backend-manager 5.9.4 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (251) hide show
  1. package/CLAUDE.md +6 -0
  2. package/package.json +8 -1
  3. package/src/cli/commands/install.js +4 -3
  4. package/src/cli/commands/setup-tests/backend-manager.js +2 -1
  5. package/src/cli/commands/setup-tests/firebase-admin.js +2 -1
  6. package/src/cli/commands/setup-tests/firebase-functions.js +2 -1
  7. package/src/cli/utils/safe-install.js +13 -0
  8. package/src/manager/routes/payments/cancel/post.js +22 -2
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  13. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  20. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  21. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  22. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  23. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  24. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  25. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  26. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  27. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  28. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  29. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  30. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  31. package/src/test/test-accounts.js +9 -0
  32. package/.codeclimate.yml +0 -32
  33. package/.nvmrc +0 -1
  34. package/CHANGELOG.md +0 -1432
  35. package/PROGRESS.md +0 -86
  36. package/TODO-2.md +0 -121
  37. package/TODO-CHARGEBLAST.md +0 -32
  38. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  39. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  40. package/TODO-email-auth.md +0 -14
  41. package/TODO.md +0 -187
  42. package/plans/mcp2.md +0 -247
  43. package/scripts/test-helper-providers.js +0 -162
  44. package/scripts/update-disposable-domains.js +0 -44
  45. package/templates/_.env +0 -42
  46. package/templates/_.gitignore +0 -60
  47. package/templates/backend-manager-config.json +0 -249
  48. package/templates/database.rules.json +0 -83
  49. package/templates/firebase.json +0 -66
  50. package/templates/firestore.indexes.json +0 -4
  51. package/templates/firestore.rules +0 -112
  52. package/templates/public/404.html +0 -26
  53. package/templates/public/index.html +0 -24
  54. package/templates/remoteconfig.template.json +0 -1
  55. package/templates/storage-lifecycle-config-1-day.json +0 -9
  56. package/templates/storage-lifecycle-config-30-days.json +0 -9
  57. package/templates/storage.rules +0 -8
  58. package/test/_init/accounts-validation.js +0 -58
  59. package/test/_legacy/ai/index.js +0 -231
  60. package/test/_legacy/ai/test.jpg +0 -0
  61. package/test/_legacy/ai/test.pdf +0 -0
  62. package/test/_legacy/index.js +0 -31
  63. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  64. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  66. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  67. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  68. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  69. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  70. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  71. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  72. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  73. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  74. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  75. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  76. package/test/_legacy/payment-resolver/index.js +0 -1558
  77. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  78. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  84. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  85. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  86. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  87. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  88. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  89. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  90. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  91. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  92. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  94. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  95. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  96. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  97. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  98. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  99. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  100. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  101. package/test/_legacy/test-new +0 -1178
