mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
jubnl
3c040fab11
* fix(share): serve place thumbnails in shared trip links (#1100) Google-sourced place photos are stored as image_url pointing at the JWT-guarded /api/maps/place-photo/:placeId/bytes endpoint, so they 401 for an unauthenticated shared-trip viewer and render as broken images. Rewrite place image_url values in the shared payload to a public, token-scoped proxy (/api/shared/:token/place-photo/:placeId/bytes) and add an unguarded SharedController route that validates the token and that the place belongs to its trip before streaming the cached bytes. Mirrors the existing JourneyPublicController precedent. No client changes needed. * fix(atlas): replace Natural Earth with geoBoundaries for up-to-date regions (#1119) Atlas sourced country and sub-national boundaries from Natural Earth's GitHub `master` at runtime. That data is stale (e.g. it still shows Norway's pre-2020 counties such as Oppland/Hordaland) and depicts some contested territory in unwanted ways (nvkelso/natural-earth-vector#391), so Natural Earth is dropped entirely. - Country borders (admin0) now come from the geoBoundaries CGAZ composite; sub-national regions (admin1) from per-country gbOpen, which carries ISO 3166-2 codes. A new script (server/scripts/build-atlas-geo.mjs) normalizes and quantizes them into committed gzipped bundles under server/assets/atlas, read server-side at runtime (no network at boot, no GitHub CSP allowlist entry). - New GET /addons/atlas/countries/geo serves the country layer; the client fetches it from the API instead of GitHub. - A migration reconciles manually-marked visited_regions against the new bundle (valid code -> keep; region name still matches -> re-code; curated merge crosswalk for renamed reforms; else leave intact), with UNIQUE-safe dedup. bucket_list and visited_countries hold only invariant alpha-2 country codes, so they are untouched. - Attribution added (NOTICE.md + README) per geoBoundaries CC BY 4.0. Closes #1119 * fix(packing): make templates admin-only to create, usable by members Creating a packing-list template was gated only by trip access, so any trip member could create one from the Lists feature, while applying a template silently failed for non-admins because the apply dropdown was populated from the AdminGuard-protected /api/admin/packing-templates endpoint. - save-as-template now returns 403 for non-admins; the Save-as-Template button is hidden unless the user is an admin (both the TripPlanner toolbar and the inline packing header). - add member-accessible GET /api/trips/:tripId/packing/templates so the apply dropdown lists templates for any trip member; client fetches from it instead of the admin endpoint. Closes #1120 Closes #1121 * fix(packing): show bag tracking to non-admin members The global Bag Tracking toggle was only readable via the admin-gated GET /api/admin/bag-tracking, so non-admin trip members got 403 and the weight fields, bag circles, and BAGS sidebar never rendered (#1124). Surface the flag through the already-authenticated GET /api/addons (loaded into the client addon store on app start for every user); the packing hook reads it from the store instead of the admin endpoint. The admin write path stays admin-gated and unchanged.
134 lines
5.4 KiB
TypeScript
134 lines
5.4 KiB
TypeScript
/**
|
|
* Atlas module e2e — exercises the migrated /api/addons/atlas endpoints through
|
|
* the real JwtAuthGuard against a temp SQLite db. atlasService is mocked; this
|
|
* focuses on auth, status codes (mark POSTs stay 200), the cache headers and the
|
|
* bespoke 400/404 bodies.
|
|
*/
|
|
import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest';
|
|
import request from 'supertest';
|
|
import cookieParser from 'cookie-parser';
|
|
import type { Server } from 'http';
|
|
import { Test } from '@nestjs/testing';
|
|
import { seedUser, sessionCookie } from './harness';
|
|
|
|
const { db } = vi.hoisted(() => {
|
|
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
const Database = require('better-sqlite3');
|
|
const tmp = new Database(':memory:');
|
|
tmp.exec('PRAGMA journal_mode = WAL');
|
|
tmp.exec(`CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL,
|
|
email TEXT NOT NULL UNIQUE, role TEXT NOT NULL DEFAULT 'user', password_version INTEGER NOT NULL DEFAULT 0);`);
|
|
return { db: tmp };
|
|
});
|
|
|
|
vi.mock('../../src/db/database', () => ({ db, closeDb: () => {}, reinitialize: () => {} }));
|
|
|
|
const { mocks } = vi.hoisted(() => ({
