backend-manager 5.9.4 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (251) hide show
  1. package/CLAUDE.md +6 -0
  2. package/package.json +8 -1
  3. package/src/cli/commands/install.js +4 -3
  4. package/src/cli/commands/setup-tests/backend-manager.js +2 -1
  5. package/src/cli/commands/setup-tests/firebase-admin.js +2 -1
  6. package/src/cli/commands/setup-tests/firebase-functions.js +2 -1
  7. package/src/cli/utils/safe-install.js +13 -0
  8. package/src/manager/routes/payments/cancel/post.js +22 -2
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  13. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  20. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  21. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  22. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  23. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  24. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  25. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  26. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  27. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  28. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  29. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  30. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  31. package/src/test/test-accounts.js +9 -0
  32. package/.codeclimate.yml +0 -32
  33. package/.nvmrc +0 -1
  34. package/CHANGELOG.md +0 -1432
  35. package/PROGRESS.md +0 -86
  36. package/TODO-2.md +0 -121
  37. package/TODO-CHARGEBLAST.md +0 -32
  38. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  39. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  40. package/TODO-email-auth.md +0 -14
  41. package/TODO.md +0 -187
  42. package/plans/mcp2.md +0 -247
  43. package/scripts/test-helper-providers.js +0 -162
  44. package/scripts/update-disposable-domains.js +0 -44
  45. package/templates/_.env +0 -42
  46. package/templates/_.gitignore +0 -60
  47. package/templates/backend-manager-config.json +0 -249
  48. package/templates/database.rules.json +0 -83
  49. package/templates/firebase.json +0 -66
  50. package/templates/firestore.indexes.json +0 -4
  51. package/templates/firestore.rules +0 -112
  52. package/templates/public/404.html +0 -26
  53. package/templates/public/index.html +0 -24
  54. package/templates/remoteconfig.template.json +0 -1
  55. package/templates/storage-lifecycle-config-1-day.json +0 -9
  56. package/templates/storage-lifecycle-config-30-days.json +0 -9
  57. package/templates/storage.rules +0 -8
  58. package/test/_init/accounts-validation.js +0 -58
  59. package/test/_legacy/ai/index.js +0 -231
  60. package/test/_legacy/ai/test.jpg +0 -0
  61. package/test/_legacy/ai/test.pdf +0 -0
  62. package/test/_legacy/index.js +0 -31
  63. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  64. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  66. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  67. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  68. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  69. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  70. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  71. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  72. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  73. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  74. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  75. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  76. package/test/_legacy/payment-resolver/index.js +0 -1558
  77. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  78. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  84. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  85. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  86. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  87. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  88. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  89. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  90. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  91. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  92. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  94. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  95. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  96. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  97. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  98. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  99. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  100. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  101. package/test/_legacy/test-new +0 -1178
  102. package/test/_legacy/test.md +0 -89
  103. package/test/_legacy/usage.js +0 -175
  104. package/test/_legacy/user.js +0 -31
  105. package/test/ai/tools-live.js +0 -170
  106. package/test/boot/emulator-boots.js +0 -37
  107. package/test/content/blog-generate.js +0 -160
  108. package/test/email/campaign-send.js +0 -45
  109. package/test/email/consent-lifecycle.js +0 -257
  110. package/test/email/feedback-and-plain-send.js +0 -52
  111. package/test/email/fixtures/editorial.json +0 -30
  112. package/test/email/fixtures/field-report.json +0 -53
  113. package/test/email/marketing-lifecycle.js +0 -132
  114. package/test/email/newsletter-generate.js +0 -819
  115. package/test/email/newsletter-templates.js +0 -491
  116. package/test/email/templates.js +0 -207
  117. package/test/email/transactional-send.js +0 -34
  118. package/test/email/transactional.js +0 -560
  119. package/test/email/validation.js +0 -710
  120. package/test/events/auth-delete-race.js +0 -201
  121. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  122. package/test/events/payments/journey-payments-cancel.js +0 -182
