Janpeter Visser
43a4294424
* docs(ST-511): add backlog entry for entity codes feature Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ST-511): add createWithCodeRetry helper to handle P2002 race on auto codes Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ST-511): retry on auto-code unique conflict in story and pbi create Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ST-511): surface field errors for code and title in PBI dialog Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ST-511): read create-state errors in Story dialog fieldError Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-512): add backlog entry for REST API code/description/implementation_plan extensions; mark ST-511 done Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-512): extend REST API with code, description and implementation_plan - GET /api/products returns code, description and definition_of_done - GET /api/products/:id/next-story returns story.code and per-task code + implementation_plan - GET /api/sprints/:id/tasks returns description, implementation_plan, story_code and derived per-task code - POST /api/todos accepts and returns optional description (max 2000) All changes are additive — existing clients ignore unknown keys. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-512): mark ST-512 as done Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-513): add backlog entry for API hardening for Claude Code Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-513): add task and story status mappers for API boundary Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-513): expose lowercase status on API and accept lowercase in PATCH /api/tasks Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-513): add metadata JSONB column to StoryLog Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-513): accept optional metadata in story log and switch validation errors to 422 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-513): add GET /api/health endpoint with optional db ping Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-513): add GET /api/products/:id/claude-context bundled endpoint Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-513): add docs/API.md and link from CLAUDE.md specs table Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-513): mark ST-513 as done Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ST-513): split 400 (malformed JSON) from 422 (validation), reject 'review' Codex review on PR #2: - P2.1: routes treated JSON parse failures as 422 instead of 400, breaking the contract in docs/API.md. Replace `request.json().catch(() => null)` with try/catch in 4 routes (tasks, reorder, todos, story-log) so a malformed body returns 400 and only well-formed-but-invalid bodies return 422. - P2.2: PATCH /api/tasks/:id accepted `status: "review"`, but the sprint task list UI does not render REVIEW (no label/color, the cycle helper falls back to TO_DO). Reject `review` at the API until the sprint UI is extended; document the subset in docs/API.md. Tests in __tests__/api updated for the new contract (29 assertions: zod-failures now expect 422, status payloads use lowercase API values, sprint-tasks mocks include the new story relation). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
109 lines
3.4 KiB
TypeScript
109 lines
3.4 KiB
TypeScript
import { describe, it, expect, vi, beforeEach } from 'vitest'
|
|
|
|
vi.mock('@/lib/prisma', () => ({
|
|
prisma: {
|
|
product: {
|
|
findFirst: vi.fn(),
|
|
},
|
|
todo: {
|
|
create: vi.fn(),
|
|
},
|
|
},
|
|
}))
|
|
|
|
vi.mock('@/lib/api-auth', () => ({
|
|
authenticateApiRequest: vi.fn(),
|
|
}))
|
|
|
|
import { prisma } from '@/lib/prisma'
|
|
import { authenticateApiRequest } from '@/lib/api-auth'
|
|
import { POST as postTodo } from '@/app/api/todos/route'
|
|
|
|
const mockPrisma = prisma as unknown as {
|
|
product: { findFirst: ReturnType<typeof vi.fn> }
|
|
todo: { create: ReturnType<typeof vi.fn> }
|
|
}
|
|
const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
|
|
|
|
const PRODUCT = { id: 'prod-1', name: 'DevPlanner', archived: false, user_id: 'user-1' }
|
|
const TODO_RESULT = { id: 'todo-1', title: 'Test todo', created_at: new Date('2026-04-30T10:00:00Z') }
|
|
|
|
function makeRequest(body: unknown): Request {
|
|
return new Request('http://localhost/api/todos', {
|
|
method: 'POST',
|
|
headers: { Authorization: 'Bearer test-token', 'Content-Type': 'application/json' },
|
|
body: JSON.stringify(body),
|
|
})
|
|
}
|
|
|
|
describe('POST /api/todos', () => {
|
|
beforeEach(() => {
|
|
vi.clearAllMocks()
|
|
mockAuth.mockResolvedValue({ userId: 'user-1', isDemo: false })
|
|
mockPrisma.product.findFirst.mockResolvedValue(PRODUCT)
|
|
mockPrisma.todo.create.mockResolvedValue(TODO_RESULT)
|
|
})
|
|
|
|
// TC-TD-04
|
|
it('returns 422 when title is missing', async () => {
|
|
const res = await postTodo(makeRequest({ product_id: 'prod-1' }))
|
|
expect(res.status).toBe(422)
|
|
})
|
|
|
|
// TC-TD-05
|
|
it('returns 422 when title is empty string', async () => {
|
|
const res = await postTodo(makeRequest({ title: '', product_id: 'prod-1' }))
|
|
expect(res.status).toBe(422)
|
|
})
|
|
|
|
it('returns 422 when product_id is missing', async () => {
|
|
// product_id is required by the Zod schema (z.string().min(1))
|
|
const res = await postTodo(makeRequest({ title: 'My todo' }))
|
|
expect(res.status).toBe(422)
|
|
})
|
|
|
|
it('returns 422 when product_id is empty string', async () => {
|
|
const res = await postTodo(makeRequest({ title: 'My todo', product_id: '' }))
|
|
expect(res.status).toBe(422)
|
|
})
|
|
|
|
// TC-TD-07
|
|
it('creates todo with valid product_id and returns 201', async () => {
|
|
const res = await postTodo(makeRequest({ title: 'Test todo', product_id: 'prod-1' }))
|
|
const data = await res.json()
|
|
|
|
expect(res.status).toBe(201)
|
|
expect(data).toMatchObject({ id: 'todo-1', title: 'Test todo' })
|
|
expect(data).toHaveProperty('created_at')
|
|
expect(mockPrisma.todo.create).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
data: expect.objectContaining({
|
|
user_id: 'user-1',
|
|
product_id: 'prod-1',
|
|
title: 'Test todo',
|
|
}),
|
|
})
|
|
)
|
|
})
|
|
|
|
it('queries product by user_id (not productAccessFilter) to enforce ownership', async () => {
|
|
await postTodo(makeRequest({ title: 'Test todo', product_id: 'prod-1' }))
|
|
|
|
expect(mockPrisma.product.findFirst).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
where: expect.objectContaining({
|
|
id: 'prod-1',
|
|
user_id: 'user-1',
|
|
archived: false,
|
|
}),
|
|
})
|
|
)
|
|
})
|
|
|
|
it('returns 404 when product does not exist or is archived', async () => {
|
|
mockPrisma.product.findFirst.mockResolvedValue(null)
|
|
|
|
const res = await postTodo(makeRequest({ title: 'My todo', product_id: 'nonexistent' }))
|
|
expect(res.status).toBe(404)
|
|
})
|
|
})
|