import test from 'node:test'; import assert from 'node:assert/strict'; import request from 'supertest'; import { createApp } from '../src/app.js'; process.env.AUTH_BYPASS = 'true'; function createAuthService() { return { parseClientSignIn: (body) => body, parseClientSignUp: (body) => body, parseStaffPhoneStart: (body) => body, parseStaffPhoneVerify: (body) => body, signInClient: async () => assert.fail('signInClient should not be called'), signUpClient: async () => assert.fail('signUpClient should not be called'), signOutActor: async () => ({ signedOut: true }), getSessionForActor: async () => ({ user: { userId: 'u1' } }), startStaffPhoneAuth: async (payload) => ({ mode: 'CLIENT_FIREBASE_SDK', phoneNumber: payload.phoneNumber, nextStep: 'continue in app', }), verifyStaffPhoneAuth: async (payload) => ({ sessionToken: payload.idToken || 'token', refreshToken: 'refresh', expiresInSeconds: 3600, user: { id: 'staff-user' }, tenant: { tenantId: 'tenant-1' }, vendor: { vendorId: 'vendor-1' }, staff: { staffId: 'staff-1' }, requiresProfileSetup: false, }), }; } test('POST /auth/staff/phone/start returns injected start payload', async () => { const app = createApp({ authService: createAuthService() }); const res = await request(app) .post('/auth/staff/phone/start') .send({ phoneNumber: '+15555550123', }); assert.equal(res.status, 200); assert.equal(res.body.mode, 'CLIENT_FIREBASE_SDK'); assert.equal(res.body.phoneNumber, '+15555550123'); }); test('POST /auth/staff/phone/verify returns injected auth envelope', async () => { const app = createApp({ authService: createAuthService() }); const res = await request(app) .post('/auth/staff/phone/verify') .send({ idToken: 'firebase-id-token', }); assert.equal(res.status, 200); assert.equal(res.body.sessionToken, 'firebase-id-token'); assert.equal(res.body.staff.staffId, 'staff-1'); assert.equal(res.body.requiresProfileSetup, false); });