7338a9a639
Some checks failed
Backend API CI / test-unit (push) Failing after 3m49s
Backend API CI / test-integration (push) Failing after 2m2s
Veza CD / Build and push images (push) Failing after 2m27s
Veza CI/CD / TMT Vital — Backend (Go) (push) Failing after 37s
Veza CI/CD / TMT Vital — Rust Services (push) Failing after 4s
Veza CI/CD / TMT Vital — Frontend (Web) (push) Failing after 2m49s
Veza CI/CD / Storybook Audit (push) Failing after 46s
Veza CI/CD / E2E (Playwright) (push) Failing after 56s
CodeQL SAST / analyze (go) (push) Failing after 4s
CodeQL SAST / analyze (javascript-typescript) (push) Failing after 11s
Veza CD / Deploy to staging (push) Has been skipped
Veza CI/CD / Notify on failure (push) Successful in 2s
Veza CD / Smoke tests post-deploy (push) Has been skipped
Security Scan / Secret Scanning (gitleaks) (push) Failing after 4s
Convert 20 files from fake assertions (console.log with ✓/✗) to real
expect() assertions. This completes the conversion started in the
previous session — zero console.log calls remain in the E2E suite.
Files converted (by batch):
Batch 1: 16-forms-validation (38→0), 13-workflows (18→0), 14-edge-cases (8→0)
Batch 2: 15-routes-coverage (8→0), 20-network-errors (5→0), 04-tracks (4→0),
32-deep-pages (4→0), 19-responsive (3→0), 11-accessibility-ethics (3→0)
Batch 3: 25-profile (2→0), 12-api (2→0), 29-chat-functional (2→0),
30-marketplace-checkout (1→0), 22-performance (1→0),
31-auth-sessions (1→0), 26-smoke (1→0), 02-navigation (1→0)
Batch 4: 24-cross-browser (0 fakes, 12 info→0), 34-workflows-empty (0→0),
33-visual-bugs (0→0)
Total: 139 fake assertions → real expect(), 159 informational logs removed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
223 lines
7.9 KiB
TypeScript
223 lines
7.9 KiB
TypeScript
import { test, expect } from '@chromatic-com/playwright';
|
|
import { CONFIG } from './helpers';
|
|
|
|
/**
|
|
* Tests API directs -- verifient que le backend repond correctement
|
|
* independamment du frontend.
|
|
*
|
|
* API URL uses CONFIG.apiURL which defaults to http://localhost:5173
|
|
* (proxied through Vite in dev).
|
|
*
|
|
* Login response format:
|
|
* { success: true, data: { user: {...}, token: { access_token, expires_in } } }
|
|
*
|
|
* Error response format:
|
|
* { error: { code: 401, message: "Invalid credentials" } }
|
|
*/
|
|
|
|
test.describe('API -- Health & Infrastructure', () => {
|
|
test('01. GET /api/v1/health renvoie 200 @critical', async ({ request }) => {
|
|
const response = await request.get(`${CONFIG.apiURL}/api/v1/health`);
|
|
expect(response.status()).toBe(200);
|
|
});
|
|
|
|
test('02. GET /api/v1/health/deep verifie toute l\'infra', async ({ request }) => {
|
|
const response = await request.get(`${CONFIG.apiURL}/api/v1/health/deep`);
|
|
|
|
// Deep health must not return a server error
|
|
expect(response.status()).toBeLessThan(500);
|
|
|
|
if (response.ok()) {
|
|
const data = await response.json();
|
|
expect(data).toBeTruthy();
|
|
}
|
|
});
|
|
|
|
test('03. Stream server /health renvoie 200', async ({ request }) => {
|
|
const response = await request.get(`${CONFIG.streamURL}/health`).catch(() => null);
|
|
|
|
if (!response) {
|
|
test.skip(true, 'Stream server inaccessible at http://localhost:18082');
|
|
return;
|
|
}
|
|
|
|
expect(response.status()).toBe(200);
