backend-manager 5.9.5 → 5.9.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (246) hide show
  1. package/package.json +8 -1
  2. package/src/manager/events/cron/runner.js +0 -1
  3. package/src/manager/libraries/email/data/disposable-domains.json +21 -0
  4. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  5. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  6. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  7. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  8. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  13. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  20. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  21. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  22. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  23. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  24. package/src/test/fixtures/firebase-project/firestore-debug.log +132 -0
  25. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  26. package/.codeclimate.yml +0 -32
  27. package/.nvmrc +0 -1
  28. package/CHANGELOG.md +0 -1440
  29. package/PROGRESS.md +0 -93
  30. package/TODO-2.md +0 -121
  31. package/TODO-CHARGEBLAST.md +0 -32
  32. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  33. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  34. package/TODO-email-auth.md +0 -14
  35. package/TODO.md +0 -187
  36. package/plans/mcp2.md +0 -247
  37. package/plans/suspended-subscription-dead-zone.md +0 -97
  38. package/scripts/test-helper-providers.js +0 -162
  39. package/scripts/update-disposable-domains.js +0 -44
  40. package/templates/_.env +0 -42
  41. package/templates/_.gitignore +0 -60
  42. package/templates/backend-manager-config.json +0 -249
  43. package/templates/database.rules.json +0 -83
  44. package/templates/firebase.json +0 -66
  45. package/templates/firestore.indexes.json +0 -4
  46. package/templates/firestore.rules +0 -112
  47. package/templates/public/404.html +0 -26
  48. package/templates/public/index.html +0 -24
  49. package/templates/remoteconfig.template.json +0 -1
  50. package/templates/storage-lifecycle-config-1-day.json +0 -9
  51. package/templates/storage-lifecycle-config-30-days.json +0 -9
  52. package/templates/storage.rules +0 -8
  53. package/test/_init/accounts-validation.js +0 -58
  54. package/test/_legacy/ai/index.js +0 -231
  55. package/test/_legacy/ai/test.jpg +0 -0
  56. package/test/_legacy/ai/test.pdf +0 -0
  57. package/test/_legacy/index.js +0 -31
  58. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  59. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  60. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  61. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  62. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  63. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  64. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  66. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  67. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  68. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  69. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  70. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  71. package/test/_legacy/payment-resolver/index.js +0 -1558
  72. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  73. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  74. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  75. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  76. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  77. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  78. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  84. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  85. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  86. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  87. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  88. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  89. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  90. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  91. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  92. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  94. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  95. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  96. package/test/_legacy/test-new +0 -1178
  97. package/test/_legacy/test.md +0 -89
  98. package/test/_legacy/usage.js +0 -175
  99. package/test/_legacy/user.js +0 -31
  100. package/test/ai/tools-live.js +0 -170
  101. package/test/boot/emulator-boots.js +0 -37
  102. package/test/content/blog-generate.js +0 -160
  103. package/test/email/campaign-send.js +0 -45
  104. package/test/email/consent-lifecycle.js +0 -257
  105. package/test/email/feedback-and-plain-send.js +0 -52
  106. package/test/email/fixtures/editorial.json +0 -30
  107. package/test/email/fixtures/field-report.json +0 -53
  108. package/test/email/marketing-lifecycle.js +0 -132
  109. package/test/email/newsletter-generate.js +0 -819
  110. package/test/email/newsletter-templates.js +0 -491
  111. package/test/email/templates.js +0 -207
  112. package/test/email/transactional-send.js +0 -34
  113. package/test/email/transactional.js +0 -560
  114. package/test/email/validation.js +0 -710
  115. package/test/events/auth-delete-race.js +0 -201
  116. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  117. package/test/events/payments/journey-payments-cancel.js +0 -182
  118. package/test/events/payments/journey-payments-discount.js +0 -89
  119. package/test/events/payments/journey-payments-failure.js +0 -146