  123. package/test/events/payments/journey-payments-discount.js +0 -89
  124. package/test/events/payments/journey-payments-failure.js +0 -146
  125. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  126. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  127. package/test/events/payments/journey-payments-one-time.js +0 -136
  128. package/test/events/payments/journey-payments-plan-change.js +0 -144
  129. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  130. package/test/events/payments/journey-payments-suspend.js +0 -181
  131. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  132. package/test/events/payments/journey-payments-trial.js +0 -171
  133. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  134. package/test/events/payments/journey-payments-upgrade.js +0 -135
  135. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  136. package/test/fixtures/chargebee/subscription-active.json +0 -44
  137. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  138. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  139. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  140. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  141. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  142. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  143. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  144. package/test/fixtures/paypal/order-approved.json +0 -62
  145. package/test/fixtures/paypal/order-completed.json +0 -110
  146. package/test/fixtures/paypal/subscription-active.json +0 -76
  147. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  148. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  149. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  150. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  151. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  152. package/test/fixtures/stripe/subscription-active.json +0 -161
  153. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  154. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  155. package/test/functions/admin/database-read.js +0 -134
  156. package/test/functions/admin/database-write.js +0 -159
  157. package/test/functions/admin/edit-post.js +0 -366
  158. package/test/functions/admin/firestore-query.js +0 -207
  159. package/test/functions/admin/firestore-read.js +0 -129
  160. package/test/functions/admin/firestore-write.js +0 -105
  161. package/test/functions/admin/get-stats.js +0 -115
  162. package/test/functions/admin/send-email.js +0 -119
  163. package/test/functions/admin/send-notification.js +0 -208
  164. package/test/functions/admin/write-repo-content.js +0 -223
  165. package/test/functions/general/add-marketing-contact.js +0 -335
  166. package/test/functions/general/fetch-post.js +0 -54
  167. package/test/functions/general/generate-uuid.js +0 -114
  168. package/test/functions/test/authenticate.js +0 -64
  169. package/test/functions/user/create-custom-token.js +0 -73
  170. package/test/functions/user/delete.js +0 -135
  171. package/test/functions/user/get-active-sessions.js +0 -111
  172. package/test/functions/user/get-subscription-info.js +0 -99
  173. package/test/functions/user/regenerate-api-keys.js +0 -156
  174. package/test/functions/user/resolve.js +0 -52
  175. package/test/functions/user/sign-out-all-sessions.js +0 -94
  176. package/test/functions/user/sign-up.js +0 -252
  177. package/test/functions/user/submit-feedback.js +0 -104
  178. package/test/functions/user/validate-settings.js +0 -82
  179. package/test/helpers/ai-request-payload.js +0 -300
  180. package/test/helpers/ai-test-provider.js +0 -202
  181. package/test/helpers/ai-tools-format.js +0 -383
  182. package/test/helpers/content/blog-auto-publisher.js +0 -484
  183. package/test/helpers/content/feed-parser.js +0 -528
  184. package/test/helpers/content/ghostii-blocks.js +0 -134
  185. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  186. package/test/helpers/content/ghostii-write-article.js +0 -243
  187. package/test/helpers/environment.js +0 -230
  188. package/test/helpers/infer-contact.js +0 -113
  189. package/test/helpers/merge-line-files.js +0 -271
  190. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  191. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  192. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  193. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  194. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  195. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  196. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  197. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  198. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  199. package/test/helpers/sanitize.js +0 -222
  200. package/test/helpers/slugify.js +0 -394
  201. package/test/helpers/storage.js +0 -194
  202. package/test/helpers/user.js +0 -755
  203. package/test/helpers/webhook-forward.js +0 -418
  204. package/test/mcp/discovery.js +0 -53
  205. package/test/mcp/oauth.js +0 -161
  206. package/test/mcp/protocol.js +0 -268
  207. package/test/mcp/roles.js +0 -188
  208. package/test/mcp/utils.js +0 -245
  209. package/test/routes/admin/create-post.js +0 -364
  210. package/test/routes/admin/database.js +0 -131
  211. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  212. package/test/routes/admin/email.js +0 -114
  213. package/test/routes/admin/firestore-query.js +0 -204
  214. package/test/routes/admin/firestore.js +0 -127
  215. package/test/routes/admin/infer-contact.js +0 -218
  216. package/test/routes/admin/notification.js +0 -198
  217. package/test/routes/admin/post-resize-image.js +0 -184
  218. package/test/routes/admin/post.js +0 -368
  219. package/test/routes/admin/repo-content.js +0 -223
