karaoke-gen 0.103.1__py3-none-any.whl → 0.105.4__py3-none-any.whl

backend/tests/test_push_routes.py

@@ -0,0 +1,357 @@
+"""
+Tests for Push Notification API routes.
+
+Tests the /api/push/* endpoints for subscription management.
+"""
+import pytest
+from unittest.mock import Mock, patch, AsyncMock
+from fastapi.testclient import TestClient
+from dataclasses import dataclass
+from typing import Optional
+
+from backend.main import app
+from backend.api.dependencies import require_auth, require_admin
+from backend.services.auth_service import UserType, AuthResult
+
+
+@pytest.fixture
+def client():
+    """Create test client."""
+    return TestClient(app)
+
+
+@pytest.fixture
+def mock_auth_result():
+    """Create a mock AuthResult for regular user."""
+    return AuthResult(
+        is_valid=True,
+        user_type=UserType.UNLIMITED,
+        remaining_uses=-1,
+        message="Valid",
+        user_email="test@example.com",
+        is_admin=False,
+    )
+
+
+@pytest.fixture
+def mock_admin_auth_result():
+    """Create a mock AuthResult for admin user."""
+    return AuthResult(
+        is_valid=True,
+        user_type=UserType.ADMIN,
+        remaining_uses=-1,
+        message="Valid",
+        user_email="admin@nomadkaraoke.com",
+        is_admin=True,
+    )
+
+
+class TestGetVapidPublicKey:
+    """Tests for GET /api/push/vapid-public-key."""
+
+    def test_returns_disabled_when_feature_off(self, client):
+        """Returns enabled=false when push notifications disabled."""
+        with patch('backend.api.routes.push.get_settings') as mock_settings:
+            mock_settings.return_value.enable_push_notifications = False
+
+            response = client.get("/api/push/vapid-public-key")
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["enabled"] is False
+            assert data["vapid_public_key"] is None
+
+    def test_returns_key_when_enabled(self, client):
+        """Returns public key when push notifications enabled."""
+        with patch('backend.api.routes.push.get_settings') as mock_settings, \
+             patch('backend.api.routes.push.get_push_notification_service') as mock_service:
+            mock_settings.return_value.enable_push_notifications = True
+            mock_service.return_value.get_public_key.return_value = "test-public-key-123"
+
+            response = client.get("/api/push/vapid-public-key")
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["enabled"] is True
+            assert data["vapid_public_key"] == "test-public-key-123"
+
+
+class TestSubscribe:
+    """Tests for POST /api/push/subscribe."""
+
+    def test_requires_authentication(self, client):
+        """Returns 401 when not authenticated."""
+        # Clear any auth overrides to test real auth
+        app.dependency_overrides.clear()
+
+        response = client.post(
+            "/api/push/subscribe",
+            json={
+                "endpoint": "https://push.example.com/endpoint",
+                "keys": {"p256dh": "key1", "auth": "key2"}
+            }
+        )
+
+        assert response.status_code == 401
+
+    def test_returns_503_when_disabled(self, client, mock_auth_result):
+        """Returns 503 when push notifications disabled."""
+        async def override_auth():
+            return mock_auth_result
+
+        app.dependency_overrides[require_auth] = override_auth
+
+        try:
+            with patch('backend.api.routes.push.get_settings') as mock_settings:
+                mock_settings.return_value.enable_push_notifications = False
+
+                response = client.post(
+                    "/api/push/subscribe",
+                    json={
+                        "endpoint": "https://push.example.com/endpoint",
+                        "keys": {"p256dh": "key1", "auth": "key2"}
+                    }
+                )
+
+                assert response.status_code == 503
+                assert "not enabled" in response.json()["detail"].lower()
+        finally:
+            app.dependency_overrides.clear()
+
+    def test_validates_required_keys(self, client, mock_auth_result):
+        """Returns 400 when keys missing."""
+        async def override_auth():
+            return mock_auth_result
+
+        app.dependency_overrides[require_auth] = override_auth
+
+        try:
+            with patch('backend.api.routes.push.get_settings') as mock_settings:
+                mock_settings.return_value.enable_push_notifications = True
+
