From 5070dd41336fc4fd3aa488242a08b050ebed1ed7 Mon Sep 17 00:00:00 2001
From: Madhura68 <janpetervisser2@gmail.com>
Date: Sat, 25 Apr 2026 18:24:30 +0200
Subject: [PATCH] chore(scripts): add test-api.sh curl test skeleton for all 7
 API endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 scripts/test-api.sh | 342 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 342 insertions(+)
 create mode 100644 scripts/test-api.sh

diff --git a/scripts/test-api.sh b/scripts/test-api.sh
new file mode 100644
index 0000000..aabf5f1
--- /dev/null
+++ b/scripts/test-api.sh
@@ -0,0 +1,342 @@
+#!/usr/bin/env bash
+# =============================================================================
+# Scrum4Me — API curl test script
+# =============================================================================
+# Usage:
+#   1. Start the dev server: npm run dev
+#   2. Log in as "lars" in the UI and create an API token (Settings → API Tokens)
+#   3. Copy the token and set it below
+#   4. Run: bash scripts/test-api.sh
+#
+# Prerequisites:
+#   - Database seeded: npx prisma db seed
+#   - Dev server running on localhost:3000
+#   - A valid API token for user "lars"
+#   - curl installed
+# =============================================================================
+
+TOKEN=""          # Paste your API token here
+BASE_URL="http://localhost:3000"
+
+# IDs — fill these in after running GET /api/products
+PRODUCT_ID=""
+SPRINT_ID=""
+STORY_ID=""
+TASK_ID=""
+
+# =============================================================================
+# Helpers
+# =============================================================================
+
+PASS=0
+FAIL=0
+
+check() {
+  local label="$1"
+  local expected="$2"
+  local actual="$3"
+
+  if [ "$actual" = "$expected" ]; then
+    echo "  PASS  $label"
+    PASS=$((PASS + 1))
+  else
+    echo "  FAIL  $label (expected HTTP $expected, got $actual)"
+    FAIL=$((FAIL + 1))
+  fi
+}
+
+header() {
+  echo ""
+  echo "── $1 ──────────────────────────────────────────────────────────"
+}
+
+auth_header() {
+  echo "Authorization: Bearer $TOKEN"
+}
+
+# =============================================================================
+# TC-P-09  GET /api/products — happy path
+# =============================================================================
+
+test_products() {
+  header "GET /api/products"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "$(auth_header)" \
+    "$BASE_URL/api/products")
+  check "TC-P-09  happy path (lars)" 200 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    "$BASE_URL/api/products")
+  check "TC-P-01  no token → 401" 401 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "Authorization: Bearer invalid-token-xyz" \
+    "$BASE_URL/api/products")
+  check "TC-P-02  invalid token → 401" 401 "$status"
+
+  # Capture product list and extract first product ID for downstream tests
+  response=$(curl -s -H "$(auth_header)" "$BASE_URL/api/products")
+  echo "  Response: $response" | head -c 300
+  echo ""
+}
+
+# =============================================================================
+# TC-NS-08  GET /api/products/:id/next-story — happy path
+# =============================================================================
+
+test_next_story() {
+  header "GET /api/products/:id/next-story"
+
+  if [ -z "$PRODUCT_ID" ]; then
+    echo "  SKIP  PRODUCT_ID not set — fill in scripts/test-api.sh"
+    return
+  fi
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "$(auth_header)" \
+    "$BASE_URL/api/products/$PRODUCT_ID/next-story")
+  check "TC-NS-08  happy path (lars)" "200 or 404" "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    "$BASE_URL/api/products/$PRODUCT_ID/next-story")
+  check "TC-NS-01  no token → 401" 401 "$status"
+}
+
+# =============================================================================
+# TC-ST-09  GET /api/sprints/:id/tasks — happy path
+# =============================================================================
+
+test_sprint_tasks() {
+  header "GET /api/sprints/:id/tasks"
+
+  if [ -z "$SPRINT_ID" ]; then
+    echo "  SKIP  SPRINT_ID not set — fill in scripts/test-api.sh"
+    return
+  fi
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "$(auth_header)" \
+    "$BASE_URL/api/sprints/$SPRINT_ID/tasks?limit=10")
+  check "TC-ST-09  happy path with limit=10" 200 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    "$BASE_URL/api/sprints/$SPRINT_ID/tasks")
+  check "TC-ST-01  no token → 401" 401 "$status"
+}
+
+# =============================================================================
+# TC-L-17–19  POST /api/stories/:id/log — all 3 log types
+# =============================================================================
+
+test_story_log() {
+  header "POST /api/stories/:id/log"
+
+  if [ -z "$STORY_ID" ]; then
+    echo "  SKIP  STORY_ID not set — fill in scripts/test-api.sh"
+    return
+  fi
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"type":"IMPLEMENTATION_PLAN","content":"Aanpak: stap 1 implementeer, stap 2 test."}' \
+    "$BASE_URL/api/stories/$STORY_ID/log")
+  check "TC-L-17  IMPLEMENTATION_PLAN" 201 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"type":"TEST_RESULT","content":"Alle tests geslaagd.","status":"PASSED"}' \
+    "$BASE_URL/api/stories/$STORY_ID/log")