  102. package/test/_legacy/test.md +0 -89
  103. package/test/_legacy/usage.js +0 -175
  104. package/test/_legacy/user.js +0 -31
  105. package/test/ai/tools-live.js +0 -170
  106. package/test/boot/emulator-boots.js +0 -37
  107. package/test/content/blog-generate.js +0 -160
  108. package/test/email/campaign-send.js +0 -45
  109. package/test/email/consent-lifecycle.js +0 -257
  110. package/test/email/feedback-and-plain-send.js +0 -52
  111. package/test/email/fixtures/editorial.json +0 -30
  112. package/test/email/fixtures/field-report.json +0 -53
  113. package/test/email/marketing-lifecycle.js +0 -132
  114. package/test/email/newsletter-generate.js +0 -819
  115. package/test/email/newsletter-templates.js +0 -491
  116. package/test/email/templates.js +0 -207
  117. package/test/email/transactional-send.js +0 -34
  118. package/test/email/transactional.js +0 -560
  119. package/test/email/validation.js +0 -710
  120. package/test/events/auth-delete-race.js +0 -201
  121. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  122. package/test/events/payments/journey-payments-cancel.js +0 -182
  123. package/test/events/payments/journey-payments-discount.js +0 -89
  124. package/test/events/payments/journey-payments-failure.js +0 -146
  125. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  126. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  127. package/test/events/payments/journey-payments-one-time.js +0 -136
  128. package/test/events/payments/journey-payments-plan-change.js +0 -144
  129. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  130. package/test/events/payments/journey-payments-suspend.js +0 -181
  131. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  132. package/test/events/payments/journey-payments-trial.js +0 -171
  133. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  134. package/test/events/payments/journey-payments-upgrade.js +0 -135
  135. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  136. package/test/fixtures/chargebee/subscription-active.json +0 -44
  137. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  138. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  139. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  140. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  141. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  142. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  143. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  144. package/test/fixtures/paypal/order-approved.json +0 -62
  145. package/test/fixtures/paypal/order-completed.json +0 -110
  146. package/test/fixtures/paypal/subscription-active.json +0 -76
  147. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  148. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  149. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  150. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  151. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  152. package/test/fixtures/stripe/subscription-active.json +0 -161
  153. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  154. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  155. package/test/functions/admin/database-read.js +0 -134
  156. package/test/functions/admin/database-write.js +0 -159
  157. package/test/functions/admin/edit-post.js +0 -366
  158. package/test/functions/admin/firestore-query.js +0 -207
  159. package/test/functions/admin/firestore-read.js +0 -129
  160. package/test/functions/admin/firestore-write.js +0 -105
  161. package/test/functions/admin/get-stats.js +0 -115
  162. package/test/functions/admin/send-email.js +0 -119
  163. package/test/functions/admin/send-notification.js +0 -208
  164. package/test/functions/admin/write-repo-content.js +0 -223
  165. package/test/functions/general/add-marketing-contact.js +0 -335
  166. package/test/functions/general/fetch-post.js +0 -54
  167. package/test/functions/general/generate-uuid.js +0 -114
  168. package/test/functions/test/authenticate.js +0 -64
  169. package/test/functions/user/create-custom-token.js +0 -73
  170. package/test/functions/user/delete.js +0 -135
  171. package/test/functions/user/get-active-sessions.js +0 -111
  172. package/test/functions/user/get-subscription-info.js +0 -99
  173. package/test/functions/user/regenerate-api-keys.js +0 -156
  174. package/test/functions/user/resolve.js +0 -52
