@nexttylabs/echo 0.4.0 → 0.5.0

package/tests/e2e/permissions.e2e.ts

@@ -1,424 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { randomUUID } from "crypto";
-import type { APIRequestContext, Page } from "@playwright/test";
-import { test, expect, TestHelpers, uniqueEmail, uniqueName } from "./helpers/test-utils";
-import { TestDataManager } from "./fixtures/test-data";
-
-const password = "StrongPass123!";
-const baseUrl = "http://localhost:3000";
-
-type TestUser = {
-  email: string;
-  name: string;
-  password: string;
-};
-
-async function registerUser(request: APIRequestContext, user: TestUser) {
-  const response = await request.post("/api/auth/register", { data: user });
-  if (!response.ok()) {
-    throw new Error("Failed to register test user");
-  }
-  return response.json();
-}
-
-async function registerAndLoginUser(
-  helpers: TestHelpers,
-  request: APIRequestContext,
-  user: TestUser,
-) {
-  const json = await registerUser(request, user);
-  await helpers.login(user.email, user.password);
-  return {
-    organizationId: json?.data?.organization?.id as string,
-    organizationSlug: json?.data?.organization?.slug as string,
-    userId: json?.data?.user?.id as string,
-    organizationName: json?.data?.organization?.name as string,
-  };
-}
-
-async function setOrgCookie(page: Page, organizationId: string) {
-  await page.context().addCookies([
-    {
-      name: "orgId",
-      value: organizationId,
-      url: baseUrl,
-    },
-  ]);
-}
-
-async function inviteUser(
-  request: APIRequestContext,
-  organizationId: string,
-  email: string,
-  role: string,
-) {
-  const response = await request.post(`/api/organizations/${organizationId}/invitations`, {
-    data: { email, role },
-  });
-  if (!response.ok()) {
-    throw new Error("Failed to invite user to organization");
-  }
-  const json = await response.json();
-  return json?.data?.token as string;
-}
-
-async function acceptInvite(
-  request: APIRequestContext,
-  token: string,
-) {
-  const response = await request.post("/api/invitations/accept", {
-    data: { token },
-  });
-  if (!response.ok()) {
-    throw new Error("Failed to accept invitation");
-  }
-}
-
-test.describe("E2E-UF-026: Unauthorized access protection", () => {
-  test("redirects to login when accessing protected pages without authentication", async ({ page }) => {
-    const protectedRoutes = [
-      "/dashboard",
-      "/settings/profile",
-      "/settings/organization",
-      "/admin/feedback",
-      "/admin/feedback/123/edit",
-    ];
-
-    for (const route of protectedRoutes) {
-      await page.goto(route);
-      await page.waitForURL(/\/login/);
-      await expect(page.locator('input[name="email"], #email')).toBeVisible();
-      await expect(page.locator('input[name="password"], #password')).toBeVisible();
-    }
-  });
-
-  test("returns 401 for API endpoints without authentication", async ({ request }) => {
-    const endpoints = [
-      { method: "get", url: "/api/feedback" },
-      { method: "get", url: "/api/api-keys" },
-      { method: "post", url: "/api/organizations", data: { name: `Unauthorized Org ${Date.now()}` } },
-      { method: "post", url: `/api/organizations/${randomUUID()}/invitations`, data: { email: uniqueEmail(), role: "developer" } },
-    ] as const;
-
-    for (const endpoint of endpoints) {
-      const response =
-        endpoint.method === "get"
-          ? await request.get(endpoint.url)
-          : await request.post(endpoint.url, { data: endpoint.data });
-      expect(response.status()).toBe(401);
-    }
-  });
-
-  test("prevents direct URL access to admin pages", async ({ page }) => {
-    await page.goto("/admin/feedback");
-    await page.waitForURL(/\/login/);
-
-    await page.goto("/admin/feedback/123/edit");
-    await page.waitForURL(/\/login/);
-  });
-});
-
-test.describe("E2E-UF-027: Role-based feedback permissions", () => {
-  let helpers: TestHelpers;
-  let testDataManager: TestDataManager;
-  let adminUser: TestUser;
-  let memberUser: TestUser;
-  let supportUser: TestUser;
-  let organizationId: string;
-  let feedbackId: number;
-  let memberInviteToken: string;
-  let supportInviteToken: string;
-
-  test.beforeEach(async ({ page, request }) => {
-    helpers = new TestHelpers(page, request);
-    testDataManager = new TestDataManager(page.request);
-
-    adminUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    const adminInfo = await registerAndLoginUser(helpers, request, adminUser);