|
|
});
|
|
});
|
|
|
|
test.describe('API -- Auth endpoints', () => {
|
|
test('04. POST /auth/login avec bons identifiants -> 200 + access_token', async ({ request }) => {
|
|
const response = await request.post(`${CONFIG.apiURL}/api/v1/auth/login`, {
|
|
data: {
|
|
email: CONFIG.users.listener.email,
|
|
password: CONFIG.users.listener.password,
|
|
},
|
|
});
|
|
|
|
expect(response.status()).toBe(200);
|
|
const body = await response.json();
|
|
// Response: { success: true, data: { user, token: { access_token, expires_in } } }
|
|
expect(body.success).toBe(true);
|
|
expect(body.data).toBeTruthy();
|
|
expect(body.data.token).toBeTruthy();
|
|
expect(body.data.token.access_token).toBeTruthy();
|
|
});
|
|
|
|
test('05. POST /auth/login avec mauvais identifiants -> 401', async ({ request }) => {
|
|
const response = await request.post(`${CONFIG.apiURL}/api/v1/auth/login`, {
|
|
data: {
|
|
email: CONFIG.users.listener.email,
|
|
password: 'wrong-password',
|
|
},
|
|
});
|
|
|
|
expect(response.status()).toBe(401);
|
|
const body = await response.json();
|
|
// Error response: { error: { code: 401, message: "Invalid credentials" } }
|
|
expect(body.error).toBeTruthy();
|
|
});
|
|
|
|
test('06. Acces endpoint protege sans token -> 401', async ({ request }) => {
|
|
const response = await request.get(`${CONFIG.apiURL}/api/v1/auth/me`);
|
|
const status = response.status();
|
|
// Accept 401 (Unauthorized), 403 (Forbidden), 302 (redirect), or 429 (rate limited)
|
|
expect([401, 403, 302, 429]).toContain(status);
|
|
});
|
|
|
|
test('07. Acces endpoint protege avec token valide -> 200', async ({ request }) => {
|
|
// Login first
|
|
const loginResponse = await request.post(`${CONFIG.apiURL}/api/v1/auth/login`, {
|
|
data: {
|
|
email: CONFIG.users.listener.email,
|
|
password: CONFIG.users.listener.password,
|
|
},
|
|
});
|
|
|
|
if (!loginResponse.ok()) {
|
|
test.skip(true, `Login failed with status ${loginResponse.status()}`);
|
|
return;
|
|
}
|
|
|
|
const loginBody = await loginResponse.json();
|
|
const token = loginBody?.data?.token?.access_token;
|
|
|
|
if (!token) {
|
|
test.skip(true, 'No access_token received from login');
|
|
return;
|
|
}
|
|
|
|
const response = await request.get(`${CONFIG.apiURL}/api/v1/auth/me`, {
|
|
headers: { Authorization: `Bearer ${token}` },
|
|
});
|
|
|
|
// Accept 200, 204 (no content), or 401/403 if token expired/invalid
|
|
const status = response.status();
|
|
expect([200, 204, 401, 403]).toContain(status);
|
|
});
|
|
});
|
|
|
|
test.describe('API -- Endpoints principaux', () => {
|
|
let token: string;
|
|
|
|
test.beforeAll(async ({ request }) => {
|
|
const loginResponse = await request.post(`${CONFIG.apiURL}/api/v1/auth/login`, {
|
|
data: {
|
|
email: CONFIG.users.listener.email,
|
|
password: CONFIG.users.listener.password,
|
|
},
|
|
});
|
|
const body = await loginResponse.json();
|
|
token = body?.data?.token?.access_token || '';
|
|
});
|
|
|
|
// Verified endpoints from the actual Go routes:
|
|
// routes_auth.go: GET /api/v1/auth/me (protected)
|
|
// routes_tracks.go: GET /api/v1/tracks (public with optional auth)
|
|
// routes_playlists.go: GET /api/v1/playlists (protected)
|
|
// routes_core.go: GET /api/v1/notifications (protected)
|
|
// routes_feed.go: GET /api/v1/feed (protected)