  175. package/test/functions/user/sign-out-all-sessions.js +0 -94
  176. package/test/functions/user/sign-up.js +0 -252
  177. package/test/functions/user/submit-feedback.js +0 -104
  178. package/test/functions/user/validate-settings.js +0 -82
  179. package/test/helpers/ai-request-payload.js +0 -300
  180. package/test/helpers/ai-test-provider.js +0 -202
  181. package/test/helpers/ai-tools-format.js +0 -383
  182. package/test/helpers/content/blog-auto-publisher.js +0 -484
  183. package/test/helpers/content/feed-parser.js +0 -528
  184. package/test/helpers/content/ghostii-blocks.js +0 -134
  185. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  186. package/test/helpers/content/ghostii-write-article.js +0 -243
  187. package/test/helpers/environment.js +0 -230
  188. package/test/helpers/infer-contact.js +0 -113
  189. package/test/helpers/merge-line-files.js +0 -271
  190. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  191. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  192. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  193. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  194. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  195. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  196. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  197. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  198. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  199. package/test/helpers/sanitize.js +0 -222
  200. package/test/helpers/slugify.js +0 -394
  201. package/test/helpers/storage.js +0 -194
  202. package/test/helpers/user.js +0 -755
  203. package/test/helpers/webhook-forward.js +0 -418
  204. package/test/mcp/discovery.js +0 -53
  205. package/test/mcp/oauth.js +0 -161
  206. package/test/mcp/protocol.js +0 -268
  207. package/test/mcp/roles.js +0 -188
  208. package/test/mcp/utils.js +0 -245
  209. package/test/routes/admin/create-post.js +0 -364
  210. package/test/routes/admin/database.js +0 -131
  211. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  212. package/test/routes/admin/email.js +0 -114
  213. package/test/routes/admin/firestore-query.js +0 -204
  214. package/test/routes/admin/firestore.js +0 -127
  215. package/test/routes/admin/infer-contact.js +0 -218
  216. package/test/routes/admin/notification.js +0 -198
  217. package/test/routes/admin/post-resize-image.js +0 -184
  218. package/test/routes/admin/post.js +0 -368
  219. package/test/routes/admin/repo-content.js +0 -223
  220. package/test/routes/admin/stats.js +0 -112
  221. package/test/routes/content/post.js +0 -54
  222. package/test/routes/general/uuid.js +0 -115
  223. package/test/routes/marketing/campaign.js +0 -125
  224. package/test/routes/marketing/contact.js +0 -370
  225. package/test/routes/marketing/email-preferences.js +0 -292
  226. package/test/routes/marketing/push-send.js +0 -32
  227. package/test/routes/marketing/webhook-forward.js +0 -61
  228. package/test/routes/marketing/webhook.js +0 -639
  229. package/test/routes/payments/cancel.js +0 -140
  230. package/test/routes/payments/discount.js +0 -80
  231. package/test/routes/payments/dispute-alert.js +0 -320
  232. package/test/routes/payments/intent.js +0 -336
  233. package/test/routes/payments/portal.js +0 -92
  234. package/test/routes/payments/refund.js +0 -179
  235. package/test/routes/payments/trial-eligibility.js +0 -71
  236. package/test/routes/payments/webhook.js +0 -107
  237. package/test/routes/test/authenticate.js +0 -59
  238. package/test/routes/test/schema.js +0 -554
  239. package/test/routes/test/usage.js +0 -342
  240. package/test/routes/user/api-keys.js +0 -156
  241. package/test/routes/user/delete.js +0 -136
  242. package/test/routes/user/feedback.js +0 -104
  243. package/test/routes/user/sessions.js +0 -199
  244. package/test/routes/user/settings-validate.js +0 -82
  245. package/test/routes/user/signup.js +0 -542
  246. package/test/routes/user/subscription.js +0 -99
  247. package/test/routes/user/token.js +0 -73
  248. package/test/routes/user/user.js +0 -157
  249. package/test/rules/notifications.js +0 -410
  250. package/test/rules/payments-carts.js +0 -371
  251. package/test/rules/user.js +0 -396
@@ -1,140 +0,0 @@
1
- /**
2
- * Test: POST /payments/cancel - Validation errors
3
- * Tests rejection cases before any processor call is made.
4
- * See test/events/payments/journey-payments-cancel-endpoint.js for the full end-to-end journey.
