pn-new-crm/tests/integration/webhook-delivery.test.ts

/**
 * Webhook delivery integration tests.
 *
 * Verifies:
 *  - Create a webhook subscribed to ['client.created']
 *  - dispatchWebhookEvent with 'client:created' creates a delivery record
 *  - Event name is translated to dot-style ('client.created')
 *  - A pending delivery record exists in webhook_deliveries
 *  - BullMQ job is enqueued for each matching webhook
 *
 * Skips gracefully when TEST_DATABASE_URL is not reachable.
 */
import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest';

import { makeAuditMeta } from '../helpers/factories';

// vi.mock is hoisted to the top of the module — keep mocks there so vitest
// doesn't warn about non-top-level calls. Use `vi.hoisted` for any mock that
// references a value (mockQueueAdd) so it's evaluated before the mock factory
// runs.
const { mockQueueAdd } = vi.hoisted(() => ({
  mockQueueAdd: vi.fn().mockResolvedValue({ id: 'mock-job' }),
}));

vi.mock('@/lib/queue', () => ({
  getQueue: () => ({ add: mockQueueAdd }),
}));

vi.mock('@/lib/utils/encryption', () => ({
  encrypt: (v: string) => `enc:${v}`,
  decrypt: (v: string) => v.replace(/^enc:/, ''),
}));

vi.mock('@/lib/audit', () => ({
  createAuditLog: vi.fn().mockResolvedValue(undefined),
}));

const TEST_DB_URL =
  process.env.TEST_DATABASE_URL || 'postgresql://test:test@localhost:5433/portnimara_test';

let dbAvailable = false;

beforeAll(async () => {
  try {
    const postgres = (await import('postgres')).default;
    const sql = postgres(TEST_DB_URL, { max: 1, idle_timeout: 3, connect_timeout: 3 });
    await sql`SELECT 1`;
    await sql.end();
    dbAvailable = true;
  } catch {
    console.warn('[webhook-delivery] Test database not available — skipping integration tests');
  }
});

function itDb(name: string, fn: () => Promise<void>) {
  it(name, async () => {
    if (!dbAvailable) return;
    await fn();
  });
}

// ─── Helpers ─────────────────────────────────────────────────────────────────

async function seedPortAndUser(): Promise<{ portId: string; userId: string }> {
  const postgres = (await import('postgres')).default;
  const sql = postgres(TEST_DB_URL, { max: 1 });

  const portId = crypto.randomUUID();
  const userId = crypto.randomUUID();

  await sql`
    INSERT INTO ports (id, name, slug, country, currency, timezone)
    VALUES (${portId}, 'Webhook Test Port', ${'webhook-' + portId.slice(0, 8)}, 'AU', 'AUD', 'UTC')
  `;

  await sql`
    INSERT INTO "user" (id, name, email, email_verified, created_at, updated_at)
    VALUES (${userId}, 'Webhook User', ${'webhook-' + userId.slice(0, 8) + '@test.local'}, true, NOW(), NOW())
  `;

  await sql`
    INSERT INTO user_profiles (id, user_id, display_name, is_super_admin, is_active, preferences)
    VALUES (${crypto.randomUUID()}, ${userId}, 'Webhook User', false, true, '{}')
  `;

  await sql.end();
  return { portId, userId };
}

async function cleanupPortAndUser(portId: string, userId: string): Promise<void> {
  const postgres = (await import('postgres')).default;
  const sql = postgres(TEST_DB_URL, { max: 1 });
  await sql`DELETE FROM ports WHERE id = ${portId}`;
  await sql`DELETE FROM user_profiles WHERE user_id = ${userId}`;
  await sql`DELETE FROM "user" WHERE id = ${userId}`;
  await sql.end();
}

// ─── Tests ────────────────────────────────────────────────────────────────────

describe('Webhook Delivery', () => {
  let portId: string;
  let userId: string;

  beforeAll(async () => {
    if (!dbAvailable) return;
    ({ portId, userId } = await seedPortAndUser());
  });

  afterAll(async () => {
    if (!dbAvailable) return;
    await cleanupPortAndUser(portId, userId);
  });

  itDb('createWebhook returns an id and plaintext secret', async () => {
    const { createWebhook } = await import('@/lib/services/webhooks.service');
    const meta = makeAuditMeta({ portId, userId });

    const webhook = await createWebhook(
      portId,
      userId,
      {
        name: 'Delivery Test Webhook',
        url: 'https://example.com/hooks',
        events: ['client.created'],
        isActive: true,
      },
      meta,
    );

    expect(webhook.id).toBeDefined();
    expect(webhook.portId).toBe(portId);
    expect(typeof webhook.secret).toBe('string');
    expect((webhook.secret as string).length).toBeGreaterThan(10);
  });

