kybernus 3.0.1 → 3.2.0

package/templates/ecommerce/apps/api/src/modules/orders/__tests__/order.routes.integration.test.ts

@@ -0,0 +1,254 @@
+/**
+ * Order Routes — Integration Tests (Phase 5)
+ *
+ * Customer routes:  GET /api/orders, GET /api/orders/:id
+ * Admin routes:     GET /api/admin/orders, PATCH /api/admin/orders/:id/status
+ */
+import request from 'supertest';
+import app from '../../../app';
+
+let customerToken: string;
+let adminToken: string;
+let customerId: string;
+let customerOrderId: string;
+let paidOrderId: string;
+let otherOrderId: string; // belongs to a different user
+
+const CUSTOMER = { name: 'Order Customer', email: 'order.c@test.com', password: 'pass1234' };
+const CUSTOMER2 = { name: 'Other User', email: 'order.other@test.com', password: 'pass1234' };
+const ADMIN = { name: 'Order Admin', email: 'order.a@test.com', password: 'admin1234' };
+
+beforeAll(async () => {
+  // Register customers
+  const regRes = await request(app).post('/api/auth/register').send(CUSTOMER);
+  customerId = (regRes.body as { user: { id: string } }).user.id;
+  await request(app).post('/api/auth/register').send(CUSTOMER2);
+
+  // Create admin directly in the user repository
+  const { userRepository } = await import('../../auth/auth.registry');
+  const { UserEntity } = await import('../../auth/user.entity');
+  const { hash } = await import('bcryptjs');
+  const adminEntity = UserEntity.create({
+    name: ADMIN.name,
+    email: ADMIN.email,
+    passwordHash: await hash(ADMIN.password, 10),
+    role: 'ADMIN',
+  });
+  await userRepository.create(adminEntity);
+
+  // Get tokens
+  const [cRes, aRes, o2Res] = await Promise.all([
+    request(app).post('/api/auth/login').send({ email: CUSTOMER.email, password: CUSTOMER.password }),
+    request(app).post('/api/auth/login').send({ email: ADMIN.email, password: ADMIN.password }),
+    request(app).post('/api/auth/login').send({ email: CUSTOMER2.email, password: CUSTOMER2.password }),
+  ]);
+  customerToken = (cRes.body as { accessToken: string }).accessToken;
+  adminToken = (aRes.body as { accessToken: string }).accessToken;
+  const customer2Id = (o2Res.body as { user: { id: string } }).user.id;
+
+  // Seed orders directly into the repository
+  const { checkoutRegistry } = await import('../../checkout/checkout.registry');
+  const { OrderEntity } = await import('../../checkout/order.entity');
+
+  const order1 = OrderEntity.create({
+    userId: customerId,
+    items: [{ id: 'item-1', variantId: 'v1', productId: 'p1', name: 'Camiseta', sku: 'CAM-P', price: 100, qty: 1, image: null }],
+    subtotal: 100,
+    discount: 0,
+    shippingCost: 10,
+    tax: 0,
+    total: 110,
+    couponCode: null,
+    paymentIntentId: 'pi_ord1',
+    shippingAddress: { street: 'Rua A', city: 'SP', zip: '01000-000' },
+  });
+  customerOrderId = order1.id;
+  await checkoutRegistry.orderRepository.create(order1);
+
+  const order2 = OrderEntity.create({
+    userId: customerId,
+    items: [],
+    subtotal: 50,
+    discount: 0,
+    shippingCost: 5,
