npm - @open-mercato/core - Versions diffs - 0.4.9-develop-e55592929f → 0.4.9-develop-ce96cffe00 - Mend

@open-mercato/core 0.4.9-develop-e55592929f → 0.4.9-develop-ce96cffe00

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/dist/helpers/integration/api.js ADDED Viewed

@@ -0,0 +1,66 @@
+import { DEFAULT_CREDENTIALS } from "./auth.js";
+const BASE_URL = process.env.BASE_URL?.trim() || null;
+function resolveUrl(path) {
+  return BASE_URL ? `${BASE_URL}${path}` : path;
+}
+async function getAuthToken(request, roleOrEmail = "admin", password) {
+  const role = roleOrEmail in DEFAULT_CREDENTIALS ? roleOrEmail : null;
+  const credentialAttempts = [];
+  if (role) {
+    const configured = DEFAULT_CREDENTIALS[role];
+    credentialAttempts.push({ email: configured.email, password: password ?? configured.password });
+    if (!password) {
+      credentialAttempts.push({ email: `${role}@acme.com`, password: "secret" });
+    }
+  } else {
+    credentialAttempts.push({ email: roleOrEmail, password: password ?? "secret" });
+  }
+  let lastStatus = 0;
+  for (const attempt of credentialAttempts) {
+    const form = new URLSearchParams();
+    form.set("email", attempt.email);
+    form.set("password", attempt.password);
+    const response = await request.post(resolveUrl("/api/auth/login"), {
+      headers: {
+        "content-type": "application/x-www-form-urlencoded"
+      },
+      data: form.toString()
+    });
+    const raw = await response.text();
+    let body = null;
+    try {
+      body = raw ? JSON.parse(raw) : null;
+    } catch {
+      body = null;
+    }
+    lastStatus = response.status();
+    if (response.ok() && body && typeof body.token === "string" && body.token) {
+      return body.token;
+    }
+  }
+  throw new Error(`Failed to obtain auth token (status ${lastStatus})`);
+}
+async function apiRequest(request, method, path, options) {
+  const headers = {
+    Authorization: `Bearer ${options.token}`,
+    "Content-Type": "application/json"
+  };
+  return request.fetch(resolveUrl(path), { method, headers, data: options.data });
+}
+async function postForm(request, path, data, options) {
+  const form = new URLSearchParams();
+  for (const [key, value] of Object.entries(data)) form.set(key, value);
+  return request.post(resolveUrl(path), {
+    headers: {
+      "content-type": "application/x-www-form-urlencoded",
+      ...options?.headers ?? {}
+    },
+    data: form.toString()
+  });
+}
+export {
+  apiRequest,
+  getAuthToken,
+  postForm
+};
+//# sourceMappingURL=api.js.map

package/dist/helpers/integration/api.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/api.ts"],
+  "sourcesContent": ["import { type APIRequestContext } from '@playwright/test';\nimport { DEFAULT_CREDENTIALS, type Role } from './auth';\n\nconst BASE_URL = process.env.BASE_URL?.trim() || null;\n\nfunction resolveUrl(path: string): string {\n  return BASE_URL ? `${BASE_URL}${path}` : path;\n}\n\nexport async function getAuthToken(\n  request: APIRequestContext,\n  roleOrEmail: Role | string = 'admin',\n  password?: string,\n): Promise<string> {\n  const role = roleOrEmail in DEFAULT_CREDENTIALS ? (roleOrEmail as Role) : null;\n  const credentialAttempts: Array<{ email: string; password: string }> = [];\n\n  if (role) {\n    const configured = DEFAULT_CREDENTIALS[role];\n    credentialAttempts.push({ email: configured.email, password: password ?? configured.password });\n    if (!password) {\n      credentialAttempts.push({ email: `${role}@acme.com`, password: 'secret' });\n    }\n  } else {\n    credentialAttempts.push({ email: roleOrEmail, password: password ?? 'secret' });\n  }\n\n  let lastStatus = 0;\n\n  for (const attempt of credentialAttempts) {\n    const form = new URLSearchParams();\n    form.set('email', attempt.email);\n    form.set('password', attempt.password);\n\n    const response = await request.post(resolveUrl('/api/auth/login'), {\n      headers: {\n        'content-type': 'application/x-www-form-urlencoded',\n      },\n      data: form.toString(),\n    });\n\n    const raw = await response.text();\n    let body: Record<string, unknown> | null = null;\n    try {\n      body = raw ? (JSON.parse(raw) as Record<string, unknown>) : null;\n    } catch {\n      body = null;\n    }\n\n    lastStatus = response.status();\n    if (response.ok() && body && typeof body.token === 'string' && body.token) {\n      return body.token;\n    }\n  }\n\n  throw new Error(`Failed to obtain auth token (status ${lastStatus})`);\n}\n\nexport async function apiRequest(\n  request: APIRequestContext,\n  method: string,\n  path: string,\n  options: { token: string; data?: unknown },\n) {\n  const headers = {\n    Authorization: `Bearer ${options.token}`,\n    'Content-Type': 'application/json',\n  };\n  return request.fetch(resolveUrl(path), { method, headers, data: options.data });\n}\n\nexport async function postForm(\n  request: APIRequestContext,\n  path: string,\n  data: Record<string, string>,\n  options?: { headers?: Record<string, string> },\n) {\n  const form = new URLSearchParams();\n  for (const [key, value] of Object.entries(data)) form.set(key, value);\n  return request.post(resolveUrl(path), {\n    headers: {\n      'content-type': 'application/x-www-form-urlencoded',\n      ...(options?.headers ?? {}),\n    },\n    data: form.toString(),\n  });\n}\n"],
+  "mappings": "AACA,SAAS,2BAAsC;AAE/C,MAAM,WAAW,QAAQ,IAAI,UAAU,KAAK,KAAK;AAEjD,SAAS,WAAW,MAAsB;AACxC,SAAO,WAAW,GAAG,QAAQ,GAAG,IAAI,KAAK;AAC3C;AAEA,eAAsB,aACpB,SACA,cAA6B,SAC7B,UACiB;AACjB,QAAM,OAAO,eAAe,sBAAuB,cAAuB;AAC1E,QAAM,qBAAiE,CAAC;AAExE,MAAI,MAAM;AACR,UAAM,aAAa,oBAAoB,IAAI;AAC3C,uBAAmB,KAAK,EAAE,OAAO,WAAW,OAAO,UAAU,YAAY,WAAW,SAAS,CAAC;AAC9F,QAAI,CAAC,UAAU;AACb,yBAAmB,KAAK,EAAE,OAAO,GAAG,IAAI,aAAa,UAAU,SAAS,CAAC;AAAA,IAC3E;AAAA,EACF,OAAO;AACL,uBAAmB,KAAK,EAAE,OAAO,aAAa,UAAU,YAAY,SAAS,CAAC;AAAA,EAChF;AAEA,MAAI,aAAa;AAEjB,aAAW,WAAW,oBAAoB;AACxC,UAAM,OAAO,IAAI,gBAAgB;AACjC,SAAK,IAAI,SAAS,QAAQ,KAAK;AAC/B,SAAK,IAAI,YAAY,QAAQ,QAAQ;AAErC,UAAM,WAAW,MAAM,QAAQ,KAAK,WAAW,iBAAiB,GAAG;AAAA,MACjE,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,KAAK,SAAS;AAAA,IACtB,CAAC;AAED,UAAM,MAAM,MAAM,SAAS,KAAK;AAChC,QAAI,OAAuC;AAC3C,QAAI;AACF,aAAO,MAAO,KAAK,MAAM,GAAG,IAAgC;AAAA,IAC9D,QAAQ;AACN,aAAO;AAAA,IACT;AAEA,iBAAa,SAAS,OAAO;AAC7B,QAAI,SAAS,GAAG,KAAK,QAAQ,OAAO,KAAK,UAAU,YAAY,KAAK,OAAO;AACzE,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AAEA,QAAM,IAAI,MAAM,uCAAuC,UAAU,GAAG;AACtE;AAEA,eAAsB,WACpB,SACA,QACA,MACA,SACA;AACA,QAAM,UAAU;AAAA,IACd,eAAe,UAAU,QAAQ,KAAK;AAAA,IACtC,gBAAgB;AAAA,EAClB;AACA,SAAO,QAAQ,MAAM,WAAW,IAAI,GAAG,EAAE,QAAQ,SAAS,MAAM,QAAQ,KAAK,CAAC;AAChF;AAEA,eAAsB,SACpB,SACA,MACA,MACA,SACA;AACA,QAAM,OAAO,IAAI,gBAAgB;AACjC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,EAAG,MAAK,IAAI,KAAK,KAAK;AACpE,SAAO,QAAQ,KAAK,WAAW,IAAI,GAAG;AAAA,IACpC,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,GAAI,SAAS,WAAW,CAAC;AAAA,IAC3B;AAAA,IACA,MAAM,KAAK,SAAS;AAAA,EACtB,CAAC;AACH;",
+  "names": []
+}

