@wopr-network/platform-core 1.67.1 → 1.69.0

package/src/server/routes/__tests__/admin.test.ts

@@ -0,0 +1,320 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { IOrgMemberRepository } from "../../../tenancy/org-member-repository.js";
+import { createCallerFactory, router, setTrpcOrgMemberRepo } from "../../../trpc/init.js";
+import type { PlatformContainer } from "../../container.js";
+import { createTestContainer } from "../../test-container.js";
+import type { AdminRouterConfig } from "../admin.js";
+import { createAdminRouter } from "../admin.js";
+
+// ---------------------------------------------------------------------------
+// Mocks
+// ---------------------------------------------------------------------------
+
+// Mock global fetch for OpenRouter API calls
+const mockFetch = vi.fn();
+vi.stubGlobal("fetch", mockFetch);
+
+function makeMockOrgRepo(): IOrgMemberRepository {
+  return {
+    listMembers: vi.fn().mockResolvedValue([]),
+    addMember: vi.fn().mockResolvedValue(undefined),
+    updateMemberRole: vi.fn().mockResolvedValue(undefined),
+    removeMember: vi.fn().mockResolvedValue(undefined),
+    findMember: vi.fn().mockResolvedValue(null),
+    countAdminsAndOwners: vi.fn().mockResolvedValue(0),
+    listInvites: vi.fn().mockResolvedValue([]),
+    createInvite: vi.fn().mockResolvedValue(undefined),
+    findInviteById: vi.fn().mockResolvedValue(null),
+    findInviteByToken: vi.fn().mockResolvedValue(null),
+    deleteInvite: vi.fn().mockResolvedValue(undefined),
+    deleteAllMembers: vi.fn().mockResolvedValue(undefined),
+    deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+    listOrgsByUser: vi.fn().mockResolvedValue([]),
+    markInviteAccepted: vi.fn().mockResolvedValue(undefined),
+  } as unknown as IOrgMemberRepository;
+}
+
+const adminCtx = {
+  user: { id: "admin-1", roles: ["platform_admin"] },
+  tenantId: undefined,
+};
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function makeCaller(container: PlatformContainer, config?: AdminRouterConfig) {
+  const adminRouter = createAdminRouter(container, config);
+  const appRouter = router({ admin: adminRouter });
+  const createCaller = createCallerFactory(appRouter);
+  return createCaller(adminCtx);
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("createAdminRouter", () => {
+  beforeEach(() => {
+    setTrpcOrgMemberRepo(makeMockOrgRepo());
+    mockFetch.mockReset();
+  });
+
+  // -------------------------------------------------------------------------
+  // Model list endpoint
+  // -------------------------------------------------------------------------
+
+  describe("listAvailableModels", () => {
+    it("returns cached models from OpenRouter API", async () => {
+      const container = createTestContainer();
+      const models = [
+        {
+          id: "openai/gpt-4",
+          name: "GPT-4",
+          context_length: 8192,
+          pricing: { prompt: "0.03", completion: "0.06" },
+        },
+        {
+          id: "anthropic/claude-3",
+          name: "Claude 3",
+          context_length: 200000,
+          pricing: { prompt: "0.015", completion: "0.075" },
+        },
+      ];
+
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ data: models }),
+      });
+
+      const caller = makeCaller(container, { openRouterApiKey: "sk-test-key" });
+      const result = await caller.admin.listAvailableModels();
+
+      expect(result.models).toHaveLength(2);
+      expect(result.models[0].id).toBe("anthropic/claude-3");
+      expect(result.models[1].id).toBe("openai/gpt-4");
+      expect(mockFetch).toHaveBeenCalledOnce();
+
+      // Second call should use cache (no additional fetch)
+      const result2 = await caller.admin.listAvailableModels();
+      expect(result2.models).toHaveLength(2);
+      expect(mockFetch).toHaveBeenCalledOnce();
+    });
+
+    it("returns empty list when no API key configured", async () => {
+      const container = createTestContainer();
+      const caller = makeCaller(container); // no config = no API key
