kybernus 3.1.0 → 3.2.0

package/templates/ecommerce/apps/api/src/modules/auth/__tests__/auth.routes.integration.test.ts

@@ -0,0 +1,211 @@
+import request from 'supertest';
+import app from '../../../app';
+
+/**
+ * Integration tests for Auth routes.
+ * These tests run against the full Express app (no DB — repository is mocked
+ * at the module level so we don't need Docker/Testcontainers for Phase 1 unit
+ * integration tests; Prisma integration tests will be added when the DB
+ * migration is applied in the real test environment).
+ */
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+const VALID_REGISTER = {
+  name: 'João Silva',
+  email: 'joao@email.com',
+  password: 'senha1234',
+};
+
+// ── Tests ────────────────────────────────────────────────────────────────────
+describe('Auth Routes — Integration', () => {
+  describe('POST /api/auth/register', () => {
+    it('201: deve registrar usuário com dados válidos', async () => {
+      const res = await request(app).post('/api/auth/register').send(VALID_REGISTER);
+
+      expect(res.status).toBe(201);
+      expect(res.body.user).toMatchObject({ email: VALID_REGISTER.email });
+      expect((res.body.user as Record<string, unknown>)['passwordHash']).toBeUndefined();
+      expect(res.body.accessToken).toBeTruthy();
+    });
+
+    it('409: deve retornar conflict para email duplicado', async () => {
+      await request(app).post('/api/auth/register').send(VALID_REGISTER);
+      const res = await request(app).post('/api/auth/register').send(VALID_REGISTER);
+
+      expect(res.status).toBe(409);
+      expect(res.body).toHaveProperty('error');
+    });
+
+    it('422: deve retornar erros de validação para email inválido', async () => {
+      const res = await request(app).post('/api/auth/register').send({
+        name: 'João',
+        email: 'not-an-email',
+        password: 'senha1234',
+      });
+
+      expect(res.status).toBe(422);
+      expect(res.body).toHaveProperty('errors');
+    });
+
+    it('422: deve retornar erro para senha menor que 8 caracteres', async () => {
+      const res = await request(app).post('/api/auth/register').send({
+        name: 'João',
+        email: 'joao2@email.com',
+        password: '123',
+      });
+
+      expect(res.status).toBe(422);
+    });
+
+    it('422: deve retornar erro para name vazio', async () => {
+      const res = await request(app).post('/api/auth/register').send({
+        name: '',
+        email: 'joao3@email.com',
+        password: 'senha1234',
+      });
+
+      expect(res.status).toBe(422);
+    });
+  });
+
+  describe('POST /api/auth/login', () => {
+    beforeEach(async () => {
+      await request(app).post('/api/auth/register').send(VALID_REGISTER);
+    });
+
+    it('200: deve retornar accessToken no body e refreshToken como httpOnly cookie', async () => {
+      const res = await request(app).post('/api/auth/login').send({
+        email: VALID_REGISTER.email,
+        password: VALID_REGISTER.password,
+      });
+
+      expect(res.status).toBe(200);
+      expect(res.body.accessToken).toBeTruthy();
+
+      const cookies: string[] = res.headers['set-cookie'] as unknown as string[];
+      expect(cookies).toBeDefined();
+      const refreshCookie = cookies.find((c) => c.startsWith('refreshToken='));
+      expect(refreshCookie).toBeDefined();
+      expect(refreshCookie).toContain('HttpOnly');
+    });
+
+    it('401: deve rejeitar credenciais com senha incorreta', async () => {
+      const res = await request(app).post('/api/auth/login').send({
+        email: VALID_REGISTER.email,
+        password: 'senha_errada',
+      });
+
+      expect(res.status).toBe(401);
+    });
+
+    it('401: deve rejeitar email inexistente', async () => {
+      const res = await request(app).post('/api/auth/login').send({
+        email: 'naoexiste@email.com',
+        password: 'senha1234',
+      });
+
+      expect(res.status).toBe(401);
+    });
+  });
+
+  describe('POST /api/auth/refresh', () => {