package/dist/helpers/integration/apiKeysFixtures.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+async function createApiKeyFixture(request, token, name) {
+  const response = await apiRequest(request, "POST", "/api/api_keys/keys", {
+    token,
+    data: { name }
+  });
+  expect(response.ok(), `Failed to create API key fixture: ${response.status()}`).toBeTruthy();
+  const body = await response.json();
+  expect(typeof body.id === "string" && body.id.length > 0).toBeTruthy();
+  return { id: body.id, secret: body.secret ?? "" };
+}
+export {
+  createApiKeyFixture
+};
+//# sourceMappingURL=apiKeysFixtures.js.map

package/dist/helpers/integration/apiKeysFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/apiKeysFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\n\nexport async function createApiKeyFixture(\n  request: APIRequestContext,\n  token: string,\n  name: string,\n): Promise<{ id: string; secret: string }> {\n  const response = await apiRequest(request, 'POST', '/api/api_keys/keys', {\n    token,\n    data: { name },\n  });\n  expect(response.ok(), `Failed to create API key fixture: ${response.status()}`).toBeTruthy();\n  const body = (await response.json()) as { id?: string; secret?: string };\n  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy();\n  return { id: body.id as string, secret: body.secret ?? '' };\n}\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAE3B,eAAsB,oBACpB,SACA,OACA,MACyC;AACzC,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,sBAAsB;AAAA,IACvE;AAAA,IACA,MAAM,EAAE,KAAK;AAAA,EACf,CAAC;AACD,SAAO,SAAS,GAAG,GAAG,qCAAqC,SAAS,OAAO,CAAC,EAAE,EAAE,WAAW;AAC3F,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,CAAC,EAAE,WAAW;AACrE,SAAO,EAAE,IAAI,KAAK,IAAc,QAAQ,KAAK,UAAU,GAAG;AAC5D;",
+  "names": []
+}

package/dist/helpers/integration/attachmentsFixtures.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+import { expectId, readJsonSafe } from "./generalFixtures.js";
+const BASE_URL = process.env.BASE_URL?.trim() || "http://localhost:3000";
+function resolveApiUrl(path) {
+  return `${BASE_URL}${path}`;
+}
+async function uploadAttachmentFixture(request, token, input) {
+  const multipart = {
+    entityId: input.entityId,
+    recordId: input.recordId,
+    file: {
+      name: input.fileName,
+      mimeType: input.mimeType,
+      buffer: input.buffer
+    }
+  };
+  if (input.partitionCode) multipart.partitionCode = input.partitionCode;
+  if (input.tags) multipart.tags = JSON.stringify(input.tags);
+  if (input.assignments) multipart.assignments = JSON.stringify(input.assignments);
+  const response = await request.fetch(resolveApiUrl("/api/attachments"), {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`
+    },
+    multipart
+  });
+  const body = await readJsonSafe(response);
+  expect(response.status(), "POST /api/attachments should return 200").toBe(200);
+  return {
+    id: expectId(body?.item?.id, "Attachment upload response should include item.id"),
+    partitionCode: String(body?.item?.partitionCode ?? ""),
+    fileName: String(body?.item?.fileName ?? ""),
+    tags: body?.item?.tags ?? [],
+    assignments: body?.item?.assignments ?? []
+  };
+}
+async function deleteAttachmentIfExists(request, token, attachmentId) {
+  if (!token || !attachmentId) return;
+  await apiRequest(
+    request,
+    "DELETE",
+    `/api/attachments?id=${encodeURIComponent(attachmentId)}`,
+    { token }
+  ).catch(() => void 0);
+}
+async function deleteAttachmentPartitionIfExists(request, token, partitionId) {
+  if (!token || !partitionId) return;
+  await apiRequest(
+    request,
+    "DELETE",
+    `/api/attachments/partitions?id=${encodeURIComponent(partitionId)}`,
+    { token }
+  ).catch(() => void 0);
+}
+export {
+  deleteAttachmentIfExists,
+  deleteAttachmentPartitionIfExists,
+  uploadAttachmentFixture
+};
+//# sourceMappingURL=attachmentsFixtures.js.map

package/dist/helpers/integration/attachmentsFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/attachmentsFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\nimport { expectId, readJsonSafe } from './generalFixtures';\n\nconst BASE_URL = process.env.BASE_URL?.trim() || 'http://localhost:3000';\n\ntype AttachmentAssignment = {\n  type: string;\n  id: string;\n  href?: string | null;\n  label?: string | null;\n};\n\ntype MultipartFieldValue =\n  | string\n  | number\n  | boolean\n  | {\n      name: string;\n      mimeType: string;\n      buffer: Buffer;\n    };\n\nfunction resolveApiUrl(path: string): string {\n  return `${BASE_URL}${path}`;\n}\n\nexport async function uploadAttachmentFixture(\n  request: APIRequestContext,\n  token: string,\n  input: {\n    entityId: string;\n    recordId: string;\n    fileName: string;\n    mimeType: string;\n    buffer: Buffer;\n    partitionCode?: string;\n    tags?: string[];\n    assignments?: AttachmentAssignment[];\n  },\n): Promise<{\n  id: string;\n  partitionCode: string;\n  fileName: string;\n  tags: string[];\n  assignments: AttachmentAssignment[];\n}> {\n  const multipart: Record<string, MultipartFieldValue> = {\n    entityId: input.entityId,\n    recordId: input.recordId,\n    file: {\n      name: input.fileName,\n      mimeType: input.mimeType,\n      buffer: input.buffer,\n    },\n  };\n  if (input.partitionCode) multipart.partitionCode = input.partitionCode;\n  if (input.tags) multipart.tags = JSON.stringify(input.tags);\n  if (input.assignments) multipart.assignments = JSON.stringify(input.assignments);\n\n  const response = await request.fetch(resolveApiUrl('/api/attachments'), {\n    method: 'POST',\n    headers: {\n      Authorization: `Bearer ${token}`,\n    },\n    multipart,\n  });\n  const body = await readJsonSafe<{\n    ok?: boolean;\n    item?: {\n      id?: string;\n      partitionCode?: string;\n      fileName?: string;\n      tags?: string[];\n      assignments?: AttachmentAssignment[];\n    };\n  }>(response);\n  expect(response.status(), 'POST /api/attachments should return 200').toBe(200);\n  return {\n    id: expectId(body?.item?.id, 'Attachment upload response should include item.id'),\n    partitionCode: String(body?.item?.partitionCode ?? ''),\n    fileName: String(body?.item?.fileName ?? ''),\n    tags: body?.item?.tags ?? [],\n    assignments: body?.item?.assignments ?? [],\n  };\n}\n\nexport async function deleteAttachmentIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  attachmentId: string | null,\n): Promise<void> {\n  if (!token || !attachmentId) return;\n  await apiRequest(\n    request,\n    'DELETE',\n    `/api/attachments?id=${encodeURIComponent(attachmentId)}`,\n    { token },\n  ).catch(() => undefined);\n}\n\nexport async function deleteAttachmentPartitionIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  partitionId: string | null,\n): Promise<void> {\n  if (!token || !partitionId) return;\n  await apiRequest(\n    request,\n    'DELETE',\n    `/api/attachments/partitions?id=${encodeURIComponent(partitionId)}`,\n    { token },\n  ).catch(() => undefined);\n}\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAC3B,SAAS,UAAU,oBAAoB;AAEvC,MAAM,WAAW,QAAQ,IAAI,UAAU,KAAK,KAAK;AAmBjD,SAAS,cAAc,MAAsB;AAC3C,SAAO,GAAG,QAAQ,GAAG,IAAI;AAC3B;AAEA,eAAsB,wBACpB,SACA,OACA,OAgBC;AACD,QAAM,YAAiD;AAAA,IACrD,UAAU,MAAM;AAAA,IAChB,UAAU,MAAM;AAAA,IAChB,MAAM;AAAA,MACJ,MAAM,MAAM;AAAA,MACZ,UAAU,MAAM;AAAA,MAChB,QAAQ,MAAM;AAAA,IAChB;AAAA,EACF;AACA,MAAI,MAAM,cAAe,WAAU,gBAAgB,MAAM;AACzD,MAAI,MAAM,KAAM,WAAU,OAAO,KAAK,UAAU,MAAM,IAAI;AAC1D,MAAI,MAAM,YAAa,WAAU,cAAc,KAAK,UAAU,MAAM,WAAW;AAE/E,QAAM,WAAW,MAAM,QAAQ,MAAM,cAAc,kBAAkB,GAAG;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,eAAe,UAAU,KAAK;AAAA,IAChC;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,OAAO,MAAM,aAShB,QAAQ;AACX,SAAO,SAAS,OAAO,GAAG,yCAAyC,EAAE,KAAK,GAAG;AAC7E,SAAO;AAAA,IACL,IAAI,SAAS,MAAM,MAAM,IAAI,mDAAmD;AAAA,IAChF,eAAe,OAAO,MAAM,MAAM,iBAAiB,EAAE;AAAA,IACrD,UAAU,OAAO,MAAM,MAAM,YAAY,EAAE;AAAA,IAC3C,MAAM,MAAM,MAAM,QAAQ,CAAC;AAAA,IAC3B,aAAa,MAAM,MAAM,eAAe,CAAC;AAAA,EAC3C;AACF;AAEA,eAAsB,yBACpB,SACA,OACA,cACe;AACf,MAAI,CAAC,SAAS,CAAC,aAAc;AAC7B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,uBAAuB,mBAAmB,YAAY,CAAC;AAAA,IACvD,EAAE,MAAM;AAAA,EACV,EAAE,MAAM,MAAM,MAAS;AACzB;AAEA,eAAsB,kCACpB,SACA,OACA,aACe;AACf,MAAI,CAAC,SAAS,CAAC,YAAa;AAC5B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,kCAAkC,mBAAmB,WAAW,CAAC;AAAA,IACjE,EAAE,MAAM;AAAA,EACV,EAAE,MAAM,MAAM,MAAS;AACzB;",
+  "names": []
+}

