kybernus 3.0.1 → 3.2.0

package/templates/ecommerce/apps/api/src/modules/catalog/__tests__/product.prisma.repository.test.ts

@@ -0,0 +1,174 @@
+import { PrismaClient } from '@prisma/client';
+import { PrismaProductRepository } from '../product.prisma.repository';
+import { PrismaCategoryRepository } from '../category.prisma.repository';
+import { ProductEntity, ProductStatus } from '../product.entity';
+import { CategoryEntity } from '../category.entity';
+
+const db = new PrismaClient();
+const productRepo = new PrismaProductRepository(db);
+const categoryRepo = new PrismaCategoryRepository(db);
+
+async function cleanDb() {
+  await db.productVariant.deleteMany();
+  await db.product.deleteMany();
+  await db.category.deleteMany();
+}
+
+let testCategoryId: string;
+
+beforeAll(async () => {
+  await db.$connect();
+});
+
+afterAll(async () => {
+  await cleanDb();
+  await db.$disconnect();
+});
+
+beforeEach(async () => {
+  await cleanDb();
+  // Each test gets a fresh category to attach products to
+  const cat = await categoryRepo.create(
+    CategoryEntity.create({ name: 'Test Category', slug: `cat-${Date.now()}` }),
+  );
+  testCategoryId = cat.id;
+});
+
+let skuCounter = 0;
+function makeProduct(overrides: Partial<{ name: string; slug: string }> = {}) {
+  const unique = `${Date.now()}-${++skuCounter}`;
+  return ProductEntity.create({
+    name: overrides.name ?? 'Test Product',
+    slug: overrides.slug ?? `slug-${unique}`,
+    description: 'A test product',
+    price: 99.99,
+    categoryId: testCategoryId,
+    images: ['img1.jpg'],
+    variants: [
+      { sku: `SKU-${unique}`, size: 'M', color: 'red', stock: 10 },
+    ],
+  });
+}
+
+describe('PrismaProductRepository', () => {
+  it('create: deve persistir produto com variantes', async () => {
+    const product = makeProduct();
+    const saved = await productRepo.create(product);
+
+    expect(saved.id).toBe(product.id);
+    expect(saved.name).toBe('Test Product');
+    expect(saved.price).toBe(99.99);
+    expect(saved.variants).toHaveLength(1);
+    expect(saved.variants[0]!.stock).toBe(10);
+  });
+
+  it('findById: deve retornar produto pelo id', async () => {
+    const product = makeProduct();
+    await productRepo.create(product);
+
+    const found = await productRepo.findById(product.id);
+    expect(found).not.toBeNull();
+    expect(found!.id).toBe(product.id);
+  });
+
+  it('findById: deve retornar null para produto deletado', async () => {
+    const product = makeProduct();
+    await productRepo.create(product);
+    await productRepo.softDelete(product.id);
+
+    const found = await productRepo.findById(product.id);
+    expect(found).toBeNull();
+  });
+
+  it('findBySlug: deve retornar produto pelo slug', async () => {
+    const product = makeProduct({ slug: 'unique-slug-test' });
+    await productRepo.create(product);
+
+    const found = await productRepo.findBySlug('unique-slug-test');
+    expect(found).not.toBeNull();
+    expect(found!.slug).toBe('unique-slug-test');
+  });
+
+  it('findAll: deve retornar apenas produtos ACTIVE', async () => {