+    it('200: deve retornar novo accessToken com refreshToken válido no cookie', async () => {
+      await request(app).post('/api/auth/register').send(VALID_REGISTER);
+      const loginRes = await request(app)
+        .post('/api/auth/login')
+        .send({ email: VALID_REGISTER.email, password: VALID_REGISTER.password });
+
+      const cookies: string[] = loginRes.headers['set-cookie'] as unknown as string[];
+      const cookieHeader = cookies.find((c) => c.startsWith('refreshToken=')) ?? '';
+
+      const res = await request(app)
+        .post('/api/auth/refresh')
+        .set('Cookie', cookieHeader.split(';')[0] ?? '');
+
+      expect(res.status).toBe(200);
+      expect(res.body.accessToken).toBeTruthy();
+    });
+
+    it('401: deve rejeitar requisição sem cookie de refresh', async () => {
+      const res = await request(app).post('/api/auth/refresh');
+
+      expect(res.status).toBe(401);
+    });
+  });
+
+  describe('POST /api/auth/logout', () => {
+    it('204: deve invalidar o refreshToken e limpar o cookie', async () => {
+      await request(app).post('/api/auth/register').send(VALID_REGISTER);
+      const loginRes = await request(app)
+        .post('/api/auth/login')
+        .send({ email: VALID_REGISTER.email, password: VALID_REGISTER.password });
+
+      const cookies: string[] = loginRes.headers['set-cookie'] as unknown as string[];
+      const cookieHeader = cookies.find((c) => c.startsWith('refreshToken=')) ?? '';
+      const cookieValue = cookieHeader.split(';')[0] ?? '';
+
+      const res = await request(app)
+        .post('/api/auth/logout')
+        .set('Cookie', cookieValue);
+
+      expect(res.status).toBe(204);
+
+      // Refresh deve falhar após logout
+      const refreshRes = await request(app)
+        .post('/api/auth/refresh')
+        .set('Cookie', cookieValue);
+      expect(refreshRes.status).toBe(401);
+    });
+  });
+
+  describe('Middleware: authenticate', () => {
+    it('401: deve rejeitar requisição sem Bearer token', async () => {
+      const res = await request(app).get('/api/auth/me');
+
+      expect(res.status).toBe(401);
+    });
+
+    it('401: deve rejeitar token malformado', async () => {
+      const res = await request(app)
+        .get('/api/auth/me')
+        .set('Authorization', 'Bearer not-a-valid-jwt');
+
+      expect(res.status).toBe(401);
+    });
+
+    it('200: deve retornar dados do usuário para token válido', async () => {
+      await request(app).post('/api/auth/register').send(VALID_REGISTER);
+      const loginRes = await request(app)
+        .post('/api/auth/login')
+        .send({ email: VALID_REGISTER.email, password: VALID_REGISTER.password });
+
+      const { accessToken } = loginRes.body as { accessToken: string };
+
+      const res = await request(app)
+        .get('/api/auth/me')
+        .set('Authorization', `Bearer ${accessToken}`);
+
+      expect(res.status).toBe(200);
+      expect(res.body.email).toBe(VALID_REGISTER.email);
+      expect((res.body as Record<string, unknown>)['passwordHash']).toBeUndefined();
+    });
+  });
+
+  describe('Middleware: authorize (ADMIN only)', () => {
+    it('403: deve bloquear usuário CUSTOMER em rota de ADMIN', async () => {
+      await request(app).post('/api/auth/register').send(VALID_REGISTER);
+      const loginRes = await request(app)
+        .post('/api/auth/login')
+        .send({ email: VALID_REGISTER.email, password: VALID_REGISTER.password });
+
+      const { accessToken } = loginRes.body as { accessToken: string };
+
+      // /api/auth/admin-test é uma rota protegida por authorize('ADMIN')
+      const res = await request(app)
+        .get('/api/auth/admin-test')
+        .set('Authorization', `Bearer ${accessToken}`);
+
+      expect(res.status).toBe(403);
+    });
+  });
+});

package/templates/ecommerce/apps/api/src/modules/auth/__tests__/auth.service.unit.test.ts

@@ -0,0 +1,260 @@
+import { AuthService } from '../auth.service';
+import { IUserRepository } from '../user.repository';
