tests/unit/document-sends-validators.test.ts

/**
 * Phase 7 — validator-level guarantees for the send-out flow.
 *
 * §14.7 mitigation: recipient typo (the strict email regex is the first
 * line of defense; the confirmation modal is the second).
 */
import { describe, expect, it } from 'vitest';

import {
  sendBerthPdfSchema,
  sendBrochureSchema,
  previewBodySchema,
  listSendsQuerySchema,
} from '@/lib/validators/document-sends';
import { createBrochureSchema, registerBrochureVersionSchema } from '@/lib/validators/brochures';

describe('sendBerthPdfSchema', () => {
  it('requires either clientId or email', () => {
    const r = sendBerthPdfSchema.safeParse({
      berthId: 'b1',
      recipient: { interestId: 'i1' },
    });
    expect(r.success).toBe(false);
  });

  it('accepts clientId-only recipient', () => {
    const r = sendBerthPdfSchema.safeParse({
      berthId: 'b1',
      recipient: { clientId: 'c1' },
    });
    expect(r.success).toBe(true);
  });

  it('rejects an obviously bad email', () => {
    const r = sendBerthPdfSchema.safeParse({
      berthId: 'b1',
      recipient: { email: 'not an email' },
    });
    expect(r.success).toBe(false);
  });

  it('caps custom body length at 50KB', () => {
    const r = sendBerthPdfSchema.safeParse({
      berthId: 'b1',
      recipient: { clientId: 'c1' },
      customBodyMarkdown: 'x'.repeat(60_000),
    });
    expect(r.success).toBe(false);
  });
});

describe('sendBrochureSchema', () => {
  it('allows brochureId to be omitted (defaults at service level)', () => {
    const r = sendBrochureSchema.safeParse({
      recipient: { clientId: 'c1' },
    });
    expect(r.success).toBe(true);
  });
});

describe('previewBodySchema', () => {
  it('requires documentKind', () => {
    const r = previewBodySchema.safeParse({ recipient: { clientId: 'c1' } });
    expect(r.success).toBe(false);
  });

  it('accepts a minimal preview payload', () => {
    const r = previewBodySchema.safeParse({
      documentKind: 'berth_pdf',
      recipient: { clientId: 'c1' },
      berthId: 'b1',
    });
    expect(r.success).toBe(true);
  });
});

describe('listSendsQuerySchema', () => {
  it('coerces limit from string', () => {
    const r = listSendsQuerySchema.safeParse({ limit: '50' });
    expect(r.success).toBe(true);
    if (r.success) expect(r.data.limit).toBe(50);
  });

  it('rejects out-of-range limit', () => {
    const r = listSendsQuerySchema.safeParse({ limit: '99999' });
    expect(r.success).toBe(false);
  });
});

describe('createBrochureSchema', () => {
  it('requires a non-empty label', () => {
    const r = createBrochureSchema.safeParse({ label: '   ' });
    expect(r.success).toBe(false);
  });

  it('caps label at 120 chars', () => {
    const r = createBrochureSchema.safeParse({ label: 'a'.repeat(200) });
    expect(r.success).toBe(false);
  });
});

describe('registerBrochureVersionSchema', () => {
  it('rejects path-traversal in storageKey', () => {
    const r = registerBrochureVersionSchema.safeParse({
      storageKey: '../etc/passwd',
      fileName: 'b.pdf',
      fileSizeBytes: 100,
      contentSha256: 'a'.repeat(64),
    });
    expect(r.success).toBe(false);
  });

  it('rejects malformed sha256', () => {
    const r = registerBrochureVersionSchema.safeParse({
      storageKey: 'port/brochures/abc/x.pdf',
      fileName: 'b.pdf',
      fileSizeBytes: 100,
      contentSha256: 'NOTHEX',
    });
    expect(r.success).toBe(false);
  });

  it('rejects upload over 100MB', () => {
    const r = registerBrochureVersionSchema.safeParse({
      storageKey: 'port/brochures/abc/x.pdf',
      fileName: 'b.pdf',
      fileSizeBytes: 200 * 1024 * 1024,
      contentSha256: 'a'.repeat(64),
    });
    expect(r.success).toBe(false);
  });