+  check "TC-L-18  TEST_RESULT PASSED" 201 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"type":"COMMIT","content":"feat: implementatie afgerond","commit_hash":"abc1234","commit_message":"feat: ST-XXX implementatie"}' \
+    "$BASE_URL/api/stories/$STORY_ID/log")
+  check "TC-L-19  COMMIT" 201 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"type":"UNKNOWN","content":"test"}' \
+    "$BASE_URL/api/stories/$STORY_ID/log")
+  check "TC-L-07  invalid type → 400" 400 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "Content-Type: application/json" \
+    -d '{"type":"IMPLEMENTATION_PLAN","content":"test"}' \
+    "$BASE_URL/api/stories/$STORY_ID/log")
+  check "TC-L-01  no token → 401" 401 "$status"
+}
+
+# =============================================================================
+# TC-RO-10  PATCH /api/stories/:id/tasks/reorder — happy path
+# =============================================================================
+
+test_reorder() {
+  header "PATCH /api/stories/:id/tasks/reorder"
+
+  if [ -z "$STORY_ID" ]; then
+    echo "  SKIP  STORY_ID not set — fill in scripts/test-api.sh"
+    return
+  fi
+
+  # Fetch current task IDs for the story first
+  task_ids=$(curl -s \
+    -H "$(auth_header)" \
+    "$BASE_URL/api/sprints/$SPRINT_ID/tasks?limit=10" \
+    | grep -o '"id":"[^"]*"' | sed 's/"id":"//;s/"//' | head -3 | tr '\n' ',' | sed 's/,$//')
+
+  if [ -z "$task_ids" ]; then
+    echo "  SKIP  no tasks found for reorder test"
+    return
+  fi
+
+  ids_json=$(echo "$task_ids" | awk -F',' '{for(i=1;i<=NF;i++) printf "\"%s\"%s", $i, (i<NF?",":"")}')
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d "{\"task_ids\":[$ids_json]}" \
+    "$BASE_URL/api/stories/$STORY_ID/tasks/reorder")
+  check "TC-RO-10  happy path" 200 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"task_ids":[]}' \
+    "$BASE_URL/api/stories/$STORY_ID/tasks/reorder")
+  check "TC-RO-06  empty task_ids → 400" 400 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "Content-Type: application/json" \
+    -d "{\"task_ids\":[$ids_json]}" \
+    "$BASE_URL/api/stories/$STORY_ID/tasks/reorder")
+  check "TC-RO-01  no token → 401" 401 "$status"
+}
+
+# =============================================================================
+# TC-T-12–13  PATCH /api/tasks/:id — status updates
+# =============================================================================
+
+test_tasks() {
+  header "PATCH /api/tasks/:id"
+
+  if [ -z "$TASK_ID" ]; then
+    echo "  SKIP  TASK_ID not set — fill in scripts/test-api.sh"
+    return
+  fi
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"status":"IN_PROGRESS"}' \
+    "$BASE_URL/api/tasks/$TASK_ID")
+  check "TC-T-12  status → IN_PROGRESS" 200 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"status":"DONE"}' \
+    "$BASE_URL/api/tasks/$TASK_ID")
+  check "TC-T-13  status → DONE" 200 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"status":"INVALID"}' \
+    "$BASE_URL/api/tasks/$TASK_ID")
+  check "TC-T-06  invalid status → 400" 400 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X PATCH \
+    -H "Content-Type: application/json" \
+    -d '{"status":"DONE"}' \
+    "$BASE_URL/api/tasks/$TASK_ID")
+  check "TC-T-01  no token → 401" 401 "$status"
+}
+
+# =============================================================================
+# TC-TD-09–10  POST /api/todos — with and without product
+# =============================================================================
+
+test_todos() {
+  header "POST /api/todos"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"title":"Test todo zonder product"}' \
+    "$BASE_URL/api/todos")
+  check "TC-TD-09  happy path without product_id" 201 "$status"
+
+  if [ -n "$PRODUCT_ID" ]; then
+    status=$(curl -s -o /dev/null -w "%{http_code}" \
+      -X POST \
+      -H "$(auth_header)" \
+      -H "Content-Type: application/json" \
+      -d "{\"title\":\"Test todo met product\",\"product_id\":\"$PRODUCT_ID\"}" \
+      "$BASE_URL/api/todos")
+    check "TC-TD-10  happy path with product_id" 201 "$status"
+  fi
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "$(auth_header)" \
+    -H "Content-Type: application/json" \
+    -d '{"title":""}' \
+    "$BASE_URL/api/todos")
+  check "TC-TD-05  empty title → 400" 400 "$status"
+
+  status=$(curl -s -o /dev/null -w "%{http_code}" \
+    -X POST \
+    -H "Content-Type: application/json" \
+    -d '{"title":"Test"}' \
+    "$BASE_URL/api/todos")
+  check "TC-TD-01  no token → 401" 401 "$status"
+}
+
+# =============================================================================
+# Run all tests
+# =============================================================================
+
+echo "============================================================"
+echo "  Scrum4Me API Test Suite"
+echo "  Base URL: $BASE_URL"
+echo "============================================================"
+
+if [ -z "$TOKEN" ]; then
+  echo ""
+  echo "ERROR: TOKEN is not set. Edit scripts/test-api.sh and add your API token."
+  exit 1
+fi
+
+test_products
+test_next_story
+test_sprint_tasks
+test_story_log
+test_reorder
+test_tasks
+test_todos
+
+echo ""
+echo "============================================================"
+echo "  Results: $PASS passed, $FAIL failed"
+echo "============================================================"
+
+[ "$FAIL" -eq 0 ] && exit 0 || exit 1