oys/oysqn.app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b4955f07e6f0f6d3f26661c3d2c923b991e889b
oysqn.app/docs/archive/handoffs/handoff-2026-04-12-auth-tests-and-backend-plan.md
Patrick Toal 108c042921 fix(edge-fn): replace getClaims with adminClient.auth.getUser(token) 
fix(edge-fn): use user.id instead of claims.sub; fixes 500s and false cert_required
fix(migrations): drop broad reservations SELECT policy; add reservation_slots view with security_invoker=false
fix(tests): correct weekSlot() keys from start/end to start_time/end_time
fix(tests): spread overlap test slots across separate ISO weeks
fix(tests): update e2e assertion to match actual authenticated home text
fix(app): hide IonMenu before user is authenticated
feat(dx): add test:all script running unit, integration, and e2e in sequence
docs(claude-md): document SELinux fix, Edge Function auth pattern, security_invoker behaviour
2026-04-20 14:32:37 -04:00

71 lines
4.3 KiB
Markdown
Raw Blame History

# Session Handoff: Auth Tests + Backend Ansible Plan
**Date:** 2026-04-12
**Session Focus:** Fix broken auth unit tests; plan bab-backend-ansible rewrite; update EE dependencies
## What Was Accomplished
1. **Deleted `tests/unit/auth-callback.test.ts`** — low-value component test per agreed test strategy; E2E covers this
2. **Extracted pure auth logic**`app/utils/auth.ts` (`checkAuthRedirect(userValue, path): string | null`)
3. **Simplified `app/middleware/auth.ts`** — delegates to `checkAuthRedirect`; Nuxt-specific code is now minimal
4. **Rewrote `tests/unit/auth-middleware.test.ts`** — tests `checkAuthRedirect` directly, no mocking, node env; **7/7 passing**
5. **Documented Nuxt testing lessons** → memory `feedback_nuxt_testing.md`
6. **Wrote backend rewrite plan**`docs/summaries/plan-bab-backend-ansible-rewrite.md`
7. **Updated `ee-demo` EE** with: `amazon.aws` collection, `boto3`/`botocore`, `postgresql` RPM, `supabase` CLI install via `SUPABASE_VERSION` build arg; updated `build.sh` (user also added `--redhat` flag)
8. **Resolved all plan open questions** except one (see below)
## Exact State of Work in Progress
- `tests/integration/auth-session.test.ts` — written last session, not yet run (requires local Supabase + `SUPABASE_SERVICE_ROLE_KEY`)
- Playwright E2E — not yet set up; `tests/e2e/` directory does not exist
- `.gitea/workflows/build.yaml` — not yet created
## Key Technical Decisions This Session
- **Extract-don't-mock pattern**: Nuxt auto-imports compile to concrete dist paths; `vi.mock('#imports')` doesn't intercept them. Pattern: extract logic to `app/utils/` with no Nuxt deps, test directly. CONFIRMED.
- **Skip unit tests for simple page components**: Ionic component registration + Supabase init failures make `mountSuspended` too brittle. Cover with Playwright E2E instead. CONFIRMED.
## Files Created or Modified
| File Path | Action | Description |
|-----------|--------|-------------|
| `app/utils/auth.ts` | Created | `checkAuthRedirect` pure function; `PUBLIC_ROUTES` constant |
| `app/middleware/auth.ts` | Modified | Now delegates to `checkAuthRedirect` |
| `tests/unit/auth-middleware.test.ts` | Rewritten | Tests pure function; 7/7 passing |
| `tests/unit/auth-callback.test.ts` | Deleted | Low-value component test |
| `docs/summaries/plan-bab-backend-ansible-rewrite.md` | Created | Full rewrite plan with implementation sequence |
| `docs/context/sdlc-architecture.md` | Updated | Dev URL, nginx webroot, Gitea URL, artifact token path |
| `/home/ptoal/Dev/ExecutionEnvironments/ee-demo/execution-environment.yml` | Modified | Added `postgresql` RPM, `supabase` CLI build step |
| `/home/ptoal/Dev/ExecutionEnvironments/ee-demo/requirements.yml` | Modified | Added `amazon.aws >= 9.0.0` |
| `/home/ptoal/Dev/ExecutionEnvironments/ee-demo/requirements.txt` | Modified | Added `boto3`, `botocore` |
| `/home/ptoal/Dev/ExecutionEnvironments/ee-demo/build.sh` | Modified | Added `SUPABASE_VERSION` guard; user added `--redhat` flag |
## What the NEXT Session Should Do
**If continuing oysqn.app frontend:**
1. Set up Playwright — `yarn add -D @playwright/test`, create `tests/e2e/`, write login flow E2E test
2. Create `.gitea/workflows/build.yaml` following bab-app pattern (semantic-release + artifact)
**If starting bab-backend-ansible rewrite:**
1. Read `docs/summaries/plan-bab-backend-ansible-rewrite.md` — full scope and implementation sequence
2. Start with step 3: `sync_gitea_secrets.yml` (lowest risk, standalone)
3. Note: work in `/home/ptoal/Dev/Projects/bab-backend-ansible`, not oysqn.app
## Open Questions Requiring User Input
- [ ] **`kv/oys/dev/supabase/postgres_url`** — not in Vault; needed before `migrate_supabase.yml` can run rollback SQL via `psql` against dev. Add to Vault before first dev migration run.
## Confirmed Infrastructure Values
| Item | Value |
|------|-------|
| Dev URL | `https://bab.toal.ca` |
| nginx webroot (bab1) | `/usr/share/nginx/html/` |
| Gitea URL | `https://gitea.toal.ca/` |
| Gitea artifact token | `kv/oys/bab_gitea` |
| Backup path (bab1) | `/var/backups/oysqn/` (assumed — confirm before first prod backup) |
## Files to Load Next Session
- **Frontend session:** `docs/summaries/handoff-2026-04-12-splash-and-login.md` (prior UI work context)
- **Backend session:** `docs/summaries/plan-bab-backend-ansible-rewrite.md`; `docs/context/sdlc-architecture.md`
Reference in New Issue View Git Blame Copy Permalink