  it('accepts a valid payload', () => {
    const r = registerBrochureVersionSchema.safeParse({
      storageKey: 'port/brochures/abc/x.pdf',
      fileName: 'b.pdf',
      fileSizeBytes: 1024,
      contentSha256: 'a'.repeat(64),
    });
    expect(r.success).toBe(true);
  });
});
feat(emails): sales send-out flows + brochures + email-from settings Phase 7 of the berth-recommender refactor (plan §3.3, §4.8, §4.9, §5.7, §5.8, §5.9, §11.1, §14.7, §14.9). Adds the rep-driven send-out path for per-berth PDFs and port-wide brochures, the per-port sales SMTP/IMAP config + body templates, and the supporting admin UI. Migration: 0031_brochures_and_document_sends.sql Schema additions: - brochures (port-wide, with isDefault marker + archive) - brochure_versions (versioned uploads, storageKey per §4.7a) - document_sends (audit log of every rep-initiated send; failures captured with failedAt + errorReason). berthPdfVersionId is a plain text column (no FK) — loose-coupled to Phase 6b's berth_pdf_versions so the two phases stay independent. §14.7 critical mitigations: - Body XSS: rep-authored markdown goes through renderEmailBody() (HTML-escape first, then a tight allowlist of bold/italic/code/link rules). https:// + mailto: only — javascript:/data: URLs stripped. Tested against script/img/iframe/svg/onerror polyglots. - Recipient typo: strict email regex + two-step confirm modal that shows the exact recipient before send. - Unresolved merge fields: pre-send dry-run /preview endpoint blocks submission until findUnresolvedTokens() returns empty. - SMTP failure: every transport rejection writes a document_sends row with failedAt + errorReason; UI surfaces the message. - Hourly per-user rate limit: 50 sends/user/hour via existing checkRateLimit(). - Size threshold fallback (§11.1): files above email_attach_threshold_mb (default 15) ship as a 24h signed-URL download link in the body instead of an attachment. Storage stream flows directly to nodemailer to avoid buffering 20MB+. §14.10 critical mitigation: - SMTP/IMAP passwords encrypted at rest via the existing EMAIL_CREDENTIAL_KEY (AES-256-GCM). The /api/v1/admin/email/ sales-config GET endpoint never returns the decrypted value — only a *PassIsSet boolean. PATCH treats empty string as "leave unchanged" and explicit null as "clear", so the masked-placeholder UI round- trips without forcing re-entry on every save. system_settings keys (per-port unless noted): - sales_from_address, sales_smtp_{host,port,secure,user,pass_encrypted} - sales_imap_{host,port,user,pass_encrypted} - sales_auth_method (default app_password) - noreply_from_address - email_template_send_berth_pdf_body, email_template_send_brochure_body - brochure_max_upload_mb (default 50) - email_attach_threshold_mb (default 15) UI surfaces (per §5.7, §5.8, §5.9): - <SendDocumentDialog> shared 2-step compose+confirm flow. - <SendBerthPdfDialog>, <SendDocumentsDialog>, <SendFromInterestButton> wrappers per detail page. - /[portSlug]/admin/brochures: list, upload (direct-to-storage presigned PUT for the 20MB+ files per §11.1), default toggle, archive. - /[portSlug]/admin/email extended with <SalesEmailConfigCard>: SMTP + IMAP creds, body templates, threshold/max settings. Storage: every upload + download goes through getStorageBackend() — no direct minio imports, per Phase 6a contract. Tests: 1145 vitest passing (+ 50 new in markdown-email-sanitization.test.ts, document-sends-validators.test.ts, sales-email-config-validators.test.ts). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-05 03:38:47 +02:00			`/**`
			`* Phase 7 — validator-level guarantees for the send-out flow.`
			`*`
			`* §14.7 mitigation: recipient typo (the strict email regex is the first`
			`* line of defense; the confirmation modal is the second).`
			`*/`
			`import { describe, expect, it } from 'vitest';`

			`import {`
			`sendBerthPdfSchema,`
			`sendBrochureSchema,`
			`previewBodySchema,`
			`listSendsQuerySchema,`
			`} from '@/lib/validators/document-sends';`
			`import { createBrochureSchema, registerBrochureVersionSchema } from '@/lib/validators/brochures';`

			`describe('sendBerthPdfSchema', () => {`
			`it('requires either clientId or email', () => {`
			`const r = sendBerthPdfSchema.safeParse({`
			`berthId: 'b1',`
			`recipient: { interestId: 'i1' },`
			`});`
			`expect(r.success).toBe(false);`
			`});`

