@open-mercato/core 0.4.9-develop-e55592929f → 0.4.9-develop-ce96cffe00

package/src/helpers/integration/attachmentsFixtures.ts

@@ -0,0 +1,114 @@
+import { expect, type APIRequestContext } from '@playwright/test';
+import { apiRequest } from './api';
+import { expectId, readJsonSafe } from './generalFixtures';
+
+const BASE_URL = process.env.BASE_URL?.trim() || 'http://localhost:3000';
+
+type AttachmentAssignment = {
+  type: string;
+  id: string;
+  href?: string | null;
+  label?: string | null;
+};
+
+type MultipartFieldValue =
+  | string
+  | number
+  | boolean
+  | {
+      name: string;
+      mimeType: string;
+      buffer: Buffer;
+    };
+
+function resolveApiUrl(path: string): string {
+  return `${BASE_URL}${path}`;
+}
+
+export async function uploadAttachmentFixture(
+  request: APIRequestContext,
+  token: string,
+  input: {
+    entityId: string;
+    recordId: string;
+    fileName: string;
+    mimeType: string;
+    buffer: Buffer;
+    partitionCode?: string;
+    tags?: string[];
+    assignments?: AttachmentAssignment[];
+  },
+): Promise<{
+  id: string;
+  partitionCode: string;
+  fileName: string;
+  tags: string[];
+  assignments: AttachmentAssignment[];
+}> {
+  const multipart: Record<string, MultipartFieldValue> = {
+    entityId: input.entityId,
+    recordId: input.recordId,
+    file: {
+      name: input.fileName,
+      mimeType: input.mimeType,
+      buffer: input.buffer,
+    },
+  };
+  if (input.partitionCode) multipart.partitionCode = input.partitionCode;
+  if (input.tags) multipart.tags = JSON.stringify(input.tags);
+  if (input.assignments) multipart.assignments = JSON.stringify(input.assignments);
+
+  const response = await request.fetch(resolveApiUrl('/api/attachments'), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${token}`,
+    },
+    multipart,
+  });
+  const body = await readJsonSafe<{
+    ok?: boolean;
+    item?: {
+      id?: string;
+      partitionCode?: string;
+      fileName?: string;
+      tags?: string[];
+      assignments?: AttachmentAssignment[];
+    };
+  }>(response);
+  expect(response.status(), 'POST /api/attachments should return 200').toBe(200);
+  return {
+    id: expectId(body?.item?.id, 'Attachment upload response should include item.id'),
+    partitionCode: String(body?.item?.partitionCode ?? ''),
+    fileName: String(body?.item?.fileName ?? ''),
+    tags: body?.item?.tags ?? [],
+    assignments: body?.item?.assignments ?? [],
+  };
+}
+
+export async function deleteAttachmentIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  attachmentId: string | null,
+): Promise<void> {
+  if (!token || !attachmentId) return;
+  await apiRequest(
+    request,
+    'DELETE',
+    `/api/attachments?id=${encodeURIComponent(attachmentId)}`,
+    { token },
+  ).catch(() => undefined);
+}
+
+export async function deleteAttachmentPartitionIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  partitionId: string | null,
+): Promise<void> {
+  if (!token || !partitionId) return;
+  await apiRequest(
+    request,
+    'DELETE',
+    `/api/attachments/partitions?id=${encodeURIComponent(partitionId)}`,
+    { token },
+  ).catch(() => undefined);
+}