package/dist/helpers/integration/auth.js ADDED Viewed

@@ -0,0 +1,190 @@
+import { readFileSync } from "fs";
+import { resolve } from "path";
+function loadEnvFileContent() {
+  const candidatePaths = [
+    resolve(process.cwd(), "apps/mercato/.env"),
+    resolve(process.cwd(), ".env")
+  ];
+  for (const envPath of candidatePaths) {
+    try {
+      const content = readFileSync(envPath, "utf-8");
+      if (content.trim().length > 0) {
+        return content;
+      }
+    } catch {
+      continue;
+    }
+  }
+  return null;
+}
+function loadEnvValue(key) {
+  if (process.env[key]) return process.env[key];
+  const content = loadEnvFileContent();
+  if (!content) return void 0;
+  const match = content.match(new RegExp(`^${key}=(.+)$`, "m"));
+  return match?.[1]?.trim();
+}
+const DEFAULT_CREDENTIALS = {
+  superadmin: {
+    email: loadEnvValue("OM_INIT_SUPERADMIN_EMAIL") || "superadmin@acme.com",
+    password: loadEnvValue("OM_INIT_SUPERADMIN_PASSWORD") || "secret"
+  },
+  admin: { email: "admin@acme.com", password: "secret" },
+  employee: { email: "employee@acme.com", password: "secret" }
+};
+function decodeJwtClaims(token) {
+  const parts = token.split(".");
+  if (parts.length < 2) return null;
+  try {
+    const normalized = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+    const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
+    const payload = JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
+    return payload;
+  } catch {
+    return null;
+  }
+}
+async function acknowledgeGlobalNotices(page) {
+  const baseUrl = process.env.BASE_URL || "http://localhost:3000";
+  await page.context().addCookies([
+    {
+      name: "om_demo_notice_ack",
+      value: "ack",
+      url: baseUrl,
+      sameSite: "Lax"
+    },
+    {
+      name: "om_cookie_notice_ack",
+      value: "ack",
+      url: baseUrl,
+      sameSite: "Lax"
+    }
+  ]);
+}
+async function dismissGlobalNoticesIfPresent(page) {
+  const cookieAcceptButton = page.getByRole("button", { name: /accept cookies/i }).first();
+  if (await cookieAcceptButton.isVisible().catch(() => false)) {
+    await cookieAcceptButton.click();
+  }
+  const demoNotice = page.getByText(/this instance is provided for demo purposes only/i).first();
+  if (await demoNotice.isVisible().catch(() => false)) {
+    const noticeContainer = demoNotice.locator('xpath=ancestor::div[contains(@class,"pointer-events-auto")]').first();
+    const dismissButton = noticeContainer.locator("button").first();
+    if (await dismissButton.isVisible().catch(() => false)) {
+      await dismissButton.click();
+    }
+  }
+}
+async function recoverClientSideErrorPageIfPresent(page) {
+  const clientErrorHeading = page.getByRole("heading", { name: /Application error: a client-side exception has occurred/i }).first();
+  if (!await clientErrorHeading.isVisible().catch(() => false)) return;
+  await page.reload({ waitUntil: "domcontentloaded" });
+  await dismissGlobalNoticesIfPresent(page);
+}
+async function recoverGenericErrorPageIfPresent(page) {
+  const errorHeading = page.getByRole("heading", { name: /^Something went wrong$/i }).first();
+  if (!await errorHeading.isVisible().catch(() => false)) return;
+  const retryButton = page.getByRole("button", { name: /Try again/i }).first();
+  if (await retryButton.isVisible().catch(() => false)) {
+    await retryButton.click().catch(() => {
+    });
+    await page.waitForLoadState("domcontentloaded").catch(() => {
+    });
+    await page.waitForTimeout(500).catch(() => {
+    });
+  } else {
+    await page.reload({ waitUntil: "domcontentloaded" });
+  }
+  await dismissGlobalNoticesIfPresent(page);
+}
+async function login(page, role = "admin") {
+  const creds = DEFAULT_CREDENTIALS[role];
+  const loginReadySelector = 'form[data-auth-ready="1"]';
+  const hasBackendUrl = () => /\/backend(?:\/.*)?$/.test(page.url());
+  const waitForBackend = async (timeout) => {
+    try {
+      await page.waitForURL(/\/backend(?:\/.*)?$/, { timeout });
+      return true;
+    } catch {
+      return hasBackendUrl();
+    }
+  };
+  await acknowledgeGlobalNotices(page);
+  const apiLoginForm = new URLSearchParams();
+  apiLoginForm.set("email", creds.email);
+  apiLoginForm.set("password", creds.password);
+  const apiLoginResponse = await page.request.post("/api/auth/login", {
+    headers: {
+      "content-type": "application/x-www-form-urlencoded"
+    },
+    data: apiLoginForm.toString()
+  }).catch(() => null);
+  if (apiLoginResponse?.ok()) {
+    const apiLoginBody = await apiLoginResponse.json().catch(() => null);
+    const claims = typeof apiLoginBody?.token === "string" ? decodeJwtClaims(apiLoginBody.token) : null;
+    const baseUrl = process.env.BASE_URL || "http://localhost:3000";
+    const cookies = [];
+    if (claims?.tenantId) {
+      cookies.push({
+        name: "om_selected_tenant",
+        value: claims.tenantId,
+        url: baseUrl,
+        sameSite: "Lax"
+      });
+    }
+    if (claims?.orgId) {
+      cookies.push({
+        name: "om_selected_org",
+        value: claims.orgId,
+        url: baseUrl,
+        sameSite: "Lax"
+      });
+    }
+    if (cookies.length > 0) {
+      await page.context().addCookies(cookies);
+    }
+    await page.goto("/backend", { waitUntil: "domcontentloaded" });
+    if (await waitForBackend(8e3)) return;
+  }
+  for (let attempt = 0; attempt < 4; attempt += 1) {
+    await page.goto("/login", { waitUntil: "domcontentloaded" });
+    await dismissGlobalNoticesIfPresent(page);
+    await recoverClientSideErrorPageIfPresent(page);
+    await recoverGenericErrorPageIfPresent(page);
+    await page.waitForSelector(loginReadySelector, { state: "visible", timeout: 3e3 }).catch(() => null);
+    if (await page.getByLabel("Email").isVisible().catch(() => false)) break;
+    if (attempt === 3) {
+      throw new Error(`Login form is unavailable for role: ${role}; current URL: ${page.url()}`);
+    }
+  }
+  await page.getByLabel("Email").fill(creds.email);
+  const passwordInput = page.getByLabel("Password").first();
+  if (await passwordInput.isVisible().catch(() => false)) {
+    await passwordInput.fill(creds.password);
+    await passwordInput.press("Enter");
+  } else {
+    const submitButton = page.getByRole("button", { name: /login|sign in|continue with sso/i }).first();
+    await submitButton.click();
+  }
+  if (await waitForBackend(7e3)) return;
+  const loginForm = page.locator("form").first();
+  if (await loginForm.isVisible().catch(() => false)) {
+    await loginForm.evaluate((element) => {
+      const form = element;
+      form.requestSubmit();
+    }).catch(() => {
+    });
+  }
+  if (await waitForBackend(5e3)) return;
+  const loginButton = page.getByRole("button", { name: /login|sign in|continue with sso/i }).first();
+  if (await loginButton.isVisible().catch(() => false)) {
+    await loginButton.click({ force: true });
+  }
+  if (await waitForBackend(8e3)) return;
+  throw new Error(`Login did not reach backend for role: ${role}; current URL: ${page.url()}`);
+}
+export {
+  DEFAULT_CREDENTIALS,
+  login
+};
+//# sourceMappingURL=auth.js.map