-    organizationId = adminInfo.organizationId;
-    await setOrgCookie(page, organizationId);
-
-    const feedback = await testDataManager.createFeedback({
-      title: "Test Feedback for Permissions",
-      description: "This feedback tests role-based permissions",
-      organizationId,
-    });
-    feedbackId = feedback.feedbackId;
-
-    memberUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-    supportUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    memberInviteToken = await inviteUser(page.request, organizationId, memberUser.email, "developer");
-    supportInviteToken = await inviteUser(page.request, organizationId, supportUser.email, "customer_support");
-
-    await registerUser(request, memberUser);
-    await registerUser(request, supportUser);
-
-    await page.context().clearCookies();
-  });
-
-  test.afterEach(async () => {
-    await testDataManager.cleanupAll();
-  });
-
-  test("admin can modify feedback status", async ({ page }) => {
-    await helpers.login(adminUser.email, adminUser.password);
-    await setOrgCookie(page, organizationId);
-
-    await page.goto(`/admin/feedback/${feedbackId}`);
-
-    const statusSelect = page.getByRole("combobox");
-    await expect(statusSelect).toBeVisible();
-
-    await statusSelect.click();
-    await page.getByRole("option", { name: "处理中" }).click();
-
-    await expect(statusSelect).toContainText("处理中");
-  });
-
-  test("member cannot modify feedback status", async ({ page }) => {
-    await helpers.login(memberUser.email, memberUser.password);
-    await acceptInvite(page.request, memberInviteToken);
-    await setOrgCookie(page, organizationId);
-
-    await page.goto(`/admin/feedback/${feedbackId}`);
-    await expect(page.getByRole("combobox")).toHaveCount(0);
-    await expect(page.getByText("新接收")).toBeVisible();
-
-    const response = await page.request.put(`/api/feedback/${feedbackId}`, {
-      data: { status: "in-progress" },
-      headers: { "x-organization-id": organizationId },
-    });
-
-    expect(response.status()).toBe(403);
-  });
-
-  test("support can only view feedback", async ({ page }) => {
-    await helpers.login(supportUser.email, supportUser.password);
-    await acceptInvite(page.request, supportInviteToken);
-    await setOrgCookie(page, organizationId);
-
-    await page.goto(`/admin/feedback/${feedbackId}`);
-    await expect(page.getByRole("combobox")).toHaveCount(0);
-    await expect(page.getByText("新接收")).toBeVisible();
-
-    const patchResponse = await page.request.put(`/api/feedback/${feedbackId}`, {
-      data: { status: "in-progress" },
-      headers: { "x-organization-id": organizationId },
-    });
-    expect(patchResponse.status()).toBe(403);
-
-    const deleteResponse = await page.request.delete(`/api/feedback/${feedbackId}`, {
-      headers: { "x-organization-id": organizationId },
-    });
-    expect(deleteResponse.status()).toBe(403);
-  });
-});
-
-test.describe("E2E-UF-028: Organization management permissions", () => {
-  let helpers: TestHelpers;
-  let adminUser: TestUser;
-  let memberUser: TestUser;
-  let organizationId: string;
-  let adminUserId: string;
-  let memberUserId: string;
-  let memberInviteToken: string;
-
-  test.beforeEach(async ({ page, request }) => {
-    helpers = new TestHelpers(page, request);
-
-    adminUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    const adminInfo = await registerAndLoginUser(helpers, request, adminUser);
-    organizationId = adminInfo.organizationId;
-    adminUserId = adminInfo.userId;
-    await setOrgCookie(page, organizationId);
-
-    memberUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    memberInviteToken = await inviteUser(page.request, organizationId, memberUser.email, "developer");
-    const memberInfo = await registerUser(request, memberUser);
-    memberUserId = memberInfo?.data?.user?.id as string;
-
-    await page.context().clearCookies();
-  });
-
-  test("admins can access organization management", async ({ page }) => {
-    await helpers.login(adminUser.email, adminUser.password);
-    await setOrgCookie(page, organizationId);
-    await page.goto("/settings/organization");
-    await expect(page.getByRole("heading", { name: "组织管理" })).toBeVisible();
-  });
-
-  test("only admins can invite members", async ({ page }) => {
-    await helpers.login(adminUser.email, adminUser.password);
-    await setOrgCookie(page, organizationId);
-
-    const adminInvite = await page.request.post(`/api/organizations/${organizationId}/invitations`, {
