# Smoke Test v0.903 — Stabilisation v1.0 & Launch Readiness ## Prérequis - `veza-backend-api` compilé et démarré - PostgreSQL avec migrations appliquées jusqu'à 134+ - Extensions PostgreSQL : `pg_trgm`, `fuzzystrmatch` - Redis configuré - `.env` complet (DATABASE_URL, JWT_SECRET, HCAPTCHA_SECRET, etc.) - Utilisateur standard + admin avec tokens JWT - Données suffisantes : tracks, plays, playlists, users, orders --- ## 1. Recherche & Recommandations (ST1) ### 1.1 Recherche phonétique ```bash curl -s "http://localhost:8080/api/v1/search?q=hiphop" \ -H "Authorization: Bearer {TOKEN}" | jq '.data.results | length' # Attendu: trouve des résultats pour "hip hop", "hip-hop", "hiphop" ``` ### 1.2 "Did you mean" ```bash curl -s "http://localhost:8080/api/v1/search?q=electrnoic" \ -H "Authorization: Bearer {TOKEN}" | jq '.data.did_you_mean' # Attendu: "electronic" ``` ### 1.3 Saved searches ```bash curl -s -X POST http://localhost:8080/api/v1/search/saved \ -H "Authorization: Bearer {TOKEN}" \ -H "Content-Type: application/json" \ -d '{"query": "chill beats", "filters": {"genre": "lofi"}}' | jq . # Attendu: 201, saved search created curl -s http://localhost:8080/api/v1/search/saved \ -H "Authorization: Bearer {TOKEN}" | jq . # Attendu: 200, liste des recherches sauvegardées ``` ### 1.4 Recommendations ```bash curl -s http://localhost:8080/api/v1/tracks/recommendations \ -H "Authorization: Bearer {TOKEN}" | jq '.data | length' # Attendu: >= 10 tracks recommandées (collaborative filtering ou fallback genre/BPM) ``` ### 1.5 Auto playlists ```bash # Frontend: naviguer vers Library # Vérifier: section "Made for You" avec "Discover Weekly" (30 tracks) et "Your Top Tracks" (20 tracks) # Vérifier: badge "Auto" sur ces playlists # Vérifier: playlists en lecture seule ``` --- ## 2. Player & Playlists (ST2) ### 2.1 Smart playlist ```bash curl -s -X POST http://localhost:8080/api/v1/playlists/smart \ -H "Authorization: Bearer {TOKEN}" \ -H "Content-Type: application/json" \ -d '{"name": "Fast Hip Hop", "rules": [{"field":"genre","op":"eq","value":"hip-hop"},{"field":"bpm","op":"gt","value":"120"}], "logic": "AND", "limit": 50}' | jq . # Attendu: 201, smart playlist created with matching tracks ``` ### 2.2 Export M3U ```bash curl -s http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/export?format=m3u \ -H "Authorization: Bearer {TOKEN}" -o playlist.m3u head playlist.m3u # Attendu: #EXTM3U header, entries with #EXTINF and URLs ``` ### 2.3 Merge playlists ```bash curl -s -X POST http://localhost:8080/api/v1/playlists/merge \ -H "Authorization: Bearer {TOKEN}" \ -H "Content-Type: application/json" \ -d '{"playlist_ids": ["{ID1}", "{ID2}"], "name": "Merged Playlist"}' | jq . # Attendu: 201, merged playlist with deduplicated tracks ``` ### 2.4 Duplicate playlist ```bash curl -s -X POST http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/duplicate \ -H "Authorization: Bearer {TOKEN}" | jq . # Attendu: 201, "Copy of {original name}" ``` --- ## 3. Auth & Sécurité (ST3) ### 3.1 Sessions actives ```bash curl -s http://localhost:8080/api/v1/auth/sessions \ -H "Authorization: Bearer {TOKEN}" | jq . # Attendu: 200, liste