/** * PR10 — audit log search. * * Validates: * 1. Tsvector full-text search via the GENERATED `search_text` column * 2. All filters compose: entityType, action, userId, entityId, date range * 3. Cursor pagination on (createdAt, id) yields stable, complete pages * and never duplicates rows across page boundaries * 4. Per-port scoping isolates results */ import { describe, it, expect, beforeEach } from 'vitest'; import { eq } from 'drizzle-orm'; import { db } from '@/lib/db'; import { auditLogs } from '@/lib/db/schema/system'; import { searchAuditLogs } from '@/lib/services/audit-search.service'; import { makePort } from '../helpers/factories'; async function seed(args: { portId: string; userId?: string; action: string; entityType: string; entityId?: string; createdAt?: Date; }) { const [row] = await db .insert(auditLogs) .values({ portId: args.portId, userId: args.userId ?? null, action: args.action, entityType: args.entityType, entityId: args.entityId ?? null, createdAt: args.createdAt ?? new Date(), }) .returning(); return row!; } describe('audit log search', () => { beforeEach(async () => { // Tests are seed-isolated by port, so no global wipe needed. }); it('finds rows by entityType filter', async () => { const port = await makePort(); await seed({ portId: port.id, action: 'create', entityType: 'client' }); await seed({ portId: port.id, action: 'create', entityType: 'invoice' }); await seed({ portId: port.id, action: 'update', entityType: 'client' }); const { rows } = await searchAuditLogs({ portId: port.id, entityType: 'client' }); expect(rows).toHaveLength(2); expect(rows.every((r) => r.entityType === 'client')).toBe(true); }); it('filters by action and userId together', async () => { const port = await makePort(); await seed({ portId: port.id, userId: 'u1', action: 'create', entityType: 'client' }); await seed({ portId: port.id, userId: 'u2', action: 'create', entityType: 'client' }); await seed({ portId: port.id, userId: 'u1', action: 'delete', entityType: 'client' }); const { rows } = await searchAuditLogs({ portId: port.id, action: 'create', userId: 'u1', }); expect(rows).toHaveLength(1); expect(rows[0]?.userId).toBe('u1'); expect(rows[0]?.action).toBe('create'); }); it('full-text search hits the tsvector column on action + entityType + entityId', async () => { const port = await makePort(); await seed({ portId: port.id, action: 'archive', entityType: 'expense', entityId: 'expense-marina-fuel-001', }); await seed({ portId: port.id, action: 'create', entityType: 'invoice', entityId: 'inv-001', }); const { rows } = await searchAuditLogs({ portId: port.id, q: 'archive' }); expect(rows).toHaveLength(1); expect(rows[0]?.action).toBe('archive'); }); it('cursor pagination returns stable contiguous pages with no duplicates', async () => { const port = await makePort(); const now = Date.now(); // Seed 7 rows with deterministic timestamps so ordering is stable. for (let i = 0; i < 7; i++) { await seed({ portId: port.id, action: 'create', entityType: 'client', entityId: `c-${i}`, createdAt: new Date(now - i * 1000), }); } const page1 = await searchAuditLogs({ portId: port.id, limit: 3 }); expect(page1.rows).toHaveLength(3); expect(page1.nextCursor).not.toBeNull(); const page2 = await searchAuditLogs({ portId: port.id, limit: 3, cursor: page1.nextCursor!, }); expect(page2.rows).toHaveLength(3); expect(page2.nextCursor).not.toBeNull(); const page3 = await searchAuditLogs({ portId: port.id, limit: 3, cursor: page2.nextCursor!, }); expect(page3.rows).toHaveLength(1); expect(page3.nextCursor).toBeNull(); const allIds = [...page1.rows, ...page2.rows, ...page3.rows].map((r) => r.id); expect(new Set(allIds).size).toBe(7); }); it('isolates results by portId', async () => { const portA = await makePort(); const portB = await makePort(); await seed({ portId: portA.id, action: 'create', entityType: 'client' }); await seed({ portId: portB.id, action: 'create', entityType: 'client' }); const a = await searchAuditLogs({ portId: portA.id }); const b = await searchAuditLogs({ portId: portB.id }); expect(a.rows.every((r) => r.portId === portA.id)).toBe(true); expect(b.rows.every((r) => r.portId === portB.id)).toBe(true); }); it('respects from/to date range', async () => { const port = await makePort(); const now = Date.now(); await seed({ portId: port.id, action: 'create', entityType: 'client', createdAt: new Date(now - 10 * 86_400_000), }); await seed({ portId: port.id, action: 'create', entityType: 'client', createdAt: new Date(now - 1 * 86_400_000), }); await seed({ portId: port.id, action: 'create', entityType: 'client', createdAt: new Date(now), }); const { rows } = await searchAuditLogs({ portId: port.id, from: new Date(now - 2 * 86_400_000), }); expect(rows).toHaveLength(2); }); it('without portId, returns rows across ports (super-admin path)', async () => { const portA = await makePort(); const portB = await makePort(); await seed({ portId: portA.id, action: 'create', entityType: 'client', entityId: 'across-port-marker', }); await seed({ portId: portB.id, action: 'create', entityType: 'client', entityId: 'across-port-marker', }); const { rows } = await searchAuditLogs({ q: 'across-port-marker' }); const portIds = new Set(rows.map((r) => r.portId)); expect(portIds.has(portA.id)).toBe(true); expect(portIds.has(portB.id)).toBe(true); // Cleanup so the across-port query doesn't bleed into other tests. await db.delete(auditLogs).where(eq(auditLogs.portId, portA.id)); await db.delete(auditLogs).where(eq(auditLogs.portId, portB.id)); }); });