePassword = useUpdatePasswordMutation();
* updatePassword.mutate({ password: 'newPassword123' });
* ```
*/
export const useUpdatePasswordMutation = () => {
return useMutation({
mutationFn: async ({ password }: { password: string }): Promise<void> => {
const response = await apiClient.updateUserPassword(password);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to update password');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to update password');
},
});
};
/**
* Mutation hook for updating user preferences.
*
* @example
* ```tsx
* const updatePreferences = useUpdatePreferencesMutation();
* updatePreferences.mutate({ darkMode: true });
* ```
*/
export const useUpdatePreferencesMutation = () => {
return useMutation({
mutationFn: async (prefs: Partial<Profile['preferences']>): Promise<Profile> => {
const response = await apiClient.updateUserPreferences(prefs);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to update preferences');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to update preferences');
},
});
};
/**
* Mutation hook for exporting user data.
*
* @example
* ```tsx
* const exportData = useExportDataMutation();
* exportData.mutate();
* ```
*/
export const useExportDataMutation = () => {
return useMutation({
mutationFn: async (): Promise<unknown> => {
const response = await apiClient.exportUserData();
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to export data');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to export data');
},
});
};
/**
* Mutation hook for deleting user account.
*
* @example
* ```tsx
* const deleteAccount = useDeleteAccountMutation();
* deleteAccount.mutate({ password: 'currentPassword' });
* ```
*/
export const useDeleteAccountMutation = () => {
return useMutation({
mutationFn: async ({ password }: { password: string }): Promise<void> => {
const response = await apiClient.deleteUserAccount(password);
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to delete account');
}
return response.json();
},
onError: (error: Error) => {
notifyError(error.message || 'Failed to delete account');
},
});
};

3
src/hooks/mutations/useRemoveShoppingListItemMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
interface RemoveShoppingListItemParams {
itemId: number;
@@ -48,7 +49,7 @@ export const useRemoveShoppingListItemMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch shopping lists to get the updated list
queryClient.invalidateQueries({ queryKey: ['shopping-lists'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.shoppingLists });
notifySuccess('Item removed from shopping list');
},
onError: (error: Error) => {

3
src/hooks/mutations/useRemoveWatchedItemMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
interface RemoveWatchedItemParams {
masterItemId: number;
@@ -48,7 +49,7 @@ export const useRemoveWatchedItemMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch watched items to get the updated list
queryClient.invalidateQueries({ queryKey: ['watched-items'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.watchedItems });
notifySuccess('Item removed from watched list');
},
onError: (error: Error) => {

3
src/hooks/mutations/useUpdateShoppingListItemMutation.ts
View File

@@ -2,6 +2,7 @@
import { useMutation, useQueryClient } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { notifySuccess, notifyError } from '../../services/notificationService';
import { queryKeyBases } from '../../config/queryKeys';
import type { ShoppingListItem } from '../../types';
interface UpdateShoppingListItemParams {
@@ -60,7 +61,7 @@ export const useUpdateShoppingListItemMutation = () => {
},
onSuccess: () => {
// Invalidate and refetch shopping lists to get the updated list
queryClient.invalidateQueries({ queryKey: ['shopping-lists'] });
queryClient.invalidateQueries({ queryKey: queryKeyBases.shoppingLists });
notifySuccess('Shopping list item updated');
},
onError: (error: Error) => {

3
src/hooks/queries/useActivityLogQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useActivityLogQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchActivityLog } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { ActivityLogItem } from '../../types';
/**
@@ -21,7 +22,7 @@ import type { ActivityLogItem } from '../../types';
*/
export const useActivityLogQuery = (limit: number = 20, offset: number = 0) => {
return useQuery({
queryKey: ['activity-log', { limit, offset }],
queryKey: queryKeys.activityLog(limit, offset),
queryFn: async (): Promise<ActivityLogItem[]> => {
const response = await fetchActivityLog(limit, offset);

3
src/hooks/queries/useApplicationStatsQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useApplicationStatsQuery.ts
import { useQuery } from '@tanstack/react-query';
import { getApplicationStats, AppStats } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
/**
* Query hook for fetching application-wide statistics (admin feature).
@@ -19,7 +20,7 @@ import { getApplicationStats, AppStats } from '../../services/apiClient';
*/
export const useApplicationStatsQuery = () => {
return useQuery({
queryKey: ['application-stats'],
queryKey: queryKeys.applicationStats(),
queryFn: async (): Promise<AppStats> => {
const response = await getApplicationStats();

8
src/hooks/queries/useAuthProfileQuery.ts
View File

@@ -2,13 +2,15 @@
import { useQuery, useQueryClient } from '@tanstack/react-query';
import { getAuthenticatedUserProfile } from '../../services/apiClient';
import { getToken } from '../../services/tokenStorage';
import { queryKeys, queryKeyBases } from '../../config/queryKeys';
import type { UserProfile } from '../../types';
/**
* Query key for the authenticated user's profile.
* Exported for cache invalidation purposes.
* @deprecated Use queryKeys.authProfile() from '../../config/queryKeys' instead
*/
export const AUTH_PROFILE_QUERY_KEY = ['auth-profile'] as const;
export const AUTH_PROFILE_QUERY_KEY = queryKeys.authProfile();
/**
* Query hook for fetching the authenticated user's profile.
@@ -28,7 +30,7 @@ export const useAuthProfileQuery = (enabled: boolean = true) => {
const hasToken = !!getToken();
return useQuery({
queryKey: AUTH_PROFILE_QUERY_KEY,
queryKey: queryKeys.authProfile(),
queryFn: async (): Promise<UserProfile> => {
const response = await getAuthenticatedUserProfile();
@@ -55,6 +57,6 @@ export const useInvalidateAuthProfile = () => {
const queryClient = useQueryClient();
return () => {
queryClient.invalidateQueries({ queryKey: AUTH_PROFILE_QUERY_KEY });
queryClient.invalidateQueries({ queryKey: queryKeyBases.authProfile });
};
};

3
src/hooks/queries/useBestSalePricesQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useBestSalePricesQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchBestSalePrices } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { WatchedItemDeal } from '../../types';
/**
@@ -19,7 +20,7 @@ import type { WatchedItemDeal } from '../../types';
*/
export const useBestSalePricesQuery = (enabled: boolean = true) => {
return useQuery({
queryKey: ['best-sale-prices'],
queryKey: queryKeys.bestSalePrices(),
queryFn: async (): Promise<WatchedItemDeal[]> => {
const response = await fetchBestSalePrices();

35
src/hooks/queries/useBrandsQuery.ts Normal file
View File

@@ -0,0 +1,35 @@
// src/hooks/queries/useBrandsQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchAllBrands } from '../../services/apiClient';
import type { Brand } from '../../types';
/**
* Query hook for fetching all brands (admin feature).
*
* @param enabled - Whether the query should run (default: true)
* @returns TanStack Query result with Brand[] data
*
* @example
* ```tsx
* const { data: brands = [], isLoading, error } = useBrandsQuery();
* ```
*/
export const useBrandsQuery = (enabled: boolean = true) => {
return useQuery({
queryKey: ['brands'],
queryFn: async (): Promise<Brand[]> => {
const response = await fetchAllBrands();
if (!response.ok) {
const error = await response.json().catch(() => ({
message: `Request failed with status ${response.status}`,
}));
throw new Error(error.message || 'Failed to fetch brands');
}
return response.json();
},
enabled,
staleTime: 1000 * 60 * 5, // 5 minutes - brands don't change frequently
});
};

3
src/hooks/queries/useCategoriesQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useCategoriesQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchCategories } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { Category } from '../../types';
/**
@@ -14,7 +15,7 @@ import type { Category } from '../../types';
*/
export const useCategoriesQuery = () => {
return useQuery({
queryKey: ['categories'],
queryKey: queryKeys.categories(),
queryFn: async (): Promise<Category[]> => {
const response = await fetchCategories();

3
src/hooks/queries/useFlyerItemCountQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useFlyerItemCountQuery.ts
import { useQuery } from '@tanstack/react-query';
import { countFlyerItemsForFlyers } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
interface FlyerItemCount {
count: number;
@@ -24,7 +25,7 @@ interface FlyerItemCount {
export const useFlyerItemCountQuery = (flyerIds: number[], enabled: boolean = true) => {
return useQuery({
// Include flyerIds in the key so cache is per-set of flyers
queryKey: ['flyer-items-count', flyerIds.sort().join(',')],
queryKey: queryKeys.flyerItemsCount(flyerIds),
queryFn: async (): Promise<FlyerItemCount> => {
if (flyerIds.length === 0) {
return { count: 0 };

3
src/hooks/queries/useFlyerItemsForFlyersQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useFlyerItemsForFlyersQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchFlyerItemsForFlyers } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { FlyerItem } from '../../types';
/**
@@ -21,7 +22,7 @@ import type { FlyerItem } from '../../types';
export const useFlyerItemsForFlyersQuery = (flyerIds: number[], enabled: boolean = true) => {
return useQuery({
// Include flyerIds in the key so cache is per-set of flyers
queryKey: ['flyer-items-batch', flyerIds.sort().join(',')],
queryKey: queryKeys.flyerItemsBatch(flyerIds),
queryFn: async (): Promise<FlyerItem[]> => {
if (flyerIds.length === 0) {
return [];

3
src/hooks/queries/useFlyerItemsQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useFlyerItemsQuery.ts
import { useQuery } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { FlyerItem } from '../../types';
/**
@@ -19,7 +20,7 @@ import type { FlyerItem } from '../../types';
*/
export const useFlyerItemsQuery = (flyerId: number | undefined) => {
return useQuery({
queryKey: ['flyer-items', flyerId],
queryKey: queryKeys.flyerItems(flyerId as number),
queryFn: async (): Promise<FlyerItem[]> => {
if (!flyerId) {
throw new Error('Flyer ID is required');

3
src/hooks/queries/useFlyersQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useFlyersQuery.ts
import { useQuery } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { Flyer } from '../../types';
/**
@@ -20,7 +21,7 @@ import type { Flyer } from '../../types';
*/
export const useFlyersQuery = (limit: number = 20, offset: number = 0) => {
return useQuery({
queryKey: ['flyers', { limit, offset }],
queryKey: queryKeys.flyers(limit, offset),
queryFn: async (): Promise<Flyer[]> => {
const response = await apiClient.fetchFlyers(limit, offset);

3
src/hooks/queries/useLeaderboardQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useLeaderboardQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchLeaderboard } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { LeaderboardUser } from '../../types';
/**
@@ -17,7 +18,7 @@ import type { LeaderboardUser } from '../../types';
*/
export const useLeaderboardQuery = (limit: number = 10, enabled: boolean = true) => {
return useQuery({
queryKey: ['leaderboard', limit],
queryKey: queryKeys.leaderboard(limit),
queryFn: async (): Promise<LeaderboardUser[]> => {
const response = await fetchLeaderboard(limit);

3
src/hooks/queries/useMasterItemsQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useMasterItemsQuery.ts
import { useQuery } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { MasterGroceryItem } from '../../types';
/**
@@ -19,7 +20,7 @@ import type { MasterGroceryItem } from '../../types';
*/
export const useMasterItemsQuery = () => {
return useQuery({
queryKey: ['master-items'],
queryKey: queryKeys.masterItems(),
queryFn: async (): Promise<MasterGroceryItem[]> => {
const response = await apiClient.fetchMasterItems();

6
src/hooks/queries/usePriceHistoryQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/usePriceHistoryQuery.ts
import { useQuery } from '@tanstack/react-query';
import { fetchHistoricalPriceData } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { HistoricalPriceDataPoint } from '../../types';
/**
@@ -17,11 +18,8 @@ import type { HistoricalPriceDataPoint } from '../../types';
* ```
*/
export const usePriceHistoryQuery = (masterItemIds: number[], enabled: boolean = true) => {
// Sort IDs for stable query key
const sortedIds = [...masterItemIds].sort((a, b) => a - b);
return useQuery({
queryKey: ['price-history', sortedIds.join(',')],
queryKey: queryKeys.priceHistory(masterItemIds),
queryFn: async (): Promise<HistoricalPriceDataPoint[]> => {
if (masterItemIds.length === 0) {
return [];

3
src/hooks/queries/useShoppingListsQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useShoppingListsQuery.ts
import { useQuery } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { ShoppingList } from '../../types';
/**
@@ -19,7 +20,7 @@ import type { ShoppingList } from '../../types';
*/
export const useShoppingListsQuery = (enabled: boolean) => {
return useQuery({
queryKey: ['shopping-lists'],
queryKey: queryKeys.shoppingLists(),
queryFn: async (): Promise<ShoppingList[]> => {
const response = await apiClient.fetchShoppingLists();

3
src/hooks/queries/useSuggestedCorrectionsQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useSuggestedCorrectionsQuery.ts
import { useQuery } from '@tanstack/react-query';
import { getSuggestedCorrections } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { SuggestedCorrection } from '../../types';
/**
@@ -14,7 +15,7 @@ import type { SuggestedCorrection } from '../../types';
*/
export const useSuggestedCorrectionsQuery = () => {
return useQuery({
queryKey: ['suggested-corrections'],
queryKey: queryKeys.suggestedCorrections(),
queryFn: async (): Promise<SuggestedCorrection[]> => {
const response = await getSuggestedCorrections();

3
src/hooks/queries/useUserAddressQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useUserAddressQuery.ts
import { useQuery } from '@tanstack/react-query';
import { getUserAddress } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { Address } from '../../types';
/**
@@ -20,7 +21,7 @@ export const useUserAddressQuery = (
enabled: boolean = true,
) => {
return useQuery({
queryKey: ['user-address', addressId],
queryKey: queryKeys.userAddress(addressId ?? null),
queryFn: async (): Promise<Address> => {
if (!addressId) {
throw new Error('Address ID is required');

3
src/hooks/queries/useUserProfileDataQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useUserProfileDataQuery.ts
import { useQuery } from '@tanstack/react-query';
import { getAuthenticatedUserProfile, getUserAchievements } from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { UserProfile, Achievement, UserAchievement } from '../../types';
interface UserProfileData {
@@ -26,7 +27,7 @@ interface UserProfileData {
*/
export const useUserProfileDataQuery = (enabled: boolean = true) => {
return useQuery({
queryKey: ['user-profile-data'],
queryKey: queryKeys.userProfileData(),
queryFn: async (): Promise<UserProfileData> => {
const [profileRes, achievementsRes] = await Promise.all([
getAuthenticatedUserProfile(),