package/dist/helpers/integration/auth.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/auth.ts"],
+  "sourcesContent": ["import { type Page } from '@playwright/test';\nimport { readFileSync } from 'fs';\nimport { resolve } from 'path';\n\nfunction loadEnvFileContent(): string | null {\n  const candidatePaths = [\n    resolve(process.cwd(), 'apps/mercato/.env'),\n    resolve(process.cwd(), '.env'),\n  ];\n\n  for (const envPath of candidatePaths) {\n    try {\n      const content = readFileSync(envPath, 'utf-8');\n      if (content.trim().length > 0) {\n        return content;\n      }\n    } catch {\n      continue;\n    }\n  }\n\n  return null;\n}\n\nfunction loadEnvValue(key: string): string | undefined {\n  if (process.env[key]) return process.env[key];\n  const content = loadEnvFileContent();\n  if (!content) return undefined;\n  const match = content.match(new RegExp(`^${key}=(.+)$`, 'm'));\n  return match?.[1]?.trim();\n}\n\nexport const DEFAULT_CREDENTIALS: Record<string, { email: string; password: string }> = {\n  superadmin: {\n    email: loadEnvValue('OM_INIT_SUPERADMIN_EMAIL') || 'superadmin@acme.com',\n    password: loadEnvValue('OM_INIT_SUPERADMIN_PASSWORD') || 'secret',\n  },\n  admin: { email: 'admin@acme.com', password: 'secret' },\n  employee: { email: 'employee@acme.com', password: 'secret' },\n};\n\nexport type Role = 'superadmin' | 'admin' | 'employee';\n\nfunction decodeJwtClaims(token: string): { tenantId?: string; orgId?: string | null } | null {\n  const parts = token.split('.');\n  if (parts.length < 2) return null;\n  try {\n    const normalized = parts[1].replace(/-/g, '+').replace(/_/g, '/');\n    const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, '=');\n    const payload = JSON.parse(Buffer.from(padded, 'base64').toString('utf8')) as {\n      tenantId?: string;\n      orgId?: string | null;\n    };\n    return payload;\n  } catch {\n    return null;\n  }\n}\n\nasync function acknowledgeGlobalNotices(page: Page): Promise<void> {\n  const baseUrl = process.env.BASE_URL || 'http://localhost:3000';\n  await page.context().addCookies([\n    {\n      name: 'om_demo_notice_ack',\n      value: 'ack',\n      url: baseUrl,\n      sameSite: 'Lax',\n    },\n    {\n      name: 'om_cookie_notice_ack',\n      value: 'ack',\n      url: baseUrl,\n      sameSite: 'Lax',\n    },\n  ]);\n}\n\nasync function dismissGlobalNoticesIfPresent(page: Page): Promise<void> {\n  const cookieAcceptButton = page.getByRole('button', { name: /accept cookies/i }).first();\n  if (await cookieAcceptButton.isVisible().catch(() => false)) {\n    await cookieAcceptButton.click();\n  }\n\n  const demoNotice = page.getByText(/this instance is provided for demo purposes only/i).first();\n  if (await demoNotice.isVisible().catch(() => false)) {\n    const noticeContainer = demoNotice.locator('xpath=ancestor::div[contains(@class,\"pointer-events-auto\")]').first();\n    const dismissButton = noticeContainer.locator('button').first();\n    if (await dismissButton.isVisible().catch(() => false)) {\n      await dismissButton.click();\n    }\n  }\n}\n\nasync function recoverClientSideErrorPageIfPresent(page: Page): Promise<void> {\n  const clientErrorHeading = page\n    .getByRole('heading', { name: /Application error: a client-side exception has occurred/i })\n    .first();\n  if (!(await clientErrorHeading.isVisible().catch(() => false))) return;\n  await page.reload({ waitUntil: 'domcontentloaded' });\n  await dismissGlobalNoticesIfPresent(page);\n}\n\nasync function recoverGenericErrorPageIfPresent(page: Page): Promise<void> {\n  const errorHeading = page.getByRole('heading', { name: /^Something went wrong$/i }).first();\n  if (!(await errorHeading.isVisible().catch(() => false))) return;\n  const retryButton = page.getByRole('button', { name: /Try again/i }).first();\n  if (await retryButton.isVisible().catch(() => false)) {\n    await retryButton.click().catch(() => {});\n    await page.waitForLoadState('domcontentloaded').catch(() => {});\n    await page.waitForTimeout(500).catch(() => {});\n  } else {\n    await page.reload({ waitUntil: 'domcontentloaded' });\n  }\n  await dismissGlobalNoticesIfPresent(page);\n}\n\nexport async function login(page: Page, role: Role = 'admin'): Promise<void> {\n  const creds = DEFAULT_CREDENTIALS[role];\n  const loginReadySelector = 'form[data-auth-ready=\"1\"]';\n  const hasBackendUrl = (): boolean => /\\/backend(?:\\/.*)?$/.test(page.url());\n  const waitForBackend = async (timeout: number): Promise<boolean> => {\n    try {\n      await page.waitForURL(/\\/backend(?:\\/.*)?$/, { timeout });\n      return true;\n    } catch {\n      return hasBackendUrl();\n    }\n  };\n\n  await acknowledgeGlobalNotices(page);\n  const apiLoginForm = new URLSearchParams();\n  apiLoginForm.set('email', creds.email);\n  apiLoginForm.set('password', creds.password);\n  const apiLoginResponse = await page.request.post('/api/auth/login', {\n    headers: {\n      'content-type': 'application/x-www-form-urlencoded',\n    },\n    data: apiLoginForm.toString(),\n  }).catch(() => null);\n  if (apiLoginResponse?.ok()) {\n    const apiLoginBody = (await apiLoginResponse.json().catch(() => null)) as { token?: string } | null;\n    const claims = typeof apiLoginBody?.token === 'string' ? decodeJwtClaims(apiLoginBody.token) : null;\n    const baseUrl = process.env.BASE_URL || 'http://localhost:3000';\n    const cookies = [];\n    if (claims?.tenantId) {\n      cookies.push({\n        name: 'om_selected_tenant',\n        value: claims.tenantId,\n        url: baseUrl,\n        sameSite: 'Lax' as const,\n      });\n    }\n    if (claims?.orgId) {\n      cookies.push({\n        name: 'om_selected_org',\n        value: claims.orgId,\n        url: baseUrl,\n        sameSite: 'Lax' as const,\n      });\n    }\n    if (cookies.length > 0) {\n      await page.context().addCookies(cookies);\n    }\n    await page.goto('/backend', { waitUntil: 'domcontentloaded' });\n    if (await waitForBackend(8_000)) return;\n  }\n\n  for (let attempt = 0; attempt < 4; attempt += 1) {\n    await page.goto('/login', { waitUntil: 'domcontentloaded' });\n    await dismissGlobalNoticesIfPresent(page);\n    await recoverClientSideErrorPageIfPresent(page);\n    await recoverGenericErrorPageIfPresent(page);\n    await page.waitForSelector(loginReadySelector, { state: 'visible', timeout: 3_000 }).catch(() => null);\n    if (await page.getByLabel('Email').isVisible().catch(() => false)) break;\n    if (attempt === 3) {\n      throw new Error(`Login form is unavailable for role: ${role}; current URL: ${page.url()}`);\n    }\n  }\n  await page.getByLabel('Email').fill(creds.email);\n\n  const passwordInput = page.getByLabel('Password').first();\n  if (await passwordInput.isVisible().catch(() => false)) {\n    await passwordInput.fill(creds.password);\n    await passwordInput.press('Enter');\n  } else {\n    const submitButton = page.getByRole('button', { name: /login|sign in|continue with sso/i }).first();\n    await submitButton.click();\n  }\n\n  if (await waitForBackend(7_000)) return;\n\n  const loginForm = page.locator('form').first();\n  if (await loginForm.isVisible().catch(() => false)) {\n    await loginForm.evaluate((element) => {\n      const form = element as HTMLFormElement\n      form.requestSubmit()\n    }).catch(() => {})\n  }\n  if (await waitForBackend(5_000)) return;\n\n  const loginButton = page.getByRole('button', { name: /login|sign in|continue with sso/i }).first();\n  if (await loginButton.isVisible().catch(() => false)) {\n    await loginButton.click({ force: true });\n  }\n  if (await waitForBackend(8_000)) return;\n\n  throw new Error(`Login did not reach backend for role: ${role}; current URL: ${page.url()}`);\n}\n"],
+  "mappings": "AACA,SAAS,oBAAoB;AAC7B,SAAS,eAAe;AAExB,SAAS,qBAAoC;AAC3C,QAAM,iBAAiB;AAAA,IACrB,QAAQ,QAAQ,IAAI,GAAG,mBAAmB;AAAA,IAC1C,QAAQ,QAAQ,IAAI,GAAG,MAAM;AAAA,EAC/B;AAEA,aAAW,WAAW,gBAAgB;AACpC,QAAI;AACF,YAAM,UAAU,aAAa,SAAS,OAAO;AAC7C,UAAI,QAAQ,KAAK,EAAE,SAAS,GAAG;AAC7B,eAAO;AAAA,MACT;AAAA,IACF,QAAQ;AACN;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,aAAa,KAAiC;AACrD,MAAI,QAAQ,IAAI,GAAG,EAAG,QAAO,QAAQ,IAAI,GAAG;AAC5C,QAAM,UAAU,mBAAmB;AACnC,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,QAAQ,QAAQ,MAAM,IAAI,OAAO,IAAI,GAAG,UAAU,GAAG,CAAC;AAC5D,SAAO,QAAQ,CAAC,GAAG,KAAK;AAC1B;AAEO,MAAM,sBAA2E;AAAA,EACtF,YAAY;AAAA,IACV,OAAO,aAAa,0BAA0B,KAAK;AAAA,IACnD,UAAU,aAAa,6BAA6B,KAAK;AAAA,EAC3D;AAAA,EACA,OAAO,EAAE,OAAO,kBAAkB,UAAU,SAAS;AAAA,EACrD,UAAU,EAAE,OAAO,qBAAqB,UAAU,SAAS;AAC7D;AAIA,SAAS,gBAAgB,OAAoE;AAC3F,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,SAAS,EAAG,QAAO;AAC7B,MAAI;AACF,UAAM,aAAa,MAAM,CAAC,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAChE,UAAM,SAAS,WAAW,OAAO,KAAK,KAAK,WAAW,SAAS,CAAC,IAAI,GAAG,GAAG;AAC1E,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,MAAM,CAAC;AAIzE,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,yBAAyB,MAA2B;AACjE,QAAM,UAAU,QAAQ,IAAI,YAAY;AACxC,QAAM,KAAK,QAAQ,EAAE,WAAW;AAAA,IAC9B;AAAA,MACE,MAAM;AAAA,MACN,OAAO;AAAA,MACP,KAAK;AAAA,MACL,UAAU;AAAA,IACZ;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,OAAO;AAAA,MACP,KAAK;AAAA,MACL,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACH;AAEA,eAAe,8BAA8B,MAA2B;AACtE,QAAM,qBAAqB,KAAK,UAAU,UAAU,EAAE,MAAM,kBAAkB,CAAC,EAAE,MAAM;AACvF,MAAI,MAAM,mBAAmB,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AAC3D,UAAM,mBAAmB,MAAM;AAAA,EACjC;AAEA,QAAM,aAAa,KAAK,UAAU,mDAAmD,EAAE,MAAM;AAC7F,MAAI,MAAM,WAAW,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AACnD,UAAM,kBAAkB,WAAW,QAAQ,6DAA6D,EAAE,MAAM;AAChH,UAAM,gBAAgB,gBAAgB,QAAQ,QAAQ,EAAE,MAAM;AAC9D,QAAI,MAAM,cAAc,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AACtD,YAAM,cAAc,MAAM;AAAA,IAC5B;AAAA,EACF;AACF;AAEA,eAAe,oCAAoC,MAA2B;AAC5E,QAAM,qBAAqB,KACxB,UAAU,WAAW,EAAE,MAAM,2DAA2D,CAAC,EACzF,MAAM;AACT,MAAI,CAAE,MAAM,mBAAmB,UAAU,EAAE,MAAM,MAAM,KAAK,EAAI;AAChE,QAAM,KAAK,OAAO,EAAE,WAAW,mBAAmB,CAAC;AACnD,QAAM,8BAA8B,IAAI;AAC1C;AAEA,eAAe,iCAAiC,MAA2B;AACzE,QAAM,eAAe,KAAK,UAAU,WAAW,EAAE,MAAM,0BAA0B,CAAC,EAAE,MAAM;AAC1F,MAAI,CAAE,MAAM,aAAa,UAAU,EAAE,MAAM,MAAM,KAAK,EAAI;AAC1D,QAAM,cAAc,KAAK,UAAU,UAAU,EAAE,MAAM,aAAa,CAAC,EAAE,MAAM;AAC3E,MAAI,MAAM,YAAY,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AACpD,UAAM,YAAY,MAAM,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AACxC,UAAM,KAAK,iBAAiB,kBAAkB,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAC9D,UAAM,KAAK,eAAe,GAAG,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EAC/C,OAAO;AACL,UAAM,KAAK,OAAO,EAAE,WAAW,mBAAmB,CAAC;AAAA,EACrD;AACA,QAAM,8BAA8B,IAAI;AAC1C;AAEA,eAAsB,MAAM,MAAY,OAAa,SAAwB;AAC3E,QAAM,QAAQ,oBAAoB,IAAI;AACtC,QAAM,qBAAqB;AAC3B,QAAM,gBAAgB,MAAe,sBAAsB,KAAK,KAAK,IAAI,CAAC;AAC1E,QAAM,iBAAiB,OAAO,YAAsC;AAClE,QAAI;AACF,YAAM,KAAK,WAAW,uBAAuB,EAAE,QAAQ,CAAC;AACxD,aAAO;AAAA,IACT,QAAQ;AACN,aAAO,cAAc;AAAA,IACvB;AAAA,EACF;AAEA,QAAM,yBAAyB,IAAI;AACnC,QAAM,eAAe,IAAI,gBAAgB;AACzC,eAAa,IAAI,SAAS,MAAM,KAAK;AACrC,eAAa,IAAI,YAAY,MAAM,QAAQ;AAC3C,QAAM,mBAAmB,MAAM,KAAK,QAAQ,KAAK,mBAAmB;AAAA,IAClE,SAAS;AAAA,MACP,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,aAAa,SAAS;AAAA,EAC9B,CAAC,EAAE,MAAM,MAAM,IAAI;AACnB,MAAI,kBAAkB,GAAG,GAAG;AAC1B,UAAM,eAAgB,MAAM,iBAAiB,KAAK,EAAE,MAAM,MAAM,IAAI;AACpE,UAAM,SAAS,OAAO,cAAc,UAAU,WAAW,gBAAgB,aAAa,KAAK,IAAI;AAC/F,UAAM,UAAU,QAAQ,IAAI,YAAY;AACxC,UAAM,UAAU,CAAC;AACjB,QAAI,QAAQ,UAAU;AACpB,cAAQ,KAAK;AAAA,QACX,MAAM;AAAA,QACN,OAAO,OAAO;AAAA,QACd,KAAK;AAAA,QACL,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,QAAI,QAAQ,OAAO;AACjB,cAAQ,KAAK;AAAA,QACX,MAAM;AAAA,QACN,OAAO,OAAO;AAAA,QACd,KAAK;AAAA,QACL,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,QAAI,QAAQ,SAAS,GAAG;AACtB,YAAM,KAAK,QAAQ,EAAE,WAAW,OAAO;AAAA,IACzC;AACA,UAAM,KAAK,KAAK,YAAY,EAAE,WAAW,mBAAmB,CAAC;AAC7D,QAAI,MAAM,eAAe,GAAK,EAAG;AAAA,EACnC;AAEA,WAAS,UAAU,GAAG,UAAU,GAAG,WAAW,GAAG;AAC/C,UAAM,KAAK,KAAK,UAAU,EAAE,WAAW,mBAAmB,CAAC;AAC3D,UAAM,8BAA8B,IAAI;AACxC,UAAM,oCAAoC,IAAI;AAC9C,UAAM,iCAAiC,IAAI;AAC3C,UAAM,KAAK,gBAAgB,oBAAoB,EAAE,OAAO,WAAW,SAAS,IAAM,CAAC,EAAE,MAAM,MAAM,IAAI;AACrG,QAAI,MAAM,KAAK,WAAW,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,KAAK,EAAG;AACnE,QAAI,YAAY,GAAG;AACjB,YAAM,IAAI,MAAM,uCAAuC,IAAI,kBAAkB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC3F;AAAA,EACF;AACA,QAAM,KAAK,WAAW,OAAO,EAAE,KAAK,MAAM,KAAK;AAE/C,QAAM,gBAAgB,KAAK,WAAW,UAAU,EAAE,MAAM;AACxD,MAAI,MAAM,cAAc,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AACtD,UAAM,cAAc,KAAK,MAAM,QAAQ;AACvC,UAAM,cAAc,MAAM,OAAO;AAAA,EACnC,OAAO;AACL,UAAM,eAAe,KAAK,UAAU,UAAU,EAAE,MAAM,mCAAmC,CAAC,EAAE,MAAM;AAClG,UAAM,aAAa,MAAM;AAAA,EAC3B;AAEA,MAAI,MAAM,eAAe,GAAK,EAAG;AAEjC,QAAM,YAAY,KAAK,QAAQ,MAAM,EAAE,MAAM;AAC7C,MAAI,MAAM,UAAU,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AAClD,UAAM,UAAU,SAAS,CAAC,YAAY;AACpC,YAAM,OAAO;AACb,WAAK,cAAc;AAAA,IACrB,CAAC,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACnB;AACA,MAAI,MAAM,eAAe,GAAK,EAAG;AAEjC,QAAM,cAAc,KAAK,UAAU,UAAU,EAAE,MAAM,mCAAmC,CAAC,EAAE,MAAM;AACjG,MAAI,MAAM,YAAY,UAAU,EAAE,MAAM,MAAM,KAAK,GAAG;AACpD,UAAM,YAAY,MAAM,EAAE,OAAO,KAAK,CAAC;AAAA,EACzC;AACA,MAAI,MAAM,eAAe,GAAK,EAAG;AAEjC,QAAM,IAAI,MAAM,yCAAyC,IAAI,kBAAkB,KAAK,IAAI,CAAC,EAAE;AAC7F;",
+  "names": []
+}