  itDb('dispatchWebhookEvent creates a delivery record for client:created', async () => {
    const { createWebhook } = await import('@/lib/services/webhooks.service');
    const { dispatchWebhookEvent } = await import('@/lib/services/webhook-dispatch');
    const meta = makeAuditMeta({ portId, userId });

    const webhook = await createWebhook(
      portId,
      userId,
      {
        name: 'Dispatch Test Hook',
        url: 'https://example.com/dispatch',
        events: ['client.created'],
        isActive: true,
      },
      meta,
    );

    vi.clearAllMocks();

    await dispatchWebhookEvent(portId, 'client:created', { clientId: 'test-client-123' });

    const postgres = (await import('postgres')).default;
    const sql = postgres(TEST_DB_URL, { max: 1 });
    const rows = await sql<Array<{ event_type: string; status: string }>>`
      SELECT event_type, status
      FROM webhook_deliveries
      WHERE webhook_id = ${webhook.id}
      ORDER BY created_at DESC
      LIMIT 1
    `;
    await sql.end();

    expect(rows.length).toBe(1);
    expect(rows[0]!.event_type).toBe('client.created');
    expect(rows[0]!.status).toBe('pending');
  });

  itDb('INTERNAL_TO_WEBHOOK_MAP translates internal:camel to dot.style event names', async () => {
    const { INTERNAL_TO_WEBHOOK_MAP } = await import('@/lib/services/webhook-event-map');

    expect(INTERNAL_TO_WEBHOOK_MAP['client:created']).toBe('client.created');
    expect(INTERNAL_TO_WEBHOOK_MAP['interest:stageChanged']).toBe('interest.stage_changed');
    expect(INTERNAL_TO_WEBHOOK_MAP['berth:statusChanged']).toBe('berth.status_changed');
    expect(INTERNAL_TO_WEBHOOK_MAP['invoice:paid']).toBe('invoice.paid');
  });

  itDb('unmapped internal events do not create delivery records', async () => {
    const { createWebhook } = await import('@/lib/services/webhooks.service');
    const { dispatchWebhookEvent } = await import('@/lib/services/webhook-dispatch');
    const meta = makeAuditMeta({ portId, userId });

    const webhook = await createWebhook(
      portId,
      userId,
      {
        name: 'Unmapped Hook',
        url: 'https://example.com/unmapped',
        events: ['client.created'],
        isActive: true,
      },
      meta,
    );

    vi.clearAllMocks();

    await dispatchWebhookEvent(portId, 'not:a:real:event', { data: 'test' });

    const postgres = (await import('postgres')).default;
    const sql = postgres(TEST_DB_URL, { max: 1 });
    const rows = await sql<Array<{ count: string }>>`
      SELECT COUNT(*) as count
      FROM webhook_deliveries
      WHERE webhook_id = ${webhook.id}
        AND created_at > NOW() - INTERVAL '5 seconds'
    `;
    await sql.end();

    expect(Number(rows[0]!.count)).toBe(0);
  });

  itDb('inactive webhooks are not dispatched to', async () => {
    const { createWebhook } = await import('@/lib/services/webhooks.service');
    const { dispatchWebhookEvent } = await import('@/lib/services/webhook-dispatch');
    const meta = makeAuditMeta({ portId, userId });

    const webhook = await createWebhook(
      portId,
      userId,
      {
        name: 'Inactive Hook',
        url: 'https://example.com/inactive',
        events: ['client.created'],
        isActive: false,
      },
      meta,
    );

    vi.clearAllMocks();

    await dispatchWebhookEvent(portId, 'client:created', { clientId: 'xyz' });

    const postgres = (await import('postgres')).default;
    const sql = postgres(TEST_DB_URL, { max: 1 });
    const rows = await sql<Array<{ count: string }>>`
      SELECT COUNT(*) as count
      FROM webhook_deliveries
      WHERE webhook_id = ${webhook.id}
        AND created_at > NOW() - INTERVAL '5 seconds'
    `;
    await sql.end();

    expect(Number(rows[0]!.count)).toBe(0);
  });

  itDb('BullMQ job is enqueued with correct event payload', async () => {
    const { createWebhook } = await import('@/lib/services/webhooks.service');
    const { dispatchWebhookEvent } = await import('@/lib/services/webhook-dispatch');
    const meta = makeAuditMeta({ portId, userId });

    await createWebhook(
      portId,
      userId,
      {
        name: 'Queue Test Hook',
        url: 'https://example.com/queue',
        events: ['client.updated'],
        isActive: true,
      },
      meta,
    );

    vi.clearAllMocks();

    await dispatchWebhookEvent(portId, 'client:updated', { clientId: 'q-test' });

    expect(mockQueueAdd).toHaveBeenCalledWith(
      'deliver',
      expect.objectContaining({
        portId,
        event: 'client.updated',
        payload: expect.objectContaining({ clientId: 'q-test' }),
      }),
    );
  });
});