  220. package/test/routes/admin/stats.js +0 -112
  221. package/test/routes/content/post.js +0 -54
  222. package/test/routes/general/uuid.js +0 -115
  223. package/test/routes/marketing/campaign.js +0 -125
  224. package/test/routes/marketing/contact.js +0 -370
  225. package/test/routes/marketing/email-preferences.js +0 -292
  226. package/test/routes/marketing/push-send.js +0 -32
  227. package/test/routes/marketing/webhook-forward.js +0 -61
  228. package/test/routes/marketing/webhook.js +0 -639
  229. package/test/routes/payments/cancel.js +0 -140
  230. package/test/routes/payments/discount.js +0 -80
  231. package/test/routes/payments/dispute-alert.js +0 -320
  232. package/test/routes/payments/intent.js +0 -336
  233. package/test/routes/payments/portal.js +0 -92
  234. package/test/routes/payments/refund.js +0 -179
  235. package/test/routes/payments/trial-eligibility.js +0 -71
  236. package/test/routes/payments/webhook.js +0 -107
  237. package/test/routes/test/authenticate.js +0 -59
  238. package/test/routes/test/schema.js +0 -554
  239. package/test/routes/test/usage.js +0 -342
  240. package/test/routes/user/api-keys.js +0 -156
  241. package/test/routes/user/delete.js +0 -136
  242. package/test/routes/user/feedback.js +0 -104
  243. package/test/routes/user/sessions.js +0 -199
  244. package/test/routes/user/settings-validate.js +0 -82
  245. package/test/routes/user/signup.js +0 -542
  246. package/test/routes/user/subscription.js +0 -99
  247. package/test/routes/user/token.js +0 -73
  248. package/test/routes/user/user.js +0 -157
  249. package/test/rules/notifications.js +0 -410
  250. package/test/rules/payments-carts.js +0 -371
  251. package/test/rules/user.js +0 -396
@@ -1,364 +0,0 @@
1
- /**
2
- * Test: POST /admin/post
3
- * Tests the admin create post endpoint
4
- * Creates blog posts via GitHub with image extraction and @post/ body rewriting
5
- * Requires admin/blogger role, GitHub API key, and repo_website config
6
- */
7
- const { Octokit } = require('@octokit/rest');
8
- const sharp = require('sharp');
9
-
10
- const { IMAGE_MAX_DIMENSION } = require('../../../src/manager/routes/admin/post/post');
11
-
12
- module.exports = {
13
- description: 'Admin create post on GitHub',
14
- type: 'suite',
15
- timeout: 300000, // 5 minutes total for the suite
16
-
17
- tests: [
18
- // --- Validation tests (no GitHub needed) ---
19
-
20
- {
21
- name: 'missing-title-rejected',
22
- auth: 'admin',
23
- timeout: 15000,
24
-
25
- async run({ http, assert }) {
26
- const response = await http.post('backend-manager/admin/post', {
27
- url: 'test-post',
28
- description: 'Test description',
29
- headerImageURL: 'https://example.com/image.jpg',
30
- body: 'Test content',
31
- });
32
-
33
- assert.isError(response, 400, 'Missing title should return 400');
34
- },
35
- },
36
-
37
- {
38
- name: 'missing-url-rejected',
39
- auth: 'admin',
40
- timeout: 15000,
41
-
42
- async run({ http, assert }) {
43
- const response = await http.post('backend-manager/admin/post', {
44
- title: 'Test Post',
45
- description: 'Test description',
46
- headerImageURL: 'https://example.com/image.jpg',
47
- body: 'Test content',
48
- });
49
-
50
- assert.isError(response, 400, 'Missing URL should return 400');
51
- },
52
- },
53
-
54
- {
55
- name: 'missing-description-rejected',
56
- auth: 'admin',
57
- timeout: 15000,
58
-
59
- async run({ http, assert }) {
60
- const response = await http.post('backend-manager/admin/post', {
61
- title: 'Test Post',
62
- url: 'test-post',
63
- headerImageURL: 'https://example.com/image.jpg',
64
- body: 'Test content',
65
- });
66
-
67
- assert.isError(response, 400, 'Missing description should return 400');
68
- },
69
- },
70
-
71
- {
72
- name: 'missing-header-image-rejected',
73
- auth: 'admin',
74
- timeout: 15000,
75
-
76
- async run({ http, assert }) {
77
- const response = await http.post('backend-manager/admin/post', {
78
- title: 'Test Post',
79
- url: 'test-post',
80
- description: 'Test description',
81
- body: 'Test content',
82
- });
83
-
84
- assert.isError(response, 400, 'Missing headerImageURL should return 400');
85
- },
86
- },
87
-
88
- {
89
- name: 'missing-body-rejected',
90
- auth: 'admin',
91
- timeout: 15000,
92
-
93
- async run({ http, assert }) {
94
- const response = await http.post('backend-manager/admin/post', {
95
- title: 'Test Post',
96
- url: 'test-post',
97
- description: 'Test description',
98
- headerImageURL: 'https://example.com/image.jpg',
99
- });
100
-
101
- assert.isError(response, 400, 'Missing body should return 400');
102
- },
103
- },
104
-
105
- // --- Integration: create post with inline image, verify @post/ rewriting ---
106
-
107
- {
108
- name: 'create-post-rewrites-body-images',
109
- auth: 'admin',
110
- timeout: 120000,
111
- skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
112
-
113
- async run({ http, assert, state, config }) {
114
- if (!process.env.GH_TOKEN) {
115
- assert.fail('GH_TOKEN env var not set');
116
- return;
117
- }
118
-
119
- if (!config.github?.repo_website) {
120
- assert.fail('githubRepoWebsite not configured');
121
- return;
122
- }
123
-
124
- // Parse owner/repo for cleanup later
125
- const repoMatch = config.github?.repo_website.match(/github\.com\/([^/]+)\/([^/]+)/);
126
- if (!repoMatch) {
127
- assert.fail('Could not parse githubRepoWebsite');
128
- return;
129
- }
130
-
131
- state.owner = repoMatch[1];
132
- state.repo = repoMatch[2];
133
-
134
- // Use a real public .jpg for the inline image
135
- const inlineImageURL = 'https://picsum.photos/id/10/200/200.jpg';
136
- // Oversized header image (long edge 5000px > IMAGE_MAX_DIMENSION 4096px) to
137
- // verify the resize step runs end-to-end and the committed file is clamped.
