TREK/server/tests/unit/services/settingsService.test.ts

/**
 * Unit tests for settingsService — SET-SVC-001 through SET-SVC-020.
 * Uses a real in-memory SQLite DB; apiKeyCrypto is mocked to a passthrough
 * so we don't need real encryption for most tests.
 */
import { describe, it, expect, vi, beforeAll, beforeEach, afterAll } from 'vitest';

// ── DB + apiKeyCrypto mock ────────────────────────────────────────────────────

const { testDb, dbMock } = vi.hoisted(() => {
  const Database = require('better-sqlite3');
  const db = new Database(':memory:');
  db.exec('PRAGMA journal_mode = WAL');
  db.exec('PRAGMA foreign_keys = ON');
  db.exec('PRAGMA busy_timeout = 5000');
  const mock = {
    db,
    closeDb: () => {},
    reinitialize: () => {},
    getPlaceWithTags: () => null,
    canAccessTrip: () => null,
    isOwner: () => false,
  };
  return { testDb: db, dbMock: mock };
});

vi.mock('../../../src/db/database', () => dbMock);
vi.mock('../../../src/config', () => ({
  JWT_SECRET: 'test-secret',
  ENCRYPTION_KEY: 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6a7b8c9d0e1f2a3b4c5d6a7b8c9d0e1f2',
  updateJwtSecret: () => {},
}));

// Passthrough crypto — value comes back unchanged for most tests
vi.mock('../../../src/services/apiKeyCrypto', () => ({
  maybe_encrypt_api_key: (v: string) => v,
}));

import { createTables } from '../../../src/db/schema';
import { runMigrations } from '../../../src/db/migrations';
import { resetTestDb } from '../../helpers/test-db';
import { createUser } from '../../helpers/factories';
import { getUserSettings, upsertSetting, bulkUpsertSettings } from '../../../src/services/settingsService';

beforeAll(() => {
  createTables(testDb);
  runMigrations(testDb);
});

beforeEach(() => {
  resetTestDb(testDb);
});

afterAll(() => {
  testDb.close();
});

// ── getUserSettings ───────────────────────────────────────────────────────────

describe('getUserSettings', () => {
  it('SET-SVC-001 — returns empty object when user has no settings', () => {
    const { user } = createUser(testDb);
    expect(getUserSettings(user.id)).toEqual({});
  });

  it('SET-SVC-002 — returns stored plain string values', () => {
    const { user } = createUser(testDb);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'theme', 'dark')").run(user.id);
    const s = getUserSettings(user.id);
    expect(s.theme).toBe('dark');
  });

  it('SET-SVC-003 — JSON-parses values that are valid JSON', () => {
    const { user } = createUser(testDb);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'count', '42')").run(user.id);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'flag', 'true')").run(user.id);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'obj', '{\"x\":1}')").run(user.id);
    const s = getUserSettings(user.id);
    expect(s.count).toBe(42);
    expect(s.flag).toBe(true);
    expect(s.obj).toEqual({ x: 1 });
  });

  it('SET-SVC-004 — falls back to raw string when value is not valid JSON', () => {
    const { user } = createUser(testDb);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'raw', 'not-json')").run(user.id);
    const s = getUserSettings(user.id);
    expect(s.raw).toBe('not-json');
  });

  it('SET-SVC-005 — webhook_url with a value is masked as ••••••••', () => {
    const { user } = createUser(testDb);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'webhook_url', 'https://secret.example.com')").run(user.id);
    const s = getUserSettings(user.id);
    expect(s.webhook_url).toBe('••••••••');
  });

  it('SET-SVC-006 — webhook_url with empty value returns empty string', () => {
    const { user } = createUser(testDb);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'webhook_url', '')").run(user.id);
    const s = getUserSettings(user.id);
    expect(s.webhook_url).toBe('');
  });

  it('SET-SVC-007 — only returns settings for the requesting user', () => {
    const { user: a } = createUser(testDb);
    const { user: b } = createUser(testDb);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'key_a', '\"a\"')").run(a.id);
    testDb.prepare("INSERT INTO settings (user_id, key, value) VALUES (?, 'key_b', '\"b\"')").run(b.id);
    const s = getUserSettings(a.id);
    expect(s).toHaveProperty('key_a');
    expect(s).not.toHaveProperty('key_b');
  });
});