3
src/hooks/queries/useWatchedItemsQuery.ts
View File

@@ -1,6 +1,7 @@
// src/hooks/queries/useWatchedItemsQuery.ts
import { useQuery } from '@tanstack/react-query';
import * as apiClient from '../../services/apiClient';
import { queryKeys } from '../../config/queryKeys';
import type { MasterGroceryItem } from '../../types';
/**
@@ -19,7 +20,7 @@ import type { MasterGroceryItem } from '../../types';
*/
export const useWatchedItemsQuery = (enabled: boolean) => {
return useQuery({
queryKey: ['watched-items'],
queryKey: queryKeys.watchedItems(),
queryFn: async (): Promise<MasterGroceryItem[]> => {
const response = await apiClient.fetchWatchedItems();

98
src/hooks/useActiveDeals.test.tsx
View File

@@ -11,6 +11,7 @@ import {
createMockDealItem,
} from '../tests/utils/mockFactories';
import { mockUseFlyers, mockUseUserData } from '../tests/setup/mockHooks';
import { QueryWrapper } from '../tests/utils/renderWithProviders';
// Must explicitly call vi.mock() for apiClient
vi.mock('../services/apiClient');
@@ -130,7 +131,7 @@ describe('useActiveDeals Hook', () => {
new Response(JSON.stringify(mockFlyerItems)),
);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
// The hook runs the effect almost immediately. We shouldn't strictly assert false
// because depending on render timing, it might already be true.
@@ -151,13 +152,12 @@ describe('useActiveDeals Hook', () => {
);
mockedApiClient.fetchFlyerItemsForFlyers.mockResolvedValue(new Response(JSON.stringify([])));
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
// Only the valid flyer (id: 1) should be used in the API calls
// The second argument is an AbortSignal, which we can match with expect.anything()
expect(mockedApiClient.countFlyerItemsForFlyers).toHaveBeenCalledWith([1], expect.anything());
expect(mockedApiClient.fetchFlyerItemsForFlyers).toHaveBeenCalledWith([1], expect.anything());
expect(mockedApiClient.countFlyerItemsForFlyers).toHaveBeenCalledWith([1]);
expect(mockedApiClient.fetchFlyerItemsForFlyers).toHaveBeenCalledWith([1]);
expect(result.current.isLoading).toBe(false);
});
});
@@ -175,7 +175,7 @@ describe('useActiveDeals Hook', () => {
error: null,
}); // Override for this test
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.isLoading).toBe(false);
@@ -197,7 +197,7 @@ describe('useActiveDeals Hook', () => {
isRefetchingFlyers: false,
refetchFlyers: vi.fn(),
});
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.isLoading).toBe(false);
@@ -212,8 +212,10 @@ describe('useActiveDeals Hook', () => {
it('should set an error state if counting items fails', async () => {
const apiError = new Error('Network Failure');
mockedApiClient.countFlyerItemsForFlyers.mockRejectedValue(apiError);
// Also mock fetchFlyerItemsForFlyers to avoid interference from the other query
mockedApiClient.fetchFlyerItemsForFlyers.mockResolvedValue(new Response(JSON.stringify([])));
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.isLoading).toBe(false);
@@ -229,7 +231,7 @@ describe('useActiveDeals Hook', () => {
);
mockedApiClient.fetchFlyerItemsForFlyers.mockRejectedValue(apiError);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.isLoading).toBe(false);
@@ -248,7 +250,7 @@ describe('useActiveDeals Hook', () => {
new Response(JSON.stringify(mockFlyerItems)),
);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
const deal = result.current.activeDeals[0];
@@ -294,7 +296,7 @@ describe('useActiveDeals Hook', () => {
new Response(JSON.stringify([itemInFlyerWithoutStore])),
);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.activeDeals).toHaveLength(1);
@@ -347,7 +349,7 @@ describe('useActiveDeals Hook', () => {
new Response(JSON.stringify(mixedItems)),
);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.isLoading).toBe(false);
@@ -372,7 +374,7 @@ describe('useActiveDeals Hook', () => {
mockedApiClient.countFlyerItemsForFlyers.mockReturnValue(countPromise);
mockedApiClient.fetchFlyerItemsForFlyers.mockReturnValue(itemsPromise);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
// Wait for the effect to trigger the API call and set loading to true
await waitFor(() => expect(result.current.isLoading).toBe(true));
@@ -388,20 +390,53 @@ describe('useActiveDeals Hook', () => {
});
});
it('should re-fetch data when watched items change', async () => {
// Initial render
it('should re-filter active deals when watched items change (client-side filtering)', async () => {
// With TanStack Query, changing watchedItems does NOT trigger a new API call
// because the query key is based on flyerIds, not watchedItems.
// The filtering happens client-side via useMemo. This is more efficient.
const allFlyerItems: FlyerItem[] = [
createMockFlyerItem({
flyer_item_id: 1,
flyer_id: 1,
item: 'Red Apples',
price_display: '$1.99',
price_in_cents: 199,
master_item_id: 101, // matches mockWatchedItems
master_item_name: 'Apples',
}),
createMockFlyerItem({
flyer_item_id: 2,
flyer_id: 1,
item: 'Fresh Bread',
price_display: '$2.99',
price_in_cents: 299,
master_item_id: 103, // NOT in initial mockWatchedItems
master_item_name: 'Bread',
}),
];
mockedApiClient.countFlyerItemsForFlyers.mockResolvedValue(
new Response(JSON.stringify({ count: 1 })),
new Response(JSON.stringify({ count: 2 })),
);
mockedApiClient.fetchFlyerItemsForFlyers.mockResolvedValue(
new Response(JSON.stringify(allFlyerItems)),
);
mockedApiClient.fetchFlyerItemsForFlyers.mockResolvedValue(new Response(JSON.stringify([])));
const { rerender } = renderHook(() => useActiveDeals());
const { result, rerender } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
// Wait for initial data to load
await waitFor(() => {
expect(mockedApiClient.fetchFlyerItemsForFlyers).toHaveBeenCalledTimes(1);
expect(result.current.isLoading).toBe(false);
});
// Change watched items
// Initially, only Apples (master_item_id: 101) should be in activeDeals
expect(result.current.activeDeals).toHaveLength(1);
expect(result.current.activeDeals[0].item).toBe('Red Apples');
// API should have been called exactly once
expect(mockedApiClient.fetchFlyerItemsForFlyers).toHaveBeenCalledTimes(1);
// Now add Bread to watched items
const newWatchedItems = [
...mockWatchedItems,
createMockMasterGroceryItem({ master_grocery_item_id: 103, name: 'Bread' }),
@@ -415,13 +450,21 @@ describe('useActiveDeals Hook', () => {
error: null,
});
// Rerender
// Rerender to pick up new watchedItems
rerender();
// After rerender, client-side filtering should now include both items
await waitFor(() => {
// Should have been called again
expect(mockedApiClient.fetchFlyerItemsForFlyers).toHaveBeenCalledTimes(2);
expect(result.current.activeDeals).toHaveLength(2);
});
// Verify both items are present
const dealItems = result.current.activeDeals.map((d) => d.item);
expect(dealItems).toContain('Red Apples');
expect(dealItems).toContain('Fresh Bread');
// The API should NOT be called again - data is already cached
expect(mockedApiClient.fetchFlyerItemsForFlyers).toHaveBeenCalledTimes(1);
});
it('should include flyers valid exactly on the start or end date', async () => {
@@ -480,14 +523,11 @@ describe('useActiveDeals Hook', () => {
);
mockedApiClient.fetchFlyerItemsForFlyers.mockResolvedValue(new Response(JSON.stringify([])));
renderHook(() => useActiveDeals());
renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
// Should call with IDs 10, 11, 12. Should NOT include 13.
expect(mockedApiClient.countFlyerItemsForFlyers).toHaveBeenCalledWith(
[10, 11, 12],
expect.anything(),
);
expect(mockedApiClient.countFlyerItemsForFlyers).toHaveBeenCalledWith([10, 11, 12]);
});
});
@@ -511,7 +551,7 @@ describe('useActiveDeals Hook', () => {
new Response(JSON.stringify([incompleteItem])),
);
const { result } = renderHook(() => useActiveDeals());
const { result } = renderHook(() => useActiveDeals(), { wrapper: QueryWrapper });
await waitFor(() => {
expect(result.current.activeDeals).toHaveLength(1);

26
src/hooks/useAuth.test.tsx
View File

@@ -2,6 +2,7 @@
import React, { ReactNode } from 'react';
import { renderHook, waitFor, act } from '@testing-library/react';
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
import { useAuth } from './useAuth';
import { AuthProvider } from '../providers/AuthProvider';
import * as apiClient from '../services/apiClient';
@@ -24,8 +25,29 @@ const mockProfile: UserProfile = createMockUserProfile({
user: { user_id: 'user-abc-123', email: 'test@example.com' },
});
// Create a fresh QueryClient for each test to ensure isolation
const createTestQueryClient = () =>
new QueryClient({
defaultOptions: {
queries: {
retry: false,
gcTime: 0,
},
mutations: {
retry: false,
},
},
});
// Reusable wrapper for rendering the hook within the provider
const wrapper = ({ children }: { children: ReactNode }) => <AuthProvider>{children}</AuthProvider>;
const wrapper = ({ children }: { children: ReactNode }) => {
const testQueryClient = createTestQueryClient();
return (
<QueryClientProvider client={testQueryClient}>
<AuthProvider>{children}</AuthProvider>
</QueryClientProvider>
);
};
describe('useAuth Hook and AuthProvider', () => {
beforeEach(() => {
@@ -131,7 +153,7 @@ describe('useAuth Hook and AuthProvider', () => {
expect(result.current.userProfile).toBeNull();
expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
expect(logger.warn).toHaveBeenCalledWith(
'[AuthProvider-Effect] Token was present but validation returned no profile. Signing out.',
'[AuthProvider] Token was present but profile is null. Signing out.',
);
});

24
src/hooks/useProfileAddress.ts
View File

@@ -6,6 +6,7 @@ import { useUserAddressQuery } from './queries/useUserAddressQuery';
import { useGeocodeMutation } from './mutations/useGeocodeMutation';
import { logger } from '../services/logger.client';
import { useDebounce } from './useDebounce';
import { notifyError } from '../services/notificationService';
/**
* Helper to generate a consistent address string for geocoding.
@@ -37,14 +38,22 @@ export const useProfileAddress = (userProfile: UserProfile | null, isOpen: boole
const [initialAddress, setInitialAddress] = useState<Partial<Address>>({});
// TanStack Query for fetching the address
const { data: fetchedAddress, isLoading: isFetchingAddress } = useUserAddressQuery(
userProfile?.address_id,
isOpen && !!userProfile?.address_id,
);
const {
data: fetchedAddress,
isLoading: isFetchingAddress,
error: addressError,
} = useUserAddressQuery(userProfile?.address_id, isOpen && !!userProfile?.address_id);
// TanStack Query mutation for geocoding
const geocodeMutation = useGeocodeMutation();
// Effect to handle address fetch errors
useEffect(() => {
if (addressError) {
notifyError(addressError.message || 'Failed to fetch address');
}
}, [addressError]);
// Effect to sync fetched address to local state
useEffect(() => {
if (!isOpen || !userProfile) {
@@ -64,8 +73,13 @@ export const useProfileAddress = (userProfile: UserProfile | null, isOpen: boole
logger.debug('[useProfileAddress] Profile has no address_id. Resetting address form.');
setAddress({});
setInitialAddress({});
} else if (!isFetchingAddress && !fetchedAddress && userProfile.address_id) {
// Fetch completed but returned null - log a warning
logger.warn(
`[useProfileAddress] Fetch returned null for addressId: ${userProfile.address_id}.`,
);
}
}, [isOpen, userProfile, fetchedAddress]);
}, [isOpen, userProfile, fetchedAddress, isFetchingAddress]);
const handleAddressChange = useCallback((field: keyof Address, value: string) => {
setAddress((prev) => ({ ...prev, [field]: value }));

8
src/index.tsx
View File

@@ -1,4 +1,12 @@
// src/index.tsx
/**
* IMPORTANT: Sentry initialization MUST happen before any other imports
* to ensure all errors are captured, including those in imported modules.
* See ADR-015: Application Performance Monitoring and Error Tracking.
*/
import { initSentry } from './services/sentry.client';
initSentry();
import React from 'react';
import ReactDOM from 'react-dom/client';
import App from './App';

15
src/middleware/multer.middleware.test.ts
View File

@@ -83,8 +83,8 @@ describe('Multer Middleware Directory Creation', () => {
await import('./multer.middleware');
// Assert
// It should try to create both the flyer storage and avatar storage paths
expect(mocks.mkdir).toHaveBeenCalledTimes(2);
// It should try to create the flyer, avatar, and receipt storage paths
expect(mocks.mkdir).toHaveBeenCalledTimes(3);
expect(mocks.mkdir).toHaveBeenCalledWith(expect.any(String), { recursive: true });
expect(mocks.logger.info).toHaveBeenCalledWith('Ensured multer storage directories exist.');
expect(mocks.logger.error).not.toHaveBeenCalled();
@@ -182,8 +182,8 @@ describe('createUploadMiddleware', () => {
);
});
it('should generate a predictable filename in test environment', () => {
// This test covers lines 43-46
it('should generate a unique filename in test environment', () => {
// This test covers the default case in getStorageConfig
vi.stubEnv('NODE_ENV', 'test');
const mockFlyerFile = {
fieldname: 'flyerFile',
@@ -196,7 +196,10 @@ describe('createUploadMiddleware', () => {
storageOptions.filename!(mockReq, mockFlyerFile, cb);
expect(cb).toHaveBeenCalledWith(null, 'flyerFile-test-flyer-image.jpg');
expect(cb).toHaveBeenCalledWith(
null,
expect.stringMatching(/^flyerFile-\d+-\d+-test-flyer\.jpg$/),
);
});
});
@@ -266,4 +269,4 @@ describe('handleMulterError Middleware', () => {
expect(mockNext).toHaveBeenCalledWith(err);
expect(mockResponse.status).not.toHaveBeenCalled();
});
});
});