package/dist/helpers/integration/authFixtures.js ADDED Viewed

@@ -0,0 +1,39 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+import { expectId, readJsonSafe } from "./generalFixtures.js";
+async function createRoleFixture(request, token, input) {
+  const response = await apiRequest(request, "POST", "/api/auth/roles", {
+    token,
+    data: {
+      name: input.name,
+      tenantId: input.tenantId ?? null
+    }
+  });
+  const body = await readJsonSafe(response);
+  expect(response.status(), "POST /api/auth/roles should return 201").toBe(201);
+  return expectId(body?.id, "Role creation response should include id");
+}
+async function deleteRoleIfExists(request, token, roleId) {
+  if (!token || !roleId) return;
+  await apiRequest(request, "DELETE", `/api/auth/roles?id=${encodeURIComponent(roleId)}`, { token }).catch(() => void 0);
+}
+async function createUserFixture(request, token, input) {
+  const response = await apiRequest(request, "POST", "/api/auth/users", {
+    token,
+    data: input
+  });
+  const body = await readJsonSafe(response);
+  expect(response.status(), "POST /api/auth/users should return 201").toBe(201);
+  return expectId(body?.id, "User creation response should include id");
+}
+async function deleteUserIfExists(request, token, userId) {
+  if (!token || !userId) return;
+  await apiRequest(request, "DELETE", `/api/auth/users?id=${encodeURIComponent(userId)}`, { token }).catch(() => void 0);
+}
+export {
+  createRoleFixture,
+  createUserFixture,
+  deleteRoleIfExists,
+  deleteUserIfExists
+};
+//# sourceMappingURL=authFixtures.js.map

package/dist/helpers/integration/authFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/authFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\nimport { expectId, readJsonSafe } from './generalFixtures';\n\nexport async function createRoleFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { name: string; tenantId?: string | null },\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/auth/roles', {\n    token,\n    data: {\n      name: input.name,\n      tenantId: input.tenantId ?? null,\n    },\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/auth/roles should return 201').toBe(201);\n  return expectId(body?.id, 'Role creation response should include id');\n}\n\nexport async function deleteRoleIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  roleId: string | null,\n): Promise<void> {\n  if (!token || !roleId) return;\n  await apiRequest(request, 'DELETE', `/api/auth/roles?id=${encodeURIComponent(roleId)}`, { token }).catch(() => undefined);\n}\n\nexport async function createUserFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { email: string; password: string; organizationId: string; roles: string[] },\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/auth/users', {\n    token,\n    data: input,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/auth/users should return 201').toBe(201);\n  return expectId(body?.id, 'User creation response should include id');\n}\n\nexport async function deleteUserIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  userId: string | null,\n): Promise<void> {\n  if (!token || !userId) return;\n  await apiRequest(request, 'DELETE', `/api/auth/users?id=${encodeURIComponent(userId)}`, { token }).catch(() => undefined);\n}\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAC3B,SAAS,UAAU,oBAAoB;AAEvC,eAAsB,kBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,mBAAmB;AAAA,IACpE;AAAA,IACA,MAAM;AAAA,MACJ,MAAM,MAAM;AAAA,MACZ,UAAU,MAAM,YAAY;AAAA,IAC9B;AAAA,EACF,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,wCAAwC,EAAE,KAAK,GAAG;AAC5E,SAAO,SAAS,MAAM,IAAI,0CAA0C;AACtE;AAEA,eAAsB,mBACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM,WAAW,SAAS,UAAU,sBAAsB,mBAAmB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1H;AAEA,eAAsB,kBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,mBAAmB;AAAA,IACpE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,wCAAwC,EAAE,KAAK,GAAG;AAC5E,SAAO,SAAS,MAAM,IAAI,0CAA0C;AACtE;AAEA,eAAsB,mBACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM,WAAW,SAAS,UAAU,sBAAsB,mBAAmB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1H;",
+  "names": []
+}