+    const p1 = makeProduct({ name: 'P1', slug: 'p1' });
+    const p2 = makeProduct({ name: 'P2', slug: 'p2' });
+    await productRepo.create(p1);
+    await productRepo.create(p2);
+    await productRepo.softDelete(p2.id);
+
+    const all = await productRepo.findAll();
+    expect(all).toHaveLength(1);
+    expect(all[0]!.id).toBe(p1.id);
+  });
+
+  it('search: deve filtrar por texto (q)', async () => {
+    await productRepo.create(makeProduct({ name: 'Blue Sneaker', slug: 'blue-sneaker' }));
+    await productRepo.create(makeProduct({ name: 'Red Hat', slug: 'red-hat' }));
+
+    const result = await productRepo.search({ q: 'sneaker' });
+    expect(result.items).toHaveLength(1);
+    expect(result.items[0]!.name).toBe('Blue Sneaker');
+  });
+
+  it('search: deve paginar com cursor', async () => {
+    for (let i = 0; i < 3; i++) {
+      await productRepo.create(
+        makeProduct({ name: `Product ${i}`, slug: `product-${i}-${Date.now()}-${i}` }),
+      );
+    }
+
+    const page1 = await productRepo.search({ limit: 2 });
+    expect(page1.items).toHaveLength(2);
+    expect(page1.nextCursor).not.toBeNull();
+
+    const page2 = await productRepo.search({ cursor: page1.nextCursor!, limit: 2 });
+    expect(page2.items).toHaveLength(1);
+    expect(page2.nextCursor).toBeNull();
+  });
+
+  it('updateVariantStock: deve alterar o estoque do variante', async () => {
+    const product = makeProduct();
+    const saved = await productRepo.create(product);
+    const variantId = saved.variants[0]!.id;
+
+    await productRepo.updateVariantStock(product.id, variantId, 42);
+
+    const updated = await productRepo.findById(product.id);
+    expect(updated!.variants[0]!.stock).toBe(42);
+  });
+
+  it('softDelete: deve marcar status como DELETED sem remover do banco', async () => {
+    const product = makeProduct();
+    await productRepo.create(product);
+
+    await productRepo.softDelete(product.id);
+
+    // findById returns null for DELETED products
+    const found = await productRepo.findById(product.id);
+    expect(found).toBeNull();
+
+    // But the row still exists in the database
+    const raw = await db.product.findUnique({ where: { id: product.id } });
+    expect(raw).not.toBeNull();
+    expect(raw!.status).toBe(ProductStatus.DELETED);
+  });
+
+  it('slugExists: deve retornar true para slug existente', async () => {
+    const product = makeProduct({ slug: 'existing-slug' });
+    await productRepo.create(product);
+
+    expect(await productRepo.slugExists('existing-slug')).toBe(true);
+    expect(await productRepo.slugExists('nonexistent-slug')).toBe(false);
+  });
+
+  it('update: deve persistir alterações no produto', async () => {
+    const product = makeProduct({ name: 'Original', slug: 'original' });
+    await productRepo.create(product);
+
+    const changed = product.withUpdates({ name: 'Updated', price: 199.99 });
+    const saved = await productRepo.update(changed);
+
+    expect(saved.name).toBe('Updated');
+    expect(saved.price).toBe(199.99);
+  });
+});

