feat(api): add unified v2 gateway and mobile read slice

backend/unified-api/test/app.test.js

@@ -0,0 +1,112 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import request from 'supertest';
+import { createApp } from '../src/app.js';
+
+process.env.AUTH_BYPASS = 'true';
+
+test('GET /healthz returns healthy response', async () => {
+  const app = createApp();
+  const res = await request(app).get('/healthz');
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.ok, true);
+  assert.equal(res.body.service, 'krow-api-v2');
+});
+
+test('GET /readyz reports database not configured when env is absent', async () => {
+  delete process.env.DATABASE_URL;
+  delete process.env.DB_HOST;
+  delete process.env.DB_NAME;
+  delete process.env.DB_USER;
+  delete process.env.DB_PASSWORD;
+  delete process.env.INSTANCE_CONNECTION_NAME;
+
+  const app = createApp();
+  const res = await request(app).get('/readyz');
+
+  assert.equal(res.status, 503);
+  assert.equal(res.body.status, 'DATABASE_NOT_CONFIGURED');
+});
+
+test('POST /auth/client/sign-in validates payload', async () => {
+  const app = createApp();
+  const res = await request(app).post('/auth/client/sign-in').send({
+    email: 'bad-email',
+    password: 'short',
+  });
+
+  assert.equal(res.status, 400);
+  assert.equal(res.body.code, 'VALIDATION_ERROR');
+});
+
+test('POST /auth/client/sign-in returns injected auth envelope', async () => {
+  const app = createApp({
+    authService: {
+      parseClientSignIn: (body) => body,
+      parseClientSignUp: (body) => body,
+      signInClient: async () => ({
+        sessionToken: 'token',
+        refreshToken: 'refresh',
+        expiresInSeconds: 3600,
+        user: { id: 'u1', email: 'legendary@krowd.com' },
+        tenant: { tenantId: 't1' },
+        business: { businessId: 'b1' },
+      }),
+      signUpClient: async () => assert.fail('signUpClient should not be called'),
+      signOutActor: async () => ({ signedOut: true }),
+      getSessionForActor: async () => ({ user: { userId: 'u1' } }),
+    },
+  });
+
+  const res = await request(app).post('/auth/client/sign-in').send({
+    email: 'legendary@krowd.com',
+    password: 'super-secret',
+  });
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.sessionToken, 'token');
+  assert.equal(res.body.business.businessId, 'b1');
+});
+
+test('GET /auth/session returns injected session for authenticated actor', async () => {
+  const app = createApp({
+    authService: {
+      parseClientSignIn: (body) => body,
+      parseClientSignUp: (body) => body,
+      signInClient: async () => assert.fail('signInClient should not be called'),
+      signUpClient: async () => assert.fail('signUpClient should not be called'),
+      signOutActor: async () => ({ signedOut: true }),
+      getSessionForActor: async (actor) => ({ actorUid: actor.uid }),
+    },
+  });
+
+  const res = await request(app)
+    .get('/auth/session')
+    .set('Authorization', 'Bearer test-token');
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.actorUid, 'test-user');
+});
+
+test('proxy forwards query routes to query base url', async () => {
+  process.env.QUERY_API_BASE_URL = 'https://query.example';
+  process.env.CORE_API_BASE_URL = 'https://core.example';
+  process.env.COMMAND_API_BASE_URL = 'https://command.example';
+
+  let seenUrl = null;
+  const app = createApp({
+    fetchImpl: async (url) => {
+      seenUrl = `${url}`;
+      return new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' },
+      });
+    },
+  });
+
+  const res = await request(app).get('/query/test-route?foo=bar');
+
+  assert.equal(res.status, 200);
+  assert.equal(seenUrl, 'https://query.example/query/test-route?foo=bar');
+});