des sessions avec device, IP, last_active_at # Attendu: session courante marquée is_current=true ``` ### 3.2 Révoquer une session ```bash curl -s -X DELETE http://localhost:8080/api/v1/auth/sessions/{SESSION_ID} \ -H "Authorization: Bearer {TOKEN}" | jq . # Attendu: 200, session révoquée # Vérifier: token de cette session invalide ``` ### 3.3 Login history ```bash curl -s http://localhost:8080/api/v1/auth/login-history \ -H "Authorization: Bearer {TOKEN}" | jq '.data | length' # Attendu: dernières connexions avec IP, device, date, success/failure ``` ### 3.4 CAPTCHA ```bash # Effectuer 3 tentatives de login échouées # 4ème tentative: vérifier que le formulaire affiche un CAPTCHA # Vérifier: login sans CAPTCHA → 400 "CAPTCHA required" ``` ### 3.5 Password history ```bash # Changer mot de passe vers "NewPassword1!" # Tenter de rechanger vers l'ancien mot de passe # Attendu: 400, "Cannot reuse recent passwords" ``` ### 3.6 Frontend ```bash # Settings → Security → Sessions # Vérifier: tableau des devices actifs, bouton Revoke # Settings → Security → Login History # Vérifier: historique des connexions ``` --- ## 4. Performance (ST4) ### 4.1 k6 load test ```bash cd tests/load && k6 run auth-flow.js --vus 100 --duration 5m # Attendu: p95 < 200ms, error rate < 1% ``` ### 4.2 Cache Redis ```bash # Effectuer 2 recherches identiques à 1s d'intervalle # Vérifier: 2ème réponse significativement plus rapide (cache hit) ``` ### 4.3 Cache headers assets ```bash curl -sI http://localhost:5173/assets/index-*.js | grep cache-control # Attendu: cache-control: max-age=31536000, immutable ``` --- ## 5. Documentation v1.0 (ST5) - [ ] `docs/API_REFERENCE.md` — tous les endpoints documentés - [ ] `docs/PRODUCTION_GUIDE.md` — guide déploiement production complet - [ ] `README.md` — mis à jour avec architecture v1.0, quick start, features - [ ] `docs/MIGRATION_GUIDE.md` — liste migrations complète, procédure upgrade --- ## 6. E2E Final (REL) ### 6.1 Smoke tests précédents ```bash # Exécuter les vérifications critiques de chaque version : # v0.703: GET /live/streams/me/key → 200 # v0.801: curl -sI | grep content-security-policy → present # v0.802: GET /cloud/files/:id/versions → 200 # v0.803: GET /swagger/index.html → 200 # v0.901: GET /marketplace/wishlist → 200 # v0.902: GET /social/hashtags/trending → 200 ``` ### 6.2 Security headers ```bash curl -sI http://localhost:8080/api/v1/health | grep -iE "csp|hsts|x-frame|x-content" # Attendu: tous les headers de sécurité présents ``` ### 6.3 GDPR ```bash # POST /users/me/export → 202 (export démarré) # DELETE /users/me → 200 (compte supprimé, données anonymisées) ``` ### 6.4 Lighthouse ```bash # Chrome DevTools → Lighthouse (Mobile) # Performance: ≥ 85 # Accessibility: ≥ 90 # PWA: ≥ 90 # Best Practices: ≥ 85 # SEO: ≥ 80 ``` --- ## 7. Release - [ ] `CHANGELOG.md` contient historique complet v0.101 → v1.0 - [ ] `docs/PROJECT_STATE.md` : Version = v1.0, Phase = Released - [ ] `docs/FEATURE_STATUS.md` : modules v1.0 finalisés - [ ] `docs/RETROSPECTIVE_V0903.md` créée - [ ] `docs/RETROSPECTIVE_V1.md` — rétrospective globale - [ ] `git tag v0.903` créé - [ ] `git tag v1.0` créé