+    tax: 0,
+    total: 55,
+    couponCode: null,
+    paymentIntentId: 'pi_ord2',
+    shippingAddress: null,
+  }).pay();
+  paidOrderId = order2.id;
+  await checkoutRegistry.orderRepository.create(order2);
+
+  const order3 = OrderEntity.create({
+    userId: customer2Id,
+    items: [],
+    subtotal: 200,
+    discount: 0,
+    shippingCost: 0,
+    tax: 0,
+    total: 200,
+    couponCode: null,
+    paymentIntentId: 'pi_ord3',
+    shippingAddress: null,
+  });
+  otherOrderId = order3.id;
+  await checkoutRegistry.orderRepository.create(order3);
+});
+
+// ── GET /api/orders (CUSTOMER) ────────────────────────────────────────────────
+describe('GET /api/orders (CUSTOMER)', () => {
+  it('401: deve exigir autenticação', async () => {
+    const res = await request(app).get('/api/orders');
+    expect(res.status).toBe(401);
+  });
+
+  it('200: deve listar apenas pedidos do usuário autenticado', async () => {
+    const res = await request(app)
+      .get('/api/orders')
+      .set('Authorization', `Bearer ${customerToken}`);
+
+    expect(res.status).toBe(200);
+    expect(res.body).toHaveProperty('items');
+    const body = res.body as { items: Array<{ userId: string }> };
+    expect(body.items.length).toBeGreaterThanOrEqual(2);
+    // All items belong to the customer
+    for (const item of body.items) {
+      expect(item.userId).toBe(customerId);
+    }
+  });
+
+  it('deve paginar com cursor', async () => {
+    const res = await request(app)
+      .get('/api/orders?limit=1')
+      .set('Authorization', `Bearer ${customerToken}`);
+
+    expect(res.status).toBe(200);
+    const body = res.body as { items: unknown[]; nextCursor: string | null };
+    expect(body.items).toHaveLength(1);
+    expect(body.nextCursor).not.toBeNull();
+  });
+});
+
+// ── GET /api/orders/:id (CUSTOMER) ───────────────────────────────────────────
+describe('GET /api/orders/:id (CUSTOMER)', () => {
+  it('200: deve retornar detalhes do pedido', async () => {
+    const res = await request(app)
+      .get(`/api/orders/${customerOrderId}`)
+      .set('Authorization', `Bearer ${customerToken}`);
+
+    expect(res.status).toBe(200);
+    const body = res.body as { id: string; status: string };
+    expect(body.id).toBe(customerOrderId);
+    expect(body.status).toBe('PENDING');
+  });
+
+  it('403: não deve retornar pedido de outro usuário', async () => {
+    const res = await request(app)
+      .get(`/api/orders/${otherOrderId}`)
+      .set('Authorization', `Bearer ${customerToken}`);
+
+    expect(res.status).toBe(403);
+  });
+
+  it('404: deve retornar 404 para pedido inexistente', async () => {
+    const res = await request(app)
+      .get('/api/orders/00000000-0000-4000-8000-000000000099')
+      .set('Authorization', `Bearer ${customerToken}`);
+
+    expect(res.status).toBe(404);
+  });
+});
+
+// ── PATCH /api/admin/orders/:id/status (ADMIN) ───────────────────────────────
+describe('PATCH /api/admin/orders/:id/status (ADMIN)', () => {
+  it('403: deve bloquear não-admins', async () => {