+
+      const result = await caller.admin.listAvailableModels();
+
+      expect(result.models).toEqual([]);
+      expect(mockFetch).not.toHaveBeenCalled();
+    });
+
+    it("returns stale cache on fetch failure", async () => {
+      // First call seeds the cache
+      const container = createTestContainer();
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ id: "model/a", name: "A", context_length: 100, pricing: { prompt: "1", completion: "2" } }],
+        }),
+      });
+      const caller = makeCaller(container, { openRouterApiKey: "sk-test-key" });
+      await caller.admin.listAvailableModels();
+
+      // Advance past 60s cache TTL so the next call triggers a fetch
+      vi.useFakeTimers();
+      vi.advanceTimersByTime(61_000);
+
+      mockFetch.mockRejectedValueOnce(new Error("Network error"));
+      const result = await caller.admin.listAvailableModels();
+
+      // On failure, falls back to stale cache
+      expect(result.models).toHaveLength(1);
+      expect(result.models[0].id).toBe("model/a");
+
+      vi.useRealTimers();
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // Fleet instance listing
+  // -------------------------------------------------------------------------
+
+  describe("listAllInstances", () => {
+    it("lists instances using container.fleet", async () => {
+      const mockProfiles = [
+        { id: "inst-1", name: "Bot A", tenantId: "t1", image: "img:latest" },
+        { id: "inst-2", name: "Bot B", tenantId: "t2", image: "img:v2" },
+      ];
+
+      const mockStatus = {
+        state: "running",
+        health: "healthy",
+        uptime: 3600,
+        containerId: "abc123",
+        startedAt: "2026-01-01T00:00:00Z",
+      };
+
+      const container = createTestContainer({
+        fleet: {
+          manager: {
+            status: vi.fn().mockResolvedValue(mockStatus),
+          } as never,
+          docker: {} as never,
+          proxy: {} as never,
+          profileStore: {
+            list: vi.fn().mockResolvedValue(mockProfiles),
+            init: vi.fn(),
+            save: vi.fn(),
+            get: vi.fn(),
+            delete: vi.fn(),
+          },
+          serviceKeyRepo: {} as never,
+        },
+      });
+
+      const caller = makeCaller(container);
+      const result = await caller.admin.listAllInstances();
+
+      expect(result.instances).toHaveLength(2);
+      expect(result.instances[0]).toEqual({
+        id: "inst-1",
+        name: "Bot A",
+        tenantId: "t1",
+        image: "img:latest",
+        state: "running",
+        health: "healthy",
+        uptime: 3600,
+        containerId: "abc123",
+        startedAt: "2026-01-01T00:00:00Z",
+      });
+    });
+
+    it("returns error when fleet not configured", async () => {
+      const container = createTestContainer({ fleet: null });
+      const caller = makeCaller(container);
+      const result = await caller.admin.listAllInstances();
+
+      expect(result.instances).toEqual([]);
+      expect(result.error).toBe("Fleet not configured");
+    });
+
+    it("returns error state for instances that fail status check", async () => {
+      const mockProfiles = [{ id: "inst-bad", name: "Bad Bot", tenantId: "t1", image: "img:latest" }];
+
+      const container = createTestContainer({
+        fleet: {
+          manager: {
+            status: vi.fn().mockRejectedValue(new Error("container not found")),
+          } as never,
+          docker: {} as never,
+          proxy: {} as never,
+          profileStore: {
+            list: vi.fn().mockResolvedValue(mockProfiles),
+            init: vi.fn(),
+            save: vi.fn(),
+            get: vi.fn(),
+            delete: vi.fn(),
+          },
+          serviceKeyRepo: {} as never,
+        },
+      });
+
+      const caller = makeCaller(container);
+      const result = await caller.admin.listAllInstances();
+
+      expect(result.instances).toHaveLength(1);
+      expect(result.instances[0].state).toBe("error");
+      expect(result.instances[0].health).toBeNull();