-      data: { email: uniqueEmail(), role: "developer" },
-    });
-    expect(adminInvite.status()).toBe(201);
-
-    await page.context().clearCookies();
-    await helpers.login(memberUser.email, memberUser.password);
-    await acceptInvite(page.request, memberInviteToken);
-    await setOrgCookie(page, organizationId);
-
-    const memberInvite = await page.request.post(`/api/organizations/${organizationId}/invitations`, {
-      data: { email: uniqueEmail(), role: "developer" },
-    });
-    expect(memberInvite.status()).toBe(403);
-  });
-
-  test("only admins can remove members", async ({ page }) => {
-    await helpers.login(memberUser.email, memberUser.password);
-    await acceptInvite(page.request, memberInviteToken);
-    await setOrgCookie(page, organizationId);
-
-    const memberRemove = await page.request.delete(
-      `/api/organizations/${organizationId}/members/${adminUserId}`,
-    );
-    expect(memberRemove.status()).toBe(403);
-
-    await page.context().clearCookies();
-    await helpers.login(adminUser.email, adminUser.password);
-    await setOrgCookie(page, organizationId);
-
-    const adminRemove = await page.request.delete(
-      `/api/organizations/${organizationId}/members/${memberUserId}`,
-    );
-    expect(adminRemove.status()).toBe(200);
-  });
-
-  test("role changes require appropriate permissions", async ({ page }) => {
-    await helpers.login(memberUser.email, memberUser.password);
-    await acceptInvite(page.request, memberInviteToken);
-    await setOrgCookie(page, organizationId);
-
-    const memberChange = await page.request.put(
-      `/api/organizations/${organizationId}/members/${memberUserId}`,
-      { data: { role: "product_manager" } },
-    );
-    expect(memberChange.status()).toBe(403);
-  });
-});
-
-test.describe("Permission boundary testing", () => {
-  test("users cannot access other organizations' data", async ({ page, request }) => {
-    const helpers = new TestHelpers(page, request);
-    const testDataManager = new TestDataManager(page.request);
-
-    const user1: TestUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    const user2: TestUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    const user1Info = await registerAndLoginUser(helpers, request, user1);
-    await setOrgCookie(page, user1Info.organizationId);
-
-    const feedback = await testDataManager.createFeedback({
-      title: "Org 1 Feedback",
-      description: "This belongs to org 1",
-      organizationId: user1Info.organizationId,
-    });
-
-    await page.context().clearCookies();
-    const user2Info = await registerAndLoginUser(helpers, request, user2);
-    await setOrgCookie(page, user2Info.organizationId);
-
-    const response = await page.request.get(`/api/feedback/${feedback.feedbackId}`, {
-      headers: { "x-organization-id": user2Info.organizationId },
-    });
-    expect(response.status()).toBe(404);
-
-    await testDataManager.cleanupAll();
-  });
-
-  test("session isolation between users", async ({ context, request }) => {
-    const browserContext = await context.browser();
-    if (!browserContext) throw new Error("Browser context not available");
-
-    const context1 = await browserContext.newContext();
-    const context2 = await browserContext.newContext();
-
-    const page1 = await context1.newPage();
-    const page2 = await context2.newPage();
-
-    const helpers1 = new TestHelpers(page1, request);
-    const helpers2 = new TestHelpers(page2, request);
-
-    const user1: TestUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    const user2: TestUser = {
-      email: uniqueEmail(),
-      name: uniqueName(),
-      password,
-    };
-
-    const user1Info = await registerUser(request, user1);
-    const user2Info = await registerUser(request, user2);
-
-    await helpers1.login(user1.email, user1.password);
-    await helpers2.login(user2.email, user2.password);
-
-    const user1OrgName = user1Info?.data?.organization?.name as string;
-    const user2OrgName = user2Info?.data?.organization?.name as string;
-
-    await expect(page1.getByRole("combobox")).toContainText(user1OrgName);
-    await expect(page2.getByRole("combobox")).toContainText(user2OrgName);
-
-    await expect(page1.getByRole("combobox")).not.toContainText(user2OrgName);
-    await expect(page2.getByRole("combobox")).not.toContainText(user1OrgName);
-
-    await context1.close();
-    await context2.close();
-  });
-});