package/src/helpers/integration/auth.ts

@@ -0,0 +1,208 @@
+import { type Page } from '@playwright/test';
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+
+function loadEnvFileContent(): string | null {
+  const candidatePaths = [
+    resolve(process.cwd(), 'apps/mercato/.env'),
+    resolve(process.cwd(), '.env'),
+  ];
+
+  for (const envPath of candidatePaths) {
+    try {
+      const content = readFileSync(envPath, 'utf-8');
+      if (content.trim().length > 0) {
+        return content;
+      }
+    } catch {
+      continue;
+    }
+  }
+
+  return null;
+}
+
+function loadEnvValue(key: string): string | undefined {
+  if (process.env[key]) return process.env[key];
+  const content = loadEnvFileContent();
+  if (!content) return undefined;
+  const match = content.match(new RegExp(`^${key}=(.+)$`, 'm'));
+  return match?.[1]?.trim();
+}
+
+export const DEFAULT_CREDENTIALS: Record<string, { email: string; password: string }> = {
+  superadmin: {
+    email: loadEnvValue('OM_INIT_SUPERADMIN_EMAIL') || 'superadmin@acme.com',
+    password: loadEnvValue('OM_INIT_SUPERADMIN_PASSWORD') || 'secret',
+  },
+  admin: { email: 'admin@acme.com', password: 'secret' },
+  employee: { email: 'employee@acme.com', password: 'secret' },
+};
+
+export type Role = 'superadmin' | 'admin' | 'employee';
+
+function decodeJwtClaims(token: string): { tenantId?: string; orgId?: string | null } | null {
+  const parts = token.split('.');
+  if (parts.length < 2) return null;
+  try {
+    const normalized = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+    const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, '=');
+    const payload = JSON.parse(Buffer.from(padded, 'base64').toString('utf8')) as {
+      tenantId?: string;
+      orgId?: string | null;
+    };
+    return payload;
+  } catch {
+    return null;
+  }
+}
+
+async function acknowledgeGlobalNotices(page: Page): Promise<void> {
+  const baseUrl = process.env.BASE_URL || 'http://localhost:3000';
+  await page.context().addCookies([
+    {
+      name: 'om_demo_notice_ack',
+      value: 'ack',
+      url: baseUrl,
+      sameSite: 'Lax',
+    },
+    {
+      name: 'om_cookie_notice_ack',
+      value: 'ack',
+      url: baseUrl,
+      sameSite: 'Lax',
+    },
+  ]);
+}
+
+async function dismissGlobalNoticesIfPresent(page: Page): Promise<void> {
+  const cookieAcceptButton = page.getByRole('button', { name: /accept cookies/i }).first();
+  if (await cookieAcceptButton.isVisible().catch(() => false)) {
+    await cookieAcceptButton.click();
+  }
+
+  const demoNotice = page.getByText(/this instance is provided for demo purposes only/i).first();
+  if (await demoNotice.isVisible().catch(() => false)) {
+    const noticeContainer = demoNotice.locator('xpath=ancestor::div[contains(@class,"pointer-events-auto")]').first();
+    const dismissButton = noticeContainer.locator('button').first();
+    if (await dismissButton.isVisible().catch(() => false)) {
+      await dismissButton.click();
+    }
+  }
+}
+
+async function recoverClientSideErrorPageIfPresent(page: Page): Promise<void> {
+  const clientErrorHeading = page
+    .getByRole('heading', { name: /Application error: a client-side exception has occurred/i })
+    .first();
+  if (!(await clientErrorHeading.isVisible().catch(() => false))) return;
+  await page.reload({ waitUntil: 'domcontentloaded' });
+  await dismissGlobalNoticesIfPresent(page);
+}
+
+async function recoverGenericErrorPageIfPresent(page: Page): Promise<void> {
+  const errorHeading = page.getByRole('heading', { name: /^Something went wrong$/i }).first();
+  if (!(await errorHeading.isVisible().catch(() => false))) return;
+  const retryButton = page.getByRole('button', { name: /Try again/i }).first();
+  if (await retryButton.isVisible().catch(() => false)) {