138
- const headerImageURL = 'https://picsum.photos/id/1/5000/3000.jpg';
139
-
140
- const response = await http.post('backend-manager/admin/post', {
141
- title: 'BEM Test Create Post',
142
- url: 'bem-test-create-post',
143
- description: 'Test post created by BEM test suite to verify @post/ body rewriting.',
144
- headerImageURL: headerImageURL,
145
- body: `# BEM Test Create Post\n\nSome intro text.\n\n![Test inline image](${inlineImageURL})\n\nMore text after the image.`,
146
- postPath: 'guest',
147
- });
148
-
149
- assert.isSuccess(response, 'Create post should succeed');
150
- assert.hasProperty(response, 'data.id', 'Response should have post id');
151
- assert.hasProperty(response, 'data.path', 'Response should have post file path');
152
-
153
- // Store for cleanup
154
- state.postId = response.data.id;
155
- state.postPath = response.data.path;
156
- },
157
- },
158
-
159
- {
160
- name: 'verify-body-has-at-post-prefix',
161
- auth: 'admin',
162
- timeout: 30000,
163
- skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
164
-
165
- async run({ assert, state }) {
166
- if (!state.postPath) {
167
- return; // Previous test didn't run
168
- }
169
-
170
- const octokit = new Octokit({ auth: process.env.GH_TOKEN });
171
-
172
- // Fetch the committed post from GitHub
173
- const { data: fileData } = await octokit.rest.repos.getContent({
174
- owner: state.owner,
175
- repo: state.repo,
176
- path: state.postPath,
177
- });
178
-
179
- const content = Buffer.from(fileData.content, 'base64').toString();
180
- state.currentSha = fileData.sha;
181
-
182
- // The body should contain @post/ prefix instead of the original external URL
183
- assert.ok(
184
- content.includes('@post/'),
185
- 'Post body should contain @post/ prefix for downloaded images',
186
- );
187
-
188
- assert.ok(
189
- !content.includes('picsum.photos/id/10'),
190
- 'Post body should NOT contain the original external inline image URL',
191
- );
192
- },
193
- },
194
-
195
- {
196
- name: 'verify-oversized-header-image-was-resized',
197
- auth: 'admin',
198
- timeout: 30000,
199
- skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
200
-
201
- async run({ assert, state }) {
202
- if (!state.postId) {
203
- return; // Previous test didn't run
204
- }
205
-
206
- const octokit = new Octokit({ auth: process.env.GH_TOKEN });
207
- const imageDir = `src/assets/images/blog/post-${state.postId}/`;
208
-
209
- // List committed images and pick the header (matches the slugified URL "bem-test-create-post")
210
- const { data: dirData } = await octokit.rest.repos.getContent({
211
- owner: state.owner,
212
- repo: state.repo,
213
- path: imageDir,
214
- });
215
-
216
- const headerFile = dirData.find((f) => f.name === 'bem-test-create-post.jpg');
217
- assert.ok(headerFile, 'Header image should be committed at expected slug');
218
-
219
- // Fetch the raw bytes and read dimensions
220
- const { data: blob } = await octokit.rest.git.getBlob({
221
- owner: state.owner,
222
- repo: state.repo,
223
- file_sha: headerFile.sha,
224
- });
225
-
226
- const buffer = Buffer.from(blob.content, 'base64');
227
- const meta = await sharp(buffer).metadata();
228
-
229
- // The source we requested was 5000x3000 (over the 4096 limit).
