Migrate TREK 3 to NestJS + React 19 with a shared Zod contract layer

Brownfield strangler migration of the backend onto NestJS modules (auth, trips, days, places, assignments, packing, todo, budget, reservations, collab, files, photos, journey, share, settings, backup, oidc, oauth, admin, atlas, vacay, weather, airports, maps, categories, tags, notifications, system-notices) served through a per-prefix dispatcher, keeping the existing SQLite/better-sqlite3 DB and JWT httpOnly cookie auth, with behavioural parity for every route. Client: React 19 upgrade, "page = wiring container + data hook" pattern across all pages, per-domain Zustand stores bound to @trek/shared contracts, and decomposition of the large components (DayPlanSidebar, PackingListPanel, CollabNotes, FileManager, MemoriesPanel, PlacesSidebar, CollabChat, SystemNoticeModal, BudgetPanel, PlaceFormModal, ...) into focused render units backed by in-file hooks. Apply the shared global request pipeline (helmet/CSP, CORS, HSTS, forced HTTPS, the global MFA policy and request logging) to the NestJS instance as well, so a migrated route is protected identically to the legacy fallback rather than bypassing it.
2026-06-22 06:41:46 +00:00 · 2026-05-30 02:39:26 +02:00
parent 6d2dd37414
commit fc7d8b5d12
347 changed files with 31278 additions and 10381 deletions
@@ -0,0 +1,121 @@
+/**
+ * C7 parity — backup (admin-only).
+ *
+ * Same request at the legacy Express /api/backup route and the migrated Nest
+ * controller, with backupService, auditLog and auth mocked identically (the
+ * fixed user is an admin so both the legacy adminOnly and the Nest AdminGuard
+ * pass). Multipart upload + res.download success differ per framework, so this
+ * pins routing, the rate-limit 429, filename 400/404, restore status mapping
+ * and the auto-settings/list/delete JSON.
+ */
+import { describe, it, beforeAll, afterAll, beforeEach, vi } from 'vitest';
+import express from 'express';
+import type { Server } from 'http';
+import { Test } from '@nestjs/testing';
+import { expectParity } from './parity';
+
+const { fixedAdmin } = vi.hoisted(() => ({ fixedAdmin: { id: 1, username: 'a', email: 'a@example.test', role: 'admin' } }));
+
+vi.mock('../../src/db/database', () => ({
+  db: { prepare: () => ({ get: () => undefined, all: () => [], run: () => undefined }) }, closeDb: () => {}, reinitialize: () => {},
+}));
+
+vi.mock('../../src/middleware/auth', () => ({
+  authenticate: (req: express.Request, _res: express.Response, next: express.NextFunction) => {
+    (req as express.Request & { user: unknown }).user = fixedAdmin;
+    next();
+  },
+  adminOnly: (_req: express.Request, _res: express.Response, next: express.NextFunction) => next(),
+  extractToken: () => 'token',
+  verifyJwtAndLoadUser: () => fixedAdmin,
+}));
+
+vi.mock('../../src/services/auditLog', () => ({ writeAudit: vi.fn(), getClientIp: vi.fn(() => '1.2.3.4') }));
+
+const { backupSvc } = vi.hoisted(() => ({
+  backupSvc: {
+    listBackups: vi.fn(), createBackup: vi.fn(), restoreFromZip: vi.fn(), getAutoSettings: vi.fn(),
+    updateAutoSettings: vi.fn(), deleteBackup: vi.fn(), isValidBackupFilename: vi.fn(), backupFilePath: vi.fn(),
+    backupFileExists: vi.fn(), checkRateLimit: vi.fn(), getUploadTmpDir: () => '/tmp', BACKUP_RATE_WINDOW: 3600000,
+    MAX_BACKUP_UPLOAD_SIZE: 1024,
+  },
+}));
+vi.mock('../../src/services/backupService', () => backupSvc);
+
+import backupRoutes from '../../src/routes/backup';
+import { BackupModule } from '../../src/nest/backup/backup.module';
+import { TrekExceptionFilter } from '../../src/nest/common/trek-exception.filter';
+
+describe('C7 parity (Express vs Nest)', () => {