package/tests/e2e/project-widget.e2e.ts

@@ -1,63 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { test, expect, TestHelpers, uniqueEmail, uniqueName } from "./helpers/test-utils";
-
-test.describe("E2E-UF-021: Widget settings", () => {
-  let helpers: TestHelpers;
-
-  test.beforeEach(async ({ page, request }) => {
-    helpers = new TestHelpers(page, request);
-
-    const name = uniqueName();
-    const email = uniqueEmail();
-    await helpers.registerAndLogin(name, email, "TestPass123!");
-  });
-
-  test("shows widgets page and coming soon state", async ({ page }) => {
-    await page.goto("/settings/widgets");
-
-    await expect(page.getByRole("heading", { name: /widgets & embeds/i })).toBeVisible();
-    await expect(page.getByText(/Widget configuration coming soon/i)).toBeVisible();
-    await expect(page.getByText(/Changelog widget coming soon/i)).toBeVisible();
-  });
-});
-
-test.describe("E2E-UF-022: Public widget", () => {
-  let helpers: TestHelpers;
-  let organizationId: string;
-  let organizationName: string;
-
-  test.beforeEach(async ({ page, request }) => {
-    helpers = new TestHelpers(page, request);
-
-    const name = uniqueName();
-    const email = uniqueEmail();
-    await helpers.registerAndLogin(name, email, "TestPass123!");
-
-    organizationId = helpers.getOrganizationId();
-    organizationName = `${name}'s Organization`;
-  });
-
-  test("renders widget for organization", async ({ page }) => {
-    await page.goto(`/widget/${organizationId}`);
-
-    await expect(page.getByRole("heading", { name: /feedback/i })).toBeVisible();
-    await expect(page.getByText(organizationName)).toBeVisible();
-    await expect(page.getByText(/We'd love to hear your thoughts/i)).toBeVisible();
-  });
-});

package/tests/feedback/filters.test.ts

@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, expect, it } from "bun:test";
-import { parseCsvParam, serializeCsvParam } from "@/lib/feedback/filters";
-
-describe("filters helpers", () => {
-  it("parses csv into array", () => {
-    expect(parseCsvParam("a,b")).toEqual(["a", "b"]);
-  });
-
-  it("serializes array into csv", () => {
-    expect(serializeCsvParam(["a", "b"])).toBe("a,b");
-  });
-});