5
- */
6
- module.exports = {
7
- description: 'Payment cancel endpoint: validation errors',
8
- type: 'group',
9
- timeout: 15000,
10
-
11
- tests: [
12
- {
13
- name: 'rejects-unauthenticated',
14
- async run({ http, assert }) {
15
- const response = await http.as('none').post('backend-manager/payments/cancel', {
16
- confirmed: true,
17
- });
18
-
19
- assert.isError(response, 401, 'Should reject unauthenticated request');
20
- },
21
- },
22
-
23
- {
24
- name: 'rejects-missing-confirmed',
25
- async run({ http, assert }) {
26
- const response = await http.as('basic').post('backend-manager/payments/cancel', {
27
- reason: 'Too expensive',
28
- });
29
-
30
- assert.isError(response, 400, 'Should reject missing confirmed field');
31
- },
32
- },
33
-
34
- {
35
- name: 'rejects-basic-user',
36
- async run({ http, assert }) {
37
- const response = await http.as('basic').post('backend-manager/payments/cancel', {
38
- confirmed: true,
39
- });
40
-
41
- assert.isError(response, 400, 'Should reject basic user with no paid subscription');
42
- },
43
- },
44
-
45
- {
46
- name: 'rejects-no-processor-or-resource-id',
47
- async run({ http, assert }) {
48
- // cancel-no-processor starts with payment.processor=null
49
- const response = await http.as('cancel-no-processor').post('backend-manager/payments/cancel', {
50
- confirmed: true,
51
- });
52
-
53
- assert.isError(response, 400, 'Should reject when no processor or resourceId is set');
54
- },
55
- },
56
-
57
- {
58
- name: 'rejects-already-pending-cancellation',
59
- async run({ http, assert }) {
60
- // cancel-already-pending starts with cancellation.pending=true
61
- const response = await http.as('cancel-already-pending').post('backend-manager/payments/cancel', {
62
- confirmed: true,
63
- });
64
-
65
- assert.isError(response, 400, 'Should reject when cancellation already pending');
66
- },
67
- },
68
-
69
- {
70
- name: 'rejects-subscription-younger-than-24-hours',
71
- async run({ http, assert }) {
72
- // cancel-too-young starts with startDate set to now (< 24 hours old)
73
- const response = await http.as('cancel-too-young').post('backend-manager/payments/cancel', {
74
- confirmed: true,
75
- });
76
-
77
- assert.isError(response, 400, 'Should reject subscription younger than 24 hours');
78
- },
79
- },
80
-
81
- {
82
- name: 'rejects-unknown-processor',
83
- async run({ http, assert }) {
84
- // cancel-unknown-processor starts with processor='unknown-processor'
85
- const response = await http.as('cancel-unknown-processor').post('backend-manager/payments/cancel', {
86
- confirmed: true,
87
- });
88
-
89
- assert.isError(response, 400, 'Should reject unknown processor');
90
- },
91
- },
92
-
93
- {
94
- name: 'succeeds-with-test-processor',
95
- async run({ http, assert, config, accounts, firestore, waitFor, skip }) {
96
- const uid = accounts['route-cancel-success'].uid;
97
- const paidProduct = config.payment.products.find(p => p.id !== 'basic' && p.prices?.monthly);
98
- if (!paidProduct) {
99
- skip('No paid product with monthly price configured in this brand');
100
- }
101
-
102
- // Step 1: Create a test subscription intent to set up a proper paid subscription
103
- const intentResponse = await http.as('route-cancel-success').post('backend-manager/payments/intent', {
104
- processor: 'test',
105
- productId: paidProduct.id,
106
- frequency: 'monthly',
107
- });
108
-
109
- assert.isSuccess(intentResponse, 'Intent should succeed');
110
-
111
- // Wait for the auto-webhook to activate the subscription
112
- await waitFor(async () => {
113
- const userDoc = await firestore.get(`users/${uid}`);
114
- return userDoc?.subscription?.payment?.processor === 'test'
115
- && userDoc?.subscription?.payment?.resourceId
116
- && userDoc?.subscription?.status === 'active';
117
- }, 15000, 500);
118
-
119