+import { ITokenService } from '../token.service';
+import { IEmailService } from '../../../shared/infra/email/IEmailService';
+import { UserEntity } from '../user.entity';
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+const makeUser = (overrides: Partial<Parameters<typeof UserEntity.create>[0]> = {}) =>
+  UserEntity.create({
+    name: 'Test User',
+    email: 'test@email.com',
+    passwordHash: '$2a$10$hashedpassword',
+    ...overrides,
+  });
+
+// ── Mocks ────────────────────────────────────────────────────────────────────
+const makeUserRepository = (): jest.Mocked<IUserRepository> => ({
+  findByEmail: jest.fn(),
+  findById: jest.fn(),
+  create: jest.fn(),
+  update: jest.fn(),
+  delete: jest.fn(),
+  findAll: jest.fn(),
+});
+
+const makeTokenService = (): jest.Mocked<ITokenService> => ({
+  generateAccessToken: jest.fn(),
+  generateRefreshToken: jest.fn(),
+  verifyAccessToken: jest.fn(),
+  verifyRefreshToken: jest.fn(),
+  invalidateRefreshToken: jest.fn(),
+  isRefreshTokenBlacklisted: jest.fn(),
+  generatePasswordResetToken: jest.fn(),
+  verifyPasswordResetToken: jest.fn(),
+  invalidatePasswordResetToken: jest.fn(),
+});
+
+const makeEmailService = (): jest.Mocked<IEmailService> => ({
+  send: jest.fn().mockResolvedValue(undefined),
+});
+
+// ── Tests ────────────────────────────────────────────────────────────────────
+describe('AuthService — Unit', () => {
+  let authService: AuthService;
+  let userRepository: jest.Mocked<IUserRepository>;
+  let tokenService: jest.Mocked<ITokenService>;
+  let emailService: jest.Mocked<IEmailService>;
+
+  beforeEach(() => {
+    userRepository = makeUserRepository();
+    tokenService = makeTokenService();
+    emailService = makeEmailService();
+    authService = new AuthService(userRepository, tokenService, emailService);
+  });
+
+  // ── register ──────────────────────────────────────────────────────────────
+  describe('register()', () => {
+    it('deve criar usuário com role CUSTOMER por padrão', async () => {
+      userRepository.findByEmail.mockResolvedValue(null);
+      userRepository.create.mockImplementation(async (user) => user);
+
+      const result = await authService.register({
+        name: 'João Silva',
+        email: 'joao@email.com',
+        password: 'senha1234',
+      });
+
+      expect(result.role).toBe('CUSTOMER');
+      expect(userRepository.create).toHaveBeenCalledTimes(1);
+    });
+
+    it('deve hashear a senha antes de salvar (não persiste senha em texto plano)', async () => {
+      userRepository.findByEmail.mockResolvedValue(null);
+      userRepository.create.mockImplementation(async (user) => user);
+
+      await authService.register({
+        name: 'João',
+        email: 'joao@email.com',
+        password: 'senha1234',
+      });
+
+      const persistedUser = userRepository.create.mock.calls[0][0];
+      expect(persistedUser.passwordHash).not.toBe('senha1234');
+      expect(persistedUser.passwordHash).toMatch(/^\$2[ab]\$/); // bcryptjs format
+    });
+
+    it('deve lançar ConflictError se email já estiver cadastrado', async () => {
+      userRepository.findByEmail.mockResolvedValue(makeUser());
+
+      await expect(
+        authService.register({ name: 'João', email: 'test@email.com', password: 'senha1234' }),
+      ).rejects.toMatchObject({ statusCode: 409 });
+    });
+
+    it('deve lançar ValidationError se senha tiver menos de 8 caracteres', async () => {
+      userRepository.findByEmail.mockResolvedValue(null);
+
+      await expect(
+        authService.register({ name: 'João', email: 'joao@email.com', password: '123' }),
+      ).rejects.toMatchObject({ statusCode: 422 });
+    });
+  });
+
+  // ── login ────────────────────────────────────────────────────────────────
+  describe('login()', () => {
+    it('deve retornar accessToken e refreshToken para credenciais válidas', async () => {
+      // bcryptjs hash of "senha1234"
+      const { hash } = await import('bcryptjs');
+      const passwordHash = await hash('senha1234', 10);