50
src/middleware/multer.middleware.ts
View File

@@ -11,12 +11,17 @@ import { logger } from '../services/logger.server';
export const flyerStoragePath =
process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/flyer-images';
export const avatarStoragePath = path.join(process.cwd(), 'public', 'uploads', 'avatars');
export const receiptStoragePath = path.join(
process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com',
'receipts',
);
// Ensure directories exist at startup
(async () => {
try {
await fs.mkdir(flyerStoragePath, { recursive: true });
await fs.mkdir(avatarStoragePath, { recursive: true });
await fs.mkdir(receiptStoragePath, { recursive: true });
logger.info('Ensured multer storage directories exist.');
} catch (error) {
const err = error instanceof Error ? error : new Error(String(error));
@@ -24,7 +29,7 @@ export const avatarStoragePath = path.join(process.cwd(), 'public', 'uploads', '
}
})();
type StorageType = 'flyer' | 'avatar';
type StorageType = 'flyer' | 'avatar' | 'receipt';
const getStorageConfig = (type: StorageType) => {
switch (type) {
@@ -47,16 +52,27 @@ const getStorageConfig = (type: StorageType) => {
cb(null, uniqueSuffix);
},
});
case 'receipt':
return multer.diskStorage({
destination: (req, file, cb) => cb(null, receiptStoragePath),
filename: (req, file, cb) => {
const user = req.user as UserProfile | undefined;
const userId = user?.user.user_id || 'anonymous';
const uniqueSuffix = `${Date.now()}-${Math.round(Math.random() * 1e9)}`;
const sanitizedOriginalName = sanitizeFilename(file.originalname);
cb(null, `receipt-${userId}-${uniqueSuffix}-${sanitizedOriginalName}`);
},
});
case 'flyer':
default:
return multer.diskStorage({
destination: (req, file, cb) => cb(null, flyerStoragePath),
destination: (req, file, cb) => {
console.error('[MULTER DEBUG] Flyer storage destination:', flyerStoragePath);
cb(null, flyerStoragePath);
},
filename: (req, file, cb) => {
if (process.env.NODE_ENV === 'test') {
// Use a predictable filename for test flyers for easy cleanup.
const ext = path.extname(file.originalname);
return cb(null, `${file.fieldname}-test-flyer-image${ext || '.jpg'}`);
}
// Use unique filenames in ALL environments to prevent race conditions
// between concurrent test runs or uploads.
const uniqueSuffix = `${Date.now()}-${Math.round(Math.random() * 1e9)}`;
const sanitizedOriginalName = sanitizeFilename(file.originalname);
cb(null, `${file.fieldname}-${uniqueSuffix}-${sanitizedOriginalName}`);
@@ -65,12 +81,19 @@ const getStorageConfig = (type: StorageType) => {
}
};
const imageFileFilter = (req: Request, file: Express.Multer.File, cb: multer.FileFilterCallback) => {
const imageFileFilter = (
req: Request,
file: Express.Multer.File,
cb: multer.FileFilterCallback,
) => {
if (file.mimetype.startsWith('image/')) {
cb(null, true);
} else {
// Reject the file with a specific error that can be caught by a middleware.
const validationIssue = { path: ['file', file.fieldname], message: 'Only image files are allowed!' };
const validationIssue = {
path: ['file', file.fieldname],
message: 'Only image files are allowed!',
};
const err = new ValidationError([validationIssue], 'Only image files are allowed!');
cb(err as Error); // Cast to Error to satisfy multer's type, though ValidationError extends Error.
}
@@ -107,16 +130,11 @@ export const createUploadMiddleware = (options: MulterOptions) => {
* A general error handler for multer. Place this after all routes using multer in your router file.
* It catches errors from `fileFilter` and other multer issues (e.g., file size limits).
*/
export const handleMulterError = (
err: Error,
req: Request,
res: Response,
next: NextFunction,
) => {
export const handleMulterError = (err: Error, req: Request, res: Response, next: NextFunction) => {
if (err instanceof multer.MulterError) {
// A Multer error occurred when uploading (e.g., file too large).
return res.status(400).json({ message: `File upload error: ${err.message}` });
}
// If it's not a multer error, pass it on.
next(err);
};
};

17
src/middleware/validation.middleware.ts
View File

@@ -23,14 +23,21 @@ export const validateRequest =
});
// On success, merge the parsed (and coerced) data back into the request objects.
// We don't reassign `req.params`, `req.query`, or `req.body` directly, as they
// might be read-only getters in some environments (like during supertest tests).
// Instead, we clear the existing object and merge the new properties.
// For req.params, we can delete existing keys and assign new ones.
Object.keys(req.params).forEach((key) => delete (req.params as ParamsDictionary)[key]);
Object.assign(req.params, params);
Object.keys(req.query).forEach((key) => delete (req.query as Query)[key]);
Object.assign(req.query, query);
// For req.query in Express 5, the query object is lazily evaluated from the URL
// and cannot be mutated directly. We use Object.defineProperty to replace
// the getter with our validated/transformed query object.
Object.defineProperty(req, 'query', {
value: query as Query,
writable: true,
configurable: true,
enumerable: true,
});
// For body, direct reassignment works.
req.body = body;
return next();

39
src/pages/MyDealsPage.test.tsx
View File

@@ -5,14 +5,16 @@ import { describe, it, expect, vi, beforeEach } from 'vitest';
import MyDealsPage from './MyDealsPage';
import * as apiClient from '../services/apiClient';
import type { WatchedItemDeal } from '../types';
import { logger } from '../services/logger.client';
import { createMockWatchedItemDeal } from '../tests/utils/mockFactories';
import { QueryWrapper } from '../tests/utils/renderWithProviders';
// Must explicitly call vi.mock() for apiClient
vi.mock('../services/apiClient');
const mockedApiClient = vi.mocked(apiClient);
const renderWithQuery = (ui: React.ReactElement) => render(ui, { wrapper: QueryWrapper });
// Mock lucide-react icons to prevent rendering errors in the test environment
vi.mock('lucide-react', () => ({
AlertCircle: () => <div data-testid="alert-circle-icon" />,
@@ -29,7 +31,7 @@ describe('MyDealsPage', () => {
it('should display a loading message initially', () => {
// Mock a pending promise
mockedApiClient.fetchBestSalePrices.mockReturnValue(new Promise(() => {}));
render(<MyDealsPage />);
renderWithQuery(<MyDealsPage />);
expect(screen.getByText('Loading your deals...')).toBeInTheDocument();
});
@@ -37,48 +39,35 @@ describe('MyDealsPage', () => {
mockedApiClient.fetchBestSalePrices.mockResolvedValue(
new Response(null, { status: 500, statusText: 'Server Error' }),
);
render(<MyDealsPage />);
renderWithQuery(<MyDealsPage />);
await waitFor(() => {
expect(screen.getByText('Error')).toBeInTheDocument();
expect(
screen.getByText('Failed to fetch deals. Please try again later.'),
).toBeInTheDocument();
// The query hook throws an error with status code when JSON parsing fails on non-ok response
expect(screen.getByText('Request failed with status 500')).toBeInTheDocument();
});
expect(logger.error).toHaveBeenCalledWith(
'Error fetching watched item deals:',
'Failed to fetch deals. Please try again later.',
);
});
it('should handle network errors and log them', async () => {
const networkError = new Error('Network connection failed');
mockedApiClient.fetchBestSalePrices.mockRejectedValue(networkError);
render(<MyDealsPage />);
renderWithQuery(<MyDealsPage />);
await waitFor(() => {
expect(screen.getByText('Error')).toBeInTheDocument();
expect(screen.getByText('Network connection failed')).toBeInTheDocument();
});
expect(logger.error).toHaveBeenCalledWith(
'Error fetching watched item deals:',
'Network connection failed',
);
});
it('should handle unknown errors and log them', async () => {
// Mock a rejection with a non-Error object (e.g., a string) to trigger the fallback error message
mockedApiClient.fetchBestSalePrices.mockRejectedValue('Unknown failure');
render(<MyDealsPage />);
// Mock a rejection with an Error object - TanStack Query passes through Error objects
mockedApiClient.fetchBestSalePrices.mockRejectedValue(new Error('Unknown failure'));
renderWithQuery(<MyDealsPage />);
await waitFor(() => {
expect(screen.getByText('Error')).toBeInTheDocument();
expect(screen.getByText('An unknown error occurred.')).toBeInTheDocument();
expect(screen.getByText('Unknown failure')).toBeInTheDocument();
});
expect(logger.error).toHaveBeenCalledWith(
'Error fetching watched item deals:',
'An unknown error occurred.',
);
});
it('should display a message when no deals are found', async () => {
@@ -87,7 +76,7 @@ describe('MyDealsPage', () => {
headers: { 'Content-Type': 'application/json' },
}),
);
render(<MyDealsPage />);
renderWithQuery(<MyDealsPage />);
await waitFor(() => {
expect(
@@ -121,7 +110,7 @@ describe('MyDealsPage', () => {
}),
);
render(<MyDealsPage />);
renderWithQuery(<MyDealsPage />);
await waitFor(() => {
expect(screen.getByText('Organic Bananas')).toBeInTheDocument();

66
src/pages/UserProfilePage.test.tsx
View File

@@ -10,10 +10,13 @@ import {
createMockUserAchievement,
createMockUser,
} from '../tests/utils/mockFactories';
import { QueryWrapper } from '../tests/utils/renderWithProviders';
// Must explicitly call vi.mock() for apiClient
vi.mock('../services/apiClient');
const renderWithQuery = (ui: React.ReactElement) => render(ui, { wrapper: QueryWrapper });
const mockedNotificationService = vi.mocked(await import('../services/notificationService'));
vi.mock('../components/AchievementsList', () => ({
AchievementsList: ({ achievements }: { achievements: (UserAchievement & Achievement)[] }) => (
@@ -54,7 +57,7 @@ describe('UserProfilePage', () => {
it('should display a loading message initially', () => {
mockedApiClient.getAuthenticatedUserProfile.mockReturnValue(new Promise(() => {}));
mockedApiClient.getUserAchievements.mockReturnValue(new Promise(() => {}));
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
expect(screen.getByText('Loading profile...')).toBeInTheDocument();
});
@@ -63,7 +66,7 @@ describe('UserProfilePage', () => {
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
expect(screen.getByText('Error: Network Error')).toBeInTheDocument();
@@ -77,11 +80,11 @@ describe('UserProfilePage', () => {
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
// The component throws 'Failed to fetch user profile.' because it just checks `!profileRes.ok`
expect(screen.getByText('Error: Failed to fetch user profile.')).toBeInTheDocument();
// The query hook parses the error message from the JSON body
expect(screen.getByText('Error: Auth Failed')).toBeInTheDocument();
});
});
@@ -92,11 +95,11 @@ describe('UserProfilePage', () => {
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify({ message: 'Server Busy' }), { status: 503 }),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
// The component throws 'Failed to fetch user achievements.'
expect(screen.getByText('Error: Failed to fetch user achievements.')).toBeInTheDocument();
// The query hook parses the error message from the JSON body
expect(screen.getByText('Error: Server Busy')).toBeInTheDocument();
});
});
@@ -105,7 +108,7 @@ describe('UserProfilePage', () => {
new Response(JSON.stringify(mockProfile)),
);
mockedApiClient.getUserAchievements.mockRejectedValue(new Error('Achievements service down'));
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
expect(screen.getByText('Error: Achievements service down')).toBeInTheDocument();
@@ -113,14 +116,15 @@ describe('UserProfilePage', () => {
});
it('should handle unknown errors during fetch', async () => {
mockedApiClient.getAuthenticatedUserProfile.mockRejectedValue('Unknown error string');
// Use an actual Error object since the hook extracts error.message
mockedApiClient.getAuthenticatedUserProfile.mockRejectedValue(new Error('Unknown error'));
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
expect(screen.getByText('Error: An unknown error occurred.')).toBeInTheDocument();
expect(screen.getByText('Error: Unknown error')).toBeInTheDocument();
});
});
@@ -130,7 +134,7 @@ describe('UserProfilePage', () => {
);
// Mock a successful response but with a null body for achievements
mockedApiClient.getUserAchievements.mockResolvedValue(new Response(JSON.stringify(null)));
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
expect(screen.getByRole('heading', { name: 'Test User' })).toBeInTheDocument();
@@ -149,7 +153,7 @@ describe('UserProfilePage', () => {
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
expect(screen.getByRole('heading', { name: 'Test User' })).toBeInTheDocument();
@@ -169,7 +173,7 @@ describe('UserProfilePage', () => {
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
expect(await screen.findByText('Could not load user profile.')).toBeInTheDocument();
});
@@ -182,7 +186,7 @@ describe('UserProfilePage', () => {
);
mockedApiClient.getUserAchievements.mockResolvedValue(new Response(JSON.stringify([])));
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
// Wait for the component to render with the fetched data
await waitFor(() => {
@@ -204,7 +208,7 @@ describe('UserProfilePage', () => {
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await waitFor(() => {
const avatar = screen.getByAltText('User Avatar');
@@ -220,7 +224,7 @@ describe('UserProfilePage', () => {
mockedApiClient.getUserAchievements.mockResolvedValue(
new Response(JSON.stringify(mockAchievements)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
@@ -248,7 +252,7 @@ describe('UserProfilePage', () => {
mockedApiClient.updateUserProfile.mockResolvedValue(
new Response(JSON.stringify(updatedProfile)),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByText('Test User');
@@ -266,7 +270,7 @@ describe('UserProfilePage', () => {
});
it('should allow canceling the name edit', async () => {
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByText('Test User');
fireEvent.click(screen.getByRole('button', { name: /edit/i }));
@@ -280,7 +284,7 @@ describe('UserProfilePage', () => {
mockedApiClient.updateUserProfile.mockResolvedValue(
new Response(JSON.stringify({ message: 'Validation failed' }), { status: 400 }),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByText('Test User');
fireEvent.click(screen.getByRole('button', { name: /edit/i }));
@@ -297,7 +301,7 @@ describe('UserProfilePage', () => {
mockedApiClient.updateUserProfile.mockResolvedValue(
new Response(JSON.stringify({}), { status: 400 }),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByText('Test User');
fireEvent.click(screen.getByRole('button', { name: /edit/i }));
@@ -316,7 +320,7 @@ describe('UserProfilePage', () => {
it('should handle non-ok response with null body when saving name', async () => {
// This tests the case where the server returns an error status but an empty/null body.
mockedApiClient.updateUserProfile.mockResolvedValue(new Response(null, { status: 500 }));
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByText('Test User');
fireEvent.click(screen.getByRole('button', { name: /edit/i }));
@@ -333,7 +337,7 @@ describe('UserProfilePage', () => {
it('should handle unknown errors when saving name', async () => {
mockedApiClient.updateUserProfile.mockRejectedValue('Unknown update error');
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByText('Test User');
fireEvent.click(screen.getByRole('button', { name: /edit/i }));
@@ -374,7 +378,7 @@ describe('UserProfilePage', () => {
});
});
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
@@ -411,7 +415,7 @@ describe('UserProfilePage', () => {
});
it('should not attempt to upload if no file is selected', async () => {
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
const fileInput = screen.getByTestId('avatar-file-input');
@@ -426,7 +430,7 @@ describe('UserProfilePage', () => {
mockedApiClient.uploadAvatar.mockResolvedValue(
new Response(JSON.stringify({ message: 'File too large' }), { status: 413 }),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
const fileInput = screen.getByTestId('avatar-file-input');
@@ -442,7 +446,7 @@ describe('UserProfilePage', () => {
mockedApiClient.uploadAvatar.mockResolvedValue(
new Response(JSON.stringify({}), { status: 413 }),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
const fileInput = screen.getByTestId('avatar-file-input');
@@ -459,7 +463,7 @@ describe('UserProfilePage', () => {
it('should handle non-ok response with null body when uploading avatar', async () => {
mockedApiClient.uploadAvatar.mockResolvedValue(new Response(null, { status: 500 }));
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
const fileInput = screen.getByTestId('avatar-file-input');
@@ -475,7 +479,7 @@ describe('UserProfilePage', () => {
it('should handle unknown errors when uploading avatar', async () => {
mockedApiClient.uploadAvatar.mockRejectedValue('Unknown upload error');
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
const fileInput = screen.getByTestId('avatar-file-input');
@@ -500,7 +504,7 @@ describe('UserProfilePage', () => {
),
);
render(<UserProfilePage />);
renderWithQuery(<UserProfilePage />);
await screen.findByAltText('User Avatar');
const fileInput = screen.getByTestId('avatar-file-input');