package/dist/helpers/integration/authUi.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { expect } from "@playwright/test";
+async function createUserViaUi(page, input) {
+  const role = input.role ?? "employee";
+  await page.goto("/backend/users/create");
+  await expect(page.getByText("Create User")).toBeVisible();
+  await page.getByRole("textbox").nth(0).fill(input.email);
+  await page.getByRole("textbox").nth(1).fill(input.password);
+  const orgSelect = page.locator("main").locator("select").first();
+  await expect(orgSelect).toBeEnabled();
+  const orgValue = await orgSelect.evaluate((element) => {
+    const select = element;
+    for (const option of Array.from(select.options)) {
+      if (option.value && option.value.trim().length > 0) return option.value;
+    }
+    return "";
+  });
+  if (orgValue) {
+    await orgSelect.selectOption(orgValue);
+  }
+  const rolesInput = page.getByRole("textbox", { name: /add tag and press enter/i });
+  await rolesInput.fill(role);
+  await rolesInput.press("Enter");
+  await page.getByRole("button", { name: "Create" }).first().click();
+  await expect(page).toHaveURL(/\/backend\/users(?:\?.*)?$/);
+  await page.getByRole("textbox", { name: "Search" }).fill(input.email);
+  await expect(page.getByRole("row", { name: new RegExp(input.email, "i") })).toBeVisible();
+}
+export {
+  createUserViaUi
+};
+//# sourceMappingURL=authUi.js.map

package/dist/helpers/integration/authUi.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/authUi.ts"],
+  "sourcesContent": ["import { expect, type Page } from '@playwright/test';\n\nexport async function createUserViaUi(page: Page, input: { email: string; password: string; role?: string }) {\n  const role = input.role ?? 'employee';\n\n  await page.goto('/backend/users/create');\n  await expect(page.getByText('Create User')).toBeVisible();\n\n  await page.getByRole('textbox').nth(0).fill(input.email);\n  await page.getByRole('textbox').nth(1).fill(input.password);\n\n  const orgSelect = page.locator('main').locator('select').first();\n  await expect(orgSelect).toBeEnabled();\n  const orgValue = await orgSelect.evaluate((element) => {\n    const select = element as HTMLSelectElement;\n    for (const option of Array.from(select.options)) {\n      if (option.value && option.value.trim().length > 0) return option.value;\n    }\n    return '';\n  });\n  if (orgValue) {\n    await orgSelect.selectOption(orgValue);\n  }\n\n  const rolesInput = page.getByRole('textbox', { name: /add tag and press enter/i });\n  await rolesInput.fill(role);\n  await rolesInput.press('Enter');\n\n  await page.getByRole('button', { name: 'Create' }).first().click();\n  await expect(page).toHaveURL(/\\/backend\\/users(?:\\?.*)?$/);\n  await page.getByRole('textbox', { name: 'Search' }).fill(input.email);\n  await expect(page.getByRole('row', { name: new RegExp(input.email, 'i') })).toBeVisible();\n}\n"],
+  "mappings": "AAAA,SAAS,cAAyB;AAElC,eAAsB,gBAAgB,MAAY,OAA2D;AAC3G,QAAM,OAAO,MAAM,QAAQ;AAE3B,QAAM,KAAK,KAAK,uBAAuB;AACvC,QAAM,OAAO,KAAK,UAAU,aAAa,CAAC,EAAE,YAAY;AAExD,QAAM,KAAK,UAAU,SAAS,EAAE,IAAI,CAAC,EAAE,KAAK,MAAM,KAAK;AACvD,QAAM,KAAK,UAAU,SAAS,EAAE,IAAI,CAAC,EAAE,KAAK,MAAM,QAAQ;AAE1D,QAAM,YAAY,KAAK,QAAQ,MAAM,EAAE,QAAQ,QAAQ,EAAE,MAAM;AAC/D,QAAM,OAAO,SAAS,EAAE,YAAY;AACpC,QAAM,WAAW,MAAM,UAAU,SAAS,CAAC,YAAY;AACrD,UAAM,SAAS;AACf,eAAW,UAAU,MAAM,KAAK,OAAO,OAAO,GAAG;AAC/C,UAAI,OAAO,SAAS,OAAO,MAAM,KAAK,EAAE,SAAS,EAAG,QAAO,OAAO;AAAA,IACpE;AACA,WAAO;AAAA,EACT,CAAC;AACD,MAAI,UAAU;AACZ,UAAM,UAAU,aAAa,QAAQ;AAAA,EACvC;AAEA,QAAM,aAAa,KAAK,UAAU,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACjF,QAAM,WAAW,KAAK,IAAI;AAC1B,QAAM,WAAW,MAAM,OAAO;AAE9B,QAAM,KAAK,UAAU,UAAU,EAAE,MAAM,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM;AACjE,QAAM,OAAO,IAAI,EAAE,UAAU,4BAA4B;AACzD,QAAM,KAAK,UAAU,WAAW,EAAE,MAAM,SAAS,CAAC,EAAE,KAAK,MAAM,KAAK;AACpE,QAAM,OAAO,KAAK,UAAU,OAAO,EAAE,MAAM,IAAI,OAAO,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,EAAE,YAAY;AAC1F;",
+  "names": []
+}

package/dist/helpers/integration/businessRulesFixtures.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+import { expectId, readJsonSafe } from "./generalFixtures.js";
+async function createRuleSetFixture(request, token, data) {
+  const response = await apiRequest(request, "POST", "/api/business_rules/sets", { token, data });
+  const body = await readJsonSafe(response);
+  expect(response.status(), "POST /api/business_rules/sets should return 201").toBe(201);
+  return expectId(body?.id, "Rule set creation response should include id");
+}
+async function deleteRuleSetIfExists(request, token, ruleSetId) {
+  if (!token || !ruleSetId) return;
+  await apiRequest(
+    request,
+    "DELETE",
+    `/api/business_rules/sets?id=${encodeURIComponent(ruleSetId)}`,
+    { token }
+  ).catch(() => void 0);
+}
+async function createBusinessRuleFixture(request, token, data) {
+  const response = await apiRequest(request, "POST", "/api/business_rules/rules", { token, data });
+  const body = await readJsonSafe(response);
+  expect(response.status(), "POST /api/business_rules/rules should return 201").toBe(201);
+  return expectId(body?.id, "Business rule creation response should include id");
+}
+async function deleteBusinessRuleIfExists(request, token, ruleId) {
+  if (!token || !ruleId) return;
+  await apiRequest(
+    request,
+    "DELETE",
+    `/api/business_rules/rules?id=${encodeURIComponent(ruleId)}`,
+    { token }
+  ).catch(() => void 0);
+}
+export {
+  createBusinessRuleFixture,
+  createRuleSetFixture,
+  deleteBusinessRuleIfExists,
+  deleteRuleSetIfExists
+};
+//# sourceMappingURL=businessRulesFixtures.js.map