			`it('accepts clientId-only recipient', () => {`
			`const r = sendBerthPdfSchema.safeParse({`
			`berthId: 'b1',`
			`recipient: { clientId: 'c1' },`
			`});`
			`expect(r.success).toBe(true);`
			`});`

			`it('rejects an obviously bad email', () => {`
			`const r = sendBerthPdfSchema.safeParse({`
			`berthId: 'b1',`
			`recipient: { email: 'not an email' },`
			`});`
			`expect(r.success).toBe(false);`
			`});`

			`it('caps custom body length at 50KB', () => {`
			`const r = sendBerthPdfSchema.safeParse({`
			`berthId: 'b1',`
			`recipient: { clientId: 'c1' },`
			`customBodyMarkdown: 'x'.repeat(60_000),`
			`});`
			`expect(r.success).toBe(false);`
			`});`
			`});`

			`describe('sendBrochureSchema', () => {`
			`it('allows brochureId to be omitted (defaults at service level)', () => {`
			`const r = sendBrochureSchema.safeParse({`
			`recipient: { clientId: 'c1' },`
			`});`
			`expect(r.success).toBe(true);`
			`});`
			`});`

			`describe('previewBodySchema', () => {`
			`it('requires documentKind', () => {`
			`const r = previewBodySchema.safeParse({ recipient: { clientId: 'c1' } });`
			`expect(r.success).toBe(false);`
			`});`

			`it('accepts a minimal preview payload', () => {`
			`const r = previewBodySchema.safeParse({`
			`documentKind: 'berth_pdf',`
			`recipient: { clientId: 'c1' },`
			`berthId: 'b1',`
			`});`
			`expect(r.success).toBe(true);`
			`});`
			`});`

			`describe('listSendsQuerySchema', () => {`
			`it('coerces limit from string', () => {`
			`const r = listSendsQuerySchema.safeParse({ limit: '50' });`
			`expect(r.success).toBe(true);`
			`if (r.success) expect(r.data.limit).toBe(50);`
			`});`

			`it('rejects out-of-range limit', () => {`
			`const r = listSendsQuerySchema.safeParse({ limit: '99999' });`
			`expect(r.success).toBe(false);`
			`});`
			`});`

			`describe('createBrochureSchema', () => {`
			`it('requires a non-empty label', () => {`
			`const r = createBrochureSchema.safeParse({ label: ' ' });`
			`expect(r.success).toBe(false);`
			`});`

			`it('caps label at 120 chars', () => {`
			`const r = createBrochureSchema.safeParse({ label: 'a'.repeat(200) });`
			`expect(r.success).toBe(false);`
			`});`
			`});`

			`describe('registerBrochureVersionSchema', () => {`
			`it('rejects path-traversal in storageKey', () => {`
			`const r = registerBrochureVersionSchema.safeParse({`
			`storageKey: '../etc/passwd',`
			`fileName: 'b.pdf',`
			`fileSizeBytes: 100,`
			`contentSha256: 'a'.repeat(64),`
			`});`
			`expect(r.success).toBe(false);`
			`});`

			`it('rejects malformed sha256', () => {`
			`const r = registerBrochureVersionSchema.safeParse({`
			`storageKey: 'port/brochures/abc/x.pdf',`
			`fileName: 'b.pdf',`
			`fileSizeBytes: 100,`
			`contentSha256: 'NOTHEX',`
			`});`
			`expect(r.success).toBe(false);`
			`});`

			`it('rejects upload over 100MB', () => {`
			`const r = registerBrochureVersionSchema.safeParse({`
			`storageKey: 'port/brochures/abc/x.pdf',`
			`fileName: 'b.pdf',`
			`fileSizeBytes: 200 * 1024 * 1024,`
			`contentSha256: 'a'.repeat(64),`
			`});`
			`expect(r.success).toBe(false);`
			`});`

			`it('accepts a valid payload', () => {`
			`const r = registerBrochureVersionSchema.safeParse({`
			`storageKey: 'port/brochures/abc/x.pdf',`
			`fileName: 'b.pdf',`
			`fileSizeBytes: 1024,`
			`contentSha256: 'a'.repeat(64),`
			`});`
			`expect(r.success).toBe(true);`
			`});`
			`});`