+                response = client.post(
+                    "/api/push/subscribe",
+                    json={
+                        "endpoint": "https://push.example.com/endpoint",
+                        "keys": {"p256dh": "key1"}  # Missing auth
+                    }
+                )
+
+                assert response.status_code == 400
+                assert "missing" in response.json()["detail"].lower()
+        finally:
+            app.dependency_overrides.clear()
+
+    def test_successful_subscription(self, client, mock_auth_result):
+        """Successfully subscribes user to push notifications."""
+        async def override_auth():
+            return mock_auth_result
+
+        app.dependency_overrides[require_auth] = override_auth
+
+        try:
+            with patch('backend.api.routes.push.get_settings') as mock_settings, \
+                 patch('backend.api.routes.push.get_push_notification_service') as mock_service:
+                mock_settings.return_value.enable_push_notifications = True
+                mock_service.return_value.add_subscription = AsyncMock(return_value=True)
+
+                response = client.post(
+                    "/api/push/subscribe",
+                    json={
+                        "endpoint": "https://push.example.com/endpoint",
+                        "keys": {"p256dh": "key1", "auth": "key2"},
+                        "device_name": "Test Device"
+                    }
+                )
+
+                assert response.status_code == 200
+                data = response.json()
+                assert data["status"] == "success"
+                mock_service.return_value.add_subscription.assert_called_once_with(
+                    user_email="test@example.com",
+                    endpoint="https://push.example.com/endpoint",
+                    keys={"p256dh": "key1", "auth": "key2"},
+                    device_name="Test Device"
+                )
+        finally:
+            app.dependency_overrides.clear()
+
+
+class TestUnsubscribe:
+    """Tests for POST /api/push/unsubscribe."""
+
+    def test_requires_authentication(self, client):
+        """Returns 401 when not authenticated."""
+        app.dependency_overrides.clear()
+
+        response = client.post(
+            "/api/push/unsubscribe",
+            json={"endpoint": "https://push.example.com/endpoint"}
+        )
+
+        assert response.status_code == 401
+
+    def test_successful_unsubscribe(self, client, mock_auth_result):
+        """Successfully unsubscribes from push notifications."""
+        async def override_auth():
+            return mock_auth_result
+
+        app.dependency_overrides[require_auth] = override_auth
+
+        try:
+            with patch('backend.api.routes.push.get_push_notification_service') as mock_service:
+                mock_service.return_value.remove_subscription = AsyncMock(return_value=True)
+
+                response = client.post(
+                    "/api/push/unsubscribe",
+                    json={"endpoint": "https://push.example.com/endpoint"}
+                )
+
+                assert response.status_code == 200
+                data = response.json()
+                assert data["status"] == "success"
+                mock_service.return_value.remove_subscription.assert_called_once()
+        finally:
+            app.dependency_overrides.clear()
+
+    def test_unsubscribe_not_found_succeeds(self, client, mock_auth_result):
+        """Returns success even when subscription not found."""
+        async def override_auth():
+            return mock_auth_result
+
+        app.dependency_overrides[require_auth] = override_auth
+
+        try:
+            with patch('backend.api.routes.push.get_push_notification_service') as mock_service:
+                mock_service.return_value.remove_subscription = AsyncMock(return_value=False)
+
+                response = client.post(
+                    "/api/push/unsubscribe",
+                    json={"endpoint": "https://push.example.com/unknown"}
+                )
+
+                assert response.status_code == 200
+                data = response.json()
+                assert data["status"] == "success"
+        finally:
+            app.dependency_overrides.clear()
+
+
+class TestListSubscriptions:
+    """Tests for GET /api/push/subscriptions."""
+
+    def test_requires_authentication(self, client):
+        """Returns 401 when not authenticated."""