+    await retryButton.click().catch(() => {});
+    await page.waitForLoadState('domcontentloaded').catch(() => {});
+    await page.waitForTimeout(500).catch(() => {});
+  } else {
+    await page.reload({ waitUntil: 'domcontentloaded' });
+  }
+  await dismissGlobalNoticesIfPresent(page);
+}
+
+export async function login(page: Page, role: Role = 'admin'): Promise<void> {
+  const creds = DEFAULT_CREDENTIALS[role];
+  const loginReadySelector = 'form[data-auth-ready="1"]';
+  const hasBackendUrl = (): boolean => /\/backend(?:\/.*)?$/.test(page.url());
+  const waitForBackend = async (timeout: number): Promise<boolean> => {
+    try {
+      await page.waitForURL(/\/backend(?:\/.*)?$/, { timeout });
+      return true;
+    } catch {
+      return hasBackendUrl();
+    }
+  };
+
+  await acknowledgeGlobalNotices(page);
+  const apiLoginForm = new URLSearchParams();
+  apiLoginForm.set('email', creds.email);
+  apiLoginForm.set('password', creds.password);
+  const apiLoginResponse = await page.request.post('/api/auth/login', {
+    headers: {
+      'content-type': 'application/x-www-form-urlencoded',
+    },
+    data: apiLoginForm.toString(),
+  }).catch(() => null);
+  if (apiLoginResponse?.ok()) {
+    const apiLoginBody = (await apiLoginResponse.json().catch(() => null)) as { token?: string } | null;
+    const claims = typeof apiLoginBody?.token === 'string' ? decodeJwtClaims(apiLoginBody.token) : null;
+    const baseUrl = process.env.BASE_URL || 'http://localhost:3000';
+    const cookies = [];
+    if (claims?.tenantId) {
+      cookies.push({
+        name: 'om_selected_tenant',
+        value: claims.tenantId,
+        url: baseUrl,
+        sameSite: 'Lax' as const,
+      });
+    }
+    if (claims?.orgId) {
+      cookies.push({
+        name: 'om_selected_org',
+        value: claims.orgId,
+        url: baseUrl,
+        sameSite: 'Lax' as const,
+      });
+    }
+    if (cookies.length > 0) {
+      await page.context().addCookies(cookies);
+    }
+    await page.goto('/backend', { waitUntil: 'domcontentloaded' });
+    if (await waitForBackend(8_000)) return;
+  }
+
+  for (let attempt = 0; attempt < 4; attempt += 1) {
+    await page.goto('/login', { waitUntil: 'domcontentloaded' });
+    await dismissGlobalNoticesIfPresent(page);
+    await recoverClientSideErrorPageIfPresent(page);
+    await recoverGenericErrorPageIfPresent(page);
+    await page.waitForSelector(loginReadySelector, { state: 'visible', timeout: 3_000 }).catch(() => null);
+    if (await page.getByLabel('Email').isVisible().catch(() => false)) break;
+    if (attempt === 3) {
+      throw new Error(`Login form is unavailable for role: ${role}; current URL: ${page.url()}`);
+    }
+  }
+  await page.getByLabel('Email').fill(creds.email);
+
+  const passwordInput = page.getByLabel('Password').first();
+  if (await passwordInput.isVisible().catch(() => false)) {
+    await passwordInput.fill(creds.password);
+    await passwordInput.press('Enter');
+  } else {
+    const submitButton = page.getByRole('button', { name: /login|sign in|continue with sso/i }).first();
+    await submitButton.click();
+  }
+
+  if (await waitForBackend(7_000)) return;
+
+  const loginForm = page.locator('form').first();
+  if (await loginForm.isVisible().catch(() => false)) {
+    await loginForm.evaluate((element) => {
+      const form = element as HTMLFormElement
+      form.requestSubmit()
+    }).catch(() => {})
+  }
+  if (await waitForBackend(5_000)) return;
+
+  const loginButton = page.getByRole('button', { name: /login|sign in|continue with sso/i }).first();
+  if (await loginButton.isVisible().catch(() => false)) {
+    await loginButton.click({ force: true });
+  }
+  if (await waitForBackend(8_000)) return;
+
+  throw new Error(`Login did not reach backend for role: ${role}; current URL: ${page.url()}`);
+}