+  let expressServer: express.Express;
+  let nestServer: Server;
+  let nestApp: Awaited<ReturnType<typeof buildNest>>;
+
+  function buildExpress() {
+    const app = express();
+    app.use(express.json());
+    app.use('/api/backup', backupRoutes);
+    return app;
+  }
+
+  async function buildNest() {
+    const moduleRef = await Test.createTestingModule({ imports: [BackupModule] }).compile();
+    const nest = moduleRef.createNestApplication();
+    nest.useGlobalFilters(new TrekExceptionFilter());
+    await nest.init();
+    return nest;
+  }
+
+  beforeAll(async () => {
+    vi.spyOn(console, 'error').mockImplementation(() => {});
+    expressServer = buildExpress();
+    nestApp = await buildNest();
+    nestServer = nestApp.getHttpServer();
+    backupSvc.listBackups.mockReturnValue([{ filename: 'a.zip', size: 1 }]);
+    backupSvc.createBackup.mockResolvedValue({ filename: 'b.zip', size: 10 });
+    backupSvc.getAutoSettings.mockReturnValue({ settings: { enabled: true }, timezone: 'UTC' });
+    backupSvc.updateAutoSettings.mockReturnValue({ enabled: true, interval: 'daily', keep_days: 7 });
+    backupSvc.restoreFromZip.mockResolvedValue({ success: true });
+  });
+
+  beforeEach(() => {
+    backupSvc.isValidBackupFilename.mockReturnValue(true);
+    backupSvc.backupFileExists.mockReturnValue(true);
+    backupSvc.checkRateLimit.mockReturnValue(true);
+  });
+
+  afterAll(async () => {
+    await nestApp.close();
+  });
+
+  it('GET /backup/list', () => expectParity(expressServer, nestServer, { path: '/api/backup/list' }));
+  it('POST /backup/create', () => expectParity(expressServer, nestServer, { method: 'post', path: '/api/backup/create' }));
+  it('POST /backup/create 429 rate-limited', () => {
+    backupSvc.checkRateLimit.mockReturnValue(false);
+    return expectParity(expressServer, nestServer, { method: 'post', path: '/api/backup/create' });
+  });
+  it('GET /backup/download/:f 400 invalid', () => {
+    backupSvc.isValidBackupFilename.mockReturnValue(false);
+    return expectParity(expressServer, nestServer, { path: '/api/backup/download/bad' });
+  });
+  it('GET /backup/download/:f 404 missing', () => {
+    backupSvc.backupFileExists.mockReturnValue(false);
+    return expectParity(expressServer, nestServer, { path: '/api/backup/download/x.zip' });
+  });
+  it('POST /backup/restore/:f', () => expectParity(expressServer, nestServer, { method: 'post', path: '/api/backup/restore/x.zip' }));
+  it('POST /backup/restore/:f 400 invalid', () => {
+    backupSvc.isValidBackupFilename.mockReturnValue(false);
+    return expectParity(expressServer, nestServer, { method: 'post', path: '/api/backup/restore/bad' });
+  });
+  it('POST /backup/restore/:f maps the service status', () => {
+    backupSvc.restoreFromZip.mockResolvedValueOnce({ success: false, status: 422, error: 'bad zip' }).mockResolvedValueOnce({ success: false, status: 422, error: 'bad zip' });
+    return expectParity(expressServer, nestServer, { method: 'post', path: '/api/backup/restore/x.zip' });
+  });
+  it('GET /backup/auto-settings', () => expectParity(expressServer, nestServer, { path: '/api/backup/auto-settings' }));
+  it('PUT /backup/auto-settings', () => expectParity(expressServer, nestServer, { method: 'put', path: '/api/backup/auto-settings', body: { enabled: true } }));
+  it('DELETE /backup/:f', () => expectParity(expressServer, nestServer, { method: 'delete', path: '/api/backup/x.zip' }));
+  it('DELETE /backup/:f 404', () => {
+    backupSvc.backupFileExists.mockReturnValue(false);
+    return expectParity(expressServer, nestServer, { method: 'delete', path: '/api/backup/x.zip' });
+  });
+});