+    const res = await request(app)
+      .patch(`/api/admin/orders/${paidOrderId}/status`)
+      .set('Authorization', `Bearer ${customerToken}`)
+      .send({ status: 'SHIPPED' });
+
+    expect(res.status).toBe(403);
+  });
+
+  it('200: deve atualizar status para transição válida (PAID → SHIPPED)', async () => {
+    const res = await request(app)
+      .patch(`/api/admin/orders/${paidOrderId}/status`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ status: 'SHIPPED' });
+
+    expect(res.status).toBe(200);
+    expect((res.body as { status: string }).status).toBe('SHIPPED');
+  });
+
+  it('400: deve rejeitar transição inválida (PENDING → SHIPPED)', async () => {
+    const res = await request(app)
+      .patch(`/api/admin/orders/${customerOrderId}/status`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ status: 'SHIPPED' });
+
+    expect(res.status).toBe(400);
+  });
+
+  it('deve aceitar trackingCode para status SHIPPED', async () => {
+    // Create a fresh PAID order to ship
+    const { checkoutRegistry } = await import('../../checkout/checkout.registry');
+    const { OrderEntity } = await import('../../checkout/order.entity');
+    const freshOrder = OrderEntity.create({
+      userId: customerId,
+      items: [],
+      subtotal: 80,
+      discount: 0,
+      shippingCost: 10,
+      tax: 0,
+      total: 90,
+      couponCode: null,
+      paymentIntentId: 'pi_fresh',
+      shippingAddress: null,
+    }).pay();
+    await checkoutRegistry.orderRepository.create(freshOrder);
+
+    const res = await request(app)
+      .patch(`/api/admin/orders/${freshOrder.id}/status`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ status: 'SHIPPED', trackingCode: 'TRACK-BR-123' });
+
+    expect(res.status).toBe(200);
+    const body = res.body as { status: string; trackingCode: string };
+    expect(body.status).toBe('SHIPPED');
+    expect(body.trackingCode).toBe('TRACK-BR-123');
+  });
+});
+
+// ── GET /api/admin/orders (ADMIN) ────────────────────────────────────────────
+describe('GET /api/admin/orders (ADMIN)', () => {
+  it('403: deve bloquear não-admins', async () => {
+    const res = await request(app)
+      .get('/api/admin/orders')
+      .set('Authorization', `Bearer ${customerToken}`);
+
+    expect(res.status).toBe(403);
+  });
+
+  it('200: deve listar todos os pedidos', async () => {
+    const res = await request(app)
+      .get('/api/admin/orders')
+      .set('Authorization', `Bearer ${adminToken}`);
+
+    expect(res.status).toBe(200);
+    const body = res.body as { items: unknown[] };
+    expect(body.items.length).toBeGreaterThanOrEqual(3);
+  });
+
+  it('deve filtrar por status', async () => {
+    const res = await request(app)
+      .get('/api/admin/orders?status=PENDING')
+      .set('Authorization', `Bearer ${adminToken}`);
+
+    expect(res.status).toBe(200);
+    const body = res.body as { items: Array<{ status: string }> };
+    for (const item of body.items) {
+      expect(item.status).toBe('PENDING');
+    }
+  });
+});