  120. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  121. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  122. package/test/events/payments/journey-payments-one-time.js +0 -136
  123. package/test/events/payments/journey-payments-plan-change.js +0 -144
  124. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  125. package/test/events/payments/journey-payments-suspend.js +0 -181
  126. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  127. package/test/events/payments/journey-payments-trial.js +0 -171
  128. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  129. package/test/events/payments/journey-payments-upgrade.js +0 -135
  130. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  131. package/test/fixtures/chargebee/subscription-active.json +0 -44
  132. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  133. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  134. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  135. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  136. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  137. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  138. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  139. package/test/fixtures/paypal/order-approved.json +0 -62
  140. package/test/fixtures/paypal/order-completed.json +0 -110
  141. package/test/fixtures/paypal/subscription-active.json +0 -76
  142. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  143. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  144. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  145. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  146. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  147. package/test/fixtures/stripe/subscription-active.json +0 -161
  148. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  149. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  150. package/test/functions/admin/database-read.js +0 -134
  151. package/test/functions/admin/database-write.js +0 -159
  152. package/test/functions/admin/edit-post.js +0 -366
  153. package/test/functions/admin/firestore-query.js +0 -207
  154. package/test/functions/admin/firestore-read.js +0 -129
  155. package/test/functions/admin/firestore-write.js +0 -105
  156. package/test/functions/admin/get-stats.js +0 -115
  157. package/test/functions/admin/send-email.js +0 -119
  158. package/test/functions/admin/send-notification.js +0 -208
  159. package/test/functions/admin/write-repo-content.js +0 -223
  160. package/test/functions/general/add-marketing-contact.js +0 -335
  161. package/test/functions/general/fetch-post.js +0 -54
  162. package/test/functions/general/generate-uuid.js +0 -114
  163. package/test/functions/test/authenticate.js +0 -64
  164. package/test/functions/user/create-custom-token.js +0 -73
  165. package/test/functions/user/delete.js +0 -135
  166. package/test/functions/user/get-active-sessions.js +0 -111
  167. package/test/functions/user/get-subscription-info.js +0 -99
  168. package/test/functions/user/regenerate-api-keys.js +0 -156
  169. package/test/functions/user/resolve.js +0 -52
  170. package/test/functions/user/sign-out-all-sessions.js +0 -94
  171. package/test/functions/user/sign-up.js +0 -252
  172. package/test/functions/user/submit-feedback.js +0 -104
  173. package/test/functions/user/validate-settings.js +0 -82
  174. package/test/helpers/ai-request-payload.js +0 -300
  175. package/test/helpers/ai-test-provider.js +0 -202
  176. package/test/helpers/ai-tools-format.js +0 -383
  177. package/test/helpers/content/blog-auto-publisher.js +0 -484
  178. package/test/helpers/content/feed-parser.js +0 -528
  179. package/test/helpers/content/ghostii-blocks.js +0 -134
  180. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  181. package/test/helpers/content/ghostii-write-article.js +0 -243
  182. package/test/helpers/environment.js +0 -230
  183. package/test/helpers/infer-contact.js +0 -113
  184. package/test/helpers/merge-line-files.js +0 -271
  185. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  186. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  187. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  188. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  189. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  190. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  191. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  192. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  193. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  194. package/test/helpers/sanitize.js +0 -222
  195. package/test/helpers/slugify.js +0 -394
  196. package/test/helpers/storage.js +0 -194
  197. package/test/helpers/user.js +0 -755
  198. package/test/helpers/webhook-forward.js +0 -418
  199. package/test/mcp/discovery.js +0 -53
  200. package/test/mcp/oauth.js +0 -161
  201. package/test/mcp/protocol.js +0 -268
  202. package/test/mcp/roles.js +0 -188
  203. package/test/mcp/utils.js +0 -245
  204. package/test/routes/admin/create-post.js +0 -364
  205. package/test/routes/admin/database.js +0 -131
  206. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  207. package/test/routes/admin/email.js +0 -114
  208. package/test/routes/admin/firestore-query.js +0 -204
  209. package/test/routes/admin/firestore.js +0 -127
  210. package/test/routes/admin/infer-contact.js +0 -218
  211. package/test/routes/admin/notification.js +0 -198
  212. package/test/routes/admin/post-resize-image.js +0 -184
  213. package/test/routes/admin/post.js +0 -368
  214. package/test/routes/admin/repo-content.js +0 -223
  215. package/test/routes/admin/stats.js +0 -112
  216. package/test/routes/content/post.js +0 -54