|
|
mocks: {
|
|
getStats: vi.fn(),
|
|
getCountryPlaces: vi.fn(),
|
|
markCountryVisited: vi.fn(),
|
|
unmarkCountryVisited: vi.fn(),
|
|
markRegionVisited: vi.fn(),
|
|
unmarkRegionVisited: vi.fn(),
|
|
getVisitedRegions: vi.fn(),
|
|
getRegionGeo: vi.fn(),
|
|
getCountryGeo: vi.fn(),
|
|
listBucketList: vi.fn(),
|
|
createBucketItem: vi.fn(),
|
|
updateBucketItem: vi.fn(),
|
|
deleteBucketItem: vi.fn(),
|
|
},
|
|
}));
|
|
vi.mock('../../src/services/atlasService', () => mocks);
|
|
|
|
import { AtlasModule } from '../../src/nest/atlas/atlas.module';
|
|
import { TrekExceptionFilter } from '../../src/nest/common/trek-exception.filter';
|
|
|
|
describe('Atlas e2e (real auth guard + temp SQLite)', () => {
|
|
let server: Server;
|
|
let app: Awaited<ReturnType<typeof build>>;
|
|
|
|
async function build() {
|
|
const moduleRef = await Test.createTestingModule({ imports: [AtlasModule] }).compile();
|
|
const nest = moduleRef.createNestApplication();
|
|
nest.use(cookieParser());
|
|
nest.useGlobalFilters(new TrekExceptionFilter());
|
|
await nest.init();
|
|
return nest;
|
|
}
|
|
|
|
beforeAll(async () => {
|
|
seedUser(db as never, { id: 1 });
|
|
app = await build();
|
|
server = app.getHttpServer();
|
|
mocks.getStats.mockResolvedValue({ countries: 3 });
|
|
mocks.markCountryVisited.mockReturnValue(undefined);
|
|
mocks.listBucketList.mockReturnValue([{ id: 1, name: 'Tokyo' }]);
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await app.close();
|
|
});
|
|
|
|
it('401 without a session cookie', async () => {
|
|
const res = await request(server).get('/api/addons/atlas/stats');
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('200 countries/geo returns the admin-0 FeatureCollection', async () => {
|
|
mocks.getCountryGeo.mockReturnValue({ type: 'FeatureCollection', features: [{ id: 'NO' }] });
|
|
const res = await request(server).get('/api/addons/atlas/countries/geo').set('Cookie', sessionCookie(1));
|
|
expect(res.status).toBe(200);
|
|
expect(res.body.type).toBe('FeatureCollection');
|
|
expect(res.headers['cache-control']).toContain('max-age=86400');
|
|
});
|
|
|
|
it('200 stats for an authenticated user', async () => {
|
|
const res = await request(server).get('/api/addons/atlas/stats').set('Cookie', sessionCookie(1));
|
|
expect(res.status).toBe(200);
|
|
expect(res.body).toEqual({ countries: 3 });
|
|
});
|
|
|
|
it('200 (not 201) on POST country mark, with upper-cased code', async () => {
|
|
const res = await request(server).post('/api/addons/atlas/country/de/mark').set('Cookie', sessionCookie(1));
|
|
expect(res.status).toBe(200);
|
|
expect(res.body).toEqual({ success: true });
|
|
expect(mocks.markCountryVisited).toHaveBeenCalledWith(1, 'DE');
|
|
});
|
|
|
|
it('400 on region mark without name/country_code', async () => {
|
|
const res = await request(server).post('/api/addons/atlas/region/by/mark').set('Cookie', sessionCookie(1)).send({ name: 'Bavaria' });
|
|
expect(res.status).toBe(400);
|
|
expect(res.body).toEqual({ error: 'name and country_code are required' });
|
|
});
|
|
|
|
it('no-store cache header on /regions', async () => {
|
|
mocks.getVisitedRegions.mockResolvedValue({ regions: {} });
|
|
const res = await request(server).get('/api/addons/atlas/regions').set('Cookie', sessionCookie(1));
|
|
expect(res.status).toBe(200);
|
|
expect(res.headers['cache-control']).toBe('no-cache, no-store');
|
|
});
|
|
|
|
it('empty FeatureCollection (no cache header) when /regions/geo has no countries', async () => {
|
|
const res = await request(server).get('/api/addons/atlas/regions/geo').set('Cookie', sessionCookie(1));
|
|
expect(res.status).toBe(200);
|
|
expect(res.body).toEqual({ type: 'FeatureCollection', features: [] });
|
|
expect(res.headers['cache-control']).toBeUndefined();
|
|
});
|
|
|
|
it('201 on bucket-list create', async () => {
|
|
mocks.createBucketItem.mockReturnValue({ id: 2, name: 'Kyoto' });
|
|
const res = await request(server).post('/api/addons/atlas/bucket-list').set('Cookie', sessionCookie(1)).send({ name: 'Kyoto' });
|
|
expect(res.status).toBe(201);
|
|
expect(res.body).toEqual({ item: { id: 2, name: 'Kyoto' } });
|
|
});
|
|
|
|
it('404 on delete of a missing bucket item', async () => {
|
|
mocks.deleteBucketItem.mockReturnValue(false);
|
|
const res = await request(server).delete('/api/addons/atlas/bucket-list/9').set('Cookie', sessionCookie(1));
|
|
expect(res.status).toBe(404);
|
|
expect(res.body).toEqual({ error: 'Item not found' });
|
|
});
|
|
});
|