230
- // After resize, the long edge should be clamped to IMAGE_MAX_DIMENSION.
231
- const longEdge = Math.max(meta.width, meta.height);
232
- assert.ok(
233
- longEdge <= IMAGE_MAX_DIMENSION,
234
- `Committed header image long edge (${meta.width}x${meta.height}) should be <= IMAGE_MAX_DIMENSION (${IMAGE_MAX_DIMENSION})`,
235
- );
236
-
237
- // And the resize should actually have happened (source was 5000x3000 → expect width=4096)
238
- assert.equal(meta.width, IMAGE_MAX_DIMENSION, 'Resized width should equal IMAGE_MAX_DIMENSION');
239
- },
240
- },
241
-
242
- // --- Auth rejection tests ---
243
-
244
- {
245
- name: 'unauthenticated-rejected',
246
- auth: 'none',
247
- timeout: 15000,
248
-
249
- async run({ http, assert }) {
250
- const response = await http.post('backend-manager/admin/post', {
251
- title: 'Test Post',
252
- url: 'test-post',
253
- description: 'Test description',
254
- headerImageURL: 'https://example.com/image.jpg',
255
- body: 'Test content',
256
- });
257
-
258
- assert.isError(response, 401, 'Create post should fail without authentication');
259
- },
260
- },
261
-
262
- {
263
- name: 'non-admin-rejected',
264
- auth: 'basic',
265
- timeout: 15000,
266
-
267
- async run({ http, assert }) {
268
- const response = await http.post('backend-manager/admin/post', {
269
- title: 'Test Post',
270
- url: 'test-post',
271
- description: 'Test description',
272
- headerImageURL: 'https://example.com/image.jpg',
273
- body: 'Test content',
274
- });
275
-
276
- assert.isError(response, 403, 'Create post should fail for non-admin user');
277
- },
278
- },
279
-
280
- // --- Cleanup ---
281
-
282
- {
283
- name: 'cleanup',
284
- auth: 'admin',
285
- timeout: 60000,
286
-
287
- async run({ state }) {
288
- if (!process.env.GH_TOKEN || !state.postPath) {
289
- return;
290
- }
291
-
292
- const octokit = new Octokit({ auth: process.env.GH_TOKEN });
293
-
294
- // Delete the test post
295
- try {
296
- const { data: fileData } = await octokit.rest.repos.getContent({
297
- owner: state.owner,
298
- repo: state.repo,
299
- path: state.postPath,
300
- });
301
-
302
- await octokit.rest.repos.deleteFile({
303
- owner: state.owner,
304
- repo: state.repo,
305
- path: state.postPath,
306
- message: '🧹 BEM test cleanup: delete create-post test',
307
- sha: fileData.sha,
308
- });
309
- } catch (e) {
310
- // File might not exist, ignore
311
- }
312
-
313
- // Delete uploaded test images
314
- const imagePath = `src/assets/images/blog/post-${state.postId}/`;
315
- try {
316
- const { data: dirData } = await octokit.rest.repos.getContent({
317
- owner: state.owner,
318
- repo: state.repo,
319
- path: imagePath,
320
- });
321
-
322
- // Delete each image file
323
- for (const file of dirData) {
324
- await octokit.rest.repos.deleteFile({
325
- owner: state.owner,
326
- repo: state.repo,
327
- path: file.path,
328
- message: `🧹 BEM test cleanup: delete test image ${file.name}`,
329
- sha: file.sha,
330
- });
331
- }
332
- } catch (e) {
333
- // Directory might not exist, ignore
334
- }
335
-
336
- // Cancel any running workflows triggered by our test commits
337
- try {
338
- const { data: runs } = await octokit.rest.actions.listWorkflowRunsForRepo({
339
- owner: state.owner,
340
- repo: state.repo,
341
- status: 'in_progress',
342
- per_page: 10,
343
- });
344
-
345
- for (const run of runs.workflow_runs) {
346
- if (run.head_commit?.message?.includes('BEM test')) {
347
- try {
348
- await octokit.rest.actions.cancelWorkflowRun({
349
- owner: state.owner,
350
- repo: state.repo,
351
- run_id: run.id,
352
- });
353
- } catch (e) {
354
- // May already be completed, ignore
355
- }
356
- }
357
- }
358
- } catch (e) {
359
- // Workflow cancellation failed, not critical
360
- }
361
- },
362
- },
363
- ],
364
- };
@@ -1,131 +0,0 @@
1
- /**