  217. package/test/routes/general/uuid.js +0 -115
  218. package/test/routes/marketing/campaign.js +0 -125
  219. package/test/routes/marketing/contact.js +0 -370
  220. package/test/routes/marketing/email-preferences.js +0 -292
  221. package/test/routes/marketing/push-send.js +0 -32
  222. package/test/routes/marketing/webhook-forward.js +0 -61
  223. package/test/routes/marketing/webhook.js +0 -639
  224. package/test/routes/payments/cancel.js +0 -163
  225. package/test/routes/payments/discount.js +0 -80
  226. package/test/routes/payments/dispute-alert.js +0 -320
  227. package/test/routes/payments/intent.js +0 -336
  228. package/test/routes/payments/portal.js +0 -92
  229. package/test/routes/payments/refund.js +0 -179
  230. package/test/routes/payments/trial-eligibility.js +0 -71
  231. package/test/routes/payments/webhook.js +0 -107
  232. package/test/routes/test/authenticate.js +0 -59
  233. package/test/routes/test/schema.js +0 -554
  234. package/test/routes/test/usage.js +0 -342
  235. package/test/routes/user/api-keys.js +0 -156
  236. package/test/routes/user/delete.js +0 -136
  237. package/test/routes/user/feedback.js +0 -104
  238. package/test/routes/user/sessions.js +0 -199
  239. package/test/routes/user/settings-validate.js +0 -82
  240. package/test/routes/user/signup.js +0 -542
  241. package/test/routes/user/subscription.js +0 -99
  242. package/test/routes/user/token.js +0 -73
  243. package/test/routes/user/user.js +0 -157
  244. package/test/rules/notifications.js +0 -410
  245. package/test/rules/payments-carts.js +0 -371
  246. package/test/rules/user.js +0 -396
@@ -1,364 +0,0 @@
1
- /**
2
- * Test: POST /admin/post
3
- * Tests the admin create post endpoint
4
- * Creates blog posts via GitHub with image extraction and @post/ body rewriting
5
- * Requires admin/blogger role, GitHub API key, and repo_website config
6
- */
7
- const { Octokit } = require('@octokit/rest');
8
- const sharp = require('sharp');
9
-
10
- const { IMAGE_MAX_DIMENSION } = require('../../../src/manager/routes/admin/post/post');
11
-
12
- module.exports = {
13
- description: 'Admin create post on GitHub',
14
- type: 'suite',
15
- timeout: 300000, // 5 minutes total for the suite
16
-
17
- tests: [
18
- // --- Validation tests (no GitHub needed) ---
19
-
20
- {
21
- name: 'missing-title-rejected',
22
- auth: 'admin',
23
- timeout: 15000,
24
-
25
- async run({ http, assert }) {
26
- const response = await http.post('backend-manager/admin/post', {
27
- url: 'test-post',
28
- description: 'Test description',
29
- headerImageURL: 'https://example.com/image.jpg',
30
- body: 'Test content',
31
- });
32
-
33
- assert.isError(response, 400, 'Missing title should return 400');
34
- },
35
- },
36
-
37
- {
38
- name: 'missing-url-rejected',
39
- auth: 'admin',
40
- timeout: 15000,
41
-
42
- async run({ http, assert }) {
43
- const response = await http.post('backend-manager/admin/post', {
44
- title: 'Test Post',
45
- description: 'Test description',
46
- headerImageURL: 'https://example.com/image.jpg',
47
- body: 'Test content',
48
- });
49
-
50
- assert.isError(response, 400, 'Missing URL should return 400');
51
- },
52
- },
53
-
54
- {
55
- name: 'missing-description-rejected',
56
- auth: 'admin',
57
- timeout: 15000,
58
-
59
- async run({ http, assert }) {
60
- const response = await http.post('backend-manager/admin/post', {
61
- title: 'Test Post',
62
- url: 'test-post',
63
- headerImageURL: 'https://example.com/image.jpg',
64
- body: 'Test content',
65
- });
66
-
67
- assert.isError(response, 400, 'Missing description should return 400');
68
- },
69
- },
70
-
71
- {
72
- name: 'missing-header-image-rejected',
73
- auth: 'admin',
74
- timeout: 15000,
75
-
76
- async run({ http, assert }) {
77
- const response = await http.post('backend-manager/admin/post', {
78
- title: 'Test Post',
79
- url: 'test-post',
80
- description: 'Test description',
81
- body: 'Test content',
82
- });
83
-
84
- assert.isError(response, 400, 'Missing headerImageURL should return 400');
85
- },
86
- },
87
-
88
- {
89
- name: 'missing-body-rejected',
90
- auth: 'admin',
91
- timeout: 15000,
92
-
93
- async run({ http, assert }) {
94
- const response = await http.post('backend-manager/admin/post', {
95
- title: 'Test Post',
96
- url: 'test-post',
97
- description: 'Test description',
98
- headerImageURL: 'https://example.com/image.jpg',
99
- });
100
-
101
- assert.isError(response, 400, 'Missing body should return 400');
102
- },
103
- },
104
-
105
- // --- Integration: create post with inline image, verify @post/ rewriting ---
106
-
107
- {
108
- name: 'create-post-rewrites-body-images',
109
- auth: 'admin',
110
- timeout: 120000,
111
- skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
112
-
113
- async run({ http, assert, state, config }) {
114
- if (!process.env.GH_TOKEN) {
115
- assert.fail('GH_TOKEN env var not set');
116
- return;
117
- }
118
-
119
- if (!config.github?.repo_website) {
120
- assert.fail('githubRepoWebsite not configured');
121
- return;
122
- }
123
-
124
- // Parse owner/repo for cleanup later
125
- const repoMatch = config.github?.repo_website.match(/github\.com\/([^/]+)\/([^/]+)/);
126
- if (!repoMatch) {
127
- assert.fail('Could not parse githubRepoWebsite');
128
- return;
129
- }
130
-
131
- state.owner = repoMatch[1];
132
- state.repo = repoMatch[2];
133
-
134
- // Use a real public .jpg for the inline image
135
- const inlineImageURL = 'https://picsum.photos/id/10/200/200.jpg';
136
- // Oversized header image (long edge 5000px > IMAGE_MAX_DIMENSION 4096px) to
137
- // verify the resize step runs end-to-end and the committed file is clamped.