+        app.dependency_overrides.clear()
+
+        response = client.get("/api/push/subscriptions")
+        assert response.status_code == 401
+
+    def test_returns_user_subscriptions(self, client, mock_auth_result):
+        """Returns list of user's subscriptions."""
+        async def override_auth():
+            return mock_auth_result
+
+        app.dependency_overrides[require_auth] = override_auth
+
+        try:
+            with patch('backend.api.routes.push.get_push_notification_service') as mock_service:
+                mock_service.return_value.list_subscriptions = AsyncMock(return_value=[
+                    {
+                        "endpoint": "https://push.example.com/endpoint1",
+                        "device_name": "Device 1",
+                        "created_at": "2024-01-01T00:00:00Z",
+                        "last_used_at": None
+                    },
+                    {
+                        "endpoint": "https://push.example.com/endpoint2",
+                        "device_name": "Device 2",
+                        "created_at": "2024-01-02T00:00:00Z",
+                        "last_used_at": "2024-01-03T00:00:00Z"
+                    }
+                ])
+
+                response = client.get("/api/push/subscriptions")
+
+                assert response.status_code == 200
+                data = response.json()
+                assert data["count"] == 2
+                assert len(data["subscriptions"]) == 2
+                assert data["subscriptions"][0]["device_name"] == "Device 1"
+        finally:
+            app.dependency_overrides.clear()
+
+
+class TestTestNotification:
+    """Tests for POST /api/push/test."""
+
+    def test_requires_admin(self, client, mock_auth_result):
+        """Returns 403 when not admin."""
+        # Use a non-admin auth result
+        async def override_admin():
+            from fastapi import HTTPException
+            raise HTTPException(status_code=403, detail="Admin access required")
+
+        app.dependency_overrides[require_admin] = override_admin
+
+        try:
+            response = client.post(
+                "/api/push/test",
+                json={"title": "Test", "body": "Test message"}
+            )
+
+            assert response.status_code == 403
+        finally:
+            app.dependency_overrides.clear()
+
+    def test_returns_503_when_disabled(self, client, mock_admin_auth_result):
+        """Returns 503 when push notifications disabled."""
+        async def override_admin():
+            return mock_admin_auth_result
+
+        app.dependency_overrides[require_admin] = override_admin
+
+        try:
+            with patch('backend.api.routes.push.get_settings') as mock_settings:
+                mock_settings.return_value.enable_push_notifications = False
+
+                response = client.post(
+                    "/api/push/test",
+                    json={"title": "Test", "body": "Test message"}
+                )
+
+                assert response.status_code == 503
+        finally:
+            app.dependency_overrides.clear()
+
+    def test_sends_test_notification(self, client, mock_admin_auth_result):
+        """Successfully sends test notification to admin."""
+        async def override_admin():
+            return mock_admin_auth_result
+
+        app.dependency_overrides[require_admin] = override_admin
+
+        try:
+            with patch('backend.api.routes.push.get_settings') as mock_settings, \
+                 patch('backend.api.routes.push.get_push_notification_service') as mock_service:
+                mock_settings.return_value.enable_push_notifications = True
+                mock_service.return_value.send_push = AsyncMock(return_value=2)
+
+                response = client.post(
+                    "/api/push/test",
+                    json={"title": "Test Title", "body": "Test Body"}
+                )
+
+                assert response.status_code == 200
+                data = response.json()
+                assert data["status"] == "success"
+                assert data["sent_count"] == 2
+                mock_service.return_value.send_push.assert_called_once_with(
+                    user_email="admin@nomadkaraoke.com",
+                    title="Test Title",
+                    body="Test Body",
+                    url="/app/",
+                    tag="test"
+                )
+        finally:
+            app.dependency_overrides.clear()

