Matt
221ae5784e
Bundles the prior autonomous-session output that was sitting unstaged: - Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances) - country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk after the per-subpath dynamic-import approach silently failed in webpack) - Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index, redirects (ocr to ai, reports to dashboard, invitations to users), docs/admin-ia-proposal.md - Per-template email tester (registry + endpoint + UI on Email admin page) - Cancel-document mode picker (delete-from-Documenso vs keep-for-audit) - Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers - Customize-widgets per-region sortables at xl+ (charts/rails/feed); single flat sortable below xl when the layout stacks; per-viewport saved orders - Audit doc updates capturing each shipped item - Lint fixes: react-compiler immutability in DonutChart (reduce instead of let-reassign), set-state-in-effect disables in CountryFlag and UploadForSigning preview-bytes effect, unused 'confirm' destructures in interest contract + reservation tabs, unescaped apostrophe in test-template card copy
197 lines
6.1 KiB
TypeScript
197 lines
6.1 KiB
TypeScript
/**
|
|
* PR10 - audit log search.
|
|
*
|
|
* Validates:
|
|
* 1. Tsvector full-text search via the GENERATED `search_text` column
|
|
* 2. All filters compose: entityType, action, userId, entityId, date range
|
|
* 3. Cursor pagination on (createdAt, id) yields stable, complete pages
|
|
* and never duplicates rows across page boundaries
|
|
* 4. Per-port scoping isolates results
|
|
*/
|
|
|
|
import { describe, it, expect, beforeEach } from 'vitest';
|
|
import { eq } from 'drizzle-orm';
|
|
|
|
import { db } from '@/lib/db';
|
|
import { auditLogs } from '@/lib/db/schema/system';
|
|
import { searchAuditLogs } from '@/lib/services/audit-search.service';
|
|
import { makePort } from '../helpers/factories';
|
|
|
|
async function seed(args: {
|
|
portId: string;
|
|
userId?: string;
|
|
action: string;
|
|
entityType: string;
|
|
entityId?: string;
|
|
createdAt?: Date;
|
|
}) {
|
|
const [row] = await db
|
|
.insert(auditLogs)
|
|
.values({
|
|
portId: args.portId,
|
|
userId: args.userId ?? null,
|
|
action: args.action,
|
|
entityType: args.entityType,
|
|
entityId: args.entityId ?? null,
|
|
createdAt: args.createdAt ?? new Date(),
|
|
})
|
|
.returning();
|
|
return row!;
|
|
}
|
|
|
|
describe('audit log search', () => {
|
|
beforeEach(async () => {
|
|
// Tests are seed-isolated by port, so no global wipe needed.
|
|
});
|
|
|
|
it('finds rows by entityType filter', async () => {
|
|
const port = await makePort();
|
|
await seed({ portId: port.id, action: 'create', entityType: 'client' });
|
|
await seed({ portId: port.id, action: 'create', entityType: 'invoice' });
|
|
await seed({ portId: port.id, action: 'update', entityType: 'client' });
|
|
|
|
const { rows } = await searchAuditLogs({ portId: port.id, entityType: 'client' });
|
|
expect(rows).toHaveLength(2);
|
|
expect(rows.every((r) => r.entityType === 'client')).toBe(true);
|
|
});
|
|
|
|
it('filters by action and userId together', async () => {
|
|
const port = await makePort();
|
|
await seed({ portId: port.id, userId: 'u1', action: 'create', entityType: 'client' });
|
|
await seed({ portId: port.id, userId: 'u2', action: 'create', entityType: 'client' });
|
|
await seed({ portId: port.id, userId: 'u1', action: 'delete', entityType: 'client' });
|
|
|
|
const { rows } = await searchAuditLogs({
|
|
portId: port.id,
|
|
action: 'create',
|
|
userId: 'u1',
|
|
});
|
|
expect(rows).toHaveLength(1);
|
|
expect(rows[0]?.userId).toBe('u1');
|
|
expect(rows[0]?.action).toBe('create');
|
|
});
|
|
|
|
it('full-text search hits the tsvector column on action + entityType + entityId', async () => {
|
|
const port = await makePort();
|
|
await seed({
|
|
portId: port.id,
|
|
action: 'archive',
|
|
entityType: 'expense',
|
|
entityId: 'expense-marina-fuel-001',
|
|
});
|
|
await seed({
|
|
portId: port.id,
|
|
action: 'create',
|
|
entityType: 'invoice',
|
|
entityId: 'inv-001',
|
|
});
|
|
|
|
const { rows } = await searchAuditLogs({ portId: port.id, q: 'archive' });
|
|
expect(rows).toHaveLength(1);
|
|
expect(rows[0]?.action).toBe('archive');
|
|
});
|
|
|
|
it('cursor pagination returns stable contiguous pages with no duplicates', async () => {
|
|
const port = await makePort();
|
|
const now = Date.now();
|
|
// Seed 7 rows with deterministic timestamps so ordering is stable.