138
- const headerImageURL = 'https://picsum.photos/id/1/5000/3000.jpg';
139
-
140
- const response = await http.post('backend-manager/admin/post', {
141
- title: 'BEM Test Create Post',
142
- url: 'bem-test-create-post',
143
- description: 'Test post created by BEM test suite to verify @post/ body rewriting.',
144
- headerImageURL: headerImageURL,
145
- body: `# BEM Test Create Post\n\nSome intro text.\n\n![Test inline image](${inlineImageURL})\n\nMore text after the image.`,
146
- postPath: 'guest',
147
- });
148
-
149
- assert.isSuccess(response, 'Create post should succeed');
150
- assert.hasProperty(response, 'data.id', 'Response should have post id');
151
- assert.hasProperty(response, 'data.path', 'Response should have post file path');
152
-
153
- // Store for cleanup
154
- state.postId = response.data.id;
155
- state.postPath = response.data.path;
156
- },
157
- },
158
-
159
- {
160
- name: 'verify-body-has-at-post-prefix',
161
- auth: 'admin',
162
- timeout: 30000,
163
- skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
164
-
165
- async run({ assert, state }) {
166
- if (!state.postPath) {
167
- return; // Previous test didn't run
168
- }
169
-
170
- const octokit = new Octokit({ auth: process.env.GH_TOKEN });
171
-
172
- // Fetch the committed post from GitHub
173
- const { data: fileData } = await octokit.rest.repos.getContent({
174
- owner: state.owner,
175
- repo: state.repo,
176
- path: state.postPath,
177
- });
178
-
179
- const content = Buffer.from(fileData.content, 'base64').toString();
180
- state.currentSha = fileData.sha;
181
-
182
- // The body should contain @post/ prefix instead of the original external URL
183
- assert.ok(
184
- content.includes('@post/'),
185
- 'Post body should contain @post/ prefix for downloaded images',
186
- );
187
-
188
- assert.ok(
189
- !content.includes('picsum.photos/id/10'),
190
- 'Post body should NOT contain the original external inline image URL',
191
- );
192
- },
193
- },
194
-
195
- {
196
- name: 'verify-oversized-header-image-was-resized',
197
- auth: 'admin',
198
- timeout: 30000,
199
- skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
200
-
201
- async run({ assert, state }) {
202
- if (!state.postId) {
203
- return; // Previous test didn't run
204
- }
205
-
206
- const octokit = new Octokit({ auth: process.env.GH_TOKEN });
207
- const imageDir = `src/assets/images/blog/post-${state.postId}/`;
208
-
209
- // List committed images and pick the header (matches the slugified URL "bem-test-create-post")
210
- const { data: dirData } = await octokit.rest.repos.getContent({
211
- owner: state.owner,
212
- repo: state.repo,
213
- path: imageDir,
214
- });
215
-
216
- const headerFile = dirData.find((f) => f.name === 'bem-test-create-post.jpg');
217
- assert.ok(headerFile, 'Header image should be committed at expected slug');
218
-
219
- // Fetch the raw bytes and read dimensions
220
- const { data: blob } = await octokit.rest.git.getBlob({
221
- owner: state.owner,
222
- repo: state.repo,
223
- file_sha: headerFile.sha,
224
- });
225
-
226
- const buffer = Buffer.from(blob.content, 'base64');
227
- const meta = await sharp(buffer).metadata();
228
-
229
- // The source we requested was 5000x3000 (over the 4096 limit).