package/templates/ecommerce/apps/api/src/modules/orders/__tests__/order.service.email.unit.test.ts

@@ -0,0 +1,142 @@
+/**
+ * OrderService — Email de status (Phase 14)
+ * Verifica que emails são enviados nas transições SHIPPED e DELIVERED
+ * e que falhas de email não quebram o fluxo.
+ */
+
+import { OrderService } from '../order.service';
+import { IOrderRepository } from '../../checkout/order.repository';
+import { IEmailService } from '../../../shared/infra/email/IEmailService';
+import { IUserRepository } from '../../auth/user.repository';
+import { OrderEntity } from '../../checkout/order.entity';
+import { UserEntity } from '../../auth/user.entity';
+
+function makeOrderRepo(): jest.Mocked<IOrderRepository> {
+  return {
+    findById: jest.fn(),
+    findByPaymentIntentId: jest.fn(),
+    findByUserId: jest.fn(),
+    findAll: jest.fn(),
+    create: jest.fn(),
+    update: jest.fn().mockImplementation(async (o: OrderEntity) => o),
+  } as jest.Mocked<IOrderRepository>;
+}
+
+function makeEmailService(): jest.Mocked<IEmailService> {
+  return { send: jest.fn().mockResolvedValue(undefined) };
+}
+
+function makeUserRepo(): jest.Mocked<IUserRepository> {
+  return {
+    findByEmail: jest.fn(),
+    findById: jest.fn(),
+    create: jest.fn(),
+    update: jest.fn(),
+    delete: jest.fn(),
+    findAll: jest.fn(),
+  } as jest.Mocked<IUserRepository>;
+}
+
+function makePaidOrder(overrides: Partial<{ userId: string }> = {}): OrderEntity {
+  return OrderEntity.reconstitute({
+    id: 'order-email-1',
+    userId: overrides.userId ?? 'user-email-1',
+    status: 'PAID',
+    items: [{ id: 'i1', variantId: 'v1', productId: 'p1', name: 'Tênis', sku: 'TN-42', price: 299.9, qty: 1, image: null }],
+    subtotal: 299.9,
+    discount: 0,
+    shippingCost: 20,
+    tax: 0,
+    total: 319.9,
+    couponCode: null,
+    paymentIntentId: 'pi_abc',
+    trackingCode: null,
+    shippingAddress: null,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  });
+}
+
+function makeUser(email = 'user@test.com'): UserEntity {
+  return UserEntity.create({ name: 'Usuário', email, passwordHash: 'h', role: 'CUSTOMER' });
+}
+
+describe('OrderService — emails de status (Phase 14)', () => {
+  let orderRepo: jest.Mocked<IOrderRepository>;
+  let emailService: jest.Mocked<IEmailService>;
+  let userRepo: jest.Mocked<IUserRepository>;
+  let service: OrderService;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    orderRepo = makeOrderRepo();
+    emailService = makeEmailService();
+    userRepo = makeUserRepo();
+    service = new OrderService(orderRepo, emailService, userRepo);
+  });
+
+  it('envia email "Pedido enviado" com trackingCode ao mudar status para SHIPPED', async () => {
+    const order = makePaidOrder({ userId: 'u-shipped' });
+    orderRepo.findById.mockResolvedValue(order);
+    userRepo.findById.mockResolvedValue(makeUser('shipped@test.com'));
+
+    await service.updateOrderStatus('order-email-1', 'SHIPPED', 'TRACK123');
+
+    expect(emailService.send).toHaveBeenCalledWith(
+      'shipped@test.com',
+      expect.stringContaining('enviado'),
+      expect.stringContaining('TRACK123'),
+    );
+  });
+
+  it('envia email "Pedido entregue" ao mudar status para DELIVERED', async () => {
+    const shipped = OrderEntity.reconstitute({
+      ...makePaidOrder({ userId: 'u-delivered' }).toRecord(),
+      status: 'SHIPPED',
+      trackingCode: 'TR999',
+    });
+    orderRepo.findById.mockResolvedValue(shipped);
+    userRepo.findById.mockResolvedValue(makeUser('delivered@test.com'));
+
+    await service.updateOrderStatus('order-email-1', 'DELIVERED');
+
+    expect(emailService.send).toHaveBeenCalledWith(
+      'delivered@test.com',
+      expect.stringContaining('entregue'),
+      expect.any(String),
+    );
+  });
+
+  it('não envia email ao mudar status para CANCELLED', async () => {
+    const order = makePaidOrder();
+    orderRepo.findById.mockResolvedValue(order);
+
+    await service.updateOrderStatus('order-email-1', 'CANCELLED');
+
+    expect(emailService.send).not.toHaveBeenCalled();
+  });
+
+  it('não envia email para transição PENDING→PAID (coberto pelo webhook)', async () => {
+    const pending = OrderEntity.reconstitute({
+      ...makePaidOrder().toRecord(),
+      status: 'PENDING',
+    });
+    orderRepo.findById.mockResolvedValue(pending);
+
+    await service.updateOrderStatus('order-email-1', 'PAID');
+
+    expect(emailService.send).not.toHaveBeenCalled();
+  });
+
+  it('não falha se emailService.send() lançar na transição SHIPPED', async () => {
+    const order = makePaidOrder({ userId: 'u-err' });
+    orderRepo.findById.mockResolvedValue(order);
+    userRepo.findById.mockResolvedValue(makeUser('err@test.com'));
+    emailService.send.mockRejectedValue(new Error('SMTP timeout'));
+
+    // Must NOT throw
+    await expect(service.updateOrderStatus('order-email-1', 'SHIPPED', 'TR-X')).resolves.toBeDefined();
+    // Order must still have been updated
+    expect(orderRepo.update).toHaveBeenCalled();
+  });
+});