23
src/pages/admin/ActivityLog.test.tsx
View File

@@ -6,10 +6,13 @@ import { ActivityLog } from './ActivityLog';
import { useActivityLogQuery } from '../../hooks/queries/useActivityLogQuery';
import type { ActivityLogItem, UserProfile } from '../../types';
import { createMockActivityLogItem, createMockUserProfile } from '../../tests/utils/mockFactories';
import { QueryWrapper } from '../../tests/utils/renderWithProviders';
// Mock the TanStack Query hook
vi.mock('../../hooks/queries/useActivityLogQuery');
const renderWithQuery = (ui: React.ReactElement) => render(ui, { wrapper: QueryWrapper });
const mockedUseActivityLogQuery = vi.mocked(useActivityLogQuery);
// Mock date-fns to return a consistent value for snapshots
@@ -86,7 +89,7 @@ describe('ActivityLog', () => {
});
it('should not render if userProfile is null', () => {
const { container } = render(<ActivityLog userProfile={null} onLogClick={vi.fn()} />);
const { container } = renderWithQuery(<ActivityLog userProfile={null} onLogClick={vi.fn()} />);
expect(container).toBeEmptyDOMElement();
});
@@ -97,7 +100,7 @@ describe('ActivityLog', () => {
error: null,
} as any);
render(<ActivityLog userProfile={mockUserProfile} onLogClick={vi.fn()} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} onLogClick={vi.fn()} />);
expect(screen.getByText('Loading activity...')).toBeInTheDocument();
});
@@ -109,7 +112,7 @@ describe('ActivityLog', () => {
error: new Error('API is down'),
} as any);
render(<ActivityLog userProfile={mockUserProfile} onLogClick={vi.fn()} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} onLogClick={vi.fn()} />);
expect(screen.getByText('API is down')).toBeInTheDocument();
});
@@ -120,7 +123,7 @@ describe('ActivityLog', () => {
error: null,
} as any);
render(<ActivityLog userProfile={mockUserProfile} onLogClick={vi.fn()} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} onLogClick={vi.fn()} />);
expect(screen.getByText('No recent activity to show.')).toBeInTheDocument();
});
@@ -131,7 +134,7 @@ describe('ActivityLog', () => {
error: null,
} as any);
render(<ActivityLog userProfile={mockUserProfile} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} />);
// Check for specific text from different log types
expect(screen.getByText('Walmart')).toBeInTheDocument();
@@ -166,7 +169,7 @@ describe('ActivityLog', () => {
error: null,
} as any);
render(<ActivityLog userProfile={mockUserProfile} onLogClick={onLogClickMock} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} onLogClick={onLogClickMock} />);
// Recipe Created
const clickableRecipe = screen.getByText('Pasta Carbonara');
@@ -193,7 +196,7 @@ describe('ActivityLog', () => {
error: null,
} as any);
render(<ActivityLog userProfile={mockUserProfile} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} />);
const recipeName = screen.getByText('Pasta Carbonara');
expect(recipeName).not.toHaveClass('cursor-pointer');
@@ -257,7 +260,7 @@ describe('ActivityLog', () => {
error: null,
} as any);
render(<ActivityLog userProfile={mockUserProfile} />);
renderWithQuery(<ActivityLog userProfile={mockUserProfile} />);
expect(screen.getAllByText('a store')[0]).toBeInTheDocument();
expect(screen.getByText('Untitled Recipe')).toBeInTheDocument();
@@ -268,9 +271,7 @@ describe('ActivityLog', () => {
// Check for avatar with fallback alt text
const avatars = screen.getAllByRole('img');
const avatarWithFallbackAlt = avatars.find(
(img) => img.getAttribute('alt') === 'User Avatar',
);
const avatarWithFallbackAlt = avatars.find((img) => img.getAttribute('alt') === 'User Avatar');
expect(avatarWithFallbackAlt).toBeInTheDocument();
});
});

11
src/pages/admin/AdminStatsPage.test.tsx
View File

@@ -8,6 +8,7 @@ import { useApplicationStatsQuery } from '../../hooks/queries/useApplicationStat
import type { AppStats } from '../../services/apiClient';
import { createMockAppStats } from '../../tests/utils/mockFactories';
import { StatCard } from '../../components/StatCard';
import { QueryWrapper } from '../../tests/utils/renderWithProviders';
// Mock the TanStack Query hook
vi.mock('../../hooks/queries/useApplicationStatsQuery');
@@ -23,12 +24,14 @@ vi.mock('../../components/StatCard', async () => {
// Get a reference to the mocked component
const mockedStatCard = StatCard as Mock;
// Helper function to render the component within a router context, as it contains a <Link>
// Helper function to render the component within router and query contexts
const renderWithRouter = () => {
return render(
<MemoryRouter>
<AdminStatsPage />
</MemoryRouter>,
<QueryWrapper>
<MemoryRouter>
<AdminStatsPage />
</MemoryRouter>
</QueryWrapper>,
);
};

11
src/pages/admin/CorrectionsPage.test.tsx
View File

@@ -13,6 +13,7 @@ import {
createMockMasterGroceryItem,
createMockCategory,
} from '../../tests/utils/mockFactories';
import { QueryWrapper } from '../../tests/utils/renderWithProviders';
// Mock the TanStack Query hooks
vi.mock('../../hooks/queries/useSuggestedCorrectionsQuery');
@@ -29,12 +30,14 @@ vi.mock('./components/CorrectionRow', async () => {
return { CorrectionRow: MockCorrectionRow };
});
// Helper to render the component within a router context
// Helper to render the component within router and query contexts
const renderWithRouter = () => {
return render(
<MemoryRouter>
<CorrectionsPage />
</MemoryRouter>,
<QueryWrapper>
<MemoryRouter>
<CorrectionsPage />
</MemoryRouter>
</QueryWrapper>,
);
};

24
src/pages/admin/components/AdminBrandManager.tsx
View File

@@ -1,36 +1,22 @@
// src/pages/admin/components/AdminBrandManager.tsx
import React, { useState, useCallback } from 'react';
import React, { useState } from 'react';
import toast from 'react-hot-toast';
import { fetchAllBrands, uploadBrandLogo } from '../../../services/apiClient';
import { uploadBrandLogo } from '../../../services/apiClient';
import { Brand } from '../../../types';
import { ErrorDisplay } from '../../../components/ErrorDisplay';
import { useApiOnMount } from '../../../hooks/useApiOnMount';
import { useBrandsQuery } from '../../../hooks/queries/useBrandsQuery';
import { logger } from '../../../services/logger.client';
export const AdminBrandManager: React.FC = () => {
// Wrap the fetcher function in useCallback to prevent it from being recreated on every render.
// The hook expects a function that returns a Promise<Response>, and it will handle
// the JSON parsing and error checking internally.
const fetchBrandsWrapper = useCallback(() => {
logger.debug(
'[AdminBrandManager] The memoized fetchBrandsWrapper is being passed to useApiOnMount',
);
// This wrapper simply calls the API client function. The hook will manage the promise.
return fetchAllBrands();
}, []); // An empty dependency array ensures this function is created only once.
const { data: initialBrands, isLoading: loading, error } = useBrandsQuery();
const {
data: initialBrands,
loading,
error,
} = useApiOnMount<Brand[], []>(fetchBrandsWrapper, []);
// This state will hold a modified list of brands only after an optimistic update (e.g., logo upload).
// It starts as null, indicating that we should use the original data from the API.
const [updatedBrands, setUpdatedBrands] = useState<Brand[] | null>(null);
// At render time, decide which data to display. If updatedBrands exists, it takes precedence.
// Otherwise, fall back to the initial data from the hook. Default to an empty array.
const brandsToRender = updatedBrands || initialBrands || [];
const brandsToRender: Brand[] = updatedBrands || initialBrands || [];
logger.debug(
{
loading,

23
src/pages/admin/components/AuthView.test.tsx
View File

@@ -83,7 +83,6 @@ describe('AuthView', () => {
'test@example.com',
'password123',
true,
expect.any(AbortSignal),
);
expect(mockOnLoginSuccess).toHaveBeenCalledWith(
expect.objectContaining({
@@ -149,7 +148,6 @@ describe('AuthView', () => {
'newpassword',
'Test User',
'',
expect.any(AbortSignal),
);
expect(mockOnLoginSuccess).toHaveBeenCalledWith(
expect.objectContaining({ user: expect.objectContaining({ user_id: '123' }) }),
@@ -178,7 +176,6 @@ describe('AuthView', () => {
'password',
'',
'',
expect.any(AbortSignal),
);
expect(mockOnLoginSuccess).toHaveBeenCalled();
});
@@ -230,10 +227,7 @@ describe('AuthView', () => {
fireEvent.submit(screen.getByTestId('reset-password-form'));
await waitFor(() => {
expect(mockedApiClient.requestPasswordReset).toHaveBeenCalledWith(
'forgot@example.com',
expect.any(AbortSignal),
);
expect(mockedApiClient.requestPasswordReset).toHaveBeenCalledWith('forgot@example.com');
expect(notifySuccess).toHaveBeenCalledWith('Password reset email sent.');
});
});
@@ -354,12 +348,15 @@ describe('AuthView', () => {
});
fireEvent.submit(screen.getByTestId('reset-password-form'));
const submitButton = screen
.getByTestId('reset-password-form')
.querySelector('button[type="submit"]');
expect(submitButton).toBeInTheDocument();
expect(submitButton).toBeDisabled();
expect(screen.queryByText('Send Reset Link')).not.toBeInTheDocument();
// Wait for the mutation to start and update the loading state
await waitFor(() => {
const submitButton = screen
.getByTestId('reset-password-form')
.querySelector('button[type="submit"]');
expect(submitButton).toBeInTheDocument();
expect(submitButton).toBeDisabled();
expect(screen.queryByText('Send Reset Link')).not.toBeInTheDocument();
});
});
});

69
src/pages/admin/components/AuthView.tsx
View File

@@ -1,18 +1,16 @@
// src/pages/admin/components/AuthView.tsx
import React, { useState } from 'react';
import type { UserProfile } from '../../../types';
import { useApi } from '../../../hooks/useApi';
import * as apiClient from '../../../services/apiClient';
import { notifySuccess } from '../../../services/notificationService';
import { LoadingSpinner } from '../../../components/LoadingSpinner';
import { GoogleIcon } from '../../../components/icons/GoogleIcon';
import { GithubIcon } from '../../../components/icons/GithubIcon';
import { PasswordInput } from '../../../components/PasswordInput';
interface AuthResponse {
userprofile: UserProfile;
token: string;
}
import {
useLoginMutation,
useRegisterMutation,
usePasswordResetRequestMutation,
} from '../../../hooks/mutations/useAuthMutations';
interface AuthViewProps {
onLoginSuccess: (user: UserProfile, token: string, rememberMe: boolean) => void;
@@ -27,37 +25,50 @@ export const AuthView: React.FC<AuthViewProps> = ({ onLoginSuccess, onClose }) =
const [isForgotPassword, setIsForgotPassword] = useState(false);
const [rememberMe, setRememberMe] = useState(false);
const { execute: executeLogin, loading: loginLoading } = useApi<
AuthResponse,
[string, string, boolean]
>(apiClient.loginUser);
const { execute: executeRegister, loading: registerLoading } = useApi<
AuthResponse,
[string, string, string, string]
>(apiClient.registerUser);
const { execute: executePasswordReset, loading: passwordResetLoading } = useApi<
{ message: string },
[string]
>(apiClient.requestPasswordReset);
const loginMutation = useLoginMutation();
const registerMutation = useRegisterMutation();
const passwordResetMutation = usePasswordResetRequestMutation();
const loginLoading = loginMutation.isPending;
const registerLoading = registerMutation.isPending;
const passwordResetLoading = passwordResetMutation.isPending;
const handleAuthSubmit = async (e: React.FormEvent) => {
e.preventDefault();
const authResult = isRegistering
? await executeRegister(authEmail, authPassword, authFullName, '')
: await executeLogin(authEmail, authPassword, rememberMe);
if (authResult) {
onLoginSuccess(authResult.userprofile, authResult.token, rememberMe);
onClose();
if (isRegistering) {
registerMutation.mutate(
{ email: authEmail, password: authPassword, fullName: authFullName },
{
onSuccess: (authResult) => {
onLoginSuccess(authResult.userprofile, authResult.token, rememberMe);
onClose();
},
},
);
} else {
loginMutation.mutate(
{ email: authEmail, password: authPassword, rememberMe },
{
onSuccess: (authResult) => {
onLoginSuccess(authResult.userprofile, authResult.token, rememberMe);
onClose();
},
},
);
}
};
const handlePasswordResetRequest = async (e: React.FormEvent) => {
e.preventDefault();
const result = await executePasswordReset(authEmail);
if (result) {
notifySuccess(result.message);
}
passwordResetMutation.mutate(
{ email: authEmail },
{
onSuccess: (result) => {
notifySuccess(result.message);
},
},
);
};
const handleOAuthSignIn = (provider: 'google' | 'github') => {