package/tests/hooks/use-permissions.test.ts

@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, expect, it } from "bun:test";
-import { PERMISSIONS } from "@/lib/auth/permissions";
-import { useCan, useHasPermission } from "@/hooks/use-permissions";
-
-describe("use-permissions", () => {
-  it("returns false when session has no role", () => {
-    expect(useCan(PERMISSIONS.CREATE_FEEDBACK, null)).toBe(false);
-    expect(useHasPermission(PERMISSIONS.CREATE_FEEDBACK, null)).toBe(false);
-  });
-
-  it("checks permissions for the current role", () => {
-    const session = { user: { role: "admin" } } as {
-      user: { role: string };
-    };
-
-    expect(useCan(PERMISSIONS.MANAGE_ORG, session)).toBe(true);
-    expect(useCan(PERMISSIONS.SUBMIT_ON_BEHALF, session)).toBe(true);
-  });
-
-  it("requires all permissions when passed a list", () => {
-    const session = { user: { role: "developer" } } as {
-      user: { role: string };
-    };
-
-    expect(
-      useHasPermission(
-        [
-        PERMISSIONS.CREATE_FEEDBACK,
-        PERMISSIONS.DELETE_FEEDBACK,
-      ],
-        session,
-      ),
-    ).toBe(false);
-  });
-});

package/tests/lib/ai/classifier.test.ts

@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2026 Echo Team
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-import { describe, it, expect } from "vitest";
-import {
-  classifyFeedback,
-  classifyType,
-  classifyPriority,
-} from "@/lib/services/ai/classifier";
-
-describe("AI Classifier", () => {
-  describe("classifyType", () => {
-    it("should classify bugs correctly", () => {
-      expect(classifyType("App crashes on startup")).toBe("bug");
-      expect(classifyType("无法登录系统")).toBe("bug");
-      expect(classifyType("Error 500 when saving")).toBe("bug");
-    });
-
-    it("should classify features correctly", () => {
-      expect(classifyType("希望添加导出功能")).toBe("feature");
-      expect(classifyType("Suggest adding dark mode")).toBe("feature");
-      expect(classifyType("Would like to see search")).toBe("feature");
-    });
-
-    it("should classify issues correctly", () => {
-      expect(classifyType("How to use the app?")).toBe("issue");
-      expect(classifyType("问题：如何重置密码")).toBe("issue");
-      expect(classifyType("求助：不清楚怎么操作")).toBe("issue");
-    });
-
-    it("should default to other for unclear content", () => {
-      expect(classifyType("Just saying hello")).toBe("other");
-      expect(classifyType("Thanks for the great app")).toBe("other");
-    });
-  });
-
-  describe("classifyPriority", () => {
-    it("should classify high priority correctly", () => {
-      expect(classifyPriority("紧急：系统无法使用")).toBe("high");
-      expect(classifyPriority("Critical bug blocking all users")).toBe("high");
-    });
-
-    it("should classify low priority correctly", () => {
-      expect(classifyPriority("建议：改进颜色搭配")).toBe("low");
-      expect(classifyPriority("Nice to have feature")).toBe("low");
-    });
-
-    it("should default to medium priority", () => {
-      expect(classifyPriority("Something broke")).toBe("medium");
-    });
-  });
-
-  describe("classifyFeedback", () => {
-    it("should return classification with confidence", () => {
-      const result = classifyFeedback(
-        "App崩溃无法使用",
-        "点击按钮后应用闪退，完全无法使用",
-      );
-
-      expect(result.type).toBe("bug");
-      expect(result.priority).toBe("high");
-      expect(result.confidence).toBeGreaterThan(0);
-      expect(result.reasons.length).toBeGreaterThan(0);
-    });
-
-    it("should provide reasons for classification", () => {
-      const result = classifyFeedback("希望添加导出功能");
-
-      expect(result.reasons).toEqual(
-        expect.arrayContaining([expect.stringContaining("希望")]),
-      );
-    });
-
-    it("should handle empty description", () => {
-      const result = classifyFeedback("Bug in login page");
-
-      expect(result.type).toBe("bug");
-      expect(result.confidence).toBeGreaterThan(0);
-    });
-
-    it("should limit reasons to 3", () => {
-      const result = classifyFeedback(
-        "崩溃错误无法失败异常",
-        "故障不能不工作没反应卡住卡死闪退",
-      );
-
-      expect(result.reasons.length).toBeLessThanOrEqual(3);
-    });
-  });
-});