letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d912f02b973a3bc40dfc0d969f70a7a5848ba1fd
pn-new-crm/tests/integration/api/yachts.test.ts
Matt d3960af340 feat: warm-up deps — ts-reset, web-vitals, RHF devtool, query-broadcast 
Four low-risk adds before the Zod 4 / drizzle-zod headliner:

- @total-typescript/ts-reset: tightens TS stdlib types globally (JSON.parse
  → unknown, fetch().json() → unknown, .filter(Boolean) narrows, Set
  literals respect typed Set targets). Caught 179 latent type errors;
  fixed all production sites (8 files) and added `any` cast escape hatch
  in test files (ESLint exemption scoped to tests/).
- web-vitals + /api/v1/internal/vitals endpoint + WebVitalsReporter
  client component: establishes Core Web Vitals baseline (LCP/INP/CLS/
  FCP/TTFB) via navigator.sendBeacon. Required before optimisation work.
- @hookform/devtools + FormDevtool wrapper: dev-only RHF state inspector,
  lazy-loaded via next/dynamic so the chunk is excluded from prod
  bundles entirely.
- @tanstack/query-broadcast-client-experimental: cross-tab cache sync
  via BroadcastChannel — wired in query-provider.tsx, 1-liner.

Audit doc updated with sections 35 + 36 (PDF stack overhaul + comprehensive
second-pass package sweep) covering ~20 package adoption candidates and
4-5 deprecation candidates.

Verified: tsc clean, vitest 1293/1293 pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 18:16:18 +02:00

100 lines
4.0 KiB
TypeScript
Raw Blame History

import { describe, it, expect } from 'vitest';
import { listHandler, createHandler } from '@/app/api/v1/yachts/handlers';
import { POST } from '@/app/api/v1/yachts/route';
import { withPermission } from '@/lib/api/helpers';
import { makeMockCtx, makeMockRequest } from '../../helpers/route-tester';
import {
makePort,
makeClient,
makeYacht,
makeFullPermissions,
makeViewerPermissions,
} from '../../helpers/factories';
describe('POST /api/v1/yachts (createHandler)', () => {
it('creates a yacht and returns 201', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
const ctx = makeMockCtx({ portId: port.id, permissions: makeFullPermissions() });
const req = makeMockRequest('POST', 'http://localhost/api/v1/yachts', {
body: { name: 'Sea Breeze', owner: { type: 'client', id: client.id } },
});
const res = await createHandler(req, ctx, {});
expect(res.status).toBe(201);
const body = (await res.json()) as any;
expect(body.data.name).toBe('Sea Breeze');
expect(body.data.currentOwnerId).toBe(client.id);
});
it('returns 400 on invalid body (empty name)', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
const ctx = makeMockCtx({ portId: port.id, permissions: makeFullPermissions() });
const req = makeMockRequest('POST', 'http://localhost/api/v1/yachts', {
body: { name: '', owner: { type: 'client', id: client.id } },
});
const res = await createHandler(req, ctx, {});
expect(res.status).toBe(400);
});
it('returns 400 when owner.id does not exist', async () => {
const port = await makePort();
const ctx = makeMockCtx({ portId: port.id, permissions: makeFullPermissions() });
const req = makeMockRequest('POST', 'http://localhost/api/v1/yachts', {
body: { name: 'Phantom', owner: { type: 'client', id: 'nonexistent' } },
});
const res = await createHandler(req, ctx, {});
expect(res.status).toBe(400);
});
});
describe('GET /api/v1/yachts (listHandler)', () => {
it('returns tenant-scoped yachts with pagination metadata', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
await makeYacht({
portId: port.id,
ownerType: 'client',
ownerId: client.id,
name: 'Listed',
});
const ctx = makeMockCtx({ portId: port.id, permissions: makeFullPermissions() });
const req = makeMockRequest('GET', 'http://localhost/api/v1/yachts?page=1&limit=20&order=desc');
const res = await listHandler(req, ctx, {});
expect(res.status).toBe(200);
const body = (await res.json()) as any;
expect(body.data.some((y: { name: string }) => y.name === 'Listed')).toBe(true);
expect(body.pagination.page).toBe(1);
expect(body.pagination.pageSize).toBe(20);
expect(typeof body.pagination.total).toBe('number');
});
it('returns 400 for invalid query params (non-numeric page)', async () => {
const port = await makePort();
const ctx = makeMockCtx({ portId: port.id, permissions: makeFullPermissions() });
const req = makeMockRequest(
'GET',
'http://localhost/api/v1/yachts?page=abc&limit=20&order=desc',
);
const res = await listHandler(req, ctx, {});
expect(res.status).toBe(400);
});
});
describe('POST /api/v1/yachts — permission gate', () => {
it('viewer (no yachts.create) receives 403 through full pipeline', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
const gated = withPermission('yachts', 'create', createHandler);
const ctx = makeMockCtx({ portId: port.id, permissions: makeViewerPermissions() });
const req = makeMockRequest('POST', 'http://localhost/api/v1/yachts', {
body: { name: 'X', owner: { type: 'client', id: client.id } },
});
const res = await gated(req, ctx, {});
expect(res.status).toBe(403);
// Sanity check that the withAuth-wrapped HTTP export exists.
expect(POST).toBeDefined();
});
});
Reference in New Issue View Git Blame Copy Permalink