230
- // After resize, the long edge should be clamped to IMAGE_MAX_DIMENSION.
231
- const longEdge = Math.max(meta.width, meta.height);
232
- assert.ok(
233
- longEdge <= IMAGE_MAX_DIMENSION,
234
- `Committed header image long edge (${meta.width}x${meta.height}) should be <= IMAGE_MAX_DIMENSION (${IMAGE_MAX_DIMENSION})`,
235
- );
236
-
237
- // And the resize should actually have happened (source was 5000x3000 → expect width=4096)
238
- assert.equal(meta.width, IMAGE_MAX_DIMENSION, 'Resized width should equal IMAGE_MAX_DIMENSION');
239
- },
240
- },
241
-
242
- // --- Auth rejection tests ---
243
-
244
- {
245
- name: 'unauthenticated-rejected',
246
- auth: 'none',
247
- timeout: 15000,
248
-
249
- async run({ http, assert }) {
250
- const response = await http.post('backend-manager/admin/post', {
251
- title: 'Test Post',
252
- url: 'test-post',
253
- description: 'Test description',
254
- headerImageURL: 'https://example.com/image.jpg',
255
- body: 'Test content',
256
- });
257
-
258
- assert.isError(response, 401, 'Create post should fail without authentication');
259
- },
260
- },
261
-
262
- {
263
- name: 'non-admin-rejected',
264
- auth: 'basic',
265
- timeout: 15000,
266
-
267
- async run({ http, assert }) {
268
- const response = await http.post('backend-manager/admin/post', {
269
- title: 'Test Post',
270
- url: 'test-post',
271
- description: 'Test description',
272
- headerImageURL: 'https://example.com/image.jpg',
273
- body: 'Test content',
274
- });
275
-
276
- assert.isError(response, 403, 'Create post should fail for non-admin user');
277
- },
278
- },
279
-
280
- // --- Cleanup ---
281
-
282
- {
283
- name: 'cleanup',
284
- auth: 'admin',
285
- timeout: 60000,
286
-
287
- async run({ state }) {
288
- if (!process.env.GH_TOKEN || !state.postPath) {
289
- return;
290
- }
291
-
292
- const octokit = new Octokit({ auth: process.env.GH_TOKEN });
293
-
294
- // Delete the test post
295
- try {
296
- const { data: fileData } = await octokit.rest.repos.getContent({
297
- owner: state.owner,
298
- repo: state.repo,
299
- path: state.postPath,
300
- });
301
-
302
- await octokit.rest.repos.deleteFile({
303
- owner: state.owner,
304
- repo: state.repo,
305
- path: state.postPath,
306
- message: '🧹 BEM test cleanup: delete create-post test',
307
- sha: fileData.sha,
308
- });
309
- } catch (e) {
310
- // File might not exist, ignore
311
- }
312
-
313
- // Delete uploaded test images
314
- const imagePath = `src/assets/images/blog/post-${state.postId}/`;
315
- try {
316
- const { data: dirData } = await octokit.rest.repos.getContent({
317
- owner: state.owner,
318
- repo: state.repo,
319
- path: imagePath,
320
- });
321
-
322
- // Delete each image file
323
- for (const file of dirData) {
324
- await octokit.rest.repos.deleteFile({
325
- owner: state.owner,
326
- repo: state.repo,
327
- path: file.path,
328
- message: `🧹 BEM test cleanup: delete test image ${file.name}`,
329
- sha: file.sha,
330
- });
331
- }
332
- } catch (e) {
333
- // Directory might not exist, ignore
334
- }
335
-
336
- // Cancel any running workflows triggered by our test commits
337
- try {
338
- const { data: runs } = await octokit.rest.actions.listWorkflowRunsForRepo({
339
- owner: state.owner,
340
- repo: state.repo,
341
- status: 'in_progress',
342
- per_page: 10,
343
- });
344
-
345
- for (const run of runs.workflow_runs) {
346
- if (run.head_commit?.message?.includes('BEM test')) {
347
- try {
348
- await octokit.rest.actions.cancelWorkflowRun({
349
- owner: state.owner,
350
- repo: state.repo,
351
- run_id: run.id,
352
- });
353
- } catch (e) {
354
- // May already be completed, ignore
355
- }
356
- }
357
- }
358
- } catch (e) {
359
- // Workflow cancellation failed, not critical
360
- }
361
- },
362
- },
363
- ],
364
- };
@@ -1,131 +0,0 @@
1
- /**
2
- * Test: GET/POST /admin/database
3