package/templates/ecommerce/apps/api/src/modules/catalog/catalog.controller.ts

@@ -0,0 +1,176 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { catalogService } from './catalog.registry';
+
+// ── Validation schemas ────────────────────────────────────────────────────────
+const variantSchema = z.object({
+  sku: z.string().min(1),
+  size: z.string().nullish(),
+  color: z.string().nullish(),
+  stock: z.number().int().min(0),
+  price: z.number().positive().nullish(),
+});
+
+const createProductSchema = z.object({
+  name: z.string().min(1, 'Nome é obrigatório'),
+  description: z.string().nullish(),
+  price: z.number({ required_error: 'Preço é obrigatório' }),
+  categoryId: z.string().optional(),
+  categorySlug: z.string().optional(),
+  images: z.array(z.string().url()).default([]),
+  variants: z.array(variantSchema).min(1, 'Pelo menos uma variação é necessária'),
+});
+
+const updateProductSchema = z.object({
+  name: z.string().min(1).optional(),
+  description: z.string().nullish(),
+  price: z.number().optional(),
+  images: z.array(z.string().url()).optional(),
+});
+
+const stockUpdateSchema = z.object({
+  variantId: z.string().min(1),
+  delta: z.number().int(),
+});
+
+const listQuerySchema = z.object({
+  categorySlug: z.string().optional(),
+  categoryId: z.string().optional(),
+  minPrice: z.coerce.number().optional(),
+  maxPrice: z.coerce.number().optional(),
+  q: z.string().optional(),
+  sortBy: z.enum(['price_asc', 'price_desc', 'newest']).optional(),
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).default(20),
+});
+
+// ── Controllers ───────────────────────────────────────────────────────────────
+export async function listProducts(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = listQuerySchema.safeParse(req.query);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    // Resolve categorySlug → categoryId if needed
+    let categoryId = parsed.data.categoryId;
+    if (!categoryId && parsed.data.categorySlug) {
+      const cats = await catalogService.listCategories();
+      const cat = cats.find((c) => c.slug === parsed.data.categorySlug);
+      if (cat) categoryId = cat.id;
+    }
+
+    const result = await catalogService.searchProducts({
+      ...parsed.data,
+      categoryId,
+    });
+
+    res.status(200).json({
+      items: result.items.map((p) => p.toRecord()),
+      nextCursor: result.nextCursor,
+    });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function getProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const product = await catalogService.getProductBySlug(req.params['slug'] ?? '');
+    res.status(200).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function createProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = createProductSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const product = await catalogService.createProduct(parsed.data);
+    res.status(201).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function updateProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = updateProductSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const product = await catalogService.updateProduct(req.params['id'] ?? '', parsed.data);
+    res.status(200).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function deleteProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    await catalogService.deleteProduct(req.params['id'] ?? '');
+    res.status(204).send();
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function updateStock(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = stockUpdateSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const result = await catalogService.updateStock({
+      productId: req.params['id'] ?? '',
+      variantId: parsed.data.variantId,
+      delta: parsed.data.delta,
+    });
+    res.status(200).json(result);
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function listCategories(_req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const cats = await catalogService.listCategories();
+    res.status(200).json({ data: cats.map((c) => c.toRecord()) });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function uploadProductImage(req: Request, res: Response, next: NextFunction): Promise<void> {
+  if (!req.file) {
+    res.status(400).json({ error: 'Arquivo de imagem obrigatório' });
+    return;
+  }
+
+  const ALLOWED_MIMETYPES = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
+  if (!ALLOWED_MIMETYPES.includes(req.file.mimetype)) {
+    res.status(400).json({ error: 'Apenas imagens JPEG, PNG, GIF ou WebP são aceitas' });
+    return;
+  }
+
+  try {
+    const product = await catalogService.uploadProductImage(
+      req.params['id'] ?? '',
+      req.file.buffer,
+      req.file.mimetype,
+    );
+    res.status(200).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/modules/catalog/catalog.registry.ts

@@ -0,0 +1 @@
+export * from '../../infrastructure/config/registry/catalog.registry';

package/templates/ecommerce/apps/api/src/modules/catalog/catalog.routes.ts

@@ -0,0 +1,38 @@
+import { Router } from 'express';
+import multer from 'multer';
+import { authenticate } from '../../shared/middlewares/authenticate';
+import { authorize } from '../../shared/middlewares/authorize';
+import { validateUuidParam } from '../../shared/validators/uuidParam';
+import * as catalogController from './catalog.controller';
+
+const router = Router();
+
+// Multer: memory storage, 5 MB limit — MIME validation done in controller
+const imageUpload = multer({
+  storage: multer.memoryStorage(),
+  limits: { fileSize: 5 * 1024 * 1024 },
+});
+
+// ── Public routes ─────────────────────────────────────────────────────────────
+router.get('/', catalogController.listProducts);
+router.get('/:slug', catalogController.getProduct);
+
+// ── Admin-only routes ─────────────────────────────────────────────────────────
+router.post('/', authenticate, authorize('ADMIN'), catalogController.createProduct);
+router.put('/:id', authenticate, authorize('ADMIN'), validateUuidParam(), catalogController.updateProduct);
+router.delete('/:id', authenticate, authorize('ADMIN'), validateUuidParam(), catalogController.deleteProduct);
+router.patch('/:id/stock', authenticate, authorize('ADMIN'), validateUuidParam(), catalogController.updateStock);
+router.post(
+  '/:id/image',
+  authenticate,
+  authorize('ADMIN'),
+  validateUuidParam(),
+  imageUpload.single('image'),
+  catalogController.uploadProductImage,
+);
+
+export default router;
+
+// ── Stand-alone categories router ─────────────────────────────────────────────
+export const categoryRouter = Router();
+categoryRouter.get('/', catalogController.listCategories);

package/templates/ecommerce/apps/api/src/modules/catalog/catalog.service.ts

@@ -0,0 +1 @@
+export * from '../../application/catalog/catalog.service';

package/templates/ecommerce/apps/api/src/modules/catalog/category.entity.ts

@@ -0,0 +1 @@
+export * from '../../domain/catalog/category.entity';

package/templates/ecommerce/apps/api/src/modules/catalog/category.prisma.repository.ts

