Hartmut/Nexus
1
0
Fork 0
Code Issues 11 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
4a841d5acbc2f998537d86672a2e660c5efae8e4
Nexus/apps/web/e2e/dev-system/helpers.ts
T
Hartmut 19aeb2ba04
CI / Lint (push) Successful in 3m4s
Details
CI / Typecheck (push) Successful in 3m6s
Details
CI / Architecture Guardrails (push) Successful in 3m8s
Details
CI / Assistant Split Regression (push) Successful in 3m48s
Details
CI / Build (push) Has been cancelled
Details
CI / E2E Tests (push) Has been cancelled
Details
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
Details
CI / Release Images (push) Has been cancelled
Details
CI / Unit Tests (push) Has been cancelled
Details
rename(phase 3): compose/DB/infra + stray code refs capakraken → nexus (#62) 
rename(phase 3): compose/DB/infra + stray code refs capakraken → nexus (#62)

Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
2026-05-21 20:07:18 +02:00

202 lines
7.4 KiB
TypeScript
Raw Blame History

import { execSync } from "node:child_process";
import { expect, type Page } from "@playwright/test";
/** Dev-system credentials — these exist in the planarchy.dev seed data */
export const DEV_USERS = {
admin: { email: "admin@planarchy.dev", password: "admin123" },
manager: { email: "manager@planarchy.dev", password: "manager123" },
viewer: { email: "viewer@planarchy.dev", password: "viewer123" },
} as const;
export async function signIn(page: Page, email: string, password: string) {
await page.goto("/auth/signin");
await page.fill('input[type="email"]', email);
await page.fill('input[type="password"]', password);
await page.click('button[type="submit"]');
await expect(page).toHaveURL(/\/(dashboard|resources)/, { timeout: 15000 });
}
export async function signOut(page: Page) {
// next-auth/react signOut() POSTs to /auth/signout with a CSRF token.
// There is no GET-accessible signout page in this app (/auth/signout returns 404).
// Replicate what the client-side signOut() function does:
// 1. Fetch the CSRF token from /auth/csrf
// 2. POST to /auth/signout with that token
// 3. Follow the redirect to /auth/signin
await page.goto("/dashboard"); // land on any authenticated page for cookie context
await page.evaluate(async () => {
const csrfRes = await fetch("/api/auth/csrf");
const { csrfToken } = (await csrfRes.json()) as { csrfToken: string };
await fetch("/api/auth/signout", {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({ csrfToken, callbackUrl: "/auth/signin", json: "true" }),
redirect: "follow",
});
});
// After the POST clears the session cookie, navigating to a protected route
// should redirect to sign-in.
await page.goto("/dashboard");
await page.waitForURL(/\/auth\/signin/, { timeout: 10000 });
}
// ── Mailhog helpers ────────────────────────────────────────────────────────────
const MAILHOG_API = process.env["MAILHOG_API"] ?? "http://localhost:8025";
type MailhogMessage = {
Content: {
Headers: { Subject?: string[]; To?: string[]; "Content-Transfer-Encoding"?: string[] };
Body: string;
};
MIME: {
Parts?: Array<{
Headers: { "Content-Type"?: string[]; "Content-Transfer-Encoding"?: string[] };
Body: string;
}>;
} | null;
};
/** Decode a MIME part body based on its Content-Transfer-Encoding header value. */
function decodeMimeBody(body: string, encoding: string | undefined): string {
const enc = (encoding ?? "").toLowerCase().trim();
if (enc === "quoted-printable") {
return body
.replace(/=\r\n/g, "") // soft line break (CRLF)
.replace(/=\n/g, "") // soft line break (LF)
.replace(/=([0-9A-Fa-f]{2})/g, (_, hex: string) => String.fromCharCode(parseInt(hex, 16)));
}
if (enc === "base64") {
return Buffer.from(body.replace(/\s/g, ""), "base64").toString("utf8");
}
return body;
}
type MailhogResponse = {
count: number;
items: MailhogMessage[];
};
/** Delete all messages in Mailhog (call in beforeEach to prevent cross-test contamination). */