190
src/pages/admin/components/ProfileManager.test.tsx
View File

@@ -12,10 +12,13 @@ import {
createMockUser,
createMockUserProfile,
} from '../../../tests/utils/mockFactories';
import { QueryWrapper } from '../../../tests/utils/renderWithProviders';
// Unmock the component to test the real implementation
vi.unmock('./ProfileManager');
const renderWithQuery = (ui: React.ReactElement) => render(ui, { wrapper: QueryWrapper });
// Must explicitly call vi.mock() for apiClient
vi.mock('../../../services/apiClient');
@@ -148,13 +151,13 @@ describe('ProfileManager', () => {
// =================================================================
describe('Authentication Flows (Signed Out)', () => {
it('should render the Sign In form when authStatus is SIGNED_OUT', () => {
render(<ProfileManager {...defaultSignedOutProps} />);
renderWithQuery(<ProfileManager {...defaultSignedOutProps} />);
expect(screen.getByRole('heading', { name: /^sign in$/i })).toBeInTheDocument();
expect(screen.getByRole('button', { name: /register/i })).toBeInTheDocument();
});
it('should call loginUser and onLoginSuccess on successful login', async () => {
render(<ProfileManager {...defaultSignedOutProps} />);
renderWithQuery(<ProfileManager {...defaultSignedOutProps} />);
fireEvent.change(screen.getByLabelText(/email address/i), {
target: { value: 'user@test.com' },
});
@@ -168,7 +171,6 @@ describe('ProfileManager', () => {
'user@test.com',
'securepassword',
false,
expect.any(AbortSignal),
);
expect(mockOnLoginSuccess).toHaveBeenCalledWith(authenticatedProfile, 'mock-token', false);
expect(mockOnClose).toHaveBeenCalled();
@@ -176,7 +178,7 @@ describe('ProfileManager', () => {
});
it('should switch to the Create an Account form and register successfully', async () => {
render(<ProfileManager {...defaultSignedOutProps} />);
renderWithQuery(<ProfileManager {...defaultSignedOutProps} />);
fireEvent.click(screen.getByRole('button', { name: /register/i }));
expect(screen.getByRole('heading', { name: /create an account/i })).toBeInTheDocument();
@@ -194,7 +196,6 @@ describe('ProfileManager', () => {
'newpassword',
'New User',
'',
expect.any(AbortSignal),
);
expect(mockOnLoginSuccess).toHaveBeenCalled();
expect(mockOnClose).toHaveBeenCalled();
@@ -202,7 +203,7 @@ describe('ProfileManager', () => {
});
it('should switch to the Reset Password form and request a reset', async () => {
render(<ProfileManager {...defaultSignedOutProps} />);
renderWithQuery(<ProfileManager {...defaultSignedOutProps} />);
fireEvent.click(screen.getByRole('button', { name: /forgot password/i }));
expect(screen.getByRole('heading', { name: /reset password/i })).toBeInTheDocument();
@@ -213,10 +214,7 @@ describe('ProfileManager', () => {
fireEvent.submit(screen.getByTestId('reset-password-form'));
await waitFor(() => {
expect(mockedApiClient.requestPasswordReset).toHaveBeenCalledWith(
'reset@test.com',
expect.any(AbortSignal),
);
expect(mockedApiClient.requestPasswordReset).toHaveBeenCalledWith('reset@test.com');
expect(notifySuccess).toHaveBeenCalledWith('Password reset email sent.');
});
});
@@ -227,14 +225,14 @@ describe('ProfileManager', () => {
// =================================================================
describe('Authenticated User Features', () => {
it('should render profile tabs when authStatus is AUTHENTICATED', () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
expect(screen.getByRole('heading', { name: /my account/i })).toBeInTheDocument();
expect(screen.getByRole('button', { name: /^profile$/i })).toBeInTheDocument();
expect(screen.queryByRole('heading', { name: /^sign in$/i })).not.toBeInTheDocument();
});
it('should close the modal when clicking the backdrop', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
// The backdrop is the element with role="dialog"
const backdrop = screen.getByRole('dialog');
fireEvent.click(backdrop);
@@ -245,7 +243,7 @@ describe('ProfileManager', () => {
});
it('should reset state when the modal is closed and reopened', async () => {
const { rerender } = render(<ProfileManager {...defaultAuthenticatedProps} />);
const { rerender } = renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/full name/i)).toHaveValue('Test User'));
// Change a value
@@ -267,7 +265,7 @@ describe('ProfileManager', () => {
it('should show an error if trying to save profile when not logged in', async () => {
const loggerSpy = vi.spyOn(logger.logger, 'warn');
// This is an edge case, but good to test the safeguard
render(<ProfileManager {...defaultAuthenticatedProps} userProfile={null} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} userProfile={null} />);
fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: 'Updated Name' } });
fireEvent.click(screen.getByRole('button', { name: /save profile/i }));
@@ -281,7 +279,7 @@ describe('ProfileManager', () => {
});
it('should show a notification if trying to save with no changes', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
fireEvent.click(screen.getByRole('button', { name: /save profile/i }));
@@ -299,7 +297,7 @@ describe('ProfileManager', () => {
const loggerSpy = vi.spyOn(logger.logger, 'warn');
mockedApiClient.getUserAddress.mockRejectedValue(new Error('Address not found'));
console.log('[TEST DEBUG] Mocked apiClient.getUserAddress to reject.');
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => {
console.log(
@@ -323,7 +321,7 @@ describe('ProfileManager', () => {
// Mock address update to fail (useApi will return null)
mockedApiClient.updateUserAddress.mockRejectedValue(new Error('Address update failed'));
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
// Change both profile and address data
@@ -341,7 +339,7 @@ describe('ProfileManager', () => {
);
// The specific warning for partial failure should be logged
expect(loggerSpy).toHaveBeenCalledWith(
'[handleProfileSave] One or more operations failed. The useApi hook should have shown an error. The modal will remain open.',
'[handleProfileSave] One or more operations failed. The mutation hook should have shown an error. The modal will remain open.',
);
// The modal should remain open and no global success message shown
expect(mockOnClose).not.toHaveBeenCalled();
@@ -350,18 +348,21 @@ describe('ProfileManager', () => {
});
it('should handle unexpected critical error during profile save', async () => {
const loggerSpy = vi.spyOn(logger.logger, 'error');
const loggerSpy = vi.spyOn(logger.logger, 'warn');
mockedApiClient.updateUserProfile.mockRejectedValue(new Error('Catastrophic failure'));
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: 'New Name' } });
fireEvent.click(screen.getByRole('button', { name: /save profile/i }));
await waitFor(() => {
// FIX: The useApi hook will catch the error and notify with the raw message.
// The mutation's onError handler will notify with the error message.
expect(notifyError).toHaveBeenCalledWith('Catastrophic failure');
expect(loggerSpy).toHaveBeenCalled();
// A warning is logged about the partial failure
expect(loggerSpy).toHaveBeenCalledWith(
'[handleProfileSave] One or more operations failed. The mutation hook should have shown an error. The modal will remain open.',
);
});
});
@@ -371,7 +372,7 @@ describe('ProfileManager', () => {
.mockRejectedValueOnce(new Error('AllSettled failed'));
const loggerSpy = vi.spyOn(logger.logger, 'error');
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: 'New Name' } });
@@ -391,7 +392,7 @@ describe('ProfileManager', () => {
});
it('should show map view when address has coordinates', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => {
expect(screen.getByTestId('map-view-container')).toBeInTheDocument();
});
@@ -402,7 +403,7 @@ describe('ProfileManager', () => {
mockedApiClient.getUserAddress.mockResolvedValue(
new Response(JSON.stringify(addressWithoutCoords)),
);
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => {
expect(screen.queryByTestId('map-view-container')).not.toBeInTheDocument();
});
@@ -410,7 +411,7 @@ describe('ProfileManager', () => {
it('should show error if geocoding is attempted with no address string', async () => {
mockedApiClient.getUserAddress.mockResolvedValue(new Response(JSON.stringify({})));
render(
renderWithQuery(
<ProfileManager
{...defaultAuthenticatedProps}
userProfile={{ ...authenticatedProfile, address_id: 999 }}
@@ -432,34 +433,32 @@ describe('ProfileManager', () => {
});
it('should automatically geocode address after user stops typing (using fake timers)', async () => {
// Use fake timers for the entire test to control the debounce.
vi.useFakeTimers();
// This test verifies debounced auto-geocoding behavior.
// We use real timers throughout but wait for the debounce naturally.
vi.useRealTimers();
const addressWithoutCoords = { ...mockAddress, latitude: undefined, longitude: undefined };
mockedApiClient.getUserAddress.mockResolvedValue(
new Response(JSON.stringify(addressWithoutCoords)),
);
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
// Wait for initial async address load to complete by flushing promises.
await act(async () => {
await vi.runAllTimersAsync();
});
expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown');
// Wait for initial async address load to complete.
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown'));
// Change address, geocode should not be called immediately
fireEvent.change(screen.getByLabelText(/city/i), { target: { value: 'NewCity' } });
expect(mockedApiClient.geocodeAddress).not.toHaveBeenCalled();
// Advance timers to fire the debounce and resolve the subsequent geocode promise.
await act(async () => {
await vi.runAllTimersAsync();
});
// Now check the final result.
expect(mockedApiClient.geocodeAddress).toHaveBeenCalledWith(
expect.stringContaining('NewCity'),
expect.anything(),
// Wait for the debounce (1500ms) plus some buffer for the geocode call.
// The auto-geocode effect fires after the debounced address value updates.
await waitFor(
() => {
expect(mockedApiClient.geocodeAddress).toHaveBeenCalledWith(
expect.stringContaining('NewCity'),
);
},
{ timeout: 3000 },
);
expect(toast.success).toHaveBeenCalledWith('Address geocoded successfully!');
});
@@ -467,7 +466,7 @@ describe('ProfileManager', () => {
it('should not geocode if address already has coordinates (using fake timers)', async () => {
// Use real timers for the initial async render and data fetch
vi.useRealTimers();
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
console.log('[TEST LOG] Waiting for initial address load...');
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown'));
@@ -485,7 +484,7 @@ describe('ProfileManager', () => {
});
it('should show an error when trying to link an account', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /security/i }));
await waitFor(() => {
@@ -502,7 +501,7 @@ describe('ProfileManager', () => {
});
it('should show an error when trying to link a GitHub account', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /security/i }));
await waitFor(() => {
@@ -519,7 +518,7 @@ describe('ProfileManager', () => {
});
it('should switch between all tabs correctly', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
// Initial state: Profile tab
expect(screen.getByLabelText('Profile Form')).toBeInTheDocument();
@@ -542,7 +541,7 @@ describe('ProfileManager', () => {
});
it('should show an error if password is too short', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /security/i }));
fireEvent.change(screen.getByLabelText('New Password'), { target: { value: 'short' } });
@@ -559,7 +558,7 @@ describe('ProfileManager', () => {
it('should show an error if account deletion fails', async () => {
mockedApiClient.deleteUserAccount.mockRejectedValue(new Error('Deletion failed'));
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /data & privacy/i }));
fireEvent.click(screen.getByRole('button', { name: /delete my account/i }));
@@ -579,7 +578,7 @@ describe('ProfileManager', () => {
it('should handle toggling dark mode when profile preferences are initially null', async () => {
const profileWithoutPrefs = { ...authenticatedProfile, preferences: null as any };
const { rerender } = render(
const { rerender } = renderWithQuery(
<ProfileManager {...defaultAuthenticatedProps} userProfile={profileWithoutPrefs} />,
);
@@ -605,10 +604,7 @@ describe('ProfileManager', () => {
fireEvent.click(darkModeToggle);
await waitFor(() => {
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith(
{ darkMode: true },
expect.anything(),
);
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith({ darkMode: true });
expect(mockOnProfileUpdate).toHaveBeenCalledWith(updatedProfileWithPrefs);
});
@@ -633,7 +629,7 @@ describe('ProfileManager', () => {
new Response(JSON.stringify(updatedAddressData)),
);
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() =>
expect(screen.getByLabelText(/full name/i)).toHaveValue(authenticatedProfile.full_name),
@@ -647,13 +643,12 @@ describe('ProfileManager', () => {
fireEvent.click(saveButton);
await waitFor(() => {
expect(mockedApiClient.updateUserProfile).toHaveBeenCalledWith(
{ full_name: 'Updated Name', avatar_url: authenticatedProfile.avatar_url },
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockedApiClient.updateUserProfile).toHaveBeenCalledWith({
full_name: 'Updated Name',
avatar_url: authenticatedProfile.avatar_url,
});
expect(mockedApiClient.updateUserAddress).toHaveBeenCalledWith(
expect.objectContaining({ city: 'NewCity' }),
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockOnProfileUpdate).toHaveBeenCalledWith(
expect.objectContaining({ full_name: 'Updated Name' }),
@@ -668,7 +663,7 @@ describe('ProfileManager', () => {
);
mockedApiClient.updateUserAddress.mockRejectedValueOnce(new Error('Address update failed'));
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
// Change both profile and address data
@@ -691,7 +686,7 @@ describe('ProfileManager', () => {
});
it('should allow updating the password', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /security/i }));
fireEvent.change(screen.getByLabelText('New Password'), {
@@ -703,16 +698,13 @@ describe('ProfileManager', () => {
fireEvent.submit(screen.getByTestId('update-password-form'), {});
await waitFor(() => {
expect(mockedApiClient.updateUserPassword).toHaveBeenCalledWith(
'newpassword123',
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockedApiClient.updateUserPassword).toHaveBeenCalledWith('newpassword123');
expect(notifySuccess).toHaveBeenCalledWith('Password updated successfully!');
});
});
it('should show an error if passwords do not match', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /security/i }));
fireEvent.change(screen.getByLabelText('New Password'), {
@@ -734,7 +726,7 @@ describe('ProfileManager', () => {
.spyOn(HTMLAnchorElement.prototype, 'click')
.mockImplementation(() => {});
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /data & privacy/i }));
fireEvent.click(screen.getByRole('button', { name: /export my data/i }));
@@ -751,7 +743,7 @@ describe('ProfileManager', () => {
// Use fake timers to control the setTimeout call for the entire test.
vi.useFakeTimers();
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /data & privacy/i }));
@@ -787,7 +779,7 @@ describe('ProfileManager', () => {
});
it('should allow toggling dark mode', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /preferences/i }));
const darkModeToggle = screen.getByLabelText(/dark mode/i);
@@ -796,10 +788,7 @@ describe('ProfileManager', () => {
fireEvent.click(darkModeToggle);
await waitFor(() => {
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith(
{ darkMode: true },
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith({ darkMode: true });
expect(mockOnProfileUpdate).toHaveBeenCalledWith(
expect.objectContaining({ preferences: expect.objectContaining({ darkMode: true }) }),
);
@@ -807,17 +796,16 @@ describe('ProfileManager', () => {
});
it('should allow changing the unit system', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /preferences/i }));
const metricRadio = screen.getByLabelText(/metric/i);
fireEvent.click(metricRadio);
await waitFor(() => {
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith(
{ unitSystem: 'metric' },
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith({
unitSystem: 'metric',
});
expect(mockOnProfileUpdate).toHaveBeenCalledWith(
expect.objectContaining({
preferences: expect.objectContaining({ unitSystem: 'metric' }),
@@ -828,7 +816,7 @@ describe('ProfileManager', () => {
it('should allow changing unit system when preferences are initially null', async () => {
const profileWithoutPrefs = { ...authenticatedProfile, preferences: null as any };
const { rerender } = render(
const { rerender } = renderWithQuery(
<ProfileManager {...defaultAuthenticatedProps} userProfile={profileWithoutPrefs} />,
);
@@ -854,10 +842,9 @@ describe('ProfileManager', () => {
fireEvent.click(metricRadio);
await waitFor(() => {
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith(
{ unitSystem: 'metric' },
expect.anything(),
);
expect(mockedApiClient.updateUserPreferences).toHaveBeenCalledWith({
unitSystem: 'metric',
});
expect(mockOnProfileUpdate).toHaveBeenCalledWith(updatedProfileWithPrefs);
});
@@ -873,7 +860,7 @@ describe('ProfileManager', () => {
it('should not call onProfileUpdate if updating unit system fails', async () => {
mockedApiClient.updateUserPreferences.mockRejectedValue(new Error('API failed'));
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
fireEvent.click(screen.getByRole('button', { name: /preferences/i }));
const metricRadio = await screen.findByLabelText(/metric/i);
fireEvent.click(metricRadio);
@@ -884,7 +871,7 @@ describe('ProfileManager', () => {
});
it('should only call updateProfile when only profile data has changed', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() =>
expect(screen.getByLabelText(/full name/i)).toHaveValue(authenticatedProfile.full_name),
);
@@ -902,7 +889,7 @@ describe('ProfileManager', () => {
});
it('should only call updateAddress when only address data has changed', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
fireEvent.change(screen.getByLabelText(/city/i), { target: { value: 'Only City Changed' } });
@@ -916,7 +903,7 @@ describe('ProfileManager', () => {
});
it('should handle manual geocode success via button click', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
// Mock geocode response for the manual trigger
@@ -935,7 +922,7 @@ describe('ProfileManager', () => {
it('should reset address form if profile has no address_id', async () => {
const profileNoAddress = { ...authenticatedProfile, address_id: null };
render(
renderWithQuery(
<ProfileManager {...defaultAuthenticatedProps} userProfile={profileNoAddress as any} />,
);
@@ -948,7 +935,7 @@ describe('ProfileManager', () => {
});
it('should not render auth views when the user is already authenticated', () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
expect(screen.queryByText('Sign In')).not.toBeInTheDocument();
expect(screen.queryByText('Create an Account')).not.toBeInTheDocument();
});
@@ -963,7 +950,7 @@ describe('ProfileManager', () => {
);
console.log('[TEST DEBUG] Mocked apiClient.getUserAddress to resolve with a null body.');
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => {
console.log(
@@ -984,7 +971,7 @@ describe('ProfileManager', () => {
async (data) => new Response(JSON.stringify({ ...mockAddress, ...data })),
);
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => {
expect(screen.getByLabelText(/full name/i)).toHaveValue(authenticatedProfile.full_name);
@@ -998,13 +985,12 @@ describe('ProfileManager', () => {
fireEvent.click(saveButton);
await waitFor(() => {
expect(mockedApiClient.updateUserProfile).toHaveBeenCalledWith(
{ full_name: '', avatar_url: authenticatedProfile.avatar_url },
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockedApiClient.updateUserProfile).toHaveBeenCalledWith({
full_name: '',
avatar_url: authenticatedProfile.avatar_url,
});
expect(mockedApiClient.updateUserAddress).toHaveBeenCalledWith(
expect.objectContaining({ city: '' }),
expect.objectContaining({ signal: expect.anything() }),
);
expect(mockOnProfileUpdate).toHaveBeenCalledWith(
expect.objectContaining({ full_name: '' }),
@@ -1015,7 +1001,7 @@ describe('ProfileManager', () => {
it('should correctly clear the form when userProfile.address_id is null', async () => {
const profileNoAddress = { ...authenticatedProfile, address_id: null };
render(
renderWithQuery(
<ProfileManager
{...defaultAuthenticatedProps}
userProfile={profileNoAddress as any} // Forcefully override the type to simulate address_id: null
@@ -1032,7 +1018,7 @@ describe('ProfileManager', () => {
});
it('should show error notification when manual geocoding fails', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
(mockedApiClient.geocodeAddress as Mock).mockRejectedValue(new Error('Geocoding failed'));
@@ -1053,7 +1039,7 @@ describe('ProfileManager', () => {
new Response(JSON.stringify(addressWithoutCoords)),
);
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
// Wait for initial load
await act(async () => {
@@ -1072,7 +1058,7 @@ describe('ProfileManager', () => {
});
it('should handle permission denied error during geocoding', async () => {
render(<ProfileManager {...defaultAuthenticatedProps} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} />);
await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
(mockedApiClient.geocodeAddress as Mock).mockRejectedValue(new Error('Permission denied'));
@@ -1086,7 +1072,7 @@ describe('ProfileManager', () => {
it('should not trigger OAuth link if user profile is missing', async () => {
// This is an edge case to test the guard clause in handleOAuthLink
render(<ProfileManager {...defaultAuthenticatedProps} userProfile={null} />);
renderWithQuery(<ProfileManager {...defaultAuthenticatedProps} userProfile={null} />);
fireEvent.click(screen.getByRole('button', { name: /security/i }));
const linkButton = await screen.findByRole('button', { name: /link google account/i });