@@ -0,0 +1 @@
+export * from '../../infrastructure/persistence/prisma/catalog/category.prisma.repository';

package/templates/ecommerce/apps/api/src/modules/catalog/category.repository.ts

@@ -0,0 +1,2 @@
+export * from '../../domain/catalog/category.repository';
+export * from '../../infrastructure/persistence/in-memory/category.memory.repository';

package/templates/ecommerce/apps/api/src/modules/catalog/product.entity.ts

@@ -0,0 +1 @@
+export * from '../../domain/catalog/product.entity';

package/templates/ecommerce/apps/api/src/modules/catalog/product.prisma.repository.ts

@@ -0,0 +1 @@
+export * from '../../infrastructure/persistence/prisma/catalog/product.prisma.repository';

package/templates/ecommerce/apps/api/src/modules/catalog/product.repository.ts

@@ -0,0 +1,2 @@
+export * from '../../domain/catalog/product.repository';
+export * from '../../infrastructure/persistence/in-memory/product.memory.repository';

package/templates/ecommerce/apps/api/src/modules/checkout/__tests__/checkout.routes.integration.test.ts

@@ -0,0 +1,163 @@
+import request from 'supertest';
+import app from '../../../app';
+
+/**
+ * Checkout Routes — Integration Tests
+ * Stripe is NOT called in tests — StripeAdapter is replaced with a mock
+ * implementation via the checkout.registry singleton override.
+ */
+
+let customerToken: string;
+let adminToken: string;
+let productId: string;
+let variantId: string;
+
+const CUSTOMER = { name: 'Checkout Customer', email: 'checkout.c@test.com', password: 'pass1234' };
+const ADMIN = { name: 'Checkout Admin', email: 'checkout.a@test.com', password: 'admin1234' };
+
+beforeAll(async () => {
+  await request(app).post('/api/auth/register').send(CUSTOMER);
+
+  const { userRepository } = await import('../../auth/auth.registry');
+  const { UserEntity } = await import('../../auth/user.entity');
+  const { hash } = await import('bcryptjs');
+  const adminEntity = UserEntity.create({
+    name: ADMIN.name, email: ADMIN.email,
+    passwordHash: await hash(ADMIN.password, 10), role: 'ADMIN',
+  });
+  await userRepository.create(adminEntity);
+
+  const [cRes, aRes] = await Promise.all([
+    request(app).post('/api/auth/login').send({ email: CUSTOMER.email, password: CUSTOMER.password }),
+    request(app).post('/api/auth/login').send({ email: ADMIN.email, password: ADMIN.password }),
+  ]);
+  customerToken = (cRes.body as { accessToken: string }).accessToken;
+  adminToken = (aRes.body as { accessToken: string }).accessToken;
+
+  // Create product via API
+  const { catalogRegistry } = await import('../../catalog/catalog.registry');
+  const { CategoryEntity } = await import('../../catalog/category.entity');
+  await catalogRegistry.categoryRepository.create(
+    CategoryEntity.create({ name: 'Checkout Test', slug: 'checkout-test', description: null, parentId: null }),
+  );
+
+  const productRes = await request(app)
+    .post('/api/products')
+    .set('Authorization', `Bearer ${adminToken}`)
+    .send({
+      name: 'Produto Checkout',
+      price: 100,
+      categorySlug: 'checkout-test',
+      images: [],
+      variants: [{ sku: 'CHK-1', size: 'U', color: 'Azul', stock: 20 }],
+    });
+  const body = productRes.body as { id: string; variants: Array<{ id: string }> };
+  productId = body.id;
+  variantId = body.variants[0]!.id;
+
+  // Override the payment adapter with a mock to avoid real Stripe calls
+  const { checkoutRegistry } = await import('../checkout.registry');
+  checkoutRegistry.paymentAdapter.createPaymentIntent = jest.fn().mockResolvedValue({
+    id: 'pi_test_123',
+    clientSecret: 'pi_test_123_secret',
+  });
+});
+
+// ── POST /api/checkout ────────────────────────────────────────────────────────