package/dist/helpers/integration/businessRulesFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/businessRulesFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\nimport { expectId, readJsonSafe } from './generalFixtures';\n\nexport async function createRuleSetFixture(\n  request: APIRequestContext,\n  token: string,\n  data: Record<string, unknown>,\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/business_rules/sets', { token, data });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/business_rules/sets should return 201').toBe(201);\n  return expectId(body?.id, 'Rule set creation response should include id');\n}\n\nexport async function deleteRuleSetIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  ruleSetId: string | null,\n): Promise<void> {\n  if (!token || !ruleSetId) return;\n  await apiRequest(\n    request,\n    'DELETE',\n    `/api/business_rules/sets?id=${encodeURIComponent(ruleSetId)}`,\n    { token },\n  ).catch(() => undefined);\n}\n\nexport async function createBusinessRuleFixture(\n  request: APIRequestContext,\n  token: string,\n  data: Record<string, unknown>,\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/business_rules/rules', { token, data });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/business_rules/rules should return 201').toBe(201);\n  return expectId(body?.id, 'Business rule creation response should include id');\n}\n\nexport async function deleteBusinessRuleIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  ruleId: string | null,\n): Promise<void> {\n  if (!token || !ruleId) return;\n  await apiRequest(\n    request,\n    'DELETE',\n    `/api/business_rules/rules?id=${encodeURIComponent(ruleId)}`,\n    { token },\n  ).catch(() => undefined);\n}\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAC3B,SAAS,UAAU,oBAAoB;AAEvC,eAAsB,qBACpB,SACA,OACA,MACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,4BAA4B,EAAE,OAAO,KAAK,CAAC;AAC9F,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,iDAAiD,EAAE,KAAK,GAAG;AACrF,SAAO,SAAS,MAAM,IAAI,8CAA8C;AAC1E;AAEA,eAAsB,sBACpB,SACA,OACA,WACe;AACf,MAAI,CAAC,SAAS,CAAC,UAAW;AAC1B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,+BAA+B,mBAAmB,SAAS,CAAC;AAAA,IAC5D,EAAE,MAAM;AAAA,EACV,EAAE,MAAM,MAAM,MAAS;AACzB;AAEA,eAAsB,0BACpB,SACA,OACA,MACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,6BAA6B,EAAE,OAAO,KAAK,CAAC;AAC/F,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,kDAAkD,EAAE,KAAK,GAAG;AACtF,SAAO,SAAS,MAAM,IAAI,mDAAmD;AAC/E;AAEA,eAAsB,2BACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,gCAAgC,mBAAmB,MAAM,CAAC;AAAA,IAC1D,EAAE,MAAM;AAAA,EACV,EAAE,MAAM,MAAM,MAAS;AACzB;",
+  "names": []
+}

package/dist/helpers/integration/catalogFixtures.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+async function createProductFixture(request, token, input) {
+  const response = await apiRequest(request, "POST", "/api/catalog/products", {
+    token,
+    data: {
+      title: input.title,
+      sku: input.sku,
+      description: "Long enough description for SEO checks in QA automation flows. This text keeps the create validation satisfied."
+    }
+  });
+  expect(response.ok(), `Failed to create product fixture: ${response.status()}`).toBeTruthy();
+  const body = await response.json();
+  expect(typeof body.id === "string" && body.id.length > 0).toBeTruthy();
+  return body.id;
+}
+async function createCategoryFixture(request, token, input) {
+  const response = await apiRequest(request, "POST", "/api/catalog/categories", {
+    token,
+    data: { name: input.name }
+  });
+  expect(response.ok(), `Failed to create category fixture: ${response.status()}`).toBeTruthy();
+  const body = await response.json();
+  expect(typeof body.id === "string" && body.id.length > 0).toBeTruthy();
+  return body.id;
+}
+async function deleteCatalogCategoryIfExists(request, token, categoryId) {
+  if (!token || !categoryId) return;
+  try {
+    await apiRequest(request, "DELETE", `/api/catalog/categories?id=${encodeURIComponent(categoryId)}`, { token });
+  } catch {
+    return;
+  }
+}
+async function deleteCatalogProductIfExists(request, token, productId) {
+  if (!token || !productId) return;
+  try {
+    await apiRequest(request, "DELETE", `/api/catalog/products?id=${encodeURIComponent(productId)}`, { token });
+  } catch {
+    return;
+  }
+}
+export {
+  createCategoryFixture,
+  createProductFixture,
+  deleteCatalogCategoryIfExists,
+  deleteCatalogProductIfExists
+};
+//# sourceMappingURL=catalogFixtures.js.map

package/dist/helpers/integration/catalogFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/catalogFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\n\ntype ProductFixtureInput = {\n  title: string;\n  sku: string;\n};\n\nexport async function createProductFixture(\n  request: APIRequestContext,\n  token: string,\n  input: ProductFixtureInput,\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/catalog/products', {\n    token,\n    data: {\n      title: input.title,\n      sku: input.sku,\n      description:\n        'Long enough description for SEO checks in QA automation flows. This text keeps the create validation satisfied.',\n    },\n  });\n  expect(response.ok(), `Failed to create product fixture: ${response.status()}`).toBeTruthy();\n  const body = (await response.json()) as { id?: string };\n  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy();\n  return body.id as string;\n}\n\ntype CategoryFixtureInput = {\n  name: string;\n};\n\nexport async function createCategoryFixture(\n  request: APIRequestContext,\n  token: string,\n  input: CategoryFixtureInput,\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/catalog/categories', {\n    token,\n    data: { name: input.name },\n  });\n  expect(response.ok(), `Failed to create category fixture: ${response.status()}`).toBeTruthy();\n  const body = (await response.json()) as { id?: string };\n  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy();\n  return body.id as string;\n}\n\nexport async function deleteCatalogCategoryIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  categoryId: string | null,\n): Promise<void> {\n  if (!token || !categoryId) return;\n  try {\n    await apiRequest(request, 'DELETE', `/api/catalog/categories?id=${encodeURIComponent(categoryId)}`, { token });\n  } catch {\n    return;\n  }\n}\n\nexport async function deleteCatalogProductIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  productId: string | null,\n): Promise<void> {\n  if (!token || !productId) return;\n  try {\n    await apiRequest(request, 'DELETE', `/api/catalog/products?id=${encodeURIComponent(productId)}`, { token });\n  } catch {\n    return;\n  }\n}\n\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAO3B,eAAsB,qBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,yBAAyB;AAAA,IAC1E;AAAA,IACA,MAAM;AAAA,MACJ,OAAO,MAAM;AAAA,MACb,KAAK,MAAM;AAAA,MACX,aACE;AAAA,IACJ;AAAA,EACF,CAAC;AACD,SAAO,SAAS,GAAG,GAAG,qCAAqC,SAAS,OAAO,CAAC,EAAE,EAAE,WAAW;AAC3F,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,CAAC,EAAE,WAAW;AACrE,SAAO,KAAK;AACd;AAMA,eAAsB,sBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,2BAA2B;AAAA,IAC5E;AAAA,IACA,MAAM,EAAE,MAAM,MAAM,KAAK;AAAA,EAC3B,CAAC;AACD,SAAO,SAAS,GAAG,GAAG,sCAAsC,SAAS,OAAO,CAAC,EAAE,EAAE,WAAW;AAC5F,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,CAAC,EAAE,WAAW;AACrE,SAAO,KAAK;AACd;AAEA,eAAsB,8BACpB,SACA,OACA,YACe;AACf,MAAI,CAAC,SAAS,CAAC,WAAY;AAC3B,MAAI;AACF,UAAM,WAAW,SAAS,UAAU,8BAA8B,mBAAmB,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC;AAAA,EAC/G,QAAQ;AACN;AAAA,EACF;AACF;AAEA,eAAsB,6BACpB,SACA,OACA,WACe;AACf,MAAI,CAAC,SAAS,CAAC,UAAW;AAC1B,MAAI;AACF,UAAM,WAAW,SAAS,UAAU,4BAA4B,mBAAmB,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC;AAAA,EAC5G,QAAQ;AACN;AAAA,EACF;AACF;",
+  "names": []
+}