backend/tests/test_stripe_service.py

@@ -0,0 +1,205 @@
+"""
+Tests for StripeService.
+
+Tests cover:
+- Made-for-you checkout session URL generation
+- Credit purchase checkout session URL generation
+- Package validation
+"""
+
+import pytest
+from unittest.mock import Mock, patch, MagicMock
+import os
+
+
+class TestStripeServiceUrls:
+    """Tests for checkout session URL generation."""
+
+    @pytest.fixture
+    def stripe_service(self):
+        """Create a StripeService instance with mocked Stripe."""
+        # Set required env vars
+        with patch.dict(os.environ, {
+            'STRIPE_SECRET_KEY': 'sk_test_fake',
+            'FRONTEND_URL': 'https://gen.nomadkaraoke.com',
+        }):
+            # Import here to pick up env vars
+            from backend.services.stripe_service import StripeService
+            service = StripeService()
+            return service
+
+    def test_made_for_you_success_url_uses_frontend_url(self, stripe_service):
+        """Test that made-for-you checkout uses frontend_url, not hardcoded domain."""
+        # Mock stripe.checkout.Session.create to capture the params
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            success, url, message = stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+            )
+
+            # Verify the call was made
+            assert mock_create.called
+            call_kwargs = mock_create.call_args[1]
+
+            # Verify success_url uses frontend_url and correct path
+            success_url = call_kwargs['success_url']
+            assert success_url.startswith('https://gen.nomadkaraoke.com')
+            assert '/order/success' in success_url
+            assert 'session_id=' in success_url
+
+    def test_made_for_you_success_url_not_hardcoded_to_marketing_site(self, stripe_service):
+        """Test that success_url is NOT the old hardcoded marketing site URL."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            success_url = call_kwargs['success_url']
+
+            # The bug was: success_url = "https://nomadkaraoke.com/order/success/"
+            # (note: nomadkaraoke.com WITHOUT the 'gen.' prefix - that's the marketing site)
+            # This should NOT be the case anymore - should use gen.nomadkaraoke.com
+            assert not success_url.startswith('https://nomadkaraoke.com/')
+            # Should use the frontend URL (gen.nomadkaraoke.com)
+            assert success_url.startswith('https://gen.nomadkaraoke.com')
+
+    def test_made_for_you_respects_custom_frontend_url(self):
+        """Test that made-for-you checkout uses custom FRONTEND_URL if set."""
+        with patch.dict(os.environ, {
+            'STRIPE_SECRET_KEY': 'sk_test_fake',
+            'FRONTEND_URL': 'https://custom.example.com',
+        }):
+            from backend.services.stripe_service import StripeService
+            service = StripeService()
+
+            with patch('stripe.checkout.Session.create') as mock_create:
+                mock_session = MagicMock()
+                mock_session.id = 'cs_test_123'
+                mock_session.url = 'https://checkout.stripe.com/test'
+                mock_create.return_value = mock_session
+
+                service.create_made_for_you_checkout_session(
+                    customer_email='customer@example.com',
+                    artist='Test Artist',
+                    title='Test Song',
+                )
+
+                call_kwargs = mock_create.call_args[1]
+                success_url = call_kwargs['success_url']
+                assert success_url.startswith('https://custom.example.com')
+
+    def test_credit_purchase_success_url_uses_payment_success(self, stripe_service):
+        """Test that credit purchase checkout uses /payment/success path."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            success, url, message = stripe_service.create_checkout_session(
+                package_id='1_credit',
+                user_email='user@example.com',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            success_url = call_kwargs['success_url']
+
+            # Credit purchases go to /payment/success
+            assert '/payment/success' in success_url
+            assert success_url.startswith('https://gen.nomadkaraoke.com')
+
+    def test_made_for_you_uses_order_success_path(self, stripe_service):
+        """Test that made-for-you uses /order/success path (not /payment/success)."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            success_url = call_kwargs['success_url']
+
+            # Made-for-you orders go to /order/success (different messaging)
+            assert '/order/success' in success_url
+            # Should NOT go to /payment/success
+            assert '/payment/success' not in success_url
+
+
+class TestStripeServiceMetadata:
+    """Tests for checkout session metadata."""
+
+    @pytest.fixture
+    def stripe_service(self):
+        """Create a StripeService instance with mocked Stripe."""
+        with patch.dict(os.environ, {
+            'STRIPE_SECRET_KEY': 'sk_test_fake',
+            'FRONTEND_URL': 'https://gen.nomadkaraoke.com',
+        }):
+            from backend.services.stripe_service import StripeService
+            return StripeService()
+
+    def test_made_for_you_includes_order_type_metadata(self, stripe_service):
+        """Test that made-for-you checkout includes order_type in metadata."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+                notes='Special request',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            metadata = call_kwargs['metadata']
+
+            assert metadata['order_type'] == 'made_for_you'
+            assert metadata['customer_email'] == 'customer@example.com'
+            assert metadata['artist'] == 'Test Artist'
+            assert metadata['title'] == 'Test Song'
+            assert metadata['notes'] == 'Special request'
+
+    def test_made_for_you_truncates_long_notes(self, stripe_service):
+        """Test that notes longer than 500 chars are truncated."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            long_notes = 'x' * 600
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+                notes=long_notes,
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            metadata = call_kwargs['metadata']
+
+            assert len(metadata['notes']) == 500

backend/workers/video_worker_orchestrator.py

@@ -479,6 +479,22 @@ class VideoWorkerOrchestrator:
         if self.config.gdrive_folder_id:
             await self._upload_to_gdrive()
 