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // Credit balance query
+  // -------------------------------------------------------------------------
+
+  describe("billingOverview", () => {
+    it("queries credit balance via container pool", async () => {
+      const mockPool = {
+        query: vi
+          .fn()
+          .mockResolvedValueOnce({ rows: [{ totalRaw: "50000000" }] }) // credit_entry sum (50M microdollars = 5000 cents)
+          .mockResolvedValueOnce({ rows: [{ count: "3" }] }) // payment methods
+          .mockResolvedValueOnce({ rows: [{ count: "5" }] }), // orgs
+        end: vi.fn(),
+      };
+
+      const container = createTestContainer({
+        pool: mockPool as never,
+        gateway: null, // no gateway = skip service key count
+      });
+
+      const caller = makeCaller(container);
+      const result = await caller.admin.billingOverview();
+
+      expect(result.totalBalanceCents).toBe(5000);
+      expect(result.activeKeyCount).toBe(0); // gateway not configured
+      expect(result.paymentMethodCount).toBe(3);
+      expect(result.orgCount).toBe(5);
+    });
+
+    it("counts active service keys when gateway is configured", async () => {
+      const mockPool = {
+        query: vi
+          .fn()
+          .mockResolvedValueOnce({ rows: [{ totalRaw: "0" }] }) // credit_entry
+          .mockResolvedValueOnce({ rows: [{ count: "7" }] }) // service_keys
+          .mockResolvedValueOnce({ rows: [{ count: "0" }] }) // payment methods
+          .mockResolvedValueOnce({ rows: [{ count: "0" }] }), // orgs
+        end: vi.fn(),
+      };
+
+      const container = createTestContainer({
+        pool: mockPool as never,
+        gateway: {
+          serviceKeyRepo: {} as never,
+        },
+      });
+
+      const caller = makeCaller(container);
+      const result = await caller.admin.billingOverview();
+
+      expect(result.activeKeyCount).toBe(7);
+    });
+
+    it("returns zeros when tables do not exist", async () => {
+      const mockPool = {
+        query: vi.fn().mockRejectedValue(new Error('relation "credit_entry" does not exist')),
+        end: vi.fn(),
+      };
+
+      const container = createTestContainer({
+        pool: mockPool as never,
+      });
+
+      const caller = makeCaller(container);
+      const result = await caller.admin.billingOverview();
+
+      expect(result.totalBalanceCents).toBe(0);
+      expect(result.activeKeyCount).toBe(0);
+      expect(result.paymentMethodCount).toBe(0);
+      expect(result.orgCount).toBe(0);
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // Auth guard
+  // -------------------------------------------------------------------------
+
+  it("rejects non-admin users", async () => {
+    const container = createTestContainer();
+    const adminRouter = createAdminRouter(container);
+    const appRouter = router({ admin: adminRouter });
+    const createCaller = createCallerFactory(appRouter);
+    const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+
+    await expect(caller.admin.listAvailableModels()).rejects.toThrow("Platform admin role required");
+  });
+});

package/src/server/routes/__tests__/crypto-webhook.test.ts

@@ -0,0 +1,167 @@
+import { describe, expect, it, vi } from "vitest";
+import type { CryptoServices } from "../../container.js";
+import { createTestContainer } from "../../test-container.js";
+import { type CryptoWebhookConfig, createCryptoWebhookRoutes } from "../crypto-webhook.js";
+
+// ---------------------------------------------------------------------------
+// Mock the key-server-webhook handler so we never hit real billing logic
+// ---------------------------------------------------------------------------
+
+vi.mock("../../../billing/crypto/key-server-webhook.js", () => ({
+  handleKeyServerWebhook: vi.fn().mockResolvedValue({
+    handled: true,
+    creditedCents: 500,
+  }),
+}));
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+const SECRET = "test-provision-secret";
+const CRYPTO_KEY = "test-crypto-service-key";
