7cd0603cfb
BREAKING: dev_session cookie bypass removed. Admin access now requires a real Auth.js v5 session (Google OAuth in production). Provision users by inserting into users + tenant_users tables. New in this commit: - db/migrations/0001_init.sql: 18-table SaaS schema with RLS (tenants, users, tenant_users, plans, add_ons, subscriptions, tenant_add_ons, products, product_images, stops, customers, orders, order_items, brand_settings, email_templates, campaigns, files, audit_log) - db/schema/: Drizzle TypeScript mirror of every table - db/client.ts: withTenant() / withPlatformAdmin() query wrappers that set Postgres GUCs (app.current_tenant_id, app.platform_admin) for RLS enforcement. Never query a tenant-scoped table without one. - db/seed.ts: seeds 3 plans, 6 add-ons, 2 tenants (Tuxedo, Indian River Direct), brand_settings, sample products/stops/customers - scripts/migrate.js: applies migrations in lexical order with tracking - scripts/db-reset.js: drops + recreates DB, runs migrate + seed - DATABASE_URL now uses rc_app (non-superuser, NOBYPASSRLS). RLS is enforced even for the app user. DATABASE_ADMIN_URL for migrations. - src/lib/admin-permissions.ts: getAdminUser() reads Auth.js session, looks up user + tenant in Postgres. brand_id kept as alias for backward compat. - src/middleware.ts: Auth.js-only route protection, dev_session gone - src/app/login/LoginClient.tsx: Google OAuth only, no demo mode - src/components/admin/AdminSidebar.tsx + AdminHeader.tsx: signOutAction replaces supabase signout - @/db/* path aliases in tsconfig.json + vitest.config.ts - drizzle.config.ts added - db/auth_schema.sql removed (was a stub; replaced by real schema) - src/app/api/dev-login/route.ts deleted - tests: updated to remove dev_session coverage
193 lines
5.9 KiB
TypeScript
193 lines
5.9 KiB
TypeScript
/**
|
|
* Unit tests for `getAdminUser()`. The dev_session cookie bypass has been
|
|
* removed; the only path into the admin is through a real Auth.js
|
|
* session. These tests mock the `auth()` function and the DB layer
|
|
* to exercise the lookup.
|
|
*/
|
|
import { describe, it, expect, vi, beforeEach } from "vitest";
|
|
|
|
// Stub the server-only guard so the module can be imported under vitest.
|
|
vi.mock("server-only", () => ({}));
|
|
|
|
// Mock the Drizzle client wrapper so we don't need a real DB.
|
|
const mockSelect = vi.fn();
|
|
const mockWithPlatformAdmin = vi.fn(async (fn: any) => fn({ select: mockSelect }));
|
|
vi.mock("@/db/client", () => ({
|
|
withPlatformAdmin: (fn: any) => mockWithPlatformAdmin(fn),
|
|
}));
|
|
|
|
// Mock the auth() function. The default mock returns null (no session).
|
|
const authMock = vi.fn();
|
|
vi.mock("@/lib/auth", () => ({
|
|
auth: () => authMock(),
|
|
}));
|
|
|
|
// Mock cookies() so we don't read a real cookie store.
|
|
const cookieStoreGet = vi.fn();
|
|
vi.mock("next/headers", () => ({
|
|
cookies: () =>
|
|
Promise.resolve({
|
|
get: (name: string) => cookieStoreGet(name),
|
|
}),
|
|
}));
|
|
|
|
import { getAdminUser, buildDevAdmin, permissionsForRole } from "@/lib/admin-permissions";
|
|
|
|
beforeEach(() => {
|
|
mockSelect.mockReset();
|
|
authMock.mockReset();
|
|
cookieStoreGet.mockReset();
|
|
});
|
|
|
|
describe("getAdminUser()", () => {
|
|
it("returns null when there is no Auth.js session", async () => {
|
|
authMock.mockResolvedValue(null);
|
|
cookieStoreGet.mockReturnValue(undefined);
|
|
const u = await getAdminUser();
|
|
expect(u).toBeNull();
|
|
});
|
|
|
|
it("returns null when the session has no email", async () => {
|
|
authMock.mockResolvedValue({ user: { name: "no-email" } });
|
|
const u = await getAdminUser();
|
|
expect(u).toBeNull();
|
|
});
|
|
|
|
it("returns null when the email is not in the users table", async () => {
|
|
authMock.mockResolvedValue({ user: { email: "unknown@example.com" } });
|
|
// First select: users. Returns empty.