2
- * Test: GET/POST /admin/database
3
- * Tests the admin Realtime Database read/write endpoints
4
- * Requires admin authentication
5
- */
6
- const TEST_PATH = '_test/database-test';
7
-
8
- module.exports = {
9
- description: 'Admin Realtime Database read/write operations',
10
- type: 'group',
11
- tests: [
12
- // Test 1: Setup - write test data first
13
- {
14
- name: 'setup-test-data',
15
- auth: 'admin',
16
- timeout: 15000,
17
-
18
- async run({ http, assert }) {
19
- const testData = {
20
- testField: 'database-test-value',
21
- timestamp: new Date().toISOString(),
22
- nested: {
23
- field1: 'nested-value',
24
- field2: 123,
25
- },
26
- };
27
-
28
- const writeResponse = await http.post('backend-manager/admin/database', {
29
- path: TEST_PATH,
30
- document: testData,
31
- });
32
-
33
- assert.isSuccess(writeResponse, 'Setup: Database write should succeed');
34
- },
35
- },
36
-
37
- // Test 2: Admin can read data
38
- {
39
- name: 'admin-read-succeeds',
40
- auth: 'admin',
41
- timeout: 15000,
42
-
43
- async run({ http, assert }) {
44
- const readResponse = await http.get('backend-manager/admin/database', {
45
- path: TEST_PATH,
46
- });
47
-
48
- assert.isSuccess(readResponse, 'Database read should succeed with admin auth');
49
- assert.hasProperty(readResponse, 'data.testField', 'Response should contain test data');
50
- assert.equal(
51
- readResponse.data.testField,
52
- 'database-test-value',
53
- 'Read data should match written data'
54
- );
55
- assert.hasProperty(readResponse, 'data.nested.field1', 'Response should contain nested data');
56
- assert.equal(
57
- readResponse.data.nested.field2,
58
- 123,
59
- 'Nested field should match written data'
60
- );
61
- },
62
- },
63
-
64
- // Test 3: Reading non-existent path returns empty/null
65
- {
66
- name: 'read-nonexistent-returns-null',
67
- auth: 'admin',
68
- timeout: 15000,
69
-
70
- async run({ http, assert }) {
71
- const readResponse = await http.get('backend-manager/admin/database', {
72
- path: '_test/nonexistent-path-12345',
73
- });
74
-
75
- assert.isSuccess(readResponse, 'Reading non-existent path should succeed');
76
- const data = readResponse.data;
77
- const isEmpty = data === null
78
- || data === undefined
79
- || (typeof data === 'object' && Object.keys(data).length === 0);
80
- assert.ok(
81
- isEmpty,
82
- `Non-existent path should return null, undefined, or empty object, got: ${JSON.stringify(data)}`
83
- );
84
- },
85
- },
86
-
87
- // Test 4: Missing path returns 400 error
88
- {
89
- name: 'missing-path-rejected',
90
- auth: 'admin',
91
- timeout: 15000,
92
-
93
- async run({ http, assert }) {
94
- const readResponse = await http.get('backend-manager/admin/database', {});
95
-
96
- assert.isError(readResponse, 400, 'Missing path should return 400');
97
- },
98
- },
99
-
100
- // Test 5: Unauthenticated request fails
101
- {
102
- name: 'unauthenticated-rejected',
103
- auth: 'none',
104
- timeout: 15000,
105
-
106
- async run({ http, assert }) {
107
- const readResponse = await http.get('backend-manager/admin/database', {
108
- path: TEST_PATH,
109
- });
110
-
111
- assert.isError(readResponse, 401, 'Database read should fail without authentication');
112
- },
113
- },
114
-
115
- // Test 6: Non-admin user fails
116
- {
117
- name: 'non-admin-rejected',
118
- auth: 'basic',
119
- timeout: 15000,
120
-
121
- async run({ http, assert }) {
122
- const readResponse = await http.get('backend-manager/admin/database', {
123
- path: TEST_PATH,
124
- });
125
-
126
- assert.isError(readResponse, 403, 'Database read should fail for non-admin user');
127
- },
128
- },
129
-
130
- ],
131
- };
@@ -1,190 +0,0 @@
1
- /**
2
- * Test: routes/admin/post/deduplicate-image-alts
3
- * Unit tests for the alt-text dedup helper used by the admin/post route.