+
+function makeConfig(overrides?: Partial<CryptoWebhookConfig>): CryptoWebhookConfig {
+  return {
+    provisionSecret: SECRET,
+    cryptoServiceKey: CRYPTO_KEY,
+    ...overrides,
+  };
+}
+
+function makeCrypto(): CryptoServices {
+  return {
+    chargeRepo: {} as never,
+    webhookSeenRepo: {} as never,
+  };
+}
+
+const validPayload = {
+  chargeId: "ch_123",
+  chain: "ETH",
+  address: "0xabc",
+  status: "confirmed",
+};
+
+function buildApp(opts?: { crypto?: CryptoServices | null; config?: Partial<CryptoWebhookConfig> }) {
+  const container = createTestContainer({
+    crypto: opts?.crypto !== undefined ? opts.crypto : makeCrypto(),
+  });
+  const config = makeConfig(opts?.config);
+  return createCryptoWebhookRoutes(container, config);
+}
+
+async function post(app: ReturnType<typeof buildApp>, body: unknown, headers?: Record<string, string>) {
+  const init: RequestInit = {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...headers,
+    },
+  };
+
+  if (body !== undefined) {
+    init.body = typeof body === "string" ? body : JSON.stringify(body);
+  }
+
+  return app.request("/", init);
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("createCryptoWebhookRoutes", () => {
+  // 1. No auth header
+  it("returns 401 without auth header", async () => {
+    const app = buildApp();
+    const res = await post(app, validPayload);
+
+    expect(res.status).toBe(401);
+    const json = await res.json();
+    expect(json.error).toBe("Unauthorized");
+  });
+
+  // 2. Wrong Bearer token
+  it("returns 401 with wrong Bearer token", async () => {
+    const app = buildApp();
+    const res = await post(app, validPayload, {
+      Authorization: "Bearer wrong-token",
+    });
+
+    expect(res.status).toBe(401);
+    const json = await res.json();
+    expect(json.error).toBe("Unauthorized");
+  });
+
+  // 3. Invalid JSON
+  it("returns 400 on invalid JSON", async () => {
+    const app = buildApp();
+    const res = await app.request("/", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${SECRET}`,
+      },
+      body: "not-valid-json{{{",
+    });
+
+    expect(res.status).toBe(400);
+    const json = await res.json();
+    expect(json.error).toBe("Invalid JSON");
+  });
+
+  // 4. Zod validation failure (missing required fields)
+  it("returns 400 on payload that fails Zod validation", async () => {
+    const app = buildApp();
+    const res = await post(
+      app,
+      { chargeId: "ch_123" }, // missing chain, address, status
+      { Authorization: `Bearer ${SECRET}` },
+    );
+
+    expect(res.status).toBe(400);
+    const json = await res.json();
+    expect(json.error).toBe("Invalid payload");
+    expect(json.issues).toBeDefined();
+    expect(json.issues.length).toBeGreaterThan(0);
+  });
+
+  // 5. Container crypto is null -> 501
+  it("returns 501 when container.crypto is null", async () => {
+    const app = buildApp({ crypto: null });
+    const res = await post(app, validPayload, {
+      Authorization: `Bearer ${SECRET}`,
+    });
+
+    expect(res.status).toBe(501);
+    const json = await res.json();
+    expect(json.error).toBe("Crypto payments not configured");
+  });
+
+  // 6. Valid Bearer matching provision secret
+  it("accepts valid Bearer token matching provision secret", async () => {
+    const app = buildApp();
+    const res = await post(app, validPayload, {
+      Authorization: `Bearer ${SECRET}`,
+    });
+
+    expect(res.status).toBe(200);
+    const json = await res.json();
+    expect(json.handled).toBe(true);
+    expect(json.creditedCents).toBe(500);
+  });
+
+  // 7. Valid Bearer matching crypto service key
+  it("accepts valid Bearer token matching crypto service key", async () => {
+    const app = buildApp();
+    const res = await post(app, validPayload, {
+      Authorization: `Bearer ${CRYPTO_KEY}`,
+    });
+
+    expect(res.status).toBe(200);
+    const json = await res.json();
+    expect(json.handled).toBe(true);
+    expect(json.creditedCents).toBe(500);
+  });
+});