// ── upsertSetting ─────────────────────────────────────────────────────────────

describe('upsertSetting', () => {
  it('SET-SVC-008 — inserts a new setting', () => {
    const { user } = createUser(testDb);
    upsertSetting(user.id, 'language', 'en');
    const s = getUserSettings(user.id);
    expect(s.language).toBe('en');
  });

  it('SET-SVC-009 — updates an existing setting (ON CONFLICT)', () => {
    const { user } = createUser(testDb);
    upsertSetting(user.id, 'language', 'en');
    upsertSetting(user.id, 'language', 'fr');
    const s = getUserSettings(user.id);
    expect(s.language).toBe('fr');
  });

  it('SET-SVC-010 — serializes object values as JSON', () => {
    const { user } = createUser(testDb);
    upsertSetting(user.id, 'prefs', { dark: true, size: 14 });
    const raw = testDb.prepare("SELECT value FROM settings WHERE user_id = ? AND key = 'prefs'").get(user.id) as any;
    expect(raw.value).toBe('{"dark":true,"size":14}');
  });

  it('SET-SVC-011 — serializes boolean values as strings', () => {
    const { user } = createUser(testDb);
    upsertSetting(user.id, 'notifications', true);
    const raw = testDb.prepare("SELECT value FROM settings WHERE user_id = ? AND key = 'notifications'").get(user.id) as any;
    expect(raw.value).toBe('true');
  });

  it('SET-SVC-012 — webhook_url passes through maybe_encrypt_api_key', () => {
    const { user } = createUser(testDb);
    upsertSetting(user.id, 'webhook_url', 'https://hook.example.com');
    // With passthrough mock, value is stored as-is
    const raw = testDb.prepare("SELECT value FROM settings WHERE user_id = ? AND key = 'webhook_url'").get(user.id) as any;
    expect(raw.value).toBe('https://hook.example.com');
    // But getUserSettings masks it
    const s = getUserSettings(user.id);
    expect(s.webhook_url).toBe('••••••••');
  });
});

// ── bulkUpsertSettings ────────────────────────────────────────────────────────

describe('bulkUpsertSettings', () => {
  it('SET-SVC-013 — inserts multiple settings in one call', () => {
    const { user } = createUser(testDb);
    bulkUpsertSettings(user.id, { a: 'alpha', b: 'beta', c: 'gamma' });
    const s = getUserSettings(user.id);
    expect(s.a).toBe('alpha');
    expect(s.b).toBe('beta');
    expect(s.c).toBe('gamma');
  });

  it('SET-SVC-014 — returns the count of settings processed', () => {
    const { user } = createUser(testDb);
    const count = bulkUpsertSettings(user.id, { x: 1, y: 2, z: 3 });
    expect(count).toBe(3);
  });

  it('SET-SVC-015 — updates existing keys (ON CONFLICT)', () => {
    const { user } = createUser(testDb);
    upsertSetting(user.id, 'theme', 'light');
    bulkUpsertSettings(user.id, { theme: 'dark', lang: 'en' });
    const s = getUserSettings(user.id);
    expect(s.theme).toBe('dark');
    expect(s.lang).toBe('en');
  });

  it('SET-SVC-016 — returns 0 for empty settings object', () => {
    const { user } = createUser(testDb);
    const count = bulkUpsertSettings(user.id, {});
    expect(count).toBe(0);
  });

  it('SET-SVC-017 — all changes are committed atomically (transaction)', () => {
    const { user } = createUser(testDb);
    bulkUpsertSettings(user.id, { p: '1', q: '2' });
    const rows = testDb.prepare('SELECT key FROM settings WHERE user_id = ?').all(user.id) as any[];
    const keys = rows.map((r: any) => r.key);
    expect(keys).toContain('p');
    expect(keys).toContain('q');
  });

  it('SET-SVC-018 — settings from different users do not interfere', () => {
    const { user: a } = createUser(testDb);
    const { user: b } = createUser(testDb);
    bulkUpsertSettings(a.id, { shared_key: 'from-a' });
    bulkUpsertSettings(b.id, { shared_key: 'from-b' });
    expect((getUserSettings(a.id) as any).shared_key).toBe('from-a');
    expect((getUserSettings(b.id) as any).shared_key).toBe('from-b');
  });

  it('SET-SVC-019 — rolls back and re-throws when DB write fails mid-transaction', () => {
    const { user } = createUser(testDb);
    const origPrepare = testDb.prepare.bind(testDb);
    let intercepted = false;
    vi.spyOn(testDb, 'prepare').mockImplementationOnce((sql: string) => {
      const stmt = origPrepare(sql);
      intercepted = true;
      return { run: () => { throw new Error('forced DB error'); } } as any;
    });
    expect(() => bulkUpsertSettings(user.id, { k: 'v' })).toThrow('forced DB error');
    expect(intercepted).toBe(true);
    vi.restoreAllMocks();
  });
});