veza/docs/archive/v0-history/SMOKE_TEST_V0903.md

# Smoke Test v0.903 — Stabilisation v1.0 & Launch Readiness

## Prérequis

- `veza-backend-api` compilé et démarré
- PostgreSQL avec migrations appliquées jusqu'à 134+
- Extensions PostgreSQL : `pg_trgm`, `fuzzystrmatch`
- Redis configuré
- `.env` complet (DATABASE_URL, JWT_SECRET, HCAPTCHA_SECRET, etc.)
- Utilisateur standard + admin avec tokens JWT
- Données suffisantes : tracks, plays, playlists, users, orders

---

## 1. Recherche & Recommandations (ST1)

### 1.1 Recherche phonétique

```bash
curl -s "http://localhost:8080/api/v1/search?q=hiphop" \
  -H "Authorization: Bearer {TOKEN}" | jq '.data.results | length'
# Attendu: trouve des résultats pour "hip hop", "hip-hop", "hiphop"
```

### 1.2 "Did you mean"

```bash
curl -s "http://localhost:8080/api/v1/search?q=electrnoic" \
  -H "Authorization: Bearer {TOKEN}" | jq '.data.did_you_mean'
# Attendu: "electronic"
```

### 1.3 Saved searches

```bash
curl -s -X POST http://localhost:8080/api/v1/search/saved \
  -H "Authorization: Bearer {TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"query": "chill beats", "filters": {"genre": "lofi"}}' | jq .
# Attendu: 201, saved search created

curl -s http://localhost:8080/api/v1/search/saved \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, liste des recherches sauvegardées
```

### 1.4 Recommendations

```bash
curl -s http://localhost:8080/api/v1/tracks/recommendations \
  -H "Authorization: Bearer {TOKEN}" | jq '.data | length'
# Attendu: >= 10 tracks recommandées (collaborative filtering ou fallback genre/BPM)
```

### 1.5 Auto playlists

```bash
# Frontend: naviguer vers Library
# Vérifier: section "Made for You" avec "Discover Weekly" (30 tracks) et "Your Top Tracks" (20 tracks)
# Vérifier: badge "Auto" sur ces playlists
# Vérifier: playlists en lecture seule
```

---

## 2. Player & Playlists (ST2)

### 2.1 Smart playlist

```bash
curl -s -X POST http://localhost:8080/api/v1/playlists/smart \
  -H "Authorization: Bearer {TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name": "Fast Hip Hop", "rules": [{"field":"genre","op":"eq","value":"hip-hop"},{"field":"bpm","op":"gt","value":"120"}], "logic": "AND", "limit": 50}' | jq .
# Attendu: 201, smart playlist created with matching tracks
```

### 2.2 Export M3U

```bash
curl -s http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/export?format=m3u \
  -H "Authorization: Bearer {TOKEN}" -o playlist.m3u
head playlist.m3u
# Attendu: #EXTM3U header, entries with #EXTINF and URLs
```

### 2.3 Merge playlists

```bash
curl -s -X POST http://localhost:8080/api/v1/playlists/merge \
  -H "Authorization: Bearer {TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"playlist_ids": ["{ID1}", "{ID2}"], "name": "Merged Playlist"}' | jq .
# Attendu: 201, merged playlist with deduplicated tracks
```

### 2.4 Duplicate playlist

```bash
curl -s -X POST http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/duplicate \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 201, "Copy of {original name}"
```

---

## 3. Auth & Sécurité (ST3)

### 3.1 Sessions actives

```bash
curl -s http://localhost:8080/api/v1/auth/sessions \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, liste des sessions avec device, IP, last_active_at
# Attendu: session courante marquée is_current=true
```

### 3.2 Révoquer une session

```bash
curl -s -X DELETE http://localhost:8080/api/v1/auth/sessions/{SESSION_ID} \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, session révoquée
# Vérifier: token de cette session invalide
```

### 3.3 Login history

```bash
curl -s http://localhost:8080/api/v1/auth/login-history \
  -H "Authorization: Bearer {TOKEN}" | jq '.data | length'
# Attendu: dernières connexions avec IP, device, date, success/failure
```

### 3.4 CAPTCHA

```bash
# Effectuer 3 tentatives de login échouées
# 4ème tentative: vérifier que le formulaire affiche un CAPTCHA
# Vérifier: login sans CAPTCHA → 400 "CAPTCHA required"
```

### 3.5 Password history

```bash
# Changer mot de passe vers "NewPassword1!"
# Tenter de rechanger vers l'ancien mot de passe
# Attendu: 400, "Cannot reuse recent passwords"
```

### 3.6 Frontend

```bash
# Settings → Security → Sessions
# Vérifier: tableau des devices actifs, bouton Revoke
# Settings → Security → Login History
# Vérifier: historique des connexions
```

---

## 4. Performance (ST4)

### 4.1 k6 load test

```bash
cd tests/load && k6 run auth-flow.js --vus 100 --duration 5m
# Attendu: p95 < 200ms, error rate < 1%
```

### 4.2 Cache Redis

```bash
# Effectuer 2 recherches identiques à 1s d'intervalle
# Vérifier: 2ème réponse significativement plus rapide (cache hit)
```

### 4.3 Cache headers assets

```bash
curl -sI http://localhost:5173/assets/index-*.js | grep cache-control
# Attendu: cache-control: max-age=31536000, immutable
```

---

## 5. Documentation v1.0 (ST5)

- [ ] `docs/API_REFERENCE.md` — tous les endpoints documentés
- [ ] `docs/PRODUCTION_GUIDE.md` — guide déploiement production complet
- [ ] `README.md` — mis à jour avec architecture v1.0, quick start, features
- [ ] `docs/MIGRATION_GUIDE.md` — liste migrations complète, procédure upgrade

---

## 6. E2E Final (REL)

### 6.1 Smoke tests précédents

```bash
# Exécuter les vérifications critiques de chaque version :
# v0.703: GET /live/streams/me/key → 200
# v0.801: curl -sI | grep content-security-policy → present
# v0.802: GET /cloud/files/:id/versions → 200
# v0.803: GET /swagger/index.html → 200
# v0.901: GET /marketplace/wishlist → 200
# v0.902: GET /social/hashtags/trending → 200
```

### 6.2 Security headers

```bash
curl -sI http://localhost:8080/api/v1/health | grep -iE "csp|hsts|x-frame|x-content"
# Attendu: tous les headers de sécurité présents
```

### 6.3 GDPR

```bash
# POST /users/me/export → 202 (export démarré)
# DELETE /users/me → 200 (compte supprimé, données anonymisées)
```

### 6.4 Lighthouse

```bash
# Chrome DevTools → Lighthouse (Mobile)
# Performance: ≥ 85
# Accessibility: ≥ 90
# PWA: ≥ 90
# Best Practices: ≥ 85
# SEO: ≥ 80
```

---

## 7. Release

- [ ] `CHANGELOG.md` contient historique complet v0.101 → v1.0
- [ ] `docs/PROJECT_STATE.md` : Version = v1.0, Phase = Released
- [ ] `docs/FEATURE_STATUS.md` : modules v1.0 finalisés
- [ ] `docs/RETROSPECTIVE_V0903.md` créée
- [ ] `docs/RETROSPECTIVE_V1.md` — rétrospective globale
- [ ] `git tag v0.903` créé
- [ ] `git tag v1.0` créé