package/src/helpers/integration/authFixtures.ts

@@ -0,0 +1,52 @@
+import { expect, type APIRequestContext } from '@playwright/test';
+import { apiRequest } from './api';
+import { expectId, readJsonSafe } from './generalFixtures';
+
+export async function createRoleFixture(
+  request: APIRequestContext,
+  token: string,
+  input: { name: string; tenantId?: string | null },
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', '/api/auth/roles', {
+    token,
+    data: {
+      name: input.name,
+      tenantId: input.tenantId ?? null,
+    },
+  });
+  const body = await readJsonSafe<{ id?: string }>(response);
+  expect(response.status(), 'POST /api/auth/roles should return 201').toBe(201);
+  return expectId(body?.id, 'Role creation response should include id');
+}
+
+export async function deleteRoleIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  roleId: string | null,
+): Promise<void> {
+  if (!token || !roleId) return;
+  await apiRequest(request, 'DELETE', `/api/auth/roles?id=${encodeURIComponent(roleId)}`, { token }).catch(() => undefined);
+}
+
+export async function createUserFixture(
+  request: APIRequestContext,
+  token: string,
+  input: { email: string; password: string; organizationId: string; roles: string[] },
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', '/api/auth/users', {
+    token,
+    data: input,
+  });
+  const body = await readJsonSafe<{ id?: string }>(response);
+  expect(response.status(), 'POST /api/auth/users should return 201').toBe(201);
+  return expectId(body?.id, 'User creation response should include id');
+}
+
+export async function deleteUserIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  userId: string | null,
+): Promise<void> {
+  if (!token || !userId) return;
+  await apiRequest(request, 'DELETE', `/api/auth/users?id=${encodeURIComponent(userId)}`, { token }).catch(() => undefined);
+}

package/src/helpers/integration/authUi.ts

@@ -0,0 +1,33 @@
+import { expect, type Page } from '@playwright/test';
+
+export async function createUserViaUi(page: Page, input: { email: string; password: string; role?: string }) {
+  const role = input.role ?? 'employee';
+
+  await page.goto('/backend/users/create');
+  await expect(page.getByText('Create User')).toBeVisible();
+
+  await page.getByRole('textbox').nth(0).fill(input.email);
+  await page.getByRole('textbox').nth(1).fill(input.password);
+
+  const orgSelect = page.locator('main').locator('select').first();
+  await expect(orgSelect).toBeEnabled();
+  const orgValue = await orgSelect.evaluate((element) => {
+    const select = element as HTMLSelectElement;
+    for (const option of Array.from(select.options)) {
+      if (option.value && option.value.trim().length > 0) return option.value;
+    }
+    return '';
+  });
+  if (orgValue) {
+    await orgSelect.selectOption(orgValue);
+  }
+
+  const rolesInput = page.getByRole('textbox', { name: /add tag and press enter/i });
+  await rolesInput.fill(role);
+  await rolesInput.press('Enter');
+
+  await page.getByRole('button', { name: 'Create' }).first().click();
+  await expect(page).toHaveURL(/\/backend\/users(?:\?.*)?$/);
+  await page.getByRole('textbox', { name: 'Search' }).fill(input.email);
+  await expect(page.getByRole('row', { name: new RegExp(input.email, 'i') })).toBeVisible();
+}