|
|
for (let i = 0; i < 7; i++) {
|
|
await seed({
|
|
portId: port.id,
|
|
action: 'create',
|
|
entityType: 'client',
|
|
entityId: `c-${i}`,
|
|
createdAt: new Date(now - i * 1000),
|
|
});
|
|
}
|
|
const page1 = await searchAuditLogs({ portId: port.id, limit: 3 });
|
|
expect(page1.rows).toHaveLength(3);
|
|
expect(page1.nextCursor).not.toBeNull();
|
|
|
|
const page2 = await searchAuditLogs({
|
|
portId: port.id,
|
|
limit: 3,
|
|
cursor: page1.nextCursor!,
|
|
});
|
|
expect(page2.rows).toHaveLength(3);
|
|
expect(page2.nextCursor).not.toBeNull();
|
|
|
|
const page3 = await searchAuditLogs({
|
|
portId: port.id,
|
|
limit: 3,
|
|
cursor: page2.nextCursor!,
|
|
});
|
|
expect(page3.rows).toHaveLength(1);
|
|
expect(page3.nextCursor).toBeNull();
|
|
|
|
const allIds = [...page1.rows, ...page2.rows, ...page3.rows].map((r) => r.id);
|
|
expect(new Set(allIds).size).toBe(7);
|
|
});
|
|
|
|
it('isolates results by portId', async () => {
|
|
const portA = await makePort();
|
|
const portB = await makePort();
|
|
await seed({ portId: portA.id, action: 'create', entityType: 'client' });
|
|
await seed({ portId: portB.id, action: 'create', entityType: 'client' });
|
|
|
|
const a = await searchAuditLogs({ portId: portA.id });
|
|
const b = await searchAuditLogs({ portId: portB.id });
|
|
expect(a.rows.every((r) => r.portId === portA.id)).toBe(true);
|
|
expect(b.rows.every((r) => r.portId === portB.id)).toBe(true);
|
|
});
|
|
|
|
it('respects from/to date range', async () => {
|
|
const port = await makePort();
|
|
const now = Date.now();
|
|
await seed({
|
|
portId: port.id,
|
|
action: 'create',
|
|
entityType: 'client',
|
|
createdAt: new Date(now - 10 * 86_400_000),
|
|
});
|
|
await seed({
|
|
portId: port.id,
|
|
action: 'create',
|
|
entityType: 'client',
|
|
createdAt: new Date(now - 1 * 86_400_000),
|
|
});
|
|
await seed({
|
|
portId: port.id,
|
|
action: 'create',
|
|
entityType: 'client',
|
|
createdAt: new Date(now),
|
|
});
|
|
|
|
const { rows } = await searchAuditLogs({
|
|
portId: port.id,
|
|
from: new Date(now - 2 * 86_400_000),
|
|
});
|
|
expect(rows).toHaveLength(2);
|
|
});
|
|
|
|
it('without portId, returns rows across ports (super-admin path)', async () => {
|
|
const portA = await makePort();
|
|
const portB = await makePort();
|
|
await seed({
|
|
portId: portA.id,
|
|
action: 'create',
|
|
entityType: 'client',
|
|
entityId: 'across-port-marker',
|
|
});
|
|
await seed({
|
|
portId: portB.id,
|
|
action: 'create',
|
|
entityType: 'client',
|
|
entityId: 'across-port-marker',
|
|
});
|
|
const { rows } = await searchAuditLogs({ q: 'across-port-marker' });
|
|
const portIds = new Set(rows.map((r) => r.portId));
|
|
expect(portIds.has(portA.id)).toBe(true);
|
|
expect(portIds.has(portB.id)).toBe(true);
|
|
|
|
// Cleanup so the across-port query doesn't bleed into other tests.
|
|
await db.delete(auditLogs).where(eq(auditLogs.portId, portA.id));
|
|
await db.delete(auditLogs).where(eq(auditLogs.portId, portB.id));
|
|
});
|
|
});
|