|
|
mockSelect.mockReturnValueOnce({
|
|
from: () => ({
|
|
where: () => ({
|
|
limit: async () => [],
|
|
}),
|
|
}),
|
|
});
|
|
const u = await getAdminUser();
|
|
expect(u).toBeNull();
|
|
});
|
|
|
|
it("returns null when the user exists but has no tenant_users row", async () => {
|
|
authMock.mockResolvedValue({ user: { email: "no-tenant@example.com" } });
|
|
// First select: users — returns the user
|
|
mockSelect
|
|
.mockReturnValueOnce({
|
|
from: () => ({
|
|
where: () => ({
|
|
limit: async () => [
|
|
{
|
|
id: "user-1",
|
|
email: "no-tenant@example.com",
|
|
name: "No Tenant",
|
|
authProvider: "google",
|
|
authSubject: "google-sub",
|
|
},
|
|
],
|
|
}),
|
|
}),
|
|
})
|
|
// Second select: tenantUsers — returns empty
|
|
.mockReturnValueOnce({
|
|
from: () => ({
|
|
innerJoin: () => ({
|
|
where: () => ({
|
|
limit: async () => [],
|
|
}),
|
|
}),
|
|
}),
|
|
});
|
|
const u = await getAdminUser();
|
|
expect(u).toBeNull();
|
|
});
|
|
|
|
it("returns a fully-populated AdminUser for a provisioned brand_admin", async () => {
|
|
authMock.mockResolvedValue({ user: { email: "admin@tuxedo.example" } });
|
|
mockSelect
|
|
.mockReturnValueOnce({
|
|
from: () => ({
|
|
where: () => ({
|
|
limit: async () => [
|
|
{
|
|
id: "user-tux",
|
|
email: "admin@tuxedo.example",
|
|
name: "Tux Admin",
|
|
authProvider: "google",
|
|
authSubject: "google-tux",
|
|
},
|
|
],
|
|
}),
|
|
}),
|
|
})
|
|
.mockReturnValueOnce({
|
|
from: () => ({
|
|
innerJoin: () => ({
|
|
where: () => ({
|
|
limit: async () => [
|
|
{
|
|
tenantId: "tenant-tux",
|
|
tenantName: "Tuxedo Citrus",
|
|
tenantSlug: "tuxedo",
|
|
tenantStatus: "active",
|
|
role: "brand_admin",
|
|
},
|
|
],
|
|
}),
|
|
}),
|
|
}),
|
|
});
|
|
|
|
const u = await getAdminUser();
|
|
expect(u).not.toBeNull();
|
|
expect(u?.email).toBe("admin@tuxedo.example");
|
|
expect(u?.tenant_id).toBe("tenant-tux");
|
|
expect(u?.tenant_slug).toBe("tuxedo");
|
|
expect(u?.role).toBe("brand_admin");
|
|
expect(u?.can_manage_products).toBe(true);
|
|
expect(u?.can_manage_team).toBe(true);
|
|
});
|
|
});
|
|
|
|
describe("buildDevAdmin()", () => {
|
|
it("returns a platform_admin with no tenant", () => {
|
|
const u = buildDevAdmin("platform_admin");
|
|
expect(u.role).toBe("platform_admin");
|
|
expect(u.tenant_id).toBeNull();
|
|
expect(u.tenant_slug).toBeNull();
|
|
expect(u.can_manage_billing).toBe(true);
|
|
});
|
|
|
|
it("returns a brand_admin tied to the tuxedo tenant", () => {
|
|
const u = buildDevAdmin("brand_admin");
|
|
expect(u.role).toBe("brand_admin");
|
|
expect(u.tenant_slug).toBe("tuxedo");
|
|
expect(u.can_manage_users).toBe(false);
|
|
});
|
|
|
|
it("returns a store_employee with limited permissions", () => {
|
|
const u = buildDevAdmin("store_employee");
|
|
expect(u.role).toBe("store_employee");
|
|
expect(u.can_manage_products).toBe(false);
|
|
expect(u.can_manage_orders).toBe(true);
|
|
expect(u.can_manage_billing).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("permissionsForRole()", () => {
|
|
it("platform_admin can do everything", () => {
|
|
const p = permissionsForRole("platform_admin");
|
|
expect(Object.values(p).every((v) => v === true)).toBe(true);
|
|
});
|
|
it("brand_admin can manage most things but not users", () => {
|
|
const p = permissionsForRole("brand_admin");
|
|
expect(p.can_manage_users).toBe(false);
|
|
expect(p.can_manage_billing).toBe(true);
|
|
});
|
|
it("store_employee is restricted to orders + pickup", () => {
|
|
const p = permissionsForRole("store_employee");
|
|
expect(p.can_manage_orders).toBe(true);
|
|
expect(p.can_manage_pickup).toBe(true);
|
|
expect(p.can_manage_products).toBe(false);
|
|
expect(p.can_manage_billing).toBe(false);
|
|
});
|
|
});
|