- * Tests the admin Realtime Database read/write endpoints
4
- * Requires admin authentication
5
- */
6
- const TEST_PATH = '_test/database-test';
7
-
8
- module.exports = {
9
- description: 'Admin Realtime Database read/write operations',
10
- type: 'group',
11
- tests: [
12
- // Test 1: Setup - write test data first
13
- {
14
- name: 'setup-test-data',
15
- auth: 'admin',
16
- timeout: 15000,
17
-
18
- async run({ http, assert }) {
19
- const testData = {
20
- testField: 'database-test-value',
21
- timestamp: new Date().toISOString(),
22
- nested: {
23
- field1: 'nested-value',
24
- field2: 123,
25
- },
26
- };
27
-
28
- const writeResponse = await http.post('backend-manager/admin/database', {
29
- path: TEST_PATH,
30
- document: testData,
31
- });
32
-
33
- assert.isSuccess(writeResponse, 'Setup: Database write should succeed');
34
- },
35
- },
36
-
37
- // Test 2: Admin can read data
38
- {
39
- name: 'admin-read-succeeds',
40
- auth: 'admin',
41
- timeout: 15000,
42
-
43
- async run({ http, assert }) {
44
- const readResponse = await http.get('backend-manager/admin/database', {
45
- path: TEST_PATH,
46
- });
47
-
48
- assert.isSuccess(readResponse, 'Database read should succeed with admin auth');
49
- assert.hasProperty(readResponse, 'data.testField', 'Response should contain test data');
50
- assert.equal(
51
- readResponse.data.testField,
52
- 'database-test-value',
53
- 'Read data should match written data'
54
- );
55
- assert.hasProperty(readResponse, 'data.nested.field1', 'Response should contain nested data');
56
- assert.equal(
57
- readResponse.data.nested.field2,
58
- 123,
59
- 'Nested field should match written data'
60
- );
61
- },
62
- },
63
-
64
- // Test 3: Reading non-existent path returns empty/null
65
- {
66
- name: 'read-nonexistent-returns-null',
67
- auth: 'admin',
68
- timeout: 15000,
69
-
70
- async run({ http, assert }) {
71
- const readResponse = await http.get('backend-manager/admin/database', {
72
- path: '_test/nonexistent-path-12345',
73
- });
74
-
75
- assert.isSuccess(readResponse, 'Reading non-existent path should succeed');
76
- const data = readResponse.data;
77
- const isEmpty = data === null
78
- || data === undefined
79
- || (typeof data === 'object' && Object.keys(data).length === 0);
80
- assert.ok(
81
- isEmpty,
82
- `Non-existent path should return null, undefined, or empty object, got: ${JSON.stringify(data)}`
83
- );
84
- },
85
- },
86
-
87
- // Test 4: Missing path returns 400 error
88
- {
89
- name: 'missing-path-rejected',
90
- auth: 'admin',
91
- timeout: 15000,
92
-
93
- async run({ http, assert }) {
94
- const readResponse = await http.get('backend-manager/admin/database', {});
95
-
96
- assert.isError(readResponse, 400, 'Missing path should return 400');
97
- },
98
- },
99
-
100
- // Test 5: Unauthenticated request fails
101
- {
102
- name: 'unauthenticated-rejected',
103
- auth: 'none',
104
- timeout: 15000,
105
-
106
- async run({ http, assert }) {
107
- const readResponse = await http.get('backend-manager/admin/database', {
108
- path: TEST_PATH,
109
- });
110
-
111
- assert.isError(readResponse, 401, 'Database read should fail without authentication');
112
- },
113
- },
114
-
115
- // Test 6: Non-admin user fails
116
- {
117
- name: 'non-admin-rejected',
118
- auth: 'basic',
119
- timeout: 15000,
120
-
121
- async run({ http, assert }) {
122
- const readResponse = await http.get('backend-manager/admin/database', {
123
- path: TEST_PATH,
124
- });
125
-
126
- assert.isError(readResponse, 403, 'Database read should fail for non-admin user');
127
- },
128
- },
129
-
130
- ],
131
- };
@@ -1,190 +0,0 @@
1
- /**
2
- * Test: routes/admin/post/deduplicate-image-alts
3
- * Unit tests for the alt-text dedup helper used by the admin/post route.
4
- *
5
- * Run: npx mgr test routes/admin/deduplicate-image-alts
6
- *
7
- * Contract:
8
- * - Header images are never modified.