- // Step 2: Call the cancel endpoint (skipGuards bypasses the 24-hour age guard)
120
- const cancelResponse = await http.as('route-cancel-success').post('backend-manager/payments/cancel', {
121
- confirmed: true,
122
- reason: 'Too expensive',
123
- skipGuards: true,
124
- });
125
-
126
- assert.isSuccess(cancelResponse, 'Cancel should succeed');
127
- assert.equal(cancelResponse.data.success, true, 'Should return success: true');
128
-
129
- // Step 3: Verify cancellation.pending was set via the webhook pipeline
130
- await waitFor(async () => {
131
- const userDoc = await firestore.get(`users/${uid}`);
132
- return userDoc?.subscription?.cancellation?.pending === true;
133
- }, 15000, 500);
134
-
135
- const userDoc = await firestore.get(`users/${uid}`);
136
- assert.equal(userDoc?.subscription?.cancellation?.pending, true, 'Cancellation should be pending');
137
- },
138
- },
139
- ],
140
- };
@@ -1,80 +0,0 @@
1
- /**
2
- * Test: GET /payments/discount
3
- * Tests discount code validation endpoint
4
- */
5
- module.exports = {
6
- description: 'Discount code validation',
7
- type: 'group',
8
- timeout: 15000,
9
-
10
- tests: [
11
- {
12
- name: 'rejects-missing-code',
13
- async run({ http, assert }) {
14
- const response = await http.as('none').get('backend-manager/payments/discount');
15
-
16
- assert.isError(response, 400, 'Should reject missing code');
17
- },
18
- },
19
-
20
- {
21
- name: 'returns-valid-for-known-code',
22
- async run({ http, assert }) {
23
- const response = await http.as('none').get('backend-manager/payments/discount', {
24
- code: 'FLASH20',
25
- });
26
-
27
- assert.isSuccess(response, 'Should succeed for valid code');
28
- assert.equal(response.data.valid, true, 'Should be valid');
29
- assert.equal(response.data.code, 'FLASH20', 'Should return normalized code');
30
- assert.equal(response.data.percent, 20, 'Should return correct percent');
31
- assert.equal(response.data.duration, 'once', 'Should return duration');
32
- },
33
- },
34
-
35
- {
36
- name: 'returns-valid-case-insensitive',
37
- async run({ http, assert }) {
38
- const response = await http.as('none').get('backend-manager/payments/discount', {
39
- code: 'flash20',
40
- });
41
-
42
- assert.isSuccess(response, 'Should succeed for lowercase code');
43
- assert.equal(response.data.valid, true, 'Should be valid (case-insensitive)');
44
- assert.equal(response.data.code, 'FLASH20', 'Should return uppercase code');
45
- },
46
- },
47
-
48
- {
49
- name: 'returns-invalid-for-unknown-code',
50
- async run({ http, assert }) {
51
- const response = await http.as('none').get('backend-manager/payments/discount', {
52
- code: 'NOTAREALCODE',
53
- });
54
-
55
- assert.isSuccess(response, 'Should return 200 even for invalid code');
56
- assert.equal(response.data.valid, false, 'Should be invalid');
57
- },
58
- },
59
-
60
- {
61
- name: 'validates-all-known-codes',
62
- async run({ http, assert }) {
63
- const codes = [
64
- { code: 'FLASH20', percent: 20 },
65
- { code: 'SAVE10', percent: 10 },
66
- { code: 'WELCOME15', percent: 15 },
67
- ];
68
-
69
- for (const { code, percent } of codes) {
70
- const response = await http.as('none').get('backend-manager/payments/discount', { code });
71
-
72
- assert.isSuccess(response, `Should succeed for ${code}`);
73
- assert.equal(response.data.valid, true, `${code} should be valid`);
74
- assert.equal(response.data.percent, percent, `${code} should be ${percent}%`);
75
- assert.equal(response.data.duration, 'once', `${code} should be once`);
76
- }
77
- },
78
- },
79
- ],
80
- };
@@ -1,320 +0,0 @@
1
- /**
2
- * Test: POST /payments/dispute-alert
3
- * Tests the dispute alert endpoint validates requests and saves to Firestore
4
- */
5
- module.exports = {
6
- description: 'Dispute alert endpoint',
7
- type: 'group',
8
- timeout: 30000,
9
-
10