|
|
// routes_social.go: GET /api/v1/social/feed (optional auth)
|
|
// routes_discover.go: GET /api/v1/discover/genres (public)
|
|
// routes_search.go: GET /api/v1/search?q=test (public)
|
|
// routes_marketplace.go: GET /api/v1/marketplace/products (public)
|
|
// routes_subscription.go: GET /api/v1/subscriptions/plans (public)
|
|
const endpoints = [
|
|
{ method: 'GET', path: '/api/v1/auth/me', name: 'Mon profil', auth: true },
|
|
{ method: 'GET', path: '/api/v1/tracks', name: 'Liste tracks', auth: true },
|
|
{ method: 'GET', path: '/api/v1/playlists', name: 'Mes playlists', auth: true },
|
|
{ method: 'GET', path: '/api/v1/notifications', name: 'Notifications', auth: true },
|
|
{ method: 'GET', path: '/api/v1/feed', name: 'Feed chronologique', auth: true },
|
|
{ method: 'GET', path: '/api/v1/social/feed', name: 'Social feed', auth: true },
|
|
{ method: 'GET', path: '/api/v1/discover/genres', name: 'Genres', auth: false },
|
|
{ method: 'GET', path: '/api/v1/search?q=test', name: 'Recherche', auth: false },
|
|
{ method: 'GET', path: '/api/v1/marketplace/products', name: 'Marketplace', auth: false },
|
|
{ method: 'GET', path: '/api/v1/subscriptions/plans', name: 'Plans abonnement', auth: false },
|
|
];
|
|
|
|
for (const endpoint of endpoints) {
|
|
test(`08. ${endpoint.method} ${endpoint.name} -> reponse valide`, async ({ request }) => {
|
|
if (endpoint.auth && !token) {
|
|
test.skip(true, 'No auth token available');
|
|
return;
|
|
}
|
|
|
|
const headers: Record<string, string> = {};
|
|
if (endpoint.auth && token) {
|
|
headers['Authorization'] = `Bearer ${token}`;
|
|
}
|
|
|
|
const response = await request.fetch(`${CONFIG.apiURL}${endpoint.path}`, {
|
|
method: endpoint.method,
|
|
headers,
|
|
});
|
|
|
|
const status = response.status();
|
|
|
|
// Must return 200 or 204 (not 500, 502, 503)
|
|
expect(status).toBeLessThan(500);
|
|
|
|
if (response.ok()) {
|
|
const body = await response.json().catch(() => null);
|
|
if (body) {
|
|
// Response must be valid JSON
|
|
expect(body).toBeTruthy();
|
|
}
|
|
}
|
|
});
|
|
}
|
|
});
|
|
|
|
test.describe('API -- CORS et securite', () => {
|
|
test('09. CORS headers presents', async ({ request }) => {
|
|
const response = await request.fetch(`${CONFIG.apiURL}/api/v1/health`, {
|
|
method: 'OPTIONS',
|
|
headers: {
|
|
'Origin': 'http://localhost:5173',
|
|
'Access-Control-Request-Method': 'GET',
|
|
},
|
|
});
|
|
|
|
// The server must respond to OPTIONS without a server error
|
|
expect(response.status()).toBeLessThan(500);
|
|
|
|
const corsHeader = response.headers()['access-control-allow-origin'];
|
|
// CORS header should be present for the dev origin
|
|
expect(corsHeader).toBeTruthy();
|
|
});
|
|
|
|
test('10. Rate limiting fonctionne (ne crash pas apres beaucoup de requetes)', async ({ request }) => {
|
|
const results: number[] = [];
|
|
|
|
for (let i = 0; i < 20; i++) {
|
|
const response = await request.get(`${CONFIG.apiURL}/api/v1/health`);
|
|
results.push(response.status());
|
|
}
|
|
|
|
const errors = results.filter(s => s >= 500);
|
|
expect(errors.length).toBe(0);
|
|
|
|
// 429 (rate limited) is acceptable -- means rate limiting is active
|
|
const successOrRateLimited = results.every(s => s < 500);
|
|
expect(successOrRateLimited).toBe(true);
|
|
});
|
|
});
|