export async function clearMailhog(): Promise<void> {
await fetch(`${MAILHOG_API}/api/v1/messages`, { method: "DELETE" });
}
/**
* Poll Mailhog until a message to `address` appears. Returns the message.
* Throws after `timeoutMs` if no matching message is found.
*/
export async function getLatestEmailTo(
address: string,
{
timeoutMs = 10_000,
pollIntervalMs = 500,
}: { timeoutMs?: number; pollIntervalMs?: number } = {},
): Promise<{ subject: string; body: string; html: string }> {
const deadline = Date.now() + timeoutMs;
while (Date.now() < deadline) {
const res = await fetch(`${MAILHOG_API}/api/v2/messages?limit=50`);
if (res.ok) {
const data = (await res.json()) as MailhogResponse;
const match = data.items.find((msg) => {
const to = msg.Content.Headers.To ?? [];
return to.some((t) => t.toLowerCase().includes(address.toLowerCase()));
});
if (match) {
const subject = (match.Content.Headers.Subject ?? [])[0] ?? "";
// Decode body parts based on Content-Transfer-Encoding
const htmlPart = match.MIME?.Parts?.find((p) =>
(p.Headers["Content-Type"]?.[0] ?? "").includes("text/html"),
);
const textPart = match.MIME?.Parts?.find((p) =>
(p.Headers["Content-Type"]?.[0] ?? "").includes("text/plain"),
);
const rootEnc = match.Content.Headers["Content-Transfer-Encoding"]?.[0];
const htmlEnc = htmlPart?.Headers["Content-Transfer-Encoding"]?.[0];
const textEnc = textPart?.Headers["Content-Transfer-Encoding"]?.[0];
const html = htmlPart
? decodeMimeBody(htmlPart.Body, htmlEnc)
: decodeMimeBody(match.Content.Body, rootEnc);
const body = textPart
? decodeMimeBody(textPart.Body, textEnc)
: decodeMimeBody(match.Content.Body, rootEnc);
return { subject, body, html };
}
}
await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
}
throw new Error(`No email to "${address}" found within ${timeoutMs}ms`);
}
/**
* Extract a URL from email body/html matching a path prefix.
* e.g. extractUrlFromEmail(email, "/invite/") → "http://localhost:3100/invite/abc123"
*/
export function extractUrlFromEmail(
email: { body: string; html: string },
pathPrefix: string,
): string {
const text = email.html || email.body;
const match = text.match(
new RegExp(`https?://[^\\s"'<>]*${pathPrefix.replace("/", "\\/")}[^\\s"'<>]*`),
);
if (!match?.[0]) {
throw new Error(`No URL with prefix "${pathPrefix}" found in email`);
}
return match[0];
}
/**
* Reset a user's password directly via the DB (no tRPC roundtrip needed).
* Computes an argon2id hash in Node.js, updates password_hash via docker exec psql.
* Use in afterEach teardown — not in the test flow itself.
*/
export async function resetPasswordViaApi(
_baseURL: string,
email: string,
newPassword: string,
): Promise<void> {
const { hash } = await import("@node-rs/argon2");
const passwordHash = await hash(newPassword);
// argon2id hashes use base64 chars only — safe inside a SQL single-quoted string
// Column name is camelCase (Prisma default) — must be double-quoted in SQL
const sql = `UPDATE users SET "passwordHash" = '${passwordHash}' WHERE email = '${email}';`;
execSync(`docker exec -i nexus-postgres-1 psql -U nexus -d nexus`, {
input: sql,
encoding: "utf8",
});
}
// ── tRPC helpers ───────────────────────────────────────────────────────────────
/**
* Intercept all tRPC batch responses and assert none return HTTP 401.
* Returns a list of intercepted tRPC paths that were called.
*/
export async function assertNoTrpc401s(page: Page, action: () => Promise<void>) {
const failures: string[] = [];
page.on("response", (response) => {
if (response.url().includes("/api/trpc/") && response.status() === 401) {
const url = new URL(response.url());
failures.push(url.pathname + url.search.slice(0, 80));
}
});
await action();
if (failures.length > 0) {
throw new Error(
`tRPC 401 responses detected (session registry / auth broken):\n${failures.join("\n")}`,
);
}
}
Reference in New Issue View Git Blame Copy Permalink