- tests: [
11
- {
12
- name: 'rejects-missing-key',
13
- auth: 'none',
14
- async run({ http, assert }) {
15
- const response = await http.as('none').post('backend-manager/payments/dispute-alert', {});
16
-
17
- assert.isError(response, 401, 'Should reject missing key');
18
- },
19
- },
20
-
21
- {
22
- name: 'rejects-invalid-key',
23
- auth: 'none',
24
- async run({ http, assert }) {
25
- const response = await http.as('none').post('backend-manager/payments/dispute-alert?key=wrong-key', {});
26
-
27
- assert.isError(response, 401, 'Should reject invalid key');
28
- },
29
- },
30
-
31
- {
32
- name: 'rejects-unknown-provider',
33
- auth: 'none',
34
- async run({ http, assert }) {
35
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?provider=unknown&key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
36
- id: '_test-dispute-unknown-provider',
37
- card: '4242',
38
- amount: 9.99,
39
- transactionDate: '2026-01-15',
40
- });
41
-
42
- assert.isError(response, 400, 'Should reject unknown alert provider');
43
- },
44
- },
45
-
46
- {
47
- name: 'rejects-missing-id',
48
- auth: 'none',
49
- async run({ http, assert }) {
50
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
51
- card: '4242',
52
- amount: 9.99,
53
- transactionDate: '2026-01-15',
54
- });
55
-
56
- assert.isError(response, 400, 'Should reject missing id');
57
- },
58
- },
59
-
60
- {
61
- name: 'rejects-missing-card',
62
- auth: 'none',
63
- async run({ http, assert }) {
64
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
65
- id: '_test-dispute-no-card',
66
- amount: 9.99,
67
- transactionDate: '2026-01-15',
68
- });
69
-
70
- assert.isError(response, 400, 'Should reject missing card');
71
- },
72
- },
73
-
74
- {
75
- name: 'rejects-missing-amount',
76
- auth: 'none',
77
- async run({ http, assert }) {
78
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
79
- id: '_test-dispute-no-amount',
80
- card: '4242',
81
- transactionDate: '2026-01-15',
82
- });
83
-
84
- assert.isError(response, 400, 'Should reject missing amount');
85
- },
86
- },
87
-
88
- {
89
- name: 'rejects-missing-transaction-date',
90
- auth: 'none',
91
- async run({ http, assert }) {
92
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
93
- id: '_test-dispute-no-date',
94
- card: '4242',
95
- amount: 9.99,
96
- });
97
-
98
- assert.isError(response, 400, 'Should reject missing transactionDate');
99
- },
100
- },
101
-
102
- {
103
- name: 'accepts-valid-chargeblast-alert',
104
- auth: 'none',
105
- async run({ http, assert, firestore }) {
106
- const alertId = '_test-dispute-valid';
107
-
108
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
109
- id: alertId,
110
- card: '4242424242424242',
111
- cardBrand: 'Visa',
112
- amount: 29.99,
113
- transactionDate: '2026-03-07 14:30:00',
114
- processor: 'stripe',
115
- alertType: 'FRAUD',
116
- customerEmail: 'test@example.com',
117
- externalOrder: 'ch_test123',
118
- metadata: 'pi_test456',
119
- externalUrl: 'https://dashboard.stripe.com/charges/ch_test123',
120
- reasonCode: 'WIP',
121
- subprovider: 'Ethoca',
122
- isRefunded: false,
123
- });
124
-
125
- assert.isSuccess(response, 'Should accept valid Chargeblast alert');
126
- assert.equal(response.data.received, true, 'Should confirm receipt');
127
-
128
- // Verify doc was saved to Firestore
129
- const doc = await firestore.get(`payments-disputes/${alertId}`);
130
- assert.ok(doc, 'Dispute doc should exist in Firestore');
131
- assert.equal(doc.provider, 'chargeblast', 'Provider should be chargeblast');
132
- assert.ok(
133
- doc.status === 'pending' || doc.status === 'processing',
134
- 'Status should be pending or processing',
135
- );
136
-
137
- // Verify core normalized alert data
138
- assert.equal(doc.alert.card.last4, '4242', 'Should extract last4 from full card number');
139