+      const user = UserEntity.create({ name: 'João', email: 'joao@email.com', passwordHash });
+
+      userRepository.findByEmail.mockResolvedValue(user);
+      tokenService.generateAccessToken.mockReturnValue('access-token');
+      tokenService.generateRefreshToken.mockReturnValue('refresh-token');
+
+      const result = await authService.login({ email: 'joao@email.com', password: 'senha1234' });
+
+      expect(result.accessToken).toBe('access-token');
+      expect(result.refreshToken).toBe('refresh-token');
+    });
+
+    it('deve lançar UnauthorizedError para senha incorreta', async () => {
+      const { hash } = await import('bcryptjs');
+      const passwordHash = await hash('senha1234', 10);
+      const user = UserEntity.create({ name: 'João', email: 'joao@email.com', passwordHash });
+
+      userRepository.findByEmail.mockResolvedValue(user);
+
+      await expect(
+        authService.login({ email: 'joao@email.com', password: 'senha_errada' }),
+      ).rejects.toMatchObject({ statusCode: 401 });
+    });
+
+    it('deve lançar UnauthorizedError para email inexistente', async () => {
+      userRepository.findByEmail.mockResolvedValue(null);
+
+      await expect(
+        authService.login({ email: 'naoexiste@email.com', password: 'senha1234' }),
+      ).rejects.toMatchObject({ statusCode: 401 });
+    });
+
+    it('NÃO deve expor passwordHash no retorno', async () => {
+      const { hash } = await import('bcryptjs');
+      const passwordHash = await hash('senha1234', 10);
+      const user = UserEntity.create({ name: 'João', email: 'joao@email.com', passwordHash });
+
+      userRepository.findByEmail.mockResolvedValue(user);
+      tokenService.generateAccessToken.mockReturnValue('access-token');
+      tokenService.generateRefreshToken.mockReturnValue('refresh-token');
+
+      const result = await authService.login({ email: 'joao@email.com', password: 'senha1234' });
+
+      expect((result.user as Record<string, unknown>)['passwordHash']).toBeUndefined();
+    });
+  });
+
+  // ── refreshToken ─────────────────────────────────────────────────────────
+  describe('refreshToken()', () => {
+    it('deve emitir novo accessToken para refreshToken válido', async () => {
+      const user = makeUser();
+      tokenService.isRefreshTokenBlacklisted.mockResolvedValue(false);
+      tokenService.verifyRefreshToken.mockReturnValue({ sub: user.id, email: user.email });
+      userRepository.findById.mockResolvedValue(user);
+      tokenService.generateAccessToken.mockReturnValue('new-access-token');
+
+      const result = await authService.refreshToken('valid-refresh-token');
+
+      expect(result.accessToken).toBe('new-access-token');
+    });
+
+    it('deve rejeitar refreshToken que está na blacklist (logout anterior)', async () => {
+      tokenService.isRefreshTokenBlacklisted.mockResolvedValue(true);
+
+      await expect(authService.refreshToken('blacklisted-token')).rejects.toMatchObject({
+        statusCode: 401,
+      });
+    });
+
+    it('deve rejeitar se verifyRefreshToken lançar erro (token expirado/inválido)', async () => {
+      tokenService.isRefreshTokenBlacklisted.mockResolvedValue(false);
+      tokenService.verifyRefreshToken.mockImplementation(() => {
+        throw new Error('jwt expired');
+      });
+
+      await expect(authService.refreshToken('expired-token')).rejects.toMatchObject({
+        statusCode: 401,
+      });
+    });
+  });
+
+  // ── logout ───────────────────────────────────────────────────────────────
+  describe('logout()', () => {
+    it('deve invalidar o refreshToken na blacklist', async () => {
+      tokenService.invalidateRefreshToken.mockResolvedValue(undefined);
+
+      await authService.logout('refresh-token-to-invalidate');
+
+      expect(tokenService.invalidateRefreshToken).toHaveBeenCalledWith(
+        'refresh-token-to-invalidate',
+      );
+    });
+  });
+
+  // ── forgotPassword ───────────────────────────────────────────────────────