157
src/pages/admin/components/ProfileManager.tsx
View File

@@ -1,21 +1,27 @@
// src/pages/admin/components/ProfileManager.tsx
import React, { useState, useEffect } from 'react';
import type { Profile, Address, UserProfile } from '../../../types';
import { useApi } from '../../../hooks/useApi';
import * as apiClient from '../../../services/apiClient';
import { notifySuccess, notifyError } from '../../../services/notificationService';
import { logger } from '../../../services/logger.client';
import { LoadingSpinner } from '../../../components/LoadingSpinner';
import { XMarkIcon } from '../../../components/icons/XMarkIcon';
import { GoogleIcon } from '../../../components/icons/GoogleIcon';
import { GithubIcon } from '../../../components/icons/GithubIcon';
import { ConfirmationModal } from '../../../components/ConfirmationModal'; // This path is correct
import { ConfirmationModal } from '../../../components/ConfirmationModal';
import { PasswordInput } from '../../../components/PasswordInput';
import { MapView } from '../../../components/MapView';
import type { AuthStatus } from '../../../hooks/useAuth';
import { AuthView } from './AuthView';
import { AddressForm } from './AddressForm';
import { useProfileAddress } from '../../../hooks/useProfileAddress';
import {
useUpdateProfileMutation,
useUpdateAddressMutation,
useUpdatePasswordMutation,
useUpdatePreferencesMutation,
useExportDataMutation,
useDeleteAccountMutation,
} from '../../../hooks/mutations/useProfileMutations';
export interface ProfileManagerProps {
isOpen: boolean;
@@ -27,23 +33,6 @@ export interface ProfileManagerProps {
onLoginSuccess: (user: UserProfile, token: string, rememberMe: boolean) => void; // Add login handler
}
// --- API Hook Wrappers ---
// These wrappers adapt the apiClient functions (which expect an ApiOptions object)
// to the signature expected by the useApi hook (which passes a raw AbortSignal).
// They are defined outside the component to ensure they have a stable identity
// across re-renders, preventing infinite loops in useEffect hooks.
const updateAddressWrapper = (data: Partial<Address>, signal?: AbortSignal) =>
apiClient.updateUserAddress(data, { signal });
const updatePasswordWrapper = (password: string, signal?: AbortSignal) =>
apiClient.updateUserPassword(password, { signal });
const exportDataWrapper = (signal?: AbortSignal) => apiClient.exportUserData({ signal });
const deleteAccountWrapper = (password: string, signal?: AbortSignal) =>
apiClient.deleteUserAccount(password, { signal });
const updatePreferencesWrapper = (prefs: Partial<Profile['preferences']>, signal?: AbortSignal) =>
apiClient.updateUserPreferences(prefs, { signal });
const updateProfileWrapper = (data: Partial<Profile>, signal?: AbortSignal) =>
apiClient.updateUserProfile(data, { signal });
export const ProfileManager: React.FC<ProfileManagerProps> = ({
isOpen,
onClose,
@@ -63,32 +52,25 @@ export const ProfileManager: React.FC<ProfileManagerProps> = ({
const { address, initialAddress, isGeocoding, handleAddressChange, handleManualGeocode } =
useProfileAddress(userProfile, isOpen);
const { execute: updateProfile, loading: profileLoading } = useApi<Profile, [Partial<Profile>]>(
updateProfileWrapper,
);
const { execute: updateAddress, loading: addressLoading } = useApi<Address, [Partial<Address>]>(
updateAddressWrapper,
);
// TanStack Query mutations
const updateProfileMutation = useUpdateProfileMutation();
const updateAddressMutation = useUpdateAddressMutation();
const updatePasswordMutation = useUpdatePasswordMutation();
const updatePreferencesMutation = useUpdatePreferencesMutation();
const exportDataMutation = useExportDataMutation();
const deleteAccountMutation = useDeleteAccountMutation();
const profileLoading = updateProfileMutation.isPending;
const addressLoading = updateAddressMutation.isPending;
const passwordLoading = updatePasswordMutation.isPending;
const exportLoading = exportDataMutation.isPending;
const deleteLoading = deleteAccountMutation.isPending;
// Password state
const [password, setPassword] = useState('');
const [confirmPassword, setConfirmPassword] = useState('');
const { execute: updatePassword, loading: passwordLoading } = useApi<unknown, [string]>(
updatePasswordWrapper,
);
const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
// Data & Privacy state
const { execute: exportData, loading: exportLoading } = useApi<unknown, []>(exportDataWrapper);
const { execute: deleteAccount, loading: deleteLoading } = useApi<unknown, [string]>(
deleteAccountWrapper,
);
// Preferences state
const { execute: updatePreferences } = useApi<Profile, [Partial<Profile['preferences']>]>(
updatePreferencesWrapper,
);
const [isConfirmingDelete, setIsConfirmingDelete] = useState(false);
const [passwordForDelete, setPasswordForDelete] = useState('');
@@ -146,15 +128,16 @@ export const ProfileManager: React.FC<ProfileManagerProps> = ({
}
// Create an array of promises for the API calls that need to be made.
// Because useApi() catches errors and returns null, we can safely use Promise.all.
const promisesToRun = [];
const promisesToRun: Promise<Profile | Address>[] = [];
if (profileDataChanged) {
logger.debug('[handleProfileSave] Queuing profile update promise.');
promisesToRun.push(updateProfile({ full_name: fullName, avatar_url: avatarUrl }));
promisesToRun.push(
updateProfileMutation.mutateAsync({ full_name: fullName, avatar_url: avatarUrl }),
);
}
if (addressDataChanged) {
logger.debug('[handleProfileSave] Queuing address update promise.');
promisesToRun.push(updateAddress(address));
promisesToRun.push(updateAddressMutation.mutateAsync(address));
}
try {
@@ -169,7 +152,7 @@ export const ProfileManager: React.FC<ProfileManagerProps> = ({
// Determine which promises succeeded or failed.
results.forEach((result, index) => {
const isProfilePromise = profileDataChanged && index === 0;
if (result.status === 'rejected' || (result.status === 'fulfilled' && !result.value)) {
if (result.status === 'rejected') {
anyFailures = true;
} else if (result.status === 'fulfilled' && isProfilePromise) {
successfulProfileUpdate = result.value as Profile;
@@ -187,12 +170,11 @@ export const ProfileManager: React.FC<ProfileManagerProps> = ({
onClose();
} else {
logger.warn(
'[handleProfileSave] One or more operations failed. The useApi hook should have shown an error. The modal will remain open.',
'[handleProfileSave] One or more operations failed. The mutation hook should have shown an error. The modal will remain open.',
);
}
} catch (error) {
// This catch block is a safeguard. In normal operation, the useApi hook
// should prevent any promises from rejecting.
// This catch block is a safeguard for unexpected errors.
logger.error(
{ err: error },
"[CRITICAL] An unexpected error was caught directly in handleProfileSave's catch block.",
@@ -229,51 +211,66 @@ export const ProfileManager: React.FC<ProfileManagerProps> = ({
return;
}
const result = await updatePassword(password);
if (result) {
notifySuccess('Password updated successfully!');
setPassword('');
setConfirmPassword('');
}
updatePasswordMutation.mutate(
{ password },
{
onSuccess: () => {
notifySuccess('Password updated successfully!');
setPassword('');
setConfirmPassword('');
},
},
);
};
const handleExportData = async () => {
const userData = await exportData();
if (userData) {
const jsonString = `data:text/json;charset=utf-8,${encodeURIComponent(JSON.stringify(userData, null, 2))}`;
const link = document.createElement('a');
link.href = jsonString;
link.download = `flyer-crawler-data-export-${new Date().toISOString().split('T')[0]}.json`;
link.click();
}
exportDataMutation.mutate(undefined, {
onSuccess: (userData) => {
const jsonString = `data:text/json;charset=utf-8,${encodeURIComponent(JSON.stringify(userData, null, 2))}`;
const link = document.createElement('a');
link.href = jsonString;
link.download = `flyer-crawler-data-export-${new Date().toISOString().split('T')[0]}.json`;
link.click();
},
});
};
const handleDeleteAccount = async () => {
setIsDeleteModalOpen(false); // Close the confirmation modal
const result = await deleteAccount(passwordForDelete);
if (result) {
// useApi returns null on failure, so this check is sufficient.
notifySuccess('Account deleted successfully. You will be logged out shortly.');
setTimeout(() => {
onClose();
onSignOut();
}, 3000);
}
deleteAccountMutation.mutate(
{ password: passwordForDelete },
{
onSuccess: () => {
notifySuccess('Account deleted successfully. You will be logged out shortly.');
setTimeout(() => {
onClose();
onSignOut();
}, 3000);
},
},
);
};
const handleToggleDarkMode = async (newMode: boolean) => {
const updatedProfile = await updatePreferences({ darkMode: newMode });
if (updatedProfile) {
onProfileUpdate(updatedProfile);
}
updatePreferencesMutation.mutate(
{ darkMode: newMode },
{
onSuccess: (updatedProfile) => {
onProfileUpdate(updatedProfile);
},
},
);
};
const handleToggleUnitSystem = async (newSystem: 'metric' | 'imperial') => {
const updatedProfile = await updatePreferences({ unitSystem: newSystem });
if (updatedProfile) {
onProfileUpdate(updatedProfile);
}
updatePreferencesMutation.mutate(
{ unitSystem: newSystem },
{
onSuccess: (updatedProfile) => {
onProfileUpdate(updatedProfile);
},
},
);
};
if (!isOpen) return null;

30
src/providers/AppProviders.tsx
View File

@@ -8,6 +8,7 @@ import { FlyersProvider } from './FlyersProvider';
import { MasterItemsProvider } from './MasterItemsProvider';
import { ModalProvider } from './ModalProvider';
import { UserDataProvider } from './UserDataProvider';
import { ErrorBoundary } from '../components/ErrorBoundary';
interface AppProvidersProps {
children: ReactNode;
@@ -18,6 +19,7 @@ interface AppProvidersProps {
* This cleans up index.tsx and makes the provider hierarchy clear.
*
* Provider hierarchy (from outermost to innermost):
* 0. ErrorBoundary - Catches React errors and reports to Sentry (ADR-015)
* 1. QueryClientProvider - TanStack Query for server state management (ADR-0005)
* 2. ModalProvider - Modal state management
* 3. AuthProvider - Authentication state
@@ -27,18 +29,20 @@ interface AppProvidersProps {
*/
export const AppProviders: React.FC<AppProvidersProps> = ({ children }) => {
return (
<QueryClientProvider client={queryClient}>
<ModalProvider>
<AuthProvider>
<FlyersProvider>
<MasterItemsProvider>
<UserDataProvider>{children}</UserDataProvider>
</MasterItemsProvider>
</FlyersProvider>
</AuthProvider>
</ModalProvider>
{/* React Query Devtools - only visible in development */}
{import.meta.env.DEV && <ReactQueryDevtools initialIsOpen={false} />}
</QueryClientProvider>
<ErrorBoundary>
<QueryClientProvider client={queryClient}>
<ModalProvider>
<AuthProvider>
<FlyersProvider>
<MasterItemsProvider>
<UserDataProvider>{children}</UserDataProvider>
</MasterItemsProvider>
</FlyersProvider>
</AuthProvider>
</ModalProvider>
{/* React Query Devtools - only visible in development */}
{import.meta.env.DEV && <ReactQueryDevtools initialIsOpen={false} />}
</QueryClientProvider>
</ErrorBoundary>
);
};