package/templates/ecommerce/apps/api/src/modules/orders/order.controller.ts

@@ -0,0 +1,96 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { orderService } from './order.registry';
+import type { OrderStatus } from '../checkout/order.entity';
+
+// ── Zod schemas ──────────────────────────────────────────────────────────────
+const paginationSchema = z.object({
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).optional(),
+});
+
+const updateStatusSchema = z.object({
+  status: z.enum(['PENDING', 'PAID', 'FAILED', 'SHIPPED', 'DELIVERED', 'CANCELLED']),
+  trackingCode: z.string().optional(),
+});
+
+const statusFilterSchema = z.object({
+  status: z.enum(['PENDING', 'PAID', 'FAILED', 'SHIPPED', 'DELIVERED', 'CANCELLED']).optional(),
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).optional(),
+});
+
+function serializeOrder(order: { toRecord: () => object }) {
+  return order.toRecord();
+}
+
+// ── Customer controllers ─────────────────────────────────────────────────────
+export async function listOrders(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const user = req.user as { id: string };
+    const { cursor, limit } = paginationSchema.parse(req.query);
+    const result = await orderService.getOrdersByUser(user.id, { cursor, limit });
+    res.status(200).json({
+      items: result.items.map(serializeOrder),
+      nextCursor: result.nextCursor,
+    });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function getOrder(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const user = req.user as { id: string };
+    const { id } = req.params as { id: string };
+    const order = await orderService.getOrderById(id, user.id);
+    res.status(200).json(serializeOrder(order));
+  } catch (err) {
+    next(err);
+  }
+}
+
+// ── Admin controllers ────────────────────────────────────────────────────────
+export async function adminListOrders(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const { status, cursor, limit } = statusFilterSchema.parse(req.query);
+    const result = await orderService.getAllOrders({
+      status: status as OrderStatus | undefined,
+      cursor,
+      limit,
+    });
+    res.status(200).json({
+      items: result.items.map(serializeOrder),
+      nextCursor: result.nextCursor,
+    });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function adminUpdateOrderStatus(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const { id } = req.params as { id: string };
+    const { status, trackingCode } = updateStatusSchema.parse(req.body);
+    const order = await orderService.updateOrderStatus(id, status, trackingCode);
+    res.status(200).json(serializeOrder(order));
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/modules/orders/order.registry.ts

@@ -0,0 +1 @@
+export * from '../../infrastructure/config/registry/orders.registry';

package/templates/ecommerce/apps/api/src/modules/orders/order.routes.ts

@@ -0,0 +1,17 @@
+import { Router } from 'express';
+import { authenticate } from '../../shared/middlewares/authenticate';
+import { authorize } from '../../shared/middlewares/authorize';
+import { validateUuidParam } from '../../shared/validators/uuidParam';
+import * as orderController from './order.controller';
+
+// ── Customer routes — mounted at /api/orders ─────────────────────────────────
+export const orderRoutes = Router();
+orderRoutes.use(authenticate);
+orderRoutes.get('/', orderController.listOrders);
+orderRoutes.get('/:id', validateUuidParam(), orderController.getOrder);
+
+// ── Admin routes — mounted at /api/admin/orders ──────────────────────────────
+export const adminOrderRoutes = Router();
+adminOrderRoutes.use(authenticate, authorize('ADMIN'));
+adminOrderRoutes.get('/', orderController.adminListOrders);
+adminOrderRoutes.patch('/:id/status', validateUuidParam(), orderController.adminUpdateOrderStatus);

package/templates/ecommerce/apps/api/src/modules/orders/order.service.ts

@@ -0,0 +1 @@
+export * from '../../application/orders/order.service';