4
- *
5
- * Run: npx mgr test routes/admin/deduplicate-image-alts
6
- *
7
- * Contract:
8
- * - Header images are never modified.
9
- * - Two non-header images with the same alt AND different URLs:
10
- * the second's alt is suffixed with " (2)" (and " (3)" for the third, etc.)
11
- * and the body is rewritten to match.
12
- * - Two non-header images with the same alt AND the same URL:
13
- * the second reuses the first's (possibly already-suffixed) alt — no change.
14
- * - Images with distinct alts are untouched.
15
- */
16
- const deduplicateImageAlts = require('../../../src/manager/routes/admin/post/deduplicate-image-alts');
17
-
18
- module.exports = {
19
- description: 'routes/admin/post/deduplicate-image-alts',
20
- type: 'group',
21
-
22
- tests: [
23
- // ─── Happy path: no collisions ───
24
-
25
- {
26
- name: 'distinct-alts-are-untouched',
27
- async run({ assert }) {
28
- const images = [
29
- { src: 'https://a.com/1.jpg', alt: 'Cat', header: false },
30
- { src: 'https://a.com/2.jpg', alt: 'Dog', header: false },
31
- ];
32
- const body = '![Cat](https://a.com/1.jpg)\n\n![Dog](https://a.com/2.jpg)';
33
- const result = deduplicateImageAlts(images, body);
34
-
35
- assert.equal(result.images[0].alt, 'Cat', 'First image alt unchanged');
36
- assert.equal(result.images[1].alt, 'Dog', 'Second image alt unchanged');
37
- assert.equal(result.body, body, 'Body is unchanged when no collisions');
38
- },
39
- },
40
-
41
- // ─── The bug: same alt, different URLs ───
42
-
43
- {
44
- name: 'same-alt-different-urls-suffixes-second',
45
- async run({ assert }) {
46
- const sharedAlt = '62f9b399-92c2-40c2-8ec4-e05b54077aaa';
47
- const images = [
48
- { src: 'https://a.com/1.jpg', alt: sharedAlt, header: false },
49
- { src: 'https://a.com/2.jpg', alt: sharedAlt, header: false },
50
- ];
51
- const body = `![${sharedAlt}](https://a.com/1.jpg)\n\nsome text\n\n![${sharedAlt}](https://a.com/2.jpg)`;
52
- const result = deduplicateImageAlts(images, body);
53
-
54
- assert.equal(result.images[0].alt, sharedAlt, 'First image keeps original alt');
55
- assert.equal(result.images[1].alt, `${sharedAlt} (2)`, 'Second image alt is suffixed with " (2)"');
56
- assert.ok(
57
- result.body.includes(`![${sharedAlt}](https://a.com/1.jpg)`),
58
- 'Body still contains the first image with original alt',
59
- );
60
- assert.ok(
61
- result.body.includes(`![${sharedAlt} (2)](https://a.com/2.jpg)`),
62
- 'Body contains the second image with suffixed alt',
63
- );
64
- },
65
- },
66
-
67
- {
68
- name: 'three-images-same-alt-different-urls-counts-up',
69
- async run({ assert }) {
70
- const sharedAlt = 'Logo';
71
- const images = [
72
- { src: 'https://a.com/1.jpg', alt: sharedAlt, header: false },
73
- { src: 'https://a.com/2.jpg', alt: sharedAlt, header: false },
74
- { src: 'https://a.com/3.jpg', alt: sharedAlt, header: false },
75
- ];
76
- const body = `![${sharedAlt}](https://a.com/1.jpg)\n![${sharedAlt}](https://a.com/2.jpg)\n![${sharedAlt}](https://a.com/3.jpg)`;
77
- const result = deduplicateImageAlts(images, body);
78
-
79
- assert.equal(result.images[0].alt, 'Logo');
80
- assert.equal(result.images[1].alt, 'Logo (2)');
81
- assert.equal(result.images[2].alt, 'Logo (3)');
82
- assert.ok(result.body.includes('![Logo](https://a.com/1.jpg)'));
83
- assert.ok(result.body.includes('![Logo (2)](https://a.com/2.jpg)'));
84
- assert.ok(result.body.includes('![Logo (3)](https://a.com/3.jpg)'));
85
- },
86
- },
87
-
88
- // ─── Same alt, SAME URL: legitimate duplicate, no change ───
89
-
90
- {
91
- name: 'same-alt-same-url-is-not-a-collision',
92
- async run({ assert }) {
93
- const sharedAlt = 'Logo';
94
- const sharedUrl = 'https://a.com/logo.jpg';
95
- const images = [
96
- { src: sharedUrl, alt: sharedAlt, header: false },