+        # Clear outputs_deleted_at if set (job was re-processed after output deletion)
+        # Only clear if we actually uploaded something
+        uploads_happened = (
+            self.result.youtube_url or
+            self.result.dropbox_link or
+            self.result.gdrive_files
+        )
+        if uploads_happened and self.job_manager:
+            job = self.job_manager.get_job(self.config.job_id)
+            if job and job.outputs_deleted_at:
+                self.job_manager.update_job(self.config.job_id, {
+                    "outputs_deleted_at": None,
+                    "outputs_deleted_by": None,
+                })
+                self.job_log.info("Cleared outputs_deleted_at flag (job was re-processed)")
+
     async def _upload_to_youtube(self):
         """Upload video to YouTube."""
         self.job_log.info("Uploading to YouTube")

karaoke_gen/instrumental_review/static/index.html

@@ -750,18 +750,44 @@
         const urlParams = new URLSearchParams(window.location.search);
         const encodedBaseApiUrl = urlParams.get('baseApiUrl');
         const instrumentalToken = urlParams.get('instrumentalToken');
-        
+
+        // Check localStorage for full auth token (logged-in users)
+        // This takes priority over instrumentalToken which can expire
+        const fullAuthToken = localStorage.getItem('karaoke_access_token');
+
         // Determine API base URL - cloud mode uses provided URL, local mode uses default
-        const API_BASE = encodedBaseApiUrl 
+        const API_BASE = encodedBaseApiUrl
             ? decodeURIComponent(encodedBaseApiUrl)
             : '/api/jobs/local';
-        
-        // Helper to add token to URL if available
+
+        // Helper to add auth token to URL
+        // Priority: fullAuthToken (doesn't expire) > instrumentalToken (expires after 48h)
+        // This is essential for audio elements which can't use Bearer headers
         function addTokenToUrl(url) {
+            // Prefer full auth token - it doesn't have the short expiry that magic link tokens have
+            if (fullAuthToken) {
+                const separator = url.includes('?') ? '&' : '?';
+                return `${url}${separator}token=${encodeURIComponent(fullAuthToken)}`;
+            }
+            // Fall back to instrumental token for non-logged-in users
             if (!instrumentalToken) return url;
             const separator = url.includes('?') ? '&' : '?';
             return `${url}${separator}instrumental_token=${encodeURIComponent(instrumentalToken)}`;
         }
+
+        // Auth-aware fetch helper
+        // Priority: fullAuthToken (Bearer header) > instrumentalToken (query param)
+        function authFetch(url, options = {}) {
+            if (fullAuthToken) {
+                // Use Bearer auth for logged-in users
+                const headers = new Headers(options.headers || {});
+                headers.set('Authorization', `Bearer ${fullAuthToken}`);
+                return fetch(url, { ...options, headers });
+            } else {
+                // Fall back to instrumental token in URL
+                return fetch(addTokenToUrl(url), options);
+            }
+        }
         
         // HTML escape helper to prevent XSS
         function escapeHtml(str) {
@@ -780,8 +806,8 @@
         async function init() {
             try {
                 const [analysisRes, waveformRes] = await Promise.all([
-                    fetch(addTokenToUrl(`${API_BASE}/instrumental-analysis`)),
-                    fetch(addTokenToUrl(`${API_BASE}/waveform-data?num_points=1000`))
+                    authFetch(`${API_BASE}/instrumental-analysis`),
+                    authFetch(`${API_BASE}/waveform-data?num_points=1000`)
                 ]);
                 
                 if (!analysisRes.ok) throw new Error('Failed to load analysis');
@@ -1484,7 +1510,7 @@
                 const formData = new FormData();
                 formData.append('file', file);
                 
-                const response = await fetch(addTokenToUrl(`${API_BASE}/upload-instrumental`), {
+                const response = await authFetch(`${API_BASE}/upload-instrumental`, {
                     method: 'POST',
                     body: formData
                 });
@@ -1543,7 +1569,7 @@
             }
             
             try {
-                const response = await fetch(addTokenToUrl(`${API_BASE}/create-custom-instrumental`), {
+                const response = await authFetch(`${API_BASE}/create-custom-instrumental`, {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ mute_regions: muteRegions })
@@ -1593,7 +1619,7 @@
             }
             
             try {
-                const response = await fetch(addTokenToUrl(`${API_BASE}/select-instrumental`), {
+                const response = await authFetch(`${API_BASE}/select-instrumental`, {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
                     body: JSON.stringify({ selection: selectedOption })