oys/oysqn.app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
oysqn.app/docs/archive/handoffs/handoff-2026-04-12-auth-tests-and-backend-plan.md
Patrick Toal 108c042921 fix(edge-fn): replace getClaims with adminClient.auth.getUser(token) 
fix(edge-fn): use user.id instead of claims.sub; fixes 500s and false cert_required
fix(migrations): drop broad reservations SELECT policy; add reservation_slots view with security_invoker=false
fix(tests): correct weekSlot() keys from start/end to start_time/end_time
fix(tests): spread overlap test slots across separate ISO weeks
fix(tests): update e2e assertion to match actual authenticated home text
fix(app): hide IonMenu before user is authenticated
feat(dx): add test:all script running unit, integration, and e2e in sequence
docs(claude-md): document SELinux fix, Edge Function auth pattern, security_invoker behaviour
2026-04-20 14:32:37 -04:00

4.3 KiB
Raw Permalink Blame History

Session Handoff: Auth Tests + Backend Ansible Plan

Date: 2026-04-12 Session Focus: Fix broken auth unit tests; plan bab-backend-ansible rewrite; update EE dependencies

What Was Accomplished

  1. Deleted tests/unit/auth-callback.test.ts — low-value component test per agreed test strategy; E2E covers this
  2. Extracted pure auth logicapp/utils/auth.ts (checkAuthRedirect(userValue, path): string | null)
  3. Simplified app/middleware/auth.ts — delegates to checkAuthRedirect; Nuxt-specific code is now minimal
  4. Rewrote tests/unit/auth-middleware.test.ts — tests checkAuthRedirect directly, no mocking, node env; 7/7 passing
  5. Documented Nuxt testing lessons → memory feedback_nuxt_testing.md
  6. Wrote backend rewrite plandocs/summaries/plan-bab-backend-ansible-rewrite.md
  7. Updated ee-demo EE with: amazon.aws collection, boto3/botocore, postgresql RPM, supabase CLI install via SUPABASE_VERSION build arg; updated build.sh (user also added --redhat flag)
  8. Resolved all plan open questions except one (see below)

Exact State of Work in Progress

  • tests/integration/auth-session.test.ts — written last session, not yet run (requires local Supabase + SUPABASE_SERVICE_ROLE_KEY)
  • Playwright E2E — not yet set up; tests/e2e/ directory does not exist
  • .gitea/workflows/build.yaml — not yet created

Key Technical Decisions This Session

  • Extract-don't-mock pattern: Nuxt auto-imports compile to concrete dist paths; vi.mock('#imports') doesn't intercept them. Pattern: extract logic to app/utils/ with no Nuxt deps, test directly. CONFIRMED.
  • Skip unit tests for simple page components: Ionic component registration + Supabase init failures make mountSuspended too brittle. Cover with Playwright E2E instead. CONFIRMED.

Files Created or Modified

File Path Action Description
app/utils/auth.ts Created checkAuthRedirect pure function; PUBLIC_ROUTES constant
app/middleware/auth.ts Modified Now delegates to checkAuthRedirect
tests/unit/auth-middleware.test.ts Rewritten Tests pure function; 7/7 passing
tests/unit/auth-callback.test.ts Deleted Low-value component test
docs/summaries/plan-bab-backend-ansible-rewrite.md Created Full rewrite plan with implementation sequence
docs/context/sdlc-architecture.md Updated Dev URL, nginx webroot, Gitea URL, artifact token path
/home/ptoal/Dev/ExecutionEnvironments/ee-demo/execution-environment.yml Modified Added postgresql RPM, supabase CLI build step
/home/ptoal/Dev/ExecutionEnvironments/ee-demo/requirements.yml Modified Added amazon.aws >= 9.0.0
/home/ptoal/Dev/ExecutionEnvironments/ee-demo/requirements.txt Modified Added boto3, botocore
/home/ptoal/Dev/ExecutionEnvironments/ee-demo/build.sh Modified Added SUPABASE_VERSION guard; user added --redhat flag

What the NEXT Session Should Do

If continuing oysqn.app frontend:

  1. Set up Playwright — yarn add -D @playwright/test, create tests/e2e/, write login flow E2E test
  2. Create .gitea/workflows/build.yaml following bab-app pattern (semantic-release + artifact)

If starting bab-backend-ansible rewrite:

  1. Read docs/summaries/plan-bab-backend-ansible-rewrite.md — full scope and implementation sequence
  2. Start with step 3: sync_gitea_secrets.yml (lowest risk, standalone)
  3. Note: work in /home/ptoal/Dev/Projects/bab-backend-ansible, not oysqn.app

Open Questions Requiring User Input

  • kv/oys/dev/supabase/postgres_url — not in Vault; needed before migrate_supabase.yml can run rollback SQL via psql against dev. Add to Vault before first dev migration run.

Confirmed Infrastructure Values

Item Value
Dev URL https://bab.toal.ca
nginx webroot (bab1) /usr/share/nginx/html/
Gitea URL https://gitea.toal.ca/
Gitea artifact token kv/oys/bab_gitea
Backup path (bab1) /var/backups/oysqn/ (assumed — confirm before first prod backup)

Files to Load Next Session

  • Frontend session: docs/summaries/handoff-2026-04-12-splash-and-login.md (prior UI work context)
  • Backend session: docs/summaries/plan-bab-backend-ansible-rewrite.md; docs/context/sdlc-architecture.md