97
- { src: sharedUrl, alt: sharedAlt, header: false },
98
- ];
99
- const body = `![${sharedAlt}](${sharedUrl})\n\n![${sharedAlt}](${sharedUrl})`;
100
- const result = deduplicateImageAlts(images, body);
101
-
102
- assert.equal(result.images[0].alt, sharedAlt, 'First image alt unchanged');
103
- assert.equal(result.images[1].alt, sharedAlt, 'Second image alt unchanged (same URL)');
104
- assert.equal(result.body, body, 'Body unchanged when URLs match');
105
- },
106
- },
107
-
108
- // ─── Header image is never touched ───
109
-
110
- {
111
- name: 'header-image-with-shared-alt-is-not-modified',
112
- async run({ assert }) {
113
- const sharedAlt = 'banner';
114
- const images = [
115
- { src: 'https://a.com/header.jpg', alt: sharedAlt, header: true },
116
- { src: 'https://a.com/body.jpg', alt: sharedAlt, header: false },
117
- ];
118
- const body = `![${sharedAlt}](https://a.com/body.jpg)`;
119
- const result = deduplicateImageAlts(images, body);
120
-
121
- assert.equal(result.images[0].alt, sharedAlt, 'Header image alt unchanged');
122
- assert.equal(
123
- result.images[1].alt,
124
- sharedAlt,
125
- 'Body image alt unchanged because header is excluded from collision tracking',
126
- );
127
- assert.equal(result.body, body, 'Body unchanged');
128
- },
129
- },
130
-
131
- // ─── Mixed scenarios ───
132
-
133
- {
134
- name: 'mixed-A-B-A-C-only-C-collides-with-A-once',
135
- async run({ assert }) {
136
- // Pattern: A, B, A (same URL as first A), C (different URL, same alt as A)
137
- // Expected: A and A reuse, C gets " (2)" suffix because its alt collides with A.
138
- const altA = 'Shared';
139
- const altB = 'Other';
140
- const urlA = 'https://a.com/a.jpg';
141
- const urlB = 'https://a.com/b.jpg';
142
- const urlC = 'https://a.com/c.jpg';
143
-
144
- const images = [
145
- { src: urlA, alt: altA, header: false },
146
- { src: urlB, alt: altB, header: false },
147
- { src: urlA, alt: altA, header: false }, // Same URL as image 1 — legit duplicate
148
- { src: urlC, alt: altA, header: false }, // Different URL, same alt — collision
149
- ];
150
- const body = `![${altA}](${urlA})\n![${altB}](${urlB})\n![${altA}](${urlA})\n![${altA}](${urlC})`;
151
- const result = deduplicateImageAlts(images, body);
152
-
153
- assert.equal(result.images[0].alt, altA, 'Image 1 unchanged');
154
- assert.equal(result.images[1].alt, altB, 'Image 2 (different alt) unchanged');
155
- assert.equal(result.images[2].alt, altA, 'Image 3 (same URL as 1) unchanged');
156
- assert.equal(result.images[3].alt, `${altA} (2)`, 'Image 4 (different URL, same alt) gets " (2)"');
157
- assert.ok(result.body.includes(`![${altA} (2)](${urlC})`), 'Body has the C image with suffixed alt');
158
- },
159
- },
160
-
161
- // ─── Edge cases ───
162
-
163
- {
164
- name: 'empty-images-array-returns-empty',
165
- async run({ assert }) {
166
- const result = deduplicateImageAlts([], 'some body');
167
- assert.deepEqual(result.images, [], 'images is empty');
168
- assert.equal(result.body, 'some body', 'body unchanged');
169
- },
170
- },
171
-
172
- {
173
- name: 'no-collisions-among-different-alts',
174
- async run({ assert }) {
175
- const images = [
176
- { src: 'https://a.com/1.jpg', alt: 'A', header: false },
177
- { src: 'https://a.com/2.jpg', alt: 'B', header: false },
178
- { src: 'https://a.com/3.jpg', alt: 'C', header: false },
179
- ];
180
- const body = '![A](https://a.com/1.jpg)\n![B](https://a.com/2.jpg)\n![C](https://a.com/3.jpg)';
181
- const result = deduplicateImageAlts(images, body);
182
-
183
- assert.equal(result.images[0].alt, 'A');
184
- assert.equal(result.images[1].alt, 'B');
185
- assert.equal(result.images[2].alt, 'C');
186
- assert.equal(result.body, body, 'Body unchanged');
187
- },
188
- },
189
- ],
190
- };