9
- * - Two non-header images with the same alt AND different URLs:
10
- * the second's alt is suffixed with " (2)" (and " (3)" for the third, etc.)
11
- * and the body is rewritten to match.
12
- * - Two non-header images with the same alt AND the same URL:
13
- * the second reuses the first's (possibly already-suffixed) alt — no change.
14
- * - Images with distinct alts are untouched.
15
- */
16
- const deduplicateImageAlts = require('../../../src/manager/routes/admin/post/deduplicate-image-alts');
17
-
18
- module.exports = {
19
- description: 'routes/admin/post/deduplicate-image-alts',
20
- type: 'group',
21
-
22
- tests: [
23
- // ─── Happy path: no collisions ───
24
-
25
- {
26
- name: 'distinct-alts-are-untouched',
27
- async run({ assert }) {
28
- const images = [
29
- { src: 'https://a.com/1.jpg', alt: 'Cat', header: false },
30
- { src: 'https://a.com/2.jpg', alt: 'Dog', header: false },
31
- ];
32
- const body = '![Cat](https://a.com/1.jpg)\n\n![Dog](https://a.com/2.jpg)';
33
- const result = deduplicateImageAlts(images, body);
34
-
35
- assert.equal(result.images[0].alt, 'Cat', 'First image alt unchanged');
36
- assert.equal(result.images[1].alt, 'Dog', 'Second image alt unchanged');
37
- assert.equal(result.body, body, 'Body is unchanged when no collisions');
38
- },
39
- },
40
-
41
- // ─── The bug: same alt, different URLs ───
42
-
43
- {
44
- name: 'same-alt-different-urls-suffixes-second',
45
- async run({ assert }) {
46
- const sharedAlt = '62f9b399-92c2-40c2-8ec4-e05b54077aaa';
47
- const images = [
48
- { src: 'https://a.com/1.jpg', alt: sharedAlt, header: false },
49
- { src: 'https://a.com/2.jpg', alt: sharedAlt, header: false },
50
- ];
51
- const body = `![${sharedAlt}](https://a.com/1.jpg)\n\nsome text\n\n![${sharedAlt}](https://a.com/2.jpg)`;
52
- const result = deduplicateImageAlts(images, body);
53
-
54
- assert.equal(result.images[0].alt, sharedAlt, 'First image keeps original alt');
55
- assert.equal(result.images[1].alt, `${sharedAlt} (2)`, 'Second image alt is suffixed with " (2)"');
56
- assert.ok(
57
- result.body.includes(`![${sharedAlt}](https://a.com/1.jpg)`),
58
- 'Body still contains the first image with original alt',
59
- );
60
- assert.ok(
61
- result.body.includes(`![${sharedAlt} (2)](https://a.com/2.jpg)`),
62
- 'Body contains the second image with suffixed alt',
63
- );
64
- },
65
- },
66
-
67
- {
68
- name: 'three-images-same-alt-different-urls-counts-up',
69
- async run({ assert }) {
70
- const sharedAlt = 'Logo';
71
- const images = [
72
- { src: 'https://a.com/1.jpg', alt: sharedAlt, header: false },
73
- { src: 'https://a.com/2.jpg', alt: sharedAlt, header: false },
74
- { src: 'https://a.com/3.jpg', alt: sharedAlt, header: false },
75
- ];
76
- const body = `![${sharedAlt}](https://a.com/1.jpg)\n![${sharedAlt}](https://a.com/2.jpg)\n![${sharedAlt}](https://a.com/3.jpg)`;
77
- const result = deduplicateImageAlts(images, body);
78
-
79
- assert.equal(result.images[0].alt, 'Logo');
80
- assert.equal(result.images[1].alt, 'Logo (2)');
81
- assert.equal(result.images[2].alt, 'Logo (3)');
82
- assert.ok(result.body.includes('![Logo](https://a.com/1.jpg)'));
83
- assert.ok(result.body.includes('![Logo (2)](https://a.com/2.jpg)'));
84
- assert.ok(result.body.includes('![Logo (3)](https://a.com/3.jpg)'));
85
- },
86
- },
87
-
88
- // ─── Same alt, SAME URL: legitimate duplicate, no change ───
89
-
90
- {
91
- name: 'same-alt-same-url-is-not-a-collision',
92
- async run({ assert }) {
93
- const sharedAlt = 'Logo';
94
- const sharedUrl = 'https://a.com/logo.jpg';
95
- const images = [
96
- { src: sharedUrl, alt: sharedAlt, header: false },
97
- { src: sharedUrl, alt: sharedAlt, header: false },
98
