feat(api): complete unified v2 mobile surface

2026-03-13 17:02:24 +01:00
parent 817a39e305
commit b455455a49
39 changed files with 7726 additions and 506 deletions
--- a/backend/unified-api/test/app.test.js
+++ b/backend/unified-api/test/app.test.js
@@ -110,3 +110,75 @@ test('proxy forwards query routes to query base url', async () => {
  assert.equal(res.status, 200);
  assert.equal(seenUrl, 'https://query.example/query/test-route?foo=bar');
 });
+
+test('proxy forwards direct client read routes to query api', async () => {
+  process.env.QUERY_API_BASE_URL = 'https://query.example';
+  process.env.CORE_API_BASE_URL = 'https://core.example';
+  process.env.COMMAND_API_BASE_URL = 'https://command.example';
+
+  let seenUrl = null;
+  const app = createApp({
+    fetchImpl: async (url) => {
+      seenUrl = `${url}`;
+      return new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' },
+      });
+    },
+  });
+
+  const res = await request(app).get('/client/dashboard');
+
+  assert.equal(res.status, 200);
+  assert.equal(seenUrl, 'https://query.example/query/client/dashboard');
+});
+
+test('proxy forwards direct client write routes to command api', async () => {
+  process.env.QUERY_API_BASE_URL = 'https://query.example';
+  process.env.CORE_API_BASE_URL = 'https://core.example';
+  process.env.COMMAND_API_BASE_URL = 'https://command.example';
+
+  let seenUrl = null;
+  const app = createApp({
+    fetchImpl: async (url) => {
+      seenUrl = `${url}`;
+      return new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' },
+      });
+    },
+  });
+
+  const res = await request(app)
+    .post('/client/orders/one-time')
+    .set('Authorization', 'Bearer test-token')
+    .send({ ok: true });
+
+  assert.equal(res.status, 200);
+  assert.equal(seenUrl, 'https://command.example/commands/client/orders/one-time');
+});
+
+test('proxy forwards direct core upload aliases to core api', async () => {
+  process.env.QUERY_API_BASE_URL = 'https://query.example';
+  process.env.CORE_API_BASE_URL = 'https://core.example';
+  process.env.COMMAND_API_BASE_URL = 'https://command.example';
+
+  let seenUrl = null;
+  const app = createApp({
+    fetchImpl: async (url) => {
+      seenUrl = `${url}`;
+      return new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' },
+      });
+    },
+  });
+
+  const res = await request(app)
+    .post('/staff/profile/certificates')
+    .set('Authorization', 'Bearer test-token')
+    .send({ ok: true });
+
+  assert.equal(res.status, 200);
+  assert.equal(seenUrl, 'https://core.example/core/staff/certificates/upload');
+});
--- a/backend/unified-api/test/staff-auth.test.js
+++ b/backend/unified-api/test/staff-auth.test.js
@@ -0,0 +1,61 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import request from 'supertest';
+import { createApp } from '../src/app.js';
+
+process.env.AUTH_BYPASS = 'true';
+
+function createAuthService() {
+  return {
+    parseClientSignIn: (body) => body,
+    parseClientSignUp: (body) => body,
+    parseStaffPhoneStart: (body) => body,
+    parseStaffPhoneVerify: (body) => body,
+    signInClient: async () => assert.fail('signInClient should not be called'),
+    signUpClient: async () => assert.fail('signUpClient should not be called'),
+    signOutActor: async () => ({ signedOut: true }),
+    getSessionForActor: async () => ({ user: { userId: 'u1' } }),
+    startStaffPhoneAuth: async (payload) => ({
+      mode: 'CLIENT_FIREBASE_SDK',
+      phoneNumber: payload.phoneNumber,
+      nextStep: 'continue in app',
+    }),
+    verifyStaffPhoneAuth: async (payload) => ({
+      sessionToken: payload.idToken || 'token',
+      refreshToken: 'refresh',
+      expiresInSeconds: 3600,
+      user: { id: 'staff-user' },
+      tenant: { tenantId: 'tenant-1' },
+      vendor: { vendorId: 'vendor-1' },
+      staff: { staffId: 'staff-1' },
+      requiresProfileSetup: false,
+    }),
+  };
+}
+
+test('POST /auth/staff/phone/start returns injected start payload', async () => {
+  const app = createApp({ authService: createAuthService() });
+  const res = await request(app)
+    .post('/auth/staff/phone/start')
+    .send({
+      phoneNumber: '+15555550123',
+    });
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.mode, 'CLIENT_FIREBASE_SDK');
+  assert.equal(res.body.phoneNumber, '+15555550123');
+});
+
+test('POST /auth/staff/phone/verify returns injected auth envelope', async () => {
+  const app = createApp({ authService: createAuthService() });
+  const res = await request(app)
+    .post('/auth/staff/phone/verify')
+    .send({
+      idToken: 'firebase-id-token',
+    });
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.sessionToken, 'firebase-id-token');
+  assert.equal(res.body.staff.staffId, 'staff-1');
+  assert.equal(res.body.requiresProfileSetup, false);
+});