+  describe('forgotPassword()', () => {
+    it('deve SEMPRE retornar sucesso mesmo se email não existir (anti-enumeration)', async () => {
+      userRepository.findByEmail.mockResolvedValue(null);
+
+      // Should NOT throw — prevents user enumeration attacks
+      await expect(
+        authService.forgotPassword({ email: 'inexistente@email.com' }),
+      ).resolves.not.toThrow();
+    });
+
+    it('deve gerar token de reset e chamar o serviço de envio de email', async () => {
+      const user = makeUser();
+      userRepository.findByEmail.mockResolvedValue(user);
+      tokenService.generatePasswordResetToken.mockResolvedValue('reset-token');
+
+      await authService.forgotPassword({ email: 'test@email.com' });
+
+      expect(tokenService.generatePasswordResetToken).toHaveBeenCalledWith(user.id);
+      expect(emailService.send).toHaveBeenCalledTimes(1);
+      const [to] = emailService.send.mock.calls[0];
+      expect(to).toBe('test@email.com');
+    });
+  });
+
+  // ── resetPassword ─────────────────────────────────────────────────────────
+  describe('resetPassword()', () => {
+    it('deve atualizar senha e invalidar o token de reset', async () => {
+      const user = makeUser();
+      tokenService.verifyPasswordResetToken.mockResolvedValue(user.id);
+      userRepository.findById.mockResolvedValue(user);
+      userRepository.update.mockImplementation(async (u) => u);
+      tokenService.invalidatePasswordResetToken.mockResolvedValue(undefined);
+
+      await authService.resetPassword({ token: 'valid-reset-token', newPassword: 'newpassword1' });
+
+      expect(userRepository.update).toHaveBeenCalledTimes(1);
+      const updatedUser = userRepository.update.mock.calls[0][0];
+      expect(updatedUser.passwordHash).not.toBe('newpassword1');
+      expect(tokenService.invalidatePasswordResetToken).toHaveBeenCalledWith('valid-reset-token');
+    });
+
+    it('deve rejeitar token de reset inválido/expirado', async () => {
+      tokenService.verifyPasswordResetToken.mockRejectedValue(new Error('invalid token'));
+
+      await expect(
+        authService.resetPassword({ token: 'bad-token', newPassword: 'newpassword1' }),
+      ).rejects.toMatchObject({ statusCode: 400 });
+    });
+
+    it('deve lançar erro se nova senha tiver menos de 8 caracteres', async () => {
+      await expect(
+        authService.resetPassword({ token: 'valid-token', newPassword: '123' }),
+      ).rejects.toMatchObject({ statusCode: 422 });
+    });
+  });
+});

package/templates/ecommerce/apps/api/src/modules/auth/__tests__/email.service.unit.test.ts

@@ -0,0 +1,94 @@
+import { AuthService } from '../auth.service';
+import { IUserRepository } from '../user.repository';
+import { ITokenService } from '../token.service';
+import { IEmailService } from '../../../shared/infra/email/IEmailService';
+import { UserEntity } from '../user.entity';
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+const makeUser = () =>
+  UserEntity.create({
+    name: 'Ana Lima',
+    email: 'ana@email.com',
+    passwordHash: '$2a$10$hashedpassword',
+  });
+
+// ── Mocks ────────────────────────────────────────────────────────────────────
+const makeUserRepository = (): jest.Mocked<IUserRepository> => ({
+  findByEmail: jest.fn(),
+  findById: jest.fn(),
+  create: jest.fn(),
+  update: jest.fn(),
+  delete: jest.fn(),
+  findAll: jest.fn(),
+});
+
+const makeTokenService = (): jest.Mocked<ITokenService> => ({
+  generateAccessToken: jest.fn(),
+  generateRefreshToken: jest.fn(),
+  verifyAccessToken: jest.fn(),
+  verifyRefreshToken: jest.fn(),
+  invalidateRefreshToken: jest.fn(),
+  isRefreshTokenBlacklisted: jest.fn(),
+  generatePasswordResetToken: jest.fn(),
+  verifyPasswordResetToken: jest.fn(),
+  invalidatePasswordResetToken: jest.fn(),
+});
+
+const makeEmailService = (): jest.Mocked<IEmailService> => ({
+  send: jest.fn().mockResolvedValue(undefined),
+});
+
+// ── Tests ────────────────────────────────────────────────────────────────────