package/src/helpers/integration/businessRulesFixtures.ts

@@ -0,0 +1,53 @@
+import { expect, type APIRequestContext } from '@playwright/test';
+import { apiRequest } from './api';
+import { expectId, readJsonSafe } from './generalFixtures';
+
+export async function createRuleSetFixture(
+  request: APIRequestContext,
+  token: string,
+  data: Record<string, unknown>,
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', '/api/business_rules/sets', { token, data });
+  const body = await readJsonSafe<{ id?: string }>(response);
+  expect(response.status(), 'POST /api/business_rules/sets should return 201').toBe(201);
+  return expectId(body?.id, 'Rule set creation response should include id');
+}
+
+export async function deleteRuleSetIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  ruleSetId: string | null,
+): Promise<void> {
+  if (!token || !ruleSetId) return;
+  await apiRequest(
+    request,
+    'DELETE',
+    `/api/business_rules/sets?id=${encodeURIComponent(ruleSetId)}`,
+    { token },
+  ).catch(() => undefined);
+}
+
+export async function createBusinessRuleFixture(
+  request: APIRequestContext,
+  token: string,
+  data: Record<string, unknown>,
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', '/api/business_rules/rules', { token, data });
+  const body = await readJsonSafe<{ id?: string }>(response);
+  expect(response.status(), 'POST /api/business_rules/rules should return 201').toBe(201);
+  return expectId(body?.id, 'Business rule creation response should include id');
+}
+
+export async function deleteBusinessRuleIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  ruleId: string | null,
+): Promise<void> {
+  if (!token || !ruleId) return;
+  await apiRequest(
+    request,
+    'DELETE',
+    `/api/business_rules/rules?id=${encodeURIComponent(ruleId)}`,
+    { token },
+  ).catch(() => undefined);
+}

package/src/helpers/integration/catalogFixtures.ts

@@ -0,0 +1,73 @@
+import { expect, type APIRequestContext } from '@playwright/test';
+import { apiRequest } from './api';
+
+type ProductFixtureInput = {
+  title: string;
+  sku: string;
+};
+
+export async function createProductFixture(
+  request: APIRequestContext,
+  token: string,
+  input: ProductFixtureInput,
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', '/api/catalog/products', {
+    token,
+    data: {
+      title: input.title,
+      sku: input.sku,
+      description:
+        'Long enough description for SEO checks in QA automation flows. This text keeps the create validation satisfied.',
+    },
+  });
+  expect(response.ok(), `Failed to create product fixture: ${response.status()}`).toBeTruthy();
+  const body = (await response.json()) as { id?: string };
+  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy();
+  return body.id as string;
+}
+
+type CategoryFixtureInput = {
+  name: string;
+};
+
+export async function createCategoryFixture(
+  request: APIRequestContext,
+  token: string,
+  input: CategoryFixtureInput,
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', '/api/catalog/categories', {
+    token,
+    data: { name: input.name },
+  });
+  expect(response.ok(), `Failed to create category fixture: ${response.status()}`).toBeTruthy();
+  const body = (await response.json()) as { id?: string };
+  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy();
+  return body.id as string;
+}
+
+export async function deleteCatalogCategoryIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  categoryId: string | null,
+): Promise<void> {
+  if (!token || !categoryId) return;
+  try {
+    await apiRequest(request, 'DELETE', `/api/catalog/categories?id=${encodeURIComponent(categoryId)}`, { token });
+  } catch {
+    return;
+  }
+}
+
+export async function deleteCatalogProductIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  productId: string | null,
+): Promise<void> {
+  if (!token || !productId) return;
+  try {
+    await apiRequest(request, 'DELETE', `/api/catalog/products?id=${encodeURIComponent(productId)}`, { token });
+  } catch {
+    return;
+  }
+}
+