- assert.equal(doc.alert.card.brand, 'visa', 'Should lowercase card brand');
140
- assert.equal(doc.alert.amount, 29.99, 'Amount should be preserved');
141
- assert.equal(doc.alert.transactionDate, '2026-03-07', 'Should extract date without time');
142
- assert.equal(doc.alert.processor, 'stripe', 'Processor should be stripe');
143
-
144
- // Verify new normalized fields
145
- assert.equal(doc.alert.alertType, 'FRAUD', 'Alert type should be preserved');
146
- assert.equal(doc.alert.customerEmail, 'test@example.com', 'Customer email should be preserved');
147
- assert.equal(doc.alert.chargeId, 'ch_test123', 'Charge ID should be extracted from externalOrder');
148
- assert.equal(doc.alert.paymentIntentId, 'pi_test456', 'Payment intent ID should be extracted from metadata');
149
- assert.equal(doc.alert.stripeUrl, 'https://dashboard.stripe.com/charges/ch_test123', 'Stripe URL should be preserved');
150
- assert.equal(doc.alert.reasonCode, 'WIP', 'Reason code should be preserved');
151
- assert.equal(doc.alert.subprovider, 'Ethoca', 'Subprovider should be preserved');
152
- assert.equal(doc.alert.isRefunded, false, 'isRefunded should be preserved');
153
-
154
- // Verify raw payload is preserved
155
- assert.ok(doc.raw, 'Raw payload should be preserved');
156
- assert.equal(doc.raw.id, alertId, 'Raw id should match');
157
- },
158
- },
159
-
160
- {
161
- name: 'accepts-alert-with-alertId-field',
162
- auth: 'none',
163
- async run({ http, assert, firestore }) {
164
- const alertId = '_test-dispute-alertid-field';
165
-
166
- // Chargeblast alert.created events use alertId instead of id
167
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
168
- alertId: alertId,
169
- card: '546616******5805',
170
- cardBrand: 'Mastercard',
171
- amount: 8,
172
- transactionDate: '2026-03-19 00:00:00.000000Z',
173
- });
174
-
175
- assert.isSuccess(response, 'Should accept alert using alertId field');
176
-
177
- const doc = await firestore.get(`payments-disputes/${alertId}`);
178
- assert.ok(doc, 'Dispute doc should exist in Firestore');
179
- assert.equal(doc.id, alertId, 'Doc ID should match alertId');
180
- assert.equal(doc.alert.id, alertId, 'Alert id should be set from alertId');
181
- assert.equal(doc.alert.card.last4, '5805', 'Should extract last4 from masked card');
182
- },
183
- },
184
-
185
- {
186
- name: 'accepts-alert-without-optional-fields',
187
- auth: 'none',
188
- async run({ http, assert, firestore }) {
189
- const alertId = '_test-dispute-minimal';
190
-
191
- // Send minimal alert (alert.created shape — no externalOrder, metadata, etc.)
192
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
193
- id: alertId,
194
- card: '9124',
195
- amount: 10,
196
- transactionDate: '2026-03-21 00:01:02',
197
- });
198
-
199
- assert.isSuccess(response, 'Should accept minimal alert');
200
-
201
- const doc = await firestore.get(`payments-disputes/${alertId}`);
202
- assert.equal(doc.alert.card.last4, '9124', 'Should use card as last4');
203
- assert.equal(doc.alert.processor, 'stripe', 'Processor should default to stripe');
204
- assert.equal(doc.alert.chargeId, null, 'Charge ID should be null when not provided');
205
- assert.equal(doc.alert.paymentIntentId, null, 'Payment intent should be null when not provided');
206
- assert.equal(doc.alert.customerEmail, null, 'Customer email should be null when not provided');
207
- assert.equal(doc.alert.alertType, null, 'Alert type should be null when not provided');
208
- assert.equal(doc.alert.stripeUrl, null, 'Stripe URL should be null when not provided');
209
- assert.equal(doc.alert.reasonCode, null, 'Reason code should be null when not provided');
210
- assert.equal(doc.alert.subprovider, null, 'Subprovider should be null when not provided');
211
- assert.equal(doc.alert.isRefunded, false, 'isRefunded should default to false');