+describe('POST /api/checkout', () => {
+  it('401: deve exigir autenticação', async () => {
+    const res = await request(app).post('/api/checkout').send({});
+    expect(res.status).toBe(401);
+  });
+
+  it('400: deve rejeitar carrinho vazio', async () => {
+    const res = await request(app)
+      .post('/api/checkout')
+      .set('Authorization', `Bearer ${customerToken}`)
+      .send({ shippingCost: 18.5, shippingAddress: null });
+    expect(res.status).toBe(400);
+  });
+
+  it('201: deve criar pedido e retornar { orderId, clientSecret }', async () => {
+    // Add item to cart first
+    await request(app)
+      .post('/api/cart/items')
+      .set('Authorization', `Bearer ${customerToken}`)
+      .send({ productId, variantId, qty: 1 });
+
+    const res = await request(app)
+      .post('/api/checkout')
+      .set('Authorization', `Bearer ${customerToken}`)
+      .send({ shippingCost: 18.5, shippingAddress: { street: 'Rua das Flores, 100', city: 'São Paulo', zip: '01310-100' } });
+
+    expect(res.status).toBe(201);
+    expect(res.body).toHaveProperty('orderId');
+    expect(res.body).toHaveProperty('clientSecret');
+  });
+
+  it('deve retornar 409 se estoque foi esgotado entre carrinho e checkout', async () => {
+    // Put cart item back (previous test cleared cart)
+    await request(app)
+      .post('/api/cart/items')
+      .set('Authorization', `Bearer ${customerToken}`)
+      .send({ productId, variantId, qty: 1 });
+
+    // Exhaust stock directly via stock update API
+    await request(app)
+      .patch(`/api/products/${productId}/stock`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ variantId, delta: -19 }); // bring stock to 0
+
+    const res = await request(app)
+      .post('/api/checkout')
+      .set('Authorization', `Bearer ${customerToken}`)
+      .send({ shippingCost: 0, shippingAddress: null });
+
+    expect(res.status).toBe(409);
+
+    // Restore stock
+    await request(app)
+      .patch(`/api/products/${productId}/stock`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ variantId, delta: 19 });
+  });
+});
+
+// ── POST /api/checkout/webhook ────────────────────────────────────────────────
+describe('POST /api/checkout/webhook', () => {
+  it('400: deve rejeitar webhook sem header stripe-signature', async () => {
+    const res = await request(app)
+      .post('/api/checkout/webhook')
+      .send({ type: 'payment_intent.succeeded' });
+    expect(res.status).toBe(400);
+  });
+
+  it('400: deve rejeitar webhook com assinatura inválida', async () => {
+    // Override handler with one that throws on bad signature
+    const { checkoutRegistry } = await import('../checkout.registry');
+    const original = checkoutRegistry.webhookHandler.handleEvent.bind(checkoutRegistry.webhookHandler);
+    checkoutRegistry.webhookHandler.handleEvent = jest.fn().mockRejectedValue(
+      Object.assign(new Error('Assinatura inválida'), { statusCode: 400 }),
+    );
+
+    const res = await request(app)
+      .post('/api/checkout/webhook')
+      .set('stripe-signature', 'bad-sig')
+      .send(JSON.stringify({ type: 'payment_intent.succeeded' }));
+
+    expect(res.status).toBe(400);
+    checkoutRegistry.webhookHandler.handleEvent = original;
+  });
+
+  it('200: deve processar payment_intent.succeeded com assinatura válida', async () => {
+    const { checkoutRegistry } = await import('../checkout.registry');
+    checkoutRegistry.webhookHandler.handleEvent = jest.fn().mockResolvedValue(undefined);
+
+    const res = await request(app)
+      .post('/api/checkout/webhook')
+      .set('stripe-signature', 'valid-sig')
+      .send(JSON.stringify({ type: 'payment_intent.succeeded' }));
+
+    expect(res.status).toBe(200);
+  });
+});