26
src/providers/AuthProvider.test.tsx
View File

@@ -2,6 +2,7 @@
import React, { useContext, useState } from 'react';
import { render, screen, waitFor, fireEvent, act } from '@testing-library/react';
import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
import { AuthProvider } from './AuthProvider';
import { AuthContext } from '../contexts/AuthContext';
import * as tokenStorage from '../services/tokenStorage';
@@ -59,11 +60,28 @@ const TestConsumer = () => {
);
};
// Create a fresh QueryClient for each test to ensure isolation
const createTestQueryClient = () =>
new QueryClient({
defaultOptions: {
queries: {
retry: false,
gcTime: 0,
},
mutations: {
retry: false,
},
},
});
const renderWithProvider = () => {
const testQueryClient = createTestQueryClient();
return render(
<AuthProvider>
<TestConsumer />
</AuthProvider>,
<QueryClientProvider client={testQueryClient}>
<AuthProvider>
<TestConsumer />
</AuthProvider>
</QueryClientProvider>,
);
};
@@ -198,7 +216,7 @@ describe('AuthProvider', () => {
await waitFor(() => {
// The error is now caught and displayed by the TestConsumer
expect(screen.getByTestId('error-display')).toHaveTextContent(
'Login succeeded, but failed to fetch your data: Received null or undefined profile from API.',
'Login succeeded, but failed to fetch your data: API is down',
);
expect(mockedTokenStorage.setToken).toHaveBeenCalledWith('test-token-no-profile');

6
src/providers/AuthProvider.tsx
View File

@@ -45,6 +45,12 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
removeToken();
setUserProfile(null);
setAuthStatus('SIGNED_OUT');
} else if (token && isFetched && !fetchedProfile) {
// Token exists, query completed, but profile is null - sign out
logger.warn('[AuthProvider] Token was present but profile is null. Signing out.');
removeToken();
setUserProfile(null);
setAuthStatus('SIGNED_OUT');
} else if (!token) {
logger.info('[AuthProvider] No auth token found. Setting state to SIGNED_OUT.');
setAuthStatus('SIGNED_OUT');

50
src/routes/admin.content.routes.test.ts
View File

@@ -32,7 +32,7 @@ vi.mock('../lib/queue', () => ({
cleanupQueue: {},
}));
const { mockedDb } = vi.hoisted(() => {
const { mockedDb, mockedBrandService } = vi.hoisted(() => {
return {
mockedDb: {
adminRepo: {
@@ -59,6 +59,9 @@ const { mockedDb } = vi.hoisted(() => {
deleteUserById: vi.fn(),
},
},
mockedBrandService: {
updateBrandLogo: vi.fn(),
},
};
});
@@ -89,6 +92,26 @@ vi.mock('node:fs/promises', () => ({
vi.mock('../services/backgroundJobService');
vi.mock('../services/geocodingService.server');
vi.mock('../services/queueService.server');
vi.mock('../services/queues.server');
vi.mock('../services/workers.server');
vi.mock('../services/monitoringService.server');
vi.mock('../services/cacheService.server');
vi.mock('../services/userService');
vi.mock('../services/brandService', () => ({
brandService: mockedBrandService,
}));
vi.mock('../services/receiptService.server');
vi.mock('../services/aiService.server');
vi.mock('../config/env', () => ({
config: {
database: { host: 'localhost', port: 5432, user: 'test', password: 'test', name: 'test' },
redis: { url: 'redis://localhost:6379' },
auth: { jwtSecret: 'test-secret' },
server: { port: 3000, host: 'localhost' },
},
isAiConfigured: vi.fn().mockReturnValue(false),
parseConfig: vi.fn(),
}));
vi.mock('@bull-board/api'); // Keep this mock for the API part
vi.mock('@bull-board/api/bullMQAdapter'); // Keep this mock for the adapter
@@ -103,13 +126,17 @@ vi.mock('@bull-board/express', () => ({
}));
// Mock the logger
vi.mock('../services/logger.server', async () => ({
// Use async import to avoid hoisting issues with mockLogger
logger: (await import('../tests/utils/mockLogger')).mockLogger,
}));
vi.mock('../services/logger.server', async () => {
const { mockLogger, createMockLogger } = await import('../tests/utils/mockLogger');
return {
logger: mockLogger,
createScopedLogger: vi.fn(() => createMockLogger()),
};
});
// Mock the passport middleware
vi.mock('./passport.routes', () => ({
// Note: admin.routes.ts imports from '../config/passport', so we mock that path
vi.mock('../config/passport', () => ({
default: {
authenticate: vi.fn(() => (req: Request, res: Response, next: NextFunction) => {
if (!req.user) return res.status(401).json({ message: 'Unauthorized' });
@@ -314,22 +341,23 @@ describe('Admin Content Management Routes (/api/admin)', () => {
it('POST /brands/:id/logo should upload a logo and update the brand', async () => {
const brandId = 55;
vi.mocked(mockedDb.adminRepo.updateBrandLogo).mockResolvedValue(undefined);
const mockLogoUrl = '/flyer-images/brand-logos/test-logo.png';
vi.mocked(mockedBrandService.updateBrandLogo).mockResolvedValue(mockLogoUrl);
const response = await supertest(app)
.post(`/api/admin/brands/${brandId}/logo`)
.attach('logoImage', Buffer.from('dummy-logo-content'), 'test-logo.png');
expect(response.status).toBe(200);
expect(response.body.data.message).toBe('Brand logo updated successfully.');
expect(vi.mocked(mockedDb.adminRepo.updateBrandLogo)).toHaveBeenCalledWith(
expect(vi.mocked(mockedBrandService.updateBrandLogo)).toHaveBeenCalledWith(
brandId,
expect.stringContaining('/flyer-images/'),
expect.objectContaining({ fieldname: 'logoImage' }),
expect.anything(),
);
});
it('POST /brands/:id/logo should return 500 on DB error', async () => {
const brandId = 55;
vi.mocked(mockedDb.adminRepo.updateBrandLogo).mockRejectedValue(new Error('DB Error'));
vi.mocked(mockedBrandService.updateBrandLogo).mockRejectedValue(new Error('DB Error'));
const response = await supertest(app)
.post(`/api/admin/brands/${brandId}/logo`)
.attach('logoImage', Buffer.from('dummy-logo-content'), 'test-logo.png');
@@ -347,7 +375,7 @@ describe('Admin Content Management Routes (/api/admin)', () => {
it('should clean up the uploaded file if updating the brand logo fails', async () => {
const brandId = 55;
const dbError = new Error('DB Connection Failed');
vi.mocked(mockedDb.adminRepo.updateBrandLogo).mockRejectedValue(dbError);
vi.mocked(mockedBrandService.updateBrandLogo).mockRejectedValue(dbError);
const response = await supertest(app)
.post(`/api/admin/brands/${brandId}/logo`)

79
src/routes/admin.jobs.routes.test.ts
View File

@@ -29,6 +29,17 @@ vi.mock('../services/queueService.server', () => ({
cleanupWorker: {},
weeklyAnalyticsWorker: {},
}));
// Mock the monitoring service - the routes use this service for job operations
vi.mock('../services/monitoringService.server', () => ({
monitoringService: {
getWorkerStatuses: vi.fn(),
getQueueStatuses: vi.fn(),
retryFailedJob: vi.fn(),
getJobStatus: vi.fn(),
},
}));
vi.mock('../services/db/index.db', () => ({
adminRepo: {},
flyerRepo: {},
@@ -59,21 +70,22 @@ import adminRouter from './admin.routes';
// Import the mocked modules to control them
import { backgroundJobService } from '../services/backgroundJobService'; // This is now a mock
import {
flyerQueue,
analyticsQueue,
cleanupQueue,
weeklyAnalyticsQueue,
} from '../services/queueService.server';
import { analyticsQueue, cleanupQueue } from '../services/queueService.server';
import { monitoringService } from '../services/monitoringService.server'; // This is now a mock
import { NotFoundError, ValidationError } from '../services/db/errors.db';
// Mock the logger
vi.mock('../services/logger.server', async () => ({
// Use async import to avoid hoisting issues with mockLogger
logger: (await import('../tests/utils/mockLogger')).mockLogger,
}));
vi.mock('../services/logger.server', async () => {
const { mockLogger, createMockLogger } = await import('../tests/utils/mockLogger');
return {
logger: mockLogger,
createScopedLogger: vi.fn(() => createMockLogger()),
};
});
// Mock the passport middleware
vi.mock('./passport.routes', () => ({
// Note: admin.routes.ts imports from '../config/passport', so we mock that path
vi.mock('../config/passport', () => ({
default: {
authenticate: vi.fn(() => (req: Request, res: Response, next: NextFunction) => {
if (!req.user) return res.status(401).json({ message: 'Unauthorized' });
@@ -221,13 +233,8 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
const jobId = 'failed-job-1';
it('should successfully retry a failed job', async () => {
// Arrange
const mockJob = {
id: jobId,
getState: vi.fn().mockResolvedValue('failed'),
retry: vi.fn().mockResolvedValue(undefined),
};
vi.mocked(flyerQueue.getJob).mockResolvedValue(mockJob as unknown as Job);
// Arrange - mock the monitoring service to resolve successfully
vi.mocked(monitoringService.retryFailedJob).mockResolvedValue(undefined);
// Act
const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);
@@ -237,7 +244,11 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
expect(response.body.data.message).toBe(
`Job ${jobId} has been successfully marked for retry.`,
);
expect(mockJob.retry).toHaveBeenCalledTimes(1);
expect(monitoringService.retryFailedJob).toHaveBeenCalledWith(
queueName,
jobId,
'admin-user-id',
);
});
it('should return 400 if the queue name is invalid', async () => {
@@ -250,8 +261,10 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
const queueName = 'weekly-analytics-reporting';
const jobId = 'some-job-id';
// Ensure getJob returns undefined (not found)
vi.mocked(weeklyAnalyticsQueue.getJob).mockResolvedValue(undefined);
// Mock monitoringService.retryFailedJob to throw NotFoundError
vi.mocked(monitoringService.retryFailedJob).mockRejectedValue(
new NotFoundError(`Job with ID '${jobId}' not found in queue '${queueName}'.`),
);
const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);
@@ -262,7 +275,10 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
});
it('should return 404 if the job ID is not found in the queue', async () => {
vi.mocked(flyerQueue.getJob).mockResolvedValue(undefined);
// Mock monitoringService.retryFailedJob to throw NotFoundError
vi.mocked(monitoringService.retryFailedJob).mockRejectedValue(
new NotFoundError("Job with ID 'not-found-job' not found in queue 'flyer-processing'."),
);
const response = await supertest(app).post(
`/api/admin/jobs/${queueName}/not-found-job/retry`,
);
@@ -271,12 +287,10 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
});
it('should return 400 if the job is not in a failed state', async () => {
const mockJob = {
id: jobId,
getState: vi.fn().mockResolvedValue('completed'),
retry: vi.fn(),
};
vi.mocked(flyerQueue.getJob).mockResolvedValue(mockJob as unknown as Job);
// Mock monitoringService.retryFailedJob to throw ValidationError
vi.mocked(monitoringService.retryFailedJob).mockRejectedValue(
new ValidationError([], "Job is not in a 'failed' state. Current state: completed."),
);
const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);
@@ -284,16 +298,11 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
expect(response.body.error.message).toBe(
"Job is not in a 'failed' state. Current state: completed.",
); // This is now handled by the errorHandler
expect(mockJob.retry).not.toHaveBeenCalled();
});
it('should return 500 if job.retry() throws an error', async () => {
const mockJob = {
id: jobId,
getState: vi.fn().mockResolvedValue('failed'),
retry: vi.fn().mockRejectedValue(new Error('Cannot retry job')),
};
vi.mocked(flyerQueue.getJob).mockResolvedValue(mockJob as unknown as Job);
// Mock monitoringService.retryFailedJob to throw a generic error
vi.mocked(monitoringService.retryFailedJob).mockRejectedValue(new Error('Cannot retry job'));
const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);

4
src/routes/admin.monitoring.routes.test.ts
View File

@@ -92,10 +92,12 @@ import { adminRepo } from '../services/db/index.db';
// Mock the logger
vi.mock('../services/logger.server', () => ({
logger: mockLogger,
createScopedLogger: vi.fn(() => mockLogger),
}));
// Mock the passport middleware
vi.mock('./passport.routes', () => ({
// Note: admin.routes.ts imports from '../config/passport', so we mock that path
vi.mock('../config/passport', () => ({
default: {
authenticate: vi.fn(() => (req: Request, res: Response, next: NextFunction) => {
if (!req.user) return res.status(401).json({ message: 'Unauthorized' });

30
src/routes/admin.routes.test.ts
View File

@@ -41,9 +41,13 @@ vi.mock('../services/cacheService.server', () => ({
},
}));
vi.mock('../services/logger.server', async () => ({
logger: (await import('../tests/utils/mockLogger')).mockLogger,
}));
vi.mock('../services/logger.server', async () => {
const { mockLogger, createMockLogger } = await import('../tests/utils/mockLogger');
return {
logger: mockLogger,
createScopedLogger: vi.fn(() => createMockLogger()),
};
});
vi.mock('@bull-board/api');
vi.mock('@bull-board/api/bullMQAdapter');
@@ -57,9 +61,27 @@ vi.mock('@bull-board/express', () => ({
}));
vi.mock('node:fs/promises');
vi.mock('../services/queues.server');
vi.mock('../services/workers.server');
vi.mock('../services/monitoringService.server');
vi.mock('../services/userService');
vi.mock('../services/brandService');
vi.mock('../services/receiptService.server');
vi.mock('../services/aiService.server');
vi.mock('../config/env', () => ({
config: {
database: { host: 'localhost', port: 5432, user: 'test', password: 'test', name: 'test' },
redis: { url: 'redis://localhost:6379' },
auth: { jwtSecret: 'test-secret' },
server: { port: 3000, host: 'localhost' },
},
isAiConfigured: vi.fn().mockReturnValue(false),
parseConfig: vi.fn(),
}));
// Mock Passport to allow admin access
vi.mock('./passport.routes', () => ({
// Note: admin.routes.ts imports from '../config/passport', so we mock that path
vi.mock('../config/passport', () => ({
default: {
authenticate: vi.fn(() => (req: any, res: any, next: any) => {
req.user = createMockUserProfile({ role: 'admin' });