212
- },
213
- },
214
-
215
- {
216
- name: 'accepts-alert-with-last4-only',
217
- auth: 'none',
218
- async run({ http, assert, firestore }) {
219
- const alertId = '_test-dispute-last4';
220
-
221
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
222
- id: alertId,
223
- card: '1234',
224
- amount: 9.99,
225
- transactionDate: '2026-01-15',
226
- });
227
-
228
- assert.isSuccess(response, 'Should accept alert with card last4 only');
229
-
230
- const doc = await firestore.get(`payments-disputes/${alertId}`);
231
- assert.equal(doc.alert.card.last4, '1234', 'Should use card value as last4 when already 4 digits');
232
- assert.equal(doc.alert.processor, 'stripe', 'Processor should default to stripe');
233
- },
234
- },
235
-
236
- {
237
- name: 'deduplicates-dispute-alerts',
238
- auth: 'none',
239
- async run({ http, assert, firestore }) {
240
- const alertId = '_test-dispute-duplicate';
241
-
242
- // Pre-seed an in-flight dispute directly. We seed (rather than POST a first alert)
243
- // because the route fires an async on-write trigger that, for synthetic test data
244
- // with no matching charge, can transition the doc to 'failed' — at which point the
245
- // dedup contract intentionally treats it as RETRYABLE, not a duplicate. Racing a
246
- // live POST against that trigger made this test flaky. Seeding 'processing' (a
247
- // non-failed, in-flight state) deterministically exercises the dedup path.
248
- await firestore.set(`payments-disputes/${alertId}`, {
249
- id: alertId,
250
- status: 'processing',
251
- });
252
-
253
- // A subsequent identical alert must be reported as a duplicate (not reprocessed).
254
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
255
- id: alertId,
256
- card: '4242',
257
- amount: 29.99,
258
- transactionDate: '2026-03-07',
259
- });
260
-
261
- assert.isSuccess(response, 'Duplicate should still return 200');
262
- assert.equal(response.data.duplicate, true, 'Should indicate duplicate');
263
- },
264
- },
265
-
266
- {
267
- name: 'retries-failed-alerts',
268
- auth: 'none',
269
- async run({ http, assert, firestore }) {
270
- const alertId = '_test-dispute-retry';
271
-
272
- // Pre-seed a failed dispute
273
- await firestore.set(`payments-disputes/${alertId}`, {
274
- id: alertId,
275
- status: 'failed',
276
- error: 'Previous error',
277
- });
278
-
279
- // Send alert with same ID — should retry since previous status was 'failed'
280
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
281
- id: alertId,
282
- card: '4242',
283
- amount: 29.99,
284
- transactionDate: '2026-03-07',
285
- });
286
-
287
- assert.isSuccess(response, 'Should accept retry of failed alert');
288
- assert.ok(!response.data.duplicate, 'Should not indicate duplicate for failed retry');
289
-
290
- // Verify doc was updated
291
- const doc = await firestore.get(`payments-disputes/${alertId}`);
292
- assert.ok(
293
- doc.status === 'pending' || doc.status === 'processing',
294
- 'Status should be pending or processing after retry',
295
- );
296
- },
297
- },
298
-
299
- {
300
- name: 'defaults-provider-to-chargeblast',
301
- auth: 'none',
302
- async run({ http, assert, firestore }) {
303
- const alertId = '_test-dispute-default-provider';
304
-
305
- // Send without provider query param
306
- const response = await http.as('none').post(`backend-manager/payments/dispute-alert?key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`, {
307
- id: alertId,
308
- card: '4242',
309
- amount: 9.99,
310
- transactionDate: '2026-01-15',
311
- });
312
-
313
- assert.isSuccess(response, 'Should accept without explicit provider param');
314
-
315
- const doc = await firestore.get(`payments-disputes/${alertId}`);
316
- assert.equal(doc.provider, 'chargeblast', 'Provider should default to chargeblast');
317
- },
318
- },
319
- ],
320
- };