+describe('AuthService.forgotPassword() — com IEmailService mockado', () => {
+  let authService: AuthService;
+  let userRepository: jest.Mocked<IUserRepository>;
+  let tokenService: jest.Mocked<ITokenService>;
+  let emailService: jest.Mocked<IEmailService>;
+
+  beforeEach(() => {
+    userRepository = makeUserRepository();
+    tokenService = makeTokenService();
+    emailService = makeEmailService();
+    authService = new AuthService(userRepository, tokenService, emailService);
+  });
+
+  it('deve chamar emailService.send() com o email correto do destinatário', async () => {
+    const user = makeUser();
+    userRepository.findByEmail.mockResolvedValue(user);
+    tokenService.generatePasswordResetToken.mockResolvedValue('tok-abc123');
+
+    await authService.forgotPassword({ email: 'ana@email.com' });
+
+    expect(emailService.send).toHaveBeenCalledTimes(1);
+    const [to] = emailService.send.mock.calls[0];
+    expect(to).toBe('ana@email.com');
+  });
+
+  it('deve incluir o token de reset na URL enviada', async () => {
+    const user = makeUser();
+    userRepository.findByEmail.mockResolvedValue(user);
+    tokenService.generatePasswordResetToken.mockResolvedValue('tok-abc123');
+
+    await authService.forgotPassword({ email: 'ana@email.com' });
+
+    const [, , html] = emailService.send.mock.calls[0];
+    expect(html).toContain('tok-abc123');
+    expect(html).toContain('reset-password');
+  });
+
+  it('deve retornar sucesso mesmo se email não existir (anti-enumeration)', async () => {
+    userRepository.findByEmail.mockResolvedValue(null);
+
+    await expect(
+      authService.forgotPassword({ email: 'naoexiste@email.com' }),
+    ).resolves.not.toThrow();
+  });
+
+  it('não deve chamar emailService.send() se usuário não existir', async () => {
+    userRepository.findByEmail.mockResolvedValue(null);
+
+    await authService.forgotPassword({ email: 'naoexiste@email.com' });
+
+    expect(emailService.send).not.toHaveBeenCalled();
+  });
+});

package/templates/ecommerce/apps/api/src/modules/auth/__tests__/token.blacklist.redis.test.ts

@@ -0,0 +1,65 @@
+/**
+ * Integration tests for RedisTokenBlacklist.
+ * Requires Redis running on REDIS_URL (defaults to redis://localhost:6379).
+ * Run with: npm run test:db
+ */
+import Redis from 'ioredis';
+import { RedisTokenBlacklist } from '../redis.token.blacklist';
+
+const redisUrl = process.env['REDIS_URL'] ?? 'redis://localhost:6379';
+
+describe('RedisTokenBlacklist', () => {
+  let redis: Redis;
+  let blacklist: RedisTokenBlacklist;
+
+  beforeAll(async () => {
+    redis = new Redis(redisUrl, { lazyConnect: true, maxRetriesPerRequest: 3 });
+    await redis.connect();
+    blacklist = new RedisTokenBlacklist(redis);
+  });
+
+  afterAll(async () => {
+    await redis.quit();
+  });
+
+  afterEach(async () => {
+    // Clean up test keys
+    const keys = await redis.keys('blacklist:test-*');
+    if (keys.length > 0) await redis.del(...keys);
+  });
+
+  it('deve retornar false para jti desconhecido', async () => {
+    const result = await blacklist.has('test-unknown-jti');
+    expect(result).toBe(false);
+  });
+
+  it('deve persistir jti no Redis com TTL', async () => {
+    const jti = 'test-jti-ttl';
+    await blacklist.add(jti, 60);
+
+    const ttl = await redis.ttl(`blacklist:${jti}`);
+    expect(ttl).toBeGreaterThan(0);
+    expect(ttl).toBeLessThanOrEqual(60);
+  });
+
+  it('deve retornar true após add()', async () => {
+    const jti = 'test-jti-present';
+    await blacklist.add(jti, 60);
+
+    const result = await blacklist.has(jti);
+    expect(result).toBe(true);
+  });
+
+  it('deve expirar automaticamente após TTL', async () => {
+    const jti = 'test-jti-expire';
+    await blacklist.add(jti, 1); // 1 second TTL
+
+    const beforeExpiry = await blacklist.has(jti);
+    expect(beforeExpiry).toBe(true);
+
+    await new Promise((resolve) => setTimeout(resolve, 1200));
+
+    const afterExpiry = await blacklist.has(jti);
+    expect(afterExpiry).toBe(false);
+  }, 5000);
+});