package/src/helpers/integration/crmFixtures.ts

@@ -0,0 +1,132 @@
+import { expect, type APIRequestContext } from '@playwright/test';
+import { apiRequest } from './api';
+import { readJsonSafe } from './generalFixtures';
+
+type JsonRecord = Record<string, unknown>;
+
+export { readJsonSafe } from './generalFixtures';
+
+function isRecord(value: unknown): value is JsonRecord {
+  return typeof value === 'object' && value !== null;
+}
+
+function findStringByKeys(value: unknown, keys: readonly string[]): string | null {
+  if (!isRecord(value)) return null;
+
+  for (const key of keys) {
+    const candidate = value[key];
+    if (typeof candidate === 'string' && candidate.trim().length > 0) {
+      return candidate.trim();
+    }
+  }
+
+  for (const nested of Object.values(value)) {
+    if (Array.isArray(nested)) continue;
+    const found = findStringByKeys(nested, keys);
+    if (found) return found;
+  }
+
+  return null;
+}
+
+async function createEntity(
+  request: APIRequestContext,
+  token: string,
+  path: string,
+  data: Record<string, unknown>,
+  idKeys: readonly string[],
+): Promise<string> {
+  const response = await apiRequest(request, 'POST', path, { token, data });
+  const payload = await readJsonSafe(response);
+  expect(response.ok(), `Failed POST ${path}: ${response.status()}`).toBeTruthy();
+  const id = findStringByKeys(payload, idKeys);
+  expect(id, `No id in ${path} response`).toBeTruthy();
+  return id as string;
+}
+
+export async function createCompanyFixture(
+  request: APIRequestContext,
+  token: string,
+  displayName: string,
+): Promise<string> {
+  return createEntity(request, token, '/api/customers/companies', { displayName }, ['id', 'entityId', 'companyId']);
+}
+
+export async function createPersonFixture(
+  request: APIRequestContext,
+  token: string,
+  input: { firstName: string; lastName: string; displayName: string; companyEntityId?: string },
+): Promise<string> {
+  const data: Record<string, unknown> = {
+    firstName: input.firstName,
+    lastName: input.lastName,
+    displayName: input.displayName,
+  };
+  if (input.companyEntityId) {
+    data.companyEntityId = input.companyEntityId;
+  }
+  return createEntity(request, token, '/api/customers/people', data, ['id', 'entityId', 'personId']);
+}
+
+export async function createDealFixture(
+  request: APIRequestContext,
+  token: string,
+  input: { title: string; companyIds?: string[]; personIds?: string[]; pipelineId?: string; pipelineStageId?: string; valueAmount?: number; valueCurrency?: string },
+): Promise<string> {
+  const data: Record<string, unknown> = { title: input.title };
+  if (input.companyIds?.length) data.companyIds = input.companyIds;
+  if (input.personIds?.length) data.personIds = input.personIds;
+  if (input.pipelineId) data.pipelineId = input.pipelineId;
+  if (input.pipelineStageId) data.pipelineStageId = input.pipelineStageId;
+  if (input.valueAmount !== undefined) data.valueAmount = input.valueAmount;
+  if (input.valueCurrency) data.valueCurrency = input.valueCurrency;
+  return createEntity(request, token, '/api/customers/deals', data, ['dealId', 'id', 'entityId']);
+}
+
+export async function createPipelineFixture(
+  request: APIRequestContext,
+  token: string,
+  input: { name: string; isDefault?: boolean },
+): Promise<string> {
+  const data: Record<string, unknown> = { name: input.name };
+  if (input.isDefault !== undefined) data.isDefault = input.isDefault;
+  return createEntity(request, token, '/api/customers/pipelines', data, ['id', 'pipelineId']);
+}
+
+export async function createPipelineStageFixture(
+  request: APIRequestContext,
+  token: string,
+  input: { pipelineId: string; label: string; order?: number },
+): Promise<string> {
+  const data: Record<string, unknown> = { pipelineId: input.pipelineId, label: input.label };
+  if (input.order !== undefined) data.order = input.order;
+  return createEntity(request, token, '/api/customers/pipeline-stages', data, ['id', 'stageId']);
+}
+
+export async function deleteEntityByBody(
+  request: APIRequestContext,
+  token: string | null,
+  path: string,
+  id: string | null,
+): Promise<void> {
+  if (!token || !id) return;
+  try {
+    await apiRequest(request, 'DELETE', path, { token, data: { id } });
+  } catch {
+    return;
+  }
+}
+
+export async function deleteEntityIfExists(
+  request: APIRequestContext,
+  token: string | null,
+  path: string,
+  id: string | null,
+): Promise<void> {
+  if (!token || !id) return;
+  try {
+    await apiRequest(request, 'DELETE', `${path}?id=${encodeURIComponent(id)}`, { token });
+  } catch {
+    return;
+  }
+}