feat(api): complete unified v2 mobile surface

2026-03-13 17:02:24 +01:00
parent 817a39e305
commit b455455a49
39 changed files with 7726 additions and 506 deletions
--- a/backend/unified-api/test/staff-auth.test.js
+++ b/backend/unified-api/test/staff-auth.test.js
@@ -0,0 +1,61 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import request from 'supertest';
+import { createApp } from '../src/app.js';
+
+process.env.AUTH_BYPASS = 'true';
+
+function createAuthService() {
+  return {
+    parseClientSignIn: (body) => body,
+    parseClientSignUp: (body) => body,
+    parseStaffPhoneStart: (body) => body,
+    parseStaffPhoneVerify: (body) => body,
+    signInClient: async () => assert.fail('signInClient should not be called'),
+    signUpClient: async () => assert.fail('signUpClient should not be called'),
+    signOutActor: async () => ({ signedOut: true }),
+    getSessionForActor: async () => ({ user: { userId: 'u1' } }),
+    startStaffPhoneAuth: async (payload) => ({
+      mode: 'CLIENT_FIREBASE_SDK',
+      phoneNumber: payload.phoneNumber,
+      nextStep: 'continue in app',
+    }),
+    verifyStaffPhoneAuth: async (payload) => ({
+      sessionToken: payload.idToken || 'token',
+      refreshToken: 'refresh',
+      expiresInSeconds: 3600,
+      user: { id: 'staff-user' },
+      tenant: { tenantId: 'tenant-1' },
+      vendor: { vendorId: 'vendor-1' },
+      staff: { staffId: 'staff-1' },
+      requiresProfileSetup: false,
+    }),
+  };
+}
+
+test('POST /auth/staff/phone/start returns injected start payload', async () => {
+  const app = createApp({ authService: createAuthService() });
+  const res = await request(app)
+    .post('/auth/staff/phone/start')
+    .send({
+      phoneNumber: '+15555550123',
+    });
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.mode, 'CLIENT_FIREBASE_SDK');
+  assert.equal(res.body.phoneNumber, '+15555550123');
+});
+
+test('POST /auth/staff/phone/verify returns injected auth envelope', async () => {
+  const app = createApp({ authService: createAuthService() });
+  const res = await request(app)
+    .post('/auth/staff/phone/verify')
+    .send({
+      idToken: 'firebase-id-token',
+    });
+
+  assert.equal(res.status, 200);
+  assert.equal(res.body.sessionToken, 'firebase-id-token');
+  assert.equal(res.body.staff.staffId, 'staff-1');
+  assert.equal(res.body.requiresProfileSetup, false);
+});