700
src/routes/admin.routes.ts
View File

@@ -1,7 +1,6 @@
// src/routes/admin.routes.ts
import { Router, NextFunction, Request, Response } from 'express';
import passport from './passport.routes';
import { isAdmin } from './passport.routes'; // Correctly imported
import passport, { isAdmin } from '../config/passport';
import { z } from 'zod';
import * as db from '../services/db/index.db';
@@ -119,6 +118,27 @@ router.use(passport.authenticate('jwt', { session: false }), isAdmin);
// --- Admin Routes ---
/**
* @openapi
* /admin/corrections:
* get:
* tags: [Admin]
* summary: Get suggested corrections
* description: Retrieve all suggested corrections for review. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: List of suggested corrections
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/SuccessResponse'
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get('/corrections', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
try {
const corrections = await db.adminRepo.getSuggestedCorrections(req.log);
@@ -129,6 +149,23 @@ router.get('/corrections', validateRequest(emptySchema), async (req, res, next:
}
});
/**
* @openapi
* /admin/review/flyers:
* get:
* tags: [Admin]
* summary: Get flyers for review
* description: Retrieve flyers pending admin review. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: List of flyers for review
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get('/review/flyers', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
try {
req.log.debug('Fetching flyers for review via adminRepo');
@@ -144,6 +181,23 @@ router.get('/review/flyers', validateRequest(emptySchema), async (req, res, next
}
});
/**
* @openapi
* /admin/brands:
* get:
* tags: [Admin]
* summary: Get all brands
* description: Retrieve all brands. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: List of brands
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get('/brands', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
try {
const brands = await db.flyerRepo.getAllBrands(req.log);
@@ -154,6 +208,23 @@ router.get('/brands', validateRequest(emptySchema), async (req, res, next: NextF
}
});
/**
* @openapi
* /admin/stats:
* get:
* tags: [Admin]
* summary: Get application stats
* description: Retrieve overall application statistics. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: Application statistics
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get('/stats', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
try {
const stats = await db.adminRepo.getApplicationStats(req.log);
@@ -164,6 +235,23 @@ router.get('/stats', validateRequest(emptySchema), async (req, res, next: NextFu
}
});
/**
* @openapi
* /admin/stats/daily:
* get:
* tags: [Admin]
* summary: Get daily statistics
* description: Retrieve daily statistics for the last 30 days. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: Daily statistics for last 30 days
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get('/stats/daily', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
try {
const dailyStats = await db.adminRepo.getDailyStatsForLast30Days(req.log);
@@ -174,6 +262,32 @@ router.get('/stats/daily', validateRequest(emptySchema), async (req, res, next:
}
});
/**
* @openapi
* /admin/corrections/{id}/approve:
* post:
* tags: [Admin]
* summary: Approve a correction
* description: Approve a suggested correction. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: integer
* description: Correction ID
* responses:
* 200:
* description: Correction approved successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Correction not found
*/
router.post(
'/corrections/:id/approve',
validateRequest(numericIdParam('id')),
@@ -190,6 +304,32 @@ router.post(
},
);
/**
* @openapi
* /admin/corrections/{id}/reject:
* post:
* tags: [Admin]
* summary: Reject a correction
* description: Reject a suggested correction. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: integer
* description: Correction ID
* responses:
* 200:
* description: Correction rejected successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Correction not found
*/
router.post(
'/corrections/:id/reject',
validateRequest(numericIdParam('id')),
@@ -206,6 +346,44 @@ router.post(
},
);
/**
* @openapi
* /admin/corrections/{id}:
* put:
* tags: [Admin]
* summary: Update a correction
* description: Update a suggested correction's value. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: integer
* description: Correction ID
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: object
* required:
* - suggested_value
* properties:
* suggested_value:
* type: string
* description: New suggested value
* responses:
* 200:
* description: Correction updated successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Correction not found
*/
router.put(
'/corrections/:id',
validateRequest(updateCorrectionSchema),
@@ -226,6 +404,44 @@ router.put(
},
);
/**
* @openapi
* /admin/recipes/{id}/status:
* put:
* tags: [Admin]
* summary: Update recipe status
* description: Update a recipe's publication status. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: integer
* description: Recipe ID
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: object
* required:
* - status
* properties:
* status:
* type: string
* enum: [private, pending_review, public, rejected]
* responses:
* 200:
* description: Recipe status updated successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Recipe not found
*/
router.put(
'/recipes/:id/status',
validateRequest(updateRecipeStatusSchema),
@@ -242,6 +458,47 @@ router.put(
},
);
/**
* @openapi
* /admin/brands/{id}/logo:
* post:
* tags: [Admin]
* summary: Upload brand logo
* description: Upload or update a brand's logo image. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: integer
* description: Brand ID
* requestBody:
* required: true
* content:
* multipart/form-data:
* schema:
* type: object
* required:
* - logoImage
* properties:
* logoImage:
* type: string
* format: binary
* description: Logo image file (max 2MB)
* responses:
* 200:
* description: Brand logo updated successfully
* 400:
* description: Invalid file or missing logo image
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Brand not found
*/
router.post(
'/brands/:id/logo',
adminUploadLimiter,
@@ -274,6 +531,23 @@ router.post(
},
);
/**
* @openapi
* /admin/unmatched-items:
* get:
* tags: [Admin]
* summary: Get unmatched flyer items
* description: Retrieve flyer items that couldn't be matched to master items. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: List of unmatched flyer items
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get(
'/unmatched-items',
validateRequest(emptySchema),
@@ -289,7 +563,30 @@ router.get(
);
/**
* DELETE /api/admin/recipes/:recipeId - Admin endpoint to delete any recipe.
* @openapi
* /admin/recipes/{recipeId}:
* delete:
* tags: [Admin]
* summary: Delete a recipe
* description: Admin endpoint to delete any recipe. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: recipeId
* required: true
* schema:
* type: integer
* description: Recipe ID
* responses:
* 204:
* description: Recipe deleted successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Recipe not found
*/
router.delete(
'/recipes/:recipeId',
@@ -310,7 +607,30 @@ router.delete(
);
/**
* DELETE /api/admin/flyers/:flyerId - Admin endpoint to delete a flyer and its items.
* @openapi
* /admin/flyers/{flyerId}:
* delete:
* tags: [Admin]
* summary: Delete a flyer
* description: Admin endpoint to delete a flyer and its items. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: flyerId
* required: true
* schema:
* type: integer
* description: Flyer ID
* responses:
* 204:
* description: Flyer deleted successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Flyer not found
*/
router.delete(
'/flyers/:flyerId',
@@ -328,6 +648,44 @@ router.delete(
},
);
/**
* @openapi
* /admin/comments/{id}/status:
* put:
* tags: [Admin]
* summary: Update comment status
* description: Update a recipe comment's visibility status. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: integer
* description: Comment ID
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: object
* required:
* - status
* properties:
* status:
* type: string
* enum: [visible, hidden, reported]
* responses:
* 200:
* description: Comment status updated successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Comment not found
*/
router.put(
'/comments/:id/status',
validateRequest(updateCommentStatusSchema),
@@ -348,6 +706,23 @@ router.put(
},
);
/**
* @openapi
* /admin/users:
* get:
* tags: [Admin]
* summary: Get all users
* description: Retrieve a list of all users. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: List of all users
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get('/users', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
try {
const users = await db.adminRepo.getAllUsers(req.log);
@@ -358,6 +733,36 @@ router.get('/users', validateRequest(emptySchema), async (req, res, next: NextFu
}
});
/**
* @openapi
* /admin/activity-log:
* get:
* tags: [Admin]
* summary: Get activity log
* description: Retrieve system activity log with pagination. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: query
* name: limit
* schema:
* type: integer
* default: 50
* description: Maximum number of entries to return
* - in: query
* name: offset
* schema:
* type: integer
* default: 0
* description: Number of entries to skip
* responses:
* 200:
* description: Activity log entries
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get(
'/activity-log',
validateRequest(activityLogSchema),
@@ -376,6 +781,33 @@ router.get(
},
);
/**
* @openapi
* /admin/users/{id}:
* get:
* tags: [Admin]
* summary: Get user by ID
* description: Retrieve a specific user's profile. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: string
* format: uuid
* description: User ID
* responses:
* 200:
* description: User profile
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: User not found
*/
router.get(
'/users/:id',
validateRequest(uuidParamSchema('id', 'A valid user ID is required.')),
@@ -392,6 +824,45 @@ router.get(
},
);
/**
* @openapi
* /admin/users/{id}:
* put:
* tags: [Admin]
* summary: Update user role
* description: Update a user's role. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: string
* format: uuid
* description: User ID
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: object
* required:
* - role
* properties:
* role:
* type: string
* enum: [user, admin]
* responses:
* 200:
* description: User role updated successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: User not found
*/
router.put(
'/users/:id',
validateRequest(updateUserRoleSchema),
@@ -408,6 +879,33 @@ router.put(
},
);
/**
* @openapi
* /admin/users/{id}:
* delete:
* tags: [Admin]
* summary: Delete a user
* description: Delete a user account. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: id
* required: true
* schema:
* type: string
* format: uuid
* description: User ID
* responses:
* 204:
* description: User deleted successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: User not found
*/
router.delete(
'/users/:id',
validateRequest(uuidParamSchema('id', 'A valid user ID is required.')),
@@ -426,8 +924,21 @@ router.delete(
);
/**
* POST /api/admin/trigger/daily-deal-check - Manually trigger the daily deal check job.
* This is useful for testing or forcing an update without waiting for the cron schedule.
* @openapi
* /admin/trigger/daily-deal-check:
* post:
* tags: [Admin]
* summary: Trigger daily deal check
* description: Manually trigger the daily deal check job. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 202:
* description: Job triggered successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.post(
'/trigger/daily-deal-check',
@@ -459,8 +970,21 @@ router.post(
);
/**
* POST /api/admin/trigger/analytics-report - Manually enqueue a job to generate the daily analytics report.
* This is useful for testing or re-generating a report without waiting for the cron schedule.
* @openapi
* /admin/trigger/analytics-report:
* post:
* tags: [Admin]
* summary: Trigger analytics report
* description: Manually enqueue a job to generate the daily analytics report. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 202:
* description: Job enqueued successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.post(
'/trigger/analytics-report',
@@ -489,8 +1013,30 @@ router.post(
);
/**
* POST /api/admin/flyers/:flyerId/cleanup - Enqueue a job to clean up a flyer's files.
* This is triggered by an admin after they have verified the flyer processing was successful.
* @openapi
* /admin/flyers/{flyerId}/cleanup:
* post:
* tags: [Admin]
* summary: Trigger flyer file cleanup
* description: Enqueue a job to clean up a flyer's files. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: flyerId
* required: true
* schema:
* type: integer
* description: Flyer ID
* responses:
* 202:
* description: Cleanup job enqueued successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Flyer not found
*/
router.post(
'/flyers/:flyerId/cleanup',
@@ -520,8 +1066,21 @@ router.post(
);
/**
* POST /api/admin/trigger/failing-job - Enqueue a test job designed to fail.
* This is for testing the retry mechanism and Bull Board UI.
* @openapi
* /admin/trigger/failing-job:
* post:
* tags: [Admin]
* summary: Trigger failing test job
* description: Enqueue a test job designed to fail for testing retry mechanisms. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 202:
* description: Failing test job enqueued successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.post(
'/trigger/failing-job',
@@ -549,8 +1108,21 @@ router.post(
);
/**
* POST /api/admin/system/clear-geocode-cache - Clears the Redis cache for geocoded addresses.
* Requires admin privileges.
* @openapi
* /admin/system/clear-geocode-cache:
* post:
* tags: [Admin]
* summary: Clear geocode cache
* description: Clears the Redis cache for geocoded addresses. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: Cache cleared successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.post(
'/system/clear-geocode-cache',
@@ -575,8 +1147,21 @@ router.post(
);
/**
* GET /api/admin/workers/status - Get the current running status of all BullMQ workers.
* This is useful for a system health dashboard to see if any workers have crashed.
* @openapi
* /admin/workers/status:
* get:
* tags: [Admin]
* summary: Get worker statuses
* description: Get the current running status of all BullMQ workers. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: Worker status information
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get(
'/workers/status',
@@ -593,8 +1178,21 @@ router.get(
);
/**
* GET /api/admin/queues/status - Get job counts for all BullMQ queues.
* This is useful for monitoring the health and backlog of background jobs.
* @openapi
* /admin/queues/status:
* get:
* tags: [Admin]
* summary: Get queue statuses
* description: Get job counts for all BullMQ queues. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: Queue status information
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.get(
'/queues/status',
@@ -611,7 +1209,37 @@ router.get(
);
/**
* POST /api/admin/jobs/:queueName/:jobId/retry - Retries a specific failed job.
* @openapi
* /admin/jobs/{queueName}/{jobId}/retry:
* post:
* tags: [Admin]
* summary: Retry a failed job
* description: Retries a specific failed job in a queue. Requires admin role.
* security:
* - bearerAuth: []
* parameters:
* - in: path
* name: queueName
* required: true
* schema:
* type: string
* enum: [flyer-processing, email-sending, analytics-reporting, file-cleanup, weekly-analytics-reporting]
* description: Queue name
* - in: path
* name: jobId
* required: true
* schema:
* type: string
* description: Job ID
* responses:
* 200:
* description: Job marked for retry successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
* 404:
* description: Job not found
*/
router.post(
'/jobs/:queueName/:jobId/retry',
@@ -634,7 +1262,21 @@ router.post(
);
/**
* POST /api/admin/trigger/weekly-analytics - Manually trigger the weekly analytics report job.
* @openapi
* /admin/trigger/weekly-analytics:
* post:
* tags: [Admin]
* summary: Trigger weekly analytics
* description: Manually trigger the weekly analytics report job. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 202:
* description: Job enqueued successfully
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.post(
'/trigger/weekly-analytics',
@@ -657,9 +1299,21 @@ router.post(
);
/**
* POST /api/admin/system/clear-cache - Clears the application data cache.
* Clears cached flyers, brands, and stats data from Redis.
* Requires admin privileges.
* @openapi
* /admin/system/clear-cache:
* post:
* tags: [Admin]
* summary: Clear application cache
* description: Clears cached flyers, brands, and stats data from Redis. Requires admin role.
* security:
* - bearerAuth: []
* responses:
* 200:
* description: Cache cleared successfully with details
* 401:
* description: Unauthorized
* 403:
* description: Forbidden - admin role required
*/
router.post(
'/system/clear-cache',

Some files were not shown because too many files have changed in this diff Show More