- ];
99
- const body = `![${sharedAlt}](${sharedUrl})\n\n![${sharedAlt}](${sharedUrl})`;
100
- const result = deduplicateImageAlts(images, body);
101
-
102
- assert.equal(result.images[0].alt, sharedAlt, 'First image alt unchanged');
103
- assert.equal(result.images[1].alt, sharedAlt, 'Second image alt unchanged (same URL)');
104
- assert.equal(result.body, body, 'Body unchanged when URLs match');
105
- },
106
- },
107
-
108
- // ─── Header image is never touched ───
109
-
110
- {
111
- name: 'header-image-with-shared-alt-is-not-modified',
112
- async run({ assert }) {
113
- const sharedAlt = 'banner';
114
- const images = [
115
- { src: 'https://a.com/header.jpg', alt: sharedAlt, header: true },
116
- { src: 'https://a.com/body.jpg', alt: sharedAlt, header: false },
117
- ];
118
- const body = `![${sharedAlt}](https://a.com/body.jpg)`;
119
- const result = deduplicateImageAlts(images, body);
120
-
121
- assert.equal(result.images[0].alt, sharedAlt, 'Header image alt unchanged');
122
- assert.equal(
123
- result.images[1].alt,
124
- sharedAlt,
125
- 'Body image alt unchanged because header is excluded from collision tracking',
126
- );
127
- assert.equal(result.body, body, 'Body unchanged');
128
- },
129
- },
130
-
131
- // ─── Mixed scenarios ───
132
-
133
- {
134
- name: 'mixed-A-B-A-C-only-C-collides-with-A-once',
135
- async run({ assert }) {
136
- // Pattern: A, B, A (same URL as first A), C (different URL, same alt as A)
137
- // Expected: A and A reuse, C gets " (2)" suffix because its alt collides with A.
138
- const altA = 'Shared';
139
- const altB = 'Other';
140
- const urlA = 'https://a.com/a.jpg';
141
- const urlB = 'https://a.com/b.jpg';
142
- const urlC = 'https://a.com/c.jpg';
143
-
144
- const images = [
145
- { src: urlA, alt: altA, header: false },
146
- { src: urlB, alt: altB, header: false },
147
- { src: urlA, alt: altA, header: false }, // Same URL as image 1 — legit duplicate
148
- { src: urlC, alt: altA, header: false }, // Different URL, same alt — collision
149
- ];
150
- const body = `![${altA}](${urlA})\n![${altB}](${urlB})\n![${altA}](${urlA})\n![${altA}](${urlC})`;
151
- const result = deduplicateImageAlts(images, body);
152
-
153
- assert.equal(result.images[0].alt, altA, 'Image 1 unchanged');
154
- assert.equal(result.images[1].alt, altB, 'Image 2 (different alt) unchanged');
155
- assert.equal(result.images[2].alt, altA, 'Image 3 (same URL as 1) unchanged');
156
- assert.equal(result.images[3].alt, `${altA} (2)`, 'Image 4 (different URL, same alt) gets " (2)"');
157
- assert.ok(result.body.includes(`![${altA} (2)](${urlC})`), 'Body has the C image with suffixed alt');
158
- },
159
- },
160
-
161
- // ─── Edge cases ───
162
-
163
- {
164
- name: 'empty-images-array-returns-empty',
165
- async run({ assert }) {
166
- const result = deduplicateImageAlts([], 'some body');
167
- assert.deepEqual(result.images, [], 'images is empty');
168
- assert.equal(result.body, 'some body', 'body unchanged');
169
- },
170
- },
171
-
172
- {
173
- name: 'no-collisions-among-different-alts',
174
- async run({ assert }) {
175
- const images = [
176
- { src: 'https://a.com/1.jpg', alt: 'A', header: false },
177
- { src: 'https://a.com/2.jpg', alt: 'B', header: false },
178
- { src: 'https://a.com/3.jpg', alt: 'C', header: false },
179
- ];
180
- const body = '![A](https://a.com/1.jpg)\n![B](https://a.com/2.jpg)\n![C](https://a.com/3.jpg)';
181
- const result = deduplicateImageAlts(images, body);
182
-
183
- assert.equal(result.images[0].alt, 'A');
184
- assert.equal(result.images[1].alt, 'B');
185
- assert.equal(result.images[2].alt, 'C');
186
- assert.equal(result.body, body, 'Body unchanged');
187
- },
188
- },
189
- ],
190
- };