makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

feat(16-04): update all service tests to pass userId and add isolation tests

Browse Source 
- Destructure { db, userId } from createTestDb() in all 8 service test files
- Pass userId to every service function call
- Add cross-user isolation tests for items, categories, threads, setups
- Add composite unique constraint test for categories
- Update verifyApiKey assertions to check { userId } return
- Update verifyAccessToken assertions to check { userId } return
- Pass userId to exchangeCode and refreshAccessToken calls
This commit is contained in:
Jean-Luc Makiola
2026-04-05 11:01:51 +02:00
parent 884bec0b35
commit 5b702a0e98
8 changed files with 659 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
tests/services/item.service.test.ts
View File

@@ -7,18 +7,19 @@ import {
getItemById,
updateItem,
} from "../../src/server/services/item.service.ts";
import { createTestDb } from "../helpers/db.ts";
import { createSecondTestUser, createTestDb } from "../helpers/db.ts";
describe("Item Service", () => {
let db: any;
let userId: number;
beforeEach(async () => {
db = await createTestDb();
({ db, userId } = await createTestDb());
});
describe("createItem", () => {
it("creates item with all fields, returns item with id and timestamps", async () => {
const item = await createItem(db, {
const item = await createItem(db, userId, {
name: "Tent",
weightGrams: 1200,
priceCents: 35000,
@@ -40,7 +41,10 @@ describe("Item Service", () => {
});
it("only name and categoryId are required, other fields optional", async () => {
const item = await createItem(db, { name: "Spork", categoryId: 1 });
const item = await createItem(db, userId, {
name: "Spork",
categoryId: 1,
});
expect(item).toBeDefined();
expect(item?.name).toBe("Spork");
@@ -53,10 +57,10 @@ describe("Item Service", () => {
describe("getAllItems", () => {
it("returns all items with category info joined", async () => {
await createItem(db, { name: "Tent", categoryId: 1 });
await createItem(db, { name: "Sleeping Bag", categoryId: 1 });
await createItem(db, userId, { name: "Tent", categoryId: 1 });
await createItem(db, userId, { name: "Sleeping Bag", categoryId: 1 });
const all = await getAllItems(db);
const all = await getAllItems(db, userId);
expect(all).toHaveLength(2);
expect(all[0].categoryName).toBe("Uncategorized");
expect(all[0].categoryIcon).toBeDefined();
@@ -65,25 +69,28 @@ describe("Item Service", () => {
describe("getItemById", () => {
it("returns single item or null", async () => {
const created = await createItem(db, { name: "Tent", categoryId: 1 });
const found = await getItemById(db, created?.id);
const created = await createItem(db, userId, {
name: "Tent",
categoryId: 1,
});
const found = await getItemById(db, userId, created?.id);
expect(found).toBeDefined();
expect(found?.name).toBe("Tent");
const notFound = await getItemById(db, 9999);
const notFound = await getItemById(db, userId, 9999);
expect(notFound).toBeNull();
});
});
describe("updateItem", () => {
it("updates specified fields, sets updatedAt", async () => {
const created = await createItem(db, {
const created = await createItem(db, userId, {
name: "Tent",
weightGrams: 1200,
categoryId: 1,
});
const updated = await updateItem(db, created?.id, {
const updated = await updateItem(db, userId, created?.id, {
name: "Big Agnes Tent",
weightGrams: 1100,
});
@@ -94,14 +101,14 @@ describe("Item Service", () => {
});
it("returns null for non-existent id", async () => {
const result = await updateItem(db, 9999, { name: "Ghost" });
const result = await updateItem(db, userId, 9999, { name: "Ghost" });
expect(result).toBeNull();
});
});
describe("duplicateItem", () => {
it("creates a copy with '(copy)' suffix in name", async () => {
const original = await createItem(db, {
const original = await createItem(db, userId, {
name: "Tent",
weightGrams: 1200,
priceCents: 35000,
@@ -110,7 +117,7 @@ describe("Item Service", () => {
productUrl: "https://example.com/tent",
});
const copy = await duplicateItem(db, original?.id);
const copy = await duplicateItem(db, userId, original?.id);
expect(copy).toBeDefined();
expect(copy?.name).toBe("Tent (copy)");
@@ -122,38 +129,79 @@ describe("Item Service", () => {
});
it("copy has a different ID from the original", async () => {
const original = await createItem(db, { name: "Helmet", categoryId: 1 });
const copy = await duplicateItem(db, original?.id);
const original = await createItem(db, userId, {
name: "Helmet",
categoryId: 1,
});
const copy = await duplicateItem(db, userId, original?.id);
expect(copy?.id).not.toBe(original?.id);
});
it("returns null for non-existent item", async () => {
const result = await duplicateItem(db, 9999);
const result = await duplicateItem(db, userId, 9999);
expect(result).toBeNull();
});
});
describe("deleteItem", () => {
it("removes item from DB, returns deleted item", async () => {
const created = await createItem(db, {
const created = await createItem(db, userId, {
name: "Tent",
categoryId: 1,
imageFilename: "tent.jpg",
});
const deleted = await deleteItem(db, created?.id);
const deleted = await deleteItem(db, userId, created?.id);
expect(deleted).toBeDefined();
expect(deleted?.name).toBe("Tent");
expect(deleted?.imageFilename).toBe("tent.jpg");
// Verify it's gone
const found = await getItemById(db, created?.id);
const found = await getItemById(db, userId, created?.id);
expect(found).toBeNull();
});
it("returns null for non-existent id", async () => {
const result = await deleteItem(db, 9999);
const result = await deleteItem(db, userId, 9999);
expect(result).toBeNull();
});
});
describe("cross-user isolation", () => {
it("user cannot see other user's items", async () => {
const userId2 = await createSecondTestUser(db);
await createItem(db, userId, {
name: "User 1 Tent",
categoryId: 1,
});
// User 2 needs their own Uncategorized category; createSecondTestUser seeds one
const user2Categories = await db.query.categories.findMany({
where: (cats: any, { eq }: any) => eq(cats.userId, userId2),
});
const user2CatId = user2Categories[0].id;
await createItem(db, userId2, {
name: "User 2 Bag",
categoryId: user2CatId,
});
const user1Items = await getAllItems(db, userId);
const user2Items = await getAllItems(db, userId2);
expect(user1Items).toHaveLength(1);
expect(user1Items[0].name).toBe("User 1 Tent");
expect(user2Items).toHaveLength(1);
expect(user2Items[0].name).toBe("User 2 Bag");
});
it("getItemById returns null for another user's item", async () => {
const created = await createItem(db, userId, {
name: "My Item",
categoryId: 1,
});
const userId2 = await createSecondTestUser(db);
const result = await getItemById(db, userId2, created?.id);
expect(result).toBeNull();
});
});